last executing test programs:

18.184778398s ago: executing program 0 (id=232):
r0 = syz_open_dev$sndctrl(&(0x7f00000002c0), 0x2000000000000, 0x55215c2d6904325f) (async)
ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, &(0x7f0000000140)={0x4, 0xa2, &(0x7f0000000000)="c9bf580041c437b291cb54fc7478ffa12ad937b428ed23bd0678187b22a2a82835a7f557efa961ade715a032043e72a96d643ec189600a9044f61f0af8b0aa9d724b988e2fa7b6552ff252938052f2ecee7d2a9ee3c14a6ffc34301a71d3600dd071d29e825c37eb91dc2fcfc0f80f30a8246bdf159984a3929270c70e11e65a5b29de87d2cd0d4881f66784f86aaa45fac9fccdb348057f06531057edee9f99581d"})
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) (async)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000300), 0x8c603, 0x0) (async)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000180))
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0)
socket$kcm(0x29, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x3231564e, 0x6, [], [0x80ffff, 0x0, 0x0, 0xfffffffd], [], [0x400000000000001]})
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, &(0x7f00000001c0)={@mcast2, 0x3e}) (async)
ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000200)='bridge0\x00')
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f0000000240), 0x10) (async)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) (async)
r8 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r8, 0x114, 0x1, 0x0, 0x0) (async)
write$dsp(r7, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) (async)
ioctl$SNDCTL_DSP_SYNC(r7, 0x5001, 0x0) (async)
r9 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r6, 0xc058534b, &(0x7f0000000700)={0x8000003, 0xfffffeff, 0x9, 0x3, 0x400, 0x6}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000003c0)={'vcan0\x00', <r10=>0x0})
sendmsg$can_bcm(r5, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r10}, 0x10, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRESHEX=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000040000000000000000000000b8ee0816756b62187804752330b2b50639bd0829680bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf7189095300000000000000"], 0x20000600}}, 0x0)

9.649896635s ago: executing program 4 (id=252):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0xffffff79)
capset(0x0, &(0x7f0000000500)={0x8, 0x9, 0x4, 0xa, 0x10000cda, 0x7})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f0000000380))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
r6 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f00000003c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
connect$inet(r5, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r5, &(0x7f0000000500)="88", 0x1, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r9, 0xc0403d08, 0x0)

9.305358464s ago: executing program 1 (id=256):
r0 = syz_io_uring_setup(0x77a0, &(0x7f0000000000)={0x0, 0x7e88, 0x10, 0x3, 0xb3}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_RING_FDS(r0, 0x14, &(0x7f0000007240)=[{0x0, 0x1, 0x0, &(0x7f0000000100), &(0x7f0000000140)=[0x7, 0xf7c0]}, {0x8, 0x1, 0x0, &(0x7f00000024c0)=[{&(0x7f0000000180)=""/230, 0xe6}, {&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000340)=""/187, 0xbb}, {&(0x7f0000000400)=""/31, 0x1f}, {&(0x7f0000000440)=""/36, 0x24}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/4096, 0x1000}], &(0x7f0000002540)=[0x5, 0x7, 0x6, 0x8, 0x2]}, {0x0, 0x1, 0x0, &(0x7f0000002580), &(0x7f00000025c0)=[0x2, 0xd9, 0x471, 0xfff, 0x8, 0x2]}, {0x0, 0x0, 0x0, &(0x7f0000002600), &(0x7f0000002640)=[0x3, 0x100, 0x80, 0x6]}, {0x5, 0x1, 0x0, &(0x7f0000002900)=[{&(0x7f0000002680)=""/28, 0x1c}, {&(0x7f00000026c0)=""/32, 0x20}, {&(0x7f0000002700)=""/64, 0x40}, {&(0x7f0000002740)=""/212, 0xd4}, {&(0x7f0000002840)=""/185, 0xb9}], &(0x7f0000002980)=[0x2, 0x8, 0x9, 0x432, 0xfff, 0xfffffffffffffffb, 0x7, 0x2, 0x6]}, {0xa, 0x1, 0x0, &(0x7f00000040c0)=[{&(0x7f0000002a00)=""/4096, 0x1000}, {&(0x7f0000003a00)=""/181, 0xb5}, {&(0x7f0000003ac0)=""/238, 0xee}, {&(0x7f0000003bc0)=""/108, 0x6c}, {&(0x7f0000003c40)=""/211, 0xd3}, {&(0x7f0000003d40)=""/109, 0x6d}, {&(0x7f0000003dc0)=""/219, 0xdb}, {&(0x7f0000003ec0)}, {&(0x7f0000003f00)=""/206, 0xce}, {&(0x7f0000004000)=""/164, 0xa4}], &(0x7f0000004180)=[0x6]}, {0x7, 0x0, 0x0, &(0x7f0000004780)=[{&(0x7f00000041c0)=""/218, 0xda}, {&(0x7f00000042c0)=""/253, 0xfd}, {&(0x7f00000043c0)=""/170, 0xaa}, {&(0x7f0000004480)=""/251, 0xfb}, {&(0x7f0000004580)=""/192, 0xc0}, {&(0x7f0000004640)=""/13, 0xd}, {&(0x7f0000004680)=""/223, 0xdf}], &(0x7f0000004800)=[0x3f, 0x1, 0x6d7]}, {0x1, 0x0, 0x0, &(0x7f0000004880)=[{&(0x7f0000004840)=""/47, 0x2f}], &(0x7f00000048c0)=[0xce, 0xfffffffffffffffc, 0xe, 0x7, 0x0, 0x7fff]}, {0x7, 0x0, 0x0, &(0x7f0000006c00)=[{&(0x7f0000004900)=""/162, 0xa2}, {&(0x7f00000049c0)=""/252, 0xfc}, {&(0x7f0000004ac0)=""/75, 0x4b}, {&(0x7f0000004b40)=""/4096, 0x1000}, {&(0x7f0000005b40)=""/65, 0x41}, {&(0x7f0000005bc0)=""/44, 0x2c}, {&(0x7f0000005c00)=""/4096, 0x1000}], &(0x7f0000006c80)=[0x4, 0xfffffffffffffe00, 0xffffffff7fffffff, 0x7, 0x8, 0xb90]}, {0x7, 0x1, 0x0, &(0x7f0000007180)=[{&(0x7f0000006cc0)=""/74, 0x4a}, {&(0x7f0000006d40)}, {&(0x7f0000006d80)=""/190, 0xbe}, {&(0x7f0000006e40)=""/211, 0xd3}, {&(0x7f0000006f40)=""/254, 0xfe}, {&(0x7f0000007040)=""/54, 0x36}, {&(0x7f0000007080)=""/227, 0xe3}], &(0x7f0000007200)=[0x80000001]}], 0xa)
r1 = openat(0xffffffffffffff9c, &(0x7f0000007380)='./file0\x00', 0x10080, 0x121)
bind$alg(r1, 0xffffffffffffffff, 0x0)
gettid()
ptrace$pokeuser(0x6, 0x0, 0x2, 0xfffffffffffffeff)
sendmsg$tipc(r1, &(0x7f00000078c0)={&(0x7f00000073c0)=@name={0x1e, 0x2, 0x0, {{0x1, 0x3}, 0x1}}, 0x10, &(0x7f0000007780)=[{&(0x7f0000007400)="49e9cfdbe240410e5ad65903d3b65d56eb576d270ca14711e230ce81e57f519c", 0x20}, {&(0x7f0000007440)="bccd14ff52c47e2a38adf5eccefd31d45064bca7491b3cf5458e4b98f6b0bb8d52ec55bcf9207d77bbdf1f811eb7f19dd7f2332cee202f570c8f2167d460ee38d6bcd6b9b7a6cac33b9f3e08f4d8e5e610fe300913836c2bf36dc65654e4ebfcdce4259fcd18a183a40209b4a2948f36cda8a85285935935cd5187b962a491c8845a4d0d2433a0408c8b4df7314b905eb5afc7faa241b22160833a6f48f407965b6c653d72119723f9efe64366217401191372cde7ce71336cc9dca3cf1d9062f8c58037442812796289e42ce6b8d779eaf441e65e3a2907d653128bdfe4e9a5774721a4e1041f304e86ded635dbb52467372eb40b6e959f9bb9ab", 0xfb}, {&(0x7f0000007540)="1ac37978e06f217e577caafd4b16722f85c3bc60edcbc919e3a4da44363d04554b0c7a8762b179f4b62bf103ca0b686abe8f4b32004204ec9b045ad1b7f9427d689e5e3501716c4310f8c016c6ec97cb7de41e3252b6d980007f729ee7b873e8b1a04b7575cb42cedbe0de31e5f93ae0ddd204884bcca0704c377f77db559c772c0b9e0f321d7e98a14a75a3c58887fc943705bbf51d1bebc01f288c", 0x9c}, {&(0x7f0000007600)="17b24aeb6006e78d211e23bbd7f6091d0555760cbeb77755bf94cce1b240bac4101f38134f0ceab1ca081bb5bebbe974d2377822b4ae91cacf32511db2c4e40df0eb773569a8f1df1497e0bfaf76a19280bb1fd34f2047709fc98deef6e7ce54b301c2aef2010db21d42ec", 0x6b}, {&(0x7f0000007680)="f48f9edceb6cc4a24571e4dba66d12dae4693836bbcc26cccd3f354fe40576d539eeb51c1174ca7cdd450ea9f6294104eb55513999728b730f9ddb459ed8112e0de49aea8fab007c13549d1291dd3f6863a3fbc739b23332a57b58aa392d678ab5b6a4bc0105081cbee77ec4206e29cadbaaf56d30bf5a4444ec1ee708169ff8fa0c8e1504fdd23b203daeefadd9970b9ae876356bf3db75adc3e6affbbf66944f0d51fdc3481b691a6bfa4d1191812e4bee0901315b325e848ff64238cfeb67e34f5346ede0bca2917d0a00d66d", 0xce}], 0x5, &(0x7f0000007800)="069bbbd26fc1d2c56a10bfdd6aa9f52f9e4fa127fc634b339135f763fa1fbe959a17178c398d935807c3c27cd4394df0c8b51ad621bfe9dc2351aeb6187d9d121f00d4b1edfbe66e835e3d2f523fc09c41b220af0d0c2b07683d26371702b51dd75a9458966e5ee2643ff87c081739c70a76a1d0a1407e7d337ae158844d7aaaff5d63088b709e91ac1abc8f2956", 0x8e, 0x8804}, 0x20000804)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000007940), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000007980)=<r3=>0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000007a40)={&(0x7f0000007900)={0x10, 0x0, 0x0, 0x200010}, 0xc, &(0x7f0000007a00)={&(0x7f00000079c0)={0x1c, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000884}, 0x4040000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000007a80)={0x8, 0xffff, 0x1, 'queue0\x00', 0xfffff800})
fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000007b40))
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000007d40)={&(0x7f0000007b80)={0x10, 0x0, 0x0, 0x40000204}, 0xc, &(0x7f0000007d00)={&(0x7f0000007bc0)={0x108, 0x0, 0x2, 0x3, 0x0, 0x0, {0x2, 0x0, 0x4}, [@CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x2}, @CTA_EXPECT_TUPLE={0x90, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @rand_addr=' \x01\x00'}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}, @CTA_EXPECT_MASK={0x38, 0x3, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}]}, 0x108}, 0x1, 0x0, 0x0, 0x4000}, 0x4000884)
unshare(0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007d80)='./cgroup.net/syz1\x00', 0x1ff)
r4 = socket$netlink(0x10, 0x3, 0xf)
accept4(r4, &(0x7f0000007dc0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000007e40)=0x80, 0x0)
socket$kcm(0x29, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000007e80)='./cgroup.net/syz0\x00', 0x200002, 0x0)
modify_ldt$read(0x0, &(0x7f0000007ec0)=""/13, 0xd)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000007f40), r1)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f0000008000)={&(0x7f0000007f00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000007fc0)={&(0x7f0000007f80)={0x30, r6, 0x4, 0x70bd29, 0x25dfdbff, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x22004040)
recvmsg$unix(r1, &(0x7f0000009800)={&(0x7f0000008040)=@abs, 0x6e, &(0x7f0000009600)=[{&(0x7f00000080c0)=""/115, 0x73}, {&(0x7f0000008140)=""/190, 0xbe}, {&(0x7f0000008200)=""/228, 0xe4}, {&(0x7f0000008300)=""/4096, 0x1000}, {&(0x7f0000009300)=""/92, 0x5c}, {&(0x7f0000009380)=""/151, 0x97}, {&(0x7f0000009440)=""/201, 0xc9}, {&(0x7f0000009540)=""/144, 0x90}], 0x8, &(0x7f0000009680)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [<r8=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x150}, 0x100)
r9 = openat$incfs(r8, &(0x7f0000009840)='.pending_reads\x00', 0x131001, 0x10)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r9, 0xc0189377, &(0x7f0000009880)={{0x1, 0x1, 0x18, r7, {0x8, 0xc8}}, './file0\x00'})
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000009900), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000009940)={'wpan0\x00', <r12=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(r10, &(0x7f0000009a40)={&(0x7f00000098c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000009a00)={&(0x7f00000099c0)={0x3c, r11, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r12}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x50}, 0x2000000)

