last executing test programs:

17m40.642159381s ago: executing program 4 (id=649):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001517ee40f00a057aee000102030109021200010000000009040000ff0549000076fc8e331fbfee3924300a0ad864399a02268547670645504f3ac6dd87c5543889eaf575c977fdd7b40ed5b4de5085673a8414b54078427fa2614533fa3c36ab99795619c72df45054b14560892748f8c5216b43048ad9840f16c16870000000000000000000"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000cc0)={0x24, &(0x7f0000000540)=ANY=[@ANYBLOB="400f1100000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

17m36.971865857s ago: executing program 4 (id=658):
syz_open_dev$media(0x0, 0x3, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x2a, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'veth0_to_bridge\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r5, 0x0, 0x488, 0x0, &(0x7f0000000100))
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000240)={0x43, 0x3}, 0x10)
bind$tipc(r4, 0x0, 0x0)
r6 = socket$inet(0x2, 0xa, 0x2)
ioctl$sock_inet_tcp_SIOCINQ(r6, 0x8919, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000005000000fd0900008400000005010000", @ANYRES32, @ANYBLOB="0000000000000001000000000001000000000099eb0433a4a49f20d1bfa41bcae2a35a4e087f31c175c306000000000000006ad5087bdd06fc4c7e9e394ef77138c2c84ecb06e7157252363d87559428da17e5e78fd5fd9f6c49546d033b49cb", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0xd100004c)
socket$inet_sctp(0x2, 0x5, 0x84)

17m34.43707871s ago: executing program 4 (id=666):
socket$inet_icmp(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffe26, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r3 = socket$inet6(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f00000002c0)='\x00', 0x1, 0x20040800, &(0x7f00000000c0)={0xa, 0x0, 0x8, @local, 0x8080}, 0x1c)
getsockopt$bt_hci(r3, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)

17m32.031187243s ago: executing program 4 (id=672):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0xfffffff5, 0x0, 0x0, 0x0, 0xfffffffc})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000007feffff720af0fff8ffffff71a4f0ff0000000061100000000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x178, 0x30, 0x1, 0x0, 0x0, {}, [{0x164, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_bpf={0x11c, 0xf, 0x0, 0x0, {{0x8}, {0x74, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0x2c, 0x4, [{0x7, 0x8, 0x0, 0x4}, {0x5, 0x5, 0x72}, {0x3, 0xfd, 0x5}, {0x7, 0x25, 0x9, 0x800}, {0xed5a, 0x4, 0x8, 0xe2d}]}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x1}, @TCA_ACT_BPF_OPS={0xc, 0x4, [{0x800, 0x5, 0x44, 0x5a2f}]}, @TCA_ACT_BPF_OPS={0x24, 0x4, [{0xf074, 0x7, 0x0, 0x9}, {0x2f, 0x7f, 0x8, 0x7}, {0x2, 0x0, 0x3, 0x101}, {0x6181, 0x5f, 0xf0, 0x1}]}]}, {0x83, 0x6, "bd7b0792be7c5c5815e79acad21155fffa7bb0ba4f2b59ceae428cc5b34e97e7bb1b99905470b5c8b090a99fa7e3324b41f10210bd82e7887e87590a05ffa73fa703d6614f9d757f37e41b0ec82c685178483492fc3d3b4601044263abe65e8a9cec5faeb3301ad2d2a1554ebfa8b62e972fb365507e7565977068832186ab"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100728066008bdbdf256600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b70087000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$tipc(r7, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x300c044)
semctl$SETVAL(0x0, 0x0, 0x10, &(0x7f0000000400))
futex_waitv(0x0, 0x0, 0xf2, 0x0, 0x1)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='btrfs_handle_em_exist\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
r9 = syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r9, 0x4, 0x70bd2a, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @empty}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x40000)

17m29.094798289s ago: executing program 4 (id=676):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x7, 0x5f)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000000)=0x7, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f00000001c0))
syz_emit_ethernet(0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd608a37f2001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa06000003", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000290780012f5d9d14c1c569fba00258c5a808e0de3b4"], 0x0)

17m28.446804751s ago: executing program 4 (id=679):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1201000000000040700c0bf00000000000010902240001000000640904000001030003000921040000012207000905810300040000046e35a6d67a6f269165eea8b4d6c3b7fbb50ceb9f97172bb8e40bc4b018c6331c01f5ca2592e90d34e31fb1716cdf6fd951c8c346be8010f993a7150e5fc128f9e7ff4b65e37db8ac9150c5c845d6966b4a587cc8970aac1d35d1f66647585ba144ca1173c8c002e4d69bac1745225f20cf7dffe0ad478f597d09b7cf87d119e1cab8272564157736d0952d79dfa1e33c20d64a18b0"], 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_io_uring_setup(0x9e, &(0x7f0000000d40)={0x0, 0xdb8, 0x20, 0x2, 0x4f}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x28, 0x2000, @fd_index=0x9, 0x84af, &(0x7f0000000c80)="d7be786915a70e63cf225af68987e8e9646327e9acd21ac9bc362a6bcdf7fa7dc73d6ee35d01602869d50ce474ca04346398d1bdd1b66be4f7ac8e3a26f204e15c2f1c7ba1e2c482bb0ee34ae90a90a3a8bd6773770c9473fdc184fed81184607480eebdffe0280a1a0b56ddbfa25fa1ee98d41b81e373b89b0ce8a96e9adf5c06353fd121fcf8b84059c65a1a86e9f15478b9572ccb6c22497d0b132a82aaa14a209df2981c06492e2184b9881b2c1d24e182a94ef85af4532b93a1", 0xbc, 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000000)="1a", 0x1}], 0x1)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000680)})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001201001700000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r7, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
connect$unix(r5, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x7fffffff, 0x80, 0x1, 0xfffffffffffffffc}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x8, 0x7d3d, 0x0, 0x2, 0x5}, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="400686000000860e22a6102b644b214b72dd7c0d2a82846fabc2299bc32af74f4b284d1ed27fb946dc4edf7f686e9a4eece6daafb4d6ae9dd04b0c08c9a7747c368db0c864dab4447051f92120083b79c128c4e7dc4f761b7b1f6fc863898a7dc04a876e3a4d80ba5c3eac82beee95fafcf350b3a685db5cb00408409c0200484b78d5d6cfbdf5e9eff24a2b"], &(0x7f00000002c0)=ANY=[@ANYBLOB="0003210000000003090c93701c3de6e073338b62b9ac4fa200b8d236ae64b12d6a5c0d8ac1b69821c1377790e121db5184ef765c44c55b4b8737c99964b254a74c526599afc2f5dfc82439be1cf9b1c53ab2da4a845eb120003543b5b45f29f4bc3807f447c896484fb112359c374ce38b6dc4ba3df430f9c24640cd571f8ecb6eeffad93ed07e1feea9dbf38fa8e6ee847977c3c5f45bc72090ccb608641b4111b67274be5c80c1856437e6fa9bb2e823991306a1"], &(0x7f0000000dc0)=ANY=[@ANYBLOB="000fff000000050fff00060010020234fdff1410040125cd5fd8155846ee6b1d885699169edd0a1003000d0053064800ad102252e1fa74c38a6bb18c7b81ff2372f17718428eaadd7f75d80e56057fce8ef0a41382e1e62eff8ff0a54c54ae05aa0cc6906c7d0931c63eeceed69d901cf8245f9884601dc52a0db271af1aee5e19ef84fa9b58832a1ee8d9a48a18b85eaec19bfc59068af7a8af7585a216c0ce332342e10852635b9e7a8cd443d881f6af99849d265bc2d336265a8f73fda96c840cf9c12f539289c1f8f48b4a09733d30abcbc86449d9b9323ea4fa67ce966ea6950710020cf321001410040803ffcb826bce19501ec14cd50fcb61"], &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x4, 0xb, 0x7, "25f3eadb", "eb0c806e"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xd, 0x3, 0x0, 0x4, 0x7, 0x3, 0x101}}}, &(0x7f0000000980)={0x84, &(0x7f00000004c0)={0x40, 0x16, 0x47, "3776252faeba6d313a710793cc5cadae9a676780b6a263665180bfb1bc28e08ac9560596183a5f6fd925e61ea478d425bca00826866b905cbf060bffa2af84ec995f54fd1e5e45"}, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x88}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000bc0)=ANY=[@ANYBLOB="de07331376064ffb41f2fb87bb438463bd9e65d00feafb17ad51e248b4a959c13f55c228ff3ef09db1e3f963cd3ac22aa848d8a1f28f99b322264625266fe1a200997087bc51465ce2c7859eaad9659c4b1a67a4b289a247c520498326ad8faf061e59cd2a54781afad34d563e6f5426453dc98d1d742f2ac67522745fe428d5c0"], &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x20}, &(0x7f0000000740)={0x40, 0xb, 0x2, "f4f4"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0x9}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000800)={0x40, 0x17, 0x4, @local}, &(0x7f0000000840)={0x40, 0x19, 0x2, "9e22"}, &(0x7f0000000880)={0x40, 0x1a, 0x2, 0x9}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0x3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x6}})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0)

17m13.345166995s ago: executing program 32 (id=679):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1201000000000040700c0bf00000000000010902240001000000640904000001030003000921040000012207000905810300040000046e35a6d67a6f269165eea8b4d6c3b7fbb50ceb9f97172bb8e40bc4b018c6331c01f5ca2592e90d34e31fb1716cdf6fd951c8c346be8010f993a7150e5fc128f9e7ff4b65e37db8ac9150c5c845d6966b4a587cc8970aac1d35d1f66647585ba144ca1173c8c002e4d69bac1745225f20cf7dffe0ad478f597d09b7cf87d119e1cab8272564157736d0952d79dfa1e33c20d64a18b0"], 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_io_uring_setup(0x9e, &(0x7f0000000d40)={0x0, 0xdb8, 0x20, 0x2, 0x4f}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x0, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x28, 0x2000, @fd_index=0x9, 0x84af, &(0x7f0000000c80)="d7be786915a70e63cf225af68987e8e9646327e9acd21ac9bc362a6bcdf7fa7dc73d6ee35d01602869d50ce474ca04346398d1bdd1b66be4f7ac8e3a26f204e15c2f1c7ba1e2c482bb0ee34ae90a90a3a8bd6773770c9473fdc184fed81184607480eebdffe0280a1a0b56ddbfa25fa1ee98d41b81e373b89b0ce8a96e9adf5c06353fd121fcf8b84059c65a1a86e9f15478b9572ccb6c22497d0b132a82aaa14a209df2981c06492e2184b9881b2c1d24e182a94ef85af4532b93a1", 0xbc, 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
writev(r1, &(0x7f0000000380)=[{&(0x7f0000000000)="1a", 0x1}], 0x1)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000680)})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001201001700000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r7, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r6}, 0x20)
connect$unix(r5, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0xfffffffffffffffd, 0x7fffffff, 0x80, 0x1, 0xfffffffffffffffc}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x8, 0x7d3d, 0x0, 0x2, 0x5}, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="400686000000860e22a6102b644b214b72dd7c0d2a82846fabc2299bc32af74f4b284d1ed27fb946dc4edf7f686e9a4eece6daafb4d6ae9dd04b0c08c9a7747c368db0c864dab4447051f92120083b79c128c4e7dc4f761b7b1f6fc863898a7dc04a876e3a4d80ba5c3eac82beee95fafcf350b3a685db5cb00408409c0200484b78d5d6cfbdf5e9eff24a2b"], &(0x7f00000002c0)=ANY=[@ANYBLOB="0003210000000003090c93701c3de6e073338b62b9ac4fa200b8d236ae64b12d6a5c0d8ac1b69821c1377790e121db5184ef765c44c55b4b8737c99964b254a74c526599afc2f5dfc82439be1cf9b1c53ab2da4a845eb120003543b5b45f29f4bc3807f447c896484fb112359c374ce38b6dc4ba3df430f9c24640cd571f8ecb6eeffad93ed07e1feea9dbf38fa8e6ee847977c3c5f45bc72090ccb608641b4111b67274be5c80c1856437e6fa9bb2e823991306a1"], &(0x7f0000000dc0)=ANY=[@ANYBLOB="000fff000000050fff00060010020234fdff1410040125cd5fd8155846ee6b1d885699169edd0a1003000d0053064800ad102252e1fa74c38a6bb18c7b81ff2372f17718428eaadd7f75d80e56057fce8ef0a41382e1e62eff8ff0a54c54ae05aa0cc6906c7d0931c63eeceed69d901cf8245f9884601dc52a0db271af1aee5e19ef84fa9b58832a1ee8d9a48a18b85eaec19bfc59068af7a8af7585a216c0ce332342e10852635b9e7a8cd443d881f6af99849d265bc2d336265a8f73fda96c840cf9c12f539289c1f8f48b4a09733d30abcbc86449d9b9323ea4fa67ce966ea6950710020cf321001410040803ffcb826bce19501ec14cd50fcb61"], &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x4, 0xb, 0x7, "25f3eadb", "eb0c806e"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xd, 0x3, 0x0, 0x4, 0x7, 0x3, 0x101}}}, &(0x7f0000000980)={0x84, &(0x7f00000004c0)={0x40, 0x16, 0x47, "3776252faeba6d313a710793cc5cadae9a676780b6a263665180bfb1bc28e08ac9560596183a5f6fd925e61ea478d425bca00826866b905cbf060bffa2af84ec995f54fd1e5e45"}, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x88}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x40}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000bc0)=ANY=[@ANYBLOB="de07331376064ffb41f2fb87bb438463bd9e65d00feafb17ad51e248b4a959c13f55c228ff3ef09db1e3f963cd3ac22aa848d8a1f28f99b322264625266fe1a200997087bc51465ce2c7859eaad9659c4b1a67a4b289a247c520498326ad8faf061e59cd2a54781afad34d563e6f5426453dc98d1d742f2ac67522745fe428d5c0"], &(0x7f00000006c0)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000700)={0x40, 0x9, 0x1, 0x20}, &(0x7f0000000740)={0x40, 0xb, 0x2, "f4f4"}, &(0x7f0000000780)={0x40, 0xf, 0x2, 0x9}, &(0x7f00000007c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000800)={0x40, 0x17, 0x4, @local}, &(0x7f0000000840)={0x40, 0x19, 0x2, "9e22"}, &(0x7f0000000880)={0x40, 0x1a, 0x2, 0x9}, &(0x7f00000008c0)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0x3}, &(0x7f0000000940)={0x40, 0x21, 0x1, 0x6}})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0)

7m2.881185768s ago: executing program 0 (id=2495):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0)
mount$9p_tcp(0x0, &(0x7f00000002c0)='./file0/file0/../file0\x00', 0x0, 0x20000, 0x0)
mount$9p_unix(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000780)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000018, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b4, &(0x7f00000000c0)="$eJzs3c9vHGf9B/D3rNcbO98qX6dN2ggVESVSQYpInFgphAsBIZRDhapy4IqVOI2VjVPZLnIrBC5FcELi0D+gIPmGOCBxDwrncuvVx0pIXCIOERyMZnbWXnvX8Tr+GXi9ovHzzDzPPPPZzz4z411ntQH+Z926lOajFLl16a2lcn11Zaq9ujJ1om5uJynrjaTZKVLMJcXj5GbZXvQs6Sn7fDJ7453Pn6x+0Vlr1kvVv/Gs/QYY0He5XnI+yUhd9hsd9hCbxrud5KW+Lq1hx2plbGOlTNrFuoQjt9ZneTe77+a8BY6Z7m2s6Nw3+0wkJ5PqFlb9TlBfHRqHF+HB2NVVDgAAAF5Qnz086ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxVN//39RL426zPkU3e//b3W31fUX2qOjDgAAAAAAAAAA9sFXnuZplnKqu75WVH/zv1CtnMm/1pL/y/tZyEzmczlLmc5iFjOfq0kmegZqLU0vLs5fXd+zNHjPawP3vHZYjxgAAAAAAAAA/iv9Irc2/v4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQZGMdIpqOdOtT6TR7FTTKn8sJ3/r1l8QxaCNjw4/DgAAANiTsefY5/+f5mmWcirJH8v1taJ6zf9q9Xp5LO9nLouZzWLamcmd+jV0+aq/sboy1V5dmXpQLv3jfucfuwqjGjGd9x4GH/lc1WM8dzNbbbmc21Uwd9Ko9iyd68YzOK6PypiKb9eGjKxZp7U82G+3exdhX+z2rYiJMrhkPSOTdWxlNk53MlBUb9QkWzPx7Gfn3wOOlEZG1490NY31d37OHEDOT9Zl+Xh+daA53631TDRSZeJaz+x79dmZSL765z/86F577v69uwuXjs9D2sHINtu3zompnky8NigTvQMd60w0d9l/ssrE2fX1W/l+fphLOZ+3M5/Z/CTTWcxM1ur26Xo+lz8nnj1nbm5ae3unSFr189JJ9TAxnc/3qtp0LlT7nspsijzMnczkzerftVzNN3I913Oj5xk+u23c1WOrzvrG1rO++0z/ZWDwF79WV8aT/Lou+3KwxXazc790rv1lXk/35LUz65+s9zrdcx5M9mTp5W52RgcO/jzXxuaX6kp5jI/r8niYqDNRnkDdu0Q3ulc6mWhW96L+ef676txYaM/dn783/d424y9vWX+jLstptfLlYaMc/FTsr3K+vJyx+kqyeXaUba+sX2VOb7qrtuq/uHTaGn1tZ6u2ouieqT/oO1PL+Vqeqa36d7j+ka5Vba8NbJuq2s71tG36fSsP086dQ8gfAHs0kZOt8b+Pfzb+6fgvx++NvzX23RPfPPF6K6N/Hf1Wc3LkjcbrxZ/yaX5Wvf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2aOGDD+9Pt9sz84Mrje2bdqjsNPKWSlF/oc+we/34ZPJ8gR1OZSzJpi2j5YZ9O8THQ3Ye3xpGX2Xt58mh56f7JYKD+/ymrDQzzIA3d+rz0ZHPhGNZGd040UYyeAIc8YUJOHBXFh+8d2Xhgw+/Pvtg+t2Zd2fmRq9fvzF54/qbU1fuzrZnJjs/jzpK4CBs3PSPOhIAAAAAAAAAAABgWIM+IXDhpZ0+NDLUZzz8z0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX9y6lOajFLk6eXmyXF9dmWqXS7e+0bOZpNFIip8mxePkZjpLJnqGK/L7x1kbcJxPZm+88/mT1S82xmp2+ieNutyD5XrJ+SQjdblf493e83jFP7uPsEzYxW7i4Kj9JwAA//93mPQP")
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000107d1eb42d00000000000109022400010000002209040000010300020009210000000122040009058103"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000005c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x200400c1)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000000)=ANY=[@ANYBLOB="0600008300"], 0x8)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_LOOPBACK(r2, 0x65, 0x20, 0x0, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x4200, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_usb_control_io(r1, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
setreuid(0xffffffffffffffff, r3)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
setsockopt$ax25_int(r4, 0x101, 0x9, &(0x7f0000000200)=0xfffffffe, 0x4)

