last executing test programs:

18m1.370912898s ago: executing program 2 (id=715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x8000)

17m58.763461065s ago: executing program 2 (id=719):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, &(0x7f0000000280)={0x3, 0x2, 0x8, 0x5, 0x7f, 0xb2c, 0x4, 0xffff, 0x710})
socket(0x80000000000000a, 0x2, 0x0)
lseek(0xffffffffffffffff, 0x10001, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)

17m52.825447709s ago: executing program 2 (id=730):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

17m50.412386636s ago: executing program 2 (id=736):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x80100, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x21, 0x0, 0xff35)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$EVIOCGMASK(r2, 0x5b02, 0x0)

17m45.272445137s ago: executing program 2 (id=746):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001480)=[{{&(0x7f0000000100)={0x2, 0x6e20, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

17m40.66217372s ago: executing program 2 (id=756):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000280), 0x6, r0}, 0x38)
getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r6)
sendmsg$IEEE802154_SET_MACPARAMS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x28, r7, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x11}]}, 0x28}}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)

17m25.306670972s ago: executing program 32 (id=756):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000280), 0x6, r0}, 0x38)
getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r6)
sendmsg$IEEE802154_SET_MACPARAMS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x28, r7, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x11}]}, 0x28}}, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)

10m40.865169849s ago: executing program 5 (id=1613):
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$packet(0x11, 0x2, 0x300)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
open(&(0x7f0000000140)='./file0\x00', 0x78e, 0x8)
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x2a)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r1, @ANYRES64=r0], 0x0)

10m36.906592878s ago: executing program 5 (id=1623):
socket(0x848000000015, 0x805, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x200000000003, 0x87)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r0], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

10m36.087608262s ago: executing program 5 (id=1624):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r1, 0x0, 0x4, &(0x7f0000000040)='GPL\x00'}, 0x30)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r3 = syz_io_uring_setup(0x57a0, 0x0, &(0x7f0000000100), &(0x7f0000000140))
io_uring_register$IORING_UNREGISTER_PERSONALITY(r3, 0xa, 0x0, 0x0)
prlimit64(r2, 0xe, &(0x7f00000004c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x10, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})

10m34.942441515s ago: executing program 5 (id=1627):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

10m30.430332209s ago: executing program 5 (id=1632):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x20000000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000040)={0xe, 0xfff})
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@allocspi={0x148, 0x16, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in=@broadcast}, {@in=@dev, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0x7fff}, [@migrate={0x50, 0x11, [{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in, @in6=@empty, @in6=@local}]}]}, 0x148}}, 0x0)

10m28.980189346s ago: executing program 5 (id=1636):
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r4, 0xffffffffffffffff)
r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ppoll(&(0x7f0000000000)=[{r5, 0xa}], 0x1, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x5, 0x0, 0x0, 0x0, 0x20, 0x29, "fafc00"}, 0x0, 0x1, {0x0}})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, 0x0)
recvmmsg$unix(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x34000, 0x0)

10m13.523790915s ago: executing program 33 (id=1636):
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0)
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r4, 0xffffffffffffffff)
r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ppoll(&(0x7f0000000000)=[{r5, 0xa}], 0x1, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x5, 0x0, 0x0, 0x0, 0x20, 0x29, "fafc00"}, 0x0, 0x1, {0x0}})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, 0x0)
recvmmsg$unix(r1, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x34000, 0x0)

9.328197807s ago: executing program 3 (id=3176):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000300)="3734a4f6ec6fd994ec8e0d703296451c8456100bf70a88e1f100388a9aa398e1a95726d7f4def97c499feef5ac7f6699c6abad7becb0835a3d590bc2c947f3b9dc607ffbebe655cf7becd1c5", 0x4c}, {&(0x7f0000000380)="bc76afabc48000af7d838c54865ca21b4e9abe5e9949e5676d8e38f69527f339895e96128e87239f83ae17d478a935974642ce210b28707d6cb398030000000000003bf2085a50eab33944464358066d787c580f3c05873a5ab9cc01", 0x5c}, {&(0x7f0000000400)="f05f551914b9df1db470543c500f21a896370b17fee743a068293de19dff78957d63e5f5cbbd08cf1a54a9e264e1a20a95d9bccd883433c9f457fb7cffe9bd1fd8843158ce20ae2a1f240bc55c4186f3370c9e3e954b6489144d41892365c070f4aaaef38dbd92abc20fc5a685193a216b56c89f46369d6fcf6f6b874b842b05d5b34dd60300c0d4dc869a72d3dcbd301aab75d19e629819d510d0c86e6fda58e5561fda8e4556ac", 0xa8}, {&(0x7f0000000600)}, {&(0x7f0000000800)="d01d1e2326ffdd688963c2bc552d75ab66357beb5dbbdb9833ee60962f7e2bb5b70429429e5d517e62010e1ef5b09136eeba30a00b5b9c46b80076249c24f8cd2bc450755eb25c7bf402c9f7b939492774c0531018826227773f060c8a1c8cb86afad217fdba03bf68469168319c1fe4b6a3b6e588d3ebe1736f8380efeb64f6fb0c", 0x82}, {&(0x7f0000000980)="3d4c86f821589dabd9b6b60343c06b2a5b0cf1677008c4d035c2ff4ebee2019ef2163adf76fc4d55affc20d6e67d79", 0x2f}], 0x6, 0x0, 0x0, 0x4088000}}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003ec0)={0x2020}, 0x2020)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a85320, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
writev(0xffffffffffffffff, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0), 0x320}, {&(0x7f0000000900), 0x4000}], 0xe)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x5, 0xfede, 0x202, 0x100, 0x7, 0xfffffa75, 0x1fd, 0x6}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x50, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}, 0x0, 0x0, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000240)=0x5, 0x0, 0x4)
fsopen(0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x200000000001, 0x0)
write$P9_RSYMLINK(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b9090000000b01000000e8fe55a1180015000600140000000012080004003e000000a80016000a00001c06000200036010fab94dcf5c0461c1a6ced67f6f94007134cf6ee08000a0e408e8d8ef52878516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d95322fe7c9ffeffffff16a4683f1aeb4edbb57a5025ccca9e02360db70100000040fad95667e006dcffff951f215ce3bb9ad809d5e1cace81c639df2d04c343eb7a9db9596bb727ed", 0xcb}], 0x1}, 0x0)

9.327309495s ago: executing program 6 (id=3177):
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)

8.936698428s ago: executing program 6 (id=3180):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
syz_clone(0x80000100, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="c0110000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000011000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000008001e008000000008001f0001"], 0x11c0}}, 0x20004800)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b80000001500"], 0xb8}}, 0x0)
get_mempolicy(&(0x7f0000000100), &(0x7f0000000340), 0xffffffff, &(0x7f00002d5000/0x1000)=nil, 0x7)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x35}}}, 0x1c)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r2, 0x100000000)
r8 = getpid()
r9 = syz_pidfd_open(r8, 0x0)
setns(r3, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x89, 0x40000, {r9}}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4044000)

7.239778798s ago: executing program 6 (id=3185):
socket$kcm(0x10, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x10, 0x2, 0x4)
syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00')
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2101, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x5, 0x2})
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

6.078439037s ago: executing program 6 (id=3188):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000001fc0)={0xc4, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x51, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x12}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}}}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0xc4}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723", 0xcf}], 0x1}, 0x20004804)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0xc, 0x6, 0x0, 0xa, 0x0, 0x70bd26, 0x25dfdbfc, [@sadb_x_policy={0x8, 0x12, 0x2, 0x1, 0x0, 0x6e6bb6, 0x9, {0x6, 0x6c, 0x8, 0xff, 0x0, 0x1, 0x0, @in=@broadcast, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}]}, 0x50}}, 0x10)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

5.616859842s ago: executing program 0 (id=3191):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={<r1=>0x0}, &(0x7f00000001c0)=0xc)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xa, 0x12, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r8, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000000)={0x48, 0x5, r5})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r5, 0x0, 0x0, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r9=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r9, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000400)={0x88, 0x2f, 0x4, 0x70bd2a, 0x25dfdbff, "", [@generic="aca7cfacc7af2d233461344e68fe0b5cb202e145e6bb14d8d095965ac49591198314e3444736ad81888beac0e71c817baa39db00f5c2562a66eccd3cdfa10f154781cc4c2f41988628eb4d92b02559077e0c5a93476ad95b1779fae353560e544c4d2d4e23d26026ef70e2e2a05ddd3910b157ba48cec051"]}, 0x88}, {&(0x7f0000000700)={0x238, 0x21, 0x300, 0x70bd27, 0x25dfdbfb, "", [@nested={0x10, 0xca, 0x0, 0x1, [@typed={0xc, 0x101, 0x0, 0x0, @u64=0x8}]}, @generic="14576c3457647ca46aa127a040d78f8d4948baff07a9402b15389945bb5313ae87ed88d4b2094a1632a1dc38b0bcee8e49aded4144eac2331deb5056cb89a024c29d8b03f1b7a85098ce1537481b8f8e8977a10a2639677d6c2433581c8c5ed30e86fa9e80db4855c95c1049a3f8b5c549710c12ec7ab5322c6352c5438f9e5840da742d70e2763f992cf8c65810f707d3239749f00b364b95041ba33b46b79d24b175811cce4d6cfcb27c1b755b519062d8e0f64084d6ed8424e49d8efc3a3c921861f9d100f3bd1f9e8b250d77a499800b00000000000000659ec85dabb9253ea83627e0becee602789e0e", @generic="ce70b22516164d4d50838d497f668e57e4bdfd11781b3a0c8873979c4af05f945d3792ff9b2671d2ccddbb7fa737640cbbf8e2d8e5589994aaab97f96576d47ce24e175a855b92a0446859b1865cd380dc990205bd39707d46483656e658a281b70a362a1ba7a1753f919e4b46f463cccbdf84d82dcd4073dcff4148b8e3e739d58a", @generic="47a34f79c69b5b7c6443b3975c31c502c4cb02906a885d6406bf0fabaa254783e24028054d726b31ed563fce78be27407bc342acea5003f6e5c05913aa4b1b7b27d10e5372a8bf9c0b19546b83dee8792ea77f4e1fd75f97a652887ea7e086a7a68921de75811d6ff44e408f33f5453fd873f33af18ad778bf67e6ba349428c46875b0c39041d5565e29882b20f96aa45ca5d0da76ce89", @typed={0x8, 0x1, 0x0, 0x0, @pid=r1}, @typed={0x8, 0x109, 0x0, 0x0, @pid=r1}]}, 0x238}], 0x2, 0x0, 0x0, 0x400048c0}, 0x20000080)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)

5.56274498s ago: executing program 6 (id=3192):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$kcm(0x2d, 0x2, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={<r1=>r0})
bind$xdp(r1, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0x22}, 0x10)

5.001350389s ago: executing program 1 (id=3193):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000700)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
lchown(&(0x7f00000006c0)='./file0\x00', r0, 0xee01)
setxattr$system_posix_acl(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000380)={{}, {0x1, 0x6}, [{0x2, 0x7, r0}], {}, [], {0x10, 0x3}}, 0x2c, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @any, 0xffff}, 0xe)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0xff7f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x51}}, 0xe)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r7, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0x841)
r8 = dup(r7)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r8, 0x84, 0x85, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r8, 0x84, 0x85, &(0x7f00000008c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x2400, 0x4003}, 0x90)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000005c0), 0x4000)
getsockopt$inet_sctp6_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000000100)={0x0, 0xbde8, 0xfff, 0xff}, &(0x7f0000000140)=0x10)

4.893363169s ago: executing program 3 (id=3194):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)="957bc3871f54da01138019ebbb3587e39b0af28eea1dc1c5b6b0f27c1111d0f8b71e196a9bb19b466172df083b602f37901653c0b41e9ea3218f6680923cb44fcde97805fe3eaf057d955a0de7c0d5", 0x4f}, {&(0x7f0000000380)="eed4fbdbc377aaa1f97890499828239f7ce11e4611999338e6da1d1d2deca77c81b916aaaa389580ca6ed38e8d0330bc2f0cce161f489d863da5d3adc46e5c8160ccc889403f20dae567d9969efc4355fd27ba3d6e13f78bf9e57c4e3b723dd7b8540917d4c38bd6d37c70c43032fb1cae37de9f57c3bf053fa22d788b5629b444cd80b5c5257223c6d71b597d9c77a96733b2c18bf7adbe30f66959119bbed4e063dbbad441", 0xa6}, {&(0x7f0000000440)="b9c8ea7741e24130b11e66fa8118a2cda01b3f0acd758075e1c9d7949dcabe424ea007a38ff2c228d330852a68f81c6d7ce898bd7e628ae1242068c2e81985e9ee753e1d02319449f6c878bb5726dbc4eda9097bc6315fec72ff234fb9f26512af7b647069e3415c0338618c7adb1ac5b2f77a9effa9b33193a6da989be1900ce5158f956fcb9510d3850911ba7792fbc8ceaff1c9d7ceba64850bf02eeae9c814fb4cdb5e0e9b836ea2cca20b60440969419d09b1a0bbfb1e25c9dc429446bc2ddb467d972c56938e24", 0xca}, {&(0x7f0000000300)="d4eb0cb9b5afe8a92397fd6083599c6c", 0x10}], 0x4, &(0x7f00000005c0)=[@tclass={{0x14, 0x29, 0x43, 0x2}}], 0x18}}], 0x1, 0x40004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000048510000006", @ANYRES32, @ANYBLOB="0000000000000004180000000000001000000000000200009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100200000ffffb702000008000000b50a00000000000085000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.627154361s ago: executing program 0 (id=3195):
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000080), &(0x7f00000000c0)=r4}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3}, &(0x7f0000000240), &(0x7f0000000340)=r4}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
io_setup(0x30, &(0x7f0000000600)=<r5=>0x0)
io_cancel(r5, 0x0, 0x0)
io_submit(r5, 0x1, &(0x7f00000001c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x60a, 0xffffffffffffffff, 0x0}])
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000540)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1159b}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_FWMARK={0x8, 0x14, 0x200}, @IFLA_GRE_FLAGS={0x8, 0xd, 0x100}]}}}]}, 0x4c}}, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x30, r8, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffffff7948}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x2805}, 0x0)

4.617986603s ago: executing program 6 (id=3196):
bind$tipc(0xffffffffffffffff, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000070a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003803100010076657468305f746f5f687372000000005c000000200a0101000b000000000000010000000900020073797a3000008400090001007379"], 0xe8}}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = dup3(r2, r1, 0x0)
timerfd_settime(r3, 0x1, &(0x7f00000001c0)={{}, {0x77359400}}, &(0x7f00000003c0))
r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r5 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
close(r4)

4.273683301s ago: executing program 3 (id=3197):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, 0x0, 0x0)

3.777788235s ago: executing program 1 (id=3198):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x101, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x0, 0x25, 0x148, 0x158, 0x60, 0x358, 0x2a8, 0x2a8, 0x358, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x5e, 0x0, 0x9, 0x0, 0x2, 0xffffffff, 0x7, 0x18}}}, @common=@unspec=@ipvs={{0x48}, {@ipv4=@broadcast, [0x0, 0xffffff00, 0x0, 0xff], 0x4e21, 0x3c, 0x5, 0x4e21, 0x8, 0x8}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x1a0, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x3, 0x2, 0x4, 'syz0\x00', 0x4}}, @common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x0, 0x80000, 0x8000}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x450)

3.750548039s ago: executing program 3 (id=3199):
r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315ce7e0102030109026100010000000009"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

2.862400457s ago: executing program 4 (id=3200):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0xe, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x1000000, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0x4040}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, &(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00f'], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, 0x0, 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002780)=@newqdisc={0x48, 0x14, 0xf0b, 0x4, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xb, 0x1}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x200, 0x80000a, 0x0, 0x1, 0xc0000000}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.823155896s ago: executing program 4 (id=3201):
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd607e1c0b00482f00fc000000000000000000000000000000ff020000000000000000000000000001242022eb000000000000000000000800000086dd080088be00000000100000000100000000000004080022eb000000002000000002000000000000000000000008006558000000003680ea10ed725743d74bbe8552d5811cfe7d08b6d5a02552afc2"], 0x0)

2.769793924s ago: executing program 4 (id=3202):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (fail_nth: 1)

2.733705289s ago: executing program 1 (id=3203):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0xe, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x4000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4000000}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xb4}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x0, 0x0, 0x0, 0xdf64, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002780)=@newqdisc={0x48, 0x14, 0xf0b, 0x4, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xb, 0x1}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x200, 0x80000a, 0x0, 0x1, 0xc0000000}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.374528096s ago: executing program 0 (id=3204):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000006848e9780000000000001e000a00000000000000040004a329554a325827563e793f50c44c680d00"], 0x1c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0x200000)=nil, 0x200000, 0x2000001, 0x2011, 0xffffffffffffffff, 0x0)
getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x6, &(0x7f0000002940), 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
pipe(&(0x7f0000000240)={<r5=>0xffffffffffffffff})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r5, 0x40bc5311, &(0x7f0000000500)={0xe1c, 0x2, 'client1\x00', 0x80000000, "29b0b577b5ac30eb", "1ac6a82c06afa4beac1f51e9ace0fd7a9606043a181a0add90bdaa748a3f4cbd", 0x4, 0x4})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000f, 0x12, r6, 0x7c4ec000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f0000000080))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0xc, 0xfffffffffffffffe)
add_key(&(0x7f00000002c0)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x4, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff0ff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b70000000000000095000010000000004e62011c3034fdb117168bd07ba08af339d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945ff15d802f5132143c0a9fc7a84452569957c1002ed7d458e17f791f4798c8eb484de03312c69b3edff5be26765ba5f8f2879021c2ea53ac547a654bbd2db5356b971d83dd12742be9087a3e7b7c0efd3e38c794eb06b0b8c392904ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057826ef4e912f01a201e694e3049b8c8fe8b65d8d66bb766f7f3f918c86a702522368d9f81897133af94a5a4cff7f4d8b9d8eaf302f0b2e0c252b0000000000000000ee917bca4885bbf597a14ab6458e6272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36be115be3b325ecd201d2ffb0a7fa4f5d1106560cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b861299fcd9ed9d8679406419406bf0c5329bd5b4697336112b0b8756ce3574046bf611a108f8df4d1a88597840b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf39a43a66c5540b8762b42007c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4b19b53b60322af0aa66e8f448e1bd96822e6b70b62912c926dbe417cccd4f696d528fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e171b3baae34c35987b0dda497ac3f5e97e60eaeea15c6d55badf9b86b1c000100006e60cd06c9ed24313ce607d403bb6030f800000000690db0221b1705c501f802ff59b4e683efa4b6e77e042072ec9eb8166f6e28b49a7705a1befc4d315878f88a8fb1dd679fb4c5557abae6849917dc51a89d47b728502f7e621fc0e3ba04020000c149ee6601728c750930519339b44197c22da865059b475afd96187d881e93b42a5fdfd686d8900c44c67133eeb0109dcb60dddad58037fda65885a15a42560ee3027a5ebf95254744f10fd607bc3100b94932b8d9447c42f6e21ee0e54f8be386bdc09decece910a481e648e0cb074536a25ff581d92af08a06f857311a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6ae00f0000000000006a8194479700a02b92bec8d05eae1f24fdd7b80d3dde04c22f689594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4acd7acf1dfe79d6771903b76e2ae47d972651390c22d641030e1ddac018dc3116e1803af10a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f00000000000000001000ba96edb95ede0e1957c2a2754258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548941d5d16297757310d9daebd5a3dabbced3b051129cd60a37d397643324e6f0aadf978d639650000000000000000570b0acbcaa196e6b46e213a34c1a550e7c2d8cee7a278cee591f360e345d37dc9f8991a16c08d72317e42d2ac9126acd76130ef1086016697e4d51c4b42b2efc8edab88d46bc3d5d6e5a634c912bc40513643bf44cb416b3149040220aa39035ae46d16d879fc815a5cb84b0d5c8ad970128adf8dec1171e860ca54ce5d6a5aa0327bca4f49a710bf8a8399071237fe5d764e2034873c94a4f21287f3bce3eeb69e94df2e14e4ab10cc7834b304bc879b80255991dd7aac2e92c9e7c411c019d229c1f1e563152f1c5ae9cda3e808000000a0c779d624c5a2b7491b8f73e767389ecd1dee951353bb22b7caf89468871520823715cfebd04189c6c6b34bd8a6541f6bc0630000000000f94e85f5111add3a3cb5bcace95f38465402c39df835754ef33056b0e1134187822c001a25304f3e00b44675d0a25a21dc4023c642cc6f5a75c45a29ab933600acf9a2d471b73a73178cdf309e5d53311996215b44295dfddc1dd6b81132e999366e460d15d366e84da02b8afc40c47e733f804460ed8300ec34eab2ed80097bd32ff1a6143ab1476037e474ca876187c85bed4391215cd77e6a1fd6399a498b96b9b0cca93255acb08c67e50004c5af6fd5b4ce7c1ebc9202bd7b329a4d2530486d5999dd7f90ebecca37f2869135438f0540801fd7481daf9ec94b799c12e714d573e2a6331f496254f254a60c52b2026ed6a72c82cd191490fabe7b151f92e5d700f21830d613fbe490f305b3845a78817e59bf7ed36471dbca01d39e50ae2535460e1d2f2614940647233a02d5000000000000000000f70e52f0d56f6a4dcf7e57c03d4b4add0500000000000000320304d0d2b308c5ed3956eae263035d703f862224e9818a3d7ac270793a7bf2af87585293960a80ac63c54e55063bf8d24639e561253ef0caf6c58118120d8acecc0528f0d81d291009fc46401baf9c22d1c452a5b61b7a1b9adfcc17f5ad99dcdf935923185db7b14a7fa7babc1f53df70618bb73aa810b756696f26653b84cf842ae433fda59fbe312be11bb7dfecdc38c1c1f688d2724568cc396fca7c74984b7f7bd000000000000003ff3e5857fc6598c933610be374909dc8622b0722259e922f40d7862f7ea72f1754f07711de7600000000000000000000000000c4cb643e73ad8a45f0c7164484540e66e29943aa72297d831ce6c978866a55ed53130c6747f569c9c9abe724b4fc647b17401d2201e8c201e7d6ffa1fa122677f7393ed4fe8a93306f048b6703b04544e42a9cd937ef8d98ee8d878a12a627791c5c2d9fc6de65356be92fd98fdbe819686c7bd3be5bd0ce627c8357675f752c73a502d25c31c831078f098c34295bfe90e882843003841f4c0c65dc1810a50000000000000015911cb03e743c482199757d35df5b59fe0a0c5240c85498d818578e2d65c4ff4acbee037498222b1f81f3726a244da1fd6b8c195f1303bedb744045f31e1547d7bc3c3eae68b8da059a59c8c37e3639c2c4eb3d8229ac24d2ce12bc0e5db4a8202d72e64d5c5eacd0d0c0cd7a879ed967f5a2bd39ae4cf7daf7c9fa1777d54fb5920c8434163f75062c62455bf6e23817a85d"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r8, 0xfeffff, 0x113, 0x3f00f000, &(0x7f0000000700)="c45c573d395de5b2891a7d637a223920f181c2e57d71483cfb2d075a3fa67258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0x4a, 0xffffff0c}, 0x40)