8.941843217s ago: executing program 0 (id=257):
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1)
mount$nfs4(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='rdma', @ANYBLOB=',smackfshat=*'])
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000201c1b100c00000000000109022d000100006000090400800203000000092106040001220500090581032000090807090502"], 0x0)
syz_usb_connect$uac1(0x5, 0xa3, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x91, 0x3, 0x1, 0xe, 0x20, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xa, 0x37}, [@selector_unit={0xb, 0x24, 0x5, 0x6, 0x7f, "b8a3ca06e83a"}, @selector_unit={0x8, 0x24, 0x5, 0x5, 0x80, "4a3fac"}, @extension_unit={0xa, 0x24, 0x8, 0x4, 0x1000, 0x7, "40913f"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x0, 0x7, 0x2, {0x7, 0x25, 0x1, 0x81, 0xb, 0x7b}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x5, 0x4a, 0x1002}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x5, 0x3, 0xd, 0xfa, "de04dd", "b07951"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x7f, 0x7, 0xff, {0x7, 0x25, 0x1, 0x0, 0xf, 0x5}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x4, 0x5, 0xd5, 0x20, 0x2}, 0x24, &(0x7f0000000080)={0x5, 0xf, 0x24, 0x2, [@ssp_cap={0x18, 0x10, 0xa, 0x3, 0x3, 0x5, 0xf00f, 0x7, [0x3f, 0xc000, 0xf]}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x0, 0xc, 0x400}]}, 0x6, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x380a}}, {0xbe, &(0x7f0000000200)=@string={0xbe, 0x3, "5ca0e41c90175618f3e3064eefa270e3cb43a8c988e3563026b2be83f8928e10e86cb5d77b0ee31dd105abd346b51b686b2c679d339b9d6c613ace9cc559c0e175287a8f5beba691798da0f0b584528c159d0a099df9709a8c3bbbcd2062e62c8c6fb64dddb4381d00509e4b3552026108d459a9d0aa4a8c08f55facf059d2ddaf28fa14ead350e2a96b61f0afb014079204ecdc3b1a29f706ef1f1fd9907efc8a6be91ad6357ad5d294c2a84a5eb9c53965c884dfb9b1057e9defd9"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x500a}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x400a}}, {0xf3, &(0x7f0000000400)=@string={0xf3, 0x3, "f50b48a2f84b4200aff67a7a201e65077d1dd05e4b066f4cac560221b3f42133ad317493ee8f77bdd9a256940b5dd6ba7fe83ad524889559138f27f50d57ac8deddb016c098f9207b9a192c827bdca7ba0c793e40bebe9781332452b6644fef2917610c755bfa6a32ce842be7f625dbee916f953400b5dd08a61b6654119f63c8429f619647e15bf21152be4a69e09b41d9ba98bbe1f97f0f1bcd8a963b4d1080854fa6d4d6f2a9bfc92c61b5ee1f8d2d0c3dbf75eed4ee1387ac94271c623f5a38db1e18ce3d9cf9a4da14b5876563b97655310c2045db3f6c78a6ac90584b8862e51470d1f95e90429647afa39a249aa"}}, {0xee, &(0x7f0000000500)=@string={0xee, 0x3, "cb33fdb5a59e03e700f313a614ebf929d5adfa84db959c82128f3116c2ad69ce35106f078a8837b6de545519271151d594f73ba4196d90ecdb2e1402ab047b7a7cd8cd41b5d5ce99d387c08389f9bcee5303708ddabaa9272a0000657210fc93ef3d5d69b462ca2f3c5af3a7cf793790176240b38eac0e77168aa8e52cd84025affc3c713cfbca34f90ba938d350c189fdf3511f7dea74820408f3b18596fd810e2d1539080feaf48eab250066ec3487a87b4621e28b68e7ac6397183d662225eb387f1963cbc73227aded382f075efc21ea7fa4dc03100e8c7cb68403d95b1c3ec5752cc62feb492bdb8d23"}}]})
syz_usb_connect$cdc_ncm(0x5, 0x8d, &(0x7f0000000680)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7b, 0x2, 0x1, 0x46, 0x30, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "d580"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x8, 0x8, 0x6}, {0x6, 0x24, 0x1a, 0x8a}, [@mbim_extended={0x8, 0x24, 0x1c, 0x2, 0x0, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x1000}]}, {{0x9, 0x5, 0x81, 0x3, 0x3df, 0x5a, 0x44, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x5, 0x1, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0xcb, 0x0, 0x9}}}}}}}]}}, &(0x7f0000000b00)={0xa, &(0x7f0000000740)={0xa, 0x6, 0x110, 0x5, 0x18, 0xa0, 0x8, 0x5}, 0xdf, &(0x7f0000000780)={0x5, 0xf, 0xdf, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x1, 0x2, 0x922b}, @generic={0xb4, 0x10, 0x4, "55f6b87c983358eb2f72c33bc59ce95f6c621e92773d9bda90b6328c9719e837cdf67139914f04a6bd601b8b5e848cd49ed457f0139e1869d2b0652e7c5fbfc66720f495e38fb0c95368d5e12c29b0fc7edccae62c5b539e5d33beb26c21105756051a2315cde731830acc5f090e63d542311c02f080406f3c385bc0e6f18123068020b8d5c5058a5ebda2172630994996384ef810af1dccc9207e9f210f3dc22b429be9669ef199e3b0fa615ba02349dc"}, @generic={0x8, 0x10, 0xb, "88a19f275c"}, @ss_container_id={0x14, 0x10, 0x4, 0x80, "b204b9bdbe0678e830614951ae8719cd"}]}, 0x7, [{0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x380a}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x426}}, {0xaf, &(0x7f0000000940)=@string={0xaf, 0x3, "e963366c4d1e916a8bf86ea513aec957e5970dafda76d31c89a4b656c8d0ee0e976cdfb80eb1e3aacb7073121f62d9b5a9492ca6203b7908d7adbfbf5abd21e0948fb843e0896bb33707721bcd58df7831cfc39ddd0f29e080e09f65b547990279eef4f019198488a72d7db6e4802622e87e5a878211733467b848698c2c595fc06159b8b400bf15588afc96c48626db5cb1c3deb43a83447ed98c6baaad9e9d21e8d89b5d639890a61644069f"}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x1001}}, {0x1e, &(0x7f0000000a40)=@string={0x1e, 0x3, "54619fb013f332e0bb682b722e6d999b137dafd18a13db2e4efc01c0"}}, {0x46, &(0x7f0000000a80)=@string={0x46, 0x3, "5808786536df270b260cf6338238ea24e029a9ce81ed0458431d16fdfabe23ea68e4880043099c53aa9edbbe5ff3eb2a9c09ce329f8c9dddfa16f3ff601bcb2206f00fd4"}}]})
syz_usb_control_io(r0, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f00000003c0)={&(0x7f0000000140), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x20, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x7, 0x24}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x8805}, 0x1)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x20000000000014, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001600)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_BMAP(r4, &(0x7f0000000640)={0x18, 0x0, r5, {0x10001}}, 0x18)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @remote, 0x12}, r3}}, 0x30)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180))
write$RDMA_USER_CM_CMD_BIND(r6, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @dev={0xfe, 0x80, '\x00', 0x25}}, {0x2, 0x4e23, 0xe0000000, @remote, 0xffffffff}, r3, 0x9dffffff}}, 0x48)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000015c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x6}}, 0x20)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

8.386581798s ago: executing program 4 (id=258):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00', {0x0, 0x0, 0x0, 0x1000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001600350b27bd7000fcdbdf2501000000d970381e9d1f971ec0ca894a676733edba70c353af2c7559a458be88bd6e4616f24693fb67aee84e554f1fde650f25f8af6b50ec55f17230757d4e01dc1c3aacc96201049bbd1a2a77bfac3431eee8a4876af9ca8d22e1f95913800fea0f5d5f288dc3f37caea2d5d065894d3c34802eb719fddb4a7e618175f2a353bb9726fcb570f02f924dfaed36103a8e5ac87d8355fb1464cf7fe03d3d823084274744b4875c6e5af30802cadbe16ce11fc9dc131c3b"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4004)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000480)={0xa10000, 0x1, 0x5, 0xffffffffffffffff, 0x0, 0x0})
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)

8.312316292s ago: executing program 1 (id=259):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
r1 = socket$tipc(0x1e, 0x5, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffff9c, 0x0, 0x143240, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x5)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8926, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bind$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
listen(r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f00000003c0)=ANY=[@ANYBLOB="050000000000000071117200000000008510000002000000850000000000000095000000000000009500a5058240c34f786574f25447e6392f58000082a7"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
syz_usb_connect(0x2, 0x36, &(0x7f0000001580)=ANY=[@ANYBLOB="120100000001b040d80408fdb1590000000109022400010800000009000000000a5f92400900"/54], 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r6, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0)
accept4(r1, &(0x7f0000000280)=@xdp, &(0x7f00000001c0)=0x80, 0x80800)
connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}, 0xa)
connect$bt_rfcomm(r0, &(0x7f00000000c0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6}, 0xa)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

7.27023986s ago: executing program 2 (id=261):
r0 = socket$netlink(0x10, 0x3, 0xf)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1) (async)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1)

6.129637775s ago: executing program 2 (id=264):
socket(0x200000000000011, 0x2, 0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="2000000000000000840000000200"], 0x50, 0x810}, 0x4000040)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1700000000000000040000000300000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000030000000000f8ffff00000100000000020000fd71626f3e4f3ea93afdffffffffffffff154f84e9dda1c0d89b5629a9b33fd6cb29479d56f03cde540b2ed3b4f27cac7eb97c59af860000000200000014bcb345052b213e7dfae4f2e18e38e572a74c431dd5561212406c8d37c2dc"], 0x48)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001a00010000000080fbdbdf250a808000fc00000000000000080003e9", @ANYRES32=0x0, @ANYBLOB="08000f0032000000"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20000050)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010003000000140012800b0001006d6163736563000078ff028008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0)