6m58.13548934s ago: executing program 0 (id=2505):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6(0xa, 0x3, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYRES32=r0], &(0x7f00000004c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000780)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1a000}}, 0x40)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r4, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
recvmmsg(r4, &(0x7f00000031c0)=[{{0x0, 0x1802, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/135, 0x87}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/146, 0x92}, {&(0x7f0000000080)=""/43, 0x2b}, {&(0x7f0000000a80)=""/242, 0xf2}, {&(0x7f0000000b80)=""/143, 0x8f}], 0x4}, 0x2}], 0x400000000000300, 0x22, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))

6m57.306737093s ago: executing program 0 (id=2507):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_bond\x00', &(0x7f0000000000)=@ethtool_cmd={0x3f, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5}})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000001540)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)="87eb0607f93a9730a5159fa02817ed12cba017989365f4689a94f63ec2bed1c1ef653112019dfd725f1353b691de76632b95338680b25a7de033bca310129e0d519d158d0e7776bd", 0x48}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x3}], 0x30}], 0x1, 0x0)
recvmsg$can_bcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/88, 0x58}], 0x1}, 0x10000)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x20, r6, 0x301, 0x0, 0x0, {{}, {@void, @void, @val={0xc, 0x99, {0x2, 0x29}}}}}, 0x20}}, 0x40)
r7 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r7, 0x0, 0x0)

6m57.163215106s ago: executing program 0 (id=2509):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = io_uring_setup(0x479, &(0x7f0000000ac0)={0x0, 0x3, 0x2, 0x2, 0x4000020})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2903097, 0x0)
umount2(&(0x7f00000003c0)='./file0\x00', 0xa)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x206d0d1, 0x0)
umount2(&(0x7f0000000080)='./file0/file0\x00', 0x1)
umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
close_range(r1, 0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000000)

6m55.144152781s ago: executing program 0 (id=2514):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008000000000000"], 0x50)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@typedef={0x2}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}, &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0xb, r4, 0x8, 0x0, 0x0, 0x14, 0x0, 0x14}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r6 = socket(0x1, 0x803, 0x1)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r7, @ANYBLOB="14000200ff02000000000000000000000000000108000800028d"], 0x34}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r9)
sendmsg$inet6(r9, 0x0, 0x0)

6m53.837579774s ago: executing program 0 (id=2518):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40002}, [@call={0x85, 0x0, 0x0, 0x6d}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r2, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000aa, &(0x7f00000003c0)=[0x0], &(0x7f0000000440), 0x0, 0xe9, &(0x7f0000000340)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000500), &(0x7f00000002c0), 0x8, 0x36, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x1000)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f0000000380)={0x1, 0x100, 0x4, {0x4, 0x7, 0x780000, 0xfcad}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000400)=[{{&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x842}}], 0x18}}], 0x1, 0x0)
r6 = openat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000700)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x90, 0x90, 0xb, [@var={0x1, 0x0, 0x0, 0xe, 0x5, 0x1}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x2}, @enum={0x3, 0xa, 0x0, 0x6, 0x4, [{0x6, 0xe49f}, {0xa, 0x4}, {0x0, 0xf8c}, {0x5, 0x10001}, {0x0, 0x9}, {0xf, 0x1}, {0xf}, {0x3, 0x83a}, {0x6, 0x8}, {0x9, 0x80000000}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x9}}]}, {0x0, [0x5f, 0x0, 0x0, 0x2e, 0x5f, 0x61, 0x0, 0x2e, 0x0]}}, &(0x7f0000000a00)=""/247, 0xb3, 0xf7, 0x1, 0x5}, 0x28)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000180)=[r4, r4, r4, r4], 0x4)
r7 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x89f0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000b40)=ANY=[@ANYRES32=0x0, @ANYBLOB="0600b8007f70fe3646d55aa59aeea00ba402efd5b437d3ec7c74cedbf2a13f861f03b7c515e16cc44d67934abf182a09c5c45152b13ca531743db0bee0fd20cf399d9d204100881879a000186d49eb9c91be3bc3ddaae1b6337d3279cdf017ee2f4b733db34f92ace3d377091b58290208fedcec275e3d932993b28be7a569c92100df96fcc4fcb854a3d53f4d363667ac045b3a4d20cef02f61955beb22d855d28a96a8420563704fe80e4e39d2be8d86ea5cbf00"/192], 0xc0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

6m52.812556319s ago: executing program 33 (id=2518):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40002}, [@call={0x85, 0x0, 0x0, 0x6d}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r1}, 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r2, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000aa, &(0x7f00000003c0)=[0x0], &(0x7f0000000440), 0x0, 0xe9, &(0x7f0000000340)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000500), &(0x7f00000002c0), 0x8, 0x36, 0x8, 0x8, &(0x7f0000000580)}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x1000)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f0000000380)={0x1, 0x100, 0x4, {0x4, 0x7, 0x780000, 0xfcad}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000400)=[{{&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x842}}], 0x18}}], 0x1, 0x0)
r6 = openat2(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000700)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x90, 0x90, 0xb, [@var={0x1, 0x0, 0x0, 0xe, 0x5, 0x1}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x2}, @enum={0x3, 0xa, 0x0, 0x6, 0x4, [{0x6, 0xe49f}, {0xa, 0x4}, {0x0, 0xf8c}, {0x5, 0x10001}, {0x0, 0x9}, {0xf, 0x1}, {0xf}, {0x3, 0x83a}, {0x6, 0x8}, {0x9, 0x80000000}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x9}}]}, {0x0, [0x5f, 0x0, 0x0, 0x2e, 0x5f, 0x61, 0x0, 0x2e, 0x0]}}, &(0x7f0000000a00)=""/247, 0xb3, 0xf7, 0x1, 0x5}, 0x28)
io_uring_register$IORING_REGISTER_FILES(r6, 0x2, &(0x7f0000000180)=[r4, r4, r4, r4], 0x4)
r7 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x89f0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x17, &(0x7f0000000b40)=ANY=[@ANYRES32=0x0, @ANYBLOB="0600b8007f70fe3646d55aa59aeea00ba402efd5b437d3ec7c74cedbf2a13f861f03b7c515e16cc44d67934abf182a09c5c45152b13ca531743db0bee0fd20cf399d9d204100881879a000186d49eb9c91be3bc3ddaae1b6337d3279cdf017ee2f4b733db34f92ace3d377091b58290208fedcec275e3d932993b28be7a569c92100df96fcc4fcb854a3d53f4d363667ac045b3a4d20cef02f61955beb22d855d28a96a8420563704fe80e4e39d2be8d86ea5cbf00"/192], 0xc0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3m28.341166071s ago: executing program 1 (id=3126):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newtfilter={0x38, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x2, 0x2e}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000010}, 0x10000840)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000000080)=ANY=[])

3m26.17582151s ago: executing program 1 (id=3127):
r0 = socket$inet(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x268, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x348, 0xffffffff, 0xffffffff, 0x348, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1d}, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'macvlan0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2c8)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000200004000000000060000000000000002000040"])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000dc0)=@newqdisc={0x34, 0x24, 0x4, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x80)
unshare(0x22020600)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
semctl$GETALL(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000100)=""/214)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r7, <r8=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmmsg$unix(r10, &(0x7f00000bd000), 0x318, 0x0)
syz_clone(0x400000, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r11 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r11, &(0x7f0000000580)='1\x00', 0x2)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086d040ec20000000000010902"], 0x0)
write$sysctl(r11, &(0x7f0000000000)='2\x00', 0x2)
getsockopt$sock_buf(r9, 0x1, 0x1a, &(0x7f0000000100)=""/2, &(0x7f0000000140)=0x2)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r6, 0xc01864b1, &(0x7f0000000440)={r8, 0x2, 0xa, 0x1, &(0x7f0000000200)=[{0x0, 0x9, 0xf0}]})
r12 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
fallocate(r12, 0x2, 0x20000000000003, 0x8000000000000001)

3m22.642995307s ago: executing program 1 (id=3141):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8080, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000140)={0x200, 0x7ff, 0xffffffff, 0x7, 0x18, "2feec5d81063dcfa2b135001926a9e7878128c"})

3m20.74016823s ago: executing program 1 (id=3147):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000200)={0x0, &(0x7f0000000440)=[@in_dx={0x82, 0x20, {0x2562, 0x6}}, @wr_drn={0x6e, 0x20, {0x1, 0x5}}, @uexit={0x0, 0x18, 0xb65}, @uexit={0x0, 0x18, 0x5}, @wrmsr={0x1e, 0x20, {0xbb5, 0x6}}, @out_dx={0xaa, 0x28, {0xa683, 0x2, 0x8000}}, @cpuid={0x14, 0x18, {0x9, 0x2}}, @out_dx={0xaa, 0x28, {0x391a, 0x4, 0x9}}, @cpuid={0x14, 0x18, {0x7, 0x1}}, @in_dx={0x82, 0x20, {0xb518, 0x1}}, @wr_drn={0x6e, 0x20, {0x1, 0x3}}, @out_dx={0xaa, 0x28, {0xe085, 0x4, 0x800}}, @wr_crn={0x46, 0x20, {0x4, 0x1}}, @wr_drn={0x6e, 0x20, {0x5, 0x8000000000000000}}, @out_dx={0xaa, 0x28, {0x5053, 0x5, 0x949}}], 0x1e0})
ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)={[{0x3cd2ef60, 0xfffd, 0x1, 0xff, 0x8, 0x80, 0x8, 0xb, 0x90, 0x0, 0x7, 0x7, 0x3c5baf4e}, {0xa9, 0xd9, 0x0, 0x2, 0xb, 0x8, 0x5, 0x6, 0xb, 0x1, 0x3, 0x9, 0xf2}, {0x7fffffff, 0x4, 0xc, 0x2, 0x0, 0x2, 0x7, 0x0, 0x9, 0x4, 0x8, 0x4, 0x1}], 0x7})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0x8, 0x2, 0x81, 0xffffffffefffff14, 0x3, 0x100000000, 0x3, 0x4]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 5)

3m20.067881866s ago: executing program 1 (id=3150):
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
socket(0xa, 0x1, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_clone(0x4600c91, 0x0, 0xfffffffffffffef6, 0x0, 0x0, 0x0)
r0 = shmat(0x0, &(0x7f0000008000/0x3000)=nil, 0x0)
shmdt(r0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x8a441, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
openat$autofs(0xffffffffffffff9c, 0x0, 0x541200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x80040, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x62)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x8, 0x10, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001aa40)=""/102400, 0x19000)

3m17.868047053s ago: executing program 1 (id=3155):
mount$tmpfs(0x0, 0x0, 0x0, 0x228a034, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x104000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_dev$vim2m(0x0, 0x3, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x20, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x33)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, 0x0, &(0x7f0000000200))

3m2.720235519s ago: executing program 34 (id=3155):
mount$tmpfs(0x0, 0x0, 0x0, 0x228a034, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x104000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = syz_open_dev$vim2m(0x0, 0x3, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x20, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x33)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, 0x0, &(0x7f0000000200))

1m9.733721768s ago: executing program 3 (id=3570):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000009fc0)=[{{&(0x7f0000000200)={0xa, 0x4e22, 0x9, @empty, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000840)=[@rthdrdstopts={{0x11, 0x29, 0x37, {0x49}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x40}}], 0x1, 0x20000811)

1m9.388762575s ago: executing program 3 (id=3573):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0a", 0x219}], 0x1}}], 0x1, 0x4000001)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000075c0)={0x2020}, 0x2020)
shutdown(r1, 0x1)

1m7.491688621s ago: executing program 3 (id=3579):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000080)=""/43)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x218000, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000003c0)='illinois\x00', 0x9)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x2)
ioprio_get$pid(0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x50, '\x00', 0x0, 0x2}, 0x94)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="cb000000150081054e81f782db44b904021f08010a000000040000a118000200ac141414ffff0d1208000f0100810401880016ea1f0006ea7f400303000803600cfab94dcf5c046181d67f6f94007134cf6ee080005c4ab0f45312b3429fa0e408f456211bef32d4760000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd60100730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee", 0xcb}], 0x1, 0x0, 0x0, 0x7400}, 0x44804)
gettid()
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/icmp6\x00')
pread64(r6, &(0x7f000001a240)=""/102395, 0x18ffb, 0x41e)
r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x313002, 0x0)
write$cgroup_int(r7, 0x0, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x101001, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r8, r9, 0x0, 0x20000023896)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f00000000c0)={0xc})
ioctl$FS_IOC_SETFLAGS(r0, 0x40046f41, &(0x7f0000000440)=0x1f)

1m1.651573091s ago: executing program 3 (id=3592):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000508000a40000000000900020073797a31000000000900010073797a300000000008000540000000213c0000001e0a05010000000000000000070000070900020073797a31000000000900010073797a3000000000100003800c"], 0xc0}}, 0x0)

1m1.21603595s ago: executing program 3 (id=3593):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

59.744425537s ago: executing program 3 (id=3594):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

44.551820105s ago: executing program 35 (id=3594):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

11.746195553s ago: executing program 6 (id=3751):
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f0000000280)=r1)
close_range(r0, r1, 0x0)

11.651910503s ago: executing program 6 (id=3752):
r0 = socket$inet6(0xa, 0x802, 0x0)
sendmmsg$inet6(r0, &(0x7f0000009fc0)=[{{&(0x7f0000000200)={0xa, 0x4e22, 0x9, @empty, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000840)=[@pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x28}}], 0x1, 0x20000811)

11.337036109s ago: executing program 6 (id=3756):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002380)={0x20, r1, 0x301, 0x8, 0x25dfdbfc, {0x1c}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x200400c4}, 0x4040)

11.084487595s ago: executing program 6 (id=3760):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2040400)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
mkdir(0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001000a0000000800050000"], 0x54}}, 0x0)

9.530358957s ago: executing program 6 (id=3763):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="002202"], 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000100)={0x20, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000200)=[{0xf8, 0x2000, 0x0, 0x0}], 0x1})

8.244036325s ago: executing program 5 (id=3765):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000270600000ee60000bf2500000000000073350000000000006507000002001000070700004c0000001f75000000000000bf54000000000000070400004400f9f0ad32010000000000950000000000000005000000000000009500000000000000debfa255e44e4cc39f211fb04d7f202e6a53bd86bde99b679b4e6d24b8125690361eec3b181dcfd7c2fb2d1f8975b579a085bee32d414c1f3ab987a9de6385ae8021f4ca33b9b35fe817e98beb9cefe7f40fd6f0ea3affbdaaa897c70fb01d270a7b00d36fb5ab8fa92ac014a106e3e4decc68652503ca54fcef437d96c8a05d59ddcc8abf09cd77e93e940207b03189c5d4661e43df6f1f036c8d85a2ad7615a021f8cbe507ef94fb9f33315366e9ae080000001b532226b63b460d68808a67529637bf7f6731ad0cf1718bae3c8b9d2f89050cb496fe791381af6fab290900000000000000d640a5fde1f7d5eaa97cd25523fbd77300000000000000d67559b0c848aa3e7091f33e2dfc351e903ce85488fb25691249545bcf877011847df184bae6d3f5d0c016ec7d581d5b2fcb494d8c2df1929398ec5c3675ed16c27fff46a695eed7f50c531a612d5677b5e949ee4f16d10e41074702c4e89ee401ec2ec65f38f64189f1fa2cc0a42add3119025764759de2f093c26fe51d2f7635bb06bdf0b97d4a96cb0813e084232421c6026629fbf4c81954d11e154659b54fcf3468577295"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000c0000004208000040000000"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000001c0), 0x10f0, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000640), 0x16c5, r0}, 0x38)

7.72691496s ago: executing program 5 (id=3768):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB], &(0x7f0000001700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x3})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000b40)=[{{&(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000500)}, {0xfffffffffffffffc}], 0x3, &(0x7f0000000a40)=[@rights={{0x14, 0x1, 0x1, [r3]}}, @rights={{0x1c, 0x1, 0x1, [r5, r1, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r6, r6, 0xffffffffffffffff]}}], 0xb8, 0x4000000}}], 0x1, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=@GFS2_SMALL_FH_SIZE={0x10, 0x4, {0x2ce, 0x0, 0x4ac00000, 0x2}}, 0x101301)
syz_emit_ethernet(0x56, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x121301, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)

7.681578528s ago: executing program 7 (id=3769):
r0 = socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0xf0}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)

7.416097894s ago: executing program 7 (id=3771):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0xffffffff}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rt_sigaction(0x19, 0x0, 0x0, 0x0, 0x0)
mlockall(0x2)
r2 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r2, 0xb)
shmat(r2, &(0x7f0000ffd000/0x1000)=nil, 0x7000)

5.197722245s ago: executing program 6 (id=3776):
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7cb, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x8, 0x0, &(0x7f0000000100))
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f00000002c0)={0x2, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@mpls_delroute={0x1c, 0x19, 0x403, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x1, 0x100000}}, 0x1c}}, 0x20008880)
sendmmsg$sock(r7, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4, "b0d5b301d1f8337291bd9c59c55dc059097d659cfe0320cadd0901cd3b14689e1c77bcf683e35c68f0455930ab19ce80052e1b4d478fc7c371bd292e05a810", 0x3a}, 0x80, 0x0}}], 0x1, 0x48094)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x7eb, 0x4, 0xb49, 0xfffffffff7fffffa, 0xa, 0x610, 0x100003}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000780)={0x2, {{0xa, 0x4e22, 0x1, @mcast2}}}, 0x90)
sched_setscheduler(0x0, 0x0, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)

