last executing test programs:

5m55.850059033s ago: executing program 4 (id=1067):
symlinkat(&(0x7f0000001040)='./cgroup\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
r0 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r3, 0x89e3, 0x0)
r4 = gettid()
openat$kvm(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000040)={0xf0f024})
r5 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r5, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8003, 0x1000, 0x4, 0x86c}})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x80, 0x43}, 0x10)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=ANY=[@ANYRESDEC=0x0, @ANYRES64=r0], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x2000c010)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_NAME(0xf, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40014)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x16, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="1802000000000000000016000000000085000000ab00000095000000000000002fd4ccc6ceec348140d4dbf0b996899f303391d00351687938a771ce61113af188d60d392191a273a4fbea07aacdc9f3d87ca5ad212ec95b743df7f79226fe4caac3ebcc28d7d73d3366444df2252ced8e358d15a404400b6b5e325d3ecb99837680dccc89", @ANYRES64=r4, @ANYRES16=r1, @ANYRES32=r5], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1b, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r7}, 0x10)
mount$tmpfs(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)

5m55.316674201s ago: executing program 4 (id=1070):
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100)=0xfefffff9, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x9, 0x7f}, @window={0x3, 0x9, 0x2}, @mss={0x2, 0x400}, @mss={0x2, 0xcb2}, @mss={0x2, 0x3}, @timestamp, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
lseek(0xffffffffffffffff, 0x0, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)

5m54.963024832s ago: executing program 4 (id=1073):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r1, 0x29, 0x4b, 0x0, 0xad)
setsockopt$sock_int(r1, 0x1, 0x1, &(0x7f0000000140), 0x4)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socket$netlink(0x10, 0x3, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0xdc0, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x5, 0x169b02)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @any, 0xd1}, 0xe)
getsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x4, 0x0, &(0x7f0000000000))
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000300)={{0x1, 0x5, 0x5, 0xb15, 'syz0\x00', 0x8}, 0x4, 0x3, 0x7f, r6, 0x4, 0x100, 'syz0\x00', &(0x7f0000000040)=['/dev/cpu/#/msr\x00', '/dev/kvm\x00', '/dev/cpu/#/msr\x00', '/dev/kvm\x00'], 0x30})
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000000680)=""/102400, 0x19000)
mount$9p_unix(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x802ca2, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new defaul?(user:syz 00000000000000003724\x00'], 0x2a, 0xfffffffffffffff9)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="f7790066baa00066b86b42460f22c7d466ba420000b8e20066ef0f29902cbb0000c4e2b1ba8c88d90000006666f6440f386b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x4b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m53.83179781s ago: executing program 4 (id=1077):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv6_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e24, 0x5e24}}, @FIB_RULE_POLICY=@FRA_IP_PROTO={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

5m53.638489933s ago: executing program 4 (id=1079):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xd, 0xfff0}, {0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x2d4, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x2c0, 0x1, [@m_simple={0x98, 0x14, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x6, 0x3, ':\x00'}, @TCA_DEF_DATA={0x6, 0x3, '[\x00'}]}, {0x59, 0x6, "2142fd3b7739e2df1ce11a6cb358923efde1e857b5f4b6f98b557df785dd171fde9589b89159b81ee8cae94d2e9fa3057e2ef1dcb1a91c625616b378bf4efa552a73c8d7f1dcf6bda7d96971955d93d98a6c82b565"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_csum={0x30, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_nat={0x1f4, 0x12, 0x0, 0x0, {{0x8}, {0x11c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x4, 0x0, 0x87, 0x10}, @multicast1, @dev={0xac, 0x14, 0x14, 0xf}, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x80007, 0x8, 0xffffffffffffffff, 0x3, 0x7}, @loopback, @broadcast, 0x80, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0x5, 0x5, 0x0, 0xffff0001}, @broadcast, @multicast1, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x40, 0x4, 0x0, 0x3, 0x9711}, @multicast1, @multicast1, 0x95c5050eeb275cf0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffff, 0xfffffffb, 0x736fe187decc650e, 0x101, 0x30000}, @remote, @local, 0xffffffff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xd, 0xb111, 0x8, 0x838, 0x2a}, @private=0xa010101, @local, 0xffffffff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x18, 0x5af3, 0x8, 0x5, 0xcd}, @private=0xa010100, @multicast1, 0xff}}]}, {0xb4, 0x6, "00dbe2375389f4c61bb80b5c04766adf4c4041ab3363ca93e40c5281d6bb7035fa3fb2838101ae15e668e34175f78ce7df4b1c48d956acfb10ab481c7729ee14cbb37713b8e2a37054e99152bbb3f0c77e56a1f6ab9da61c7f00958a0a8d67f277272c411cba11ef13007927c9c52984e903960081484a463aa2d388d77984fa7968102f600b0936201c9964cff6e2e5e131439b5dd84f40bb377965a4af38c2020711a2fad2ba4e11f442caf2f22b70"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fcdbdf252100000008000300", @ANYRES32=r1, @ANYBLOB='\x00\x00'], 0x28}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, 0x0]})
r8 = socket(0x10, 0x803, 0x0)
recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

5m52.743737243s ago: executing program 4 (id=1083):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r2, 0x6, 0x24, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4)
sendmmsg$unix(r4, &(0x7f000000a480)=[{{&(0x7f0000004380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYRES8=r4, @ANYRES8=0x0, @ANYRES8, @ANYRES64=r1], 0x30, 0x4000000}}], 0x1, 0x40)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r5 = inotify_init1(0xc0000)
inotify_add_watch(r5, 0x0, 0x60000726)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x8)
getpid()
mmap(&(0x7f000014e000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, r0, 0x344d000)

5m52.080579377s ago: executing program 32 (id=1083):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r2, 0x6, 0x24, &(0x7f00000000c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4)
sendmmsg$unix(r4, &(0x7f000000a480)=[{{&(0x7f0000004380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRES16, @ANYRES32=r0, @ANYRES8=r4, @ANYRES8=0x0, @ANYRES8, @ANYRES64=r1], 0x30, 0x4000000}}], 0x1, 0x40)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r5 = inotify_init1(0xc0000)
inotify_add_watch(r5, 0x0, 0x60000726)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x8)
getpid()
mmap(&(0x7f000014e000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, r0, 0x344d000)

17.403971145s ago: executing program 0 (id=1833):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000001c0)={0xffffffffffffffff, 0x4, "89e0df", 0x9, 0x51})

16.807938913s ago: executing program 0 (id=1835):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_ACTIVATE(r0, 0x4b44, 0x10000000000013)

14.053073231s ago: executing program 5 (id=1838):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000840)={{0x12, 0x1, 0x0, 0x75, 0x5f, 0x32, 0x20, 0x17dd, 0x5500, 0xf35e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xf0, 0x42, 0xa4, 0x0, [], [{{0x9, 0x5, 0x2, 0x3}}, {{0x9, 0x5, 0xd, 0x3}}]}}]}}]}}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x40, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r6 = socket(0x10, 0x8000000803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x54}}, 0x0)
mmap(&(0x7f0000405000/0x2000)=nil, 0x2000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xab24d000)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x88400)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r7, 0x40485404, &(0x7f0000000600)={{0xfffffffffffffff9, 0x0, 0x9, 0x2}, 0x40000000001, 0x405})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, 0x4a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}}, 0x14}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x82, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x56555958, 0x4, 0x0, 0x9}})
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003ac0)=[{&(0x7f0000000100)=@in={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x10008004}], 0x1, 0x10)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))

13.965838556s ago: executing program 0 (id=1839):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
close(0x3)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'veth1_to_hsr\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4d, 0x4, 0xe, 0x4b, 0x6b, 0x5, 0x4d, 0x7, 0x4, 0x2, [0x2, 0x8, 0x7, 0xd45b, 0x5, 0x8001, 0x40], [0x4, 0x83, 0x3, 0x9, 0x7, 0x8, 0x80f]}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)}, 0x20)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@private1, 0x60})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe(&(0x7f0000000580))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0x5}, 0x28)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYRES64, @ANYRES16, @ANYBLOB="010000000000001f0000540000000ee6e0006e657464657673696d0000000f0002e4056459f3c0eb609a5ea58e110a242e433cb6971c8c4bc61720355d2cb1e8de24a5be920f8a69f0dbe1881c87108d701302147173427027d541ecaa2e5b1c2b38745a2fc3f8e18c2acfa75c8efaa25dd7e7b79f35207cdda221a9dc6e5facd59af73c6ec1fbdb40a1141348fb269656e3feee2f50224a1cd764fe05d1b64607b42be9c7f7b83f185bfb78dcec8492d2401b0e00000c308131476e818a45c1ffd0ad7b20456b6fb7faca8b57c5b53976d7b31685afac2ec4a5dfb35fa201dbb1122e00c1621ff3308243e237f1184f4f698b6362cafaa3127bfd2e3ab682707e82897edb352a1755fcf49df62a82f9e28e21622de7246bf9e9d5911f1673ed01f1fa1478f756a570f9ca15e7ac214176618b5faa96df0cbb667391420c70425e83ca7fb636ee5ee859eff453662475928214c808a39689a3a17945d3cc50cdf1e90858dfae1b19201db9d000cda93791bc08313c4afda3943ecb9b01ed9328795eeb64d5"], 0x34}, 0x1, 0x0, 0x0, 0x44851}, 0x3a65a83257c633e)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="599c0000", @ANYRES16=r4, @ANYBLOB="0100000000000000000054000000"], 0x14}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f000002d000/0x4000)=nil, 0x4000, 0x1)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r5, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1)

12.383545445s ago: executing program 3 (id=1841):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x344d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x0, &(0x7f00000001c0)=0xffff0000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_QUERYBUF_DMABUF(r4, 0xc0585609, &(0x7f0000000280)={0x10000, 0x6, 0x4, 0x4, 0x80000000, {0x0, 0x2710}, {0x3, 0x0, 0x0, 0xe5, 0xf8, 0x5, "a6bce5f7"}, 0xb, 0x4, {}, 0x4, 0x0, r4})
ioctl$SNDCTL_DSP_POST(0xffffffffffffffff, 0x5008, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback=r4, 0x14, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0]}, 0x40)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x1f, 0x6, 0x518, 0x318, 0x318, 0x318, 0x438, 0x560, 0x560, 0x560, 0x560, 0x560, 0x560, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x1d694dea, 0x3, @ipv4=@rand_addr=0x64010100, 0x4e24}}}, {{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @private=0x4}, [0xffffff00, 0x0, 0xff, 0xff000000], [0x0, 0xff000000, 0xffffff00, 0xff000000], 'wlan1\x00', 'wg0\x00', {0xff}, {}, 0xea, 0x9, 0x4, 0x80}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x9, 0xf9, @ipv4=@dev={0xac, 0x14, 0x14, 0x44}, 0x4e20}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xaf}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x2, 0x1, 0xe00000}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x578)

12.166527234s ago: executing program 0 (id=1842):
socket$alg(0x26, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req={0x3, 0x10004, 0x800, 0x7}, 0x10)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000810001000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b74000c00e63b9ba2ea4f115a67245b00000000000000000000000000584cbf2649a50f2dbc0000a8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d9cfd56d3c86e55010000000000000000000000004137dfff2f8f00009a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe09"], 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x10080)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x3, 0x0, 0x2})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x804}, 0x40000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280), 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x2f}, 0xfffffffd})
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000004240)=0x7, 0x4)

11.354617692s ago: executing program 3 (id=1843):
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x14c03)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ipvs(0xffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000340), r3)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)={0x14, r4, 0x301, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x64044000)

10.451863693s ago: executing program 5 (id=1844):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e0026"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000400)="76389e14a3bf35f15517c87583ddd0", 0x0, 0xf000000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

9.968668965s ago: executing program 2 (id=1846):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x804, &(0x7f00000000c0)={[], [{@measure}]})
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, &(0x7f0000000300))
chdir(&(0x7f0000000140)='./bus\x00')
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f00000001c0)={0x0, 0x0, <r0=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000200)={&(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, r0, 0x51515151})
open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x1)
syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00')

8.903041036s ago: executing program 2 (id=1847):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) (async)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r2=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f00000002c0)={0xc, r2}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x6, r2, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000})
ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0x1) (async)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000ff2f00000000000001"])
fanotify_mark(0xffffffffffffffff, 0x1, 0x100018, 0xffffffffffffffff, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="3b2d226e9fff48a9895c23ef1cc18faafd9eead5d87c10e6470e254ed6d528288d46cd44025a8c99e5dd2418f1c59271a5648eec640df13446ec3524345018543954aadc3ceb4896387dacc7170fb616f2c0c0d6290be3c37d374d3a176b4853e33899bacb1d96ec117aef197aa4053c18a4c6c64752ce04dacfe3eb7c8d0b3dc0cedaf0b7700d1e761fa52497b167b46f0c384f1614e1086f8d3c09d36d56a618e9f1caba196043dafbf4e9d457e8006d49f4f3af5d0dc78ab73e03ec649c516a222f5f8987abc36a3290675df96fac8962f25ee393d9ca421588"], 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r3, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})

7.794993477s ago: executing program 1 (id=1849):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
connect$inet6(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x5)
r3 = socket$kcm(0xa, 0x1, 0x106)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f00000004c0)=""/94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$NL80211_CMD_RELOAD_REGDB(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r7, 0x101, 0x70bd2c, 0x25dfdbfe, {{0x7e, 0x0, 0x175c}}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
sendmsg$nl_generic(r4, 0x0, 0x84)
close(r3)
bind$vsock_stream(r2, 0x0, 0x0)
listen(r2, 0x0)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r8, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)

7.698022298s ago: executing program 3 (id=1850):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x10}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1010000)

5.719388138s ago: executing program 0 (id=1851):
socket(0xa, 0x3, 0x3a)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x400c0c4)
r2 = openat$rtc(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$RTC_AIE_OFF(r2, 0x7002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\rW\xef\x10\xd6d#\xf2\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8\x1f\xb2C\xf8\'?]\x16C\x166\xc0\xbcJT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8', 0x2)
pwritev(r3, &(0x7f0000000540)=[{&(0x7f0000000600)="e8", 0x1}], 0x1, 0x7effff, 0xb7b0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58)
r5 = accept$alg(r4, 0x0, 0x0)
sendfile(r5, r3, 0x0, 0x2000081)

5.62386552s ago: executing program 5 (id=1852):
r0 = fsopen(&(0x7f0000000280)='rpc_pipefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/crash_elfcorehdr_size', 0x8200, 0xa)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000840)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x1)