5.853202853s ago: executing program 2 (id=265):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000b00007910000000000000c310001001000000950074000000000031fb0d3a42319fa204399d17d34e075fdcda533ab1aa71ab1d764152e6cb25dadc7ded5dbe11b60ac5ea9fca11027d19e93adb603deb92de3141e8fd7ac5b87a2070213cdfdc5d6c4890cdeb50347c32060581172b94c6ba22a2b58eb6cbad46ed6e7965a2ba5fc4a5a17d103b0b36f790bb41931f9a3d4dd127c1b4e49f7468f5e603950c"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xfffffffc})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000002340)={'HL\x00'}, &(0x7f0000002380)=0x1e)
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x20000000, 0x40800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0), 0x0, 0x0})
r5 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0)
pread64(r5, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000000f02000000000000bc26100000000000bf67200000000000160200000fff07006702000007000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r6, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x5, "0100"})

5.387225304s ago: executing program 3 (id=266):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x100001, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x3c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x2}, @TCA_FQ_PLIMIT={0x8, 0x1, 0xd5}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000040}, 0x20040040)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000079126f000000000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.578934583s ago: executing program 2 (id=267):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x42046}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)=""/130, 0x82}, {&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/112, 0x70}], 0x5}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)

4.346157631s ago: executing program 3 (id=268):
r0 = socket(0xa, 0x3, 0x3a)
r1 = fsopen(&(0x7f0000000180)='bdev\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r3, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCETHTOOL(r0, 0x89ff, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x10, 0x0, 0x20040001, 0x0, 0xd5, 0x4000, 0x868, 0xa1, 0x1}})
ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, &(0x7f00000004c0)=""/172)

4.06945852s ago: executing program 4 (id=269):
r0 = socket(0x11, 0x800000003, 0x0)
r1 = userfaultfd(0x80001)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000200)={@any, 0x1})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
io_setup(0x8, &(0x7f0000004200)=<r3=>0x0)
r4 = gettid()
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000881}, 0x0)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
ptrace(0x4208, r4)
io_submit(r3, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001c00070d000000000000020007000000", @ANYRES32=r0, @ANYBLOB="800087000a0002"], 0x28}}, 0x0)

4.034151976s ago: executing program 0 (id=270):
r0 = socket(0x18, 0x3, 0xfb)
recvmsg$can_raw(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2) (async)
recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0xc, 0x0, 0x0, 0xffffffffffffffff, 0xfe7b}, 0x2}], 0x1, 0x10040, 0x0) (async)
ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000000)={0x6})

3.982177911s ago: executing program 3 (id=271):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r0, &(0x7f0000000a00)='syz0\x00', 0x1ff)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da7d3f10cd06090104250102030109021200010000000009041e800009651e00", @ANYRES16=0x0], 0x0)
socket(0x8, 0xa, 0x1cb3b75f)

3.822225617s ago: executing program 0 (id=272):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0xffffff79)
capset(0x0, &(0x7f0000000500)={0x8, 0x9, 0x4, 0xa, 0x10000cda, 0x7})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r6, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
r7 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100), &(0x7f00000003c0))
io_uring_enter(r7, 0x2def, 0x0, 0x0, 0x0, 0x0)
connect$inet(r6, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r6, &(0x7f0000000500)="88", 0x1, 0x0, 0x0, 0x0)
splice(r6, 0x0, r5, 0x0, 0xfea8, 0xa)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400000034029507a993162d0042"], 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x4000010)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r9, 0xc0403d08, 0x0)

3.741139582s ago: executing program 4 (id=273):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000085e048e0000000000000109022400010000800f0904000004030000000921faff090122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x44e, 0x120c, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x50, 0xe, [{{0x9, 0x4, 0x0, 0x8c, 0x1, 0x3, 0x1, 0x1, 0x6e, {0x9, 0x21, 0xc, 0x1, 0x1, {0x22, 0x107}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xa, 0x1, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x8, 0x6, 0x7e}}]}}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0xf8, 0x40, 0x8, 0x20, 0x2}, 0xc, &(0x7f0000000080)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x4, 0x0, 0x2}]}, 0x3, [{0x7e, &(0x7f00000000c0)=@string={0x7e, 0x3, "5ca8f5baebd5a1ff77cd4f9b64fe43d2078d43201c7ed4faa1c69ec7e358d2f35449dca581aeae329d76f697a64c9efff8cb330b24c8322cf2d47acd98f15f931d5b93a05a8192a49ea95d090fad8de35bb77d404ccf3d67c7758cf6de6adb102a7fdcaab42d19987f04b8b19628ee2f148f72ed4b519410ed954f95"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x180c}}, {0x2c, &(0x7f00000001c0)=@string={0x2c, 0x3, "96be32712bb02a80187c2603138580ce8b526f31a66ca180c3dd76eee134e7a2d268b95130b029a21552"}}]})
syz_usb_connect$printer(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x40, 0xc, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x7, 0x1, 0x1, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x8, 0x6}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x8, 0xfe, 0x5}}]}}}]}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x300, 0x36, 0x6, 0xe, 0x40, 0x5f}, 0x7b, &(0x7f0000000300)={0x5, 0xf, 0x7b, 0x5, [@generic={0x43, 0x10, 0x1, "bed0418581be1acdbdc64483c7f3b892e20d2b661ef2aa39a77efdfc6683876e174277f840ce2b794866c0dc38921679224784a66f1318d7a7379fc642e02d49"}, @wireless={0xb, 0x10, 0x1, 0xc, 0xc, 0x0, 0x1, 0x400, 0x5a}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "644bf583c90861923b1d3747d05f6ac6"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x7, 0x3a, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x1d, 0x9, 0x5}]}, 0x1, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x455}}]})
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r0, @ANYRES8=r0, @ANYBLOB="acb9345f8bc6932aa9230ed171d098eef7406fb3407afd933d98ead03d73312172d82cda4a1d8975ab9e0652924903797292be9a5132923d80bdf64bdf5d5a102e8680e71ddb44757ca4ef6bd60f9df16b8d0c396fdc40488b70313184729573a8dea757ba6a9198ae1599753511124cad860fef2b5b738767f785c9c70a66f65bb48fa2543ebc924767d812c69ef9630973b588cabb0992ef8b0f1a32f35e2aad2763e517faa964319b72defb5746b01bd37beefa9bb1a3241a467355dbd9e00db635f193c76d464dc0e4129c0a416191106c3c0490f1e2c889d01f5f708dd801723440f126e4f30775c766203e24be42748bb021504269176e", @ANYRESHEX=r0, @ANYRES64=r1, @ANYBLOB="bbf914088c6b5bb3e662ce5bde8f4922b88d7ea76c7e148fc6ae64f9af0998119556f95ce0437f73bc2613b5327230022e1ed08e44335d7c3eb2a1156f4cf5dadc7907d1a037d21328a8e56bba13", @ANYRESHEX=r1], 0x0}, 0x0)

2.815520705s ago: executing program 0 (id=274):
r0 = syz_usb_connect(0x3, 0x73, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000396d0940fd101315ce7e0102030109026100010000000009040001"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0xc000)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x18, 0x6, 0x0, @private1, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x2}, @generic={0xfe, 0x2}]}}}}}}}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

2.753812391s ago: executing program 2 (id=275):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000000740)=[{&(0x7f0000000440)=""/113, 0x71}], 0x1, 0x401, 0x0)
ioctl$NBD_DISCONNECT(r1, 0xab08)
r2 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x4000, 0x1, 0x31}, 0x18)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r7=>0x0})
ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000280)={'ip6_vti0\x00', 0x800})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x30, r5, 0xa11, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x6}, @NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL={0x6, 0x19, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0xc8)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, r3, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x23d3, 0x2f}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x800)
listen(r0, 0x4)

2.699959236s ago: executing program 1 (id=276):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xfce1)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x8000000003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x1, 0x0, 0x7fff0000}]})
r4 = socket$inet6(0xa, 0x3, 0x6)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x5f, 0xc3, 0x89, 0x40, 0x403, 0xda71, 0xa295, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8, 0x0, 0x1, 0xf1, 0x3d, 0x4f, 0x0, [], [{{0x9, 0x5, 0x5, 0x3, 0x200, 0x3, 0x2}}]}}]}}]}}, 0x0)
sendmmsg(r4, &(0x7f0000001b00)=[{{&(0x7f0000001780)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x80, &(0x7f0000001880)=[{&(0x7f0000001800)="a5fc8834c180c72221ac6cb8326eb887d7ed5a872c81a89ce53a9eb3a38cb6918d322baa6e23f713380fe516e1bc64e4b4ddb89cabf1ef83bf76e46f1e0330f8ca480bede8eb22b0b53a3d05c45f78", 0x4f}], 0x1, &(0x7f00000018c0)=[{0x10, 0x117, 0x7}], 0x10}}], 0x1, 0x44084)
close_range(r3, 0xffffffffffffffff, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRESDEC=r5, @ANYBLOB="010027bc7000ffdbdf2507000000180001801400020076657468315f746f5f626f6e64000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4004)

2.658626259s ago: executing program 2 (id=277):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000480)=ANY=[@ANYBLOB="04000000000096dfb0ba6ba786b10000000000000800000000000000030000000000000000000000000000000000000000000000050000ffff00000000000000c7dd707f000000000000000000000000000000000000000001000000000000000000000000000000000000000000e394788d0000000000000000000000000000000000000300000000000000fcffffff0000000000000000fc0700"/168])

1.628578469s ago: executing program 3 (id=278):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x240000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x54)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
unshare(0x22020600)
r6 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x4)
readv(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000240)=0x14)
ioctl$IMDELTIMER(0xffffffffffffffff, 0x80044941, &(0x7f0000000040)=0x1)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7})

1.229615687s ago: executing program 4 (id=279):
r0 = fanotify_init(0x16, 0x0)
r1 = memfd_create(&(0x7f00000007c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x96k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xeb\xaf\xaa\xee\'t\xbe\x9b\rln\x7f\xab\x8d\xac\x06\x00\x00\x00\x00\x00\x00\x00\x9bY\xd9\xd4\xc6A\x84\x9d\\\xc4\x0e\xf4\bO\x80\xaa\r\b\xc0\xb9\x84\xd0,\'\xc5p\xb6 \x03\x12\xca\xef\x02f\xa2\x9d\x96\xa7{\x9d\xf0\xe2,T\x13\xc4W*\xd5\xeaX\x8c\xb3\x81\r=\"\xe1\xf2\xc9^\x90\xc1\xaa\xb6\xb8\xad\x04\x13\xe7\x04\x1b5qMnI-\xeaA\x1a\xd9-%!\x0f\ab\x1e\xab\a\xe4\xd4E\xf9\x8f\xd2\x05\xfd\xa7I\xf9#8\xf6bc\x1bl\xb2\xcb\xf9rc)&\x1d\xce\x970\x01\xbb\xcb@\xd8Y\xb9\x93=7\f9\xe5`\xb3\xf3=;\xe3E[\x12?\xe2n\xd0\x05\x98\x1c6F;fp\xce\xcfH\xaf\x93\x1e\x8e\x88\xfdx\xd9\x03,B\xd1L:\xaf!\x81\x03\x18\xa1\xf3\x87\x18\x83\xc0\x7fJ+\xe0N\xa8>7}a\x91y\x19\x13\xf6\xee.j\xdbh\x00&$\xf8e\x01\xa6\x0e\a\xcf\xaeq\xae\xbc\x94\x88eidE\xf9\xb9\xaa\x14U\t\xf4\xe27\xf9\xf5\xb2/\xa3\xafX\xd1\xf3v\x85z\x1b?)\f\xf8>\xa7C\xdfW\x80\xc5\xed\xbbPM\x9b\x1b*\'O\x7f@%Q\x8c\x98\x7f\xffd\xc2VY\xf4\x9b\xf3\x80\xed\x13m\x15\x86\x9d\xa1\xa8\xae\xa9fsLp\x1f.\x11\x83K\x18k\xf4\x8e\xc6>B!\xca\xe4\xd4\x1f\xe0F\x01\b\xb2\x0fK\x8e\xfbv\x00Yh<\xd0\x85\xcbn\x17\x9a\x8b\xa4\x04p\xe1\xfd\xf1\xb9\xf2\x94\x81\xe5v\xf6\x8dY\xd9\r_\xe4\x00\xfcb\xff=\x9fQC\xcf\x8c\x97\xd1@\xeem\x992U\x01\xb5\x15\x00\xfa\x11\xa1\xfc\xe4\xc8\v\x90\xbf\x1f\x11\xc4t\x91Z\xbb[\xe0?\xa6pV\xa3\xba\xbe\xde\xda\xb3~&~]', 0x1)
r2 = dup(r1)
eventfd2(0x5, 0x80000)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x17, 0x0, 0xff, r4}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0)
r5 = syz_io_uring_setup(0x27f0, &(0x7f0000000340)={0x0, 0x400000, 0x10100, 0x400001, 0x28c}, &(0x7f0000000080), &(0x7f0000000000)=<r6=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0)={0x0, 0xd762, 0x100, 0x0, 0x134, 0x0, r5}, &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r5, 0x8184c, 0x0, 0x9, 0x0, 0x0)
fanotify_mark(r0, 0x1, 0x3, r2, 0x0)
write$binfmt_format(r2, &(0x7f00000000c0)='1\x00', 0x2)
execveat(r2, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x90)
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r8)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r9, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000019140)={[&(0x7f0000000380)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x03\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\xdch\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc']}, &(0x7f0000019100)={[&(0x7f0000000200)=' ']})