5.124217557s ago: executing program 2 (id=3777):
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setresuid(r0, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f00000193c0)=ANY=[@ANYBLOB="18000000000000000000000000000000630118000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.976107687s ago: executing program 2 (id=3779):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBDIACR(r0, 0x4b4b, &(0x7f0000000080))

4.940504145s ago: executing program 5 (id=3780):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xce)
ioctl$SIOCAX25ADDUID(r3, 0x541b, &(0x7f00000000c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})

3.837781313s ago: executing program 2 (id=3782):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYBLOB='\x00\x00\x00'], 0x0, 0x18, 0x0, 0x0, 0x40f00, 0x4b, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r0}, 0x18)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

3.714767107s ago: executing program 8 (id=3783):
socket(0x2, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r5 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x40)
ftruncate(r5, 0x2007ffd)
sendfile(0xffffffffffffffff, r4, 0x0, 0x1000a3)

3.700637842s ago: executing program 5 (id=3784):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000019200)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f0000000800)={@fd, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x1}, @fda={0x66646185, 0x5, 0x1, 0xfc}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

2.734753444s ago: executing program 2 (id=3785):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x2d, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x0, 0x8, {}, {0xffffffffffffffff}, 0x1ffc0000000})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_clone3(&(0x7f0000003b00)={0x20ca6bd519f76f4b, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, 0x0}, 0x58)
futex_waitv(0x0, 0x0, 0x0, &(0x7f00000007c0)={0x0, 0x989680}, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)

2.734168007s ago: executing program 8 (id=3786):
syz_io_uring_setup(0xcd9, 0x0, &(0x7f0000000340), &(0x7f0000000300))
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1c1}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r4 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000200)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b31", 0x27}], 0x1, 0x0, 0x0, 0x2}], 0x1, 0x0)
recvmmsg(r4, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000740), 0x0, &(0x7f0000000840)=""/114, 0x72}, 0x9}, {{&(0x7f00000008c0)=@nl=@proc, 0x80, &(0x7f0000000280)=[{&(0x7f0000000940)=""/228, 0xe4}, {&(0x7f0000000a40)=""/117, 0x75}, {&(0x7f0000000180)=""/60, 0x3c}], 0x3, &(0x7f0000000ac0)=""/239, 0xef}, 0x1}, {{&(0x7f0000000bc0)=@nfc, 0x80, &(0x7f0000000f00)=[{&(0x7f0000003240)=""/4096, 0x1000}, {&(0x7f0000000c40)=""/199, 0xc7}, {0x0}, {&(0x7f0000000d40)=""/237, 0xed}, {&(0x7f0000000e40)=""/169, 0xa9}], 0x5, &(0x7f0000000f80)=""/182, 0xb6}, 0x80}, {{&(0x7f0000001040)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000001380)=[{&(0x7f00000010c0)=""/85, 0x55}, {&(0x7f0000001140)=""/152, 0x98}, {&(0x7f0000001200)=""/54, 0x36}, {&(0x7f0000001240)=""/52, 0x34}, {&(0x7f0000001280)=""/3, 0x3}, {&(0x7f00000012c0)}, {0x0}], 0x7, &(0x7f0000001540)=""/134, 0x86}, 0x9}], 0x4, 0x2003, 0x0)

2.694335443s ago: executing program 7 (id=3787):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)

2.693566081s ago: executing program 5 (id=3788):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x4000, 0x1)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e8007feff8763", 0x8)
r4 = syz_clone(0x100080, &(0x7f0000000340), 0x0, 0x0, &(0x7f00000003c0), 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1, 0x0, r4}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x0)

2.408114536s ago: executing program 7 (id=3789):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0001086970768a616e08000c0002800600010000000000050027"], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1.608162466s ago: executing program 8 (id=3790):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

1.089626678s ago: executing program 8 (id=3791):
socket$inet(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r2 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
kcmp(r2, r2, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34524742, 0x0, 0x7, [{}, {0xfffffffa}, {0x9}, {}, {0x9}, {0x0, 0x4}, {0x2000000}, {0xc28f}], 0x2}})
fcntl$getflags(0xffffffffffffffff, 0xb)
getrlimit(0x7, &(0x7f0000000100))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)

407.98844ms ago: executing program 2 (id=3792):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDGKBDIACR(r0, 0x4b4b, &(0x7f0000000080))

407.787542ms ago: executing program 7 (id=3793):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x40, 0xff, 0x0, 0xffeffffe}, {0x6, 0x60, 0x0, 0x8}]})
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000040)=0x401)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
r2 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000080)=0x2)
close_range(r1, 0xffffffffffffffff, 0x0)

267.718853ms ago: executing program 8 (id=3794):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='/dev/kvm\x00', 0x9)

149.509132ms ago: executing program 5 (id=3795):
r0 = openat$kvm(0x0, 0x0, 0x800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000002380)=[{&(0x7f00000022c0)=""/136, 0x88}], 0x1, 0x5, 0x9)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000002280)={0x28, 0x0, r2, {{0x4, 0x4c0000000000000}}}, 0x28)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r1, 0x0, 0x0)
ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f0000000080)=0x1)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f00000003c0)={0x7, 0x9, 0x380000, 0x6794, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xc, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x3, 0x200000080000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x5, 0x0, 0x100, 0x6, 0x2, 0x5, 0x3, 0x34, 0x8})
openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

115.187667ms ago: executing program 2 (id=3796):
socket(0x2, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0)
r5 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x40)
ftruncate(r5, 0x2007ffd)
sendfile(0xffffffffffffffff, r4, 0x0, 0x1000a3)

92.655422ms ago: executing program 7 (id=3797):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3c}, 0x94)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
close(0x3)

0s ago: executing program 8 (id=3798):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x1}, 0x18)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

kernel console output (not intermixed with test programs):