2.19849662s ago: executing program 4 (id=3205):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$inet(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)="7ddb889a", 0xfffffcda}], 0x1}}], 0x1, 0x20000054)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

1.430906117s ago: executing program 1 (id=3206):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$inet(r1, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000540)="7ddb889a", 0xfffffcda}], 0x1}}], 0x1, 0x20000054)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) (fail_nth: 1)

1.291302305s ago: executing program 0 (id=3207):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)="957bc3871f54da01138019ebbb3587e39b0af28eea1dc1c5b6b0f27c1111d0f8b71e196a9bb19b466172df083b602f37901653c0b41e9ea3218f6680923cb44fcde97805fe3eaf057d955a0de7c0d5", 0x4f}, {&(0x7f0000000380)="eed4fbdbc377aaa1f97890499828239f7ce11e4611999338e6da1d1d2deca77c81b916aaaa389580ca6ed38e8d0330bc2f0cce161f489d863da5d3adc46e5c8160ccc889403f20dae567d9969efc4355fd27ba3d6e13f78bf9e57c4e3b723dd7b8540917d4c38bd6d37c70c43032fb1cae37de9f57c3bf053fa22d788b5629b444cd80b5c5257223c6d71b597d9c77a96733b2c18bf7adbe30f66959119bbed4e063dbbad441", 0xa6}, {&(0x7f0000000440)="b9c8ea7741e24130b11e66fa8118a2cda01b3f0acd758075e1c9d7949dcabe424ea007a38ff2c228d330852a68f81c6d7ce898bd7e628ae1242068c2e81985e9ee753e1d02319449f6c878bb5726dbc4eda9097bc6315fec72ff234fb9f26512af7b647069e3415c0338618c7adb1ac5b2f77a9effa9b33193a6da989be1900ce5158f956fcb9510d3850911ba7792fbc8ceaff1c9d7ceba64850bf02eeae9c814fb4cdb5e0e9b836ea2cca20b60440969419d09b1a0bbfb1e25c9dc429446bc2ddb467d972c56938e24", 0xca}, {&(0x7f0000000300)="d4eb0cb9b5afe8a92397fd6083599c6c", 0x10}], 0x4, &(0x7f00000005c0)=[@tclass={{0x14, 0x29, 0x43, 0x2}}], 0x18}}], 0x1, 0x40004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000048510000006", @ANYRES32, @ANYBLOB="0000000000000004180000000000001000000000000200009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100200000ffffb702000008000000b50a00000000000085000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.214799539s ago: executing program 4 (id=3208):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000700)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
lchown(&(0x7f00000006c0)='./file0\x00', r0, 0xee01)
setxattr$system_posix_acl(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000380)={{}, {0x1, 0x6}, [{0x2, 0x7, r0}], {}, [], {0x10, 0x3}}, 0x2c, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x0, @any, 0xffff}, 0xe)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0xff7f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x51}}, 0xe)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0x841)
r7 = dup(0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x85, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x85, &(0x7f00000008c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x2400, 0x4003}, 0x90)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000005c0), 0x4000)
getsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000100)={0x0, 0xbde8, 0xfff, 0xff}, &(0x7f0000000140)=0x10)

1.050601064s ago: executing program 1 (id=3209):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xe}, 0x0, 0x2}, 0xe)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000500)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="043e"], 0xe)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r2 = accept4$alg(r1, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r2, &(0x7f0000000000)='e', 0x3f}])
sendmmsg$alg(r2, &(0x7f0000002280)=[{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000140)="1b", 0x1}], 0x1, &(0x7f0000000800)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4001}], 0x1, 0x80)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000fc0)=0x2000003, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

986.912582ms ago: executing program 0 (id=3210):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000600)=ANY=[@ANYBLOB="18080000d0ff", @ANYRESOCT=0x0, @ANYBLOB="0000000000000004180000000000001000000000000200009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900"], 0x7c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010d57b90b013f4159400", @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001"], 0x3c}, 0x1, 0x0, 0x0, 0x20040}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002780)=@newqdisc={0x48, 0x14, 0xf0b, 0x4, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xb, 0x1}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x200, 0x80000a, 0x0, 0x1, 0xc0000000}}, {0x4}}]}]}, 0x48}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

219.467752ms ago: executing program 4 (id=3211):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x600000000000000, &(0x7f0000000580)=@base={0xf, 0x4, 0x4, 0x20002, 0x0, 0x1, 0xfffffffd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) (async)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x4008031, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000010000000000000000800000850000002700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x14}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8, 0x7, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x4000)

173.098557ms ago: executing program 0 (id=3212):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x1a3c65)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0) (fail_nth: 1)

133.633346ms ago: executing program 3 (id=3213):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x1a3c65)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r2, 0x4140, 0x0)

442.816µs ago: executing program 3 (id=3214):
ptrace$setregs(0x1a, 0x0, 0xc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mq_notify(0xffffffffffffffff, 0x0) (fail_nth: 1)