5.572565677s ago: executing program 2 (id=1853):
ioctl$PTP_PEROUT_REQUEST(0xffffffffffffffff, 0x40383d03, &(0x7f0000000080)={{0xc0, 0x8}, {0x7, 0xe36}, 0x328000, 0x1})
ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000100))
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_TTY_SET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x18, 0x3f9, 0x7d65e9dfe5241cc, 0x70bd25, 0x25dfdbfb, {0x1}, ["", "", ""]}, 0x18}}, 0x0)
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f0000000280)={{r1}, 0x2, &(0x7f0000000240)=[0x1, 0x3], 0x1})
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='rpc_stats_latency\x00', 0xffffffffffffffff, 0x0, 0x306c}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f00000003c0)={@mcast1, <r4=>0x0}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@delqdisc={0x4c, 0x25, 0x200, 0x9, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x1, 0x4}, {0xc, 0x6}, {0x4, 0x9}}, [@qdisc_kind_options=@q_ingress={0xc}, @qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_BETA={0x8, 0x5, 0x18}]}}, @qdisc_kind_options=@q_qfg={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040091}, 0x4010)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000540)=""/77)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISCONNECT(r5, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x5c, r6, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x28}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x36}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x32}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x19}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xf}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x13}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x42}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
recvfrom$l2tp6(r7, &(0x7f0000000780)=""/63, 0x3f, 0x0, &(0x7f00000007c0)={0xa, 0x0, 0x0, @dev}, 0x20)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000800)={'\x00', 0x6, 0xa5de, 0x3, 0x0, 0x4, <r8=>0xffffffffffffffff})
kcmp(r8, 0xffffffffffffffff, 0x3, r7, r3)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00)={r7, <r9=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r7, <r10=>0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)=r7}, 0x20)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x17, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @alu={0x7, 0x0, 0x5, 0x3, 0x6, 0x0, 0xfffffffffffffffc}, @ldst={0x2, 0x0, 0x4, 0x1, 0x1, 0x4, 0x8}, @ldst={0x1, 0x1, 0x3, 0x8, 0x2, 0xc, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000940)='GPL\x00', 0x51d0, 0xe, &(0x7f0000000980)=""/14, 0x41100, 0x5c, '\x00', r4, 0x0, r7, 0x8, &(0x7f00000009c0)={0x4, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000b00)=[r9, r5, r10, 0x1], &(0x7f0000000b40)=[{0x4, 0x5, 0xa}, {0x5, 0x4, 0x1, 0x6}, {0x2, 0x5, 0x2, 0xa}], 0x10, 0x4}, 0x94)
ioctl$BTRFS_IOC_SNAP_CREATE(r11, 0x50009401, &(0x7f0000000c40)={{r2}, "fab69d15355a2d50d04332e02162b2d5082a6d51c45f6fe478f071b63e255e89e3d623ff8177ad4cc4da014deae6ff171897f8277ce50ec5300d0341ad68af20f14cc1df2581bea5c4fda54c88c1a49787b5a632cb7f6f33b14e7f88a00ed381fb00508110f234bffb12a302763990516bfccba4d5ba103e230daf7283c6a425e6b738e68e093e498a8120b4ff39beed11977ec78df0f43f087677d25e835c19b2fc508b170bc931cce7da2a75d078a3f2e19acffc6370502f26b68a46b7555b67a49fe8e2c145337921f8b4c6ccd43dbee4676a163cdfc4856a44a9bcd5d6cd289b241820ba8ceba82476187887b2689db1c32e7a95c3d296e810030218061522ae0b393a3c37986d9ae1021d2338fea560c2cf83d62163e528886cc05dd2eb3e3351c7fa4e2194f76c67339b604f3141ca033e50482d745d31e038eedccd9d992c41e397b937c3c710189aef26afb70467c6c228868c7902fa789ed76d38efaa204800efc8296bda6d681a957a45b90f25ab4c8f569887eac47d95477e69d6129c57f054b58c1ae030391d3ff8e99f5dc5e80e88e1412f876988fc6935563836dc8a53fd55b1b081c83e099529f21a1e9ea6fd1c890dcbafe2e32365dc5be303076a86e527e286caaa8cb0b32ce12d3cad07102600bea46fe62602ff0ebe34a8e06f137e433cca20f0e99c71281e94c356e784f7e7d7df2a61e22d6503d7ce036f532505f03e278fd5c25eb473e98f8e71ad7385f966ed4e1261f7a948456bcea2c0cf8ed3effb08c973c266a1826005d2606da0bce865b80f58e3c0859981cfb377210d000901d2fc9a07d1da878276830c256fb702dc09a602d8805b6ea96ea27cfb1c56d65dbc34db9a008a42401917720c5f5eada25b4b23a740f303288f33252cc43da25d62eb11687c4795826e0bc4d4d6627abd28e372e785ee19daec1fa50e8f4687052d2db611bd0dccdeeddc0f56d26d8962ff0151df1769abed1a6e1fb7ef504909dd52e45a5cf62ec6dfceac3f40f5660593791c0f775852c7e57593951a64494925909a253cbefccfcb27a8fd047282454197c3471fce42d09014e2ff8fc118a4c6058c57fedda6cab09d3f4f8975416e4d465f081609cf51342d5a9034cb2cdf0e47c728c47e860450350dd70c6e9775654c732f973d6fabfc2aea81282ca890892f27d06b73ed373393e2f2b6d1d39feae2009d1fd7f0a93182bd4662a6506f76eaa920fbb85913093171ffd23dbabc8544a19bf8d37681746adf6c5b81f2a40ec37ebf07902545f393717675f1b2008e422300444ae42faeafee5c8d0d2642cd417e610d34a61d42b2e1cd941bbf8900a5cb8e7ef5fc76fe36dcfe1efcd863cf681ce6595c23bb12c6baaf0d88d833ce5be82cd8c6cc416337be00f5cd104636cd975b0860f8b08dcd841c775b94d1b2ae8c045a93f632ac567aa653b523040d80a1597111e8606f3711ff889d8cc786aa29f1345ac0a9d21a2424776bfc0b18d9f71335f7370cff3b3d8090f36f9cc6354ac63682b32fe5bf488b1a4938b7664ee9e458b6d13202e3aee268000bd3f16c5c8dd44242f1a686b8e7e2f5f96274ac41b41009677e1bdef6423fc8949f81d7e25368402327b6ca00ffd3c138c285f806083d7a337b53d5d87f2944e7abb367a73f44a112f5f86bb57f767ef384fc284af5dbcbcd5bb2bbd55d148fea30e8cf19febd7cde14c0beadfd246b797bbedb40cc18c136158e71433c5ccc9e34aef30f5cda5d85b3ee37f27fecb0e53a1edfc365736e483a4c280b9463708a3829a8b41d4a213be5cf32db1362fe60c1fe68bf49112671e40ebbac4d14dc1723055f5fb8c21cfe03cf8eee0050d1a66a196a0486e86221a0777e596519de71908535e96e6c87be1c8193d157e5da3c952d615a868433527e568dbd4dfe9d8e794f299608b39a876247e4e33da380a4d1d87dc35b6a7a0cf28ee5d6415d246346a8d4b557bee05b9bab766e2a0d6ca8a3e64900a6d1ee44735dc3a10d6e6a379e0ff9279e45ac2630a63e5601abd2d470dadb3712b232d84588db5d6b51491edd67fdc56acccb75fedd6f01380464ff601a91f014b61790e74631be803ade27fec05f77389f8f43ab806ddd9ebe4f70acf72cb217ecffa278475fad67709eb0747d42e007af589df7ea3a8498a289b25779a80ac151f03f7d97b000702f22886167caf73e3f0d9d701aebb9cb49ed3fe78b2145b915e5d711c9893efc88280474c50296dc4cb4a384d8367e4f322924a85d1d91f1ce65374cea05af48b27aabef44b965b5197b66fed4d033100222a19cf9f08307199bfbf69958e46bda30472b7b016ff7b52b24de0cb3094ead5a2f7c20a0e8ea4ff5ec5ad7e9f7fe1e7d096fd8310f3728851d2933a64ebc56a6229eedf8de7f5416df29135421bf01b7a5c6dc37680b54f4237fcc40c23f614aac9289a9b1d673344990dcd3b1410198038138fde55855da3e46b14631914273a0adf6c767b5b3d30a978058ec07e3a5fb24149f6bf7b8fef49be3fcdf24e66323ac9dc837bbd27cb34fb2c09798288db99a2793a6c73e3004ff3c45ae24dca89d463da796100076232be15d281697e821eedb9a7e1f169b99c548bc092bac6e63235488670a4b95efefade3cbe2bfbd624e51113adb130a4a077ec6191147133baa58040376dc8b6075b9811d47ed1a45a7fb59a94523189fca858858343d819a61968087575ad7cc9c5d6618232c1feab5b2090e54720e126eeda841ddd85a1336d033b7946a7a0374b7f1f34c59e42072c88300911adb78260ef791c43fa6897e44a093d38661e7b264a3812064c59155673e016fb7cecff5064afebfaea93beaca38a4b747994e9b0953539ffc7912afa71e65ac62d903b0d6d75998dab816d6ff4cb11e2a91447c764068316d04418ba963320486487a90beb4f89cfd28edd42c17a85cdfce174a31fac5e90304a65ea5b5df359f4421a398bffce7660895191b8db26b1fb813e025f6247ac95ce2e16535901762e88dd929327c6e6c7114dcf65cd38ccb5287e1b77f374834d075a2744f43428479fb7b60734c67342d02d0c94113bf2bfb296954c384e15d41f55f632c5cd40cfd5ba5d2dbb54b4c51c747d343fbdcbaaa5afc749cf0f457844957f035e8d110d179d844ea02f56efa811a624b8b1a2d15d1127ef2626cf487d10580b49849ffaa40f3656ef12f7a9441b2f54f295065a429a7dffe491c3db819141bda6fcd3c65c381425810aa461e17ffa7869ebac241031705f7965a4f7f7ef30d685706134e1010bc3980c97b1a97ca345b39a638d0d8576470f6f93400aa26d21270fd371d14c991628b075ca3b29d250d6a9208aadba1fb85c6e08d622ca9b886856b6a1354f7dc051a0bdeed0980a99df0639415383f99c1caa5fb250c3b6f9d2411bcd052c32766a413f1d216b24a0b5f43b8a8a5ddd9898ae34f561bdd6b4761295ac4c172265dee3050c1654ae8cb37a76afbed09899ebe7508af9f19590d1e0ee704b1d9c38eae3808932ea25bf3acc55d714632596232ef10b4a27d740c90ae32cddf579ad7269fed8fe96785080cf220cc469d5a7e921d4e6549f3bc03a49c5f7712164f20db227651efe947d36fda483fd97a7235a5698f6790df83a818b9953b68110e97bbd601d9fec394a13cde67fa0075b43e59e48f0d6ffe0936cbf17408c6dfa26230a4a370ea745f76c9b89785b91d1de50288816e5359bc8bb9cc6c0b5bb178551da098a3382cf569a5b0fcae90ca38453688101f78b3e3dba177ab0fa6f7f4925dc8cee9fa395317fa03dfd41b83beed4fa7189830bc672940fe87d94b3d9cd570f0ebe56f366a1db280e26da4e7684bd7b88d33a2cb7f78e29990f7d5173b050c2ae71c8b96752c9aea606ee66958fad7e2087d36a3f19f35313f58eca7a6a5ca671c12846bbf87cbbcaa5b37341a1eb983e1e3ee4d94e2dc18f07c71197910c9df6f16ad1c37b7e05e47b97487b3401432a6c0a8df1f30a580abc1181e65752b13641081f32b0ec246ce674ee7037003b05dd2de7e772cea3b89a7ed66e4a56dd478d0bf654e338730959eafa5deeb7e6e5dbc84064fcf43051d5b07fb762d8f48a7996efbe05b457c0e6f2360a80fb06d20169746954d70b8fe0cbf4d03b80fb2a3a7e9ad0e1d82da4884660a67ea8b92c87810cd4bc3153120f39eace54af4ab4bca3556c9d2bc49a9637b47c363b6fd52188e28bdf0881c94366581ec8356b6a596b34c6870db77afc8376fd906ab0750f358fb33993e56bab2320ed0fc0ec8b51f3080ae50e2eed9e436c53030891abd38eff0b320b025806bcd5d91084f0a45472dd718cb8a4613de85fab73785d28e0f2f062a56c5c763f893381562791cc6d46204d2ccf502f1f2f4718098643bc8068ef5ffbcbdf513aebee8bf2a10f13f473a6386831f0a08cf4448e576c3bc39c2c47b69f3cfe6a8a7b5ffc5b90df5bf4ca6cbd9beaa8b45f7d57a311b971faf3779f1a3f814dbb7768031f764e5b1461fd92be7d12bd7b2ff82738b5d9d9ebf12a6f3e4d90ef7e20e64086d988f2f02b3ed7043147bacb6da11bb92e7d2761a9e23f2e1829e28550414f49de0034ea18b44839262a185cb24009dc7230b66d51e4996280ae7878656bf2b0136ce7af14a2dab122d9d1d2bd636f0fb1fa42660e5db97a9ef4f6ac82521d29ba12175ff2d6e5a0e65a19393255236a869c1dc3de712ad4ffb651a3ee9f5c000c3616cee19a5a533c44026364962ec32ed45819afc7854a308fd345bdd999a174bff814d4c714d7ccb7867514be2d90779aef2d42e94cf46639b108679e9be58ae5532d2e6dffc33495116a01d2f6840daecb3b6682bc5fc7e3e564d5d163bef5c2ffb2f312ba400663ee343055e84a2fb144384259e5158d10db47fa0656619f931166f7f78f4266b0aa39592b342f4eb06eceb86b93c3f87199907bdd688e92230790f899a034d27ffad987864bc034d4e246439d1d9d1021b9f928a720456d6d5ae0ebfcc58b3aae5300bed6027158dc896f20118786e285fbd11c9831b3af0cbeff0963ba56a6639f8cd436ce435519f748e8d562c4b978236c9f8a73fb9ff1f6673f0337b1d2b7215e37558cec6accbb1604714d93f711bfbd9685732e941b5faa0ca7d26a586f6d61991a2cacaa165bdba3d3c246e2df0f9d31fa874e25683f3390205ad9ad0aaafee0b74a0f5dd80e34102ed0a52f911b50f335545cbb9f7b288196dfe91f1802f4841ce97d35398f702be272b60bd5b529102ee1daeb2ec548abf8824d478dc1584c4e84adddcb56ad934fbe1e7f651b24b4a9179fb01e1c538925293fbea135e91dd3707a38041e0b1887a3efc6202b62419a95c20e8fe95443e65b8abfddacd9e14fefe61f47595c1b4b2b032c1a1c73f6ff6cebfa4bcca4ae0715b8dead41598238515030d66e58e14891d28088e8ffde13709c5399f40ffd211e88fec1c4e5bca966f62c566f485bc875b8605b2f96ba2a05a059426bcfc8df22707dc8f46d10f5953518d6716df7c622716f5f1befb3b633d6bec1664eb28974b8a0fc0841f265551dda333c0da4caf55a800ebe899e4cc7564574a6ffde7a720ce931f48fe721f8732103a91af006d10068f26db0ce1dbe6e2d3d5e643740ba4f6d825ac9d74dbf5965ca5c1821f8ecf887088628f6d8241f9330f8851b8302e2a390cf1cf7ab3d253e8b5982e64584e113a4060bca7182764d27c7112dc2c7aa43a4546bc829d4c57352c83bae290be"})
ioctl$AUTOFS_IOC_CATATONIC(r11, 0x9362, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002e40)={0x11, 0xf, &(0x7f0000001c40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80}, [@ldst={0x0, 0x2, 0x2, 0x6, 0x5, 0xc, 0x1}, @map_fd={0x18, 0x0, 0x1, 0x0, r10}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xd}, @map_idx_val={0x18, 0xb, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x3}, @map_idx={0x18, 0x3, 0x5, 0x0, 0xc}]}, &(0x7f0000001cc0)='syzkaller\x00', 0x848, 0x1000, &(0x7f0000001d00)=""/4096, 0x41000, 0x49, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000002d80)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000002dc0)={0x1, 0xd, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000002e00)=[r7, r9, r7], 0x0, 0x10, 0x6}, 0x94)
dup(r11)
socket$nl_audit(0x10, 0x3, 0x9)
fchmod(0xffffffffffffffff, 0x2b)

5.515953643s ago: executing program 1 (id=1854):
syz_emit_ethernet(0x82, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000095}, 0x200480c4)
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0700000004000000800100000400000028000000", @ANYRES32=r0, @ANYBLOB="2bf84175cb33dc8ed307e49aaf8d214679c79566758a83bd043d23b965d832a27e1b263f0ac513e9a1bad5ee3ddd4cd0d60d2c76", @ANYRES32=0x0, @ANYBLOB="5b7ac1ce9f0ce5c9df8b1fbb890d3da08ef29b00929e1a0b7a9d4613e02417b323c8806e9f918589c22479415e3448d8567ac98e0ef4359da4069141ce223613ff2d4d7d3445f4fa0fd9e19a2029c8244b6b0197fa4c6c7fc549df5737a70dbe677552bd81a300ea5ac27695f1ecdd90decb1b300a10cc62bd23f2b4c96b668d178b5357df9114bf2776c92fdfc2db570663f1728423b12a1567c435005e73ad444100fe86b069203af4ebdcc61f8aa457532a35b56ac5bc75d754f4bd4f364751b24c1cb92bf8d5f62a40baae6756338aa9f707cb02", @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x288, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write(0xffffffffffffffff, &(0x7f0000000300)="1c0000001a", 0x5)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r1}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, 0x0, 0x0}, 0x20)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
mount(0x0, 0x0, &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x1, 0x11, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0xa, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x4000007, 0x3c5b, 0x1, 0x24, 0x6, 0x8000, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x2000000, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x0, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x6, 0xfffffffe, 0x40], [0x10000007, 0xf0000001, 0x80000130, 0x8004, 0x5, 0x6, 0x129432e6, 0x2, 0xf9, 0xe, 0x2bf, 0x334e7816, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000009, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0xc476, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0xfffffffe, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x6, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x4, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x40000004, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xef, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x4, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xfffbffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x7, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0xfff]}, 0x45c)
syz_open_dev$vim2m(0x0, 0x7fffffff, 0x2)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[<r5=>0x0], 0x1})
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r3, 0x4068aea3, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000100)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r6, r7, 0x3, 0x5, 0x4, 0x5, {0x2, 0x5, 0x5, 0xa, 0xa, 0x9, 0x2, 0x5, 0x800b, 0xd25, 0x7, 0x60b, 0x2, 0x10001, "6f4f1b1330d057b30bd15586b7445443c528a97436419c2cd5ae7297dceeb0be"}})

5.004826096s ago: executing program 5 (id=1855):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xc0042, 0x1)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200)={'team0\x00', <r2=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000340)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0], <r3=>0x0, 0x3a, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x19, 0x8, 0x8, &(0x7f0000000540)}}, 0x10)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f00000006c0)=@raw=[@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, @jmp={0x5, 0x1, 0x1, 0x8, 0x8cd942de022570b0, 0x20, 0x10}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x10}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc53}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x5}], &(0x7f0000000740)='syzkaller\x00', 0x8, 0x1000, &(0x7f0000000780)=""/4096, 0x41100, 0x4, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000001780)={0x0, 0x1}, 0x8, 0x10, &(0x7f00000017c0)={0x3, 0xb, 0x3ff, 0x200}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000001800)=[r1], &(0x7f0000001840)=[{0x0, 0x5, 0x0, 0x3}, {0x2, 0x2, 0x7, 0x3}, {0x5, 0x5, 0x5, 0x6}, {0x1, 0x4, 0xd, 0x7}, {0x5, 0x3, 0xd, 0x6}], 0x10, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000019c0)={0x12, 0x5, &(0x7f0000000180)=@raw=[@generic={0x0, 0x4, 0x3, 0x10, 0x186d8da5}, @jmp={0x5, 0x0, 0x7, 0xb, 0xa, 0x6, 0xffffffffffffffff}, @jmp={0x5, 0x0, 0xa, 0x8, 0x2, 0xffffffffffffffff, 0xfffffffffffffffc}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x3}], &(0x7f00000001c0)='GPL\x00', 0xdcf, 0xba, &(0x7f0000000280)=""/186, 0x40f00, 0x44, '\x00', r2, @fallback=0x1e, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r3, r4, 0x2, 0x0, &(0x7f0000001980)=[{0x3, 0x3, 0x3, 0x5}, {0x0, 0x1, 0xa, 0x1}], 0x10, 0x6}, 0x94)
close(r1)
r5 = getpid()
socket$phonet_pipe(0x23, 0x5, 0x2)
r6 = syz_pidfd_open(r5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@privport}, {@loose}, {@posixacl}, {@access_user}, {@cache_loose}, {@nodevmap}, {@cache_none}, {@cache_readahead}, {@version_L}]}})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

4.979106529s ago: executing program 2 (id=1856):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
r1 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x7fff, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r1, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000080}, 0x80)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00'})
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
sendmsg$unix(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001600)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0x0, 0x20000820}, 0x890)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

4.40776189s ago: executing program 3 (id=1857):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0, {[0x9]}}, 0x0, 0x8, &(0x7f0000000440))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r1, 0x0, 0x400000000000000, 0x2)

4.238327832s ago: executing program 1 (id=1858):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x503, 0x80000000, 0x21000000, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}]}, 0x40}}, 0x40)

3.617619454s ago: executing program 3 (id=1859):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x90, &(0x7f0000000400)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0xf, 0x4, 0x0, 0x0, 0x82, 0x67, 0x0, 0x0, 0x11, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x28, 0x3, [{0x1, 0xb, "0910000000000000ce"}, {0x1, 0x12, "2ed50de8474f1917bf157ac4b0020800"}, {0x1, 0x5, "4740c2"}]}]}}, {0x1, 0x4e20, 0x46, 0x0, @opaque="d44464bfacbc42fb46565baf9238ee1e70bdca7032f0c9bc50d6651b049308293ea2065e84580843c7cee9fae33a0bc99d8001ecbac79edb55f2c36b5fbc"}}}}}, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r1, 0xa, 0x21)
fcntl$setlease(r1, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r2, 0x0, 0x17, &(0x7f0000000040)=0xe, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x8001)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='block_bio_remap\x00', r5}, 0x10)
r6 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x0, 0xd, 0x1, 0x8})
r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x501, 0x0)
close_range(r7, r7, 0x0)
setsockopt$inet_int(r2, 0x0, 0x17, &(0x7f0000000180)=0x10000, 0x4)
ioctl$VIDIOC_SUBDEV_G_SELECTION(0xffffffffffffffff, 0xc040563d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, {0x8, 0x7f, 0x7ab8, 0x7aa}})

3.46157668s ago: executing program 2 (id=1860):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x344d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r1, 0x0, &(0x7f00000001c0)=0xffff0000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_DSP_POST(0xffffffffffffffff, 0x5008, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x60, 0x43, 0x1}, 0x50)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback, 0x14, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0]}, 0x40)
syz_emit_ethernet(0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000d00)=@mangle={'mangle\x00', 0x1f, 0x6, 0x518, 0x318, 0x318, 0x318, 0x438, 0x560, 0x560, 0x560, 0x560, 0x560, 0x560, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x1d694dea, 0x3, @ipv4=@rand_addr=0x64010100, 0x4e24}}}, {{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @private=0x4}, [0xffffff00, 0x0, 0xff, 0xff000000], [0x0, 0xff000000, 0xffffff00, 0xff000000], 'wlan1\x00', 'wg0\x00', {0xff}, {}, 0xea, 0x9, 0x4, 0x80}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x9, 0xf9, @ipv4=@dev={0xac, 0x14, 0x14, 0x44}, 0x4e20}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xaf}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x2, 0x1, 0xe00000}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x578)

3.340728095s ago: executing program 1 (id=1861):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000014d00)=@newtfilter={0x98, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfa, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_matchall={{0xd}, {0x64, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_ACT={0x58, 0x2, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xa1d}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x4, 0x2, 0x7, 0x452fe930, 0x8000}, 0x3}}]}, {0x3f}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084)

2.464067105s ago: executing program 2 (id=1862):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000013c0)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def4"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000400)="76389e14a3bf35f15517c87583ddd0", 0x0, 0xf000000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

2.286980649s ago: executing program 1 (id=1863):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
close(0x3)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'veth1_to_hsr\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4d, 0x4, 0xe, 0x4b, 0x6b, 0x5, 0x4d, 0x7, 0x4, 0x2, [0x2, 0x8, 0x7, 0xd45b, 0x5, 0x8001, 0x40], [0x4, 0x83, 0x3, 0x9, 0x7, 0x8, 0x80f]}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)}, 0x20)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@private1, 0x60})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe(&(0x7f0000000580))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0x5}, 0x28)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$RTC_UIE_OFF(r3, 0x7004)
sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="599c0000", @ANYRES16, @ANYBLOB="0100000000000000000054000000"], 0x14}}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0)
madvise(&(0x7f000002d000/0x4000)=nil, 0x4000, 0x1)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')