472.304667ms ago: executing program 0 (id=280):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00', {0x0, 0x0, 0x0, 0x1000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x45c)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001600350b27bd7000fcdbdf2501000000d970381e9d1f971ec0ca894a676733edba70c353af2c7559a458be88bd6e4616f24693fb67aee84e554f1fde650f25f8af6b50ec55f17230757d4e01dc1c3aacc96201049bbd1a2a77bfac3431eee8a4876af9ca8d22e1f95913800fea0f5d5f288dc3f37caea2d5d065894d3c34802eb719fddb4a7e618175f2a353bb9726fcb570f02f924dfaed36103a8e5ac87d8355fb1464cf7fe03d3d823084274744b4875c6e5af30802cadbe16ce11fc9dc131c3b"], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4004)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000480)={0xa10000, 0x1, 0x5, 0xffffffffffffffff, 0x0, 0x0})
ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)

432.431225ms ago: executing program 1 (id=281):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1d, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000003900000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe93, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

411.068322ms ago: executing program 4 (id=282):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x2)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000080), 0x2, 0x0)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710447000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r2 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
preadv2(r1, &(0x7f0000000180)=[{&(0x7f0000000340)=""/157, 0x9d}], 0x1, 0x1, 0x4, 0x10)

226.975105ms ago: executing program 3 (id=283):
r0 = io_uring_setup(0x7aa7, &(0x7f00000005c0)={0x0, 0x0, 0x800, 0x0, 0x221})
close_range(r0, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000440)={<r1=>0xffffffffffffffff})
sendmmsg$sock(r1, &(0x7f00000044c0), 0x4000000000001c0, 0x0)

162.227401ms ago: executing program 1 (id=284):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xef0e, 0x0, 0x0, 0x0, 0x200})

46.334998ms ago: executing program 3 (id=285):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000100)={0x5b, 0xa, 0x0, "93bba551042af768810fa32fa3ccbaf1121823a6dc898168d8b3c3945d8636cf"})
socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
r2 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0xcc002)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
syz_emit_ethernet(0xbe, &(0x7f0000000400)=ANY=[@ANYBLOB="3863e5ca668f0000000040e4053a7fcfb8aef6087f79f00cc9b65ceee1a9914125cd861e3e3041a15afd5b75692117fdf8372edd19089659ef20aff4c4425c1555d0fbefa52f849fe7e4a58e8ad9153ffbb101846c6e3ad1eb301645a756ebe8f9150a180757c3e415f52a98ca4a9dec421cfc31150013d9faef45b4c488765a678ff9efe5d7339c3acffb10e7c2d4abe6940d60c38466f542501cc5a3ed89a0177d342bac470e262c67db4eb3dcaf392f6386ede22b21a9a22496ee02eca122f4fb7376999692220c1d62bbf6607e6bfe7a1532", @ANYRESDEC=r2, @ANYBLOB="c5bd5e32aa92e77da486912e4009931c8c81c5047dcd6177befcebb00988a97a1e1a295c4674a523c96cf294a6f17268df1b65d258b661cd8e03049e35e2c359986d71fa01da57361224643db41d8c85fb7988c307b038868bcc621788e66e307ea5640b5ffbecfc79198c7cccb6a1d6768a0cc5996ed7ebe9e457eac4d573c9cedf16"], 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00')
pread64(r5, &(0x7f0000000280)=""/86, 0x56, 0x8f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xd}, 0x18)
syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x4040)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, 0x0, 0x4008800)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000440)={'pcl726\x00', [0x4f27, 0x7a, 0x10000, 0x4, 0x5, 0x5, 0x3, 0x7, 0x54c6cff3, 0xfd, 0x2, 0xb, 0x1, 0x1, 0x2, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e58, 0x3, 0xe62, 0x0, 0x8, 0x4086, 0x0, 0xfffffff8]})
connect$qrtr(r3, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
close_range(r2, r3, 0x0)
bind$l2tp6(r1, 0x0, 0x0)
r8 = open_tree(0xffffffffffffff9c, 0x0, 0x89901)
move_mount(0xffffffffffffffff, 0x0, r8, 0x0, 0x46)
fsopen(&(0x7f0000000180)='proc\x00', 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000300)={0x9, 0x2, 0x1})