 yet configured!
[ 1111.753887][ T5875] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1111.768398][T17161] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1111.798777][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1111.900981][ T5875] usb 6-1: config 0 descriptor??
[ 1111.936853][ T5875] usb 6-1: can't set config #0, error -71
[ 1111.952213][ T5875] usb 6-1: USB disconnect, device number 46
[ 1111.993354][T17161] veth0_vlan: entered promiscuous mode
[ 1112.048625][T17161] veth1_vlan: entered promiscuous mode
[ 1112.108019][T17335] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2975'.
[ 1112.124233][T17161] veth0_macvtap: entered promiscuous mode
[ 1112.146337][T17161] veth1_macvtap: entered promiscuous mode
[ 1112.155409][T17335] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2975'.
[ 1112.185355][T17335] netlink: 43 bytes leftover after parsing attributes in process `syz.6.2975'.
[ 1112.205103][T17335] netlink: 'syz.6.2975': attribute type 6 has an invalid length.
[ 1112.207608][T17161] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1112.220734][T17335] netlink: 'syz.6.2975': attribute type 5 has an invalid length.
[ 1112.237428][T17335] netlink: 43 bytes leftover after parsing attributes in process `syz.6.2975'.
[ 1112.241592][T17161] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1112.267776][T12627] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.278316][ T5875] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1112.306270][T12627] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.324722][T12627] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.352258][T12627] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1112.450288][ T5875] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1112.471936][ T5875] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1112.501199][ T5875] usb 6-1: config 0 descriptor??
[ 1112.527723][ T5875] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1112.542260][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1112.569253][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1112.616496][   T24] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1112.649144][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1112.663133][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1112.738727][T17333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1112.771694][T17333] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1112.788244][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1113.907471][T17355] netlink: 312 bytes leftover after parsing attributes in process `syz.6.2981'.
[ 1114.169887][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1114.325823][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1114.330451][ T5875] gspca_stv06xx: I2C: Read error writing address: -71
[ 1114.356339][   T24] usb 4-1: Product: syz
[ 1114.360557][   T24] usb 4-1: Manufacturer: syz
[ 1114.365181][   T24] usb 4-1: SerialNumber: syz
[ 1114.370609][ T5875] usb 6-1: USB disconnect, device number 47
[ 1114.737616][   T24] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 69 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1114.939609][T15782] usb 4-1: USB disconnect, device number 69
[ 1114.982435][T15782] usblp0: removed
[ 1115.852574][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.183441][   T30] audit: type=1326 audit(1758358195.041:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.289568][   T30] audit: type=1326 audit(1758358195.041:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.294699][T17382] FAULT_INJECTION: forcing a failure.
[ 1116.294699][T17382] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.386267][   T30] audit: type=1326 audit(1758358195.041:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.426703][T17382] CPU: 1 UID: 0 PID: 17382 Comm: syz.3.2989 Not tainted syzkaller #0 PREEMPT(full) 
[ 1116.426739][T17382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1116.426752][T17382] Call Trace:
[ 1116.426760][T17382]  <TASK>
[ 1116.426769][T17382]  dump_stack_lvl+0x189/0x250
[ 1116.426800][T17382]  ? __pfx____ratelimit+0x10/0x10
[ 1116.426824][T17382]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1116.426850][T17382]  ? __pfx__printk+0x10/0x10
[ 1116.426880][T17382]  ? save_netdev_trace_buffer+0x4e2/0x5e0
[ 1116.426926][T17382]  should_fail_ex+0x414/0x560
[ 1116.426961][T17382]  should_failslab+0xa8/0x100
[ 1116.426987][T17382]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1116.427018][T17382]  ? skb_clone+0x212/0x3a0
[ 1116.427050][T17382]  skb_clone+0x212/0x3a0
[ 1116.427080][T17382]  __netlink_deliver_tap+0x424/0x8b0
[ 1116.427116][T17382]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1116.427141][T17382]  netlink_deliver_tap+0x19c/0x1b0
[ 1116.427164][T17382]  netlink_unicast+0x7fa/0x9e0
[ 1116.427206][T17382]  ? __pfx_netlink_unicast+0x10/0x10
[ 1116.427240][T17382]  ? netlink_sendmsg+0x642/0xb30
[ 1116.427260][T17382]  ? skb_put+0x11b/0x210
[ 1116.427287][T17382]  netlink_sendmsg+0x805/0xb30
[ 1116.427320][T17382]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1116.427348][T17382]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1116.427379][T17382]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1116.427402][T17382]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1116.427426][T17382]  __sock_sendmsg+0x21c/0x270
[ 1116.427462][T17382]  ____sys_sendmsg+0x505/0x830
[ 1116.427505][T17382]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1116.427542][T17382]  ? import_iovec+0x74/0xa0
[ 1116.427569][T17382]  ___sys_sendmsg+0x21f/0x2a0
[ 1116.427598][T17382]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1116.427665][T17382]  ? __fget_files+0x2a/0x420
[ 1116.427685][T17382]  ? __fget_files+0x3a0/0x420
[ 1116.427719][T17382]  __x64_sys_sendmsg+0x19b/0x260
[ 1116.427748][T17382]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1116.427784][T17382]  ? __pfx_ksys_write+0x10/0x10
[ 1116.427819][T17382]  ? do_syscall_64+0xbe/0xfa0
[ 1116.427849][T17382]  do_syscall_64+0xfa/0xfa0
[ 1116.427872][T17382]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1116.427898][T17382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.427919][T17382]  ? clear_bhb_loop+0x60/0xb0
[ 1116.427945][T17382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.427964][T17382] RIP: 0033:0x7f7ef0b8ec29
[ 1116.427984][T17382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1116.428002][T17382] RSP: 002b:00007f7ef1ad0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1116.428026][T17382] RAX: ffffffffffffffda RBX: 00007f7ef0dd5fa0 RCX: 00007f7ef0b8ec29
[ 1116.428042][T17382] RDX: 0000000000000000 RSI: 0000200000002540 RDI: 0000000000000003
[ 1116.428055][T17382] RBP: 00007f7ef1ad0090 R08: 0000000000000000 R09: 0000000000000000
[ 1116.428069][T17382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1116.428082][T17382] R13: 00007f7ef0dd6038 R14: 00007f7ef0dd5fa0 R15: 00007ffcce922628
[ 1116.428118][T17382]  </TASK>
[ 1116.476255][   T30] audit: type=1326 audit(1758358195.041:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.790092][   T30] audit: type=1326 audit(1758358195.041:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.817628][T17069] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1116.831752][T17069] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1116.849188][T17069] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1116.857677][T17069] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1116.865374][T17069] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1116.943739][   T30] audit: type=1326 audit(1758358195.081:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1116.986753][T17388] FAULT_INJECTION: forcing a failure.
[ 1116.986753][T17388] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.991215][   T30] audit: type=1326 audit(1758358195.081:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1117.032221][   T30] audit: type=1326 audit(1758358195.081:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b18ec29 code=0x7ffc0000
[ 1117.056243][T17388] CPU: 0 UID: 0 PID: 17388 Comm: syz.2.2990 Not tainted syzkaller #0 PREEMPT(full) 
[ 1117.056269][T17388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1117.056282][T17388] Call Trace:
[ 1117.056291][T17388]  <TASK>
[ 1117.056300][T17388]  dump_stack_lvl+0x189/0x250
[ 1117.056330][T17388]  ? __pfx____ratelimit+0x10/0x10
[ 1117.056354][T17388]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1117.056379][T17388]  ? __pfx__printk+0x10/0x10
[ 1117.056406][T17388]  ? save_netdev_trace_buffer+0x4e2/0x5e0
[ 1117.056451][T17388]  should_fail_ex+0x414/0x560
[ 1117.056494][T17388]  should_failslab+0xa8/0x100
[ 1117.056520][T17388]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1117.056550][T17388]  ? skb_clone+0x212/0x3a0
[ 1117.056580][T17388]  skb_clone+0x212/0x3a0
[ 1117.056607][T17388]  __netlink_deliver_tap+0x424/0x8b0
[ 1117.056644][T17388]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1117.056667][T17388]  netlink_deliver_tap+0x19c/0x1b0
[ 1117.056689][T17388]  netlink_unicast+0x7fa/0x9e0
[ 1117.056727][T17388]  ? __pfx_netlink_unicast+0x10/0x10
[ 1117.056770][T17388]  ? netlink_sendmsg+0x642/0xb30
[ 1117.056808][T17388]  ? skb_put+0x11b/0x210
[ 1117.056833][T17388]  netlink_sendmsg+0x805/0xb30
[ 1117.056864][T17388]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1117.056890][T17388]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1117.056930][T17388]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1117.056950][T17388]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1117.056972][T17388]  __sock_sendmsg+0x21c/0x270
[ 1117.057004][T17388]  ____sys_sendmsg+0x505/0x830
[ 1117.057033][T17388]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1117.057067][T17388]  ? import_iovec+0x74/0xa0
[ 1117.057093][T17388]  ___sys_sendmsg+0x21f/0x2a0
[ 1117.057120][T17388]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1117.057181][T17388]  ? __fget_files+0x2a/0x420
[ 1117.057200][T17388]  ? __fget_files+0x3a0/0x420
[ 1117.057230][T17388]  __x64_sys_sendmsg+0x19b/0x260
[ 1117.057258][T17388]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1117.057292][T17388]  ? __pfx_ksys_write+0x10/0x10
[ 1117.057325][T17388]  ? do_syscall_64+0xbe/0xfa0
[ 1117.057353][T17388]  do_syscall_64+0xfa/0xfa0
[ 1117.057374][T17388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1117.057396][T17388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1117.057416][T17388]  ? clear_bhb_loop+0x60/0xb0
[ 1117.057440][T17388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1117.057467][T17388] RIP: 0033:0x7f1c5b18ec29
[ 1117.057485][T17388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1117.057502][T17388] RSP: 002b:00007f1c5bffd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1117.057523][T17388] RAX: ffffffffffffffda RBX: 00007f1c5b3d5fa0 RCX: 00007f1c5b18ec29
[ 1117.057539][T17388] RDX: 0000000004000080 RSI: 0000200000001200 RDI: 0000000000000006
[ 1117.057552][T17388] RBP: 00007f1c5bffd090 R08: 0000000000000000 R09: 0000000000000000
[ 1117.057565][T17388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1117.057576][T17388] R13: 00007f1c5b3d6038 R14: 00007f1c5b3d5fa0 R15: 00007fffbfbee738
[ 1117.057610][T17388]  </TASK>
[ 1117.061653][   T30] audit: type=1326 audit(1758358195.081:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1c5b18d590 code=0x7ffc0000
[ 1117.551239][   T30] audit: type=1326 audit(1758358195.081:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17379 comm="syz.2.2988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f1c5b190457 code=0x7ffc0000
[ 1117.660759][T12639] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.830927][T12639] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.962339][T17383] wg2 speed is unknown, defaulting to 1000
[ 1117.998826][T12639] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1118.522789][T17401] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1118.574000][T17401] hfs: can't find a HFS filesystem on dev loop6
[ 1118.581114][T12639] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1119.716892][T17069] Bluetooth: hci1: command tx timeout
[ 1120.834361][T17383] lo speed is unknown, defaulting to 1000
[ 1121.222288][T17419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2997'.
[ 1121.311197][T17420] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2997'.
[ 1121.792725][T17069] Bluetooth: hci1: command tx timeout
[ 1122.928505][T17437] netlink: 'syz.3.3002': attribute type 10 has an invalid length.
[ 1123.204654][T12639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1123.249584][T12639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1123.279607][T12639] bond0 (unregistering): Released all slaves
[ 1123.494049][T17383] lo speed is unknown, defaulting to 1000
[ 1123.600286][T17437] team0: Port device netdevsim0 added
[ 1123.838367][T12639] tipc: Left network mode
[ 1123.846310][T17069] Bluetooth: hci1: command tx timeout
[ 1123.852678][T17449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1123.875778][T17449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1123.893292][T17450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1123.920519][T17450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1123.955882][T17448] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3005'.
[ 1124.071901][T17457] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3007'.
[ 1124.087825][T17457] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3007'.
[ 1124.162768][T17383] chnl_net:caif_netlink_parms(): no params data found
[ 1124.322914][T17463] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3009'.
[ 1124.504768][ T5981] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1125.296136][ T5981] usb 4-1: Using ep0 maxpacket: 16
[ 1125.306694][ T5981] usb 4-1: config 1 has an invalid descriptor of length 165, skipping remainder of the config
[ 1125.335842][ T5981] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1125.656112][ T5981] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1125.702436][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1125.713333][ T5981] usb 4-1: Product: syz
[ 1125.946172][T17069] Bluetooth: hci1: command tx timeout
[ 1125.999047][ T5981] usb 4-1: Manufacturer: syz
[ 1126.036426][ T5981] usb 4-1: SerialNumber: syz
[ 1126.224699][T17480] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3012'.
[ 1126.262434][T12639] hsr_slave_0: left promiscuous mode
[ 1126.317689][T12639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1126.345550][T17478] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3012'.
[ 1126.364564][T12639] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1126.412204][T12639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1126.525588][ T5981] usb 4-1: 0:2 : does not exist
[ 1126.533904][T12639] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1126.692107][ T5981] usb 4-1: USB disconnect, device number 70
[ 1127.539522][T16016] udevd[16016]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1127.543095][T12639] veth1_macvtap: left promiscuous mode
[ 1127.642511][T12639] veth0_macvtap: left promiscuous mode
[ 1127.721462][T17504] overlayfs: failed to resolve './file1/file0': -2
[ 1129.661316][T12639] team0 (unregistering): Port device team_slave_1 removed
[ 1129.686581][ T5875] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1129.705606][T12639] team0 (unregistering): Port device team_slave_0 removed
[ 1129.836442][ T5875] usb 6-1: device descriptor read/64, error -71
[ 1130.076210][ T5875] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1130.128994][T17383] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1130.136495][T17383] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1130.143712][T17383] bridge_slave_0: entered allmulticast mode
[ 1130.151727][T17383] bridge_slave_0: entered promiscuous mode
[ 1130.164266][T17383] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1130.181630][T17383] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1130.199158][T17383] bridge_slave_1: entered allmulticast mode
[ 1130.206762][ T5875] usb 6-1: device descriptor read/64, error -71
[ 1130.221350][T17383] bridge_slave_1: entered promiscuous mode
[ 1130.229054][ T5981] lo speed is unknown, defaulting to 1000
[ 1130.258163][ T5981] infiniband syz0: ib_query_port failed (-19)
[ 1130.355404][ T5875] usb usb6-port1: attempt power cycle
[ 1130.498780][T17498] wg2 speed is unknown, defaulting to 1000
[ 1130.536493][T17383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1130.570925][T17383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1130.716119][ T5875] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1130.767020][ T5875] usb 6-1: device descriptor read/8, error -71
[ 1130.849481][T17383] team0: Port device team_slave_0 added
[ 1130.888181][T17383] team0: Port device team_slave_1 added
[ 1130.935716][T12639] IPVS: stop unused estimator thread 0...
[ 1130.967823][T17383] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1131.008369][T17383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1131.067686][ T5875] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1131.089703][T17383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1131.103613][T17383] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1131.111043][T17383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1131.137823][ T5875] usb 6-1: device descriptor read/8, error -71
[ 1131.145073][T17383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1131.161057][T17498] lo speed is unknown, defaulting to 1000
[ 1131.246640][ T5875] usb usb6-port1: unable to enumerate USB device
[ 1131.430760][T17383] hsr_slave_0: entered promiscuous mode
[ 1131.449614][T17383] hsr_slave_1: entered promiscuous mode
[ 1132.176268][ T5981] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1132.382303][ T5981] usb 3-1: Using ep0 maxpacket: 32
[ 1132.406890][ T5981] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[ 1132.450423][ T5981] usb 3-1: config 0 has no interface number 0
[ 1132.724167][ T5981] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1132.764205][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.782241][ T5981] usb 3-1: Product: syz
[ 1132.786883][ T5981] usb 3-1: Manufacturer: syz
[ 1132.796914][ T5981] usb 3-1: SerialNumber: syz
[ 1132.856439][ T5981] usb 3-1: config 0 descriptor??
[ 1132.879167][ T5981] smsc95xx v2.0.0
[ 1132.970007][T17544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3028'.
[ 1133.020191][T17549] /dev/loop5: Can't open blockdev
[ 1133.031215][T17548] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1133.052438][T17548] EXT4-fs (loop5): unable to read superblock
[ 1133.065334][T17551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3028'.
[ 1133.082337][T17549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1133.087374][T17551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3028'.
[ 1133.108550][T17549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1133.156461][ T6005] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1133.253134][T17383] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1133.264453][T17383] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1133.275894][T17383] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1133.282960][ T7632] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1133.284314][ T5981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1133.302242][ T5981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1133.308116][T17383] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1133.316251][ T6005] usb 7-1: Using ep0 maxpacket: 8
[ 1133.326381][ T6005] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[ 1133.338098][ T6005] usb 7-1: config 0 has no interface number 0
[ 1133.344266][ T6005] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1133.356711][ T6005] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1133.369851][ T6005] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1133.381903][ T6005] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1133.396267][ T6005] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1133.408295][ T6005] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.431289][ T6005] usb 7-1: config 0 descriptor??
[ 1133.446583][ T7632] usb 6-1: Using ep0 maxpacket: 32
[ 1133.454235][ T6005] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1133.475449][ T7632] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1133.506080][ T7632] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1133.515892][ T7632] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1133.577635][ T7632] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.594524][ T7632] usb 6-1: config 0 descriptor??
[ 1133.624090][ T7632] hub 6-1:0.0: USB hub found
[ 1133.629481][T17383] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1133.696106][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1133.696124][   T30] audit: type=1326 audit(1758358212.551:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1133.697899][T17383] 8021q: adding VLAN 0 to HW filter on device team0
[ 1133.702393][   T30] audit: type=1326 audit(1758358212.551:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1133.821560][T12635] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1133.828796][T12635] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1133.857522][ T7632] hub 6-1:0.0: 1 port detected
[ 1133.944010][ T5875] usb 7-1: USB disconnect, device number 8
[ 1133.944019][    C1] ldusb 7-1:0.55: usb_submit_urb failed (-19)
[ 1133.995553][   T30] audit: type=1326 audit(1758358212.551:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.014481][ T5875] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[ 1134.075703][   T30] audit: type=1326 audit(1758358212.551:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.088725][T12635] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1134.105412][T12635] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1134.159458][   T30] audit: type=1326 audit(1758358212.551:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.189326][   T30] audit: type=1326 audit(1758358212.661:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.212842][   T30] audit: type=1326 audit(1758358212.661:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.243204][   T30] audit: type=1326 audit(1758358212.851:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.268520][ T7632] hub 6-1:0.0: activate --> -90
[ 1134.283795][   T30] audit: type=1326 audit(1758358212.961:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.310241][   T30] audit: type=1326 audit(1758358212.961:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17545 comm="syz.6.3029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1134.504474][ T5981] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1134.525538][T17563] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[ 1134.532483][T17563] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1134.551297][ T5981] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[ 1134.577190][T17563] vhci_hcd vhci_hcd.0: Device attached
[ 1134.581396][T17568] block nbd3: Attempted send on invalid socket
[ 1134.597457][ T5981] usb 3-1: USB disconnect, device number 52
[ 1134.623808][T17568] I/O error, dev nbd3, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[ 1134.676843][ T5946] usb 6-1: USB disconnect, device number 52
[ 1134.704436][T17568] gfs2: error -5 reading superblock
[ 1134.710032][T17566] vhci_hcd: connection closed
[ 1134.715910][T12635] vhci_hcd: stop threads
[ 1134.826194][ T5875] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[ 1134.895440][T12635] vhci_hcd: release socket
[ 1134.904730][T12635] vhci_hcd: disconnect device
[ 1135.539797][ T7632] usb 6-1-port1: config error
[ 1135.943598][T17383] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1136.016223][ T5946] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1136.085257][T17383] veth0_vlan: entered promiscuous mode
[ 1136.100063][T17383] veth1_vlan: entered promiscuous mode
[ 1136.152891][T17383] veth0_macvtap: entered promiscuous mode
[ 1136.166168][ T5946] usb 4-1: device descriptor read/64, error -71
[ 1136.203547][T17383] veth1_macvtap: entered promiscuous mode
[ 1136.241846][T17604] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3039'.
[ 1136.276467][T17599] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3039'.