2.251549243s ago: executing program 3 (id=1864):
socket(0x6, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xf, &(0x7f0000000080)={0x8000000000000008, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = getpid()
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000005e00)={0x0, 0x0, &(0x7f0000005dc0)={&(0x7f0000005d40)=ANY=[@ANYBLOB="0213d806050000002abc7000fbdbdf25030017003c80000002004e24ac1414aa0000000000000000"], 0x28}}, 0x20040014)
r7 = syz_pidfd_open(r5, 0x0)
syz_open_procfs(r5, &(0x7f0000000300)='gid_map\x00')
writev(r0, &(0x7f0000001b80)=[{&(0x7f00000007c0)="4d83d084c32a47e003042791b630926e2d4ae29a1634740e7ea55d6749c443fd4f16401316e4993f2b65af5a3037aa007cdb893db510dc3afc6ea655dc6f199b6397554b6dbb8cdacba2ede8f54cd8062e032f14649c5ebc4315abf22f919fbc640feb3107fb747dbce19281436ede0f572e59a63afdfa33a192ed5e070d6f6b1d974d210230452e5153c9521885bef9de7f731ca0df7a510d8ab2b8f4d643c84daa2615682b7033336e96598b1d74cede9f05e16d5953e922fe3d5ede6009af41a195f09daf2f81baef3ba1444c4059232845", 0xd3}, {&(0x7f00000008c0)="be7d7b99f86dabfdf87625ee9071be9148a005492088883ffee50c4058e47a1b3f2de82f7486d174ef5dc9608ac0daf91a9f07152b669417d29e4196baf8879dc7e2531da4cd0d348172f18cc4a8ebb7b4525ebb8106266badf65cd89e65cfe6e47a76cfe9089fdfe7a7a12af75fd977c3f7490a7b766b60110153ade2139beef9387fbe5241e9282e4ba63e85a4a79a237c3c65c299577e7182269236ec18f74cb17916a995bfb46c97d33fd4ea258ce10ee77fdf81baa1e2764fc74844f68a486dcf9ebe50ea718f7d1d14b4e8549ec22445c2e59144d7a97f0756", 0xdc}, {&(0x7f0000000a00)="88dc87d1b3ded451a010e88e0e3621ff4f39060e0f95b00274da75f0c4948fc79684e6ddae0c8130931ef1e5d36527303bb087bc8672f345161f5c1ef8d434ce99e0d305762689217b1edc7e04f191cf5ab696661301d9688fc15227c70aff032de014c37670344abd136e5c148e7fdb8ca5738931c4a380fd85c49aac0b01161385d10df9155b407c50eee8512ed8c5dd86bf37ba6b3c8ee25da95bf60db9e5988d0cd4cf788399bc74da7f4161384d913d2444c8eef66c669b0876b8bfb788f55a452dea8701f07ba4bb6cc554e3cf7c480cfc68fe915abcda71f43a002640f10b43629e38eccad60fb5342977d6adba29584a2ab0511cc654fac425c7d12d4e41a307c7bb3936d20c762525f7547e9f587a46219e4f63cfbe249d7663d4e32395fbeb9f536c59817c3124c65649038ff437ffdf91f4fb12d9e50908579e2ba3e8307e51059a39281cca26381d91a88e9ed897f8c469d18a34c76393bb725b1d0e25e3e9e3869c49f170614bc352e0073107a679a602a37807f6097348028d5a3103dad3f507a0d013c6d8b090a5404179342b3d31bf5bbc58d92b9d620a12c24b2d15132a84d7f279b3f5c9b19994b03b7af4c91b518ac7c0a3eee4dec0f491a6e917735a8db2d175873a7eb4333444d7ecc67159651148aafe61a7c34f16710e356a03756efd77532793f76b46559144d4967a8aff04ccb7ec4786918e9d0215eaa761af6e4afb45aee003eac5e16800b5bfa8a7358b445cbe2e19fb3b1ccc497e90af4d0f82973d547e2893d8a3c2c39add58f9a7557c7fb99003275ff9453089279c8fc076b60114874d5497f84fcc2d3117a66157e705fdccf06f4e1a85156f8c75cc1509e173c2d69ab4bac294231d357999e6fa77bee135f5da8be864ed0eb6b3fbd796c269edca6f9a793e3de1ee894dc63b1ec02c32bface45e3e20147faa52c7523a7999d6de1c2f3164c858b14017ec92149944a17affc9b4c674c5fef064fe660e9d361db77c63ba4c9a042f1adb16db8a38951033467fca47ba15e4e5dccc99e26236924f907f882c9d3145efd63f04505a21af1da0b051dee29e18a30efd23bc78a6372ea9bedf1fdb2759b395571cd4e604bc67a0ba72ba3bad2d9f47a997b130ffc98482fdcbb765d845e68f40a7cb5d08328f7e4fd3c9ae0525391645c47d6532b4e207d9d519239d7bb4d7edab87cbb0c53a4f1e82e539f2d3f5ec51dd33645d2a22c445eded72005c912bc530e4c8061039396f98de57900fbd88e5f36877a8e3a88b3fde1adc9bedee47a7f6e970a872f5210ec51c266e60408ee8ff633a8b536bdc3e8decddf9ab776fbb98dc6f41fc6a998f8b4e73ee3c9b249d89db060aa5ed3d52a9bcf87c6b779767a2de16944090007ff0147e9ddf030fe3b7ab9efe6ec0c3ebbf0bc0ee4122169c27563a3c6130b19b924b77ca4758195a17f6ca0d1679ce3a45011a5c92e2bf5f87eb7c1b951b0c69b370c6c43ecc0d220aed4a6d3e3a1bd4efb79228749ef8adbbe05b2e617047d1133cc69a43485cfd3e1e1f849b29fbc5a4650d839c9fc31549913451793a749577d82e0d45dd634638a7cd7991c9241400ebe5efb27b9c21dc218f238c441d0062ba36f1900bde3a48c7221d8439cc11125aa1f16e67b6303b70e83138e6d0eb38234b66c38a7e071eaceb852fc04ab80615e8549f78e6ef3fe769385843db2a5812024c86214385c5794f3117971f545120729023b5350a98009ae73f9bc8c83b0da907321e736efe6448035eaf2b7abe2ef66c272cc94a0278d8d1bd1aa52229e01f409993e969d6a1f0111a7e60e3005ba3280b5e45ac6fb03b6c8816428301bac7184cf7e1256e25229ad3127ec6b54d75f6de1ae3e9ad42835aa084bae51ca9cc770e506b928f1d16ee7ef1f0d0fdb06e0b8a1987604e993fcea23cda4ca486042627ab9de7d1c1376c7f22f954b553ff88c1da34801a1eab89e0328397cf3c98138ef92533d20d2158a70e41e9b7c7937bd81f4c8605a5cf54ac0388a0dac160c72a84ad7bada0a39c1440c0a5055bc0c61a9a782a8fe95db1bf7fdfcc9e4007bc498bc9c323a445945a1c89c817cb135edeb1e6736a8d7f5f6a5006b732a9b0814dac9b297310a97d90cbdaa6e318a997f579c66a576e0cbbf87fbdf196e59c57adb514c9ae3d032b3c9a59320e06dacbb7084e824645e2ed7bb40deb31734ae0c42ffccf8875bae15ac668eb3ffa363290e45f830384b9622ad4916fda33ea54f9eefd9b944b40f11b646f7af1dc980e9925ec92e9ca59781f2f8c831b757bb564a4749f5718a7564871771f4ebee29608e60a25d34eddcd878c8cacc57b173d55cefd3e6d658ce9c4fc06734e61650db287a6e0142e3b82c9efe055257e62d6c4351d8aa4242a6b7da7c82c06e844fc67ee99f60ce2f21dd789d5377e346805a37ee1b0d15c63ef7ae393e0b7842fb937e5ada6e5b2c7d1d8781ceb834ebda36abdeb2f3a8cab049937611811d49a1fe904dcd6995b42e26460b612ca2e7e6d217481e41742f33c7b4237c4067f393bcf93a554b017755b6f17c4b144115360ecfa8e13fc9577f9849b085f0ba4046d95f93a95cf225df97c228fa3f9e901695103525de74c871711554e4f9ed1a01281c339ff136c1cfe0cc086995a111d31a1838ec333d9dc74f67f128cdfbf9e8613aa50e34f93852f6c8af478da15d62f8eea0b794bf5e8b0df065241f93a71f65738b7aa80f1c02d6e7ee2221c1bd8735e1d1a36fe2a1cb974bac0de06938aecf04c966b23e4f3cca857f46cb20a0e6ca705d66bb7444e7240d0dd8a8b7dbc29e0d8fffccf7ce54421fe7b631c5097beb35d1980b3060b6fe01a61d4b216c996c3b643f1d40ae1570721d83bda719bc5a3967f8a773df856222406bc6e8bf59908999e10ce74f4b2bb5b0fd5050d3c83c79957c8f8f5accf78f8e0dc7d57703212d36ef8a17bf5e14a8a523a08bc25511a3022ada579a0edc557c972bba380f7e3186eaaccf4078097cf47e5343b284dc7958ce83c1797599865f295a035dcd43aef05d40916c65728046a4400299f62b61079d8590974dff5d576347211486713ee6d0ffd0457138571762d75e48e6be555d44cf5c1e2db91ddf8d3ffb42972984baf030158a33be9013edc538149ee9064ebed84ca3b3b3e1f77422a95a11752b22ba9b99411d5fecc7da206a3bb11f8dd176d615b65aa412771cac4815d49465a3e2eaeef89d55fc070875314ec8dcbe041e815fe765fffcf4dde231f6e03b43d8c8c6c695acfe0f75c84f0d6919918e9496f6d32646e964f3bc65934c7746975403d7bc0c7844894e3632a3afbdaeffd02a8854c808e19aba3640ea3db0f56f707bc09e75b054e7c6993a13a10a26b64fd85edbf3083c2cf944d656e77f8e16dea3c00b27207715d1637a6f496c9cfc803016a81104af2306476e90497355cf0a549fbb603f1018478701e747a9a6b664c555c851c6969d3c014fe16f60f2e1e55e7b912bfee9b187753e51ce6cbf5270ee3ddddcc99bbfc8e1d9bf1085d99e1483a8009f9a7c63398525801c530015e2b769ea145f1dc510e76dd7799134ab088975e2188d329234a8ee59df5bb6660903c58cba8fd901f9f761bdd01dcd9614b64cc09cb1eb7f43cffe9328b15088aa844d0bbdc9aa0bd82e702ac00717117e519ec5276856c11b25817f1f37bd183f5f344872fa79faa69967af4d1bf9032efd6b366a487aff1e77ed5aa687ea6d5817ef9013e7d295538d71e97d3183b0a75cbfae172ecdfd2a4995ba1f13e913935e332ac82eaff5239948f1626a89c3dc0a57d5f625ad5456b6d320f56b1667e9e4bc29ca4c948cbf733139f6b5db2d910184a6305b439b0b9f54f2664bea5ba0691fe516b58548ead1789c2f021bafbfb18faa335f59e25408e463b53be6d12baa144f5e8ef7c3d680a63a168d91e6e6e297bf6b4ca62527e835b6ce27f681efd7e5941fd1ab122f749430f0f8d0616649294fb0691ffcefbf2f764cb9141c54fcf2f08450a3d2f3766958a49dec7333461d9e290da661d60888abebef94f8984467451fdb7addedb77d9743b3ad50fb1a3e2cd5c8f680f31bcab67819c9fd11a04d529c6a456fdcf0b9d43ad1dbb3362ede853d11e7586da28aeaf30eb02857ae2fe5e4f083c1a99fece23155bb3d176b1a3f931ca7fe3b664cf8bf115a69ee645f2fdee7c0578a97a100e1eaca96d3ba7331da1f345b15e986d2442d7c2af5efed87be7c883cdfd1e64c61e452b90f706447158ddb56bc5540b1f8bbfe9befd66990aee2826029c2a93de71b0ae135bb55848e6ea73f5ad867fde3bd43f6bc4caae975f1d9e23677c99527c119ebd06b690182f98322876dc6629da05b515fa416f6095c18d8dec97e4ffc1647389ffd0d929af0c3dd5818f685aba4a3cf2a9d3031fd36d2b74943e0024d108aad721e268fd2526dbf86cc115cf30a29b664b096e8bcbedae07864c99ac435bfeeb36e70ea1477d9893fdb83d2959b6a7647732a8c4ee72dcf76edcd5af21a202e79e663574e4bc1aef72b0f0c29ee6dea8c5ba38d3a0d074e9793058a04a8148957599ac96859e6dedf67f24798cc4822aec35a8729bcb487d897d2f413d7de2387b59df4b67c69a286658bf5605b07f617329b3c65c572fefff556b32c727fdaa647bc6fc64c46d916fce39e98fd72f4c5e1d52fd112eb56a29c026eb3ceead50840e2eb44c98cd5718b7a3fe1022cba44f0507fc718427e040ff9e574b9501b12ef4e5a45633e7ce1b32d338bd2e772d2b43c5c1182c49a5e0e531d133d9b9aa1c25c9b8ea35c0aaf8f0aae3a43a27a7557a236517d748d341b0d1255d37b9fff8df05751ccabbaafa7db1653e85204ebb66ef53ac85adcff99243860720e9dcc55115399f548f3d80f99b93a8702b872e13b8322c929bf6664c252bfc73f68f4ca888956209e0a6a62597da3de953629a4bc2723bdc9b3df894c2d29648f7e418d5897991105222a6382d602c3f035c1a79b72f54a4e13326347cd5b1b982f6121723e490dc3ae553cee05c476ec6e3ef5679b4786a3c160c80dd579539456af3923bf3f156e0140397e468c3fe9e0c4e5d89157ccf65cb767d7ec2443cb2c3ab94765fd926efed344c1f2a163454fe17c7ffd4cc7c3683f9ae1044e86c41d2e3848cabac8c21f62c5fc36ca573457d74cabd29d689592726924226f442f82e5ee69353fe4a00beb0a8daac2b124db34167409b37aa58a742de7d72cab10e201e948f9f5fe95b2e5f62ecfed0441393afc970e9a7cbc8247b811e6c9c53484d699611dd59088a08b87c1b56cd97da4299bb335482111166f340d1db363bd58a4aa8ed0af0d36f98f535bd1b883ead6f16c19a77ec6e08c0ff7be74e032f27a2c250ee9cec6e9353e417f61abc8f6247b14bebc3b405c5b415ac6e2ade8f033c7c9cedfe52e557339631f9691c176331a09c04d6bf39d4699132d822e6a5361a652ea8f1dc17f7cc2435d38373c39e26ec5e5ad2b70815ee429f7ee75114deb879ddc463983a0ea6523298a01b17b9a0f035819dda61f74bb6534b005b53c3c98ba27e09c2a4e072dfca905348c0e7483365e204d7252a40be4fff25422cc37ba8270c96cf1f7973da15173ba142df3a64e456a8cca98f3c14903420d789ee2fb879815b1f6775c1142664c2a7c4fb9ec78dfc28b4a1dbccb88aa1788d8697d2229f31501e3ebb0be4a4a50f60568990f03afc99909da3692b39bbc53c721a72c02cfa39cb7bab88ba9b0f90", 0x1000}, {&(0x7f0000001a00)="55b57a821b2e8765f9a00942f38eb21eaef03ae04ecd95ab6cd9ad86ab1432f29d883f0f28daee224fc858038fb214fb7b06291695e6115c7aa2be930561e90151931d5dfc95bd4b1e01a00a843df5bab03d0f43ebaff2ee69bd23fcc65518f7ce0ef2913cced5501a262f8a2dd96182ad322b2973f4ba75fae29bbb0efef95f122614b8fbd8286f56ef5d8dd48ffa8393dca9c5bb2ac7135f8ddd791659962ada42a7fcd81305a37222eb5affa8e314c2bef08f0234", 0xb6}, {&(0x7f0000001ac0)="9cd7fdd9931c0763fa75a357e4788f9c53564c59059ff259855ae1fb73b5608b749236cd8bda3ad93a623a68fb76e6feea611670c16f77a8247fda5c83eccc03cb17378c095005ca3c3115a20494a0270ad807abe4087c20ecc658db23b98f1e76bb5f108b68f4b86a248e635fdefb9eacab88bce7e9bc3d45754afffc4987188585748ccd5f83123ca0a10203eed15cf6890d9634888bc4a182b9496b28113035f7bbc6149f3d6bfc29d3f7f075a703152c4eda565854746afcf0", 0xbb}], 0x5)
pidfd_getfd(r7, r4, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r8 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$SG_SET_RESERVED_SIZE(r8, 0x2275, &(0x7f0000000040))
r9 = socket$inet(0x2, 0x2, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x1f8, 0xb0, 0xffffffad, 0x190, 0x0, 0x190, 0x160, 0x268, 0x268, 0x160, 0x268, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0xffffffc5}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x3a, "67e3a99519ece825bf675fb9219ef51eda73b878f94e55e20146f9098775"}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x258)
memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)

323.720591ms ago: executing program 5 (id=1865):
r0 = fsopen(&(0x7f0000000280)='rpc_pipefs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/crash_elfcorehdr_size', 0x8200, 0xa)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000840)={0x0, 0x0, {}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x1)

252.896669ms ago: executing program 1 (id=1866):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x18, 0x33, 0x10, 0x0, 0x0, {0x1c, 0x7c}, [@nested={0x4, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0x20004000)

173.309841ms ago: executing program 0 (id=1867):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0xfd, 0x0, 0x7ffc0002}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0, {[0x9]}}, 0x0, 0x8, &(0x7f0000000440))
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0xb})
r2 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r2, 0x0, 0x400000000000000, 0x2)

0s ago: executing program 5 (id=1868):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@local, @in6=@dev={0xfe, 0x80, '\x00', 0xfc}, 0x0, 0x0, 0xffff, 0x0, 0xa}}, {{@in6=@mcast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
readv(r2, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/214, 0xd6}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='afs_protocol_error\x00', r0, 0x0, 0x8000000000000000}, 0xfffffffffffffe5e)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r4 = dup3(0xffffffffffffffff, r3, 0x0)
syz_create_resource$binfmt(0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'wg2\x00'})
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000))
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], &(0x7f0000001f80)=""/212, 0x1a, 0xd4, 0xa, 0x20}, 0x28)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x4001, 0x3, 0x200, 0x160, 0x0, 0x148, 0x0, 0x148, 0x240, 0x240, 0x240, 0x240, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$inet_mreqn(r7, 0x0, 0x23, 0x0, &(0x7f0000000200))
sendmsg$kcm(r4, 0x0, 0x4)
ioctl$sock_rose_SIOCADDRT(r8, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default]})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x280240, 0x0)

kernel console output (not intermixed with test programs):