0s ago: executing program 1 (id=286):
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x3231564e, 0x3, [0x2], [0x80ffff], [], [0x400000000000001]})
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000240)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) (async)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x3231564e, 0x3, [0x2], [0x80ffff], [], [0x400000000000001]}) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[], 0x0) (async)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000240)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) (async)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts.
[   81.964995][ T5828] cgroup: Unknown subsys name 'net'
[   82.102020][ T5828] cgroup: Unknown subsys name 'cpuset'
[   82.111569][ T5828] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.951010][ T5828] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.645814][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.650367][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.654362][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.661516][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.668560][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.675540][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.683750][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.690171][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.696943][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.703890][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.794338][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.802809][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.810952][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.821610][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.829953][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.845362][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.868925][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.871558][ T5157] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   88.885605][ T5157] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.894648][ T5157] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.902825][ T5157] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.922325][ T5157] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   88.931751][ T5157] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   88.948269][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   88.956253][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   89.507742][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   89.571043][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   89.714211][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   89.837582][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   89.856345][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.866487][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.874816][ T5840] bridge_slave_0: entered allmulticast mode
[   89.883445][ T5840] bridge_slave_0: entered promiscuous mode
[   89.937885][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.945226][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.952832][ T5840] bridge_slave_1: entered allmulticast mode
[   89.960761][ T5840] bridge_slave_1: entered promiscuous mode
[   90.033679][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.041791][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.049223][ T5850] bridge_slave_0: entered allmulticast mode
[   90.056477][ T5850] bridge_slave_0: entered promiscuous mode
[   90.104145][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.113891][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.121519][ T5850] bridge_slave_1: entered allmulticast mode
[   90.130350][ T5850] bridge_slave_1: entered promiscuous mode
[   90.140714][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.206795][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.216216][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   90.242513][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.250077][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.257264][ T5838] bridge_slave_0: entered allmulticast mode
[   90.264618][ T5838] bridge_slave_0: entered promiscuous mode
[   90.319321][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.326584][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.334760][ T5838] bridge_slave_1: entered allmulticast mode
[   90.343054][ T5838] bridge_slave_1: entered promiscuous mode
[   90.391327][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.443086][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.469802][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.484424][ T5840] team0: Port device team_slave_0 added
[   90.501100][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.510806][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.518286][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.525468][ T5848] bridge_slave_0: entered allmulticast mode
[   90.532739][ T5848] bridge_slave_0: entered promiscuous mode
[   90.542287][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.549525][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.556721][ T5848] bridge_slave_1: entered allmulticast mode
[   90.564720][ T5848] bridge_slave_1: entered promiscuous mode
[   90.599460][ T5840] team0: Port device team_slave_1 added
[   90.608711][ T5850] team0: Port device team_slave_0 added
[   90.650098][ T5850] team0: Port device team_slave_1 added
[   90.731023][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.748331][ T5845] Bluetooth: hci1: command tx timeout
[   90.748454][   T51] Bluetooth: hci0: command tx timeout
[   90.787302][ T5838] team0: Port device team_slave_0 added
[   90.810812][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.834289][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.841962][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.868570][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.882939][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.890167][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.916451][   T51] Bluetooth: hci2: command tx timeout
[   90.916689][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.933869][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.941477][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.948707][ T5852] bridge_slave_0: entered allmulticast mode
[   90.956211][ T5852] bridge_slave_0: entered promiscuous mode
[   90.965749][ T5838] team0: Port device team_slave_1 added
[   90.972443][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.979595][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.988160][   T51] Bluetooth: hci4: command tx timeout
[   91.006333][ T5845] Bluetooth: hci3: command tx timeout
[   91.018565][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.054761][ T5848] team0: Port device team_slave_0 added
[   91.063012][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.070733][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.078466][ T5852] bridge_slave_1: entered allmulticast mode
[   91.085602][ T5852] bridge_slave_1: entered promiscuous mode
[   91.107257][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.114398][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.141405][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.164866][ T5848] team0: Port device team_slave_1 added
[   91.243166][ T5840] hsr_slave_0: entered promiscuous mode
[   91.255915][ T5840] hsr_slave_1: entered promiscuous mode
[   91.303395][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.310718][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.337154][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.368318][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.375462][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.401536][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.415569][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.426153][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.433757][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.460187][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.489272][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.496301][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.522469][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.536027][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.593736][ T5850] hsr_slave_0: entered promiscuous mode
[   91.600777][ T5850] hsr_slave_1: entered promiscuous mode
[   91.606852][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.615472][ T5850] Cannot create hsr debugfs directory
[   91.664926][ T5852] team0: Port device team_slave_0 added
[   91.721598][ T5852] team0: Port device team_slave_1 added
[   91.755025][ T5848] hsr_slave_0: entered promiscuous mode
[   91.762274][ T5848] hsr_slave_1: entered promiscuous mode
[   91.769361][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.776983][ T5848] Cannot create hsr debugfs directory
[   91.865084][ T5838] hsr_slave_0: entered promiscuous mode
[   91.872083][ T5838] hsr_slave_1: entered promiscuous mode
[   91.879361][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.886952][ T5838] Cannot create hsr debugfs directory
[   91.893400][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.900577][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.927095][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.940211][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.947287][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.974117][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.197435][   T24] cfg80211: failed to load regulatory.db
[   92.260066][ T5852] hsr_slave_0: entered promiscuous mode
[   92.266590][ T5852] hsr_slave_1: entered promiscuous mode
[   92.273165][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   92.280877][ T5852] Cannot create hsr debugfs directory
[   92.658266][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.694605][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.712979][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.741760][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.804808][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   92.819263][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   92.828082][ T5845] Bluetooth: hci0: command tx timeout
[   92.838179][ T5845] Bluetooth: hci1: command tx timeout
[   92.860552][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   92.890526][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   92.951899][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.988335][ T5845] Bluetooth: hci2: command tx timeout
[   92.995172][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.010755][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.022870][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.069119][ T5845] Bluetooth: hci3: command tx timeout
[   93.074622][   T51] Bluetooth: hci4: command tx timeout
[   93.139058][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.151318][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.193998][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.215071][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.314436][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.341674][ T5852] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   93.377389][ T5852] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.410347][ T5852] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.443051][ T5852] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.464300][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   93.484530][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.535056][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.542562][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.560788][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.595209][ T2139] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.602439][ T2139] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.632641][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   93.646669][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   93.693269][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.700510][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.715684][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.722869][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.733564][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.742410][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.753615][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.760945][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.906766][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.006445][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   94.086324][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.093778][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.150615][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.157865][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.210725][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.333116][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   94.441216][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.448563][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.466945][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.474222][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.657442][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.673331][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.685295][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.908397][   T51] Bluetooth: hci1: command tx timeout
[   94.913881][   T51] Bluetooth: hci0: command tx timeout
[   94.943900][ T5838] veth0_vlan: entered promiscuous mode
[   94.987243][ T5850] veth0_vlan: entered promiscuous mode
[   95.019521][ T5840] veth0_vlan: entered promiscuous mode
[   95.037149][ T5850] veth1_vlan: entered promiscuous mode
[   95.055660][ T5838] veth1_vlan: entered promiscuous mode
[   95.068958][   T51] Bluetooth: hci2: command tx timeout
[   95.106013][ T5840] veth1_vlan: entered promiscuous mode
[   95.144622][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.153426][   T51] Bluetooth: hci4: command tx timeout
[   95.153471][ T5845] Bluetooth: hci3: command tx timeout
[   95.232749][ T5850] veth0_macvtap: entered promiscuous mode
[   95.279697][ T5850] veth1_macvtap: entered promiscuous mode
[   95.287154][ T5838] veth0_macvtap: entered promiscuous mode
[   95.303085][ T5840] veth0_macvtap: entered promiscuous mode
[   95.316218][ T5840] veth1_macvtap: entered promiscuous mode
[   95.343746][ T5838] veth1_macvtap: entered promiscuous mode