[ 1136.303640][T17383] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1136.323891][T17383] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1136.347026][T12639] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1136.372340][T12639] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1136.383516][T12639] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1136.393821][T12639] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1136.416202][ T5946] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1136.605638][ T5946] usb 4-1: device descriptor read/64, error -71
[ 1136.799657][ T5946] usb usb4-port1: attempt power cycle
[ 1137.276789][ T5946] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1137.343003][ T5946] usb 4-1: device descriptor read/8, error -71
[ 1137.626465][ T5946] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1137.756848][T12635] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1137.764741][T12635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1137.776649][ T5946] usb 4-1: device descriptor read/8, error -71
[ 1137.821956][T12635] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1137.870518][T12635] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1137.889620][ T5946] usb usb4-port1: unable to enumerate USB device
[ 1139.082206][ T5946] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1139.366756][T17640] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3049'.
[ 1139.383157][T17640] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3049'.
[ 1139.920295][ T5946] usb 3-1: Using ep0 maxpacket: 32
[ 1139.931168][ T5946] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1139.946973][ T5946] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1139.976091][ T5946] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1139.985360][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.998599][ T5946] usb 3-1: config 0 descriptor??
[ 1140.006326][ T5875] vhci_hcd: vhci_device speed not set
[ 1140.020730][ T5946] hub 3-1:0.0: USB hub found
[ 1140.252460][ T5946] hub 3-1:0.0: 3 ports detected
[ 1141.657638][ T5946] hub 3-1:0.0: hub_hub_status failed (err = -32)
[ 1141.664432][ T5946] hub 3-1:0.0: config failed, can't get hub status (err -32)
[ 1141.727495][ T5946] usbhid 3-1:0.0: can't add hid device: -32
[ 1141.734180][ T5946] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[ 1141.979499][T17664] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1141.981978][ T5946] usb 3-1: USB disconnect, device number 53
[ 1142.018899][T17664] SQUASHFS error: Failed to read block 0x0: -5
[ 1142.037221][T17664] unable to read squashfs_super_block
[ 1142.427222][T17673] IPVS: Error connecting to the multicast addr
[ 1142.477472][T17673] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1142.893986][T13815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1142.906894][T13815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1142.916300][T13815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1142.924992][T13815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1142.933439][T13815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1143.851704][T17673] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1143.875502][T17673] 8021q: adding VLAN 0 to HW filter on device team0
[ 1144.086748][T17673] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1144.389699][T17692] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3063'.
[ 1144.399111][T17692] netlink: 312 bytes leftover after parsing attributes in process `syz.6.3063'.
[ 1144.408385][T17692] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3063'.
[ 1144.474390][T17676] wg2 speed is unknown, defaulting to 1000
[ 1144.930424][T17699] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3064'.
[ 1145.022691][T17700] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3064'.
[ 1145.034074][T17069] Bluetooth: hci0: command tx timeout
[ 1145.621988][T12639] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1145.677809][T12639] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1145.742020][ T5875] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1146.163884][T15989] wg2 speed is unknown, defaulting to 1000
[ 1146.176089][T17676] lo speed is unknown, defaulting to 1000
[ 1146.181980][T15989] syz2: Port: 1 Link DOWN
[ 1146.200806][ T5981] wg2 speed is unknown, defaulting to 1000
[ 1146.232593][ T5875] usb 3-1: Using ep0 maxpacket: 8
[ 1146.253242][ T5875] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1146.273066][ T5875] usb 3-1: config 0 has no interface number 0
[ 1146.286558][ T5875] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1146.321392][ T5875] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1146.354925][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1146.386415][T12639] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1146.408838][ T5875] usb 3-1: config 0 descriptor??
[ 1146.425598][T12639] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1146.497267][ T5875] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1146.626846][T17698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1146.644373][T12639] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1146.655539][T17698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1146.658105][T12639] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1146.753815][T17698] batman_adv: batadv0: Adding interface: dummy0
[ 1146.761883][T17698] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1146.790074][T17698] batman_adv: batadv0: Interface activated: dummy0
[ 1146.981303][ T5981] usb 3-1: USB disconnect, device number 54
[ 1147.045604][T12639] team0: Port device netdevsim0 removed
[ 1147.051995][T17069] Bluetooth: hci0: command tx timeout
[ 1147.067510][T12639] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1147.078249][ T5875] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1147.096240][T12639] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.996793][T17676] chnl_net:caif_netlink_parms(): no params data found
[ 1149.169343][T17069] Bluetooth: hci0: command tx timeout
[ 1150.313388][T17751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3076'.
[ 1150.338416][T17751] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3076'.
[ 1151.351254][T17069] Bluetooth: hci0: command tx timeout
[ 1152.072405][T12639] bridge_slave_1: left allmulticast mode
[ 1152.073916][T17761] netlink: 'syz.6.3077': attribute type 10 has an invalid length.
[ 1152.079517][T12639] bridge_slave_1: left promiscuous mode
[ 1152.270294][T12639] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1152.382285][T17767] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3077'.
[ 1152.463523][T12639] bridge_slave_0: left allmulticast mode
[ 1152.487772][T12639] bridge_slave_0: left promiscuous mode
[ 1152.618752][T12639] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1152.716225][ T5875] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1153.110138][ T5875] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1153.119438][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1153.127675][ T5875] usb 7-1: Product: syz
[ 1153.133287][ T5875] usb 7-1: Manufacturer: syz
[ 1153.146041][ T5875] usb 7-1: SerialNumber: syz
[ 1153.336854][T17779] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1153.346526][T17779] FAT-fs (loop1): unable to read boot sector
[ 1153.754461][T17781] jfs: Unknown parameter ''
[ 1154.146193][T12639] dvmrp5 (unregistering): left allmulticast mode
[ 1154.870234][T17800] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[ 1155.088698][T12639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1155.113947][T12639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1155.131156][T12639] bond0 (unregistering): (slave dummy0): Releasing backup interface
[ 1155.150179][T12639] bond0 (unregistering): Released all slaves
[ 1155.170997][T12639] bond1 (unregistering): Released all slaves
[ 1155.190326][T12639] bond2 (unregistering): Released all slaves
[ 1155.388025][T12639] bond3 (unregistering): Released all slaves
[ 1155.433198][T17761] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1156.149550][T17767] bond0: (slave bridge0): Releasing backup interface
[ 1156.223589][T17676] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.231712][T17676] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1156.239137][T17676] bridge_slave_0: entered allmulticast mode
[ 1156.258339][T17676] bridge_slave_0: entered promiscuous mode
[ 1156.302331][ T5875] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[ 1156.333446][ T5875] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[ 1156.352283][ T5875] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1156.385385][ T5875] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1156.395435][T17813] netlink: 'syz.6.3088': attribute type 10 has an invalid length.
[ 1156.408336][ T5875] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1156.423740][T12639] tipc: Disabling bearer <eth:vlan0>
[ 1156.581803][T12639] tipc: Left network mode
[ 1156.592879][ T5875] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71
[ 1156.595134][T17676] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1157.017707][T17676] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1157.026623][T17676] bridge_slave_1: entered allmulticast mode
[ 1157.048267][T17676] bridge_slave_1: entered promiscuous mode
[ 1157.454901][ T5875] usb 7-1: USB disconnect, device number 9
[ 1157.562211][T12639] IPVS: stopping backup sync thread 15541 ...
[ 1157.685040][T17834] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1157.719765][T17834] hfsplus: unable to find HFS+ superblock
[ 1157.899664][T15782] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1157.924701][T17676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1157.968510][T17676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1158.429369][T15782] usb 2-1: Using ep0 maxpacket: 16
[ 1158.513865][T15782] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1158.556324][T15782] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1158.617306][T15782] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1158.624067][T15782] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1158.666123][T15782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1158.715579][T15782] usb 2-1: config 0 descriptor??
[ 1158.732816][T17676] team0: Port device team_slave_0 added
[ 1158.807119][T17676] team0: Port device team_slave_1 added
[ 1158.863291][T17854] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[ 1159.148017][T17676] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1159.159761][T17676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1159.209295][T15782] cougar 0003:060B:500A.0017: unexpected long global item
[ 1159.217509][T15782] cougar 0003:060B:500A.0017: parse failed
[ 1159.224877][T15782] cougar 0003:060B:500A.0017: probe with driver cougar failed with error -22
[ 1159.243987][T17676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1159.298737][T17676] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1159.305699][T17676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1159.355374][T17864] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3100'.
[ 1159.364659][T17676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1159.734450][T17873] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3101'.
[ 1159.822535][T17874] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3101'.
[ 1160.278325][T17870] can: request_module (can-proto-3) failed.
[ 1160.804120][T12639] hsr_slave_0: left promiscuous mode
[ 1161.207426][T12639] hsr_slave_1: left promiscuous mode
[ 1161.224663][T15782] usb 2-1: USB disconnect, device number 62
[ 1161.426608][T12639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1161.486158][T12639] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1161.542242][T12639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1161.542262][T12639] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1161.743500][T12639] vlan0: left allmulticast mode
[ 1161.750852][T12639] veth0_vlan: left allmulticast mode
[ 1161.759031][T12639] vlan0: left promiscuous mode
[ 1161.781160][T12639] veth1_macvtap: left promiscuous mode
[ 1161.786994][T12639] veth0_macvtap: left promiscuous mode
[ 1161.795105][T12639] veth1_vlan: left promiscuous mode
[ 1161.802843][T12639] veth0_vlan: left promiscuous mode
[ 1162.640175][T12639] team0 (unregistering): Port device team_slave_1 removed
[ 1162.703826][T12639] team0 (unregistering): Port device team_slave_0 removed
[ 1164.035804][T17911] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3112'.
[ 1164.095531][T17912] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3112'.
[ 1164.244294][T12634] smc: removing ib device syz2
[ 1164.991920][T17676] hsr_slave_0: entered promiscuous mode
[ 1165.013831][T17676] hsr_slave_1: entered promiscuous mode
[ 1165.037191][T17676] debugfs: 'hsr0' already exists in 'hsr'
[ 1165.043155][T17676] Cannot create hsr debugfs directory
[ 1165.407323][T17926] netlink: 'syz.1.3115': attribute type 13 has an invalid length.
[ 1165.427475][T17927] netlink: 'syz.1.3115': attribute type 13 has an invalid length.
[ 1165.481780][T17924] program syz.2.3116 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1167.223573][T17941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3119'.
[ 1167.507453][T17926] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1167.515273][T17926] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1167.818629][T17926] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1167.849105][T17926] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1169.037128][T17956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3123'.
[ 1169.046313][T17956] netlink: 'syz.1.3123': attribute type 3 has an invalid length.
[ 1169.362204][T12626] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.379343][T12626] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.743783][T12626] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1169.767487][T12626] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1170.807980][T17967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3126'.
[ 1171.016130][T17967] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3126'.
[ 1171.913436][T12639] IPVS: stop unused estimator thread 0...
[ 1171.947608][T17971] FAULT_INJECTION: forcing a failure.
[ 1171.947608][T17971] name failslab, interval 1, probability 0, space 0, times 0
[ 1172.076979][T17971] CPU: 1 UID: 0 PID: 17971 Comm: syz.2.3128 Not tainted syzkaller #0 PREEMPT(full) 
[ 1172.077010][T17971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1172.077024][T17971] Call Trace:
[ 1172.077033][T17971]  <TASK>
[ 1172.077045][T17971]  dump_stack_lvl+0x189/0x250
[ 1172.077076][T17971]  ? __pfx____ratelimit+0x10/0x10
[ 1172.077101][T17971]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1172.077127][T17971]  ? __pfx__printk+0x10/0x10
[ 1172.077162][T17971]  ? __pfx___might_resched+0x10/0x10
[ 1172.077199][T17971]  should_fail_ex+0x414/0x560
[ 1172.077233][T17971]  should_failslab+0xa8/0x100
[ 1172.077258][T17971]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1172.077291][T17971]  ? percpu_ref_init+0xc5/0x360
[ 1172.077327][T17971]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[ 1172.077355][T17971]  percpu_ref_init+0xc5/0x360
[ 1172.077391][T17971]  io_ring_ctx_alloc+0x2b6/0xc10
[ 1172.077428][T17971]  io_uring_create+0x14a/0xba0
[ 1172.077465][T17971]  __se_sys_io_uring_setup+0x264/0x270
[ 1172.077493][T17971]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[ 1172.077538][T17971]  ? do_syscall_64+0xbe/0xfa0
[ 1172.077568][T17971]  do_syscall_64+0xfa/0xfa0
[ 1172.077592][T17971]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1172.077617][T17971]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1172.077639][T17971]  ? clear_bhb_loop+0x60/0xb0
[ 1172.077666][T17971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1172.077686][T17971] RIP: 0033:0x7f1c5b18ec29
[ 1172.077706][T17971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1172.077725][T17971] RSP: 002b:00007f1c5bffcfc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 1172.077748][T17971] RAX: ffffffffffffffda RBX: 00007f1c5b3d5fa0 RCX: 00007f1c5b18ec29
[ 1172.077765][T17971] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000007688
[ 1172.077780][T17971] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000000000000000
[ 1172.077794][T17971] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[ 1172.077807][T17971] R13: 0000000000000000 R14: 0000000000007688 R15: 0000000000000000
[ 1172.077841][T17971]  </TASK>
[ 1172.616075][   T24] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1172.764494][T17989] lo speed is unknown, defaulting to 1000
[ 1172.776197][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1172.791602][T17992] FAULT_INJECTION: forcing a failure.
[ 1172.791602][T17992] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1172.808257][T17992] CPU: 0 UID: 0 PID: 17992 Comm: syz.6.3135 Not tainted syzkaller #0 PREEMPT(full) 
[ 1172.808286][T17992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1172.808300][T17992] Call Trace:
[ 1172.808309][T17992]  <TASK>
[ 1172.808318][T17992]  dump_stack_lvl+0x189/0x250
[ 1172.808348][T17992]  ? __pfx____ratelimit+0x10/0x10
[ 1172.808372][T17992]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1172.808398][T17992]  ? __pfx__printk+0x10/0x10
[ 1172.808428][T17992]  ? __might_fault+0xb0/0x130
[ 1172.808479][T17992]  should_fail_ex+0x414/0x560
[ 1172.808512][T17992]  _copy_from_iter+0x1de/0x1790
[ 1172.808551][T17992]  ? rcu_is_watching+0x15/0xb0
[ 1172.808617][T17992]  ? kmalloc_reserve+0xbd/0x290
[ 1172.808640][T17992]  ? __pfx__copy_from_iter+0x10/0x10
[ 1172.808674][T17992]  ? __build_skb_around+0x262/0x3f0
[ 1172.808701][T17992]  ? netlink_sendmsg+0x642/0xb30
[ 1172.808723][T17992]  ? skb_put+0x11b/0x210
[ 1172.808750][T17992]  netlink_sendmsg+0x6b2/0xb30
[ 1172.808784][T17992]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1172.808819][T17992]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1172.808850][T17992]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1172.808872][T17992]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1172.808897][T17992]  __sock_sendmsg+0x21c/0x270
[ 1172.808932][T17992]  ____sys_sendmsg+0x505/0x830
[ 1172.808963][T17992]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1172.808999][T17992]  ? import_iovec+0x74/0xa0
[ 1172.809026][T17992]  ___sys_sendmsg+0x21f/0x2a0
[ 1172.809055][T17992]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1172.809117][T17992]  ? __fget_files+0x2a/0x420
[ 1172.809139][T17992]  ? __fget_files+0x3a0/0x420
[ 1172.809171][T17992]  __x64_sys_sendmsg+0x19b/0x260
[ 1172.809199][T17992]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1172.809236][T17992]  ? __pfx_ksys_write+0x10/0x10
[ 1172.809272][T17992]  ? do_syscall_64+0xbe/0xfa0
[ 1172.809302][T17992]  do_syscall_64+0xfa/0xfa0
[ 1172.809326][T17992]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1172.809350][T17992]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1172.809370][T17992]  ? clear_bhb_loop+0x60/0xb0
[ 1172.809395][T17992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1172.809415][T17992] RIP: 0033:0x7f62a6d8ec29
[ 1172.809434][T17992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1172.809452][T17992] RSP: 002b:00007f62a7c6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1172.809476][T17992] RAX: ffffffffffffffda RBX: 00007f62a6fd5fa0 RCX: 00007f62a6d8ec29
[ 1172.809492][T17992] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[ 1172.809506][T17992] RBP: 00007f62a7c6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1172.809519][T17992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1172.809532][T17992] R13: 00007f62a6fd6038 R14: 00007f62a6fd5fa0 R15: 00007ffc5fae4a48
[ 1172.809574][T17992]  </TASK>
[ 1172.825376][   T24] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1173.204150][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1173.231391][   T24] usb 2-1: config 0 has no interfaces?
[ 1173.238190][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[ 1173.266087][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.287400][   T24] usb 2-1: config 0 descriptor??
[ 1174.413798][T17676] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1174.435396][T18004] 9pnet_fd: Insufficient options for proto=fd
[ 1174.466813][T17676] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1174.530884][T17676] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1174.587029][T17676] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1174.723558][T17995] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3136'.
[ 1174.856923][T18009] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3136'.
[ 1175.406182][T15782] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1175.419072][ T5875] usb 2-1: USB disconnect, device number 63
[ 1175.433356][T17676] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1175.475696][T17676] 8021q: adding VLAN 0 to HW filter on device team0
[ 1175.486960][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1175.509717][T12635] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1175.516995][T12635] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1175.561507][T12635] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1175.568804][T12635] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1175.586180][T15782] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1175.606252][T15782] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1175.626118][T15782] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1175.649501][T15782] usb 6-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00
[ 1175.666116][   T24] usb 3-1: Using ep0 maxpacket: 32
[ 1175.674606][   T24] usb 3-1: config 4 has an invalid interface number: 108 but max is 2
[ 1175.686163][T15782] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.694304][   T24] usb 3-1: config 4 has an invalid interface number: 124 but max is 2
[ 1175.714531][   T24] usb 3-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[ 1175.725128][T15782] usb 6-1: config 0 descriptor??
[ 1175.746442][   T24] usb 3-1: config 4 has an invalid interface number: 76 but max is 2
[ 1175.759294][T15782] usbhid 6-1:0.0: can't add hid device: -22
[ 1175.765348][T15782] usbhid 6-1:0.0: probe with driver usbhid failed with error -22
[ 1175.787485][   T24] usb 3-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[ 1175.816143][   T24] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.836644][   T24] usb 3-1: config 4 has no interface number 0
[ 1175.847191][   T24] usb 3-1: config 4 has no interface number 1
[ 1175.863774][   T24] usb 3-1: config 4 has no interface number 2
[ 1175.870337][   T24] usb 3-1: config 4 interface 108 altsetting 10 endpoint 0xD has invalid maxpacket 1023, setting to 64
[ 1175.894942][   T24] usb 3-1: config 4 interface 108 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1175.916447][   T24] usb 3-1: too many endpoints for config 4 interface 124 altsetting 41: 210, using maximum allowed: 30
[ 1175.936711][   T24] usb 3-1: config 4 interface 124 altsetting 41 has a duplicate endpoint with address 0xD, skipping
[ 1175.965680][T15782] usb 6-1: USB disconnect, device number 53
[ 1175.996962][   T24] usb 3-1: config 4 interface 124 altsetting 41 has 4 endpoint descriptors, different from the interface descriptor's value: 210
[ 1176.022637][   T24] usb 3-1: config 4 interface 76 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1176.049893][   T24] usb 3-1: config 4 interface 108 has no altsetting 0
[ 1176.061972][   T24] usb 3-1: config 4 interface 124 has no altsetting 0
[ 1176.104442][   T24] usb 3-1: config 4 interface 76 has no altsetting 0
[ 1176.119664][   T24] usb 3-1: New USB device found, idVendor=1901, idProduct=0197, bcdDevice=73.22
[ 1176.133254][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1176.142232][   T24] usb 3-1: Product: 髠㾳ǧ撆쫭ꬪ⧋⾚餃Ὤႚ姞㯚荤ᕕקּ鐖色蘽튺䛌ܲ淯疐鍠쭕鶱朖﬍露ᑙྖ킞礰ᨺ箺䊂倄栳▶鉶᧧륷揂凗綜䑼뙼煺怳䟑쇈
[ 1176.165822][   T24] usb 3-1: Manufacturer: Ⰱ
[ 1176.171176][   T24] usb 3-1: SerialNumber: ࠉ
[ 1176.228502][T17676] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1176.337312][T17676] veth0_vlan: entered promiscuous mode
[ 1176.364149][T17676] veth1_vlan: entered promiscuous mode
[ 1176.483768][   T24] cp210x 3-1:4.108: cp210x converter detected
[ 1176.562227][   T24] cp210x 3-1:4.108: failed to get vendor val 0x370b size 1: -71
[ 1176.614302][   T24] cp210x 3-1:4.108: querying part number failed
[ 1176.749352][   T24] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1176.885185][   T24] cp210x 3-1:4.124: cp210x converter detected
[ 1176.925751][   T24] cp210x 3-1:4.124: failed to get vendor val 0x370b size 1: -71
[ 1176.943440][T17676] veth0_macvtap: entered promiscuous mode
[ 1176.952654][   T24] cp210x 3-1:4.124: querying part number failed