0s ago: executing program 1 (id=3215):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902640002010000000904010001020d0000052406000105240000000d240f0100000000000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d000009"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x44d01, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000005400))
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x0, 0x0, 0x0, 0xd9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$session_to_parent(0x12)
r5 = socket$nl_route(0x10, 0x3, 0x0)
accept4$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @empty}, &(0x7f0000000300)=0x10, 0x180800)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000100626f6e64000e00001c00028006001800ff0f00000500150000000400050001000400"/52], 0x4c}}, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40078, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ld_fail_ex+0x414/0x560
[ 1361.337400][T16448]  _copy_from_user+0x2d/0xb0
[ 1361.337431][T16448]  get_nodes+0x29c/0x390
[ 1361.337458][T16448]  ? __pfx_get_nodes+0x10/0x10
[ 1361.337486][T16448]  ? ksys_write+0x1cb/0x250
[ 1361.337510][T16448]  __se_sys_mbind+0x18d/0xc30
[ 1361.337542][T16448]  ? __pfx_vfs_write+0x10/0x10
[ 1361.337564][T16448]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1361.337591][T16448]  ? __pfx___se_sys_mbind+0x10/0x10
[ 1361.337623][T16448]  ? __fget_files+0x3a0/0x420
[ 1361.337655][T16448]  ? fput+0xa0/0xd0
[ 1361.337681][T16448]  ? ksys_write+0x22a/0x250
[ 1361.337704][T16448]  ? rcu_is_watching+0x15/0xb0
[ 1361.337732][T16448]  ? __x64_sys_mbind+0x21/0xf0
[ 1361.337768][T16448]  do_syscall_64+0xfa/0x3b0
[ 1361.337791][T16448]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1361.337812][T16448]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1361.337832][T16448]  ? clear_bhb_loop+0x60/0xb0
[ 1361.337857][T16448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1361.337877][T16448] RIP: 0033:0x7f3fa498eb69
[ 1361.337895][T16448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1361.337914][T16448] RSP: 002b:00007f3fa5843038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[ 1361.337935][T16448] RAX: ffffffffffffffda RBX: 00007f3fa4bb5fa0 RCX: 00007f3fa498eb69
[ 1361.337949][T16448] RDX: 0000000000000001 RSI: 0000000000600000 RDI: 0000200000000000
[ 1361.337963][T16448] RBP: 00007f3fa5843090 R08: 0000000000000009 R09: 0000000000000002
[ 1361.337976][T16448] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1361.337988][T16448] R13: 0000000000000000 R14: 00007f3fa4bb5fa0 R15: 00007fff746ad498
[ 1361.338019][T16448]  </TASK>
[ 1361.596173][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.602509][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.629857][T12227] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1361.639979][T12229] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1362.550782][T12229] usb 1-1: device descriptor read/8, error -71
[ 1362.655878][T12227] usb 5-1: device descriptor read/64, error -71
[ 1362.782712][T12227] usb usb5-port1: attempt power cycle
[ 1363.518591][T16466] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2806'.
[ 1363.538543][T16466] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2806'.
[ 1363.654414][ T5932] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1363.900618][ T5932] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1363.962103][ T5932] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1364.073107][ T5932] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1364.117474][ T5932] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1364.209700][ T5932] usb 7-1: Product: syz
[ 1364.237332][ T5932] usb 7-1: Manufacturer: syz
[ 1364.261806][ T5932] usb 7-1: SerialNumber: syz
[ 1364.354845][ T5932] usb 7-1: config 0 descriptor??
[ 1364.366882][ T5932] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 1364.396429][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1364.424568][ T5932] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 1364.446124][ T5932] usb 7-1: media controller created
[ 1364.472180][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1364.559465][ T5932] DVB: Unable to find symbol tda10046_attach()
[ 1364.576161][ T5932] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 1364.590205][ T5932] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 1365.544610][ T5932] dvb_usb_m920x 7-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 1365.613316][ T5932] usb 7-1: USB disconnect, device number 24
[ 1366.022864][T16503] fuse: Unknown parameter '0x0000000000000003'
[ 1366.130737][T16509] FAULT_INJECTION: forcing a failure.
[ 1366.130737][T16509] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1366.154274][T16509] CPU: 0 UID: 0 PID: 16509 Comm: syz.3.2820 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1366.154304][T16509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1366.154318][T16509] Call Trace:
[ 1366.154326][T16509]  <TASK>
[ 1366.154335][T16509]  dump_stack_lvl+0x189/0x250
[ 1366.154363][T16509]  ? __pfx____ratelimit+0x10/0x10
[ 1366.154386][T16509]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1366.154408][T16509]  ? __pfx__printk+0x10/0x10
[ 1366.154434][T16509]  ? __might_fault+0xb0/0x130
[ 1366.154466][T16509]  should_fail_ex+0x414/0x560
[ 1366.154492][T16509]  _copy_from_user+0x2d/0xb0
[ 1366.154522][T16509]  ___sys_sendmsg+0x158/0x2a0
[ 1366.154556][T16509]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1366.154625][T16509]  ? __fget_files+0x2a/0x420
[ 1366.154647][T16509]  ? __fget_files+0x3a0/0x420
[ 1366.154680][T16509]  __x64_sys_sendmsg+0x19b/0x260
[ 1366.154714][T16509]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1366.154756][T16509]  ? __pfx_ksys_write+0x10/0x10
[ 1366.154772][T16509]  ? rcu_is_watching+0x15/0xb0
[ 1366.154799][T16509]  ? do_syscall_64+0xbe/0x3b0
[ 1366.154825][T16509]  do_syscall_64+0xfa/0x3b0
[ 1366.154846][T16509]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1366.154866][T16509]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.154891][T16509]  ? clear_bhb_loop+0x60/0xb0
[ 1366.154916][T16509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.154935][T16509] RIP: 0033:0x7f5bf878eb69
[ 1366.154952][T16509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1366.154969][T16509] RSP: 002b:00007f5bf9612038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1366.154990][T16509] RAX: ffffffffffffffda RBX: 00007f5bf89b5fa0 RCX: 00007f5bf878eb69
[ 1366.155004][T16509] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[ 1366.155016][T16509] RBP: 00007f5bf9612090 R08: 0000000000000000 R09: 0000000000000000
[ 1366.155028][T16509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1366.155039][T16509] R13: 0000000000000000 R14: 00007f5bf89b5fa0 R15: 00007ffc87d0a268
[ 1366.155070][T16509]  </TASK>
[ 1366.807701][T16531] FAULT_INJECTION: forcing a failure.
[ 1366.807701][T16531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1366.821511][T16531] CPU: 0 UID: 0 PID: 16531 Comm: syz.1.2828 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1366.821537][T16531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1366.821549][T16531] Call Trace:
[ 1366.821557][T16531]  <TASK>
[ 1366.821566][T16531]  dump_stack_lvl+0x189/0x250
[ 1366.821594][T16531]  ? __pfx____ratelimit+0x10/0x10
[ 1366.821616][T16531]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1366.821639][T16531]  ? __pfx__printk+0x10/0x10
[ 1366.821665][T16531]  ? __might_fault+0xb0/0x130
[ 1366.821697][T16531]  should_fail_ex+0x414/0x560
[ 1366.821723][T16531]  _copy_from_user+0x2d/0xb0
[ 1366.821752][T16531]  __sys_bpf+0x1ed/0x860
[ 1366.821784][T16531]  ? __pfx___sys_bpf+0x10/0x10
[ 1366.821829][T16531]  ? ksys_write+0x22a/0x250
[ 1366.821851][T16531]  ? __pfx_ksys_write+0x10/0x10
[ 1366.821868][T16531]  ? rcu_is_watching+0x15/0xb0
[ 1366.821916][T16531]  __x64_sys_bpf+0x7c/0x90
[ 1366.821945][T16531]  do_syscall_64+0xfa/0x3b0
[ 1366.821968][T16531]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1366.821990][T16531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.822012][T16531]  ? clear_bhb_loop+0x60/0xb0
[ 1366.822039][T16531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.822060][T16531] RIP: 0033:0x7fa351f8eb69
[ 1366.822085][T16531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1366.822104][T16531] RSP: 002b:00007fa352d32038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1366.822126][T16531] RAX: ffffffffffffffda RBX: 00007fa3521b6080 RCX: 00007fa351f8eb69
[ 1366.822146][T16531] RDX: 0000000000000094 RSI: 0000200000000680 RDI: 0000000000000002
[ 1366.822160][T16531] RBP: 00007fa352d32090 R08: 0000000000000000 R09: 0000000000000000
[ 1366.822174][T16531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1366.822186][T16531] R13: 0000000000000000 R14: 00007fa3521b6080 R15: 00007ffc2a0f2c58
[ 1366.822220][T16531]  </TASK>
[ 1367.081426][T16533] fuse: Unknown parameter '0x0000000000000003'
[ 1367.146189][T16535] FAULT_INJECTION: forcing a failure.
[ 1367.146189][T16535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1367.159458][T16535] CPU: 0 UID: 0 PID: 16535 Comm: syz.3.2832 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1367.159484][T16535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1367.159496][T16535] Call Trace:
[ 1367.159505][T16535]  <TASK>
[ 1367.159513][T16535]  dump_stack_lvl+0x189/0x250
[ 1367.159540][T16535]  ? __pfx____ratelimit+0x10/0x10
[ 1367.159561][T16535]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1367.159584][T16535]  ? __pfx__printk+0x10/0x10
[ 1367.159609][T16535]  ? __might_fault+0xb0/0x130
[ 1367.159641][T16535]  should_fail_ex+0x414/0x560
[ 1367.159666][T16535]  _copy_from_user+0x2d/0xb0
[ 1367.159695][T16535]  __sys_bpf+0x1ed/0x860
[ 1367.159726][T16535]  ? __pfx___sys_bpf+0x10/0x10
[ 1367.159768][T16535]  ? ksys_write+0x22a/0x250
[ 1367.159789][T16535]  ? __pfx_ksys_write+0x10/0x10
[ 1367.159804][T16535]  ? rcu_is_watching+0x15/0xb0
[ 1367.159834][T16535]  __x64_sys_bpf+0x7c/0x90
[ 1367.159861][T16535]  do_syscall_64+0xfa/0x3b0
[ 1367.159882][T16535]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1367.159902][T16535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1367.159922][T16535]  ? clear_bhb_loop+0x60/0xb0
[ 1367.159947][T16535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1367.159965][T16535] RIP: 0033:0x7f5bf878eb69
[ 1367.159982][T16535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1367.159999][T16535] RSP: 002b:00007f5bf9612038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1367.160020][T16535] RAX: ffffffffffffffda RBX: 00007f5bf89b5fa0 RCX: 00007f5bf878eb69
[ 1367.160034][T16535] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[ 1367.160047][T16535] RBP: 00007f5bf9612090 R08: 0000000000000000 R09: 0000000000000000
[ 1367.160066][T16535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1367.160077][T16535] R13: 0000000000000000 R14: 00007f5bf89b5fa0 R15: 00007ffc87d0a268
[ 1367.160108][T16535]  </TASK>
[ 1367.519969][T16539] vlan0: entered promiscuous mode
[ 1367.522747][T16537] RDS: rds_bind could not find a transport for ::4000:0:20:0, load rds_tcp or rds_rdma?
[ 1367.525609][T16539] vlan0: left allmulticast mode
[ 1367.543702][T16539] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2835'.
[ 1367.555668][T16539] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2835'.
[ 1367.566831][T16539] [U] ^C
[ 1367.584782][T16543] FAULT_INJECTION: forcing a failure.
[ 1367.584782][T16543] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1367.611095][T16543] CPU: 0 UID: 0 PID: 16543 Comm: syz.3.2836 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1367.611121][T16543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1367.611133][T16543] Call Trace:
[ 1367.611141][T16543]  <TASK>
[ 1367.611149][T16543]  dump_stack_lvl+0x189/0x250
[ 1367.611177][T16543]  ? __pfx____ratelimit+0x10/0x10
[ 1367.611210][T16543]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1367.611230][T16543]  ? __pfx__printk+0x10/0x10
[ 1367.611255][T16543]  ? __might_fault+0xb0/0x130
[ 1367.611283][T16543]  should_fail_ex+0x414/0x560
[ 1367.611308][T16543]  _copy_from_user+0x2d/0xb0
[ 1367.611334][T16543]  ___sys_sendmsg+0x158/0x2a0
[ 1367.611367][T16543]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1367.611430][T16543]  ? __fget_files+0x2a/0x420
[ 1367.611451][T16543]  ? __fget_files+0x3a0/0x420
[ 1367.611482][T16543]  __x64_sys_sendmsg+0x19b/0x260
[ 1367.611513][T16543]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1367.611552][T16543]  ? __pfx_ksys_write+0x10/0x10
[ 1367.611568][T16543]  ? rcu_is_watching+0x15/0xb0
[ 1367.611594][T16543]  ? do_syscall_64+0xbe/0x3b0
[ 1367.611619][T16543]  do_syscall_64+0xfa/0x3b0
[ 1367.611638][T16543]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1367.611658][T16543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1367.611676][T16543]  ? clear_bhb_loop+0x60/0xb0
[ 1367.611699][T16543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1367.611717][T16543] RIP: 0033:0x7f5bf878eb69
[ 1367.611733][T16543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1367.611748][T16543] RSP: 002b:00007f5bf9612038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1367.611775][T16543] RAX: ffffffffffffffda RBX: 00007f5bf89b5fa0 RCX: 00007f5bf878eb69
[ 1367.611788][T16543] RDX: 0000000000000000 RSI: 0000200000003780 RDI: 0000000000000003
[ 1367.611800][T16543] RBP: 00007f5bf9612090 R08: 0000000000000000 R09: 0000000000000000
[ 1367.611811][T16543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1367.611821][T16543] R13: 0000000000000000 R14: 00007f5bf89b5fa0 R15: 00007ffc87d0a268
[ 1367.611851][T16543]  </TASK>
[ 1368.062701][T16564] fuse: Unknown parameter '0x0000000000000003'
[ 1368.197719][T16572] FAULT_INJECTION: forcing a failure.
[ 1368.197719][T16572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1368.239720][T16574] FAULT_INJECTION: forcing a failure.
[ 1368.239720][T16574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1368.262235][T16572] CPU: 1 UID: 0 PID: 16572 Comm: syz.4.2845 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1368.262263][T16572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1368.262275][T16572] Call Trace:
[ 1368.262283][T16572]  <TASK>
[ 1368.262291][T16572]  dump_stack_lvl+0x189/0x250
[ 1368.262319][T16572]  ? __pfx____ratelimit+0x10/0x10
[ 1368.262342][T16572]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1368.262365][T16572]  ? __pfx__printk+0x10/0x10
[ 1368.262404][T16572]  should_fail_ex+0x414/0x560
[ 1368.262430][T16572]  _copy_to_user+0x31/0xb0
[ 1368.262462][T16572]  simple_read_from_buffer+0xe1/0x170
[ 1368.262488][T16572]  proc_fail_nth_read+0x1df/0x250
[ 1368.262516][T16572]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1368.262543][T16572]  ? rw_verify_area+0x258/0x650
[ 1368.262574][T16572]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1368.262600][T16572]  vfs_read+0x200/0x980
[ 1368.262637][T16572]  ? __pfx___mutex_lock+0x10/0x10
[ 1368.262660][T16572]  ? __pfx_vfs_read+0x10/0x10
[ 1368.262692][T16572]  ? __fget_files+0x2a/0x420
[ 1368.262719][T16572]  ? __fget_files+0x3a0/0x420
[ 1368.262740][T16572]  ? __fget_files+0x2a/0x420
[ 1368.262772][T16572]  ksys_read+0x145/0x250
[ 1368.262793][T16572]  ? __pfx_ksys_read+0x10/0x10
[ 1368.262817][T16572]  ? do_syscall_64+0xbe/0x3b0
[ 1368.262844][T16572]  do_syscall_64+0xfa/0x3b0
[ 1368.262865][T16572]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1368.262885][T16572]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.262905][T16572]  ? clear_bhb_loop+0x60/0xb0
[ 1368.262929][T16572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.262948][T16572] RIP: 0033:0x7fc5c0f8d57c
[ 1368.262975][T16572] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1368.262992][T16572] RSP: 002b:00007fc5c1eba030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1368.263013][T16572] RAX: ffffffffffffffda RBX: 00007fc5c11b5fa0 RCX: 00007fc5c0f8d57c
[ 1368.263027][T16572] RDX: 000000000000000f RSI: 00007fc5c1eba0a0 RDI: 0000000000000004
[ 1368.263039][T16572] RBP: 00007fc5c1eba090 R08: 0000000000000000 R09: 0000000000000000
[ 1368.263051][T16572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1368.263063][T16572] R13: 0000000000000000 R14: 00007fc5c11b5fa0 R15: 00007ffe51a07838
[ 1368.263094][T16572]  </TASK>
[ 1368.380967][T16574] CPU: 0 UID: 0 PID: 16574 Comm: syz.6.2847 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1368.380997][T16574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1368.381011][T16574] Call Trace:
[ 1368.381020][T16574]  <TASK>
[ 1368.381029][T16574]  dump_stack_lvl+0x189/0x250
[ 1368.381060][T16574]  ? __pfx____ratelimit+0x10/0x10
[ 1368.381083][T16574]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1368.381108][T16574]  ? __pfx__printk+0x10/0x10
[ 1368.381154][T16574]  ? __might_fault+0xb0/0x130
[ 1368.381190][T16574]  should_fail_ex+0x414/0x560
[ 1368.381222][T16574]  _copy_from_user+0x2d/0xb0
[ 1368.381256][T16574]  __sys_bpf+0x1ed/0x860
[ 1368.381294][T16574]  ? __pfx___sys_bpf+0x10/0x10
[ 1368.381343][T16574]  ? ksys_write+0x22a/0x250
[ 1368.381369][T16574]  ? __pfx_ksys_write+0x10/0x10
[ 1368.381387][T16574]  ? rcu_is_watching+0x15/0xb0
[ 1368.381422][T16574]  __x64_sys_bpf+0x7c/0x90
[ 1368.381455][T16574]  do_syscall_64+0xfa/0x3b0
[ 1368.381479][T16574]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1368.381503][T16574]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.381527][T16574]  ? clear_bhb_loop+0x60/0xb0
[ 1368.381555][T16574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.381578][T16574] RIP: 0033:0x7f3fa498eb69
[ 1368.381597][T16574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1368.381616][T16574] RSP: 002b:00007f3fa5843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1368.381640][T16574] RAX: ffffffffffffffda RBX: 00007f3fa4bb5fa0 RCX: 00007f3fa498eb69
[ 1368.381656][T16574] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 000000000000000a
[ 1368.381671][T16574] RBP: 00007f3fa5843090 R08: 0000000000000000 R09: 0000000000000000
[ 1368.381686][T16574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1368.381707][T16574] R13: 0000000000000000 R14: 00007f3fa4bb5fa0 R15: 00007fff746ad498
[ 1368.381743][T16574]  </TASK>
[ 1368.734578][T12227] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1368.924310][T12227] usb 4-1: Using ep0 maxpacket: 16
[ 1369.149901][T12227] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1369.170093][T12227] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1369.203943][T12227] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1369.243550][T12227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1369.268611][T12227] usb 4-1: Product: syz
[ 1369.287888][T12227] usb 4-1: Manufacturer: syz
[ 1369.292554][T12227] usb 4-1: SerialNumber: syz
[ 1369.532913][T16586] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2)
[ 1369.584288][ T5966] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1369.894316][ T5966] usb 7-1: Using ep0 maxpacket: 16
[ 1369.947910][T12227] usb 4-1: 0:2 : does not exist
[ 1370.207884][ T5966] usb 7-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a
[ 1370.242104][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1370.254490][T12227] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1370.301751][ T5966] usb 7-1: Product: syz
[ 1370.327677][ T5966] usb 7-1: Manufacturer: syz
[ 1370.356062][ T5966] usb 7-1: SerialNumber: syz
[ 1370.383760][T12227] usb 4-1: USB disconnect, device number 76
[ 1370.408496][ T5966] usb 7-1: config 0 descriptor??
[ 1370.438868][ T5966] mcba_usb 7-1:0.0: Can't find endpoints
[ 1370.462398][T16598] netlink: 4268 bytes leftover after parsing attributes in process `syz.4.2855'.
[ 1370.478159][T16272] udevd[16272]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1370.615502][T16601] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2856'.
[ 1370.656506][T16578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1370.684952][T16578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1370.710525][T16578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1370.726264][T16578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1370.733635][T16604] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2858'.
[ 1370.750475][T12227] usb 7-1: USB disconnect, device number 25
[ 1370.953258][T16586] bridge: RTM_NEWNEIGH with invalid ether address
[ 1371.088685][T16617] FAULT_INJECTION: forcing a failure.
[ 1371.088685][T16617] name failslab, interval 1, probability 0, space 0, times 0
[ 1371.114608][T16617] CPU: 1 UID: 0 PID: 16617 Comm: syz.4.2863 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1371.114653][T16617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1371.114667][T16617] Call Trace:
[ 1371.114675][T16617]  <TASK>
[ 1371.114684][T16617]  dump_stack_lvl+0x189/0x250
[ 1371.114721][T16617]  ? __pfx____ratelimit+0x10/0x10
[ 1371.114743][T16617]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1371.114767][T16617]  ? __pfx__printk+0x10/0x10
[ 1371.114801][T16617]  ? __pfx___might_resched+0x10/0x10
[ 1371.114824][T16617]  ? fs_reclaim_acquire+0x7d/0x100
[ 1371.114854][T16617]  should_fail_ex+0x414/0x560
[ 1371.114882][T16617]  should_failslab+0xa8/0x100
[ 1371.114908][T16617]  __kmalloc_noprof+0xcb/0x4f0
[ 1371.114926][T16617]  ? kfree+0x4d/0x440
[ 1371.114955][T16617]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1371.114989][T16617]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1371.115019][T16617]  ? tomoyo_domain+0xda/0x130
[ 1371.115053][T16617]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1371.115076][T16617]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1371.115102][T16617]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1371.115145][T16617]  ? __lock_acquire+0xab9/0xd20
[ 1371.115188][T16617]  ? __fget_files+0x2a/0x420
[ 1371.115216][T16617]  ? __fget_files+0x2a/0x420
[ 1371.115239][T16617]  ? __fget_files+0x3a0/0x420
[ 1371.115261][T16617]  ? __fget_files+0x2a/0x420
[ 1371.115290][T16617]  security_file_ioctl+0xcb/0x2d0
[ 1371.115319][T16617]  __se_sys_ioctl+0x47/0x170
[ 1371.115353][T16617]  do_syscall_64+0xfa/0x3b0
[ 1371.115376][T16617]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1371.115398][T16617]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1371.115419][T16617]  ? clear_bhb_loop+0x60/0xb0
[ 1371.115445][T16617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1371.115466][T16617] RIP: 0033:0x7fc5c0f8eb69
[ 1371.115484][T16617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1371.115503][T16617] RSP: 002b:00007fc5c1eba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1371.115525][T16617] RAX: ffffffffffffffda RBX: 00007fc5c11b5fa0 RCX: 00007fc5c0f8eb69
[ 1371.115541][T16617] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1371.115554][T16617] RBP: 00007fc5c1eba090 R08: 0000000000000000 R09: 0000000000000000