] bridge_slave_0: left promiscuous mode
[  508.212312][ T8399] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.486641][T10303] netlink: 'syz.1.1089': attribute type 1 has an invalid length.
[  509.401097][T10304] orangefs_mount: mount request failed with -4
[  509.505654][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  509.519826][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  509.540538][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  509.598045][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  509.640062][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  511.413750][T10330] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1094'.
[  511.787468][T10325] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  511.830589][ T5842] Bluetooth: hci2: command tx timeout
[  512.242548][T10339] xt_connbytes: Forcing CT accounting to be enabled
[  512.250028][T10339] Cannot find set identified by id 0 to match
[  512.872610][T10344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1093'.
[  513.309838][ T8399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  513.332743][ T8399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  513.345563][ T8399] bond0 (unregistering): Released all slaves
[  513.386118][T10331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1095'.
[  513.900972][T10350] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  513.966437][ T5852] Bluetooth: hci2: command tx timeout
[  514.223358][ T3523] Bluetooth: hci5: Frame reassembly failed (-84)
[  514.573556][ T5846] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  515.951868][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1103'.
[  515.962171][T10377] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  515.991077][ T5842] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  515.998026][ T5852] Bluetooth: hci2: command tx timeout
[  516.004196][ T5156] Bluetooth: hci5: command 0x1003 tx timeout
[  517.125910][T10307] chnl_net:caif_netlink_parms(): no params data found
[  517.134571][T10396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1106'.
[  517.143653][T10396] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1106'.
[  517.485750][T10396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1106'.
[  517.827304][ T8399] hsr_slave_0: left promiscuous mode
[  517.870852][ T8399] hsr_slave_1: left promiscuous mode
[  517.888409][ T8399] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.918883][ T8399] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.948004][ T8399] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.966128][ T8399] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.021427][ T8399] veth1_macvtap: left promiscuous mode
[  518.027853][ T8399] veth0_macvtap: left promiscuous mode
[  518.034519][ T8399] veth1_vlan: left promiscuous mode
[  518.043887][ T8399] veth0_vlan: left promiscuous mode
[  518.080390][ T5852] Bluetooth: hci2: command tx timeout
[  518.456132][T10417] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1108'.
[  518.512372][ T5920] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  518.721320][ T5920] usb 3-1: Using ep0 maxpacket: 16
[  518.757646][ T5920] usb 3-1: config 0 has no interfaces?
[  518.774235][ T5920] usb 3-1: New USB device found, idVendor=0403, idProduct=dafb, bcdDevice=31.48
[  518.804508][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.820257][ T5920] usb 3-1: Product: syz
[  518.837375][ T5920] usb 3-1: Manufacturer: syz
[  518.843439][ T5920] usb 3-1: SerialNumber: syz
[  518.858289][ T5920] usb 3-1: config 0 descriptor??
[  519.596494][ T8399] team0 (unregistering): Port device team_slave_1 removed
[  519.657966][ T8399] team0 (unregistering): Port device team_slave_0 removed
[  520.087756][T10433] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  520.100020][T10433] xt_SECMARK: unable to map security context 'system_u:object_r:dbusd_etc_t:s0'
[  521.662781][ T5956] usb 3-1: USB disconnect, device number 11
[  522.259371][T10307] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.337796][T10307] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.411246][T10307] bridge_slave_0: entered allmulticast mode
[  522.441106][T10307] bridge_slave_0: entered promiscuous mode
[  522.906401][T10307] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.960761][T10307] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.972468][T10307] bridge_slave_1: entered allmulticast mode
[  522.982508][T10307] bridge_slave_1: entered promiscuous mode
[  523.310775][ T2084] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  523.662702][T10307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  523.965546][ T2084] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[  524.007330][ T2084] usb 2-1: config 0 has no interface number 0
[  524.197714][ T2084] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  524.211963][ T2084] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.221282][ T2084] usb 2-1: Product: syz
[  524.225490][ T2084] usb 2-1: Manufacturer: syz
[  524.246944][T10307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  524.260662][ T2084] usb 2-1: SerialNumber: syz
[  524.291205][ T2084] usb 2-1: config 0 descriptor??
[  525.118514][T10307] team0: Port device team_slave_0 added
[  525.140363][T10307] team0: Port device team_slave_1 added
[  525.375090][T10469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.449690][T10307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  525.475848][T10307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  525.514174][T10469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.575848][T10307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  525.686175][T10307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  525.713257][ T2084] usb 2-1: Firmware version (0.0) predates our first public release.
[  525.747748][T10307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  525.793839][ T2084] usb 2-1: Please update to version 0.2 or newer
[  526.254740][T10307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  526.368232][ T2084] usb 2-1: USB disconnect, device number 23
[  526.761421][T10516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'.
[  527.148642][T10307] hsr_slave_0: entered promiscuous mode
[  527.196584][T10307] hsr_slave_1: entered promiscuous mode
[  527.231451][T10307] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  527.264756][T10307] Cannot create hsr debugfs directory
[  527.490140][ T5956] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  527.670094][ T5956] usb 1-1: Using ep0 maxpacket: 32
[  527.708035][ T5956] usb 1-1: unable to get BOS descriptor or descriptor too short
[  527.728150][ T5956] usb 1-1: config 0 has an invalid interface number: 149 but max is 0
[  527.751650][ T5956] usb 1-1: config 0 has an invalid descriptor of length 127, skipping remainder of the config
[  527.785186][ T5956] usb 1-1: config 0 has no interface number 0
[  528.490668][ T5956] usb 1-1: config 0 interface 149 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  528.504464][ T5956] usb 1-1: config 0 interface 149 has no altsetting 0
[  528.517447][ T5956] usb 1-1: New USB device found, idVendor=04ca, idProduct=4605, bcdDevice=5b.55
[  528.567884][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.618119][ T5956] usb 1-1: Product: syz
[  528.655898][ T5956] usb 1-1: Manufacturer: syz
[  528.669783][ T5956] usb 1-1: SerialNumber: syz
[  528.886552][ T5956] usb 1-1: config 0 descriptor??
[  530.180309][   T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  530.340110][   T10] usb 4-1: Using ep0 maxpacket: 32
[  530.358742][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  530.362694][T10307] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  530.395246][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  530.425427][T10307] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  530.436540][   T10] usb 4-1: language id specifier not provided by device, defaulting to English
[  530.532663][   T10] usb 4-1: New USB device found, idVendor=0123, idProduct=0001, bcdDevice=4a.fe
[  530.582985][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.628085][   T10] usb 4-1: Manufacturer: п
[  530.655563][   T10] usb 4-1: SerialNumber: syz
[  530.656875][T10307] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  530.678019][T10307] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  530.728856][   T10] usb 4-1: config 0 descriptor??
[  531.054956][T10307] 8021q: adding VLAN 0 to HW filter on device bond0
[  531.183749][ T5956] usb 1-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  531.249598][ T5956] usb 1-1: USB disconnect, device number 16
[  531.279104][T10307] 8021q: adding VLAN 0 to HW filter on device team0
[  531.377419][ T3523] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.384731][ T3523] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.629182][ T3523] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.636795][ T3523] bridge0: port 2(bridge_slave_1) entered forwarding state
[  531.758047][T10575] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1139'.
[  531.777132][T10576] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  532.478852][   T10] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -71
[  532.520067][   T10] usb 4-1: USB disconnect, device number 26
[  532.602001][T10307] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  532.639781][T10307] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  533.774487][T10595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1140'.
[  534.250253][T10604] netlink: 'syz.3.1143': attribute type 1 has an invalid length.
[  535.020115][T10605] orangefs_mount: mount request failed with -4
[  536.136226][T10307] 8021q: adding VLAN 0 to HW filter on device batadv0
[  538.564970][T10640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1150'.
[  538.972605][T10647] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  540.545979][T10654] netlink: 'syz.1.1153': attribute type 10 has an invalid length.
[  541.055005][T10654] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  541.361667][T10684] overlayfs: missing 'workdir'
[  541.533111][T10307] veth0_vlan: entered promiscuous mode
[  541.776164][T10307] veth1_vlan: entered promiscuous mode
[  541.842482][T10307] veth0_macvtap: entered promiscuous mode
[  541.869309][T10307] veth1_macvtap: entered promiscuous mode
[  541.916203][T10307] batman_adv: batadv0: Interface activated: batadv_slave_0
[  541.937238][T10307] batman_adv: batadv0: Interface activated: batadv_slave_1
[  541.941392][T10689] 9pnet_fd: Insufficient options for proto=fd
[  541.957219][T10307] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  541.973724][T10307] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  541.983236][T10307] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  541.992875][T10307] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  542.030712][   T10] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  542.135733][ T8401] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  542.158955][ T8401] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  542.193530][   T10] usb 3-1: config 0 has an invalid interface number: 20 but max is 0
[  542.204599][   T10] usb 3-1: config 0 has no interface number 0
[  542.217831][ T8399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  542.217905][   T10] usb 3-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  542.227077][ T8399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  542.271992][   T10] usb 3-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[  542.293703][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.320026][   T10] usb 3-1: Product: syz
[  542.330369][   T10] usb 3-1: Manufacturer: syz
[  542.341811][   T10] usb 3-1: SerialNumber: syz
[  542.367944][   T10] usb 3-1: config 0 descriptor??
[  542.379713][T10684] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  542.436734][   T10] usb-storage 3-1:0.20: USB Mass Storage device detected
[  542.481677][   T10] usb-storage 3-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[  542.653090][   T10] scsi host1: usb-storage 3-1:0.20
[  542.691280][T10707] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  542.879645][T10707] syz.5.1084 (10707): drop_caches: 2
[  542.901621][ T5846] usb 3-1: USB disconnect, device number 12
[  543.235169][T10717] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  544.235299][T10722] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1164'.
[  545.002883][T10736] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  545.060623][T10736] syz.1.1167 (10736): drop_caches: 2
[  546.575987][T10761] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  546.604515][T10761] syz.2.1173 (10761): drop_caches: 2
[  546.667695][T10763] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1175'.
[  547.950200][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  548.021257][T10779] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  548.280190][    T9] usb 1-1: device descriptor read/64, error -71
[  548.565264][    T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  548.743911][    T9] usb 1-1: device descriptor read/64, error -71
[  548.890961][    T9] usb usb1-port1: attempt power cycle
[  549.290364][    T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  549.321012][    T9] usb 1-1: device descriptor read/8, error -71
[  549.571846][    T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  549.609844][    T9] usb 1-1: device descriptor read/8, error -71
[  549.742686][    T9] usb usb1-port1: unable to enumerate USB device
[  550.178471][ T5846] IPVS: starting estimator thread 0...
[  550.242857][T10818] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  550.930554][T10817] IPVS: using max 49 ests per chain, 117600 per kthread
[  551.222881][   T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  551.949500][T10830] openvswitch: netlink: ct_state flags 7fffffff unsupported
[  552.172233][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.734815][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.756526][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  552.888377][   T10] usb 4-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00
[  552.932330][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.989795][   T10] usb 4-1: config 0 descriptor??
[  553.286087][T10848] trusted_key: encrypted_key: insufficient parameters specified
[  554.626207][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  554.642274][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  554.738184][   T10] usb 4-1: USB disconnect, device number 27
[  555.801883][T10870] netlink: 'syz.2.1197': attribute type 83 has an invalid length.
[  556.605201][T10886] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  557.438028][T10886] syz.3.1201 (10886): drop_caches: 2
[  557.560469][T10895] netlink: 'syz.0.1204': attribute type 4 has an invalid length.
[  559.884859][T10919] trusted_key: encrypted_key: insufficient parameters specified
[  563.117932][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  563.437890][T10958] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  563.477665][T10958] syz.2.1215 (10958): drop_caches: 2
[  564.465441][T10963] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  566.520647][ T5846] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  567.121953][ T5846] usb 4-1: Using ep0 maxpacket: 32
[  567.511304][ T5846] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  567.519337][ T5846] usb 4-1: config 0 has no interface number 0
[  567.605597][ T5846] usb 4-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  567.696525][ T5846] usb 4-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  567.785701][ T5846] usb 4-1: config 0 interface 2 has no altsetting 0
[  567.804575][ T5846] usb 4-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  567.820117][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.921909][ T5846] usb 4-1: config 0 descriptor??
[  568.562063][T10979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1220'.
[  569.870762][ T5846] usbhid 4-1:0.2: can't add hid device: -71
[  569.876828][ T5846] usbhid 4-1:0.2: probe with driver usbhid failed with error -71
[  569.896121][ T5846] usb 4-1: USB disconnect, device number 28
[  570.763628][ T5904] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  570.964194][ T5904] usb 1-1: Using ep0 maxpacket: 16
[  570.988235][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  571.136476][T11026] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  571.202995][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  571.215679][T11026] syz.5.1230 (11026): drop_caches: 2
[  571.248193][T11024] netlink: 212396 bytes leftover after parsing attributes in process `syz.1.1231'.
[  571.328659][ T5904] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  571.420670][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.565388][ T5904] usb 1-1: Product: syz
[  571.600523][ T5846] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  571.651057][ T5904] usb 1-1: Manufacturer: syz
[  571.699705][ T5904] usb 1-1: SerialNumber: syz
[  571.724267][ T5904] usb 1-1: config 0 descriptor??
[  571.751216][ T5904] em28xx 1-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  571.862234][ T5846] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  571.923042][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.053618][ T5846] usb 4-1: Product: syz
[  572.070026][ T5846] usb 4-1: Manufacturer: syz
[  572.078012][ T5846] usb 4-1: SerialNumber: syz
[  572.091891][ T5846] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  572.172146][ T5919] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  572.291115][T11012] block nbd0: server does not support multiple connections per device.
[  572.314952][T11012] block nbd0: shutting down sockets
[  572.660389][T11047] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  573.192473][ T5919] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  573.225128][ T5919] ath9k_htc: Failed to initialize the device
[  573.755538][ T5919] usb 4-1: ath9k_htc: USB layer deinitialized
[  573.844270][    T9] usb 1-1: USB disconnect, device number 21
[  573.947571][ T5904] usb 4-1: USB disconnect, device number 29
[  576.268429][T11086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1242'.
[  576.285240][T11087] netlink: 'syz.0.1241': attribute type 1 has an invalid length.
[  576.299817][T11087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'.
[  576.327387][T11087] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1241'.
[  576.348080][T11087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'.
[  576.391149][T11087] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1241'.
[  576.420848][T11087] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1241'.
[  577.156190][T11100] netlink: 'syz.5.1245': attribute type 10 has an invalid length.
[  577.228410][T11103] ubi31: attaching mtd0
[  577.289935][T11103] ubi31: scanning is finished
[  577.295588][T11103] ubi31: empty MTD device detected
[  577.954279][T11103] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  578.648581][T11155] random: crng reseeded on system resumption
[  583.549554][T11206] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  583.803532][T11214] binder: 11207:11214 ioctl c0389424 200000000180 returned -22
[  583.824081][T11216] FAULT_INJECTION: forcing a failure.
[  583.824081][T11216] name failslab, interval 1, probability 0, space 0, times 0
[  583.874260][T11216] CPU: 1 UID: 0 PID: 11216 Comm: syz.1.1261 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  583.874287][T11216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  583.874299][T11216] Call Trace:
[  583.874307][T11216]  <TASK>
[  583.874315][T11216]  dump_stack_lvl+0x189/0x250
[  583.874341][T11216]  ? __pfx____ratelimit+0x10/0x10
[  583.874373][T11216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  583.874394][T11216]  ? __pfx__printk+0x10/0x10
[  583.874428][T11216]  ? __pfx___might_resched+0x10/0x10
[  583.874449][T11216]  ? fs_reclaim_acquire+0x7d/0x100
[  583.874476][T11216]  should_fail_ex+0x414/0x560
[  583.874500][T11216]  should_failslab+0xa8/0x100
[  583.874522][T11216]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  583.874540][T11216]  ? __alloc_skb+0x112/0x2d0
[  583.874569][T11216]  __alloc_skb+0x112/0x2d0
[  583.874596][T11216]  netlink_ack+0x146/0xa50
[  583.874639][T11216]  netlink_rcv_skb+0x28c/0x470
[  583.874664][T11216]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  583.874686][T11216]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  583.874723][T11216]  ? bpf_lsm_capable+0x9/0x20
[  583.874745][T11216]  ? security_capable+0x7e/0x2e0
[  583.874774][T11216]  nfnetlink_rcv+0x26a/0x2520
[  583.874798][T11216]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  583.874821][T11216]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  583.874841][T11216]  ? __dev_queue_xmit+0x27e/0x3a70
[  583.874858][T11216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.874888][T11216]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  583.874909][T11216]  ? __pfx___dev_queue_xmit+0x10/0x10
[  583.874943][T11216]  ? ref_tracker_free+0x63a/0x7d0
[  583.874962][T11216]  ? __copy_skb_header+0xa7/0x550
[  583.874980][T11216]  ? __pfx_ref_tracker_free+0x10/0x10
[  583.874999][T11216]  ? __skb_clone+0x63/0x7a0
[  583.875018][T11216]  ? __skb_clone+0x483/0x7a0
[  583.875041][T11216]  ? skb_clone+0x246/0x3a0
[  583.875064][T11216]  ? __netlink_deliver_tap+0x807/0x850
[  583.875088][T11216]  ? netlink_deliver_tap+0x2e/0x1b0
[  583.875121][T11216]  ? netlink_deliver_tap+0x2e/0x1b0
[  583.875145][T11216]  ? netlink_deliver_tap+0x2e/0x1b0
[  583.875178][T11216]  netlink_unicast+0x75c/0x8e0
[  583.875214][T11216]  netlink_sendmsg+0x805/0xb30
[  583.875249][T11216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  583.875283][T11216]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  583.875301][T11216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  583.875327][T11216]  __sock_sendmsg+0x21c/0x270
[  583.875360][T11216]  ____sys_sendmsg+0x505/0x830
[  583.875391][T11216]  ? __pfx_____sys_sendmsg+0x10/0x10
[  583.875426][T11216]  ? import_iovec+0x74/0xa0
[  583.875455][T11216]  ___sys_sendmsg+0x21f/0x2a0
[  583.875485][T11216]  ? __pfx____sys_sendmsg+0x10/0x10
[  583.875519][T11216]  ? rcu_read_lock_any_held+0xb3/0x120
[  583.875553][T11216]  ? sb_end_write+0xe9/0x1c0
[  583.875587][T11216]  ? __pfx_vfs_write+0x10/0x10
[  583.875613][T11216]  __x64_sys_sendmsg+0x19b/0x260
[  583.875645][T11216]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  583.875684][T11216]  ? __pfx_ksys_write+0x10/0x10
[  583.875698][T11216]  ? rcu_is_watching+0x15/0xb0
[  583.875723][T11216]  ? do_syscall_64+0xbe/0x3b0
[  583.875748][T11216]  do_syscall_64+0xfa/0x3b0
[  583.875767][T11216]  ? lockdep_hardirqs_on+0x9c/0x150
[  583.875787][T11216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.875805][T11216]  ? clear_bhb_loop+0x60/0xb0
[  583.875828][T11216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.875846][T11216] RIP: 0033:0x7f16d438ebe9
[  583.875863][T11216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  583.875880][T11216] RSP: 002b:00007f16d515c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  583.875901][T11216] RAX: ffffffffffffffda RBX: 00007f16d45b6090 RCX: 00007f16d438ebe9