[   95.379216][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.399633][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.412173][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.437133][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.492864][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.506406][ T5850] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.524160][ T5850] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.535209][ T5850] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.550595][ T5850] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.564352][ T5848] veth0_vlan: entered promiscuous mode
[   95.596561][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.614694][ T5840] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.623984][ T5840] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.634189][ T5840] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.643902][ T5840] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.674775][ T5848] veth1_vlan: entered promiscuous mode
[   95.700788][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.770437][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.801629][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.810735][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.820061][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.930002][ T5848] veth0_macvtap: entered promiscuous mode
[   95.957041][ T5848] veth1_macvtap: entered promiscuous mode
[   95.976693][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.988512][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.070574][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.081821][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.126689][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.147097][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.160824][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.173661][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.220512][ T5852] veth0_vlan: entered promiscuous mode
[   96.240589][ T5848] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.255374][ T5848] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.264301][ T5848] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.274001][ T5848] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.319751][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.328015][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.359362][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   96.366415][ T5852] veth1_vlan: entered promiscuous mode
[   96.401924][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.424736][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.583705][ T5852] veth0_macvtap: entered promiscuous mode
[   96.612015][ T5852] veth1_macvtap: entered promiscuous mode
[   96.703425][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.727229][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.819032][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.980622][ T5963] input: syz1 as /devices/virtual/input/input5
[   96.996148][ T5845] Bluetooth: hci0: command tx timeout
[   97.002870][ T5845] Bluetooth: hci1: command tx timeout
[   97.148693][   T51] Bluetooth: hci2: command tx timeout
[   97.228457][   T51] Bluetooth: hci3: command tx timeout
[   97.234853][ T5845] Bluetooth: hci4: command tx timeout
[   97.462608][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.511656][ T5964] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[   97.527777][ T5964] netlink: 'syz.3.4': attribute type 4 has an invalid length.
[   97.550589][ T2139] Bluetooth: hci5: Frame reassembly failed (-84)
[   97.565322][ T2139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.581799][ T5852] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.591301][ T2139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.600893][ T5852] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.698964][ T5852] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.710802][ T5852] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.404775][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.433355][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.545986][ T5971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6'.
[   98.556036][ T5971] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6'.
[   98.928038][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   99.547765][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110
[   99.580464][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   99.887565][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  100.498028][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.167783][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.236047][ T5981] sp0: Synchronizing with TNC
[  101.588825][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.596811][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.629010][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  102.093305][ T5990] input: syz1 as /devices/virtual/input/input6
[  102.992667][ T5993] lo speed is unknown, defaulting to 1000
[  102.992802][ T5993] lo speed is unknown, defaulting to 1000
[  102.994900][ T5993] lo speed is unknown, defaulting to 1000
[  103.001571][ T5993] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  103.014364][ T5993] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  103.047736][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  103.134828][ T5991] tty tty4: ldisc open failed (-12), clearing slot 3
[  103.196532][ T5993] lo speed is unknown, defaulting to 1000
[  103.299063][ T5993] lo speed is unknown, defaulting to 1000
[  103.377836][ T5993] lo speed is unknown, defaulting to 1000
[  103.386018][ T5993] lo speed is unknown, defaulting to 1000
[  103.394478][ T5993] lo speed is unknown, defaulting to 1000
[  103.532846][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.772447][ T6000] syzkaller0: entered promiscuous mode
[  103.830623][ T6004] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[  103.858036][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.890099][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.899667][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.078042][ T6000] syzkaller0: entered allmulticast mode
[  104.085948][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  104.824583][ T6012] input: syz1 as /devices/virtual/input/input7
[  105.668582][ T6015] input: syz1 as /devices/virtual/input/input8
[  107.905011][ T6027] FAULT_INJECTION: forcing a failure.
[  107.905011][ T6027] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  107.958140][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.2.16 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  107.958170][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  107.958181][ T6027] Call Trace:
[  107.958190][ T6027]  <TASK>
[  107.958200][ T6027]  dump_stack_lvl+0x189/0x250
[  107.958229][ T6027]  ? __pfx____ratelimit+0x10/0x10
[  107.958252][ T6027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.958274][ T6027]  ? __pfx__printk+0x10/0x10
[  107.958299][ T6027]  ? __might_fault+0xb0/0x130
[  107.958333][ T6027]  should_fail_ex+0x414/0x560
[  107.958360][ T6027]  _copy_from_user+0x2d/0xb0
[  107.958389][ T6027]  snd_seq_oss_write+0x515/0x930
[  107.958431][ T6027]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  107.958459][ T6027]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  107.958487][ T6027]  ? security_file_permission+0x75/0x290
[  107.958515][ T6027]  odev_write+0x5a/0x80
[  107.958532][ T6027]  ? __pfx_odev_write+0x10/0x10
[  107.958551][ T6027]  vfs_write+0x27e/0xa90
[  107.958580][ T6027]  ? __pfx_vfs_write+0x10/0x10
[  107.958601][ T6027]  ? __fget_files+0x2a/0x420
[  107.958627][ T6027]  ? __fget_files+0x2a/0x420
[  107.958646][ T6027]  ? __fget_files+0x3a0/0x420
[  107.958667][ T6027]  ? __fget_files+0x2a/0x420
[  107.958699][ T6027]  ksys_write+0x145/0x250
[  107.958720][ T6027]  ? __pfx_ksys_write+0x10/0x10
[  107.958736][ T6027]  ? rcu_is_watching+0x15/0xb0
[  107.958763][ T6027]  ? do_syscall_64+0xbe/0x3b0
[  107.958789][ T6027]  do_syscall_64+0xfa/0x3b0
[  107.958809][ T6027]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.958829][ T6027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.958849][ T6027]  ? clear_bhb_loop+0x60/0xb0
[  107.958881][ T6027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.958899][ T6027] RIP: 0033:0x7f07abb8ebe9
[  107.958917][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  107.958933][ T6027] RSP: 002b:00007f07acac1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  107.958955][ T6027] RAX: ffffffffffffffda RBX: 00007f07abdb5fa0 RCX: 00007f07abb8ebe9
[  107.958969][ T6027] RDX: 000000000000023c RSI: 00002000000001c0 RDI: 0000000000000003
[  107.958982][ T6027] RBP: 00007f07acac1090 R08: 0000000000000000 R09: 0000000000000000
[  107.958994][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  107.959006][ T6027] R13: 00007f07abdb6038 R14: 00007f07abdb5fa0 R15: 00007fffbd3b2348
[  107.959038][ T6027]  </TASK>
[  108.226990][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'.
[  108.233475][ T6031] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  108.275312][ T5926] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  108.407578][ T5926] usb 4-1: device descriptor read/64, error -71
[  108.458239][ T6038] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  108.474396][ T6029] netlink: 104 bytes leftover after parsing attributes in process `syz.1.17'.
[  108.582917][ T6040] Zero length message leads to an empty skb
[  108.591162][ T6029] netlink: 160 bytes leftover after parsing attributes in process `syz.1.17'.
[  108.605238][ T6041] capability: warning: `syz.0.21' uses 32-bit capabilities (legacy support in use)
[  108.647581][ T5926] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  108.788153][ T5926] usb 4-1: device descriptor read/64, error -71
[  108.898091][ T5926] usb usb4-port1: attempt power cycle
[  110.056064][ T5926] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  110.155174][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25'.
[  110.529113][ T5926] usb 4-1: device descriptor read/8, error -71
[  111.382226][ T6067] fuse: Bad value for 'fd'
[  114.107588][ T5843] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  115.360684][ T5843] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[  115.377865][ T5843] usb 2-1: config 8 has no interface number 0
[  115.384673][ T5843] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  115.563997][ T5843] usb 2-1: config 8 interface 177 has no altsetting 0
[  115.609863][ T5843] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  115.677217][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.767098][ T6082] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  116.223919][ T6102] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  117.498296][ T6106] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD�w�}�z
[  117.557196][ T5843] usb 2-1: string descriptor 0 read error: -71
[  117.569420][ T5843] ir_toy 2-1:8.177: required endpoints not found
[  117.608542][ T5843] usb 2-1: USB disconnect, device number 2
[  117.921208][ T6110] lo speed is unknown, defaulting to 1000
[  118.449741][ T6116] loop6: detected capacity change from 0 to 7
[  121.529805][ T6161] tipc: Started in network mode
[  121.566799][ T6161] tipc: Node identity 8a71066db8e4, cluster identity 4711
[  121.643201][ T6161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  121.696549][ T6166] binder: BINDER_SET_CONTEXT_MGR already set
[  121.719086][ T6166] binder: 6164:6166 ioctl 4018620d 200000000040 returned -16
[  122.197725][ T6169] tipc: Resetting bearer <eth:syzkaller0>
[  122.364697][ T6155] tipc: Disabling bearer <eth:syzkaller0>
[  122.603009][ T6182] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  122.897563][ T5888] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  123.882095][ T5888] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  123.958120][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.967415][ T5888] usb 1-1: Product: syz
[  124.908205][ T5888] usb 1-1: Manufacturer: syz
[  124.913142][ T5888] usb 1-1: SerialNumber: syz
[  124.961075][ T5888] usb 1-1: config 0 descriptor??
[  125.044014][ T5888] usb 1-1: selecting invalid altsetting 1
[  125.144137][ T5888] comedi comedi5: could not switch to alternate setting 1
[  125.177887][ T5888] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  125.338362][ T6207] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  125.358233][ T5888] usb 1-1: USB disconnect, device number 2
[  125.452732][ T6207] binder: 6206:6207 ioctl 8933 200000001100 returned -22
[  125.543501][ T6213] netlink: 48 bytes leftover after parsing attributes in process `syz.4.67'.
[  125.984954][ T6226] tipc: Started in network mode
[  125.990042][ T6226] tipc: Node identity 52c55d05f0dc, cluster identity 4711
[  125.997696][ T6226] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.122922][ T6226] tipc: Resetting bearer <eth:syzkaller0>
[  126.996593][ T6225] tipc: Disabling bearer <eth:syzkaller0>
[  127.617595][ T6250] capability: warning: `syz.2.73' uses deprecated v2 capabilities in a way that may be insecure
[  127.629172][ T6250] tmpfs: Unknown parameter 'qu�
'
[  127.654868][ T6245] warning: `syz.3.74' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  128.283818][ T5888] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  129.122747][ T6257] netlink: 8 bytes leftover after parsing attributes in process `syz.3.78'.
[  129.131748][ T6257] netlink: 'syz.3.78': attribute type 15 has an invalid length.
[  129.139782][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.78'.
[  129.141223][ T5888] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  129.150821][ T6257] FAULT_INJECTION: forcing a failure.
[  129.150821][ T6257] name failslab, interval 1, probability 0, space 0, times 1
[  129.165940][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  129.172932][ T6257] CPU: 0 UID: 0 PID: 6257 Comm: syz.3.78 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  129.172961][ T6257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  129.172972][ T6257] Call Trace:
[  129.172983][ T6257]  <TASK>
[  129.172992][ T6257]  dump_stack_lvl+0x189/0x250
[  129.173022][ T6257]  ? __pfx____ratelimit+0x10/0x10
[  129.173042][ T6257]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.173062][ T6257]  ? __pfx__printk+0x10/0x10
[  129.173093][ T6257]  ? __pfx___might_resched+0x10/0x10
[  129.173111][ T6257]  ? fs_reclaim_acquire+0x7d/0x100
[  129.173140][ T6257]  should_fail_ex+0x414/0x560
[  129.173168][ T6257]  should_failslab+0xa8/0x100
[  129.173193][ T6257]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  129.173212][ T6257]  ? kobject_set_name_vargs+0x61/0x110
[  129.173239][ T6257]  kstrdup+0x42/0x100
[  129.173263][ T6257]  kobject_set_name_vargs+0x61/0x110
[  129.173286][ T6257]  dev_set_name+0xd4/0x120
[  129.173314][ T6257]  ? __pfx_dev_set_name+0x10/0x10
[  129.173342][ T6257]  ? device_initialize+0x24b/0x440
[  129.173370][ T6257]  netdev_register_kobject+0xb7/0x2f0
[  129.173394][ T6257]  register_netdevice+0x126c/0x1ae0
[  129.173411][ T6257]  ? net_generic+0x1e/0x240