[ 1177.067041][T17676] veth1_macvtap: entered promiscuous mode
[ 1177.077735][   T24] usb 3-1: cp210x converter now attached to ttyUSB1
[ 1177.205841][   T24] cp210x 3-1:4.76: cp210x converter detected
[ 1177.215701][T17676] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1177.238260][   T24] cp210x 3-1:4.76: failed to get vendor val 0x370b size 1: -71
[ 1177.272896][   T24] cp210x 3-1:4.76: querying part number failed
[ 1177.280800][T17676] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1177.296762][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.319276][T18036] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3145'.
[ 1177.334478][   T24] usb 3-1: cp210x converter now attached to ttyUSB2
[ 1177.374321][   T24] usb 3-1: USB disconnect, device number 55
[ 1177.386155][T12639] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1177.405254][T12639] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1177.443775][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1177.484562][T18039] FAULT_INJECTION: forcing a failure.
[ 1177.484562][T18039] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.490116][   T24] cp210x 3-1:4.108: device disconnected
[ 1177.515961][T18039] CPU: 0 UID: 0 PID: 18039 Comm: syz.1.3147 Not tainted syzkaller #0 PREEMPT(full) 
[ 1177.515992][T18039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1177.516003][T18039] Call Trace:
[ 1177.516011][T18039]  <TASK>
[ 1177.516019][T18039]  dump_stack_lvl+0x189/0x250
[ 1177.516045][T18039]  ? __pfx____ratelimit+0x10/0x10
[ 1177.516064][T18039]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1177.516083][T18039]  ? __pfx__printk+0x10/0x10
[ 1177.516110][T18039]  ? __pfx___might_resched+0x10/0x10
[ 1177.516133][T18039]  ? fs_reclaim_acquire+0x7d/0x100
[ 1177.516154][T18039]  should_fail_ex+0x414/0x560
[ 1177.516193][T18039]  should_failslab+0xa8/0x100
[ 1177.516213][T18039]  __kmalloc_noprof+0xcb/0x7f0
[ 1177.516236][T18039]  ? security_task_alloc+0x4d/0x360
[ 1177.516255][T18039]  ? perf_event_init_task+0x12d/0x4b0
[ 1177.516280][T18039]  security_task_alloc+0x4d/0x360
[ 1177.516302][T18039]  copy_process+0x1530/0x3c00
[ 1177.516345][T18039]  ? copy_process+0x97f/0x3c00
[ 1177.516381][T18039]  ? __pfx_copy_process+0x10/0x10
[ 1177.516421][T18039]  vhost_task_create+0x1ce/0x320
[ 1177.516443][T18039]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1177.516463][T18039]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1177.516483][T18039]  ? __pfx_vhost_task_create+0x10/0x10
[ 1177.516509][T18039]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1177.516545][T18039]  kvm_mmu_post_init_vm+0x14c/0x300
[ 1177.516572][T18039]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1177.516605][T18039]  ? __mutex_trylock_common+0x153/0x260
[ 1177.516629][T18039]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1177.516649][T18039]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1177.516677][T18039]  ? rcu_is_watching+0x15/0xb0
[ 1177.516708][T18039]  ? trace_contention_end+0x39/0x120
[ 1177.516728][T18039]  ? look_up_lock_class+0x74/0x170
[ 1177.516755][T18039]  ? register_lock_class+0x51/0x320
[ 1177.516789][T18039]  ? __lock_acquire+0xab9/0xd20
[ 1177.516848][T18039]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1177.516881][T18039]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1177.516931][T18039]  ? __fget_files+0x2a/0x420
[ 1177.516956][T18039]  ? __fget_files+0x3a0/0x420
[ 1177.516976][T18039]  ? __fget_files+0x2a/0x420
[ 1177.517000][T18039]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1177.517025][T18039]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1177.517051][T18039]  __se_sys_ioctl+0xfc/0x170
[ 1177.517082][T18039]  do_syscall_64+0xfa/0xfa0
[ 1177.517105][T18039]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1177.517128][T18039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.517149][T18039]  ? clear_bhb_loop+0x60/0xb0
[ 1177.517186][T18039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.517206][T18039] RIP: 0033:0x7f8b1c98ec29
[ 1177.517226][T18039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1177.517242][T18039] RSP: 002b:00007f8b1d7d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1177.517263][T18039] RAX: ffffffffffffffda RBX: 00007f8b1cbd5fa0 RCX: 00007f8b1c98ec29
[ 1177.517279][T18039] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1177.517292][T18039] RBP: 00007f8b1d7d3090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.517306][T18039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1177.517318][T18039] R13: 00007f8b1cbd6038 R14: 00007f8b1cbd5fa0 R15: 00007ffe0e8e7138
[ 1177.517354][T18039]  </TASK>
[ 1177.839711][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1177.848843][T12639] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1177.865304][T12635] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1177.930166][   T24] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[ 1177.969342][   T24] cp210x 3-1:4.124: device disconnected
[ 1177.989880][   T24] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[ 1178.012431][   T24] cp210x 3-1:4.76: device disconnected
[ 1178.413087][T12639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1178.476271][T12639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1178.509430][T12635] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1178.518521][T12635] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1178.549699][T18053] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1178.559029][T18053] hfs: can't find a HFS filesystem on dev loop5
[ 1180.179777][T18063] ext4: Unknown parameter 'context'
[ 1180.261745][T18066] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3050'.
[ 1180.653741][T18073] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[ 1182.080963][T18090] input: syz0 as /devices/virtual/input/input32
[ 1182.807180][T13815] Bluetooth: hci4: command 0x1003 tx timeout
[ 1182.807541][T17069] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1184.167323][    T9] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1184.178375][T17069] Bluetooth: hci5: command 0x0405 tx timeout
[ 1184.199482][    T9] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1186.115405][T18117] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3170'.
[ 1187.686179][ T6005] IPVS: starting estimator thread 0...
[ 1187.786728][T18133] IPVS: using max 37 ests per chain, 88800 per kthread
[ 1188.247941][T17069] Bluetooth: hci2: command 0x0406 tx timeout
[ 1188.706944][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1188.713066][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1189.155050][   T30] audit: type=1326 audit(1758358268.011:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18148 comm="syz.3.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899e58ec29 code=0x7ffc0000
[ 1189.830066][   T30] audit: type=1326 audit(1758358268.011:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18148 comm="syz.3.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899e58ec29 code=0x7ffc0000
[ 1189.887888][   T30] audit: type=1326 audit(1758358268.011:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18148 comm="syz.3.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f899e58ec29 code=0x7ffc0000
[ 1190.025694][   T30] audit: type=1326 audit(1758358268.681:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18148 comm="syz.3.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899e58ec29 code=0x7ffc0000
[ 1190.029489][T18159] netlink: 'syz.6.3184': attribute type 1 has an invalid length.
[ 1190.076674][T18159] netlink: 'syz.6.3184': attribute type 2 has an invalid length.
[ 1190.138261][   T30] audit: type=1326 audit(1758358268.681:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18148 comm="syz.3.3181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f899e58ec29 code=0x7ffc0000
[ 1191.207564][T17069] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1191.402115][    T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1191.408349][    T9] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1191.647547][T18188] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3196'.
[ 1192.800145][T18198] sp0: Synchronizing with TNC
[ 1193.696983][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1193.787887][T17069] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1194.065651][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 1196.528498][    T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1196.534749][    T9] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 1196.556606][T17069] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1197.023808][T12618] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1197.782239][T18252] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1197.794106][T18252] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1197.802150][T18252] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1197.810120][T18252] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1197.817806][T18252] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1197.884292][T13815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1197.897113][T13815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1197.907283][T13815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1197.915498][T13815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1197.923316][T13815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1198.100256][T18250] lo speed is unknown, defaulting to 1000
[ 1198.823285][T18278] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_team, syncid = 0, id = 0
[ 1198.924473][T18250] chnl_net:caif_netlink_parms(): no params data found
[ 1198.941881][T12639] bridge_slave_1: left allmulticast mode
[ 1198.947833][T12639] bridge_slave_1: left promiscuous mode
[ 1198.954236][T12639] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1198.967988][T12639] bridge_slave_0: left allmulticast mode
[ 1199.111770][T17069] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1199.123469][T12639] bridge_slave_0: left promiscuous mode
[ 1199.131671][T12639] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1200.008497][T13815] Bluetooth: hci1: command tx timeout
[ 1202.084952][T18297] trusted_key: encrypted_key: key user:syz not found
[ 1202.088352][T13815] Bluetooth: hci1: command tx timeout
[ 1204.226172][T13815] Bluetooth: hci1: command tx timeout
[ 1205.009299][T12639] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1205.029817][T12639] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1205.057652][T12639] bond0 (unregistering): Released all slaves
[ 1205.718392][T18340] overlayfs: missing 'lowerdir'
[ 1206.246244][T13815] Bluetooth: hci1: command tx timeout
[ 1207.327069][T18250] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1207.334361][T18250] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.417367][T18250] bridge_slave_0: entered allmulticast mode
[ 1207.463970][T18250] bridge_slave_0: entered promiscuous mode
[ 1207.497212][T18250] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1207.504425][T18250] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.538683][T18250] bridge_slave_1: entered allmulticast mode
[ 1207.548922][T18250] bridge_slave_1: entered promiscuous mode
[ 1207.619895][T18359] netlink: 'syz.5.3248': attribute type 1 has an invalid length.
[ 1207.627808][T18359] netlink: 'syz.5.3248': attribute type 2 has an invalid length.
[ 1210.161442][T18250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1210.312571][T18250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1210.373030][T12639] hsr_slave_0: left promiscuous mode
[ 1210.392724][T12639] hsr_slave_1: left promiscuous mode
[ 1210.403637][T12639] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1210.424053][T12639] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1211.622493][T12639] team0 (unregistering): Port device team_slave_1 removed
[ 1211.784795][T12639] team0 (unregistering): Port device team_slave_0 removed
[ 1212.224616][T18414] UBIFS error (pid: 18414): cannot open "c:::", error -22
[ 1212.228507][T18414] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3261'.
[ 1214.424760][T18250] team0: Port device team_slave_0 added
[ 1214.609193][T18250] team0: Port device team_slave_1 added
[ 1214.710654][T18429] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3264'.
[ 1214.720122][T18429] netlink: 'syz.3.3264': attribute type 1 has an invalid length.
[ 1214.727956][T18429] netlink: 'syz.3.3264': attribute type 2 has an invalid length.
[ 1214.735687][T18429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3264'.
[ 1214.987941][T18250] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1214.995024][T18250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1215.033225][T18250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1215.057545][T18250] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1215.101576][T18250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1215.271509][T18250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1216.163011][T18250] hsr_slave_0: entered promiscuous mode
[ 1216.227773][T18250] hsr_slave_1: entered promiscuous mode
[ 1217.602279][T18462] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3276'.
[ 1219.285020][T18250] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1219.307286][T18250] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1219.330781][T18250] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1219.384331][T18250] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1219.543207][T18492] exFAT-fs (nullb0): invalid boot record signature
[ 1219.555094][T18492] exFAT-fs (nullb0): failed to read boot sector
[ 1219.583602][T18492] exFAT-fs (nullb0): failed to recognize exfat type
[ 1219.974386][T18250] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1220.098747][T18250] 8021q: adding VLAN 0 to HW filter on device team0
[ 1220.142298][T12639] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1220.149496][T12639] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1220.271778][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1220.278988][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1220.779262][T18250] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1221.397908][T18522] batman_adv: batadv0: Interface deactivated: dummy0
[ 1221.404675][T18522] batman_adv: batadv0: Removing interface: dummy0
[ 1222.921988][T18522] bridge_slave_0: left allmulticast mode
[ 1222.927916][T18522] bridge_slave_0: left promiscuous mode
[ 1222.934191][T18522] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1223.657513][T18522] bridge_slave_1: left allmulticast mode
[ 1223.663190][T18522] bridge_slave_1: left promiscuous mode
[ 1223.698967][T18522] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1223.785446][T18522] bond0: (slave bond_slave_0): Releasing backup interface
[ 1223.836818][T18522] bond0: (slave bond_slave_1): Releasing backup interface
[ 1223.892527][T18522] team0: Port device team_slave_0 removed
[ 1223.921717][T18522] team0: Port device team_slave_1 removed
[ 1223.928358][T18522] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1224.154473][    T9] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1224.162567][T18522] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1224.172370][T18522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1224.183843][T18522] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1224.193367][T18522] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1224.248243][T18250] veth0_vlan: entered promiscuous mode
[ 1224.275611][T18250] veth1_vlan: entered promiscuous mode
[ 1224.321476][    T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1224.341378][    T9] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1224.351702][T18250] veth0_macvtap: entered promiscuous mode
[ 1224.351959][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1224.388848][T18250] veth1_macvtap: entered promiscuous mode
[ 1224.410374][    T9] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1224.418864][T18250] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1224.434947][T18250] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1224.594840][T12639] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.615149][T18539] netlink: 'syz.2.3293': attribute type 11 has an invalid length.
[ 1224.626203][T18539] netlink: 448 bytes leftover after parsing attributes in process `syz.2.3293'.
[ 1224.653125][T12639] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.688403][T12639] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1224.707784][T12639] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1225.618702][    T9] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[ 1225.637472][    T9] stv0680 4-1:4.0: STV(e): camera ping failed!!
[ 1225.654661][    T9] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[ 1225.678617][    T9] stv0680 4-1:4.0: last error: 0,  command = 0x0
[ 1225.702130][    T9] usb 4-1: USB disconnect, device number 75
[ 1225.711713][T12639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1225.800327][T12639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1225.890233][T12640] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1225.898561][T12640] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1226.116550][ T5875] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1226.581972][ T5875] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1226.615509][ T5875] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1226.690213][ T5875] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1226.704451][ T5875] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1226.722380][ T5875] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1226.854204][ T5875] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1226.969174][ T5875] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -12
[ 1227.099496][T16252] udevd[16252]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1228.514681][T18593] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3308'.
[ 1228.662548][T18593] netlink: 152 bytes leftover after parsing attributes in process `syz.7.3308'.
[ 1228.843070][ T5981] usb 7-1: USB disconnect, device number 10
[ 1229.479290][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1229.493184][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1229.508097][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1229.518939][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1229.539393][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1229.551828][T18609] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1234.290498][ T5981] IPVS: starting estimator thread 0...
[ 1234.321420][T18649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3326'.
[ 1234.386066][T18650] IPVS: using max 29 ests per chain, 69600 per kthread
[ 1237.070810][T18683] overlayfs: missing 'lowerdir'
[ 1237.353259][   T24] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1237.936050][   T24] usb 4-1: Using ep0 maxpacket: 16
[ 1237.945167][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1237.972624][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1238.114671][   T24] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[ 1238.124289][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1238.157308][   T24] usb 4-1: config 0 descriptor??
[ 1238.751418][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.826568][   T24] corsair 0003:1B1C:1B02.0018: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.3-1/input0
[ 1239.006920][   T24] corsair 0003:1B1C:1B02.0018: Failed to get K90 initial state (error -32).
[ 1240.599222][T18674] Process accounting resumed
[ 1240.606494][T15782] usb 4-1: USB disconnect, device number 76
[ 1241.250962][T18725] tipc: Started in network mode
[ 1241.269347][T18725] tipc: Node identity 8eb24954180a, cluster identity 4711
[ 1241.311080][T18725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1241.510193][T18726] syzkaller0: entered promiscuous mode
[ 1241.798248][T18726] syzkaller0: entered allmulticast mode
[ 1241.884608][T18726] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[ 1241.933266][T18724] tipc: Resetting bearer <eth:syzkaller0>
[ 1242.031465][T18724] tipc: Disabling bearer <eth:syzkaller0>
[ 1242.128764][T18743] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(8)
[ 1242.135340][T18743] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1242.143518][T18743] vhci_hcd vhci_hcd.0: Device attached
[ 1242.264859][T18745] vhci_hcd: connection closed
[ 1242.338599][T12635] vhci_hcd: stop threads
[ 1242.456380][T12635] vhci_hcd: release socket
[ 1242.507419][T12635] vhci_hcd: disconnect device
[ 1242.526134][ T5981] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[ 1247.906163][ T5981] vhci_hcd: vhci_device speed not set
[ 1251.036114][    T9] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1251.213318][    T9] usb 4-1: Using ep0 maxpacket: 32
[ 1251.358933][    T9] usb 4-1: config 0 has an invalid interface number: 230 but max is 0
[ 1251.399966][    T9] usb 4-1: config 0 has no interface number 0
[ 1251.466107][    T9] usb 4-1: config 0 interface 230 has no altsetting 0
[ 1251.573565][    T9] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[ 1251.626045][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.670293][    T9] usb 4-1: Product: syz
[ 1251.693098][    T9] usb 4-1: Manufacturer: syz
[ 1251.707709][    T9] usb 4-1: SerialNumber: syz
[ 1251.727181][    T9] usb 4-1: config 0 descriptor??
[ 1251.792549][    T9] ums-usbat 4-1:0.230: USB Mass Storage device detected
[ 1251.869296][    T9] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1
[ 1253.006051][ T5981] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1253.387885][ T5981] usb 3-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de
[ 1253.551112][T18878] team0: Device vlan0 failed to change mtu
[ 1254.156590][   T24] lo speed is unknown, defaulting to 1000
[ 1254.217531][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1254.251423][ T5981] usb 3-1: Product: syz
[ 1254.285910][ T5981] usb 3-1: Manufacturer: syz
[ 1254.338735][ T5981] usb 3-1: SerialNumber: syz
[ 1254.396982][ T5981] usb 3-1: config 0 descriptor??
[ 1254.472443][ T5981] ttusb_dec_send_command: command bulk message failed: error -22
[ 1254.564789][ T5981] ttusb-dec 3-1:0.0: probe with driver ttusb-dec failed with error -22
[ 1254.731306][T18867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1254.740232][T18867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1256.485146][ T5981] usb 3-1: USB disconnect, device number 56
[ 1257.935654][T18906] uprobe: syz.5.3402:18906 failed to unregister, leaking uprobe
[ 1258.267180][    T9] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5
[ 1258.340079][T18916] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3404'.
[ 1259.110805][    T9] usb 4-1: USB disconnect, device number 77
[ 1259.887342][    T9] usb 4-1: new low-speed USB device number 78 using dummy_hcd
[ 1260.914436][    T9] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1260.954436][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1260.979282][    T9] usb 4-1: config 0 descriptor??
[ 1262.214931][    T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1264.146978][    T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1264.201280][    T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1264.234559][    T9] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1264.266384][    T9] usb 4-1: USB disconnect, device number 78
[ 1264.468119][T15782] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1264.883480][T15782] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1264.913307][T15782] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1264.923006][T15782] usb 3-1: Product: syz
[ 1264.927658][T15782] usb 3-1: Manufacturer: syz
[ 1264.944496][T15782] usb 3-1: SerialNumber: syz
[ 1264.992642][T15782] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1265.036991][   T43] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1266.527755][   T43] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[ 1266.549078][   T43] ath9k_htc: Failed to initialize the device
[ 1266.689210][T15782] usb 3-1: USB disconnect, device number 57
[ 1266.825320][T15782] usb 3-1: ath9k_htc: USB layer deinitialized
[ 1270.026083][ T5981] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1270.041602][T19031] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1270.051988][T19031] block device autoloading is deprecated and will be removed.
[ 1270.216697][ T5981] usb 4-1: Using ep0 maxpacket: 8