[  583.875916][T11216] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006
[  583.875928][T11216] RBP: 00007f16d515c090 R08: 0000000000000000 R09: 0000000000000000
[  583.875940][T11216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  583.875951][T11216] R13: 00007f16d45b6128 R14: 00007f16d45b6090 R15: 00007ffe81410968
[  583.875983][T11216]  </TASK>
[  584.398831][T11206] syz.0.1259 (11206): drop_caches: 2
[  584.552589][T11220] sctp: [Deprecated]: syz.5.1262 (pid 11220) Use of int in max_burst socket option deprecated.
[  584.552589][T11220] Use struct sctp_assoc_value instead
[  584.610596][T11228] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1263'.
[  585.101964][T11231] sctp: [Deprecated]: syz.3.1264 (pid 11231) Use of int in max_burst socket option deprecated.
[  585.101964][T11231] Use struct sctp_assoc_value instead
[  586.612563][T11254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1267'.
[  588.601065][T11279] Bluetooth: MGMT ver 1.23
[  588.616595][T11279] Bluetooth: hci0: invalid length 0, exp 2 for type 30
[  589.836545][T11302] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  591.079213][T11304] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  592.198240][T11331] FAULT_INJECTION: forcing a failure.
[  592.198240][T11331] name failslab, interval 1, probability 0, space 0, times 0
[  592.211559][T11331] CPU: 1 UID: 0 PID: 11331 Comm: syz.2.1285 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  592.211584][T11331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  592.211596][T11331] Call Trace:
[  592.211607][T11331]  <TASK>
[  592.211616][T11331]  dump_stack_lvl+0x189/0x250
[  592.211647][T11331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  592.211669][T11331]  ? __pfx__printk+0x10/0x10
[  592.211700][T11331]  ? should_fail_ex+0x3c1/0x560
[  592.211724][T11331]  should_fail_ex+0x414/0x560
[  592.211749][T11331]  should_failslab+0xa8/0x100
[  592.211772][T11331]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  592.211793][T11331]  ? preempt_schedule_irq+0xb5/0x150
[  592.211812][T11331]  ? __get_vm_area_node+0x13f/0x300
[  592.211837][T11331]  __get_vm_area_node+0x13f/0x300
[  592.211862][T11331]  __vmalloc_node_range_noprof+0x301/0x12f0
[  592.211892][T11331]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.211930][T11331]  ? rcu_is_watching+0x15/0xb0
[  592.211957][T11331]  ? trace_sched_exit_tp+0x38/0x120
[  592.211995][T11331]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  592.212030][T11331]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.212057][T11331]  __vmalloc_noprof+0xb1/0xf0
[  592.212078][T11331]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.212109][T11331]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.212144][T11331]  bpf_prog_alloc+0x3c/0x1a0
[  592.212176][T11331]  bpf_prog_load+0x735/0x1930
[  592.212217][T11331]  ? __pfx_bpf_prog_load+0x10/0x10
[  592.212269][T11331]  ? bpf_lsm_bpf+0x9/0x20
[  592.212290][T11331]  ? security_bpf+0x7e/0x300
[  592.212316][T11331]  __sys_bpf+0x5f1/0x860
[  592.212346][T11331]  ? __pfx___sys_bpf+0x10/0x10
[  592.212404][T11331]  __x64_sys_bpf+0x7c/0x90
[  592.212430][T11331]  do_syscall_64+0xfa/0x3b0
[  592.212453][T11331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.212472][T11331]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  592.212490][T11331]  ? clear_bhb_loop+0x60/0xb0
[  592.212513][T11331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.212533][T11331] RIP: 0033:0x7efd5098ebe9
[  592.212550][T11331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.212567][T11331] RSP: 002b:00007efd51869038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  592.212589][T11331] RAX: ffffffffffffffda RBX: 00007efd50bb6180 RCX: 00007efd5098ebe9
[  592.212603][T11331] RDX: 0000000000000094 RSI: 0000200000000140 RDI: 0000000000000005
[  592.212616][T11331] RBP: 00007efd51869090 R08: 0000000000000000 R09: 0000000000000000
[  592.212625][T11331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.212633][T11331] R13: 00007efd50bb6218 R14: 00007efd50bb6180 R15: 00007ffe021a8bc8
[  592.212657][T11331]  </TASK>
[  592.212691][T11331] warn_alloc: 1 callbacks suppressed
[  592.212720][T11331] syz.2.1285: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  592.522762][T11331] CPU: 0 UID: 0 PID: 11331 Comm: syz.2.1285 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  592.522788][T11331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  592.522800][T11331] Call Trace:
[  592.522808][T11331]  <TASK>
[  592.522816][T11331]  dump_stack_lvl+0x189/0x250
[  592.522841][T11331]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  592.522870][T11331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  592.522892][T11331]  ? __pfx__printk+0x10/0x10
[  592.522917][T11331]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  592.522941][T11331]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  592.522973][T11331]  warn_alloc+0x214/0x310
[  592.523002][T11331]  ? __pfx_warn_alloc+0x10/0x10
[  592.523026][T11331]  ? preempt_schedule_irq+0xb5/0x150
[  592.523045][T11331]  ? __get_vm_area_node+0x13f/0x300
[  592.523069][T11331]  ? __get_vm_area_node+0x2b5/0x300
[  592.523097][T11331]  __vmalloc_node_range_noprof+0x326/0x12f0
[  592.523127][T11331]  ? rcu_is_watching+0x15/0xb0
[  592.523153][T11331]  ? trace_sched_exit_tp+0x38/0x120
[  592.523191][T11331]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  592.523225][T11331]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.523253][T11331]  __vmalloc_noprof+0xb1/0xf0
[  592.523273][T11331]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.523305][T11331]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  592.523339][T11331]  bpf_prog_alloc+0x3c/0x1a0
[  592.523370][T11331]  bpf_prog_load+0x735/0x1930
[  592.523411][T11331]  ? __pfx_bpf_prog_load+0x10/0x10
[  592.523463][T11331]  ? bpf_lsm_bpf+0x9/0x20
[  592.523484][T11331]  ? security_bpf+0x7e/0x300
[  592.523510][T11331]  __sys_bpf+0x5f1/0x860
[  592.523539][T11331]  ? __pfx___sys_bpf+0x10/0x10
[  592.523603][T11331]  __x64_sys_bpf+0x7c/0x90
[  592.523629][T11331]  do_syscall_64+0xfa/0x3b0
[  592.523652][T11331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.523670][T11331]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  592.523689][T11331]  ? clear_bhb_loop+0x60/0xb0
[  592.523712][T11331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.523735][T11331] RIP: 0033:0x7efd5098ebe9
[  592.523752][T11331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.523769][T11331] RSP: 002b:00007efd51869038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  592.523790][T11331] RAX: ffffffffffffffda RBX: 00007efd50bb6180 RCX: 00007efd5098ebe9
[  592.523804][T11331] RDX: 0000000000000094 RSI: 0000200000000140 RDI: 0000000000000005
[  592.523817][T11331] RBP: 00007efd51869090 R08: 0000000000000000 R09: 0000000000000000
[  592.523830][T11331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.523841][T11331] R13: 00007efd50bb6218 R14: 00007efd50bb6180 R15: 00007ffe021a8bc8
[  592.523872][T11331]  </TASK>
[  592.524007][T11331] Mem-Info:
[  592.802012][T11331] active_anon:3144 inactive_anon:12172 isolated_anon:0
[  592.802012][T11331]  active_file:9582 inactive_file:39677 isolated_file:0
[  592.802012][T11331]  unevictable:768 dirty:267 writeback:0
[  592.802012][T11331]  slab_reclaimable:5830 slab_unreclaimable:101889
[  592.802012][T11331]  mapped:36743 shmem:10000 pagetables:1578
[  592.802012][T11331]  sec_pagetables:0 bounce:0
[  592.802012][T11331]  kernel_misc_reclaimable:0
[  592.802012][T11331]  free:1314846 free_pcp:11279 free_cma:0
[  592.849650][T11331] Node 0 active_anon:12576kB inactive_anon:48688kB active_file:37712kB inactive_file:158708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:146620kB dirty:1004kB writeback:0kB shmem:38464kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13400kB pagetables:6176kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  592.885482][T11331] Node 1 active_anon:0kB inactive_anon:0kB active_file:616kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:352kB dirty:64kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  592.933110][   T10] usb 2-1: new low-speed USB device number 24 using dummy_hcd
[  592.975450][T11331] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  593.005396][T11331] lowmem_reserve[]: 0 2500 2502 2502 2502
[  593.011339][T11331] Node 0 DMA32 free:1329796kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12572kB inactive_anon:48044kB active_file:35952kB inactive_file:158640kB unevictable:1536kB writepending:1104kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:39284kB local_pcp:11172kB free_cma:0kB
[  593.045076][T11331] lowmem_reserve[]: 0 0 1 1 1
[  593.050246][T11331] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1760kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  593.079984][T11331] lowmem_reserve[]: 0 0 0 0 0
[  593.084751][T11331] Node 1 Normal free:3913924kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:616kB inactive_file:0kB unevictable:1536kB writepending:64kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8000kB local_pcp:8000kB free_cma:0kB
[  593.116602][T11331] lowmem_reserve[]: 0 0 0 0 0
[  593.121447][T11331] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  593.134335][T11331] Node 0 DMA32: 162*4kB (UM) 17*8kB (UM) 148*16kB (UME) 758*32kB (UME) 858*64kB (UME) 237*128kB (UME) 93*256kB (UME) 30*512kB (UME) 22*1024kB (UME) 4*2048kB (UME) 282*4096kB (UM) = 1337616kB
[  593.154284][T11331] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  593.167394][T11331] Node 1 Normal: 189*4kB (UME) 52*8kB (UME) 37*16kB (UME) 227*32kB (UME) 106*64kB (UE) 36*128kB (UME) 15*256kB (UE) 3*512kB (UM) 1*1024kB (M) 0*2048kB 949*4096kB (UM) = 3913924kB
[  593.187232][T11331] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  593.196895][T11331] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  593.206286][T11331] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  593.215934][T11331] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  593.225313][T11331] 56405 total pagecache pages
[  593.230140][T11331] 0 pages in swap cache
[  593.234318][T11331] Free swap  = 124996kB
[  593.238626][T11331] Total swap = 124996kB
[  593.242870][T11331] 2097051 pages RAM
[  593.246692][T11331] 0 pages HighMem/MovableOnly
[  593.251474][T11331] 424695 pages reserved
[  593.256325][T11331] 0 pages cma reserved
[  593.462163][   T10] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  593.498329][   T10] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  593.532056][   T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  593.545990][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  593.714477][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  593.733036][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  593.770712][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  594.486249][   T10] usb 2-1: string descriptor 0 read error: -22
[  594.510270][   T10] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  594.535808][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.766713][   T10] usb 2-1: config 0 descriptor??
[  595.732623][   T10] hub 2-1:0.0: bad descriptor, ignoring hub
[  595.739155][   T10] hub 2-1:0.0: probe with driver hub failed with error -5
[  596.172723][   T10] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input21
[  596.846970][   T10] usb 2-1: USB disconnect, device number 24
[  599.435011][T11397] netlink: 'syz.5.1303': attribute type 1 has an invalid length.
[  600.279508][T11398] orangefs_mount: mount request failed with -4
[  601.728371][T11423] syz.2.1310 (11423): drop_caches: 2
[  601.802653][T11429] 9pnet_fd: Insufficient options for proto=fd
[  602.354641][   T10] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  602.754172][T11437] netlink: 'syz.0.1312': attribute type 8 has an invalid length.
[  603.252355][T11414] delete_channel: no stack
[  603.270296][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  603.310603][   T10] usb 4-1: unable to read config index 0 descriptor/start: -71
[  603.318328][   T10] usb 4-1: can't read configurations, error -71
[  603.358019][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  603.358038][   T30] audit: type=1326 audit(1755094325.919:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  603.451673][   T30] audit: type=1326 audit(1755094325.919:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  603.934395][   T30] audit: type=1326 audit(1755094325.929:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  604.416431][   T30] audit: type=1326 audit(1755094325.929:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  604.502267][   T30] audit: type=1326 audit(1755094325.929:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  604.545163][T11449] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  605.060400][T11456] netlink: 'syz.0.1316': attribute type 1 has an invalid length.
[  605.145436][   T30] audit: type=1326 audit(1755094325.929:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  605.170048][   T30] audit: type=1326 audit(1755094325.929:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  605.192929][   T30] audit: type=1326 audit(1755094325.929:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  605.237913][   T30] audit: type=1326 audit(1755094325.929:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  605.260634][   T30] audit: type=1326 audit(1755094325.929:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11438 comm="syz.5.1313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  605.723683][T11456] orangefs_mount: mount request failed with -4
[  605.896818][T11449] syz.2.1315 (11449): drop_caches: 2
[  606.025504][T11471] syzkaller1: entered promiscuous mode
[  606.035517][T11471] syzkaller1: entered allmulticast mode
[  607.079246][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1322'.
[  607.256747][T11493] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1323'.
[  607.580728][ T5919] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  607.720745][ T5919] usb 4-1: device descriptor read/64, error -71
[  608.021481][ T5919] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  608.353695][T11514] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  608.379928][T11514] syz.1.1328 (11514): drop_caches: 2
[  608.610650][ T5919] usb 4-1: device descriptor read/64, error -71
[  608.740749][ T5919] usb usb4-port1: attempt power cycle
[  609.130781][ T5919] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  610.079892][ T5919] usb 4-1: device descriptor read/8, error -71
[  610.332516][T11535] netlink: 'syz.5.1332': attribute type 1 has an invalid length.
[  610.729405][ T5919] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  611.175333][T11536] orangefs_mount: mount request failed with -4
[  611.211743][ T5919] usb 4-1: device descriptor read/8, error -71
[  611.325653][ T5919] usb usb4-port1: unable to enumerate USB device
[  611.350803][T11542] =======================================================
[  611.350803][T11542] WARNING: The mand mount option has been deprecated and
[  611.350803][T11542]          and is ignored by this kernel. Remove the mand
[  611.350803][T11542]          option from the mount to silence this warning.
[  611.350803][T11542] =======================================================
[  613.422281][T11564] FAULT_INJECTION: forcing a failure.
[  613.422281][T11564] name failslab, interval 1, probability 0, space 0, times 0
[  613.471681][T11564] CPU: 1 UID: 0 PID: 11564 Comm: syz.2.1338 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  613.471709][T11564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.471721][T11564] Call Trace:
[  613.471729][T11564]  <TASK>
[  613.471738][T11564]  dump_stack_lvl+0x189/0x250
[  613.471765][T11564]  ? __pfx____ratelimit+0x10/0x10
[  613.471786][T11564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.471806][T11564]  ? __pfx__printk+0x10/0x10
[  613.471837][T11564]  ? __pfx___might_resched+0x10/0x10
[  613.471856][T11564]  ? fs_reclaim_acquire+0x7d/0x100
[  613.471884][T11564]  should_fail_ex+0x414/0x560
[  613.471910][T11564]  should_failslab+0xa8/0x100
[  613.471933][T11564]  kmem_cache_alloc_noprof+0x73/0x3c0
[  613.471951][T11564]  ? getname_flags+0xb8/0x540
[  613.471978][T11564]  getname_flags+0xb8/0x540
[  613.472005][T11564]  __x64_sys_mknodat+0x96/0xc0
[  613.472035][T11564]  do_syscall_64+0xfa/0x3b0
[  613.472055][T11564]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.472075][T11564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.472094][T11564]  ? clear_bhb_loop+0x60/0xb0
[  613.472118][T11564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.472136][T11564] RIP: 0033:0x7efd5098ebe9
[  613.472153][T11564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.472170][T11564] RSP: 002b:00007efd518ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  613.472190][T11564] RAX: ffffffffffffffda RBX: 00007efd50bb5fa0 RCX: 00007efd5098ebe9
[  613.472203][T11564] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  613.472216][T11564] RBP: 00007efd518ab090 R08: 0000000000000000 R09: 0000000000000000
[  613.472228][T11564] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000001
[  613.472239][T11564] R13: 00007efd50bb6038 R14: 00007efd50bb5fa0 R15: 00007ffe021a8bc8
[  613.472269][T11564]  </TASK>
[  613.823148][T11572] 9pnet_fd: Insufficient options for proto=fd
[  614.438227][T11580] sctp: [Deprecated]: syz.5.1341 (pid 11580) Use of int in max_burst socket option deprecated.
[  614.438227][T11580] Use struct sctp_assoc_value instead
[  614.634548][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  614.634567][   T30] audit: type=1326 audit(1755094337.189:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11583 comm="syz.1.1342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x0
[  617.050255][T11619] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1350'.
[  617.080629][ T5911] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[  617.242682][ T5911] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[  617.266196][ T5911] usb 4-1: config 5 has no interface number 0
[  617.308887][ T5911] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  617.341640][ T5911] usb 4-1: config 5 interface 123 altsetting 7 endpoint 0x84 has invalid wMaxPacketSize 0
[  617.381572][ T5911] usb 4-1: config 5 interface 123 has no altsetting 0
[  617.400585][ T5911] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  617.411944][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.436868][ T5911] usb 4-1: Product: syz
[  617.456595][ T5911] usb 4-1: Manufacturer: syz
[  617.469690][ T5911] usb 4-1: SerialNumber: syz
[  617.816798][ T5911] ni6501 4-1:5.123: driver 'ni6501' failed to auto-configure device.
[  617.838076][ T5911] usb 4-1: USB disconnect, device number 36
[  621.929097][T11678] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1362'.
[  622.072110][T11682] afs: Unknown parameter '"��'
[  622.139030][T11681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1366'.
[  624.475679][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  625.122231][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1367'.
[  626.391042][T11705] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  628.677445][T11727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.740845][T11727] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.769198][T11729] 8021q: adding VLAN 0 to HW filter on device bond1
[  628.912215][ T5904] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  629.222647][ T5904] usb 4-1: Using ep0 maxpacket: 16
[  629.508405][ T5904] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  629.530143][ T5904] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  629.546072][ T5904] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  629.565691][ T5904] usb 4-1: config 0 interface 0 has no altsetting 0
[  629.600407][ T5904] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  629.636437][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.667860][ T5904] usb 4-1: Product: syz
[  629.686718][ T5904] usb 4-1: Manufacturer: syz
[  629.702479][ T5904] usb 4-1: SerialNumber: syz
[  629.853598][ T5904] usb 4-1: config 0 descriptor??
[  630.649779][ T5904] usb 4-1: Can not set alternate setting to 1, error: -71
[  630.680285][ T5904] synaptics_usb 4-1:0.0: probe with driver synaptics_usb failed with error -71
[  630.747478][ T5904] usb 4-1: USB disconnect, device number 37
[  630.838227][   T30] audit: type=1326 audit(1755094353.389:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  630.874006][   T30] audit: type=1326 audit(1755094353.389:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  630.874787][T11749] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1378'.
[  630.899365][   T30] audit: type=1326 audit(1755094353.429:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  630.938718][   T30] audit: type=1326 audit(1755094353.429:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  630.966493][   T30] audit: type=1326 audit(1755094353.429:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  630.995849][   T30] audit: type=1326 audit(1755094353.429:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  631.021911][   T30] audit: type=1326 audit(1755094353.429:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  631.352100][   T30] audit: type=1326 audit(1755094353.429:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  631.352148][   T30] audit: type=1326 audit(1755094353.429:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  631.352184][   T30] audit: type=1326 audit(1755094353.429:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11756 comm="syz.0.1379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb8d958ebe9 code=0x7ffc0000
[  631.496341][    C0] vkms_vblank_simulate: vblank timer overrun
[  631.822272][T11769] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  631.848226][T11769] syz.1.1380 (11769): drop_caches: 2
[  632.185441][T11773] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1381'.
[  632.787036][T11771] netlink: 'syz.3.1382': attribute type 1 has an invalid length.
[  633.257740][T11774] orangefs_mount: mount request failed with -4
[  636.795449][ T5852] Bluetooth: hci2: command 0x0406 tx timeout
[  636.946543][T11816] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1393'.
[  637.742920][T11819] netlink: 'syz.3.1392': attribute type 1 has an invalid length.
[  638.665582][T11821] orangefs_mount: mount request failed with -4
[  638.841147][T11826] netlink: 'syz.2.1394': attribute type 1 has an invalid length.
[  639.075117][T11830] Invalid logical block size (33423360)
[  639.539132][T11826] orangefs_mount: mount request failed with -4
[  640.730234][ T5904] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  640.930224][ T5904] usb 2-1: Using ep0 maxpacket: 16
[  641.982420][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.010722][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  644.029001][ T5904] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  644.132594][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.179511][ T5904] usb 2-1: config 0 descriptor??
[  644.197799][ T5904] usb 2-1: can't set config #0, error -71
[  644.260388][ T5904] usb 2-1: USB disconnect, device number 25
[  645.460125][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  645.460145][   T30] audit: type=1326 audit(1755094368.009:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  645.874335][T11864] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1404'.