[ 1371.115567][T16617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1371.115580][T16617] R13: 0000000000000000 R14: 00007fc5c11b5fa0 R15: 00007ffe51a07838
[ 1371.115613][T16617]  </TASK>
[ 1371.117952][T16617] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1371.174282][ T5966] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1371.554274][ T5932] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1371.676952][ T5966] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1371.688148][ T5966] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1371.698451][ T5966] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1371.708108][ T5966] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1371.716243][ T5966] usb 4-1: Product: syz
[ 1371.720683][ T5966] usb 4-1: Manufacturer: syz
[ 1371.739864][ T5966] usb 4-1: SerialNumber: syz
[ 1372.111937][ T5932] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1372.122639][ T5932] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1372.126877][ T5966] usb 4-1: config 0 descriptor??
[ 1372.132910][ T5932] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1372.143858][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1372.152427][ T5932] usb 1-1: Product: syz
[ 1372.157948][ T5932] usb 1-1: Manufacturer: syz
[ 1372.162900][ T5932] usb 1-1: SerialNumber: syz
[ 1372.163319][ T5966] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 1372.168332][T12213] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1372.189989][ T5932] usb 1-1: config 0 descriptor??
[ 1372.191995][ T5966] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1372.210555][ T5932] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 1372.212096][ T5966] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 1372.231219][ T5966] usb 4-1: media controller created
[ 1372.235875][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1372.267642][ T5966] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1372.292074][ T5932] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 1372.310727][ T5932] usb 1-1: media controller created
[ 1372.334640][T12213] usb 7-1: Using ep0 maxpacket: 16
[ 1372.345374][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1372.355354][T12213] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1372.371586][T12213] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1372.385352][T12213] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1372.454471][T12213] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1372.474333][T12213] usb 7-1: Product: syz
[ 1372.482855][T12213] usb 7-1: Manufacturer: syz
[ 1372.500625][T12213] usb 7-1: SerialNumber: syz
[ 1372.534356][ T5966] DVB: Unable to find symbol tda10046_attach()
[ 1372.540641][ T5966] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 1372.570102][ T5966] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 1372.571314][ T5932] DVB: Unable to find symbol tda10046_attach()
[ 1372.603300][ T5932] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 1372.631087][ T5932] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 1372.875839][T12213] usb 7-1: 0:2 : does not exist
[ 1372.914471][ T5971] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1373.053690][T12213] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[ 1373.084035][ T5971] usb 5-1: device descriptor read/64, error -71
[ 1373.208738][ T5966] dvb_usb_m920x 4-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 1373.288761][ T5932] dvb_usb_m920x 1-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 1373.341192][ T5932] usb 1-1: USB disconnect, device number 67
[ 1373.354944][ T5971] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1373.366508][ T5966] usb 4-1: USB disconnect, device number 77
[ 1373.371914][T12213] usb 7-1: USB disconnect, device number 26
[ 1373.518935][ T5971] usb 5-1: device descriptor read/64, error -71
[ 1373.562324][T16652] udevd[16652]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1373.647948][ T5971] usb usb5-port1: attempt power cycle
[ 1374.014501][ T5971] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1374.049502][ T5971] usb 5-1: device descriptor read/8, error -71
[ 1374.354707][ T5971] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1374.395654][ T5971] usb 5-1: device descriptor read/8, error -71
[ 1374.515347][ T5971] usb usb5-port1: unable to enumerate USB device
[ 1374.888472][T16560] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1374.908558][T16560] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1374.917815][T16560] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1374.926166][T16560] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1374.934003][T16560] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1375.203793][T16667] chnl_net:caif_netlink_parms(): no params data found
[ 1375.364555][ T1146] bridge_slave_1: left promiscuous mode
[ 1375.373304][ T1146] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1375.399223][ T1146] bridge_slave_0: left promiscuous mode
[ 1375.407395][ T1146] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1375.940205][ T1146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1376.508066][ T1146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1376.573639][ T1146] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1376.582729][ T1146] bond0 (unregistering): Released all slaves
[ 1376.599164][T16667] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1376.606572][T16667] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1376.613804][T16667] bridge_slave_0: entered allmulticast mode
[ 1376.622136][T16667] bridge_slave_0: entered promiscuous mode
[ 1376.647139][T16667] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1376.671534][T16667] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1376.681029][T16667] bridge_slave_1: entered allmulticast mode
[ 1376.693727][T16667] bridge_slave_1: entered promiscuous mode
[ 1376.734926][T16676] ip6gretap0: entered promiscuous mode
[ 1376.740983][T16676] vlan2: entered promiscuous mode
[ 1376.979768][T16560] Bluetooth: hci0: command tx timeout
[ 1377.036554][T16686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1377.062109][T16686] ALSA: mixer_oss: invalid OSS volume ''
[ 1377.740825][ T1146] tipc: Left network mode
[ 1378.679225][T16708] FAULT_INJECTION: forcing a failure.
[ 1378.679225][T16708] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1378.768489][T16708] CPU: 1 UID: 0 PID: 16708 Comm: syz.0.2882 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1378.768521][T16708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1378.768534][T16708] Call Trace:
[ 1378.768543][T16708]  <TASK>
[ 1378.768553][T16708]  dump_stack_lvl+0x189/0x250
[ 1378.768583][T16708]  ? __pfx____ratelimit+0x10/0x10
[ 1378.768608][T16708]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1378.768633][T16708]  ? __pfx__printk+0x10/0x10
[ 1378.768675][T16708]  should_fail_ex+0x414/0x560
[ 1378.768705][T16708]  _copy_to_user+0x31/0xb0
[ 1378.768738][T16708]  simple_read_from_buffer+0xe1/0x170
[ 1378.768768][T16708]  proc_fail_nth_read+0x1df/0x250
[ 1378.768799][T16708]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1378.768830][T16708]  ? rw_verify_area+0x258/0x650
[ 1378.768863][T16708]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1378.768892][T16708]  vfs_read+0x200/0x980
[ 1378.768931][T16708]  ? __pfx___mutex_lock+0x10/0x10
[ 1378.768957][T16708]  ? __pfx_vfs_read+0x10/0x10
[ 1378.768992][T16708]  ? __fget_files+0x2a/0x420
[ 1378.769023][T16708]  ? __fget_files+0x3a0/0x420
[ 1378.769045][T16708]  ? __fget_files+0x2a/0x420
[ 1378.769087][T16708]  ksys_read+0x145/0x250
[ 1378.769110][T16708]  ? __pfx_ksys_read+0x10/0x10
[ 1378.769127][T16708]  ? rcu_is_watching+0x15/0xb0
[ 1378.769157][T16708]  ? do_syscall_64+0xbe/0x3b0
[ 1378.769187][T16708]  do_syscall_64+0xfa/0x3b0
[ 1378.769209][T16708]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1378.769231][T16708]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1378.769253][T16708]  ? clear_bhb_loop+0x60/0xb0
[ 1378.769281][T16708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1378.769301][T16708] RIP: 0033:0x7ff08158d57c
[ 1378.769321][T16708] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1378.769339][T16708] RSP: 002b:00007ff082481030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1378.769362][T16708] RAX: ffffffffffffffda RBX: 00007ff0817b6160 RCX: 00007ff08158d57c
[ 1378.769377][T16708] RDX: 000000000000000f RSI: 00007ff0824810a0 RDI: 0000000000000006
[ 1378.769390][T16708] RBP: 00007ff082481090 R08: 0000000000000000 R09: 0000000000000000
[ 1378.769404][T16708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1378.769418][T16708] R13: 0000000000000000 R14: 00007ff0817b6160 R15: 00007ffc4b4e2ee8
[ 1378.769453][T16708]  </TASK>
[ 1379.248258][T16560] Bluetooth: hci0: command tx timeout
[ 1379.835695][T16667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1379.865113][T16718] FAULT_INJECTION: forcing a failure.
[ 1379.865113][T16718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1379.876962][T16700] syzkaller1: entered promiscuous mode
[ 1379.883871][T16700] syzkaller1: entered allmulticast mode
[ 1379.938505][T16718] CPU: 0 UID: 0 PID: 16718 Comm: syz.4.2885 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1379.938529][T16718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1379.938541][T16718] Call Trace:
[ 1379.938548][T16718]  <TASK>
[ 1379.938556][T16718]  dump_stack_lvl+0x189/0x250
[ 1379.938582][T16718]  ? __pfx____ratelimit+0x10/0x10
[ 1379.938602][T16718]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1379.938623][T16718]  ? __pfx__printk+0x10/0x10
[ 1379.938648][T16718]  ? __might_fault+0xb0/0x130
[ 1379.938677][T16718]  should_fail_ex+0x414/0x560
[ 1379.938703][T16718]  _copy_from_user+0x2d/0xb0
[ 1379.938730][T16718]  ___sys_recvmsg+0x12e/0x510
[ 1379.938755][T16718]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1379.938797][T16718]  ? __fget_files+0x3a0/0x420
[ 1379.938829][T16718]  do_recvmmsg+0x307/0x770
[ 1379.938856][T16718]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1379.938886][T16718]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1379.938926][T16718]  __x64_sys_recvmmsg+0x190/0x240
[ 1379.938971][T16718]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1379.938997][T16718]  ? do_syscall_64+0xbe/0x3b0
[ 1379.939024][T16718]  do_syscall_64+0xfa/0x3b0
[ 1379.939045][T16718]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1379.939065][T16718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1379.939085][T16718]  ? clear_bhb_loop+0x60/0xb0
[ 1379.939110][T16718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1379.939129][T16718] RIP: 0033:0x7fc5c0f8eb69
[ 1379.939146][T16718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1379.939164][T16718] RSP: 002b:00007fc5c1e99038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1379.939184][T16718] RAX: ffffffffffffffda RBX: 00007fc5c11b6080 RCX: 00007fc5c0f8eb69
[ 1379.939198][T16718] RDX: 0000000000000004 RSI: 00002000000086c0 RDI: 0000000000000003
[ 1379.939210][T16718] RBP: 00007fc5c1e99090 R08: 0000000000000000 R09: 0000000000000000
[ 1379.939223][T16718] R10: 0000000000004022 R11: 0000000000000246 R12: 0000000000000001
[ 1379.939236][T16718] R13: 0000000000000001 R14: 00007fc5c11b6080 R15: 00007ffe51a07838
[ 1379.939265][T16718]  </TASK>
[ 1380.222164][T16667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1381.015574][T16750] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[ 1381.042255][T16667] team0: Port device team_slave_0 added
[ 1381.077583][T16750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2890'.
[ 1381.090046][T16667] team0: Port device team_slave_1 added
[ 1381.124232][ T5966] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1381.240571][T16667] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1381.269441][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1381.304862][T16560] Bluetooth: hci0: command tx timeout
[ 1381.309623][ T5966] usb 1-1: Using ep0 maxpacket: 32
[ 1381.325028][T16667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1381.336368][ T5966] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1381.349297][T16667] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1381.356469][T16667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1381.383075][T16667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1381.392633][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1381.419257][ T5966] usb 1-1: config 0 descriptor??
[ 1381.444307][ T1146] hsr_slave_0: left promiscuous mode
[ 1381.449339][ T5966] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1381.459830][ T1146] hsr_slave_1: left promiscuous mode
[ 1381.475529][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1381.484505][ T1146] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1381.872393][ T1146] team0 (unregistering): Port device team_slave_1 removed
[ 1381.912473][ T1146] team0 (unregistering): Port device team_slave_0 removed
[ 1381.966068][ T5966] gspca_nw80x: reg_w err -110
[ 1381.970900][ T5966] nw80x 1-1:0.0: probe with driver nw80x failed with error -110
[ 1382.176363][ T5971] usb 1-1: USB disconnect, device number 68
[ 1382.462548][T16760] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[ 1382.477553][T16760] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[ 1382.507900][T16667] hsr_slave_0: entered promiscuous mode
[ 1382.515003][T16667] hsr_slave_1: entered promiscuous mode
[ 1382.521887][T16667] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1382.533037][T16667] Cannot create hsr debugfs directory
[ 1382.594530][ T5971] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1382.729536][ T5966] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1382.898678][ T5966] usb 7-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 1382.936137][ T5971] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1383.005704][ T5971] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1383.183335][ T5971] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1383.469698][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1383.483165][ T5966] usb 7-1: Product: syz
[ 1383.487438][ T5966] usb 7-1: Manufacturer: syz
[ 1383.492062][ T5966] usb 7-1: SerialNumber: syz
[ 1383.604660][T16560] Bluetooth: hci0: command tx timeout
[ 1383.629465][ T5966] usb 7-1: config 0 descriptor??
[ 1383.645947][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1383.646441][ T5966] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 1383.772350][T16763] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1383.817931][ T5971] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1384.027441][T16763] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2893'.
[ 1384.364808][ T5966] gspca_sunplus: reg_w_riv err -110
[ 1384.370187][ T5966] sunplus 7-1:0.0: probe with driver sunplus failed with error -110
[ 1384.484108][ T5966] usb 1-1: USB disconnect, device number 69
[ 1384.694249][T12229] usb 7-1: USB disconnect, device number 27
[ 1384.794282][ T5971] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1384.947695][ T5971] usb 5-1: Using ep0 maxpacket: 8
[ 1384.961041][ T5971] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[ 1385.036189][ T5971] usb 5-1: config 0 has no interface number 0
[ 1385.037714][T16667] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1385.083166][ T5971] usb 5-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=be.68
[ 1385.100719][ T5971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1385.112518][ T5971] usb 5-1: Product: syz
[ 1385.119776][ T5971] usb 5-1: Manufacturer: syz
[ 1385.124972][ T5971] usb 5-1: SerialNumber: syz
[ 1385.143397][ T5971] usb 5-1: config 0 descriptor??
[ 1385.144839][T16667] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1385.161887][ T5971] redrat3 5-1:0.31: Couldn't find all endpoints
[ 1385.190865][T16667] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1385.275833][T16667] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1385.837651][T16667] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1385.894958][ T5966] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1385.910789][T16667] 8021q: adding VLAN 0 to HW filter on device team0
[ 1385.980643][T12184] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1385.987959][T12184] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1386.076121][ T5966] usb 7-1: Using ep0 maxpacket: 8
[ 1386.086512][ T5966] usb 7-1: config 0 has an invalid interface number: 29 but max is 0
[ 1386.098335][ T5966] usb 7-1: config 0 has no interface number 0
[ 1386.109492][ T5966] usb 7-1: config 0 interface 29 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1386.132574][ T5966] usb 7-1: config 0 interface 29 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1386.163211][T12184] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1386.170378][T12184] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1386.183196][ T5966] usb 7-1: config 0 interface 29 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[ 1386.203740][ T5966] usb 7-1: config 0 interface 29 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[ 1386.329060][ T5966] usb 7-1: config 0 interface 29 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1386.368520][ T5966] usb 7-1: config 0 interface 29 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1386.421465][ T5966] usb 7-1: config 0 interface 29 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1386.502375][ T5966] usb 7-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01
[ 1386.527426][ T5966] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1386.555312][ T5966] usb 7-1: Product: syz
[ 1386.591618][ T5966] usb 7-1: Manufacturer: syz
[ 1386.622286][ T5966] usb 7-1: SerialNumber: syz
[ 1386.662045][ T5966] usb 7-1: config 0 descriptor??
[ 1386.677742][T16815] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1386.693309][ T5966] ums-usbat 7-1:0.29: USB Mass Storage device detected
[ 1386.999462][ T5966] ums-usbat 7-1:0.29: probe with driver ums-usbat failed with error -5
[ 1387.028636][ T5966] usb 7-1: USB disconnect, device number 28
[ 1387.227247][T12227] usb 5-1: USB disconnect, device number 70
[ 1387.379149][T16667] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1387.582022][T16667] veth0_vlan: entered promiscuous mode
[ 1387.592094][T16857] overlayfs: conflicting options: nfs_export=on,index=off
[ 1387.599074][T16860] overlayfs: conflicting options: nfs_export=on,index=off
[ 1387.804311][T12227] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1387.818394][T16667] veth1_vlan: entered promiscuous mode
[ 1387.848357][T16667] veth0_macvtap: entered promiscuous mode
[ 1387.861332][T16667] veth1_macvtap: entered promiscuous mode
[ 1388.212967][T16869] tmpfs: Unknown parameter 'usrquota_block'
[ 1388.838022][T12229] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1388.917184][T12227] usb 5-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[ 1388.929241][T12227] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 129
[ 1388.956037][T16667] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1388.999196][T16667] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1389.046781][T16667] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1389.069727][T16667] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1389.074740][T12227] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[ 1389.099770][T12229] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1389.114246][T12227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1389.114672][T16667] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1389.122257][T12227] usb 5-1: Product: syz
[ 1389.122276][T12227] usb 5-1: Manufacturer: syz
[ 1389.122292][T12227] usb 5-1: SerialNumber: syz
[ 1389.134229][T12229] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1389.163900][T16667] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1389.166527][T12227] usb 5-1: config 0 descriptor??
[ 1389.184252][T12229] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1389.193339][T12229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1389.235445][T16853] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1389.264950][T12229] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1389.409257][T12227] mos7840 5-1:0.0: required endpoints missing
[ 1389.453392][T16882] vlan2: entered promiscuous mode
[ 1389.469881][T16882] bridge0: entered promiscuous mode
[ 1389.495816][T16853] netlink: 'syz.0.2907': attribute type 2 has an invalid length.
[ 1389.506249][T16853] netlink: 'syz.0.2907': attribute type 1 has an invalid length.
[ 1389.530608][   T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1389.576833][   T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1389.618643][T12227] usb 5-1: USB disconnect, device number 71
[ 1389.726515][ T5932] usb 1-1: USB disconnect, device number 70
[ 1389.736845][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1389.744846][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1390.040110][T16897] FAULT_INJECTION: forcing a failure.
[ 1390.040110][T16897] name failslab, interval 1, probability 0, space 0, times 0
[ 1390.067028][T16897] CPU: 1 UID: 0 PID: 16897 Comm: syz.6.2915 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1390.067056][T16897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1390.067068][T16897] Call Trace:
[ 1390.067076][T16897]  <TASK>
[ 1390.067084][T16897]  dump_stack_lvl+0x189/0x250
[ 1390.067111][T16897]  ? __pfx____ratelimit+0x10/0x10
[ 1390.067132][T16897]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1390.067155][T16897]  ? __pfx__printk+0x10/0x10
[ 1390.067183][T16897]  ? __pfx___might_resched+0x10/0x10
[ 1390.067204][T16897]  ? fs_reclaim_acquire+0x7d/0x100
[ 1390.067233][T16897]  should_fail_ex+0x414/0x560
[ 1390.067258][T16897]  should_failslab+0xa8/0x100
[ 1390.067282][T16897]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1390.067303][T16897]  ? __alloc_skb+0x112/0x2d0
[ 1390.067335][T16897]  __alloc_skb+0x112/0x2d0
[ 1390.067366][T16897]  alloc_skb_with_frags+0xca/0x890
[ 1390.067394][T16897]  ? __lock_acquire+0xab9/0xd20
[ 1390.067426][T16897]  sock_alloc_send_pskb+0x857/0x990
[ 1390.067467][T16897]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1390.067487][T16897]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1390.067520][T16897]  ? __might_fault+0xb0/0x130
[ 1390.067543][T16897]  hci_sock_sendmsg+0x207/0xef0
[ 1390.067577][T16897]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1390.067611][T16897]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1390.067631][T16897]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1390.067663][T16897]  __sock_sendmsg+0x21c/0x270
[ 1390.067689][T16897]  sock_write_iter+0x258/0x330
[ 1390.067714][T16897]  ? __pfx_sock_write_iter+0x10/0x10
[ 1390.067747][T16897]  ? bpf_lsm_file_permission+0x9/0x20