[  129.173448][ T6257]  ? __pfx_register_netdevice+0x10/0x10
[  129.173468][ T6257]  ? vxlan_config_apply+0x267/0x770
[  129.173498][ T6257]  ? __vxlan_dev_create+0xa5/0x580
[  129.173526][ T6257]  __vxlan_dev_create+0xd1/0x580
[  129.173560][ T6257]  vxlan_newlink+0x174/0x1d0
[  129.173582][ T6257]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  129.173603][ T6257]  ? __pfx_vxlan_newlink+0x10/0x10
[  129.173646][ T6257]  ? __pfx_vxlan_newlink+0x10/0x10
[  129.173672][ T6257]  rtnl_newlink_create+0x30d/0xb00
[  129.173703][ T6257]  ? __lock_acquire+0xab9/0xd20
[  129.173732][ T6257]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  129.173755][ T6257]  ? rtnl_newlink+0x8db/0x1c70
[  129.173780][ T6257]  ? __pfx___mutex_lock+0x10/0x10
[  129.173812][ T6257]  ? ns_capable+0x8a/0xf0
[  129.173843][ T6257]  rtnl_newlink+0x16d6/0x1c70
[  129.173868][ T6257]  ? netlink_sendmsg+0x805/0xb30
[  129.173905][ T6257]  ? __pfx_rtnl_newlink+0x10/0x10
[  129.173952][ T6257]  ? kasan_quarantine_put+0xdd/0x220
[  129.173977][ T6257]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.174002][ T6257]  ? nlmon_xmit+0xb0/0x100
[  129.174021][ T6257]  ? kmem_cache_free+0x18f/0x400
[  129.174047][ T6257]  ? __local_bh_enable_ip+0x12d/0x1c0
[  129.174066][ T6257]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.174085][ T6257]  ? __local_bh_enable_ip+0x12d/0x1c0
[  129.174103][ T6257]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  129.174126][ T6257]  ? __dev_queue_xmit+0x27e/0x3a70
[  129.174145][ T6257]  ? __dev_queue_xmit+0x27e/0x3a70
[  129.174160][ T6257]  ? __dev_queue_xmit+0x27e/0x3a70
[  129.174179][ T6257]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  129.174203][ T6257]  ? __lock_acquire+0xab9/0xd20
[  129.174247][ T6257]  ? __pfx_rtnl_newlink+0x10/0x10
[  129.174268][ T6257]  rtnetlink_rcv_msg+0x7cc/0xb70
[  129.174296][ T6257]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  129.174317][ T6257]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  129.174337][ T6257]  ? ref_tracker_free+0x63a/0x7d0
[  129.174355][ T6257]  ? __copy_skb_header+0xa7/0x550
[  129.174374][ T6257]  ? __pfx_ref_tracker_free+0x10/0x10
[  129.174392][ T6257]  ? __skb_clone+0x63/0x7a0
[  129.174418][ T6257]  netlink_rcv_skb+0x205/0x470
[  129.174443][ T6257]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  129.174467][ T6257]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  129.174505][ T6257]  ? netlink_deliver_tap+0x2e/0x1b0
[  129.174528][ T6257]  ? netlink_deliver_tap+0x2e/0x1b0
[  129.174557][ T6257]  netlink_unicast+0x75c/0x8e0
[  129.174591][ T6257]  netlink_sendmsg+0x805/0xb30
[  129.174625][ T6257]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.174658][ T6257]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  129.174676][ T6257]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.174700][ T6257]  __sock_sendmsg+0x21c/0x270
[  129.174725][ T6257]  ____sys_sendmsg+0x52d/0x830
[  129.174757][ T6257]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.174794][ T6257]  ? import_iovec+0x74/0xa0
[  129.174822][ T6257]  ___sys_sendmsg+0x21f/0x2a0
[  129.174858][ T6257]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.174931][ T6257]  ? __might_fault+0xb0/0x130
[  129.174954][ T6257]  __sys_sendmmsg+0x227/0x430
[  129.174987][ T6257]  ? __pfx___sys_sendmmsg+0x10/0x10
[  129.175010][ T6257]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  129.175058][ T6257]  ? ksys_write+0x22a/0x250
[  129.175078][ T6257]  ? __pfx_ksys_write+0x10/0x10
[  129.175093][ T6257]  ? rcu_is_watching+0x15/0xb0
[  129.175120][ T6257]  __x64_sys_sendmmsg+0xa0/0xc0
[  129.175148][ T6257]  do_syscall_64+0xfa/0x3b0
[  129.175166][ T6257]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.175184][ T6257]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.175201][ T6257]  ? clear_bhb_loop+0x60/0xb0
[  129.175223][ T6257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.175241][ T6257] RIP: 0033:0x7f4641b8ebe9
[  129.175259][ T6257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.175273][ T6257] RSP: 002b:00007f4642adc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  129.175293][ T6257] RAX: ffffffffffffffda RBX: 00007f4641db5fa0 RCX: 00007f4641b8ebe9
[  129.175306][ T6257] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  129.175317][ T6257] RBP: 00007f4642adc090 R08: 0000000000000000 R09: 0000000000000000
[  129.175328][ T6257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  129.175338][ T6257] R13: 00007f4641db6038 R14: 00007f4641db5fa0 R15: 00007ffce2795948
[  129.175368][ T6257]  </TASK>
[  129.179680][ T6257] netlink: 8 bytes leftover after parsing attributes in process `syz.3.78'.
[  129.736436][ T6257] netlink: 'syz.3.78': attribute type 15 has an invalid length.
[  129.744151][ T6257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.78'.
[  129.758411][ T6257] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  129.767346][ T6257] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  129.776386][ T6257] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  129.785146][ T6257] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  129.917507][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  129.949640][ T5888] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  129.985171][ T5888] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  130.020959][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.061649][ T5888] usb 1-1: config 0 descriptor??
[  130.071163][ T6244] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  130.177764][ T5854] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  130.339590][ T5854] usb 3-1: device descriptor read/64, error -71
[  130.467257][ T6271] input: syz1 as /devices/virtual/input/input9
[  130.635880][ T5888] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd
[  131.007612][ T5854] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  131.457955][ T5854] usb 3-1: device descriptor read/64, error -71
[  131.511460][ T5888] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  131.585846][ T5854] usb usb3-port1: attempt power cycle
[  131.673113][ T5843] usb 1-1: USB disconnect, device number 3
[  131.927881][ T5854] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  131.995531][ T6281] fido_id[6281]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  132.034689][ T5854] usb 3-1: device descriptor read/8, error -71
[  132.299064][ T5854] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  132.546179][ T5854] usb 3-1: device descriptor read/8, error -71
[  132.725882][ T5854] usb usb3-port1: unable to enumerate USB device
[  132.925156][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.1.90'.
[  132.934370][ T6304] netlink: 'syz.1.90': attribute type 15 has an invalid length.
[  132.942161][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'.
[  132.952078][ T6304] FAULT_INJECTION: forcing a failure.
[  132.952078][ T6304] name failslab, interval 1, probability 0, space 0, times 0
[  132.965273][ T6304] CPU: 1 UID: 0 PID: 6304 Comm: syz.1.90 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  132.965301][ T6304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  132.965312][ T6304] Call Trace:
[  132.965320][ T6304]  <TASK>
[  132.965328][ T6304]  dump_stack_lvl+0x189/0x250
[  132.965358][ T6304]  ? __pfx____ratelimit+0x10/0x10
[  132.965381][ T6304]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.965404][ T6304]  ? __pfx__printk+0x10/0x10
[  132.965438][ T6304]  ? __pfx___might_resched+0x10/0x10
[  132.965459][ T6304]  ? fs_reclaim_acquire+0x7d/0x100
[  132.965489][ T6304]  should_fail_ex+0x414/0x560
[  132.965517][ T6304]  should_failslab+0xa8/0x100
[  132.965539][ T6304]  kmem_cache_alloc_noprof+0x73/0x3c0
[  132.965558][ T6304]  ? __kernfs_new_node+0xd7/0x7e0
[  132.965588][ T6304]  __kernfs_new_node+0xd7/0x7e0
[  132.965611][ T6304]  ? __lock_acquire+0xab9/0xd20
[  132.965640][ T6304]  ? __pfx___kernfs_new_node+0x10/0x10
[  132.965667][ T6304]  ? kernfs_root+0x1c/0x230
[  132.965698][ T6304]  ? kernfs_root+0x1c/0x230
[  132.965721][ T6304]  ? kernfs_root+0x1c/0x230
[  132.965741][ T6304]  ? kernfs_root+0x1c/0x230
[  132.965770][ T6304]  kernfs_new_node+0x102/0x210
[  132.965812][ T6304]  __kernfs_create_file+0x4b/0x2e0
[  132.965847][ T6304]  sysfs_add_file_mode_ns+0x238/0x300
[  132.965879][ T6304]  sysfs_create_file_ns+0x128/0x1a0
[  132.965899][ T6304]  ? __pfx___up_read+0x10/0x10
[  132.965925][ T6304]  ? __pfx_sysfs_create_file_ns+0x10/0x10
[  132.965942][ T6304]  ? acpi_device_notify+0x171/0x380
[  132.965971][ T6304]  ? __dev_fwnode+0x50/0x80
[  132.965999][ T6304]  ? device_create_file+0xf4/0x1c0
[  132.966030][ T6304]  device_add+0x440/0xb50
[  132.966058][ T6304]  ? device_initialize+0x24b/0x440
[  132.966090][ T6304]  netdev_register_kobject+0x156/0x2f0
[  132.966118][ T6304]  register_netdevice+0x126c/0x1ae0
[  132.966139][ T6304]  ? net_generic+0x1e/0x240
[  132.966182][ T6304]  ? __pfx_register_netdevice+0x10/0x10
[  132.966204][ T6304]  ? vxlan_config_apply+0x267/0x770
[  132.966240][ T6304]  ? __vxlan_dev_create+0xa5/0x580
[  132.966273][ T6304]  __vxlan_dev_create+0xd1/0x580
[  132.966312][ T6304]  vxlan_newlink+0x174/0x1d0
[  132.966338][ T6304]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  132.966362][ T6304]  ? __pfx_vxlan_newlink+0x10/0x10
[  132.966414][ T6304]  ? __pfx_vxlan_newlink+0x10/0x10
[  132.966445][ T6304]  rtnl_newlink_create+0x30d/0xb00
[  132.966481][ T6304]  ? __lock_acquire+0xab9/0xd20
[  132.966507][ T6304]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  132.966532][ T6304]  ? rtnl_newlink+0x8db/0x1c70
[  132.966561][ T6304]  ? __pfx___mutex_lock+0x10/0x10
[  132.966597][ T6304]  ? ns_capable+0x8a/0xf0
[  132.966625][ T6304]  rtnl_newlink+0x16d6/0x1c70
[  132.966654][ T6304]  ? netlink_sendmsg+0x805/0xb30
[  132.966697][ T6304]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.966751][ T6304]  ? kasan_quarantine_put+0xdd/0x220
[  132.966790][ T6304]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.966818][ T6304]  ? nlmon_xmit+0xb0/0x100
[  132.966841][ T6304]  ? kmem_cache_free+0x18f/0x400
[  132.966871][ T6304]  ? __local_bh_enable_ip+0x12d/0x1c0
[  132.966893][ T6304]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.966916][ T6304]  ? __local_bh_enable_ip+0x12d/0x1c0
[  132.966936][ T6304]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  132.966963][ T6304]  ? __dev_queue_xmit+0x27e/0x3a70
[  132.966984][ T6304]  ? __dev_queue_xmit+0x27e/0x3a70
[  132.967003][ T6304]  ? __dev_queue_xmit+0x27e/0x3a70
[  132.967025][ T6304]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  132.967053][ T6304]  ? __lock_acquire+0xab9/0xd20
[  132.967103][ T6304]  ? __pfx_rtnl_newlink+0x10/0x10
[  132.967130][ T6304]  rtnetlink_rcv_msg+0x7cc/0xb70
[  132.967162][ T6304]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  132.967187][ T6304]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  132.967210][ T6304]  ? ref_tracker_free+0x63a/0x7d0
[  132.967229][ T6304]  ? __copy_skb_header+0xa7/0x550
[  132.967252][ T6304]  ? __pfx_ref_tracker_free+0x10/0x10
[  132.967274][ T6304]  ? __skb_clone+0x63/0x7a0
[  132.967303][ T6304]  netlink_rcv_skb+0x205/0x470
[  132.967333][ T6304]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  132.967362][ T6304]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  132.967407][ T6304]  ? netlink_deliver_tap+0x2e/0x1b0
[  132.967440][ T6304]  ? netlink_deliver_tap+0x2e/0x1b0
[  132.967471][ T6304]  netlink_unicast+0x75c/0x8e0
[  132.967507][ T6304]  netlink_sendmsg+0x805/0xb30
[  132.967544][ T6304]  ? __pfx_netlink_sendmsg+0x10/0x10
[  132.967583][ T6304]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  132.967603][ T6304]  ? __pfx_netlink_sendmsg+0x10/0x10
[  132.967633][ T6304]  __sock_sendmsg+0x21c/0x270
[  132.967660][ T6304]  ____sys_sendmsg+0x52d/0x830
[  132.967697][ T6304]  ? __pfx_____sys_sendmsg+0x10/0x10
[  132.967739][ T6304]  ? import_iovec+0x74/0xa0
[  132.967782][ T6304]  ___sys_sendmsg+0x21f/0x2a0
[  132.967817][ T6304]  ? __pfx____sys_sendmsg+0x10/0x10
[  132.967903][ T6304]  ? __might_fault+0xb0/0x130
[  132.967930][ T6304]  __sys_sendmmsg+0x227/0x430
[  132.967969][ T6304]  ? __pfx___sys_sendmmsg+0x10/0x10
[  132.967996][ T6304]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  132.968051][ T6304]  ? ksys_write+0x22a/0x250
[  132.968074][ T6304]  ? __pfx_ksys_write+0x10/0x10
[  132.968089][ T6304]  ? rcu_is_watching+0x15/0xb0
[  132.968120][ T6304]  __x64_sys_sendmmsg+0xa0/0xc0
[  132.968154][ T6304]  do_syscall_64+0xfa/0x3b0
[  132.968176][ T6304]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.968196][ T6304]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.968216][ T6304]  ? clear_bhb_loop+0x60/0xb0
[  132.968242][ T6304]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.968262][ T6304] RIP: 0033:0x7febbf18ebe9
[  132.968281][ T6304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.968299][ T6304] RSP: 002b:00007febc004d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  132.968321][ T6304] RAX: ffffffffffffffda RBX: 00007febbf3b5fa0 RCX: 00007febbf18ebe9
[  132.968335][ T6304] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  132.968349][ T6304] RBP: 00007febc004d090 R08: 0000000000000000 R09: 0000000000000000
[  132.968361][ T6304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  132.968373][ T6304] R13: 00007febbf3b6038 R14: 00007febbf3b5fa0 R15: 00007fff79f36c28
[  132.968408][ T6304]  </TASK>
[  133.563729][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.582253][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.1.90'.
[  133.591177][ T6304] netlink: 'syz.1.90': attribute type 15 has an invalid length.
[  133.598978][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'.
[  133.616109][ T6304] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  133.624927][ T6304] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  133.634392][ T6304] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  133.643211][ T6304] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  133.972305][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  133.979195][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  134.076417][ T6308] process 'syz.2.91' launched '/dev/fd/5' with NULL argv: empty string added
[  134.171738][ T6309] input: syz1 as /devices/virtual/input/input11
[  136.388800][ T6335] netlink: 8 bytes leftover after parsing attributes in process `syz.0.98'.
[  136.851869][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'.
[  136.862567][ T6345] netlink: 'syz.0.102': attribute type 15 has an invalid length.
[  136.870520][ T6345] netlink: 4 bytes leftover after parsing attributes in process `syz.0.102'.
[  136.892401][ T6345] FAULT_INJECTION: forcing a failure.
[  136.892401][ T6345] name failslab, interval 1, probability 0, space 0, times 0