[ 1270.227437][ T5981] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1270.238389][ T5981] usb 4-1: config 179 has no interface number 0
[ 1270.246563][ T5981] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1270.259124][ T5981] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1270.271797][ T5981] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1270.284853][   T30] audit: type=1326 audit(1758358349.141:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19034 comm="syz.6.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1270.516338][ T6005] IPVS: starting estimator thread 0...
[ 1271.020903][   T30] audit: type=1326 audit(1758358349.141:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19034 comm="syz.6.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1271.043416][   T30] audit: type=1326 audit(1758358349.171:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19034 comm="syz.6.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1271.066560][ T5981] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1271.078599][ T5981] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1271.092504][ T5981] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1271.101957][ T5981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1271.126273][T19039] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1271.175875][T19024] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1271.196311][   T30] audit: type=1326 audit(1758358349.881:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19034 comm="syz.6.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1271.516176][   T30] audit: type=1326 audit(1758358349.881:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19034 comm="syz.6.3443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62a6d8ec29 code=0x7ffc0000
[ 1271.528797][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.022772][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.032208][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.043897][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.053060][T19043] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.212867][T19043] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3445'.
[ 1272.246200][ T5981] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input35
[ 1272.584391][ T5981] usb 4-1: USB disconnect, device number 79
[ 1272.584455][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1272.598735][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1273.079584][T19068] erspan0: left allmulticast mode
[ 1273.604028][T19068] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1273.820561][T19066] random: crng reseeded on system resumption
[ 1278.142394][T19119] IPVS: Unknown mcast interface: vcan0
[ 1281.703967][T19167] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3479'.
[ 1282.079130][T19170] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1282.145053][T19170] block device autoloading is deprecated and will be removed.
[ 1282.528354][T19159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1282.536012][T19159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1284.108271][T19184] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1284.317975][T19159] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1284.381377][T19159] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1284.940733][T19167] bridge_slave_1: left allmulticast mode
[ 1284.970037][T19167] bridge_slave_1: left promiscuous mode
[ 1284.979652][T19167] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1285.190431][T19167] bridge_slave_0: left allmulticast mode
[ 1285.196428][T19167] bridge_slave_0: left promiscuous mode
[ 1285.205038][T19167] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1285.282179][   T30] audit: type=1326 audit(1758358364.141:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19186 comm="syz.5.3489" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6523b8ec29 code=0x0
[ 1286.246407][T12639] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.287774][T12639] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.297302][T12639] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.316544][T12639] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.687549][T19202] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3494'.
[ 1290.801181][T19232] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3502'.
[ 1291.269173][    T9] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1291.426072][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1291.439747][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1291.463344][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1291.478198][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1291.487789][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1291.498618][    T9] usb 3-1: config 0 descriptor??
[ 1291.506323][    T9] hub 3-1:0.0: USB hub found
[ 1291.530845][T19253] netlink: 'syz.5.3510': attribute type 4 has an invalid length.
[ 1291.731925][    T9] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19)
[ 1292.149956][    T9] usbhid 3-1:0.0: can't add hid device: -71
[ 1292.190073][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1292.274397][    T9] usb 3-1: USB disconnect, device number 58
[ 1292.745597][T19268] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3514'.
[ 1294.728452][T17069] Bluetooth: hci1: command 0x0405 tx timeout
[ 1294.759073][T19278] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609)
[ 1294.769934][T19278] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[ 1295.146683][ T5981] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1295.273112][T19285] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609)
[ 1295.283752][T19285] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[ 1295.366523][ T5981] usb 3-1: Using ep0 maxpacket: 32
[ 1295.373747][ T5981] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1295.385612][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1295.450638][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1295.510686][ T5981] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1295.558145][ T5981] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1295.567771][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1295.575795][ T5981] usb 3-1: Product: syz
[ 1295.580755][ T5981] usb 3-1: Manufacturer: syz
[ 1295.585384][ T5981] usb 3-1: SerialNumber: syz
[ 1295.593781][ T5981] usb 3-1: config 0 descriptor??
[ 1295.621540][   T30] audit: type=1326 audit(1758358374.473:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19293 comm="syz.5.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6523b8ec29 code=0x7ffc0000
[ 1295.713303][   T30] audit: type=1326 audit(1758358374.513:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19293 comm="syz.5.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6523b8ec29 code=0x7ffc0000
[ 1295.769700][   T30] audit: type=1326 audit(1758358374.513:972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19293 comm="syz.5.3524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f6523b8ec29 code=0x7ffc0000
[ 1295.814835][   T43] usb 3-1: USB disconnect, device number 59
[ 1297.369728][T19308] lo speed is unknown, defaulting to 1000
[ 1298.545021][T19316] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3528'.
[ 1299.713216][T19326] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1299.803594][T19326] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1299.891131][T19326] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1299.983473][T19326] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1300.128712][ T1155] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1300.140901][ T1155] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1300.151124][ T1155] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1300.161917][ T1155] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1300.213484][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.726402][ T5981] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1300.900739][ T5981] usb 4-1: no configurations
[ 1300.905459][ T5981] usb 4-1: can't read configurations, error -22
[ 1301.196167][ T5981] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1301.377896][ T5981] usb 4-1: no configurations
[ 1301.384129][ T5981] usb 4-1: can't read configurations, error -22
[ 1301.392077][ T5981] usb usb4-port1: attempt power cycle
[ 1301.750177][ T5981] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1301.791003][ T5981] usb 4-1: no configurations
[ 1301.795655][ T5981] usb 4-1: can't read configurations, error -22
[ 1301.870388][T19350] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3542'.
[ 1301.948840][ T5981] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1302.008786][ T5981] usb 4-1: no configurations
[ 1302.016524][ T5981] usb 4-1: can't read configurations, error -22
[ 1302.033673][ T5981] usb usb4-port1: unable to enumerate USB device
[ 1302.057695][T19355] netlink: 256 bytes leftover after parsing attributes in process `syz.6.3545'.
[ 1302.556173][T19360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3543'.
[ 1302.666229][T19360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3543'.
[ 1303.708944][T19372] input: syz1 as /devices/virtual/input/input36
[ 1305.589527][T19391] IPVS: Error connecting to the multicast addr
[ 1305.728259][T19400] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3557'.
[ 1305.771066][T19400] geneve2: entered allmulticast mode
[ 1306.043869][T19404] can0: slcan on ttyS3.
[ 1306.128210][T19404] can0 (unregistered): slcan off ttyS3.
[ 1311.596208][T19461] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1311.849343][T19465] Invalid ELF header magic: != ELF
[ 1312.315217][T19464] netlink: 'syz.3.3579': attribute type 2 has an invalid length.
[ 1312.420418][T19464] netlink: 119 bytes leftover after parsing attributes in process `syz.3.3579'.
[ 1312.526017][ T5981] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1312.780303][ T5981] usb 7-1: device descriptor read/64, error -71
[ 1312.812656][T19464] ubi31: detaching mtd0
[ 1313.232454][T19464] ubi31: mtd0 is detached
[ 1313.482552][T19481] fuse: Unknown parameter ''
[ 1313.519757][ T5981] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1313.936139][ T5981] usb 7-1: device descriptor read/64, error -71
[ 1314.046353][ T5981] usb usb7-port1: attempt power cycle
[ 1314.214788][T19480] mkiss: ax0: crc mode is auto.
[ 1314.427358][T18252] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1314.444297][T18252] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1314.457721][T18252] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1314.478132][T18252] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1314.490664][T18252] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1315.330037][T19489] lo speed is unknown, defaulting to 1000
[ 1316.166455][T18252] Bluetooth: hci1: command 0x0405 tx timeout
[ 1316.274646][T19502] atomic_op ffff88807bdd8198 conn xmit_atomic 0000000000000000
[ 1316.731621][T19508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3592'.
[ 1316.752221][T19508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3592'.
[ 1317.266180][T17069] Bluetooth: hci4: command tx timeout
[ 1318.235397][T19489] chnl_net:caif_netlink_parms(): no params data found
[ 1318.794554][T19520] Invalid ELF header magic: != ELF
[ 1319.286317][T17069] Bluetooth: hci4: command tx timeout
[ 1319.366521][ T5981] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1319.430935][T19527] block nbd6: Attempted send on invalid socket
[ 1319.438632][T19527] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1319.479312][T19527] block nbd6: Attempted send on invalid socket
[ 1319.505886][ T5981] usb 3-1: device descriptor read/64, error -71
[ 1319.596743][T19527] I/O error, dev nbd6, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1319.849764][T19530] trusted_key: encrypted_key: key user:syz not found
[ 1319.851719][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1319.917660][ T5981] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1319.982609][T19527] block nbd6: Attempted send on invalid socket
[ 1319.989592][T19527] I/O error, dev nbd6, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1319.999409][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1320.012323][T19527] block nbd6: Attempted send on invalid socket
[ 1320.021034][T19527] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.031071][T19527] block nbd6: Attempted send on invalid socket
[ 1320.037759][T19527] I/O error, dev nbd6, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.047751][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1320.058100][T19527] block nbd6: Attempted send on invalid socket
[ 1320.066375][T19527] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.076394][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1320.088393][T19527] block nbd6: Attempted send on invalid socket
[ 1320.094712][T19527] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.104962][T19527] block nbd6: Attempted send on invalid socket
[ 1320.112418][T19527] I/O error, dev nbd6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.122529][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1320.126110][ T5981] usb 3-1: device descriptor read/64, error -71
[ 1320.133133][T19527] block nbd6: Attempted send on invalid socket
[ 1320.149549][T19527] I/O error, dev nbd6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.149728][T19489] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1320.166538][T19489] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1320.174808][T19489] bridge_slave_0: entered allmulticast mode
[ 1320.188858][T19489] bridge_slave_0: entered promiscuous mode
[ 1320.194942][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1320.201095][T19489] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1320.214155][T19489] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1320.223399][T19489] bridge_slave_1: entered allmulticast mode
[ 1320.232608][T19489] bridge_slave_1: entered promiscuous mode
[ 1320.250601][T19527] block nbd6: Attempted send on invalid socket
[ 1320.269679][T19527] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1320.290203][ T5981] usb usb3-port1: attempt power cycle
[ 1320.293269][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[ 1320.309312][T19527] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[ 1320.317252][T19534] input: syz1 as /devices/virtual/input/input38
[ 1320.325630][T19527] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[ 1320.371510][T19489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1320.403629][T19489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1320.542457][T19489] team0: Port device team_slave_0 added
[ 1320.572432][T19489] team0: Port device team_slave_1 added
[ 1320.639928][ T5981] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1320.712448][ T5981] usb 3-1: device descriptor read/8, error -71
[ 1320.743819][T19489] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1320.753097][T19489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1320.830198][T19489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1320.853681][T19489] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1320.862361][T19489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1320.917452][T19489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1320.966320][ T5981] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1321.007374][ T5981] usb 3-1: device descriptor read/8, error -71
[ 1321.095855][T19489] hsr_slave_0: entered promiscuous mode
[ 1321.103131][T19489] hsr_slave_1: entered promiscuous mode
[ 1321.110601][T19489] debugfs: 'hsr0' already exists in 'hsr'
[ 1321.116632][T19489] Cannot create hsr debugfs directory
[ 1321.126714][ T5981] usb usb3-port1: unable to enumerate USB device
[ 1321.366313][T18252] Bluetooth: hci4: command tx timeout
[ 1322.117392][T19550] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3604'.
[ 1322.759048][T18252] Bluetooth: hci1: command 0x0405 tx timeout
[ 1323.460925][T17069] Bluetooth: hci4: command tx timeout
[ 1323.618351][T19489] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1323.631783][T19489] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1323.642148][T19489] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1323.653112][T19489] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1323.742389][T19489] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1323.766417][T19489] 8021q: adding VLAN 0 to HW filter on device team0
[ 1323.781984][T12639] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1323.789196][T12639] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1323.807681][T12639] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1323.814837][T12639] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1324.273140][T19489] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1324.748833][T19489] veth0_vlan: entered promiscuous mode
[ 1324.768656][T19489] veth1_vlan: entered promiscuous mode
[ 1324.871669][T19489] veth0_macvtap: entered promiscuous mode
[ 1324.892618][T19489] veth1_macvtap: entered promiscuous mode
[ 1324.914431][T19489] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1324.933498][T19489] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1324.955094][T12639] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1324.979250][T12639] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1325.029021][T12639] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1325.057194][T12639] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1325.095343][T12639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1325.115010][T12639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1325.153268][T12639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1325.163221][T12639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1325.741136][T19595] trusted_key: encrypted_key: key user:syz not found
[ 1327.580859][T19615] Invalid ELF header magic: != ELF
[ 1329.427187][T19623] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1331.312266][ T5875] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[ 1331.624588][ T5875] usb 6-1: Using ep0 maxpacket: 16
[ 1331.670801][ T5875] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1331.691280][ T5875] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1331.741721][ T5875] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1331.779297][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1331.804444][ T5875] usb 6-1: Product: syz
[ 1331.812925][ T5875] usb 6-1: Manufacturer: syz
[ 1331.820491][ T5875] usb 6-1: SerialNumber: syz
[ 1332.845827][ T5875] usb 6-1: cannot find UAC_HEADER
[ 1332.871963][ T5875] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1332.890434][ T5875] usb 6-1: USB disconnect, device number 54
[ 1332.940966][T19198] udevd[19198]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1333.686459][T17069] Bluetooth: hci1: command 0x0405 tx timeout
[ 1334.852708][T19665] tty tty30: ldisc open failed (-12), clearing slot 29
[ 1334.913901][T17069] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1334.942732][T17069] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1334.952188][T17069] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1334.964939][T17069] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1334.973030][T17069] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1335.208353][T19668] lo speed is unknown, defaulting to 1000
[ 1335.487003][T19682] lo speed is unknown, defaulting to 1000
[ 1336.634971][T19668] chnl_net:caif_netlink_parms(): no params data found
[ 1337.093266][T18252] Bluetooth: hci5: command tx timeout
[ 1337.454606][T19728] syz.5.3653: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1337.474558][T19728] CPU: 0 UID: 0 PID: 19728 Comm: syz.5.3653 Not tainted syzkaller #0 PREEMPT(full) 
[ 1337.474588][T19728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1337.474602][T19728] Call Trace:
[ 1337.474612][T19728]  <TASK>
[ 1337.474623][T19728]  dump_stack_lvl+0x189/0x250
[ 1337.474662][T19728]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1337.474689][T19728]  ? __pfx__printk+0x10/0x10
[ 1337.474719][T19728]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1337.474743][T19728]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1337.474768][T19728]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1337.474795][T19728]  warn_alloc+0x214/0x310
[ 1337.474817][T19728]  ? stack_depot_save_flags+0x41b/0x860
[ 1337.474852][T19728]  ? __pfx_warn_alloc+0x10/0x10
[ 1337.474875][T19728]  ? kasan_save_track+0x3e/0x80
[ 1337.474906][T19728]  ? __kasan_kmalloc+0x93/0xb0
[ 1337.474927][T19728]  ? xsk_setsockopt+0x4dc/0x8d0
[ 1337.474946][T19728]  ? do_sock_setsockopt+0x17c/0x1b0
[ 1337.474970][T19728]  ? __x64_sys_setsockopt+0x13f/0x1b0
[ 1337.474994][T19728]  ? do_syscall_64+0xfa/0xfa0
[ 1337.475019][T19728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.475052][T19728]  __vmalloc_node_range_noprof+0x125/0x12f0
[ 1337.475119][T19728]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1337.475158][T19728]  ? __kasan_kmalloc+0x93/0xb0
[ 1337.475184][T19728]  vmalloc_user_noprof+0xad/0xf0
[ 1337.475218][T19728]  ? xskq_create+0xbf/0x170
[ 1337.475240][T19728]  xskq_create+0xbf/0x170
[ 1337.475263][T19728]  xsk_init_queue+0xb0/0x110
[ 1337.475290][T19728]  xsk_setsockopt+0x4dc/0x8d0
[ 1337.475314][T19728]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1337.475339][T19728]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1337.475370][T19728]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1337.475426][T19728]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1337.475448][T19728]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1337.475470][T19728]  do_sock_setsockopt+0x17c/0x1b0
[ 1337.475501][T19728]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1337.475533][T19728]  do_syscall_64+0xfa/0xfa0
[ 1337.475557][T19728]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1337.475581][T19728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.475602][T19728]  ? clear_bhb_loop+0x60/0xb0
[ 1337.475628][T19728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.475649][T19728] RIP: 0033:0x7f05fdb8ec29
[ 1337.475669][T19728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1337.475686][T19728] RSP: 002b:00007f05fea8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1337.475709][T19728] RAX: ffffffffffffffda RBX: 00007f05fddd6180 RCX: 00007f05fdb8ec29
[ 1337.475725][T19728] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[ 1337.475739][T19728] RBP: 00007f05fdc11e41 R08: 0000000000000052 R09: 0000000000000000
[ 1337.475752][T19728] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1337.475766][T19728] R13: 00007f05fddd6218 R14: 00007f05fddd6180 R15: 00007ffda075da88
[ 1337.475802][T19728]  </TASK>
[ 1337.475811][T19728] Mem-Info:
[ 1338.064362][T19728] active_anon:11625 inactive_anon:0 isolated_anon:0
[ 1338.064362][T19728]  active_file:17857 inactive_file:40395 isolated_file:0
[ 1338.064362][T19728]  unevictable:2722 dirty:127 writeback:0
[ 1338.064362][T19728]  slab_reclaimable:11581 slab_unreclaimable:105473
[ 1338.064362][T19728]  mapped:40097 shmem:7511 pagetables:1400
[ 1338.064362][T19728]  sec_pagetables:0 bounce:0
[ 1338.064362][T19728]  kernel_misc_reclaimable:0
[ 1338.064362][T19728]  free:1284962 free_pcp:11097 free_cma:0
[ 1338.173660][T19728] Node 0 active_anon:48348kB inactive_anon:0kB active_file:71276kB inactive_file:161384kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:165656kB dirty:504kB writeback:0kB shmem:29928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13232kB pagetables:5476kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1338.240339][T19728] Node 1 active_anon:0kB inactive_anon:0kB active_file:152kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:152kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1338.271888][T19728] Node 0 DMA free:15344kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1338.386685][T19668] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1338.400181][T19728] lowmem_reserve[]: 0 2491 2491 2491 2491
[ 1338.408988][T19668] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1338.417905][T19728] Node 0 DMA32 free:1218196kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB free_highatomic:0KB active_anon:53612kB inactive_anon:0kB active_file:71276kB inactive_file:161384kB unevictable:9728kB writepending:504kB zspages:0kB present:3129332kB managed:2550800kB mlocked:8192kB bounce:0kB free_pcp:36788kB local_pcp:13168kB free_cma:0kB
[ 1338.457991][T19668] bridge_slave_0: entered allmulticast mode
[ 1338.473271][T19668] bridge_slave_0: entered promiscuous mode