[ 1390.067768][T16897]  ? security_file_permission+0x75/0x290
[ 1390.067799][T16897]  vfs_write+0x54b/0xa90
[ 1390.067822][T16897]  ? __pfx_sock_write_iter+0x10/0x10
[ 1390.067845][T16897]  ? __pfx_vfs_write+0x10/0x10
[ 1390.067881][T16897]  ? __fget_files+0x2a/0x420
[ 1390.067913][T16897]  ksys_write+0x145/0x250
[ 1390.067934][T16897]  ? __pfx_ksys_write+0x10/0x10
[ 1390.067950][T16897]  ? rcu_is_watching+0x15/0xb0
[ 1390.067976][T16897]  ? do_syscall_64+0xbe/0x3b0
[ 1390.068002][T16897]  do_syscall_64+0xfa/0x3b0
[ 1390.068022][T16897]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1390.068042][T16897]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1390.068062][T16897]  ? clear_bhb_loop+0x60/0xb0
[ 1390.068086][T16897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1390.068105][T16897] RIP: 0033:0x7f3fa498eb69
[ 1390.068139][T16897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1390.068158][T16897] RSP: 002b:00007f3fa5843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1390.068179][T16897] RAX: ffffffffffffffda RBX: 00007f3fa4bb5fa0 RCX: 00007f3fa498eb69
[ 1390.068194][T16897] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000007
[ 1390.068207][T16897] RBP: 00007f3fa5843090 R08: 0000000000000000 R09: 0000000000000000
[ 1390.068220][T16897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1390.068232][T16897] R13: 0000000000000000 R14: 00007f3fa4bb5fa0 R15: 00007fff746ad498
[ 1390.068265][T16897]  </TASK>
[ 1390.371412][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1390.821017][T16914] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1391.006933][T16917] tipc: Resetting bearer <eth:syzkaller0>
[ 1391.105707][T16924] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2921'.
[ 1391.888872][T16879] tipc: Node number set to 3028680704
[ 1391.970660][T16913] tipc: Disabling bearer <eth:syzkaller0>
[ 1392.300867][T16936] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1392.640102][T16936] FAULT_INJECTION: forcing a failure.
[ 1392.640102][T16936] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1393.114303][T16936] CPU: 0 UID: 0 PID: 16936 Comm: syz.0.2924 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1393.114331][T16936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1393.114343][T16936] Call Trace:
[ 1393.114351][T16936]  <TASK>
[ 1393.114359][T16936]  dump_stack_lvl+0x189/0x250
[ 1393.114386][T16936]  ? __pfx____ratelimit+0x10/0x10
[ 1393.114405][T16936]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1393.114425][T16936]  ? __pfx__printk+0x10/0x10
[ 1393.114448][T16936]  ? __might_fault+0xb0/0x130
[ 1393.114477][T16936]  should_fail_ex+0x414/0x560
[ 1393.114501][T16936]  _copy_from_user+0x2d/0xb0
[ 1393.114528][T16936]  ___sys_sendmsg+0x158/0x2a0
[ 1393.114558][T16936]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1393.114596][T16936]  ? trace_irq_disable+0x37/0x110
[ 1393.114622][T16936]  ? preempt_schedule_irq+0xde/0x150
[ 1393.114652][T16936]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1393.114696][T16936]  ? kasan_check_range+0x9f/0x2c0
[ 1393.114724][T16936]  __x64_sys_sendmsg+0x19b/0x260
[ 1393.114747][T16936]  ? schedule+0x165/0x360
[ 1393.114763][T16936]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1393.114806][T16936]  ? do_syscall_64+0xbe/0x3b0
[ 1393.114829][T16936]  do_syscall_64+0xfa/0x3b0
[ 1393.114849][T16936]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1393.114865][T16936]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1393.114880][T16936]  ? clear_bhb_loop+0x60/0xb0
[ 1393.114900][T16936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1393.114916][T16936] RIP: 0033:0x7ff08158eb69
[ 1393.114932][T16936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1393.114947][T16936] RSP: 002b:00007ff082481038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1393.114967][T16936] RAX: ffffffffffffffda RBX: 00007ff0817b6160 RCX: 00007ff08158eb69
[ 1393.114980][T16936] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000007
[ 1393.114990][T16936] RBP: 00007ff082481090 R08: 0000000000000000 R09: 0000000000000000
[ 1393.115001][T16936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1393.115011][T16936] R13: 0000000000000000 R14: 00007ff0817b6160 R15: 00007ffc4b4e2ee8
[ 1393.115037][T16936]  </TASK>
[ 1393.865826][T16879] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1393.985958][T12208] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1393.996356][T12208] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1394.030047][T12208] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1394.050022][T12208] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1394.060610][T12208] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1394.127019][T16879] usb 7-1: Using ep0 maxpacket: 32
[ 1394.138692][T16879] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[ 1394.235925][T16879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1394.272921][T16960] program syz.0.2928 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1394.565858][T16879] usb 7-1: config 0 descriptor??
[ 1394.716779][T16879] gspca_main: nw80x-2.14.0 probing 055f:d001
[ 1394.798187][T16963] [U] 
[ 1394.800936][T16963] [U] 
[ 1394.803626][T16963] [U] 
[ 1394.806338][T16963] [U] 
[ 1394.827900][T16963] [U] 
[ 1394.830673][T16963] [U] 
[ 1394.833394][T16963] [U] 
[ 1394.836126][T16963] [U] 
[ 1394.847082][T16963] [U] 
[ 1394.849826][T16963] [U] 
[ 1394.852545][T16963] [U] 
[ 1394.903355][T16966] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2930'.
[ 1394.981476][T16962] [U] 
[ 1395.068216][T16971] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2931'.
[ 1395.092889][T16968] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2931'.
[ 1395.251182][T16879] gspca_nw80x: reg_w err -110
[ 1395.251264][T16879] nw80x 7-1:0.0: probe with driver nw80x failed with error -110
[ 1395.294331][ T5971] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1395.302925][T16950] chnl_net:caif_netlink_parms(): no params data found
[ 1395.444670][ T5971] usb 4-1: Using ep0 maxpacket: 16
[ 1395.467672][ T5971] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1395.467701][ T5971] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1395.479628][ T5971] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1395.479659][ T5971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1395.479681][ T5971] usb 4-1: Product: syz
[ 1395.479697][ T5971] usb 4-1: Manufacturer: syz
[ 1395.479713][ T5971] usb 4-1: SerialNumber: syz
[ 1395.522435][T12213] usb 7-1: USB disconnect, device number 29
[ 1395.714932][ T5971] usb 4-1: 0:2 : does not exist
[ 1395.719764][ T5971] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1395.773470][ T5971] usb 4-1: USB disconnect, device number 78
[ 1396.167452][T12208] Bluetooth: hci4: command tx timeout
[ 1396.285996][T16652] udevd[16652]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1396.456511][T17002] FAULT_INJECTION: forcing a failure.
[ 1396.456511][T17002] name failslab, interval 1, probability 0, space 0, times 0
[ 1396.456589][T17002] CPU: 1 UID: 0 PID: 17002 Comm: syz.3.2937 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1396.456611][T17002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1396.456623][T17002] Call Trace:
[ 1396.456631][T17002]  <TASK>
[ 1396.456639][T17002]  dump_stack_lvl+0x189/0x250
[ 1396.456665][T17002]  ? __pfx____ratelimit+0x10/0x10
[ 1396.456688][T17002]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1396.456710][T17002]  ? __pfx__printk+0x10/0x10
[ 1396.456744][T17002]  ? __pfx___might_resched+0x10/0x10
[ 1396.456766][T17002]  ? fs_reclaim_acquire+0x7d/0x100
[ 1396.456794][T17002]  should_fail_ex+0x414/0x560
[ 1396.456821][T17002]  should_failslab+0xa8/0x100
[ 1396.456844][T17002]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1396.456864][T17002]  ? __alloc_skb+0x112/0x2d0
[ 1396.456896][T17002]  __alloc_skb+0x112/0x2d0
[ 1396.456928][T17002]  alloc_skb_with_frags+0xca/0x890
[ 1396.456960][T17002]  ? __lock_acquire+0xab9/0xd20
[ 1396.456990][T17002]  sock_alloc_send_pskb+0x857/0x990
[ 1396.457030][T17002]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1396.457052][T17002]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1396.457074][T17002]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1396.457106][T17002]  qrtr_sendmsg+0x487/0x860
[ 1396.457131][T17002]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1396.457153][T17002]  ? __pfx_qrtr_bcast_enqueue+0x10/0x10
[ 1396.457185][T17002]  ? __pfx_qrtr_sendmsg+0x10/0x10
[ 1396.457215][T17002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1396.457235][T17002]  ? __pfx_qrtr_sendmsg+0x10/0x10
[ 1396.457261][T17002]  __sock_sendmsg+0x21c/0x270
[ 1396.457287][T17002]  sock_write_iter+0x258/0x330
[ 1396.457317][T17002]  ? __pfx_sock_write_iter+0x10/0x10
[ 1396.457363][T17002]  ? bpf_lsm_file_permission+0x9/0x20
[ 1396.457386][T17002]  ? security_file_permission+0x75/0x290
[ 1396.457420][T17002]  vfs_write+0x54b/0xa90
[ 1396.457446][T17002]  ? __pfx_sock_write_iter+0x10/0x10
[ 1396.457479][T17002]  ? __pfx_vfs_write+0x10/0x10
[ 1396.457508][T17002]  ? __fget_files+0x2a/0x420
[ 1396.457540][T17002]  ksys_write+0x145/0x250
[ 1396.457560][T17002]  ? __pfx_ksys_write+0x10/0x10
[ 1396.457576][T17002]  ? rcu_is_watching+0x15/0xb0
[ 1396.457603][T17002]  ? do_syscall_64+0xbe/0x3b0
[ 1396.457630][T17002]  do_syscall_64+0xfa/0x3b0
[ 1396.457650][T17002]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1396.457671][T17002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1396.457691][T17002]  ? clear_bhb_loop+0x60/0xb0
[ 1396.457715][T17002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1396.457734][T17002] RIP: 0033:0x7fba5e98eb69
[ 1396.457751][T17002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1396.457768][T17002] RSP: 002b:00007fba5f806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1396.457789][T17002] RAX: ffffffffffffffda RBX: 00007fba5ebb5fa0 RCX: 00007fba5e98eb69
[ 1396.457803][T17002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1396.457814][T17002] RBP: 00007fba5f806090 R08: 0000000000000000 R09: 0000000000000000
[ 1396.457826][T17002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1396.457838][T17002] R13: 0000000000000000 R14: 00007fba5ebb5fa0 R15: 00007ffcd4743938
[ 1396.457869][T17002]  </TASK>
[ 1396.478967][T16950] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1396.598890][T16950] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1396.599094][T16950] bridge_slave_0: entered allmulticast mode
[ 1396.600883][T16950] bridge_slave_0: entered promiscuous mode
[ 1396.746153][T16950] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1396.746260][T16950] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1396.746466][T16950] bridge_slave_1: entered allmulticast mode
[ 1396.748213][T16950] bridge_slave_1: entered promiscuous mode
[ 1396.793056][T16950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1396.795833][T16950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1398.110492][T16950] team0: Port device team_slave_0 added
[ 1398.254430][T12208] Bluetooth: hci4: command tx timeout
[ 1398.436122][ T4502] bridge_slave_1: left promiscuous mode
[ 1398.436306][ T4502] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1398.440747][ T4502] bridge_slave_0: left promiscuous mode
[ 1398.440879][ T4502] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1399.454845][T17024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1399.758161][T17029] netlink: 'syz.3.2942': attribute type 4 has an invalid length.
[ 1399.809734][T17033] netlink: 'syz.3.2942': attribute type 4 has an invalid length.
[ 1400.324518][T12208] Bluetooth: hci4: command tx timeout
[ 1401.893484][ T4502] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1401.949751][ T4502] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1402.030044][ T4502] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1402.076847][ T4502] bond0 (unregistering): Released all slaves
[ 1402.403939][T16950] team0: Port device team_slave_1 added
[ 1402.414332][T12208] Bluetooth: hci4: command tx timeout
[ 1404.873512][ T4502] tipc: Disabling bearer <eth:syzkaller0>
[ 1404.940478][ T4502] tipc: Left network mode
[ 1404.948387][T16950] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1404.974012][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1405.011474][T16950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1405.122649][T16950] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1405.148800][T16950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1405.224287][T16950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1405.316275][T15585] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1405.454680][ T5971] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1405.474304][T15585] usb 1-1: Using ep0 maxpacket: 16
[ 1405.484852][T15585] usb 1-1: config 8 has an invalid interface number: 206 but max is 0
[ 1405.488572][T16950] hsr_slave_0: entered promiscuous mode
[ 1405.493035][T15585] usb 1-1: config 8 has no interface number 0
[ 1405.493082][T15585] usb 1-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[ 1405.502079][T16950] hsr_slave_1: entered promiscuous mode
[ 1405.528530][T15585] usb 1-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[ 1405.536706][T16950] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1405.552172][T16950] Cannot create hsr debugfs directory
[ 1405.556091][T15585] usb 1-1: config 8 interface 206 altsetting 1 bulk endpoint 0xC has invalid maxpacket 3
[ 1405.601001][T15585] usb 1-1: config 8 interface 206 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[ 1405.616391][ T5971] usb 4-1: Using ep0 maxpacket: 8
[ 1405.654808][ T5971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1405.669638][T15585] usb 1-1: config 8 interface 206 has no altsetting 0
[ 1405.691524][ T5971] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1405.725315][ T5971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1405.733713][T15585] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[ 1405.775184][ T5971] usb 4-1: config 0 descriptor??
[ 1405.787832][T15585] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1405.818960][T15585] usb 1-1: Product: syz
[ 1405.823235][T15585] usb 1-1: Manufacturer: syz
[ 1405.838775][T15585] usb 1-1: SerialNumber: syz
[ 1405.873388][T17062] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1406.555104][ T5971] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1406.575729][ T4502] hsr_slave_0: left promiscuous mode
[ 1406.672470][ T4502] hsr_slave_1: left promiscuous mode
[ 1406.763933][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1406.885098][T16879] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1406.960221][ T4502] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1406.967168][T15585] garmin_gps 1-1:8.206: Garmin GPS usb/tty converter detected
[ 1407.155447][T16879] usb 7-1: Using ep0 maxpacket: 16
[ 1407.324778][T16879] usb 7-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1407.538475][T16879] usb 7-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[ 1407.748963][T16879] usb 7-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1407.967215][T16879] usb 7-1: config 1 interface 0 has no altsetting 0
[ 1408.125704][T16879] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1408.251509][T16879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1408.379833][T16879] usb 7-1: Product: syz
[ 1408.428551][T16879] usb 7-1: Manufacturer: syz
[ 1408.493075][T16879] usb 7-1: SerialNumber: syz
[ 1408.837229][ T5971] usb 4-1: USB disconnect, device number 79
[ 1408.888866][T15585] usb 1-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[ 1408.915777][T15585] usb 1-1: USB disconnect, device number 71
[ 1408.932219][T15585] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[ 1408.945469][T15585] garmin_gps 1-1:8.206: device disconnected
[ 1409.047584][T16879] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[ 1410.365543][T16355] usb 7-1: USB disconnect, device number 30
[ 1411.014846][T16355] usblp0: removed
[ 1411.064361][T12208] Bluetooth: hci4: command 0x0401 tx timeout
[ 1411.078904][T17094] Bluetooth: hci4: Opcode 0x0401 failed: -110
[ 1411.130987][T17116] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2961'.
[ 1411.422786][T17094] program syz.3.2955 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1411.777459][T17098] overlayfs: failed to resolve './bus': -2
[ 1411.797733][T17098] overlay: Unknown parameter 'func'
[ 1412.204869][T16355] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1412.554636][T16355] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1412.570120][T16355] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1412.583980][T16355] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[ 1412.599682][T16355] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1412.622984][T16355] usb 5-1: config 0 descriptor??
[ 1412.661184][ T5971] kernel write not supported for file /input/event2 (pid: 5971 comm: kworker/1:6)
[ 1412.661439][ T4502] team0 (unregistering): Port device team_slave_1 removed
[ 1412.730731][ T4502] team0 (unregistering): Port device team_slave_0 removed
[ 1413.236383][T16355] cypress 0003:04B4:DE61.0010: item fetching failed at offset 5/7
[ 1413.249444][T16355] cypress 0003:04B4:DE61.0010: parse failed
[ 1413.258932][T16355] cypress 0003:04B4:DE61.0010: probe with driver cypress failed with error -22
[ 1413.836154][T17137] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[ 1413.859458][ T5971] usb 5-1: USB disconnect, device number 72
[ 1413.871498][T17137] IPv6: addrconf: prefix option has invalid lifetime
[ 1414.196137][T17140] netlink: 'syz.3.2967': attribute type 1 has an invalid length.
[ 1414.204287][T17140] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1414.965547][T17142] vlan2: entered promiscuous mode
[ 1414.988200][T17142] ip6gretap0: entered promiscuous mode
[ 1415.714291][T16355] usb 5-1: new full-speed USB device number 73 using dummy_hcd
[ 1415.880069][ T5932] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1415.938244][T16355] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1416.064238][ T5932] usb 4-1: Using ep0 maxpacket: 8
[ 1416.585281][T16355] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1416.604821][T16355] usb 5-1: config 0 descriptor??
[ 1416.646501][ T5932] usb 4-1: config index 0 descriptor too short (expected 74, got 45)
[ 1416.661569][ T5932] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[ 1416.679445][ T5932] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1416.690836][ T5932] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[ 1416.712796][ T5932] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1416.731949][ T5932] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1416.761807][ T5932] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1416.772401][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1416.819913][T17159] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2974'.
[ 1416.979430][T16355] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1416.997525][ T5932] usb 4-1: GET_CAPABILITIES returned 0
[ 1417.018613][ T4502] IPVS: stop unused estimator thread 0...
[ 1417.030618][ T5932] usbtmc 4-1:16.0: can't read capabilities
[ 1417.178117][T16355] [drm:udl_init] *ERROR* Selecting channel failed
[ 1417.207955][T17149] FAULT_INJECTION: forcing a failure.
[ 1417.207955][T17149] name failslab, interval 1, probability 0, space 0, times 0
[ 1417.222495][T17149] CPU: 1 UID: 0 PID: 17149 Comm: syz.3.2972 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1417.222521][T17149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1417.222535][T17149] Call Trace:
[ 1417.222544][T17149]  <TASK>
[ 1417.222567][T17149]  dump_stack_lvl+0x189/0x250
[ 1417.222603][T17149]  ? __pfx____ratelimit+0x10/0x10
[ 1417.222625][T17149]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1417.222650][T17149]  ? __pfx__printk+0x10/0x10
[ 1417.222681][T17149]  ? __pfx___might_resched+0x10/0x10
[ 1417.222705][T17149]  ? fs_reclaim_acquire+0x7d/0x100
[ 1417.222744][T17149]  should_fail_ex+0x414/0x560
[ 1417.222773][T17149]  should_failslab+0xa8/0x100
[ 1417.222799][T17149]  __kmalloc_noprof+0xcb/0x4f0
[ 1417.222820][T17149]  ? usb_alloc_urb+0x46/0x150
[ 1417.222848][T17149]  usb_alloc_urb+0x46/0x150
[ 1417.222873][T17149]  usbtmc_write+0x178/0xc30
[ 1417.222904][T17149]  ? security_file_permission+0x75/0x290
[ 1417.222930][T17149]  ? rw_verify_area+0x258/0x650
[ 1417.222963][T17149]  ? __pfx_usbtmc_write+0x10/0x10
[ 1417.222991][T17149]  vfs_write+0x27e/0xa90
[ 1417.223022][T17149]  ? __pfx_vfs_write+0x10/0x10
[ 1417.223045][T17149]  ? __fget_files+0x2a/0x420
[ 1417.223072][T17149]  ? __fget_files+0x2a/0x420
[ 1417.223095][T17149]  ? __fget_files+0x3a0/0x420
[ 1417.223117][T17149]  ? __fget_files+0x2a/0x420
[ 1417.223151][T17149]  ksys_write+0x145/0x250
[ 1417.223175][T17149]  ? __pfx_ksys_write+0x10/0x10
[ 1417.223189][T17149]  ? rcu_is_watching+0x15/0xb0
[ 1417.223212][T17149]  ? do_syscall_64+0xbe/0x3b0
[ 1417.223234][T17149]  do_syscall_64+0xfa/0x3b0
[ 1417.223251][T17149]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1417.223269][T17149]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1417.223285][T17149]  ? clear_bhb_loop+0x60/0xb0
[ 1417.223306][T17149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1417.223322][T17149] RIP: 0033:0x7fba5e98eb69
[ 1417.223339][T17149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1417.223353][T17149] RSP: 002b:00007fba5f806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1417.223371][T17149] RAX: ffffffffffffffda RBX: 00007fba5ebb5fa0 RCX: 00007fba5e98eb69
[ 1417.223384][T17149] RDX: 0000000000000003 RSI: 0000200000000100 RDI: 0000000000000004
[ 1417.223394][T17149] RBP: 00007fba5f806090 R08: 0000000000000000 R09: 0000000000000000
[ 1417.223405][T17149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1417.223414][T17149] R13: 0000000000000000 R14: 00007fba5ebb5fa0 R15: 00007ffcd4743938
[ 1417.223441][T17149]  </TASK>
[ 1417.474320][T12227] usb 4-1: USB disconnect, device number 80
[ 1417.508995][T16355] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[ 1417.635409][T16355] [drm] Initialized udl on minor 2
[ 1417.642614][T16355] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1417.765097][T16355] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1417.775869][T12227] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1417.800100][T16355] usb 5-1: USB disconnect, device number 73
[ 1417.820067][T12227] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[ 1417.829061][T16950] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1417.880546][T16950] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1417.938133][T16950] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1418.028455][T16950] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1418.324889][T16950] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1418.414747][T16355] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1418.445583][T16950] 8021q: adding VLAN 0 to HW filter on device team0