[  645.943858][   T30] audit: type=1326 audit(1755094368.009:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  646.144694][   T30] audit: type=1326 audit(1755094368.489:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  646.332612][T11877] netlink: 'syz.3.1409': attribute type 1 has an invalid length.
[  646.430651][T11866] xt_TCPMSS: Only works on TCP SYN packets
[  646.438822][   T30] audit: type=1326 audit(1755094368.489:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  646.512692][   T30] audit: type=1326 audit(1755094368.489:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.080645][   T30] audit: type=1326 audit(1755094368.489:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.110942][   T30] audit: type=1326 audit(1755094368.489:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.140650][   T30] audit: type=1326 audit(1755094368.489:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.251912][   T30] audit: type=1326 audit(1755094368.489:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.547639][T11877] orangefs_mount: mount request failed with -4
[  647.566499][   T30] audit: type=1326 audit(1755094368.499:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11867 comm="syz.1.1406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  647.902348][T11895] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  648.032122][T11895] syz.2.1412 (11895): drop_caches: 2
[  651.053520][T11924] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  653.013390][T11941] netlink: 'syz.3.1424': attribute type 1 has an invalid length.
[  653.495715][T11945] orangefs_mount: mount request failed with -4
[  655.734532][T11964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1430'.
[  655.754680][T11964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1430'.
[  655.773980][T11968] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  658.551541][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  659.230041][    T9] usb 6-1: Using ep0 maxpacket: 32
[  659.382976][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  659.407365][T12003] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1440'.
[  660.162288][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  660.172737][    T9] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  660.191224][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.202148][    T9] usb 6-1: config 0 descriptor??
[  660.580659][ T2084] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  660.677543][    T9] savu 0003:1E7D:2D5A.0005: unknown main item tag 0x0
[  660.695186][    T9] savu 0003:1E7D:2D5A.0005: item fetching failed at offset 7/8
[  660.724370][    T9] savu 0003:1E7D:2D5A.0005: parse failed
[  660.763534][ T2084] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  660.772837][    T9] savu 0003:1E7D:2D5A.0005: probe with driver savu failed with error -22
[  660.790517][ T2084] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  660.817165][ T2084] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  660.854750][    T9] usb 6-1: USB disconnect, device number 2
[  660.861570][ T2084] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  661.118757][ T2084] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.263512][T12030] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  661.919922][T12017] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  662.459696][T12033] binder: BINDER_SET_CONTEXT_MGR already set
[  662.502143][T12033] binder: 12032:12033 ioctl 4018620d 200000000040 returned -16
[  663.534038][T12049] FAULT_INJECTION: forcing a failure.
[  663.534038][T12049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  663.547293][T12049] CPU: 0 UID: 0 PID: 12049 Comm: syz.1.1453 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  663.547317][T12049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  663.547330][T12049] Call Trace:
[  663.547338][T12049]  <TASK>
[  663.547348][T12049]  dump_stack_lvl+0x189/0x250
[  663.547376][T12049]  ? __pfx____ratelimit+0x10/0x10
[  663.547399][T12049]  ? __pfx_dump_stack_lvl+0x10/0x10
[  663.547422][T12049]  ? __pfx__printk+0x10/0x10
[  663.547462][T12049]  should_fail_ex+0x414/0x560
[  663.547489][T12049]  _copy_to_user+0x31/0xb0
[  663.547519][T12049]  simple_read_from_buffer+0xe1/0x170
[  663.547547][T12049]  proc_fail_nth_read+0x1df/0x250
[  663.547576][T12049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  663.547604][T12049]  ? rw_verify_area+0x258/0x650
[  663.547633][T12049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  663.547660][T12049]  vfs_read+0x200/0x980
[  663.547704][T12049]  ? __pfx___mutex_lock+0x10/0x10
[  663.547728][T12049]  ? __pfx_vfs_read+0x10/0x10
[  663.547760][T12049]  ? __fget_files+0x2a/0x420
[  663.547787][T12049]  ? __fget_files+0x3a0/0x420
[  663.547809][T12049]  ? __fget_files+0x2a/0x420
[  663.547839][T12049]  ksys_read+0x145/0x250
[  663.547860][T12049]  ? __pfx_ksys_read+0x10/0x10
[  663.547875][T12049]  ? fput+0xa0/0xd0
[  663.547903][T12049]  ? do_syscall_64+0xbe/0x3b0
[  663.547928][T12049]  do_syscall_64+0xfa/0x3b0
[  663.547948][T12049]  ? lockdep_hardirqs_on+0x9c/0x150
[  663.547968][T12049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.547988][T12049]  ? clear_bhb_loop+0x60/0xb0
[  663.548010][T12049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.548029][T12049] RIP: 0033:0x7f16d438d5fc
[  663.548047][T12049] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  663.548064][T12049] RSP: 002b:00007f16d517d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  663.548085][T12049] RAX: ffffffffffffffda RBX: 00007f16d45b5fa0 RCX: 00007f16d438d5fc
[  663.548100][T12049] RDX: 000000000000000f RSI: 00007f16d517d0a0 RDI: 0000000000000004
[  663.548114][T12049] RBP: 00007f16d517d090 R08: 0000000000000000 R09: 0000000000000000
[  663.548127][T12049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.548139][T12049] R13: 00007f16d45b6038 R14: 00007f16d45b5fa0 R15: 00007ffe81410968
[  663.548175][T12049]  </TASK>
[  664.356437][T12062] netlink: 'syz.1.1457': attribute type 21 has an invalid length.
[  664.365592][T12062] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1457'.
[  664.820280][ T5904] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  664.849322][T12063] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  664.980684][T12063] syz.0.1456 (12063): drop_caches: 2
[  665.027479][ T2084] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  665.044957][ T2084] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input23
[  665.110894][ T2084] usb 3-1: USB disconnect, device number 13
[  665.117054][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  665.133547][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  665.133775][   T30] audit: type=1326 audit(1755094387.679:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  665.170710][   T30] audit: type=1326 audit(1755094387.679:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  665.202183][ T5904] usb 4-1: Using ep0 maxpacket: 8
[  665.572167][ T5904] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  665.730802][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.739004][   T30] audit: type=1326 audit(1755094387.759:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  665.782839][ T5904] pvrusb2: Hardware description: Terratec Grabster AV400
[  665.863520][   T30] audit: type=1326 audit(1755094387.759:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  665.946491][ T5904] pvrusb2: **********
[  665.982214][T12052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.982495][   T30] audit: type=1326 audit(1755094387.759:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  666.027087][ T5904] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  666.048059][T12052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.068591][ T5904] pvrusb2: Important functionality might not be entirely working.
[  666.097984][ T5904] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  666.205761][   T30] audit: type=1326 audit(1755094387.779:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  666.272442][ T5904] pvrusb2: **********
[  666.355092][T12076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1461'.
[  666.843337][ T2342] pvrusb2: Invalid write control endpoint
[  666.864704][   T30] audit: type=1326 audit(1755094387.779:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  666.884711][ T2084] usb 4-1: USB disconnect, device number 38
[  667.018459][   T30] audit: type=1326 audit(1755094387.779:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  667.195593][   T30] audit: type=1326 audit(1755094387.779:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  667.218741][   T30] audit: type=1326 audit(1755094387.779:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12065 comm="syz.5.1458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f019758ebe9 code=0x7ffc0000
[  668.121827][ T2342] pvrusb2: Invalid write control endpoint
[  668.160522][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  668.188354][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  668.196879][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  668.209560][ T2342] pvrusb2: Device being rendered inoperable
[  668.218097][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  668.226269][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  668.242267][ T2342] pvrusb2: Attached sub-driver cx25840
[  668.264551][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  668.278892][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  668.412571][ T5911] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  668.590549][ T5911] usb 3-1: Using ep0 maxpacket: 32
[  668.613180][ T5911] usb 3-1: config index 0 descriptor too short (expected 9, got 0)
[  668.653401][ T5911] usb 3-1: can't read configurations, error -22
[  668.694746][T12096] batadv1: entered promiscuous mode
[  668.715085][T12096] 8021q: adding VLAN 0 to HW filter on device batadv1
[  668.990637][ T5911] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  669.351564][ T5911] usb 3-1: Using ep0 maxpacket: 32
[  669.401332][ T5911] usb 3-1: config index 0 descriptor too short (expected 9, got 0)
[  669.465100][ T5911] usb 3-1: can't read configurations, error -22
[  669.678850][ T5911] usb usb3-port1: attempt power cycle
[  670.694795][ T5911] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  670.810457][ T5911] usb 3-1: Using ep0 maxpacket: 32
[  670.856055][ T5911] usb 3-1: config index 0 descriptor too short (expected 9, got 0)
[  671.010637][ T5911] usb 3-1: can't read configurations, error -22
[  671.143758][ T5920] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  671.241898][ T5911] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  671.335165][ T5919] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  671.491170][ T5920] usb 6-1: config 0 has an invalid interface number: 199 but max is 1
[  671.602288][ T5920] usb 6-1: config 0 has no interface number 1
[  671.701905][ T5920] usb 6-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  671.790232][ T5919] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  671.858055][ T5911] usb 3-1: device descriptor read/8, error -71
[  671.954765][ T5920] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  671.999402][ T5919] usb 2-1: New USB device found, idVendor=1235, idProduct=000e, bcdDevice=f0.ee
[  672.080693][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.124059][ T5919] usb 2-1: config 0 descriptor??
[  672.130960][ T5911] usb usb3-port1: unable to enumerate USB device
[  672.175029][ T5920] usb 6-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  672.184539][ T5920] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  672.422697][ T5920] usb 6-1: SerialNumber: syz
[  672.613789][ T5920] usb 6-1: config 0 descriptor??
[  672.745034][T12115] netlink: 'syz.1.1473': attribute type 1 has an invalid length.
[  672.776871][T12115] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1473'.
[  672.830469][T12115] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1473'.
[  672.895754][ T5904] usb 2-1: USB disconnect, device number 26
[  672.916118][T12107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.957421][T12107] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  672.968674][T12107] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  672.997635][T12107] iommufd_mock iommufd_mock3: Adding to iommu group 3
[  673.136627][T12107] iommufd_mock iommufd_mock4: Adding to iommu group 4
[  673.183014][T12128] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1479'.
[  673.240350][ T5956] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  673.264629][T12107] iommufd_mock iommufd_mock5: Adding to iommu group 5
[  673.309411][T12107] iommufd_mock iommufd_mock6: Adding to iommu group 6
[  673.404255][T12136] netlink: 'syz.0.1481': attribute type 1 has an invalid length.
[  673.412665][ T5956] usb 3-1: device descriptor read/64, error -71
[  673.485238][T12107] iommufd_mock iommufd_mock7: Adding to iommu group 7
[  673.548925][T12107] iommufd_mock iommufd_mock8: Adding to iommu group 8
[  673.588492][T12107] iommufd_mock iommufd_mock9: Adding to iommu group 9
[  673.720472][ T5956] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  674.154731][T12107] iommufd_mock iommufd_mock10: Adding to iommu group 10
[  674.665817][T12138] orangefs_mount: mount request failed with -4
[  674.680222][ T5956] usb 3-1: device descriptor read/64, error -71
[  674.751832][ T5920] usb 6-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  674.758985][ T5920] usb 6-1: No valid video chain found.
[  674.769874][ T5920] usb 6-1: USB disconnect, device number 3
[  674.805847][ T6830] udevd[6830]: setting owner of /dev/bus/usb/006/003 to uid=0, gid=0 failed: No such file or directory
[  674.827633][ T5956] usb usb3-port1: attempt power cycle
[  674.828237][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  674.828252][   T30] audit: type=1326 audit(1755094397.389:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  674.875298][   T30] audit: type=1326 audit(1755094397.389:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.090865][   T30] audit: type=1326 audit(1755094397.429:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.200055][ T5956] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  675.393757][   T30] audit: type=1326 audit(1755094397.429:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.434070][ T5956] usb 3-1: device descriptor read/8, error -71
[  675.457933][   T30] audit: type=1326 audit(1755094397.429:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.529839][   T30] audit: type=1326 audit(1755094397.429:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.689565][   T30] audit: type=1326 audit(1755094397.429:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.723034][   T30] audit: type=1326 audit(1755094397.429:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.746311][   T30] audit: type=1326 audit(1755094397.429:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.769257][   T30] audit: type=1326 audit(1755094397.429:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.3.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  675.870057][ T5956] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  675.938973][T12157] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1486'.
[  677.918690][ T5956] usb 3-1: device not accepting address 21, error -71
[  677.941317][ T5956] usb usb3-port1: unable to enumerate USB device
[  679.406282][T12177] Cannot find add_set index 0 as target
[  681.791031][T12119] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  682.001589][T12119] usb 3-1: Using ep0 maxpacket: 16
[  682.061600][T12119] usb 3-1: too many configurations: 245, using maximum allowed: 8
[  682.096375][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  682.163456][T12119] usb 3-1: config 255 has no interface number 0
[  682.194044][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  682.267557][T12206] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1498'.
[  682.892750][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  682.920501][T12119] usb 3-1: config 255 has no interface number 0
[  682.926919][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  682.941505][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  682.949815][T12119] usb 3-1: config 255 has no interface number 0
[  682.968168][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  682.977425][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  682.988656][T12119] usb 3-1: config 255 has no interface number 0
[  682.998047][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  683.006930][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  683.035980][T12119] usb 3-1: config 255 has no interface number 0
[  683.046504][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  683.055586][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  683.069037][T12119] usb 3-1: config 255 has no interface number 0
[  683.079081][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  683.135030][T12119] usb 3-1: config 255 has an invalid interface number: 47 but max is 0
[  683.515351][T12218] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1500'.
[  683.584737][T12119] usb 3-1: config 255 has no interface number 0
[  684.281273][T12119] usb 3-1: config 255 interface 47 has no altsetting 0
[  684.533738][T12119] usb 3-1: unable to read config index 7 descriptor/all
[  684.563557][T12119] usb 3-1: can't read configurations, error -71
[  684.877940][T12232] 9pnet_fd: Insufficient options for proto=fd
[  685.932421][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  686.107121][T12247] netlink: 'syz.1.1508': attribute type 1 has an invalid length.
[  686.668889][T12249] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1510'.
[  686.887815][T12249] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1510'.
[  687.262613][T12258] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1513'.
[  688.038453][T12268] sctp: [Deprecated]: syz.1.1516 (pid 12268) Use of int in max_burst socket option deprecated.
[  688.038453][T12268] Use struct sctp_assoc_value instead
[  688.101306][T12269] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  688.297764][ T8423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  688.316225][ T8423] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.435992][ T8423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  688.480101][ T8423] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  688.555272][T12269] syz.5.1515 (12269): drop_caches: 2
[  688.766082][ T8423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  688.817814][ T8423] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.145533][ T8423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  689.168215][ T8423] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.190213][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  690.202044][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  690.213735][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  690.222342][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  690.231587][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  691.302178][ T8423] bridge_slave_0: left allmulticast mode
[  691.405439][ T8423] bridge_slave_0: left promiscuous mode
[  691.556190][ T8423] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.320233][ T5852] Bluetooth: hci1: command tx timeout
[  694.366287][T12310] FAULT_INJECTION: forcing a failure.
[  694.366287][T12310] name failslab, interval 1, probability 0, space 0, times 0
[  694.379735][T12310] CPU: 1 UID: 0 PID: 12310 Comm: syz.3.1529 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  694.379758][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  694.379770][T12310] Call Trace:
[  694.379777][T12310]  <TASK>
[  694.379784][T12310]  dump_stack_lvl+0x189/0x250
[  694.379812][T12310]  ? __pfx____ratelimit+0x10/0x10
[  694.379833][T12310]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.379855][T12310]  ? __pfx__printk+0x10/0x10
[  694.379886][T12310]  ? __pfx___might_resched+0x10/0x10
[  694.379912][T12310]  should_fail_ex+0x414/0x560
[  694.379939][T12310]  should_failslab+0xa8/0x100
[  694.379970][T12310]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  694.379989][T12310]  ? __alloc_skb+0x112/0x2d0
[  694.380020][T12310]  __alloc_skb+0x112/0x2d0
[  694.380052][T12310]  netlink_sendmsg+0x5c6/0xb30
[  694.380090][T12310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  694.380125][T12310]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  694.380145][T12310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  694.380173][T12310]  __sock_sendmsg+0x21c/0x270
[  694.380199][T12310]  ____sys_sendmsg+0x52d/0x830
[  694.380235][T12310]  ? __pfx_____sys_sendmsg+0x10/0x10
[  694.380274][T12310]  ? import_iovec+0x74/0xa0
[  694.380305][T12310]  ___sys_sendmsg+0x21f/0x2a0
[  694.380337][T12310]  ? __pfx____sys_sendmsg+0x10/0x10
[  694.380404][T12310]  ? __fget_files+0x2a/0x420
[  694.380430][T12310]  ? __fget_files+0x3a0/0x420
[  694.380463][T12310]  __sys_sendmmsg+0x227/0x430
[  694.380498][T12310]  ? __pfx___sys_sendmmsg+0x10/0x10
[  694.380525][T12310]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  694.380576][T12310]  ? ksys_write+0x22a/0x250
[  694.380597][T12310]  ? __pfx_ksys_write+0x10/0x10
[  694.380613][T12310]  ? rcu_is_watching+0x15/0xb0
[  694.380642][T12310]  __x64_sys_sendmmsg+0xa0/0xc0
[  694.380673][T12310]  do_syscall_64+0xfa/0x3b0
[  694.380693][T12310]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.380713][T12310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.380733][T12310]  ? clear_bhb_loop+0x60/0xb0
[  694.380757][T12310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.380776][T12310] RIP: 0033:0x7f8afb18ebe9
[  694.380795][T12310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.380812][T12310] RSP: 002b:00007f8afbfdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  694.380833][T12310] RAX: ffffffffffffffda RBX: 00007f8afb3b6090 RCX: 00007f8afb18ebe9
[  694.380848][T12310] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000b
[  694.380861][T12310] RBP: 00007f8afbfdf090 R08: 0000000000000000 R09: 0000000000000000
[  694.380874][T12310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.380886][T12310] R13: 00007f8afb3b6128 R14: 00007f8afb3b6090 R15: 00007ffd8bd565f8
[  694.380918][T12310]  </TASK>
[  694.444490][ T5852] Bluetooth: hci1: command tx timeout
[  695.269045][T12316] xt_hashlimit: max too large, truncated to 1048576
[  695.280897][T12316] xt_hashlimit: overflow, try lower: 3/0
[  695.582965][T12324] sctp: [Deprecated]: syz.3.1532 (pid 12324) Use of int in max_burst socket option deprecated.
[  695.582965][T12324] Use struct sctp_assoc_value instead
[  696.743249][ T5852] Bluetooth: hci1: command tx timeout
[  697.164291][ T8423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  697.176302][ T8423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  697.191891][ T8423] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  697.214490][ T8423] bond0 (unregistering): Released all slaves
[  697.679650][ T8423] tipc: Disabling bearer <udp:syz2>
[  697.718076][ T8423] tipc: Left network mode
[  698.439100][T12351] o2cb: This node has not been configured.
[  698.453378][T12351] o2cb: Cluster check failed. Fix errors before retrying.