[ 1338.482384][T19668] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1338.496746][T19668] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1338.503976][T19728] lowmem_reserve[]: 0 0 0 0 0
[ 1338.509322][T19668] bridge_slave_1: entered allmulticast mode
[ 1338.515435][T19728] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1338.571964][T19668] bridge_slave_1: entered promiscuous mode
[ 1338.607527][T19728] lowmem_reserve[]: 0 0 0 0 0
[ 1338.613876][T19728] Node 1 Normal free:3902012kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:152kB inactive_file:196kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:10180kB local_pcp:7340kB free_cma:0kB
[ 1338.716673][   T43] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1338.760682][T19728] lowmem_reserve[]: 0 0 0 0 0
[ 1338.802336][T19728] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[ 1338.879709][T19668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1338.889214][   T43] usb 3-1: Using ep0 maxpacket: 8
[ 1338.905232][   T43] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1338.920184][T19728] Node 0 DMA32: 86*4kB (UME) 16*8kB (UE) 1*16kB (U) 525*32kB (UME) 447*64kB (ME) 238*128kB (UME) 496*256kB (UM) 329*512kB (UME) 147*1024kB (UME) 17*2048kB (UM) 159*4096kB (UM) = 1208392kB
[ 1338.956374][   T43] usb 3-1: config 219 has an invalid interface number: 147 but max is 1
[ 1338.997482][T19668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1339.010179][   T43] usb 3-1: config 219 has an invalid interface number: 151 but max is 1
[ 1339.039376][   T43] usb 3-1: config 219 has no interface number 0
[ 1339.047985][T19728] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1339.087454][   T43] usb 3-1: config 219 has no interface number 1
[ 1339.122652][T19728] Node 1 Normal: 2*4kB (ME) 1*8kB (E) 12*16kB (E) 31*32kB (UME) 98*64kB (UME) 38*128kB (UE) 18*256kB (UME) 8*512kB (UME) 4*1024kB (UME) 1*2048kB (U) 946*4096kB (M) = 3902000kB
[ 1339.148238][   T43] usb 3-1: config 219 interface 147 has no altsetting 0
[ 1339.180804][T18252] Bluetooth: hci5: command tx timeout
[ 1339.256098][   T43] usb 3-1: config 219 interface 151 has no altsetting 0
[ 1339.283338][T19728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1339.306054][   T43] usb 3-1: string descriptor 0 read error: -22
[ 1339.312290][   T43] usb 3-1: New USB device found, idVendor=0fb0, idProduct=0006, bcdDevice=9e.d4
[ 1339.333227][T19728] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1339.357784][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 1339.372987][T19728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1339.388837][T19668] team0: Port device team_slave_0 added
[ 1339.412463][T19668] team0: Port device team_slave_1 added
[ 1339.431285][T19728] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1339.494341][T19728] 71164 total pagecache pages
[ 1339.516426][T19728] 0 pages in swap cache
[ 1339.542048][T19728] Free swap  = 124996kB
[ 1339.558657][T19728] Total swap = 124996kB
[ 1339.562890][T19728] 2097051 pages RAM
[ 1339.596101][T19668] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1339.603248][T19728] 0 pages HighMem/MovableOnly
[ 1339.621422][T19728] 427581 pages reserved
[ 1339.630194][T19668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1339.686580][T19728] 0 pages cma reserved
[ 1339.791269][T19668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1339.865640][T19668] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1339.933759][T19668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1340.096346][T19668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1340.337805][T19668] hsr_slave_0: entered promiscuous mode
[ 1340.364581][T19668] hsr_slave_1: entered promiscuous mode
[ 1340.378457][T19668] debugfs: 'hsr0' already exists in 'hsr'
[ 1340.394082][T19668] Cannot create hsr debugfs directory
[ 1341.206510][T18252] Bluetooth: hci5: command tx timeout
[ 1341.571602][T19668] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1341.759308][T19668] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1341.855083][T19668] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1341.951728][T19668] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1342.157131][T18976] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[ 1342.327082][T19668] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1342.386278][T18976] usb 7-1: config 0 has an invalid interface number: 113 but max is 0
[ 1342.394503][T18976] usb 7-1: config 0 has no interface number 0
[ 1342.433153][T18976] usb 7-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0xE7, changing to 0x87
[ 1342.462507][T19668] 8021q: adding VLAN 0 to HW filter on device team0
[ 1342.538099][T18976] usb 7-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1342.555352][ T5875] usb 3-1: USB disconnect, device number 64
[ 1342.583692][T12635] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1342.590911][T12635] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1342.613649][T18976] usb 7-1: config 0 interface 113 has no altsetting 0
[ 1342.675514][T18976] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1342.717168][T18976] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1342.725230][T18976] usb 7-1: Product: syz
[ 1342.737915][T18976] usb 7-1: Manufacturer: syz
[ 1342.756481][T12635] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1342.763759][T12635] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1342.773895][T18976] usb 7-1: SerialNumber: syz
[ 1342.799174][T18976] usb 7-1: config 0 descriptor??
[ 1342.840345][T18976] pn533_usb 7-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[ 1343.014217][   T43] usb 7-1: USB disconnect, device number 14
[ 1343.286278][T18252] Bluetooth: hci5: command tx timeout
[ 1343.434745][T19668] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1344.726207][   T43] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1344.916050][   T43] usb 3-1: Using ep0 maxpacket: 32
[ 1344.932078][   T43] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1344.973048][   T43] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1345.143224][   T43] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1345.156039][   T43] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1345.179013][   T43] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1345.197440][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1346.672259][   T43] usb 3-1: Product: syz
[ 1346.684990][   T43] usb 3-1: Manufacturer: syz
[ 1346.690228][   T43] usb 3-1: SerialNumber: syz
[ 1346.758558][   T43] imon:imon_find_endpoints: no valid input (IR) endpoint found
[ 1346.801275][   T43] imon 3-1:155.0: unable to initialize intf0, err -19
[ 1346.836169][   T43] imon:imon_probe: failed to initialize context!
[ 1346.842570][   T43] imon 3-1:155.0: unable to register, err -19
[ 1346.936030][   T43] usb 3-1: USB disconnect, device number 65
[ 1347.070963][T19668] veth0_vlan: entered promiscuous mode
[ 1347.152263][T19668] veth1_vlan: entered promiscuous mode
[ 1347.267532][T19668] veth0_macvtap: entered promiscuous mode
[ 1347.298728][T19668] veth1_macvtap: entered promiscuous mode
[ 1347.394878][T19668] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1347.525780][T19668] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1347.618162][T12635] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.682424][T12635] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1347.764724][T12635] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1348.390232][T12635] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1349.925422][T12633] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1349.972124][T12633] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1350.069592][T12633] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1350.126765][T12633] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1351.651069][T19874] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3633'.
[ 1353.185022][T19895] netlink: 'syz.8.3700': attribute type 2 has an invalid length.
[ 1353.194101][T19895] netlink: 119 bytes leftover after parsing attributes in process `syz.8.3700'.
[ 1356.412452][T19922] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3706'.
[ 1356.414798][T19923] netlink: 84 bytes leftover after parsing attributes in process `syz.6.3706'.
[ 1356.688463][T19923] team0: No ports can be present during mode change
[ 1356.888583][T19914] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1357.853819][T19936] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3711'.
[ 1358.767496][T19947] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3711'.
[ 1358.786001][T19947] netlink: 'syz.5.3711': attribute type 5 has an invalid length.
[ 1358.952301][T19947] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3711'.
[ 1358.973787][T19947] geneve2: entered promiscuous mode
[ 1358.979166][T19947] geneve2: entered allmulticast mode
[ 1359.618283][T12635] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[ 1359.697278][T12635] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[ 1359.738667][T19955] netlink: 'syz.2.3718': attribute type 5 has an invalid length.
[ 1360.116101][T12633] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[ 1360.136075][T12633] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[ 1361.770670][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1363.258618][T19987] netlink: 52 bytes leftover after parsing attributes in process `syz.6.3728'.
[ 1363.568080][T12635] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1363.623115][T12635] netdevsim netdevsim5 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[ 1363.702677][T20000] tipc: Started in network mode
[ 1363.726078][T20000] tipc: Node identity ac1414aa, cluster identity 4711
[ 1363.768420][T20000] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1365.144498][   T43] tipc: Node number set to 2886997162
[ 1365.503359][T20026] netlink: 'syz.5.3745': attribute type 2 has an invalid length.
[ 1368.336875][T20062] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3760'.
[ 1369.406438][T20066] netlink: 'syz.8.3757': attribute type 2 has an invalid length.
[ 1369.414414][T20066] netlink: 119 bytes leftover after parsing attributes in process `syz.8.3757'.
[ 1369.505960][ T5981] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1369.721558][ T5981] usb 7-1: Using ep0 maxpacket: 32
[ 1369.737194][ T5981] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1369.752352][ T5981] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1369.798307][ T5981] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1369.831383][ T5981] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1369.892227][ T5981] usb 7-1: config 0 descriptor??
[ 1370.357983][ T5981] ft260 0003:0403:6030.0019: unknown main item tag 0x0
[ 1370.402431][ T5981] ft260 0003:0403:6030.0019: unknown main item tag 0x0
[ 1370.536520][ T5981] ft260 0003:0403:6030.0019: chip code: 6424 8183
[ 1370.757180][ T5981] ft260 0003:0403:6030.0019: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0
[ 1371.653176][ T5981] ft260 0003:0403:6030.0019: failed to retrieve status: -32, no wakeup
[ 1371.756487][ T5981] ft260 0003:0403:6030.0019: failed to retrieve status: -32
[ 1371.896887][T20105] input: syz1 as /devices/virtual/input/input39
[ 1372.066976][T15989] usb 7-1: reset high-speed USB device number 15 using dummy_hcd
[ 1372.364691][T20111] genirq: Flags mismatch irq 5. 00200000 (pcl812) vs. 00200000 (pcl812)
[ 1373.194954][T20121] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[ 1373.216428][ T5981] usb 7-1: USB disconnect, device number 15
[ 1373.279680][T20121] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[ 1373.306022][T20121] overlayfs: failed to set uuid (21/file0, err=-13); falling back to uuid=null.
[ 1377.500641][T20149] netlink: 'syz.7.3789': attribute type 2 has an invalid length.
[ 1377.581027][   T30] audit: type=1804 audit(1758358456.423:973): pid=20153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3788" name="/newroot/37/file0" dev="tmpfs" ino=206 res=1 errno=0
[ 1377.752916][   T30] audit: type=1800 audit(1758358456.423:974): pid=20153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3788" name="file0" dev="tmpfs" ino=206 res=0 errno=0
[ 1483.069960][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1483.076965][    C1] rcu: 	0-...!: (0 ticks this GP) idle=550c/0/0x1 softirq=117040/117040 fqs=0
[ 1483.087385][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P18250/1:b..l P5234/1:b..l
[ 1483.096662][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=96061, q=289 ncpus=2)
[ 1483.104416][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1483.104455][    C0] NMI backtrace for cpu 0
[ 1483.104498][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[ 1483.104526][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1483.104543][    C0] RIP: 0010:check_preemption_disabled+0x1/0x120
[ 1483.104576][    C0] Code: 00 aa 03 8c 48 c7 c6 40 aa 03 8c eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 <41> 57 41 56 53 48 83 ec 10 65 48 8b 05 de 94 3e 07 48 89 44 24 08
[ 1483.104593][    C0] RSP: 0018:ffffc90000007d10 EFLAGS: 00000082
[ 1483.104608][    C0] RAX: ffffffff81adcc1c RBX: ffff8880b8627c08 RCX: 0000000000010000
[ 1483.104622][    C0] RDX: ffffffff8e0951c0 RSI: ffffffff8c03aa40 RDI: ffffffff8c03aa00
[ 1483.104636][    C0] RBP: ffffc90000007e90 R08: ffffffff8fc39677 R09: 1ffffffff1f872ce
[ 1483.104650][    C0] R10: dffffc0000000000 R11: fffffbfff1f872cf R12: ffff88807caef340
[ 1483.104663][    C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 1483.104674][    C0] FS:  0000000000000000(0000) GS:ffff8881259e7000(0000) knlGS:0000000000000000
[ 1483.104688][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1483.104701][    C0] CR2: 00007f1c5b3d7dac CR3: 0000000039f1c000 CR4: 00000000003526f0
[ 1483.104730][    C0] DR0: 0000000000000008 DR1: 0000000000000002 DR2: 0000000000000081
[ 1483.104741][    C0] DR3: ffffffffefffff14 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1483.104753][    C0] Call Trace:
[ 1483.104762][    C0]  <IRQ>
[ 1483.104771][    C0]  rcu_is_watching+0x15/0xb0
[ 1483.104801][    C0]  __hrtimer_run_queues+0x5b6/0xc60
[ 1483.104839][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1483.104864][    C0]  ? read_tsc+0x9/0x20
[ 1483.104891][    C0]  hrtimer_interrupt+0x45b/0xaa0
[ 1483.104932][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[ 1483.104961][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1483.104981][    C0]  </IRQ>
[ 1483.104987][    C0]  <TASK>
[ 1483.104994][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1483.105012][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1483.105032][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 4a 23 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1483.105048][    C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6
[ 1483.105062][    C0] RAX: 6154e2ce38237100 RBX: ffffffff8196a2b7 RCX: 6154e2ce38237100
[ 1483.105075][    C0] RDX: 0000000000000001 RSI: ffffffff8dba2d53 RDI: ffffffff8c03aa60
[ 1483.105087][    C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632fdb R09: 1ffff110170c65fb
[ 1483.105101][    C0] R10: dffffc0000000000 R11: ffffed10170c65fc R12: ffffffff8fc39670
[ 1483.105114][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a38
[ 1483.105128][    C0]  ? do_idle+0x1e7/0x510
[ 1483.105159][    C0]  default_idle+0x13/0x20
[ 1483.105181][    C0]  default_idle_call+0x73/0xb0
[ 1483.105205][    C0]  do_idle+0x1e7/0x510
[ 1483.105233][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1483.105266][    C0]  cpu_startup_entry+0x44/0x60
[ 1483.105292][    C0]  rest_init+0x2de/0x300
[ 1483.105318][    C0]  start_kernel+0x3ae/0x410
[ 1483.105348][    C0]  x86_64_start_reservations+0x24/0x30
[ 1483.105370][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1483.105391][    C0]  common_startup_64+0x13e/0x147
[ 1483.105420][    C0]  </TASK>
[ 1483.105450][    C1] task:udevd           state:R  running task     stack:21672 pid:5234  tgid:5234  ppid:1      task_flags:0x400140 flags:0x00080001
[ 1483.438401][    C1] Call Trace:
[ 1483.441710][    C1]  <TASK>
[ 1483.444674][    C1]  __schedule+0x1798/0x4cc0
[ 1483.449246][    C1]  ? __pfx___schedule+0x10/0x10
[ 1483.454134][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1483.460057][    C1]  ? preempt_schedule+0xae/0xc0
[ 1483.464933][    C1]  preempt_schedule_common+0x83/0xd0
[ 1483.470247][    C1]  preempt_schedule+0xae/0xc0
[ 1483.474953][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[ 1483.480354][    C1]  preempt_schedule_thunk+0x16/0x30
[ 1483.485604][    C1]  _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1483.491359][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1483.497979][    C1]  ? ep_poll_callback+0x91b/0xac0
[ 1483.503050][    C1]  __wake_up_common_lock+0x190/0x1f0
[ 1483.508379][    C1]  sock_def_readable+0x1fb/0x550
[ 1483.513354][    C1]  ? sock_def_readable+0xbe/0x550
[ 1483.518485][    C1]  netlink_sendskb+0xa1/0x140
[ 1483.523201][    C1]  netlink_unicast+0x397/0x9e0
[ 1483.528003][    C1]  ? __pfx_netlink_unicast+0x10/0x10
[ 1483.533339][    C1]  ? netlink_sendmsg+0x642/0xb30
[ 1483.538284][    C1]  ? skb_put+0x11b/0x210
[ 1483.542558][    C1]  netlink_sendmsg+0x805/0xb30
[ 1483.547443][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1483.552751][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1483.557639][    C1]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1483.562622][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1483.567930][    C1]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1483.573251][    C1]  __sock_sendmsg+0x21c/0x270
[ 1483.577954][    C1]  ____sys_sendmsg+0x505/0x830
[ 1483.582743][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1483.588060][    C1]  ? import_iovec+0x74/0xa0
[ 1483.592584][    C1]  ___sys_sendmsg+0x21f/0x2a0
[ 1483.597292][    C1]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1483.602565][    C1]  ? __pfx_do_epoll_wait+0x10/0x10
[ 1483.607745][    C1]  __x64_sys_sendmsg+0x19b/0x260
[ 1483.612713][    C1]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1483.618204][    C1]  ? do_raw_spin_unlock+0x122/0x240
[ 1483.623428][    C1]  ? do_syscall_64+0xbe/0xfa0
[ 1483.628130][    C1]  do_syscall_64+0xfa/0xfa0
[ 1483.632665][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.638742][    C1]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1483.644389][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1483.649094][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.655005][    C1] RIP: 0033:0x7f92990a7407
[ 1483.659443][    C1] RSP: 002b:00007ffeaa0e9250 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 1483.667881][    C1] RAX: ffffffffffffffda RBX: 00007f929987c880 RCX: 00007f92990a7407
[ 1483.675882][    C1] RDX: 0000000000000000 RSI: 00007ffeaa0e92b0 RDI: 0000000000000004
[ 1483.683871][    C1] RBP: 0000555ed3f33d80 R08: 0000000000000000 R09: 0000000000000000
[ 1483.691852][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000000b4
[ 1483.699851][    C1] R13: 0000555ed3f079e0 R14: 0000000000000000 R15: 0000000000000000
[ 1483.707862][    C1]  </TASK>
[ 1483.710898][    C1] task:syz-executor    state:R  running task     stack:21520 pid:18250 tgid:18250 ppid:18220  task_flags:0x400140 flags:0x00080000
[ 1483.724495][    C1] Call Trace:
[ 1483.727794][    C1]  <TASK>
[ 1483.730745][    C1]  __schedule+0x1798/0x4cc0
[ 1483.735281][    C1]  ? do_syscall_64+0xfa/0xfa0
[ 1483.740009][    C1]  ? __pfx___schedule+0x10/0x10
[ 1483.744886][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1483.749957][    C1]  ? preempt_schedule+0xae/0xc0
[ 1483.754825][    C1]  preempt_schedule_common+0x83/0xd0
[ 1483.760122][    C1]  preempt_schedule+0xae/0xc0
[ 1483.764815][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[ 1483.770226][    C1]  ? copy_pmd_range+0x75fa/0x7f00
[ 1483.775281][    C1]  preempt_schedule_thunk+0x16/0x30
[ 1483.780523][    C1]  _raw_spin_unlock+0x3f/0x50
[ 1483.785221][    C1]  copy_pmd_range+0x7630/0x7f00
[ 1483.790097][    C1]  ? unwind_get_return_address+0x4d/0x90
[ 1483.795785][    C1]  ? __pfx_copy_pmd_range+0x10/0x10
[ 1483.801023][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1483.805920][    C1]  copy_page_range+0xc14/0x1270
[ 1483.810790][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1483.815708][    C1]  ? __pfx_copy_page_range+0x10/0x10
[ 1483.821022][    C1]  ? up_write+0x1c4/0x420
[ 1483.825368][    C1]  ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10
[ 1483.832161][    C1]  dup_mmap+0xf4c/0x1b10
[ 1483.836444][    C1]  ? __pfx_dup_mmap+0x10/0x10
[ 1483.841158][    C1]  ? mm_init+0xd74/0xfa0
[ 1483.845436][    C1]  copy_mm+0x13c/0x4b0
[ 1483.849525][    C1]  copy_process+0x1706/0x3c00
[ 1483.854253][    C1]  ? copy_process+0x97f/0x3c00
[ 1483.859055][    C1]  ? __pfx_copy_process+0x10/0x10
[ 1483.864129][    C1]  kernel_clone+0x21e/0x840
[ 1483.868652][    C1]  ? css_rstat_updated+0x23a/0x4f0
[ 1483.873796][    C1]  ? __pfx_kernel_clone+0x10/0x10
[ 1483.878848][    C1]  ? count_memcg_event_mm+0x21/0x260
[ 1483.884165][    C1]  __x64_sys_clone+0x18b/0x1e0
[ 1483.888953][    C1]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1483.894272][    C1]  ? do_user_addr_fault+0xc85/0x1380
[ 1483.899589][    C1]  ? do_syscall_64+0xbe/0xfa0
[ 1483.904291][    C1]  do_syscall_64+0xfa/0xfa0
[ 1483.908829][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1483.914062][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.920166][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1483.924876][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.930793][    C1] RIP: 0033:0x7f80c1d85493
[ 1483.935229][    C1] RSP: 002b:00007ffcddfda988 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1483.943664][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80c1d85493
[ 1483.951654][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1483.959640][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 1483.967629][    C1] R10: 000055558f64e7d0 R11: 0000000000000246 R12: 0000000000000000
[ 1483.975611][    C1] R13: 00000000000927c0 R14: 00000000001505ed R15: 00007ffcddfdab20
[ 1483.983619][    C1]  </TASK>
[ 1483.986658][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g96061 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 1483.998993][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=91890
[ 1484.006893][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g96061 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[ 1484.018267][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1484.028245][    C1] rcu: RCU grace-period kthread stack dump:
[ 1484.034150][    C1] task:rcu_preempt     state:I stack:26464 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1484.046089][    C1] Call Trace:
[ 1484.049382][    C1]  <TASK>
[ 1484.052334][    C1]  __schedule+0x1798/0x4cc0
[ 1484.056885][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1484.061764][    C1]  ? __pfx___schedule+0x10/0x10
[ 1484.066653][    C1]  ? schedule+0x91/0x360
[ 1484.070916][    C1]  schedule+0x165/0x360
[ 1484.075089][    C1]  schedule_timeout+0x12b/0x270
[ 1484.079951][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1484.085348][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1484.090662][    C1]  ? prepare_to_swait_event+0x341/0x380
[ 1484.096243][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[ 1484.101134][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1484.106104][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1484.111329][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1484.116646][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1484.121885][    C1]  rcu_gp_kthread+0x99/0x390
[ 1484.126502][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1484.131725][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1484.136697][    C1]  ? __kthread_parkme+0x1a1/0x200
[ 1484.141756][    C1]  kthread+0x711/0x8a0
[ 1484.145862][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1484.151083][    C1]  ? __pfx_kthread+0x10/0x10
[ 1484.155699][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1484.160913][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1484.166127][    C1]  ? __pfx_kthread+0x10/0x10
[ 1484.170734][    C1]  ret_from_fork+0x4bc/0x870
[ 1484.175351][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1484.180500][    C1]  ? __switch_to_asm+0x39/0x70
[ 1484.185285][    C1]  ? __switch_to_asm+0x33/0x70
[ 1484.190067][    C1]  ? __pfx_kthread+0x10/0x10
[ 1484.194676][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1484.199489][    C1]  </TASK>