[ 1419.236134][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1419.243347][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1419.247981][T16355] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1419.275468][T16355] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1419.283560][T16355] usb 5-1: Product: syz
[ 1419.307257][T16355] usb 5-1: Manufacturer: syz
[ 1419.311923][T16355] usb 5-1: SerialNumber: syz
[ 1419.332052][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1419.339357][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1419.354310][T16355] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1419.378907][T16879] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1419.793701][ T5932] usb 5-1: USB disconnect, device number 74
[ 1420.494194][T16879] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1420.495718][T17224] vlan2: entered promiscuous mode
[ 1420.554723][T16879] ath9k_htc: Failed to initialize the device
[ 1420.595131][ T5932] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1420.799004][T16950] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1421.014275][T16355] usb 4-1: new full-speed USB device number 81 using dummy_hcd
[ 1421.023314][T16950] veth0_vlan: entered promiscuous mode
[ 1421.113383][T17233] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2987'.
[ 1421.123235][T16950] veth1_vlan: entered promiscuous mode
[ 1421.131204][T17236] fuse: Bad value for 'rootmode'
[ 1421.181742][T16355] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[ 1421.224178][T16355] usb 4-1: config 0 has no interface number 0
[ 1421.232878][T16950] veth0_macvtap: entered promiscuous mode
[ 1421.252124][T16355] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1421.263838][T16950] veth1_macvtap: entered promiscuous mode
[ 1421.446722][T16355] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1421.674203][T17243] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2989'.
[ 1421.796515][T16355] usb 4-1: Product: syz
[ 1421.800875][T16355] usb 4-1: Manufacturer: syz
[ 1421.815447][T16355] usb 4-1: SerialNumber: syz
[ 1421.826226][T16355] usb 4-1: config 0 descriptor??
[ 1421.848998][T16950] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1421.873948][T16950] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1421.946568][T16950] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1421.976662][T16950] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1421.992559][T16950] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1422.068653][T16355] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected
[ 1422.160091][T16950] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1422.892376][T16355] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81
[ 1422.994794][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.004705][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.064539][T16355] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1
[ 1423.077214][ T6213] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1423.107230][T16355] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2
[ 1423.124245][ T6213] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1423.157802][T16355] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1423.183287][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1423.234278][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1423.662070][T12227] usb 4-1: USB disconnect, device number 81
[ 1423.888667][T12227] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1424.087025][T12227] keyspan 4-1:0.133: device disconnected
[ 1425.894673][T16560] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1425.914644][T16560] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1425.925736][T16560] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1425.938448][T16560] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1425.969516][T16560] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1426.409674][ T1100] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1427.067461][ T1100] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1427.267345][ T1100] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1427.556349][ T1100] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1428.165589][T12208] Bluetooth: hci3: command tx timeout
[ 1428.718531][T17300] chnl_net:caif_netlink_parms(): no params data found
[ 1428.990609][ T1100] bridge_slave_1: left allmulticast mode
[ 1429.022371][ T1100] bridge_slave_1: left promiscuous mode
[ 1429.064632][ T1100] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1429.115357][ T1100] bridge_slave_0: left allmulticast mode
[ 1429.121068][ T1100] bridge_slave_0: left promiscuous mode
[ 1429.170587][ T1100] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1430.274318][T12208] Bluetooth: hci3: command tx timeout
[ 1430.584285][T17382] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3018'.
[ 1430.852086][ T1100] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1430.930386][ T5932] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 1431.077324][T12227] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1431.098839][ T5932] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1431.111338][ T5932] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1431.122767][ T5932] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1431.133742][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1431.146445][ T5932] usb 1-1: Product: syz
[ 1431.150693][ T5932] usb 1-1: Manufacturer: syz
[ 1431.157638][ T5932] usb 1-1: SerialNumber: syz
[ 1431.163046][ T1100] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1431.166715][ T5932] usb 1-1: config 0 descriptor??
[ 1431.183006][ T1100] bond_slave_0: left promiscuous mode
[ 1431.187126][ T5932] usb 1-1: selecting invalid altsetting 0
[ 1431.195585][ T1100] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1431.205465][ T1100] bond_slave_1: left promiscuous mode
[ 1431.216060][ T1100] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1431.225475][ T1100] mac80211_hwsim hwsim10 wlan1: left promiscuous mode
[ 1431.243400][ T1100] bond0 (unregistering): Released all slaves
[ 1431.265400][T12227] usb 4-1: Using ep0 maxpacket: 16
[ 1431.287242][T12227] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1431.299428][T12227] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1431.337514][T12227] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1431.356777][T12227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1431.377217][T12227] usb 4-1: Product: syz
[ 1431.390990][T12227] usb 4-1: Manufacturer: syz
[ 1431.404005][T12227] usb 4-1: SerialNumber: syz
[ 1431.502170][ T5932] usb 1-1: USB disconnect, device number 72
[ 1431.517271][ T1100] bond1 (unregistering): Released all slaves
[ 1431.635318][T12227] usb 4-1: 0:2 : does not exist
[ 1431.642170][ T1100] bond2 (unregistering): Released all slaves
[ 1431.659378][T12227] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1431.754541][T12227] usb 4-1: USB disconnect, device number 82
[ 1431.946768][T17054] udevd[17054]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1431.969752][T17300] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1431.985233][T17300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1432.006038][T17300] bridge_slave_0: entered allmulticast mode
[ 1432.021321][T17300] bridge_slave_0: entered promiscuous mode
[ 1432.040625][ T1100] tipc: Disabling bearer <eth:syzkaller0>
[ 1432.061841][T17399] IPVS: Error connecting to the multicast addr
[ 1432.069133][ T1100] tipc: Left network mode
[ 1432.098394][T17300] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1432.112774][T17400] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1432.143867][T17300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1432.161729][T17300] bridge_slave_1: entered allmulticast mode
[ 1432.171586][T17400] CIFS: Unable to determine destination address
[ 1432.177814][T17300] bridge_slave_1: entered promiscuous mode
[ 1432.324353][T12208] Bluetooth: hci3: command tx timeout
[ 1432.420633][T17404] vlan2: entered promiscuous mode
[ 1432.478892][T17300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1432.688691][T17300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1432.704439][T12227] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1432.894604][T12227] usb 4-1: Using ep0 maxpacket: 16
[ 1432.922008][T12227] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1432.960601][T12227] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1432.988382][T12227] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1433.016505][T12227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1433.025341][T12227] usb 4-1: Product: syz
[ 1433.032282][T12227] usb 4-1: Manufacturer: syz
[ 1433.060916][T12227] usb 4-1: SerialNumber: syz
[ 1433.233736][ T1100] hsr_slave_0: left promiscuous mode
[ 1433.331417][ T1100] hsr_slave_1: left promiscuous mode
[ 1433.414463][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1433.498546][T12227] usb 4-1: 0:2 : does not exist
[ 1433.526363][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1433.648018][ T1100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1433.675621][T12227] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1433.696859][ T1100] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1433.810982][T12227] usb 4-1: USB disconnect, device number 83
[ 1433.889606][ T1100] veth1_macvtap: left promiscuous mode
[ 1433.913899][ T1100] veth0_macvtap: left promiscuous mode
[ 1433.923753][T17422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3029'.
[ 1433.926990][ T1100] veth1_vlan: left promiscuous mode
[ 1433.938478][ T1100] veth0_vlan: left promiscuous mode
[ 1433.939877][T17054] udevd[17054]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1434.404344][T12208] Bluetooth: hci3: command tx timeout
[ 1435.368383][T12227] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1435.420059][ T1100] team0 (unregistering): Port device team_slave_1 removed
[ 1435.465828][ T1100] team0 (unregistering): Port device team_slave_0 removed
[ 1435.537289][T12227] usb 1-1: Using ep0 maxpacket: 16
[ 1435.551209][T12227] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1435.571761][T12227] usb 1-1: config 0 has an invalid interface descriptor of length 2, skipping
[ 1435.580981][T12227] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1435.599214][T12227] usb 1-1: config 0 has no interfaces?
[ 1435.626631][T12227] usb 1-1: New USB device found, idVendor=0572, idProduct=6831, bcdDevice= f.71
[ 1435.645458][T12227] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1435.653592][T12227] usb 1-1: Product: syz
[ 1435.665552][T12227] usb 1-1: Manufacturer: syz
[ 1435.670307][T12227] usb 1-1: SerialNumber: syz
[ 1435.694181][T12227] usb 1-1: config 0 descriptor??
[ 1435.921909][T17440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1435.933353][T17440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1436.050601][T17300] team0: Port device team_slave_0 added
[ 1436.089038][T17300] team0: Port device team_slave_1 added
[ 1436.315090][T12227] usb 1-1: USB disconnect, device number 73
[ 1436.499849][T17300] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1436.567718][T17300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1436.686810][T17300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1437.372251][T17300] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1437.418672][T17300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1437.605052][T17300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1437.638322][T17467] FAULT_INJECTION: forcing a failure.
[ 1437.638322][T17467] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1437.694685][T17461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3039'.
[ 1437.703841][T17467] CPU: 1 UID: 0 PID: 17467 Comm: syz.1.3040 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1437.703870][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1437.703884][T17467] Call Trace:
[ 1437.703895][T17467]  <TASK>
[ 1437.703906][T17467]  dump_stack_lvl+0x189/0x250
[ 1437.703938][T17467]  ? __pfx____ratelimit+0x10/0x10
[ 1437.703962][T17467]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1437.703993][T17467]  ? __pfx__printk+0x10/0x10
[ 1437.704022][T17467]  ? __might_fault+0xb0/0x130
[ 1437.704057][T17467]  should_fail_ex+0x414/0x560
[ 1437.704087][T17467]  _copy_from_user+0x2d/0xb0
[ 1437.704119][T17467]  snd_seq_oss_write+0x140/0x930
[ 1437.704149][T17467]  ? get_pid_task+0x20/0x1f0
[ 1437.704190][T17467]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1437.704218][T17467]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1437.704246][T17467]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1437.704277][T17467]  ? security_file_permission+0x75/0x290
[ 1437.704309][T17467]  odev_write+0x5a/0x80
[ 1437.704330][T17467]  ? __pfx_odev_write+0x10/0x10
[ 1437.704354][T17467]  vfs_write+0x27e/0xa90
[ 1437.704387][T17467]  ? __pfx_vfs_write+0x10/0x10
[ 1437.704409][T17467]  ? __fget_files+0x2a/0x420
[ 1437.704434][T17467]  ? __fget_files+0x2a/0x420
[ 1437.704457][T17467]  ? __fget_files+0x3a0/0x420
[ 1437.704479][T17467]  ? __fget_files+0x2a/0x420
[ 1437.704514][T17467]  ksys_write+0x145/0x250
[ 1437.704539][T17467]  ? __pfx_ksys_write+0x10/0x10
[ 1437.704557][T17467]  ? rcu_is_watching+0x15/0xb0
[ 1437.704588][T17467]  ? do_syscall_64+0xbe/0x3b0
[ 1437.704618][T17467]  do_syscall_64+0xfa/0x3b0
[ 1437.704642][T17467]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1437.704665][T17467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.704688][T17467]  ? clear_bhb_loop+0x60/0xb0
[ 1437.704716][T17467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1437.704738][T17467] RIP: 0033:0x7f596078eb69
[ 1437.704758][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1437.704777][T17467] RSP: 002b:00007f5961535038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1437.704801][T17467] RAX: ffffffffffffffda RBX: 00007f59609b5fa0 RCX: 00007f596078eb69
[ 1437.704828][T17467] RDX: 000000000000050e RSI: 0000200000000080 RDI: 0000000000000004
[ 1437.704843][T17467] RBP: 00007f5961535090 R08: 0000000000000000 R09: 0000000000000000
[ 1437.704858][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1437.704871][T17467] R13: 0000000000000000 R14: 00007f59609b5fa0 R15: 00007fff1dbb4c98
[ 1437.704906][T17467]  </TASK>
[ 1438.069540][T17473] mmap: syz.6.3043 (17473) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1438.395430][T17300] hsr_slave_0: entered promiscuous mode
[ 1438.461322][T17300] hsr_slave_1: entered promiscuous mode
[ 1438.491660][T17300] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1438.961584][T17300] Cannot create hsr debugfs directory
[ 1439.564416][T12227] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1439.744356][T12227] usb 7-1: Using ep0 maxpacket: 8
[ 1439.754874][T12227] usb 7-1: config index 0 descriptor too short (expected 30, got 18)
[ 1440.463901][T12227] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1440.514890][T12227] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1440.548375][T12227] usb 7-1: Product: syz
[ 1440.576027][T12227] usb 7-1: Manufacturer: syz
[ 1440.603598][T12227] usb 7-1: SerialNumber: syz
[ 1440.655426][T12227] usb 7-1: config 0 descriptor??
[ 1440.669915][T12227] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1440.704317][T12227] usb 7-1: setting power ON
[ 1440.719198][T12227] dvb-usb: bulk message failed: -22 (2/0)
[ 1440.752961][T12227] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1440.783522][T12227] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1440.815801][T17519] tipc: Started in network mode
[ 1440.820909][T17519] tipc: Node identity ea3cedae82b4, cluster identity 4711
[ 1440.821984][T12227] usb 7-1: media controller created
[ 1440.841380][T17519] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1440.844770][T12229] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1440.934010][T12227] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1440.988262][T17522] syzkaller0: entered promiscuous mode
[ 1441.002869][T17522] syzkaller0: entered allmulticast mode
[ 1441.009273][T12227] usb 7-1: selecting invalid altsetting 6
[ 1441.013433][T17522] tipc: Resetting bearer <eth:syzkaller0>
[ 1441.025966][T12229] usb 1-1: Using ep0 maxpacket: 16
[ 1441.035674][T12227] usb 7-1: digital interface selection failed (-22)
[ 1441.057931][T12229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1441.073809][T17518] tipc: Resetting bearer <eth:syzkaller0>
[ 1441.083325][T12227] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1441.092045][T12229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1441.108008][T12229] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1441.122205][T12227] usb 7-1: setting power OFF
[ 1441.143317][T12227] dvb-usb: bulk message failed: -22 (2/0)
[ 1441.155906][T12227] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1441.165877][T12229] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1441.187892][T12229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1441.196103][T12227] (NULL device *): no alternate interface
[ 1441.225315][T12229] usb 1-1: config 0 descriptor??
[ 1441.289320][T12227] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1441.316789][T12227] usb 7-1: USB disconnect, device number 31
[ 1441.662067][T17540] Illegal XDP return value 819036160 on prog  (id 521) dev N/A, expect packet loss!
[ 1441.677812][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.710905][T12229] microsoft 0003:045E:07DA.0011: ignoring exceeding usage max
[ 1441.736719][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.774342][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.781645][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.814230][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.821614][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.846808][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.854096][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.888431][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.904447][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.911899][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.919212][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.926629][T12229] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0
[ 1441.933903][T12229] microsoft 0003:045E:07DA.0011: unsupported Resolution Multiplier 0
[ 1442.029216][T12229] microsoft 0003:045E:07DA.0011: unsupported Resolution Multiplier 0
[ 1442.061385][T12229] microsoft 0003:045E:07DA.0011: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 1442.097021][T15585] tipc: Node number set to 1753804206
[ 1442.100152][T12229] microsoft 0003:045E:07DA.0011: no inputs found
[ 1442.144241][T12229] microsoft 0003:045E:07DA.0011: could not initialize ff, continuing anyway
[ 1442.537075][T12229] usb 1-1: USB disconnect, device number 74
[ 1443.529896][T17518] tipc: Disabling bearer <eth:syzkaller0>
[ 1443.565059][T17544] vlan2: entered promiscuous mode
[ 1445.389856][T17586] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3068'.
[ 1445.614247][T12213] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 1445.635816][T17300] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1445.663830][T17300] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1445.693898][T17300] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1445.737960][T17300] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1445.997232][T12213] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1446.018683][T12213] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1446.037736][T12213] usb 1-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1446.074187][T12213] usb 1-1: config 1 interface 0 has no altsetting 1
[ 1446.091719][T12213] usb 1-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[ 1446.138573][T12213] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1446.172349][T12213] usb 1-1: Product: syz
[ 1446.192647][T12213] usb 1-1: Manufacturer: syz
[ 1446.220892][T12213] usb 1-1: SerialNumber: syz
[ 1446.293851][T12213] smsusb:smsusb_probe: board id=8, interface number 0
[ 1446.518040][T17300] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1446.549756][T17580] netlink: 'syz.0.3065': attribute type 1 has an invalid length.
[ 1446.962998][T17300] 8021q: adding VLAN 0 to HW filter on device team0
[ 1447.033100][T17580] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1447.084311][T17618] bond1: (slave gretap1): making interface the new active one
[ 1447.095315][T17618] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1447.118147][T12213] smsusb:smsusb_probe: usb_set_interface failed, rc -71
[ 1447.125445][T12213] smsusb 1-1:1.0: probe with driver smsusb failed with error -71
[ 1447.141028][T12213] usb 1-1: USB disconnect, device number 75
[ 1447.168697][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1447.175923][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1447.304903][T15535] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1447.312112][T15535] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1449.138536][T17650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3078'.
[ 1450.988738][T17300] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1451.971934][T17300] veth0_vlan: entered promiscuous mode
[ 1452.009947][T17300] veth1_vlan: entered promiscuous mode
[ 1452.073040][T17300] veth0_macvtap: entered promiscuous mode
[ 1452.092851][T17300] veth1_macvtap: entered promiscuous mode
[ 1452.163338][T17300] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1452.267924][T17300] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1453.973794][T17300] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1453.994316][T17300] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1454.013762][T17300] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1454.099779][T17300] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1454.597798][T17718] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[ 1454.630450][T17718] syzkaller0: entered promiscuous mode
[ 1454.654611][T17718] syzkaller0: entered allmulticast mode
[ 1454.893342][ T4502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1454.922096][ T4502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1454.995629][ T6213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1455.003502][ T6213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1455.037676][T12213] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1455.204412][T12213] usb 7-1: Using ep0 maxpacket: 32