[  698.464332][T12351] (syz.2.1539,12351,0):user_dlm_register:674 ERROR: status = -22
[  698.472713][T12351] (syz.2.1539,12351,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "bus"
[  698.801994][ T5852] Bluetooth: hci1: command tx timeout
[  698.985341][T12356] netlink: 'syz.1.1540': attribute type 2 has an invalid length.
[  699.752640][T12356] netlink: 'syz.1.1540': attribute type 1 has an invalid length.
[  699.761218][T12356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1540'.
[  700.287198][T12367] fuse: Bad value for 'fd'
[  702.298751][T12283] chnl_net:caif_netlink_parms(): no params data found
[  702.577903][T12384] syz_tun: entered allmulticast mode
[  702.835767][T12392] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  703.000839][T12119] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  703.642330][T12119] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  703.693193][T12119] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  703.872654][T12119] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  703.883098][ T8423] hsr_slave_0: left promiscuous mode
[  703.890960][ T8423] hsr_slave_1: left promiscuous mode
[  703.896370][T12119] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.911156][ T8423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  703.918656][T12119] usb 3-1: Product: syz
[  703.928833][ T8423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  703.936698][T12119] usb 3-1: Manufacturer: syz
[  703.943431][T12119] usb 3-1: SerialNumber: syz
[  703.952998][ T8423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  703.962935][ T8423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  704.044277][ T8423] veth1_macvtap: left promiscuous mode
[  704.052894][ T8423] veth0_macvtap: left promiscuous mode
[  704.058809][ T8423] veth1_vlan: left promiscuous mode
[  704.065278][ T8423] veth0_vlan: left promiscuous mode
[  704.185436][T12119] usb 3-1: USB disconnect, device number 24
[  704.639910][ T8423] team0 (unregistering): Port device team_slave_1 removed
[  704.691295][ T8423] team0 (unregistering): Port device team_slave_0 removed
[  705.113600][T12399] 9pnet_fd: Insufficient options for proto=fd
[  707.768019][T12380] syz_tun: left allmulticast mode
[  707.955045][ T5920] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  708.130627][ T5920] usb 3-1: Using ep0 maxpacket: 32
[  708.292273][ T5920] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  708.482011][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.919202][ T5920] usb 3-1: config 0 descriptor??
[  712.102478][T12283] bridge0: port 1(bridge_slave_0) entered blocking state
[  712.170711][T12283] bridge0: port 1(bridge_slave_0) entered disabled state
[  712.178457][T12424] xt_nat: multiple ranges no longer supported
[  712.203413][T12283] bridge_slave_0: entered allmulticast mode
[  712.212222][T12283] bridge_slave_0: entered promiscuous mode
[  712.222677][T12425] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  712.269571][T12283] bridge0: port 2(bridge_slave_1) entered blocking state
[  712.284844][T12283] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.490454][T12283] bridge_slave_1: entered allmulticast mode
[  712.508162][T12283] bridge_slave_1: entered promiscuous mode
[  712.847140][T12425] syz.3.1556 (12425): drop_caches: 2
[  712.964542][T12283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  713.017105][T12283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  713.531508][T12283] team0: Port device team_slave_0 added
[  713.546324][ T8423] IPVS: stop unused estimator thread 0...
[  713.613253][T12283] team0: Port device team_slave_1 added
[  713.942435][T12283] batman_adv: batadv0: Adding interface: batadv_slave_0
[  713.990723][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.089502][T12283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  714.140601][T12283] batman_adv: batadv0: Adding interface: batadv_slave_1
[  714.181134][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  714.361348][T12283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  714.416942][ T5920] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  714.487735][ T5920] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  714.540108][ T5920] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  715.862984][T12283] hsr_slave_0: entered promiscuous mode
[  715.968235][T12283] hsr_slave_1: entered promiscuous mode
[  716.071530][T12283] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  716.165097][T12283] Cannot create hsr debugfs directory
[  716.933206][T12456] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  717.611817][T12460] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1564'.
[  719.003928][T12473] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  719.970818][T12474] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1566'.
[  720.438455][T12482] Invalid logical block size (16777216)
[  728.831574][T12538] syz.2.1580 (12538): drop_caches: 2
[  729.068398][T12283] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  729.125345][T12283] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  729.188229][T12283] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  729.225311][T12283] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  729.410369][   T10] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  729.627493][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  729.646981][T12283] 8021q: adding VLAN 0 to HW filter on device bond0
[  729.690067][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  729.730391][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  729.765289][T12283] 8021q: adding VLAN 0 to HW filter on device team0
[  729.778225][   T10] usb 6-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00
[  729.943981][ T8410] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.950259][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.951187][ T8410] bridge0: port 1(bridge_slave_0) entered forwarding state
[  730.593076][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  730.600308][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  730.636984][   T10] usb 6-1: config 0 descriptor??
[  731.042356][T12567] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  731.095642][T12544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  731.187850][T12544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.088321][   T10] hid-generic 0003:045E:008E.0006: unbalanced collection at end of report description
[  732.135109][   T10] hid-generic 0003:045E:008E.0006: probe with driver hid-generic failed with error -22
[  732.917653][T12587] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  733.676602][ T2084] usb 6-1: USB disconnect, device number 4
[  734.479104][T12283] 8021q: adding VLAN 0 to HW filter on device batadv0
[  734.829381][T12283] veth0_vlan: entered promiscuous mode
[  734.970899][T12283] veth1_vlan: entered promiscuous mode
[  735.065759][T12283] veth0_macvtap: entered promiscuous mode
[  735.103747][T12283] veth1_macvtap: entered promiscuous mode
[  735.244761][T12283] batman_adv: batadv0: Interface activated: batadv_slave_0
[  735.310111][T12283] batman_adv: batadv0: Interface activated: batadv_slave_1
[  735.363452][T12283] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  735.406216][T12283] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  735.444073][T12283] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  735.471367][T12283] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  735.480753][T12119] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  735.699207][T12119] usb 6-1: Using ep0 maxpacket: 16
[  735.757376][T12119] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  735.778952][T12119] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  735.832941][T12119] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  735.888924][T12119] usb 6-1: config 0 interface 0 has no altsetting 0
[  735.890992][ T8406] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  735.923667][T12119] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  735.934298][ T8406] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  735.969170][T12119] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.011790][T12119] usb 6-1: config 0 descriptor??
[  736.026771][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  736.060191][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  738.362366][T12119] hid (null): invalid report_count 46896
[  739.194857][T12119] hid (null): bogus close delimiter
[  739.200649][T12119] hid (null): unknown global tag 0xc
[  739.205978][T12119] hid (null): report_id 0 is invalid
[  739.220676][T12119] usb 6-1: USB disconnect, device number 5
[  740.562466][T12659] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  740.766188][T12656] syz.5.1601 (12656): drop_caches: 2
[  741.547152][T12675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1609'.
[  741.878316][T12680] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  743.224609][ T2084] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  743.360654][ T2084] usb 1-1: device descriptor read/64, error -71
[  743.734590][ T2084] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  744.260501][ T2084] usb 1-1: device descriptor read/64, error -71
[  744.402978][ T2084] usb usb1-port1: attempt power cycle
[  744.780701][ T2084] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  744.846130][ T2084] usb 1-1: device descriptor read/8, error -71
[  745.270618][ T2084] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  745.301393][ T2084] usb 1-1: device descriptor read/8, error -71
[  745.411167][ T2084] usb usb1-port1: unable to enumerate USB device
[  747.650245][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  748.453565][T12747] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1629'.
[  748.503408][T12750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1629'.
[  749.082554][T12749] FAULT_INJECTION: forcing a failure.
[  749.082554][T12749] name failslab, interval 1, probability 0, space 0, times 0
[  749.095927][T12749] CPU: 0 UID: 0 PID: 12749 Comm: syz.0.1630 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  749.095953][T12749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  749.095965][T12749] Call Trace:
[  749.095973][T12749]  <TASK>
[  749.095982][T12749]  dump_stack_lvl+0x189/0x250
[  749.096008][T12749]  ? __pfx____ratelimit+0x10/0x10
[  749.096029][T12749]  ? __pfx_dump_stack_lvl+0x10/0x10
[  749.096051][T12749]  ? __pfx__printk+0x10/0x10
[  749.096093][T12749]  should_fail_ex+0x414/0x560
[  749.096120][T12749]  should_failslab+0xa8/0x100
[  749.096143][T12749]  kmem_cache_alloc_noprof+0x73/0x3c0
[  749.096162][T12749]  ? skb_clone+0x212/0x3a0
[  749.096179][T12749]  ? __pfx_skb_network_protocol+0x10/0x10
[  749.096200][T12749]  skb_clone+0x212/0x3a0
[  749.096216][T12749]  ? dev_queue_xmit_nit+0x26f/0xcc0
[  749.096247][T12749]  dev_queue_xmit_nit+0x416/0xcc0
[  749.096274][T12749]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  749.096315][T12749]  dev_hard_start_xmit+0x1be/0x830
[  749.096355][T12749]  __dev_queue_xmit+0x1adf/0x3a70
[  749.096408][T12749]  ? __dev_queue_xmit+0x27e/0x3a70
[  749.096433][T12749]  ? ipt_do_table+0x13dd/0x1630
[  749.096467][T12749]  ? __pfx___dev_queue_xmit+0x10/0x10
[  749.096507][T12749]  ? __lock_acquire+0xab9/0xd20
[  749.096539][T12749]  ? __ip_queue_xmit+0x1101/0x1b00
[  749.096567][T12749]  ? ip_finish_output2+0xae7/0x1160
[  749.096595][T12749]  ip_finish_output2+0xd03/0x1160
[  749.096626][T12749]  ? ip_finish_output2+0x452/0x1160
[  749.096652][T12749]  ? __pfx_ip_finish_output2+0x10/0x10
[  749.096671][T12749]  ? ip_skb_dst_mtu+0x147/0xc50
[  749.096705][T12749]  ? ip_finish_output+0x33a/0x3f0
[  749.096727][T12749]  ? __ip_queue_xmit+0x63/0x1b00
[  749.096745][T12749]  __ip_queue_xmit+0x1101/0x1b00
[  749.096765][T12749]  ? __pfx___tcp_select_window+0x10/0x10
[  749.096797][T12749]  ? __ip_queue_xmit+0x63/0x1b00
[  749.096821][T12749]  ? __pfx_ip_queue_xmit+0x10/0x10
[  749.096840][T12749]  __tcp_transmit_skb+0x2215/0x3680
[  749.096891][T12749]  ? __pfx___tcp_transmit_skb+0x10/0x10
[  749.096909][T12749]  ? __build_skb_around+0x257/0x3e0
[  749.096950][T12749]  ? tcp_send_window_probe+0x275/0x470
[  749.096976][T12749]  do_tcp_setsockopt+0x187e/0x1f10
[  749.097011][T12749]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  749.097050][T12749]  ? __fget_files+0x2a/0x420
[  749.097075][T12749]  ? sock_common_setsockopt+0x36/0xc0
[  749.097097][T12749]  ? tcp_setsockopt+0x3d/0xe0
[  749.097122][T12749]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  749.097150][T12749]  do_sock_setsockopt+0x179/0x1b0
[  749.097183][T12749]  __x64_sys_setsockopt+0x13f/0x1b0
[  749.097217][T12749]  do_syscall_64+0xfa/0x3b0
[  749.097239][T12749]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.097257][T12749]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  749.097275][T12749]  ? clear_bhb_loop+0x60/0xb0
[  749.097297][T12749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.097314][T12749] RIP: 0033:0x7fe54d38ebe9
[  749.097328][T12749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.097344][T12749] RSP: 002b:00007fe54e186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  749.097361][T12749] RAX: ffffffffffffffda RBX: 00007fe54d5b5fa0 RCX: 00007fe54d38ebe9
[  749.097375][T12749] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000004
[  749.097385][T12749] RBP: 00007fe54e186090 R08: 0000000000000004 R09: 0000000000000000
[  749.097397][T12749] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  749.097410][T12749] R13: 00007fe54d5b6038 R14: 00007fe54d5b5fa0 R15: 00007ffc02ea28e8
[  749.097443][T12749]  </TASK>
[  749.973950][T12766] binder: 12761:12766 ioctl c0306201 0 returned -14
[  752.710596][ T2084] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  753.085235][ T2084] usb 2-1: Using ep0 maxpacket: 32
[  753.205929][ T2084] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  753.323287][ T2084] usb 2-1: config 0 has no interface number 0
[  753.332076][ T2084] usb 2-1: config 0 interface 184 has no altsetting 0
[  753.495182][ T2084] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  753.506590][ T2084] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.517011][ T2084] usb 2-1: Product: syz
[  753.523921][ T2084] usb 2-1: Manufacturer: syz
[  753.528596][ T2084] usb 2-1: SerialNumber: syz
[  753.535881][ T2084] usb 2-1: config 0 descriptor??
[  753.547004][ T2084] smsc75xx v1.0.0
[  753.551629][ T2084] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  753.573198][ T2084] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  755.940746][T12834] syz.5.1651 (12834): drop_caches: 2
[  756.125883][T12835] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  756.329432][T12835] syz.0.1652 (12835): drop_caches: 2
[  756.693927][T12842] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1654'.
[  756.740896][T12842] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  756.781100][T12844] overlayfs: missing 'workdir'
[  756.839055][ T2084] usb 2-1: USB disconnect, device number 27
[  757.030420][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  757.190246][   T10] usb 1-1: Using ep0 maxpacket: 32
[  758.036520][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  759.103072][   T10] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  759.112461][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.121348][   T10] usb 1-1: Product: syz
[  759.125613][   T10] usb 1-1: Manufacturer: syz
[  759.130949][   T10] usb 1-1: SerialNumber: syz
[  759.151655][   T10] usb 1-1: config 0 descriptor??
[  759.158300][T12842] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  759.533691][   T10] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input24
[  760.020880][   T10] usb 1-1: USB disconnect, device number 26
[  760.026937][    C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  760.358418][T12861] netlink: 'syz.2.1660': attribute type 1 has an invalid length.
[  760.570838][T12862] Device name not specified.
[  760.570838][T12862] 
[  761.223372][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  761.223390][   T30] audit: type=1326 audit(1755094483.779:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  761.252164][   T30] audit: type=1326 audit(1755094483.779:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  761.301042][   T30] audit: type=1326 audit(1755094483.869:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  761.779763][   T30] audit: type=1326 audit(1755094483.869:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  762.230633][T12878] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1665'.
[  762.246761][T12878] veth1_to_hsr: entered promiscuous mode
[  762.252980][T12878] macsec1: entered promiscuous mode
[  762.258423][T12878] macsec1: entered allmulticast mode
[  762.263930][T12878] veth1_to_hsr: entered allmulticast mode
[  762.652715][   T30] audit: type=1326 audit(1755094483.869:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  762.674296][    C1] vkms_vblank_simulate: vblank timer overrun
[  762.710059][   T30] audit: type=1326 audit(1755094483.869:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  762.735803][T12878] veth1_to_hsr: left allmulticast mode
[  762.742835][T12878] veth1_to_hsr: left promiscuous mode
[  762.773353][   T30] audit: type=1326 audit(1755094483.869:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  762.858195][   T30] audit: type=1326 audit(1755094483.869:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  763.265308][T12883] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  763.349646][T12883] syz.2.1664 (12883): drop_caches: 2
[  763.379751][T12887] Cannot find add_set index 0 as target
[  763.520730][   T30] audit: type=1326 audit(1755094483.869:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  763.542304][    C1] vkms_vblank_simulate: vblank timer overrun
[  763.837403][   T30] audit: type=1326 audit(1755094483.869:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12864 comm="syz.3.1661" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  763.859060][    C1] vkms_vblank_simulate: vblank timer overrun
[  765.317370][T12909] FAULT_INJECTION: forcing a failure.
[  765.317370][T12909] name failslab, interval 1, probability 0, space 0, times 0
[  765.370322][T12909] CPU: 0 UID: 0 PID: 12909 Comm: syz.1.1670 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  765.370352][T12909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  765.370365][T12909] Call Trace:
[  765.370373][T12909]  <TASK>
[  765.370382][T12909]  dump_stack_lvl+0x189/0x250
[  765.370409][T12909]  ? __pfx____ratelimit+0x10/0x10
[  765.370430][T12909]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.370452][T12909]  ? __pfx__printk+0x10/0x10
[  765.370484][T12909]  ? __pfx___might_resched+0x10/0x10
[  765.370503][T12909]  ? fs_reclaim_acquire+0x7d/0x100
[  765.370529][T12909]  should_fail_ex+0x414/0x560
[  765.370554][T12909]  should_failslab+0xa8/0x100
[  765.370576][T12909]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  765.370594][T12909]  ? rcu_is_watching+0x15/0xb0
[  765.370612][T12909]  ? key_alloc+0x34d/0x1030
[  765.370640][T12909]  kmemdup_noprof+0x2b/0x70
[  765.370666][T12909]  key_alloc+0x34d/0x1030
[  765.370704][T12909]  keyring_alloc+0x45/0xb0
[  765.370736][T12909]  join_session_keyring+0x13c/0x440
[  765.370766][T12909]  __se_sys_keyctl+0x865/0x910
[  765.370792][T12909]  ? __pfx___se_sys_keyctl+0x10/0x10
[  765.370817][T12909]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  765.370843][T12909]  ? __fget_files+0x3a0/0x420
[  765.370872][T12909]  ? fput+0xa0/0xd0
[  765.370895][T12909]  ? ksys_write+0x22a/0x250
[  765.370916][T12909]  ? __pfx_ksys_write+0x10/0x10
[  765.370939][T12909]  ? do_syscall_64+0xbe/0x3b0
[  765.370959][T12909]  ? __x64_sys_keyctl+0x20/0xc0
[  765.370983][T12909]  do_syscall_64+0xfa/0x3b0
[  765.371004][T12909]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.371023][T12909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.371042][T12909]  ? clear_bhb_loop+0x60/0xb0
[  765.371076][T12909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.371095][T12909] RIP: 0033:0x7f16d438ebe9
[  765.371112][T12909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  765.371130][T12909] RSP: 002b:00007f16d517d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  765.371151][T12909] RAX: ffffffffffffffda RBX: 00007f16d45b5fa0 RCX: 00007f16d438ebe9
[  765.371166][T12909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  765.371177][T12909] RBP: 00007f16d517d090 R08: 0000000000000000 R09: 0000000000000000
[  765.371189][T12909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.371200][T12909] R13: 00007f16d45b6038 R14: 00007f16d45b5fa0 R15: 00007ffe81410968
[  765.371231][T12909]  </TASK>
[  769.068797][T12938] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1680'.
[  769.101664][T12938] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1680'.
[  770.012473][T12951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1682'.
[  770.675116][T12953] dlm: no local IP address has been set
[  770.681460][T12953] dlm: cannot start dlm midcomms -107
[  771.208437][T12961] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  773.604811][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  773.604830][   T30] audit: type=1326 audit(1755094496.159:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12966 comm="syz.2.1687" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd5098ebe9 code=0x0
[  774.046170][T12979] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  774.517837][ T8397] Bluetooth: hci5: Frame reassembly failed (-84)
[  776.550116][ T5842] Bluetooth: hci5: command 0x1003 tx timeout
[  776.551120][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  776.595695][T12992] random: crng reseeded on system resumption
[  778.516891][ T5920] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  778.556709][ T5920] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  778.755335][ T5920] usb 3-1: USB disconnect, device number 25
[  778.849168][T13013] bridge0: entered promiscuous mode
[  778.892057][T13013] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  778.913924][T13013] hsr1: entered allmulticast mode
[  779.209097][T13013] bridge0: entered allmulticast mode
[  779.222931][T13013] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  781.386838][   T30] audit: type=1326 audit(1755094503.949:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  782.621646][   T30] audit: type=1326 audit(1755094504.609:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  783.288565][   T30] audit: type=1326 audit(1755094505.849:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  783.314614][   T30] audit: type=1326 audit(1755094505.849:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  783.891532][   T30] audit: type=1326 audit(1755094505.849:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  783.916352][   T30] audit: type=1326 audit(1755094505.909:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  784.027819][   T30] audit: type=1326 audit(1755094505.909:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  784.144159][   T30] audit: type=1326 audit(1755094505.909:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  784.223576][   T30] audit: type=1326 audit(1755094505.909:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  784.317549][   T30] audit: type=1326 audit(1755094505.909:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13043 comm="syz.1.1709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d438ebe9 code=0x7ffc0000