[ 1455.443210][T12213] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1455.461121][T17747] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2999'.
[ 1455.495435][T12213] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1455.514205][T12213] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1455.753667][T12213] usb 7-1: Product: syz
[ 1455.758186][T12213] usb 7-1: Manufacturer: syz
[ 1455.774009][T12213] usb 7-1: SerialNumber: syz
[ 1455.794918][T12213] usb 7-1: config 0 descriptor??
[ 1455.814894][T12213] usb 7-1: bad CDC descriptors
[ 1455.821541][T12213] usb 7-1: unsupported MDLM descriptors
[ 1456.537078][T12213] usb 7-1: USB disconnect, device number 32
[ 1456.605833][T12227] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1457.270485][T12227] usb 4-1: device descriptor read/64, error -71
[ 1457.554413][T12227] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1457.683223][T17777] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[ 1457.704863][T12227] usb 4-1: device descriptor read/64, error -71
[ 1457.746731][T17783] syzkaller0: entered promiscuous mode
[ 1457.752256][T17783] syzkaller0: entered allmulticast mode
[ 1457.828933][T12227] usb usb4-port1: attempt power cycle
[ 1457.907432][T16560] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1457.923340][T16560] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1457.931911][T16560] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1457.942637][T16560] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1457.959817][T16560] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1458.214293][T12227] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1458.268891][T12227] usb 4-1: device descriptor read/8, error -71
[ 1458.542524][T12227] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1458.704889][T12227] usb 4-1: device descriptor read/8, error -71
[ 1458.864509][T12227] usb usb4-port1: unable to enumerate USB device
[ 1460.063389][T12208] Bluetooth: hci1: command tx timeout
[ 1461.133413][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.265174][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.295384][T17842] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[ 1461.301971][T17842] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1461.406113][T17842] vhci_hcd vhci_hcd.0: Device attached
[ 1461.439080][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.451212][T17843] vhci_hcd: connection closed
[ 1461.452588][ T1146] vhci_hcd: stop threads
[ 1461.466930][ T1146] vhci_hcd: release socket
[ 1461.471403][ T1146] vhci_hcd: disconnect device
[ 1461.504061][T17847] ip6gretap0: entered promiscuous mode
[ 1461.514431][T17847] vlan2: entered promiscuous mode
[ 1461.582258][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.625776][T17791] chnl_net:caif_netlink_parms(): no params data found
[ 1461.886893][T17791] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1461.901645][T17791] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1461.922850][T17791] bridge_slave_0: entered allmulticast mode
[ 1461.946296][T17791] bridge_slave_0: entered promiscuous mode
[ 1462.037789][   T13] bridge_slave_1: left allmulticast mode
[ 1462.056147][   T13] bridge_slave_1: left promiscuous mode
[ 1462.061969][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1462.079102][   T13] bridge_slave_0: left allmulticast mode
[ 1462.088314][   T13] bridge_slave_0: left promiscuous mode
[ 1462.094292][T12208] Bluetooth: hci1: command tx timeout
[ 1462.104077][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1463.927313][   T13] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1464.170097][ T5857] Bluetooth: hci1: command tx timeout
[ 1464.952660][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1464.961840][   T13] bond_slave_0: left promiscuous mode
[ 1464.969965][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1464.981053][   T13] bond_slave_1: left promiscuous mode
[ 1464.988574][   T13] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1465.006300][   T13] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[ 1465.013658][   T13] bond0 (unregistering): Released all slaves
[ 1465.237088][   T13] bond1 (unregistering): Released all slaves
[ 1465.251472][T17791] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1465.261728][T17791] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1465.271548][T17791] bridge_slave_1: entered allmulticast mode
[ 1465.494874][T17791] bridge_slave_1: entered promiscuous mode
[ 1466.088927][   T13] tipc: Left network mode
[ 1466.096588][T17791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1466.116723][T17791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1466.234408][T15585] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1466.244314][ T5857] Bluetooth: hci1: command 0x0419 tx timeout
[ 1466.274537][T12227] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1466.289346][T17791] team0: Port device team_slave_0 added
[ 1466.308920][T17791] team0: Port device team_slave_1 added
[ 1466.404579][T17898] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1466.411246][T17898] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1466.421390][T15585] usb 7-1: Using ep0 maxpacket: 8
[ 1466.436808][T15585] usb 7-1: New USB device found, idVendor=045e, idProduct=0775, bcdDevice=4d.c1
[ 1466.446659][   T13] hsr_slave_0: left promiscuous mode
[ 1466.454789][T15585] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1466.462814][T15585] usb 7-1: Product: syz
[ 1466.463953][T12227] usb 5-1: Using ep0 maxpacket: 16
[ 1466.467824][   T13] hsr_slave_1: left promiscuous mode
[ 1466.481669][T12227] usb 5-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=d9.10
[ 1466.497616][T17898] vhci_hcd vhci_hcd.0: Device attached
[ 1466.511119][T12227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1466.530638][T12227] usb 5-1: Product: syz
[ 1466.539091][T17906] vhci_hcd: connection closed
[ 1466.540108][ T6213] vhci_hcd: stop threads
[ 1466.545810][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1466.557087][T12227] usb 5-1: Manufacturer: syz
[ 1466.558090][T15585] usb 7-1: Manufacturer: syz
[ 1466.567730][ T6213] vhci_hcd: release socket
[ 1466.569379][T15585] usb 7-1: SerialNumber: syz
[ 1466.577554][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1466.579825][ T6213] vhci_hcd: disconnect device
[ 1466.590987][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1466.598847][T12227] usb 5-1: SerialNumber: syz
[ 1466.615095][T12227] usb 5-1: config 0 descriptor??
[ 1466.623165][T12227] usbsevseg 5-1:0.0: USB 7 Segment device now attached
[ 1466.635497][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1466.695090][   T13] veth1_macvtap: left promiscuous mode
[ 1466.707288][   T13] veth0_macvtap: left promiscuous mode
[ 1466.713083][   T13] veth1_vlan: left promiscuous mode
[ 1466.724137][   T13] veth0_vlan: left promiscuous mode
[ 1466.860138][ T5932] usb 5-1: USB disconnect, device number 75
[ 1466.873556][ T5932] usbsevseg 5-1:0.0: USB 7 Segment now disconnected
[ 1467.347847][T12227] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1467.463919][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1467.517335][T12227] usb 4-1: no configurations
[ 1467.522068][T12227] usb 4-1: can't read configurations, error -22
[ 1467.531585][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1467.679812][T12227] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1467.724293][T12229] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1467.848738][T12227] usb 4-1: no configurations
[ 1467.853411][T12227] usb 4-1: can't read configurations, error -22
[ 1467.864968][T12227] usb usb4-port1: attempt power cycle
[ 1467.928199][T12229] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1467.945730][T12229] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1467.961862][T12229] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.985469][T12229] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1468.068080][T17791] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1468.077596][T17791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1468.109714][T17791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1468.187997][T15585] usb 7-1: USB disconnect, device number 33
[ 1468.208584][T12227] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1468.216976][T17791] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1468.228323][T17791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1468.261958][T17791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1468.277595][T12227] usb 4-1: no configurations
[ 1468.283492][T12227] usb 4-1: can't read configurations, error -22
[ 1468.339690][T12208] Bluetooth: hci1: command 0x0419 tx timeout
[ 1468.420600][T17791] hsr_slave_0: entered promiscuous mode
[ 1468.434670][T12227] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1468.478098][T17791] hsr_slave_1: entered promiscuous mode
[ 1468.503892][T12227] usb 4-1: no configurations
[ 1468.529046][T12227] usb 4-1: can't read configurations, error -22
[ 1468.614588][T17791] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1468.658659][T12227] usb usb4-port1: unable to enumerate USB device
[ 1468.669708][T17791] Cannot create hsr debugfs directory
[ 1468.736368][T17929] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3131'.
[ 1468.746128][T17929] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[ 1469.070210][T12229] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[ 1469.101202][T12229] stv0680 5-1:4.0: STV(e): camera ping failed!!
[ 1469.117107][T12229] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[ 1469.162819][T12229] stv0680 5-1:4.0: last error: 0,  command = 0x0
[ 1469.198757][T12229] usb 5-1: USB disconnect, device number 76
[ 1470.291574][   T13] IPVS: stop unused estimator thread 0...
[ 1471.524341][T12229] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[ 1473.418594][T12229] usb 4-1: Using ep0 maxpacket: 32
[ 1474.758594][T12229] usb 4-1: device descriptor read/all, error -71
[ 1475.929664][T17988] FAULT_INJECTION: forcing a failure.
[ 1475.929664][T17988] name failslab, interval 1, probability 0, space 0, times 0
[ 1476.011118][T17988] CPU: 0 UID: 0 PID: 17988 Comm: syz.4.3143 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1476.011147][T17988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1476.011160][T17988] Call Trace:
[ 1476.011169][T17988]  <TASK>
[ 1476.011178][T17988]  dump_stack_lvl+0x189/0x250
[ 1476.011207][T17988]  ? __pfx____ratelimit+0x10/0x10
[ 1476.011228][T17988]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1476.011250][T17988]  ? __pfx__printk+0x10/0x10
[ 1476.011281][T17988]  ? __pfx___might_resched+0x10/0x10
[ 1476.011303][T17988]  ? fs_reclaim_acquire+0x7d/0x100
[ 1476.011333][T17988]  should_fail_ex+0x414/0x560
[ 1476.011361][T17988]  should_failslab+0xa8/0x100
[ 1476.011384][T17988]  __kmalloc_noprof+0xcb/0x4f0
[ 1476.011404][T17988]  ? tls_get_rec+0xbf/0x670
[ 1476.011427][T17988]  ? __local_bh_enable_ip+0x13e/0x1c0
[ 1476.011452][T17988]  tls_get_rec+0xbf/0x670
[ 1476.011484][T17988]  tls_sw_sendmsg+0x4ae/0x23d0
[ 1476.011510][T17988]  ? trace_irq_disable+0x37/0x110
[ 1476.011552][T17988]  ? irqentry_exit+0x74/0x90
[ 1476.011587][T17988]  ? __pfx_tls_sw_sendmsg+0x10/0x10
[ 1476.011606][T17988]  ? sock_rps_record_flow+0x19/0x410
[ 1476.011632][T17988]  ? sock_rps_record_flow+0x1a/0x410
[ 1476.011661][T17988]  ? inet_getname+0x397/0x3c0
[ 1476.011687][T17988]  ? inet6_sendmsg+0x101/0x120
[ 1476.011713][T17988]  __sock_sendmsg+0xe5/0x270
[ 1476.011740][T17988]  __sys_sendto+0x3bd/0x520
[ 1476.011772][T17988]  ? __pfx___sys_sendto+0x10/0x10
[ 1476.011814][T17988]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1476.011853][T17988]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1476.011888][T17988]  __x64_sys_sendto+0xde/0x100
[ 1476.011920][T17988]  do_syscall_64+0xfa/0x3b0
[ 1476.011944][T17988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1476.011964][T17988]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1476.011984][T17988]  ? clear_bhb_loop+0x60/0xb0
[ 1476.012009][T17988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1476.012029][T17988] RIP: 0033:0x7f3887d8eb69
[ 1476.012047][T17988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1476.012065][T17988] RSP: 002b:00007f3888c28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1476.012087][T17988] RAX: ffffffffffffffda RBX: 00007f3887fb6160 RCX: 00007f3887d8eb69
[ 1476.012102][T17988] RDX: 11c259e35b9f2599 RSI: 00002000000003c0 RDI: 0000000000000004
[ 1476.012116][T17988] RBP: 00007f3888c28090 R08: 0000000000000000 R09: 0000000003000137
[ 1476.012130][T17988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1476.012142][T17988] R13: 0000000000000000 R14: 00007f3887fb6160 R15: 00007ffc703a4728
[ 1476.012174][T17988]  </TASK>
[ 1476.269777][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1476.770097][T17791] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1476.784747][T17791] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1476.796800][T17791] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1476.809027][T17791] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1477.645640][T12227] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1477.690563][T17791] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1477.714921][T17791] 8021q: adding VLAN 0 to HW filter on device team0
[ 1477.740451][T15535] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1477.747776][T15535] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1477.816960][T15535] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1477.824222][T15535] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1477.846295][T12227] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1477.858402][T12227] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1477.927508][T12227] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1477.974366][T12227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1478.005655][T12227] usb 4-1: Product: syz
[ 1478.011504][T12227] usb 4-1: Manufacturer: syz
[ 1478.021522][T12227] usb 4-1: SerialNumber: syz
[ 1478.029384][T12227] usb 4-1: config 0 descriptor??
[ 1478.619817][T17791] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1478.744515][T18022] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[ 1478.751102][T18022] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1478.812171][T18022] vhci_hcd vhci_hcd.0: Device attached
[ 1478.831179][T17791] veth0_vlan: entered promiscuous mode
[ 1478.866048][T17791] veth1_vlan: entered promiscuous mode
[ 1478.895169][T18027] vhci_hcd: connection closed
[ 1478.904349][ T1100] vhci_hcd: stop threads
[ 1478.923660][ T1100] vhci_hcd: release socket
[ 1479.004408][ T5932] vhci_hcd: vhci_device speed not set
[ 1479.349085][T17791] veth0_macvtap: entered promiscuous mode
[ 1479.712929][T17791] veth1_macvtap: entered promiscuous mode
[ 1480.032393][ T1100] vhci_hcd: disconnect device
[ 1480.277835][T17791] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1480.304266][ T5932] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[ 1480.312799][ T5932] usb 45-1: enqueue for inactive port 0
[ 1480.329165][T17791] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1480.334233][T16879] usb 4-1: USB disconnect, device number 94
[ 1480.354913][T17791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.366418][T17791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.376943][T17791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.386046][ T5932] vhci_hcd: vhci_device speed not set
[ 1480.391608][T17791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1480.685777][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1480.720718][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1481.554810][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1481.594418][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1482.288736][T18069] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long
[ 1482.301852][T18069] IPv6: addrconf: prefix option has invalid lifetime
[ 1482.841880][T18075] netlink: 'syz.0.3099': attribute type 1 has an invalid length.
[ 1482.849800][T18075] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1484.410043][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.416490][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1485.488703][T18080] syzkaller0: entered promiscuous mode
[ 1485.677782][T18080] syzkaller0: entered allmulticast mode
[ 1490.075738][T18138] netlink: 'syz.3.3172': attribute type 3 has an invalid length.
[ 1490.155724][T18138] sch_tbf: burst 480 is lower than device lo mtu (11337746) !
[ 1490.379688][T18144] FAULT_INJECTION: forcing a failure.
[ 1490.379688][T18144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1490.414463][T18144] CPU: 1 UID: 0 PID: 18144 Comm: syz.0.3175 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1490.414495][T18144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1490.414510][T18144] Call Trace:
[ 1490.414520][T18144]  <TASK>
[ 1490.414529][T18144]  dump_stack_lvl+0x189/0x250
[ 1490.414560][T18144]  ? __pfx____ratelimit+0x10/0x10
[ 1490.414585][T18144]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1490.414610][T18144]  ? __pfx__printk+0x10/0x10
[ 1490.414639][T18144]  ? __might_fault+0xb0/0x130
[ 1490.414673][T18144]  should_fail_ex+0x414/0x560
[ 1490.414701][T18144]  _copy_from_user+0x2d/0xb0
[ 1490.414733][T18144]  get_timespec64+0x8e/0x1a0
[ 1490.414767][T18144]  ? __pfx_get_timespec64+0x10/0x10
[ 1490.414812][T18144]  __x64_sys_recvmmsg+0x143/0x240
[ 1490.414840][T18144]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1490.414860][T18144]  ? rcu_is_watching+0x15/0xb0
[ 1490.414890][T18144]  ? do_syscall_64+0xbe/0x3b0
[ 1490.414919][T18144]  do_syscall_64+0xfa/0x3b0
[ 1490.414942][T18144]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1490.414966][T18144]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.414989][T18144]  ? clear_bhb_loop+0x60/0xb0
[ 1490.415016][T18144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.415038][T18144] RIP: 0033:0x7f7481f8eb69
[ 1490.415059][T18144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1490.415079][T18144] RSP: 002b:00007f7482d27038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1490.415103][T18144] RAX: ffffffffffffffda RBX: 00007f74821b5fa0 RCX: 00007f7481f8eb69
[ 1490.415119][T18144] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[ 1490.415135][T18144] RBP: 00007f7482d27090 R08: 0000200000003700 R09: 0000000000000000
[ 1490.415150][T18144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1490.415162][T18144] R13: 0000000000000000 R14: 00007f74821b5fa0 R15: 00007ffe87362678
[ 1490.415195][T18144]  </TASK>
[ 1490.856166][T18155] syzkaller0: entered promiscuous mode
[ 1490.864383][T18155] syzkaller0: entered allmulticast mode
[ 1491.131695][T18161] netlink: 4344 bytes leftover after parsing attributes in process `syz.6.3180'.
[ 1491.263963][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1491.263981][   T30] audit: type=1804 audit(1753989495.322:204): pid=18161 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.3180" name="/newroot/304/file0" dev="tmpfs" ino=1577 res=1 errno=0
[ 1492.228519][ T5857] Bluetooth: hci1: command 0x0419 tx timeout
[ 1495.898640][T18230] Invalid source name
[ 1495.902852][T18230] UBIFS error (pid: 18230): cannot open "/dev/sg0", error -22
[ 1496.187380][T18236] ip6erspan0: entered promiscuous mode
[ 1496.205937][T18236] tipc: Started in network mode
[ 1496.210856][T18236] tipc: Node identity 03000000000000004879ffffffffffff, cluster identity 4711
[ 1496.426983][ T5932] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1496.464639][T12213] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[ 1496.737347][T12213] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1496.753602][T12213] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1496.906793][T12213] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1496.923347][T12213] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1496.933124][T12213] usb 4-1: Product: syz
[ 1496.939074][ T5932] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1496.951172][T12213] usb 4-1: Manufacturer: syz
[ 1496.956277][T12213] usb 4-1: SerialNumber: syz
[ 1496.962570][ T5932] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1496.987265][T18243] FAULT_INJECTION: forcing a failure.
[ 1496.987265][T18243] name failslab, interval 1, probability 0, space 0, times 0
[ 1497.000279][T18243] CPU: 1 UID: 0 PID: 18243 Comm: syz.4.3202 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1497.000307][T18243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1497.000322][T18243] Call Trace:
[ 1497.000332][T18243]  <TASK>
[ 1497.000342][T18243]  dump_stack_lvl+0x189/0x250
[ 1497.000372][T18243]  ? __pfx____ratelimit+0x10/0x10
[ 1497.000397][T18243]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1497.000422][T18243]  ? __pfx__printk+0x10/0x10
[ 1497.000447][T18243]  ? __lock_acquire+0xab9/0xd20
[ 1497.000476][T18243]  ? sig_get_ucounts+0x26/0x450
[ 1497.000500][T18243]  should_fail_ex+0x414/0x560
[ 1497.000529][T18243]  should_failslab+0xa8/0x100
[ 1497.000556][T18243]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1497.000577][T18243]  ? __send_signal_locked+0x22a/0xeb0
[ 1497.000606][T18243]  ? sig_get_ucounts+0x3e4/0x450
[ 1497.000630][T18243]  __send_signal_locked+0x22a/0xeb0
[ 1497.000661][T18243]  ? send_signal_locked+0x1b5/0x8e0
[ 1497.000697][T18243]  force_sig_info_to_task+0x30c/0x590
[ 1497.000741][T18243]  force_sig+0xc9/0x120
[ 1497.000772][T18243]  ? __pfx_force_sig+0x10/0x10
[ 1497.000806][T18243]  ? fixup_iopl_exception+0xdc/0x2e0
[ 1497.000847][T18243]  ? fixup_vdso_exception+0x2cc/0x300
[ 1497.000904][T18243]  exc_general_protection+0xdb/0x200
[ 1497.000934][T18243]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.000968][T18243]  ? clear_bhb_loop+0x60/0xb0
[ 1497.000996][T18243]  asm_exc_general_protection+0x26/0x30
[ 1497.001018][T18243] RIP: 0033:0x7f3887d676b9
[ 1497.001038][T18243] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 <c5> fd 74 0f c5 fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66
[ 1497.001059][T18243] RSP: 002b:00007f3888c697c8 EFLAGS: 00010283
[ 1497.001079][T18243] RAX: 0000000000000999 RBX: 00007f3888c69d30 RCX: 00007f3887f78120
[ 1497.001096][T18243] RDX: 9999999999999999 RSI: 00007f3887e11b09 RDI: 9999999999999999
[ 1497.001114][T18243] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[ 1497.001127][T18243] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073
[ 1497.001142][T18243] R13: 00007f3888c69eb0 R14: 9999999999999999 R15: 0000000000000000
[ 1497.001177][T18243]  </TASK>
[ 1497.214989][T12213] usb 4-1: config 0 descriptor??
[ 1497.220650][ T5932] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1497.229849][ T5932] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.260732][T18224] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1497.300982][ T5932] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1497.497921][T18224] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3196'.