[  785.751837][T13087] netlink: 'syz.5.1717': attribute type 8 has an invalid length.
[  786.550299][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  787.174078][   T10] usb 1-1: config 0 has an invalid descriptor of length 111, skipping remainder of the config
[  787.215885][   T10] usb 1-1: config 0 has no interfaces?
[  787.244841][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.40
[  787.270183][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.749361][   T10] usb 1-1: Product: చ
[  787.755180][   T10] usb 1-1: Manufacturer: ﲙ৑尙㲣驗℠썺棟銮⾊婕挆⒭뻧볘織Ὓ獈썗虑賹禲툀䔜頧䵷᤼㟍๖↖鮩ⵁ䟋齎ퟟ嘜婱蟎첆즚⽘
[  787.780075][   T10] usb 1-1: SerialNumber: Ѓ
[  787.798036][   T10] usb 1-1: config 0 descriptor??
[  789.327065][T13109] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  789.407278][T13109] syz.5.1723 (13109): drop_caches: 2
[  791.162927][T13121] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1725'.
[  792.781662][T13128] netlink: 'syz.2.1727': attribute type 1 has an invalid length.
[  795.519011][ T5920] usb 1-1: USB disconnect, device number 27
[  795.785987][T13156] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  800.008564][T13180] netlink: 'syz.5.1742': attribute type 1 has an invalid length.
[  801.879062][T13187] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1743'.
[  803.124406][T13201] FAULT_INJECTION: forcing a failure.
[  803.124406][T13201] name failslab, interval 1, probability 0, space 0, times 0
[  803.183600][T13201] CPU: 0 UID: 0 PID: 13201 Comm: syz.5.1748 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  803.183629][T13201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  803.183642][T13201] Call Trace:
[  803.183650][T13201]  <TASK>
[  803.183661][T13201]  dump_stack_lvl+0x189/0x250
[  803.183691][T13201]  ? __pfx____ratelimit+0x10/0x10
[  803.183714][T13201]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.183737][T13201]  ? __pfx__printk+0x10/0x10
[  803.183770][T13201]  ? __pfx___might_resched+0x10/0x10
[  803.183792][T13201]  ? fs_reclaim_acquire+0x7d/0x100
[  803.183822][T13201]  should_fail_ex+0x414/0x560
[  803.183849][T13201]  should_failslab+0xa8/0x100
[  803.183874][T13201]  __kmalloc_cache_noprof+0x70/0x3d0
[  803.183895][T13201]  ? request_key_auth_new+0x103/0x8b0
[  803.183927][T13201]  request_key_auth_new+0x103/0x8b0
[  803.183962][T13201]  ? __pfx_request_key_auth_new+0x10/0x10
[  803.183990][T13201]  ? up_write+0x1c4/0x420
[  803.184027][T13201]  request_key_and_link+0xde9/0x14a0
[  803.184064][T13201]  ? __pfx_request_key_and_link+0x10/0x10
[  803.184102][T13201]  ? __pfx_asymmetric_key_cmp+0x10/0x10
[  803.184128][T13201]  ? __pfx_keyring_search_iterator+0x10/0x10
[  803.184172][T13201]  ? down_read+0x1ad/0x2e0
[  803.184199][T13201]  __se_sys_request_key+0x22c/0x340
[  803.184225][T13201]  ? __pfx___se_sys_request_key+0x10/0x10
[  803.184257][T13201]  ? do_syscall_64+0xbe/0x3b0
[  803.184283][T13201]  do_syscall_64+0xfa/0x3b0
[  803.184304][T13201]  ? lockdep_hardirqs_on+0x9c/0x150
[  803.184325][T13201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.184344][T13201]  ? clear_bhb_loop+0x60/0xb0
[  803.184369][T13201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.184388][T13201] RIP: 0033:0x7f019758ebe9
[  803.184406][T13201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.184423][T13201] RSP: 002b:00007f019849b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[  803.184444][T13201] RAX: ffffffffffffffda RBX: 00007f01977b5fa0 RCX: 00007f019758ebe9
[  803.184460][T13201] RDX: 0000200000001fee RSI: 0000200000001ffb RDI: 0000200000000040
[  803.184474][T13201] RBP: 00007f019849b090 R08: 0000000000000000 R09: 0000000000000000
[  803.184488][T13201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  803.184500][T13201] R13: 00007f01977b6038 R14: 00007f01977b5fa0 R15: 00007ffe189a5bc8
[  803.184535][T13201]  </TASK>
[  806.890239][T13221] FAULT_INJECTION: forcing a failure.
[  806.890239][T13221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  806.960776][T13221] CPU: 1 UID: 0 PID: 13221 Comm: syz.0.1753 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  806.960804][T13221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  806.960816][T13221] Call Trace:
[  806.960824][T13221]  <TASK>
[  806.960833][T13221]  dump_stack_lvl+0x189/0x250
[  806.960861][T13221]  ? __pfx____ratelimit+0x10/0x10
[  806.960882][T13221]  ? __pfx_dump_stack_lvl+0x10/0x10
[  806.960904][T13221]  ? __pfx__printk+0x10/0x10
[  806.960942][T13221]  should_fail_ex+0x414/0x560
[  806.960971][T13221]  strncpy_from_user+0x36/0x290
[  806.961005][T13221]  getname_flags+0xf3/0x540
[  806.961033][T13221]  __x64_sys_mknodat+0x96/0xc0
[  806.961069][T13221]  do_syscall_64+0xfa/0x3b0
[  806.961089][T13221]  ? lockdep_hardirqs_on+0x9c/0x150
[  806.961108][T13221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.961128][T13221]  ? clear_bhb_loop+0x60/0xb0
[  806.961151][T13221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.961170][T13221] RIP: 0033:0x7fe54d38ebe9
[  806.961187][T13221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  806.961205][T13221] RSP: 002b:00007fe54e186038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  806.961226][T13221] RAX: ffffffffffffffda RBX: 00007fe54d5b5fa0 RCX: 00007fe54d38ebe9
[  806.961240][T13221] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  806.961253][T13221] RBP: 00007fe54e186090 R08: 0000000000000000 R09: 0000000000000000
[  806.961265][T13221] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000001
[  806.961277][T13221] R13: 00007fe54d5b6038 R14: 00007fe54d5b5fa0 R15: 00007ffc02ea28e8
[  806.961309][T13221]  </TASK>
[  808.130378][ T5852] Bluetooth: hci2: Malformed LE Event: 0x0d
[  809.030802][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  809.418248][T13246] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  809.987187][T13250] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1761'.
[  815.990267][ T5852] Bluetooth: hci1: command 0x0406 tx timeout
[  822.795281][T13349] syz.2.1789: attempt to access beyond end of device
[  822.795281][T13349] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  822.819702][T13349] (syz.2.1789,13349,0):ocfs2_get_sector:1714 ERROR: status = -5
[  822.828185][T13349] (syz.2.1789,13349,0):ocfs2_sb_probe:753 ERROR: status = -5
[  822.908963][T13355] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  823.286065][T13349] (syz.2.1789,13349,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  823.754722][T13355] syz.0.1790 (13355): drop_caches: 2
[  823.830540][T13349] (syz.2.1789,13349,0):ocfs2_fill_super:1177 ERROR: status = -5
[  829.474995][T13405] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  830.302428][T13410] netlink: 248 bytes leftover after parsing attributes in process `syz.5.1808'.
[  830.314787][T13410] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1808'.
[  830.346128][T13410] sp0: Synchronizing with TNC
[  830.441204][T13412] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1808'.
[  833.105994][ T5920] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  833.332657][ T5920] usb 6-1: Using ep0 maxpacket: 32
[  833.349037][ T5920] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  833.903276][T13436] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  833.941634][ T5920] usb 6-1: config 1 has no interface number 1
[  833.956528][ T5920] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  833.987389][ T5920] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  834.002621][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  834.122964][ T5920] usb 6-1: Product: syz
[  834.127175][ T5920] usb 6-1: Manufacturer: syz
[  834.132437][ T5920] usb 6-1: SerialNumber: syz
[  834.168801][T13436] syz.1.1814 (13436): drop_caches: 2
[  834.487597][ T5920] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  834.510589][ T5920] usb 6-1: 2:1 : invalid channels 0
[  835.680969][ T5920] usb 6-1: USB disconnect, device number 6
[  836.022394][T13449] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  836.512254][T13114] udevd[13114]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  837.738960][T13464] 8021q: adding VLAN 0 to HW filter on device bond1
[  837.830321][    T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  837.893482][ T9298] tipc: Subscription rejected, illegal request
[  837.980117][    T9] usb 1-1: device descriptor read/64, error -71
[  838.353252][T13480] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  838.600957][    T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  839.155660][    T9] usb 1-1: device descriptor read/64, error -71
[  839.321315][    T9] usb usb1-port1: attempt power cycle
[  840.020111][    T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  840.134487][    T9] usb 1-1: device descriptor read/8, error -71
[  844.193993][T13511] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  844.222208][T13511] syz.1.1836 (13511): drop_caches: 2
[  844.390058][ T5956] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  844.550122][ T5956] usb 6-1: Using ep0 maxpacket: 32
[  845.295717][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  845.453579][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  845.463521][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  845.474963][ T5956] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  845.570731][ T5956] usb 6-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  845.584443][ T5956] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.601682][ T5956] usb 6-1: Product: syz
[  845.606038][ T5956] usb 6-1: Manufacturer: syz
[  845.611360][ T5956] usb 6-1: SerialNumber: syz
[  845.645639][ T5956] usb 6-1: config 0 descriptor??
[  845.678168][ T5956] cypress_m8 6-1:0.0: HID->COM RS232 Adapter converter detected
[  845.707302][ T5956] cyphidcom ttyUSB0: required endpoint is missing
[  846.684375][T13509] binder: 13508:13509 ioctl 4018620d 0 returned -22
[  846.736050][T13531] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  846.761519][T13531] syz.0.1842 (13531): drop_caches: 2
[  846.835122][ T5920] usb 6-1: USB disconnect, device number 7
[  846.871091][ T5920] cypress_m8 6-1:0.0: device disconnected
[  848.901787][T13548] overlay: Unknown parameter 'measure'
[  850.110199][ T5904] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  850.280440][ T5904] usb 3-1: device descriptor read/64, error -71
[  850.583099][ T5904] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  851.670644][ T5904] usb 3-1: device descriptor read/64, error -71
[  851.810063][ T5904] usb usb3-port1: attempt power cycle
[  853.644356][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  853.644374][   T30] audit: type=1326 audit(1755094576.209:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  853.912521][ T5920] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  854.332831][   T30] audit: type=1326 audit(1755094576.319:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.355686][   T30] audit: type=1326 audit(1755094576.319:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.377209][    C0] vkms_vblank_simulate: vblank timer overrun
[  854.451804][   T30] audit: type=1326 audit(1755094576.319:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.581051][   T30] audit: type=1326 audit(1755094576.319:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.644476][ T5920] usb 6-1: Using ep0 maxpacket: 32
[  854.675142][ T5920] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  854.697161][ T5920] usb 6-1: config 0 has no interface number 0
[  854.749316][ T5920] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  854.775601][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  854.833871][   T30] audit: type=1326 audit(1755094576.319:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.834752][ T5920] usb 6-1: Product: syz
[  854.866611][   T30] audit: type=1326 audit(1755094576.319:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  854.876751][T13629] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1861'.
[  854.914698][ T5920] usb 6-1: Manufacturer: syz
[  854.919444][ T5920] usb 6-1: SerialNumber: syz
[  855.438768][   T30] audit: type=1326 audit(1755094576.319:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  855.460493][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.467077][   T30] audit: type=1326 audit(1755094576.319:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  855.576927][ T5920] usb 6-1: config 0 descriptor??
[  855.592823][T13629] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1861'.
[  855.595021][   T30] audit: type=1326 audit(1755094576.329:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13614 comm="syz.3.1857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8afb18ebe9 code=0x7ffc0000
[  855.625957][ T5920] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  855.948137][ T5920] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  856.381965][ T5920] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  857.613053][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  857.621368][ T5920] usb 6-1: USB disconnect, device number 8
[  857.641502][ T5920] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  857.743748][ T5920] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  857.779895][ T5920] quatech2 6-1:0.51: device disconnected
[  858.225776][T13652] ------------[ cut here ]------------
[  858.225968][T13652] WARNING: CPU: 0 PID: 13652 at drivers/gpu/drm/vkms/vkms_crtc.c:97 vkms_get_vblank_timestamp+0x137/0x160
[  858.226033][T13652] Modules linked in:
[  858.226162][T13652] CPU: 0 UID: 0 PID: 13652 Comm: syz.0.1867 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  858.226202][T13652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  858.226232][T13652] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160
[  858.226277][T13652] Code: 42 80 3c 28 00 74 08 48 89 df e8 84 d3 38 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 3a eb d8 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7
[  858.226317][T13652] RSP: 0018:ffffc90011787348 EFLAGS: 00010283
[  858.226382][T13652] RAX: ffffffff85e73a86 RBX: ffffc900117874c0 RCX: 0000000000080000
[  858.226419][T13652] RDX: ffffc900164ec000 RSI: 0000000000000b15 RDI: 0000000000000b16
[  858.226449][T13652] RBP: 1ffff920022f0e98 R08: ffffc90003319000 R09: 0000000000000000
[  858.226479][T13652] R10: ffffc90003319000 R11: ffffffff85e73950 R12: 000000c7d05022ad
[  858.226496][T13652] R13: dffffc0000000000 R14: ffff888021734028 R15: 000000c7d05022ad
[  858.226522][T13652] FS:  00007fe54e1656c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[  858.226556][T13652] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  858.226588][T13652] CR2: 0000001b3401bff8 CR3: 0000000053ed0000 CR4: 00000000003526f0
[  858.226624][T13652] Call Trace:
[  858.226652][T13652]  <TASK>
[  858.226683][T13652]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  858.226731][T13652]  drm_crtc_next_vblank_start+0x223/0x470
[  858.226852][T13652]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  858.226911][T13652]  ? drm_gem_fb_vmap+0x230/0x8d0
[  858.226964][T13652]  drm_atomic_helper_wait_for_fences+0x265/0x8c0
[  858.227040][T13652]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  858.227091][T13652]  ? drm_atomic_helper_prepare_planes+0x670/0xb60
[  858.227158][T13652]  drm_atomic_helper_commit+0x5c7/0xb10
[  858.227224][T13652]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  858.227260][T13652]  drm_atomic_commit+0x25f/0x2c0
[  858.227309][T13652]  ? __pfx_drm_atomic_commit+0x10/0x10
[  858.227353][T13652]  ? __pfx___drm_printfn_info+0x10/0x10
[  858.227421][T13652]  ? drm_client_rotation+0x47c/0x5b0
[  858.227490][T13652]  drm_client_modeset_commit_atomic+0x620/0x760
[  858.227528][T13652]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  858.227548][T13652]  ? trace_contention_end+0x39/0x120
[  858.227598][T13652]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  858.227626][T13652]  drm_client_modeset_commit+0x4a/0x70
[  858.227646][T13652]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[  858.227679][T13652]  drm_fb_helper_set_par+0xaf/0x100
[  858.227698][T13652]  fb_set_var+0x828/0xf50
[  858.227732][T13652]  ? __pfx_fb_set_var+0x10/0x10
[  858.227762][T13652]  ? trace_contention_end+0x39/0x120
[  858.227784][T13652]  ? __mutex_lock+0x330/0xe80
[  858.227808][T13652]  ? __lock_acquire+0xab9/0xd20
[  858.227829][T13652]  ? do_fb_ioctl+0x598/0x750
[  858.227882][T13652]  do_fb_ioctl+0x63b/0x750
[  858.227904][T13652]  ? __pfx_do_fb_ioctl+0x10/0x10
[  858.227942][T13652]  ? __asan_memset+0x22/0x50
[  858.227973][T13652]  ? __pfx_smack_file_ioctl+0x10/0x10
[  858.228004][T13652]  ? __fget_files+0x3a0/0x420
[  858.228023][T13652]  ? __fget_files+0x2a/0x420
[  858.228046][T13652]  ? bpf_lsm_file_ioctl+0x9/0x20
[  858.228065][T13652]  ? __pfx_fb_ioctl+0x10/0x10
[  858.228083][T13652]  __se_sys_ioctl+0xfc/0x170
[  858.228111][T13652]  do_syscall_64+0xfa/0x3b0
[  858.228135][T13652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.228152][T13652]  ? asm_sysvec_call_function_single+0x1a/0x20
[  858.228170][T13652]  ? clear_bhb_loop+0x60/0xb0
[  858.228193][T13652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.228212][T13652] RIP: 0033:0x7fe54d38ebe9
[  858.228232][T13652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  858.228250][T13652] RSP: 002b:00007fe54e165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  858.228273][T13652] RAX: ffffffffffffffda RBX: 00007fe54d5b6090 RCX: 00007fe54d38ebe9
[  858.228290][T13652] RDX: 0000200000000240 RSI: 0000000000004601 RDI: 0000000000000005
[  858.228305][T13652] RBP: 00007fe54d411e19 R08: 0000000000000000 R09: 0000000000000000
[  858.228319][T13652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  858.228332][T13652] R13: 00007fe54d5b6128 R14: 00007fe54d5b6090 R15: 00007ffc02ea28e8
[  858.228367][T13652]  </TASK>
[  858.228389][T13652] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  858.228404][T13652] CPU: 0 UID: 0 PID: 13652 Comm: syz.0.1867 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  858.228425][T13652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  858.228436][T13652] Call Trace:
[  858.228445][T13652]  <TASK>
[  858.228454][T13652]  dump_stack_lvl+0x99/0x250
[  858.228476][T13652]  ? __asan_memcpy+0x40/0x70
[  858.228500][T13652]  ? __pfx_dump_stack_lvl+0x10/0x10
[  858.228520][T13652]  ? __pfx__printk+0x10/0x10
[  858.228554][T13652]  panic+0x2db/0x790
[  858.228579][T13652]  ? __pfx_panic+0x10/0x10
[  858.228595][T13652]  ? show_trace_log_lvl+0x4fb/0x550
[  858.228635][T13652]  __warn+0x31b/0x4b0
[  858.228653][T13652]  ? vkms_get_vblank_timestamp+0x137/0x160
[  858.228682][T13652]  ? vkms_get_vblank_timestamp+0x137/0x160
[  858.228708][T13652]  report_bug+0x2be/0x4f0
[  858.228727][T13652]  ? vkms_get_vblank_timestamp+0x137/0x160
[  858.228755][T13652]  ? vkms_get_vblank_timestamp+0x137/0x160
[  858.228780][T13652]  ? vkms_get_vblank_timestamp+0x139/0x160
[  858.228804][T13652]  handle_bug+0x84/0x160
[  858.228828][T13652]  exc_invalid_op+0x1a/0x50
[  858.228853][T13652]  asm_exc_invalid_op+0x1a/0x20
[  858.228888][T13652] RIP: 0010:vkms_get_vblank_timestamp+0x137/0x160
[  858.228916][T13652] Code: 42 80 3c 28 00 74 08 48 89 df e8 84 d3 38 fc 4c 89 33 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 3a eb d8 fb 90 <0f> 0b 90 eb e3 44 89 e1 80 e1 07 38 c1 0f 8c ff fe ff ff 4c 89 e7
[  858.228932][T13652] RSP: 0018:ffffc90011787348 EFLAGS: 00010283
[  858.228951][T13652] RAX: ffffffff85e73a86 RBX: ffffc900117874c0 RCX: 0000000000080000
[  858.228967][T13652] RDX: ffffc900164ec000 RSI: 0000000000000b15 RDI: 0000000000000b16
[  858.228982][T13652] RBP: 1ffff920022f0e98 R08: ffffc90003319000 R09: 0000000000000000
[  858.228997][T13652] R10: ffffc90003319000 R11: ffffffff85e73950 R12: 000000c7d05022ad
[  858.229014][T13652] R13: dffffc0000000000 R14: ffff888021734028 R15: 000000c7d05022ad
[  858.229037][T13652]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  858.229067][T13652]  ? vkms_get_vblank_timestamp+0x136/0x160
[  858.229101][T13652]  ? vkms_get_vblank_timestamp+0x136/0x160
[  858.229126][T13652]  ? __pfx_vkms_get_vblank_timestamp+0x10/0x10
[  858.229156][T13652]  drm_crtc_next_vblank_start+0x223/0x470
[  858.229195][T13652]  ? __pfx_drm_crtc_next_vblank_start+0x10/0x10
[  858.229231][T13652]  ? drm_gem_fb_vmap+0x230/0x8d0
[  858.229256][T13652]  drm_atomic_helper_wait_for_fences+0x265/0x8c0
[  858.229297][T13652]  ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10
[  858.229329][T13652]  ? drm_atomic_helper_prepare_planes+0x670/0xb60
[  858.229363][T13652]  drm_atomic_helper_commit+0x5c7/0xb10
[  858.229389][T13652]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  858.229407][T13652]  drm_atomic_commit+0x25f/0x2c0
[  858.229436][T13652]  ? __pfx_drm_atomic_commit+0x10/0x10
[  858.229462][T13652]  ? __pfx___drm_printfn_info+0x10/0x10
[  858.229496][T13652]  ? drm_client_rotation+0x47c/0x5b0
[  858.229529][T13652]  drm_client_modeset_commit_atomic+0x620/0x760
[  858.229572][T13652]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  858.229598][T13652]  ? trace_contention_end+0x39/0x120
[  858.229661][T13652]  drm_client_modeset_commit_locked+0xcb/0x4d0
[  858.229694][T13652]  drm_client_modeset_commit+0x4a/0x70
[  858.229720][T13652]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x9d/0x1b0
[  858.229754][T13652]  drm_fb_helper_set_par+0xaf/0x100
[  858.229773][T13652]  fb_set_var+0x828/0xf50
[  858.229814][T13652]  ? __pfx_fb_set_var+0x10/0x10
[  858.229852][T13652]  ? trace_contention_end+0x39/0x120
[  858.229887][T13652]  ? __mutex_lock+0x330/0xe80
[  858.229917][T13652]  ? __lock_acquire+0xab9/0xd20
[  858.229940][T13652]  ? do_fb_ioctl+0x598/0x750
[  858.229991][T13652]  do_fb_ioctl+0x63b/0x750
[  858.230017][T13652]  ? __pfx_do_fb_ioctl+0x10/0x10
[  858.230064][T13652]  ? __asan_memset+0x22/0x50
[  858.230100][T13652]  ? __pfx_smack_file_ioctl+0x10/0x10
[  858.230137][T13652]  ? __fget_files+0x3a0/0x420
[  858.230160][T13652]  ? __fget_files+0x2a/0x420
[  858.230188][T13652]  ? bpf_lsm_file_ioctl+0x9/0x20
[  858.230212][T13652]  ? __pfx_fb_ioctl+0x10/0x10
[  858.230233][T13652]  __se_sys_ioctl+0xfc/0x170
[  858.230267][T13652]  do_syscall_64+0xfa/0x3b0
[  858.230292][T13652]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.230312][T13652]  ? asm_sysvec_call_function_single+0x1a/0x20
[  858.230333][T13652]  ? clear_bhb_loop+0x60/0xb0
[  858.230359][T13652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.230379][T13652] RIP: 0033:0x7fe54d38ebe9
[  858.230397][T13652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  858.230416][T13652] RSP: 002b:00007fe54e165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  858.230438][T13652] RAX: ffffffffffffffda RBX: 00007fe54d5b6090 RCX: 00007fe54d38ebe9
[  858.230455][T13652] RDX: 0000200000000240 RSI: 0000000000004601 RDI: 0000000000000005
[  858.230469][T13652] RBP: 00007fe54d411e19 R08: 0000000000000000 R09: 0000000000000000
[  858.230483][T13652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  858.230495][T13652] R13: 00007fe54d5b6128 R14: 00007fe54d5b6090 R15: 00007ffc02ea28e8
[  858.230532][T13652]  </TASK>
[  858.230918][T13652] Kernel Offset: disabled