[ 1498.399894][T15585] usb 7-1: USB disconnect, device number 34
[ 1499.489491][T15585] usb 4-1: USB disconnect, device number 95
[ 1499.584817][T18275] FAULT_INJECTION: forcing a failure.
[ 1499.584817][T18275] name failslab, interval 1, probability 0, space 0, times 0
[ 1499.615818][T18275] CPU: 1 UID: 0 PID: 18275 Comm: syz.0.3212 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1499.615853][T18275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1499.615866][T18275] Call Trace:
[ 1499.615875][T18275]  <TASK>
[ 1499.615885][T18275]  dump_stack_lvl+0x189/0x250
[ 1499.615929][T18275]  ? __pfx____ratelimit+0x10/0x10
[ 1499.615952][T18275]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1499.615978][T18275]  ? __pfx__printk+0x10/0x10
[ 1499.616013][T18275]  ? __pfx___might_resched+0x10/0x10
[ 1499.616036][T18275]  ? fs_reclaim_acquire+0x7d/0x100
[ 1499.616069][T18275]  should_fail_ex+0x414/0x560
[ 1499.616098][T18275]  should_failslab+0xa8/0x100
[ 1499.616123][T18275]  __kmalloc_noprof+0xcb/0x4f0
[ 1499.616143][T18275]  ? kfree+0x4d/0x440
[ 1499.616173][T18275]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1499.616208][T18275]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1499.616240][T18275]  ? tomoyo_domain+0xda/0x130
[ 1499.616275][T18275]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1499.616299][T18275]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1499.616326][T18275]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1499.616370][T18275]  ? __lock_acquire+0xab9/0xd20
[ 1499.616414][T18275]  ? __fget_files+0x2a/0x420
[ 1499.616441][T18275]  ? __fget_files+0x2a/0x420
[ 1499.616464][T18275]  ? __fget_files+0x3a0/0x420
[ 1499.616487][T18275]  ? __fget_files+0x2a/0x420
[ 1499.616516][T18275]  security_file_ioctl+0xcb/0x2d0
[ 1499.616544][T18275]  __se_sys_ioctl+0x47/0x170
[ 1499.616580][T18275]  do_syscall_64+0xfa/0x3b0
[ 1499.616605][T18275]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1499.616628][T18275]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.616650][T18275]  ? clear_bhb_loop+0x60/0xb0
[ 1499.616689][T18275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.616709][T18275] RIP: 0033:0x7f7481f8eb69
[ 1499.616727][T18275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1499.616745][T18275] RSP: 002b:00007f7482d27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1499.616767][T18275] RAX: ffffffffffffffda RBX: 00007f74821b5fa0 RCX: 00007f7481f8eb69
[ 1499.616782][T18275] RDX: 0000000000000000 RSI: 0000000000004140 RDI: 0000000000000005
[ 1499.616794][T18275] RBP: 00007f7482d27090 R08: 0000000000000000 R09: 0000000000000000
[ 1499.616807][T18275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1499.616819][T18275] R13: 0000000000000000 R14: 00007f74821b5fa0 R15: 00007ffe87362678
[ 1499.616856][T18275]  </TASK>
[ 1499.616865][T18275] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1499.976414][T18281] FAULT_INJECTION: forcing a failure.
[ 1499.976414][T18281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1499.977794][T18281] 
[ 1499.977803][T18281] ======================================================
[ 1499.977811][T18281] WARNING: possible circular locking dependency detected
[ 1499.977825][T18281] 6.16.0-syzkaller #0 Not tainted
[ 1499.977836][T18281] ------------------------------------------------------
[ 1499.977845][T18281] syz.3.3214/18281 is trying to acquire lock:
[ 1499.977856][T18281] ffffffff8e133300 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x13a/0xc40
[ 1499.977915][T18281] 
[ 1499.977915][T18281] but task is already holding lock:
[ 1499.977922][T18281] ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1499.977965][T18281] 
[ 1499.977965][T18281] which lock already depends on the new lock.
[ 1499.977965][T18281] 
[ 1499.977972][T18281] 
[ 1499.977972][T18281] the existing dependency chain (in reverse order) is:
[ 1499.977981][T18281] 
[ 1499.977981][T18281] -> #4 (&rq->__lock){-.-.}-{2:2}:
[ 1499.978007][T18281]        lock_acquire+0x120/0x360
[ 1499.978024][T18281]        _raw_spin_lock_nested+0x32/0x50
[ 1499.978044][T18281]        raw_spin_rq_lock_nested+0x2a/0x140
[ 1499.978063][T18281]        task_rq_lock+0xbc/0x470
[ 1499.978080][T18281]        cgroup_move_task+0x9a/0x590
[ 1499.978101][T18281]        css_set_move_task+0x658/0x9e0
[ 1499.978124][T18281]        cgroup_post_fork+0x1ef/0x790
[ 1499.978146][T18281]        copy_process+0x37e6/0x3b80
[ 1499.978167][T18281]        kernel_clone+0x224/0x7f0
[ 1499.978189][T18281]        user_mode_thread+0xdd/0x140
[ 1499.978211][T18281]        rest_init+0x23/0x300
[ 1499.978234][T18281]        start_kernel+0x47d/0x500
[ 1499.978255][T18281]        x86_64_start_reservations+0x24/0x30
[ 1499.978281][T18281]        x86_64_start_kernel+0x143/0x1c0
[ 1499.978307][T18281]        common_startup_64+0x13e/0x147
[ 1499.978332][T18281] 
[ 1499.978332][T18281] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[ 1499.978358][T18281]        lock_acquire+0x120/0x360
[ 1499.978373][T18281]        _raw_spin_lock_irqsave+0xa7/0xf0
[ 1499.978402][T18281]        try_to_wake_up+0x6e/0x1290
[ 1499.978427][T18281]        __wake_up_common_lock+0x137/0x1f0
[ 1499.978453][T18281]        tty_port_default_wakeup+0xa2/0xf0
[ 1499.978483][T18281]        serial8250_tx_chars+0x72e/0x970
[ 1499.978509][T18281]        serial8250_handle_irq+0x633/0xbb0
[ 1499.978535][T18281]        serial8250_default_handle_irq+0xbf/0x1b0
[ 1499.978554][T18281]        serial8250_interrupt+0xa2/0x1d0
[ 1499.978581][T18281]        __handle_irq_event_percpu+0x289/0x980
[ 1499.978607][T18281]        handle_irq_event+0x8b/0x1e0
[ 1499.978631][T18281]        handle_edge_irq+0x267/0x9c0
[ 1499.978652][T18281]        __common_interrupt+0x140/0x250
[ 1499.978680][T18281]        common_interrupt+0xb6/0xe0
[ 1499.978705][T18281]        asm_common_interrupt+0x26/0x40
[ 1499.978723][T18281]        pv_native_safe_halt+0x13/0x20
[ 1499.978741][T18281]        default_idle+0x13/0x20
[ 1499.978763][T18281]        default_idle_call+0x74/0xb0
[ 1499.978785][T18281]        do_idle+0x1e8/0x510
[ 1499.978805][T18281]        cpu_startup_entry+0x44/0x60
[ 1499.978825][T18281]        rest_init+0x2de/0x300
[ 1499.978848][T18281]        start_kernel+0x47d/0x500
[ 1499.978867][T18281]        x86_64_start_reservations+0x24/0x30
[ 1499.978894][T18281]        x86_64_start_kernel+0x143/0x1c0
[ 1499.978920][T18281]        common_startup_64+0x13e/0x147
[ 1499.978944][T18281] 
[ 1499.978944][T18281] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[ 1499.978971][T18281]        lock_acquire+0x120/0x360
[ 1499.978986][T18281]        _raw_spin_lock_irqsave+0xa7/0xf0
[ 1499.979015][T18281]        __wake_up_common_lock+0x2f/0x1f0
[ 1499.979041][T18281]        tty_port_default_wakeup+0xa2/0xf0
[ 1499.979070][T18281]        serial8250_tx_chars+0x72e/0x970
[ 1499.979095][T18281]        serial8250_handle_irq+0x633/0xbb0
[ 1499.979121][T18281]        serial8250_default_handle_irq+0xbf/0x1b0
[ 1499.979139][T18281]        serial8250_interrupt+0xa2/0x1d0
[ 1499.979160][T18281]        __handle_irq_event_percpu+0x289/0x980
[ 1499.979185][T18281]        handle_irq_event+0x8b/0x1e0
[ 1499.979209][T18281]        handle_edge_irq+0x267/0x9c0
[ 1499.979230][T18281]        __common_interrupt+0x140/0x250
[ 1499.979257][T18281]        common_interrupt+0xb6/0xe0
[ 1499.979281][T18281]        asm_common_interrupt+0x26/0x40
[ 1499.979299][T18281]        pv_native_safe_halt+0x13/0x20
[ 1499.979316][T18281]        default_idle+0x13/0x20
[ 1499.979338][T18281]        default_idle_call+0x74/0xb0
[ 1499.979360][T18281]        do_idle+0x1e8/0x510
[ 1499.979379][T18281]        cpu_startup_entry+0x44/0x60
[ 1499.979399][T18281]        rest_init+0x2de/0x300
[ 1499.979422][T18281]        start_kernel+0x47d/0x500
[ 1499.979441][T18281]        x86_64_start_reservations+0x24/0x30
[ 1499.979468][T18281]        x86_64_start_kernel+0x143/0x1c0
[ 1499.979493][T18281]        common_startup_64+0x13e/0x147
[ 1499.979517][T18281] 
[ 1499.979517][T18281] -> #1 (&port_lock_key){-.-.}-{3:3}:
[ 1499.979543][T18281]        lock_acquire+0x120/0x360
[ 1499.979563][T18281]        _raw_spin_lock_irqsave+0xa7/0xf0
[ 1499.979592][T18281]        serial8250_console_write+0x17e/0x1ba0
[ 1499.979620][T18281]        console_flush_all+0x728/0xc40
[ 1499.979643][T18281]        console_unlock+0xc4/0x270
[ 1499.979663][T18281]        vprintk_emit+0x5b7/0x7a0
[ 1499.979684][T18281]        _printk+0xcf/0x120
[ 1499.979706][T18281]        register_console+0xa8b/0xf90
[ 1499.979730][T18281]        univ8250_console_init+0x52/0x90
[ 1499.979754][T18281]        console_init+0x1a1/0x670
[ 1499.979778][T18281]        start_kernel+0x2cc/0x500
[ 1499.979797][T18281]        x86_64_start_reservations+0x24/0x30
[ 1499.979825][T18281]        x86_64_start_kernel+0x143/0x1c0
[ 1499.979850][T18281]        common_startup_64+0x13e/0x147
[ 1499.979874][T18281] 
[ 1499.979874][T18281] -> #0 (console_owner){-.-.}-{0:0}:
[ 1499.979902][T18281]        validate_chain+0xb9b/0x2140
[ 1499.979923][T18281]        __lock_acquire+0xab9/0xd20
[ 1499.979939][T18281]        lock_acquire+0x120/0x360
[ 1499.979954][T18281]        console_flush_all+0x6d2/0xc40
[ 1499.979977][T18281]        console_unlock+0xc4/0x270
[ 1499.979997][T18281]        vprintk_emit+0x5b7/0x7a0
[ 1499.980017][T18281]        _printk+0xcf/0x120
[ 1499.980038][T18281]        should_fail_ex+0x3f5/0x560
[ 1499.980055][T18281]        copy_to_user_nofault+0x89/0x160
[ 1499.980075][T18281]        bpf_prog_c7763bb3f68e5cb3+0x41/0x47
[ 1499.980090][T18281]        bpf_trace_run4+0x28e/0x4a0
[ 1499.980114][T18281]        __bpf_trace_sched_switch+0x17a/0x1e0
[ 1499.980139][T18281]        __traceiter_sched_switch+0x9a/0xd0
[ 1499.980164][T18281]        __schedule+0x22ba/0x4c90
[ 1499.980180][T18281]        preempt_schedule_common+0x83/0xd0
[ 1499.980197][T18281]        preempt_schedule+0xae/0xc0
[ 1499.980214][T18281]        preempt_schedule_thunk+0x16/0x30
[ 1499.980241][T18281]        __local_bh_enable_ip+0x13e/0x1c0
[ 1499.980260][T18281]        copy_fpstate_to_sigframe+0x557/0xce0
[ 1499.980288][T18281]        get_sigframe+0x58d/0x7d0
[ 1499.980314][T18281]        x64_setup_rt_frame+0x15c/0xd40
[ 1499.980340][T18281]        arch_do_signal_or_restart+0x3dc/0x750
[ 1499.980368][T18281]        exit_to_user_mode_loop+0x75/0x110
[ 1499.980385][T18281]        do_syscall_64+0x2bd/0x3b0
[ 1499.980405][T18281]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.980424][T18281] 
[ 1499.980424][T18281] other info that might help us debug this:
[ 1499.980424][T18281] 
[ 1499.980431][T18281] Chain exists of:
[ 1499.980431][T18281]   console_owner --> &p->pi_lock --> &rq->__lock
[ 1499.980431][T18281] 
[ 1499.980461][T18281]  Possible unsafe locking scenario:
[ 1499.980461][T18281] 
[ 1499.980468][T18281]        CPU0                    CPU1
[ 1499.980475][T18281]        ----                    ----
[ 1499.980482][T18281]   lock(&rq->__lock);
[ 1499.980495][T18281]                                lock(&p->pi_lock);
[ 1499.980509][T18281]                                lock(&rq->__lock);
[ 1499.980524][T18281]   lock(console_owner);
[ 1499.980537][T18281] 
[ 1499.980537][T18281]  *** DEADLOCK ***
[ 1499.980537][T18281] 
[ 1499.980543][T18281] 4 locks held by syz.3.3214/18281:
[ 1499.980555][T18281]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1499.980605][T18281]  #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
[ 1499.980656][T18281]  #2: ffffffff8e133360 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120
[ 1499.980704][T18281]  #3: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40
[ 1499.980754][T18281] 
[ 1499.980754][T18281] stack backtrace:
[ 1499.980764][T18281] CPU: 0 UID: 0 PID: 18281 Comm: syz.3.3214 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1499.980786][T18281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1499.980799][T18281] Call Trace:
[ 1499.980807][T18281]  <TASK>
[ 1499.980816][T18281]  dump_stack_lvl+0x189/0x250
[ 1499.980840][T18281]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1499.980862][T18281]  ? __pfx__printk+0x10/0x10
[ 1499.980888][T18281]  ? print_lock_name+0xde/0x100
[ 1499.980914][T18281]  print_circular_bug+0x2ee/0x310
[ 1499.980940][T18281]  check_noncircular+0x134/0x160
[ 1499.980966][T18281]  validate_chain+0xb9b/0x2140
[ 1499.981001][T18281]  __lock_acquire+0xab9/0xd20
[ 1499.981022][T18281]  ? console_flush_all+0x13a/0xc40
[ 1499.981046][T18281]  lock_acquire+0x120/0x360
[ 1499.981063][T18281]  ? console_flush_all+0x13a/0xc40
[ 1499.981092][T18281]  ? do_raw_spin_unlock+0x122/0x240
[ 1499.981118][T18281]  ? console_flush_all+0x13a/0xc40
[ 1499.981145][T18281]  console_flush_all+0x6d2/0xc40
[ 1499.981169][T18281]  ? console_flush_all+0x13a/0xc40
[ 1499.981196][T18281]  ? console_flush_all+0x13a/0xc40
[ 1499.981225][T18281]  ? __pfx_console_flush_all+0x10/0x10
[ 1499.981256][T18281]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1499.981286][T18281]  console_unlock+0xc4/0x270
[ 1499.981309][T18281]  ? __pfx_console_unlock+0x10/0x10
[ 1499.981334][T18281]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1499.981365][T18281]  vprintk_emit+0x5b7/0x7a0
[ 1499.981389][T18281]  ? __pfx_vprintk_emit+0x10/0x10
[ 1499.981414][T18281]  ? __lock_acquire+0xab9/0xd20
[ 1499.981437][T18281]  _printk+0xcf/0x120
[ 1499.981461][T18281]  ? __pfx____ratelimit+0x10/0x10
[ 1499.981482][T18281]  ? __pfx__printk+0x10/0x10
[ 1499.981508][T18281]  ? from_kuid+0x1b0/0x640
[ 1499.981538][T18281]  should_fail_ex+0x3f5/0x560
[ 1499.981564][T18281]  copy_to_user_nofault+0x89/0x160
[ 1499.981586][T18281]  bpf_prog_c7763bb3f68e5cb3+0x41/0x47
[ 1499.981603][T18281]  bpf_trace_run4+0x28e/0x4a0
[ 1499.981630][T18281]  ? bpf_trace_run4+0x19c/0x4a0
[ 1499.981656][T18281]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1499.981681][T18281]  ? kvm_sched_clock_read+0x11/0x20
[ 1499.981700][T18281]  ? sched_clock_cpu+0x74/0x430
[ 1499.981723][T18281]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[ 1499.981752][T18281]  __bpf_trace_sched_switch+0x17a/0x1e0
[ 1499.981780][T18281]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1499.981807][T18281]  ? psi_group_change+0xbc7/0x1210
[ 1499.981830][T18281]  ? rcu_read_lock_sched_held+0x89/0x100
[ 1499.981853][T18281]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[ 1499.981877][T18281]  ? psi_task_switch+0x318/0x6d0
[ 1499.981903][T18281]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[ 1499.981949][T18281]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1499.981979][T18281]  __traceiter_sched_switch+0x9a/0xd0
[ 1499.982010][T18281]  __schedule+0x22ba/0x4c90
[ 1499.982031][T18281]  ? process_measurement+0x1640/0x1a40
[ 1499.982063][T18281]  ? preempt_schedule_common+0x83/0xd0
[ 1499.982087][T18281]  ? __pfx___schedule+0x10/0x10
[ 1499.982112][T18281]  ? __lock_acquire+0xab9/0xd20
[ 1499.982133][T18281]  ? preempt_schedule+0xae/0xc0
[ 1499.982152][T18281]  ? copy_fpstate_to_sigframe+0x181/0xce0
[ 1499.982204][T18281]  preempt_schedule_common+0x83/0xd0
[ 1499.982226][T18281]  preempt_schedule+0xae/0xc0
[ 1499.982246][T18281]  ? __pfx_preempt_schedule+0x10/0x10
[ 1499.982268][T18281]  ? preempt_schedule_notrace_thunk+0x16/0x30
[ 1499.982304][T18281]  preempt_schedule_thunk+0x16/0x30
[ 1499.982339][T18281]  __local_bh_enable_ip+0x13e/0x1c0
[ 1499.982363][T18281]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1499.982392][T18281]  copy_fpstate_to_sigframe+0x557/0xce0
[ 1499.982427][T18281]  ? copy_fpstate_to_sigframe+0x181/0xce0
[ 1499.982463][T18281]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1499.982494][T18281]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 1499.982523][T18281]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 1499.982554][T18281]  ? read_tsc+0x9/0x20
[ 1499.982589][T18281]  ? ktime_get+0x1cb/0x1f0
[ 1499.982618][T18281]  ? __lock_acquire+0xab9/0xd20
[ 1499.982641][T18281]  ? fpu__alloc_mathframe+0xad/0x130
[ 1499.982675][T18281]  get_sigframe+0x58d/0x7d0
[ 1499.982709][T18281]  ? __pfx_get_sigframe+0x10/0x10
[ 1499.982740][T18281]  ? irqentry_exit+0x74/0x90
[ 1499.982763][T18281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1499.982789][T18281]  x64_setup_rt_frame+0x15c/0xd40
[ 1499.982824][T18281]  ? _raw_spin_unlock_irq+0x29/0x50
[ 1499.982845][T18281]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1499.982865][T18281]  ? get_signal+0x1122/0x1310
[ 1499.982891][T18281]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1499.982930][T18281]  arch_do_signal_or_restart+0x3dc/0x750
[ 1499.982962][T18281]  ? __fget_files+0x3a0/0x420
[ 1499.982989][T18281]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1499.983031][T18281]  ? exit_to_user_mode_loop+0x40/0x110
[ 1499.983053][T18281]  exit_to_user_mode_loop+0x75/0x110
[ 1499.983074][T18281]  do_syscall_64+0x2bd/0x3b0
[ 1499.983098][T18281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1499.983120][T18281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.983154][T18281]  ? clear_bhb_loop+0x60/0xb0
[ 1499.983178][T18281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.983199][T18281] RIP: 0033:0x7fba5e98d61f
[ 1499.983216][T18281] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1499.983236][T18281] RSP: 002b:00007fba5f806030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1499.983257][T18281] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00007fba5e98d61f
[ 1499.983271][T18281] RDX: 0000000000000001 RSI: 00007fba5f806090 RDI: 0000000000000003
[ 1499.983286][T18281] RBP: 00007fba5f806090 R08: 0000000000000000 R09: 00007fba5f805df7
[ 1499.983301][T18281] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1499.983314][T18281] R13: 0000000000000000 R14: 00007fba5ebb5fa0 R15: 00007ffcd4743938
[ 1499.983338][T18281]  </TASK>
[ 1501.346725][T18281] CPU: 0 UID: 0 PID: 18281 Comm: syz.3.3214 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1501.346746][T18281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1501.346756][T18281] Call Trace:
[ 1501.346765][T18281]  <TASK>
[ 1501.346774][T18281]  dump_stack_lvl+0x189/0x250
[ 1501.346796][T18281]  ? __pfx____ratelimit+0x10/0x10
[ 1501.346812][T18281]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1501.346829][T18281]  ? __pfx__printk+0x10/0x10
[ 1501.346850][T18281]  ? from_kuid+0x1b0/0x640
[ 1501.346875][T18281]  should_fail_ex+0x414/0x560
[ 1501.346892][T18281]  copy_to_user_nofault+0x89/0x160
[ 1501.346911][T18281]  bpf_prog_c7763bb3f68e5cb3+0x41/0x47
[ 1501.346925][T18281]  bpf_trace_run4+0x28e/0x4a0
[ 1501.346947][T18281]  ? bpf_trace_run4+0x19c/0x4a0
[ 1501.346968][T18281]  ? __pfx_bpf_trace_run4+0x10/0x10
[ 1501.346987][T18281]  ? kvm_sched_clock_read+0x11/0x20
[ 1501.347002][T18281]  ? sched_clock_cpu+0x74/0x430
[ 1501.347020][T18281]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[ 1501.347044][T18281]  __bpf_trace_sched_switch+0x17a/0x1e0
[ 1501.347067][T18281]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1501.347088][T18281]  ? psi_group_change+0xbc7/0x1210
[ 1501.347106][T18281]  ? rcu_read_lock_sched_held+0x89/0x100
[ 1501.347124][T18281]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[ 1501.347143][T18281]  ? psi_task_switch+0x318/0x6d0
[ 1501.347163][T18281]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[ 1501.347195][T18281]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[ 1501.347216][T18281]  __traceiter_sched_switch+0x9a/0xd0
[ 1501.347239][T18281]  __schedule+0x22ba/0x4c90
[ 1501.347255][T18281]  ? process_measurement+0x1640/0x1a40
[ 1501.347277][T18281]  ? preempt_schedule_common+0x83/0xd0
[ 1501.347294][T18281]  ? __pfx___schedule+0x10/0x10
[ 1501.347311][T18281]  ? __lock_acquire+0xab9/0xd20
[ 1501.347326][T18281]  ? preempt_schedule+0xae/0xc0
[ 1501.347339][T18281]  ? copy_fpstate_to_sigframe+0x181/0xce0
[ 1501.347362][T18281]  preempt_schedule_common+0x83/0xd0
[ 1501.347377][T18281]  preempt_schedule+0xae/0xc0
[ 1501.347391][T18281]  ? __pfx_preempt_schedule+0x10/0x10
[ 1501.347406][T18281]  ? preempt_schedule_notrace_thunk+0x16/0x30
[ 1501.347434][T18281]  preempt_schedule_thunk+0x16/0x30
[ 1501.347459][T18281]  __local_bh_enable_ip+0x13e/0x1c0
[ 1501.347476][T18281]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1501.347495][T18281]  copy_fpstate_to_sigframe+0x557/0xce0
[ 1501.347519][T18281]  ? copy_fpstate_to_sigframe+0x181/0xce0
[ 1501.347544][T18281]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1501.347566][T18281]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[ 1501.347585][T18281]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 1501.347605][T18281]  ? read_tsc+0x9/0x20
[ 1501.347626][T18281]  ? ktime_get+0x1cb/0x1f0
[ 1501.347646][T18281]  ? __lock_acquire+0xab9/0xd20
[ 1501.347661][T18281]  ? fpu__alloc_mathframe+0xad/0x130
[ 1501.347684][T18281]  get_sigframe+0x58d/0x7d0
[ 1501.347708][T18281]  ? __pfx_get_sigframe+0x10/0x10
[ 1501.347729][T18281]  ? irqentry_exit+0x74/0x90
[ 1501.347744][T18281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1501.347762][T18281]  x64_setup_rt_frame+0x15c/0xd40
[ 1501.347786][T18281]  ? _raw_spin_unlock_irq+0x29/0x50
[ 1501.347800][T18281]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1501.347813][T18281]  ? get_signal+0x1122/0x1310
[ 1501.347831][T18281]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1501.347857][T18281]  arch_do_signal_or_restart+0x3dc/0x750
[ 1501.347880][T18281]  ? __fget_files+0x3a0/0x420
[ 1501.347898][T18281]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1501.347927][T18281]  ? exit_to_user_mode_loop+0x40/0x110
[ 1501.347942][T18281]  exit_to_user_mode_loop+0x75/0x110
[ 1501.347956][T18281]  do_syscall_64+0x2bd/0x3b0
[ 1501.347973][T18281]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1501.347988][T18281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1501.348003][T18281]  ? clear_bhb_loop+0x60/0xb0
[ 1501.348019][T18281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1501.348034][T18281] RIP: 0033:0x7fba5e98d61f
[ 1501.348048][T18281] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1501.348062][T18281] RSP: 002b:00007fba5f806030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1501.348078][T18281] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00007fba5e98d61f
[ 1501.348087][T18281] RDX: 0000000000000001 RSI: 00007fba5f806090 RDI: 0000000000000003
[ 1501.348097][T18281] RBP: 00007fba5f806090 R08: 0000000000000000 R09: 00007fba5f805df7
[ 1501.348107][T18281] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1501.348117][T18281] R13: 0000000000000000 R14: 00007fba5ebb5fa0 R15: 00007ffcd4743938
[ 1501.348134][T18281]  </TASK>
[ 1501.924271][T12208] Bluetooth: hci0: command 0x0406 tx timeout