[  136.905191][ T6345] CPU: 0 UID: 0 PID: 6345 Comm: syz.0.102 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  136.905209][ T6345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  136.905216][ T6345] Call Trace:
[  136.905221][ T6345]  <TASK>
[  136.905226][ T6345]  dump_stack_lvl+0x189/0x250
[  136.905246][ T6345]  ? __pfx____ratelimit+0x10/0x10
[  136.905260][ T6345]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.905273][ T6345]  ? __pfx__printk+0x10/0x10
[  136.905292][ T6345]  ? __pfx___might_resched+0x10/0x10
[  136.905305][ T6345]  ? fs_reclaim_acquire+0x7d/0x100
[  136.905323][ T6345]  should_fail_ex+0x414/0x560
[  136.905339][ T6345]  should_failslab+0xa8/0x100
[  136.905353][ T6345]  kmem_cache_alloc_noprof+0x73/0x3c0
[  136.905364][ T6345]  ? __kernfs_new_node+0xd7/0x7e0
[  136.905382][ T6345]  __kernfs_new_node+0xd7/0x7e0
[  136.905405][ T6345]  ? __pfx___kernfs_new_node+0x10/0x10
[  136.905419][ T6345]  ? kernfs_root+0x1c/0x230
[  136.905437][ T6345]  ? kernfs_root+0x1c/0x230
[  136.905450][ T6345]  ? kernfs_root+0x1c/0x230
[  136.905466][ T6345]  kernfs_new_node+0x102/0x210
[  136.905484][ T6345]  kernfs_create_link+0xa7/0x200
[  136.905498][ T6345]  sysfs_do_create_link_sd+0x83/0x110
[  136.905513][ T6345]  device_add_class_symlinks+0x1cf/0x240
[  136.905533][ T6345]  device_add+0x475/0xb50
[  136.905549][ T6345]  ? device_initialize+0x24b/0x440
[  136.905567][ T6345]  netdev_register_kobject+0x156/0x2f0
[  136.905583][ T6345]  register_netdevice+0x126c/0x1ae0
[  136.905595][ T6345]  ? net_generic+0x1e/0x240
[  136.905619][ T6345]  ? __pfx_register_netdevice+0x10/0x10
[  136.905632][ T6345]  ? vxlan_config_apply+0x267/0x770
[  136.905661][ T6345]  ? __vxlan_dev_create+0xa5/0x580
[  136.905680][ T6345]  __vxlan_dev_create+0xd1/0x580
[  136.905701][ T6345]  vxlan_newlink+0x174/0x1d0
[  136.905716][ T6345]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  136.905730][ T6345]  ? __pfx_vxlan_newlink+0x10/0x10
[  136.905758][ T6345]  ? __pfx_vxlan_newlink+0x10/0x10
[  136.905775][ T6345]  rtnl_newlink_create+0x30d/0xb00
[  136.905796][ T6345]  ? __mutex_lock+0x51b/0xe80
[  136.905813][ T6345]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  136.905831][ T6345]  ? rtnl_newlink+0x8db/0x1c70
[  136.905848][ T6345]  ? __pfx___mutex_lock+0x10/0x10
[  136.905882][ T6345]  ? ns_capable+0x8a/0xf0
[  136.905907][ T6345]  rtnl_newlink+0x16d6/0x1c70
[  136.905933][ T6345]  ? netlink_sendmsg+0x805/0xb30
[  136.905973][ T6345]  ? __pfx_rtnl_newlink+0x10/0x10
[  136.906007][ T6345]  ? kasan_quarantine_put+0xdd/0x220
[  136.906025][ T6345]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.906041][ T6345]  ? nlmon_xmit+0xb0/0x100
[  136.906054][ T6345]  ? kmem_cache_free+0x18f/0x400
[  136.906071][ T6345]  ? __local_bh_enable_ip+0x12d/0x1c0
[  136.906083][ T6345]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.906096][ T6345]  ? __local_bh_enable_ip+0x12d/0x1c0
[  136.906108][ T6345]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  136.906123][ T6345]  ? __dev_queue_xmit+0x27e/0x3a70
[  136.906135][ T6345]  ? __dev_queue_xmit+0x27e/0x3a70
[  136.906145][ T6345]  ? __dev_queue_xmit+0x27e/0x3a70
[  136.906158][ T6345]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  136.906177][ T6345]  ? __lock_acquire+0xab9/0xd20
[  136.906204][ T6345]  ? __pfx_rtnl_newlink+0x10/0x10
[  136.906219][ T6345]  rtnetlink_rcv_msg+0x7cc/0xb70
[  136.906237][ T6345]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  136.906251][ T6345]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  136.906264][ T6345]  ? ref_tracker_free+0x63a/0x7d0
[  136.906277][ T6345]  ? __copy_skb_header+0xa7/0x550
[  136.906290][ T6345]  ? __pfx_ref_tracker_free+0x10/0x10
[  136.906302][ T6345]  ? __skb_clone+0x63/0x7a0
[  136.906319][ T6345]  netlink_rcv_skb+0x205/0x470
[  136.906336][ T6345]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  136.906352][ T6345]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  136.906377][ T6345]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.906395][ T6345]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.906414][ T6345]  netlink_unicast+0x75c/0x8e0
[  136.906436][ T6345]  netlink_sendmsg+0x805/0xb30
[  136.906458][ T6345]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.906480][ T6345]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  136.906492][ T6345]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.906508][ T6345]  __sock_sendmsg+0x21c/0x270
[  136.906524][ T6345]  ____sys_sendmsg+0x52d/0x830
[  136.906546][ T6345]  ? __pfx_____sys_sendmsg+0x10/0x10
[  136.906570][ T6345]  ? import_iovec+0x74/0xa0
[  136.906589][ T6345]  ___sys_sendmsg+0x21f/0x2a0
[  136.906608][ T6345]  ? __pfx____sys_sendmsg+0x10/0x10
[  136.906662][ T6345]  ? __might_fault+0xb0/0x130
[  136.906677][ T6345]  __sys_sendmmsg+0x227/0x430
[  136.906698][ T6345]  ? __pfx___sys_sendmmsg+0x10/0x10
[  136.906714][ T6345]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  136.906745][ T6345]  ? ksys_write+0x22a/0x250
[  136.906758][ T6345]  ? __pfx_ksys_write+0x10/0x10
[  136.906767][ T6345]  ? rcu_is_watching+0x15/0xb0
[  136.906785][ T6345]  __x64_sys_sendmmsg+0xa0/0xc0
[  136.906805][ T6345]  do_syscall_64+0xfa/0x3b0
[  136.906817][ T6345]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.906829][ T6345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.906840][ T6345]  ? clear_bhb_loop+0x60/0xb0
[  136.906855][ T6345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.906866][ T6345] RIP: 0033:0x7f84c618ebe9
[  136.906878][ T6345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.906888][ T6345] RSP: 002b:00007f84c6f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  136.906902][ T6345] RAX: ffffffffffffffda RBX: 00007f84c63b5fa0 RCX: 00007f84c618ebe9
[  136.906910][ T6345] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  136.906918][ T6345] RBP: 00007f84c6f33090 R08: 0000000000000000 R09: 0000000000000000
[  136.906926][ T6345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  136.906932][ T6345] R13: 00007f84c63b6038 R14: 00007f84c63b5fa0 R15: 00007fff41325058
[  136.906951][ T6345]  </TASK>
[  137.476916][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'.
[  137.485752][ T6345] netlink: 'syz.0.102': attribute type 15 has an invalid length.
[  137.493505][ T6345] netlink: 4 bytes leftover after parsing attributes in process `syz.0.102'.
[  137.506834][ T6345] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  137.515622][ T6345] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  137.524323][ T6345] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  137.533041][ T6345] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  139.302826][ T5854] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  140.081675][ T5854] usb 1-1: Using ep0 maxpacket: 8
[  140.265573][ T5854] usb 1-1: unable to get BOS descriptor or descriptor too short
[  140.375578][ T6371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'.
[  140.429415][ T5854] usb 1-1: config 248 has an invalid interface number: 3 but max is 2
[  140.517226][ T5854] usb 1-1: config 248 has an invalid interface number: 190 but max is 2
[  140.629786][ T5854] usb 1-1: config 248 has an invalid interface number: 111 but max is 2
[  140.743206][ T5854] usb 1-1: config 248 has no interface number 0
[  140.811932][ T5854] usb 1-1: config 248 has no interface number 1
[  140.819835][ T6374] tipc: Started in network mode
[  140.824764][ T6374] tipc: Node identity c2b9feb02358, cluster identity 4711
[  140.841459][ T5854] usb 1-1: config 248 has no interface number 2
[  140.891115][ T5854] usb 1-1: config 248 interface 3 has no altsetting 0
[  140.908529][ T6374] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.923548][ T6372] syzkaller0: entered promiscuous mode
[  140.974892][ T5854] usb 1-1: config 248 interface 190 has no altsetting 0
[  140.999061][ T6372] syzkaller0: entered allmulticast mode
[  141.027615][ T5854] usb 1-1: config 248 interface 111 has no altsetting 0
[  141.031223][ T6369] tipc: Resetting bearer <eth:syzkaller0>
[  141.040177][ T5854] usb 1-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=91.28
[  141.058329][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.066419][ T5854] usb 1-1: Product: syz
[  141.097165][ T5854] usb 1-1: Manufacturer: ఄ
[  141.121572][ T5854] usb 1-1: SerialNumber: syz
[  141.139958][ T6369] tipc: Disabling bearer <eth:syzkaller0>
[  141.163519][   T30] audit: type=1326 audit(1754965515.981:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  141.197713][   T30] audit: type=1326 audit(1754965516.001:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  141.297729][ T6384] overlayfs: missing 'lowerdir'
[  141.581650][   T30] audit: type=1326 audit(1754965516.011:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  141.847718][ T5854] usb 1-1: USB disconnect, device number 4
[  142.272125][   T30] audit: type=1326 audit(1754965516.011:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.296919][   T30] audit: type=1326 audit(1754965516.011:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.319150][   T30] audit: type=1326 audit(1754965516.011:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.341091][   T30] audit: type=1326 audit(1754965516.011:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.362811][   T30] audit: type=1326 audit(1754965516.011:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.388578][   T30] audit: type=1326 audit(1754965516.011:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.520505][   T30] audit: type=1326 audit(1754965516.011:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6380 comm="syz.2.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07abb8ebe9 code=0x7ffc0000
[  142.599551][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.117'.
[  142.608598][ T6391] netlink: 'syz.0.117': attribute type 15 has an invalid length.
[  142.616380][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.117'.
[  142.625968][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.117'.
[  142.634850][ T6391] netlink: 'syz.0.117': attribute type 15 has an invalid length.
[  142.637852][ T6378] syz.1.114 (6378) used greatest stack depth: 19160 bytes left
[  142.642640][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.117'.
[  142.659509][ T6391] FAULT_INJECTION: forcing a failure.
[  142.659509][ T6391] name failslab, interval 1, probability 0, space 0, times 0
[  142.672391][ T6391] CPU: 0 UID: 0 PID: 6391 Comm: syz.0.117 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  142.672417][ T6391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  142.672428][ T6391] Call Trace:
[  142.672436][ T6391]  <TASK>
[  142.672445][ T6391]  dump_stack_lvl+0x189/0x250
[  142.672473][ T6391]  ? __pfx____ratelimit+0x10/0x10
[  142.672497][ T6391]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.672519][ T6391]  ? __pfx__printk+0x10/0x10
[  142.672547][ T6391]  ? __pfx___might_resched+0x10/0x10
[  142.672570][ T6391]  ? fs_reclaim_acquire+0x7d/0x100
[  142.672599][ T6391]  should_fail_ex+0x414/0x560
[  142.672626][ T6391]  should_failslab+0xa8/0x100
[  142.672649][ T6391]  __kmalloc_cache_noprof+0x70/0x3d0
[  142.672669][ T6391]  ? alloc_netdev_mqs+0xbd5/0x11e0
[  142.672688][ T6391]  ? __xdp_rxq_info_reg+0x189/0x2a0
[  142.672721][ T6391]  alloc_netdev_mqs+0xbd5/0x11e0
[  142.672752][ T6391]  rtnl_create_link+0x31f/0xd10
[  142.672783][ T6391]  rtnl_newlink_create+0x25c/0xb00
[  142.672818][ T6391]  ? __lock_acquire+0xab9/0xd20
[  142.672845][ T6391]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  142.672872][ T6391]  ? rtnl_newlink+0x8db/0x1c70
[  142.672901][ T6391]  ? __pfx___mutex_lock+0x10/0x10
[  142.672935][ T6391]  ? ns_capable+0x8a/0xf0
[  142.672960][ T6391]  rtnl_newlink+0x16d6/0x1c70
[  142.672987][ T6391]  ? netlink_sendmsg+0x805/0xb30
[  142.673029][ T6391]  ? __pfx_rtnl_newlink+0x10/0x10
[  142.673082][ T6391]  ? kasan_quarantine_put+0xdd/0x220
[  142.673111][ T6391]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.673139][ T6391]  ? nlmon_xmit+0xb0/0x100
[  142.673160][ T6391]  ? kmem_cache_free+0x18f/0x400
[  142.673188][ T6391]  ? __local_bh_enable_ip+0x12d/0x1c0
[  142.673206][ T6391]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.673227][ T6391]  ? __local_bh_enable_ip+0x12d/0x1c0
[  142.673247][ T6391]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  142.673272][ T6391]  ? __dev_queue_xmit+0x27e/0x3a70
[  142.673294][ T6391]  ? __dev_queue_xmit+0x27e/0x3a70
[  142.673319][ T6391]  ? __dev_queue_xmit+0x27e/0x3a70
[  142.673341][ T6391]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  142.673368][ T6391]  ? __lock_acquire+0xab9/0xd20
[  142.673417][ T6391]  ? __pfx_rtnl_newlink+0x10/0x10
[  142.673441][ T6391]  rtnetlink_rcv_msg+0x7cc/0xb70
[  142.673472][ T6391]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  142.673496][ T6391]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  142.673519][ T6391]  ? ref_tracker_free+0x63a/0x7d0
[  142.673537][ T6391]  ? __copy_skb_header+0xa7/0x550
[  142.673559][ T6391]  ? __pfx_ref_tracker_free+0x10/0x10
[  142.673579][ T6391]  ? __skb_clone+0x63/0x7a0
[  142.673608][ T6391]  netlink_rcv_skb+0x205/0x470
[  142.673635][ T6391]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  142.673662][ T6391]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  142.673700][ T6391]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.673726][ T6391]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.673759][ T6391]  netlink_unicast+0x75c/0x8e0
[  142.673798][ T6391]  netlink_sendmsg+0x805/0xb30
[  142.673838][ T6391]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.673876][ T6391]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  142.673895][ T6391]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.673924][ T6391]  __sock_sendmsg+0x21c/0x270
[  142.673951][ T6391]  ____sys_sendmsg+0x52d/0x830
[  142.673987][ T6391]  ? __pfx_____sys_sendmsg+0x10/0x10
[  142.674029][ T6391]  ? import_iovec+0x74/0xa0
[  142.674063][ T6391]  ___sys_sendmsg+0x21f/0x2a0
[  142.674097][ T6391]  ? __pfx____sys_sendmsg+0x10/0x10
[  142.674182][ T6391]  ? __might_fault+0xb0/0x130
[  142.674207][ T6391]  __sys_sendmmsg+0x227/0x430
[  142.674243][ T6391]  ? __pfx___sys_sendmmsg+0x10/0x10
[  142.674270][ T6391]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  142.674333][ T6391]  ? ksys_write+0x22a/0x250
[  142.674356][ T6391]  ? __pfx_ksys_write+0x10/0x10
[  142.674372][ T6391]  ? rcu_is_watching+0x15/0xb0
[  142.674402][ T6391]  __x64_sys_sendmmsg+0xa0/0xc0
[  142.674435][ T6391]  do_syscall_64+0xfa/0x3b0
[  142.674455][ T6391]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.674475][ T6391]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.674495][ T6391]  ? clear_bhb_loop+0x60/0xb0
[  142.674519][ T6391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.674538][ T6391] RIP: 0033:0x7f84c618ebe9
[  142.674557][ T6391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.674573][ T6391] RSP: 002b:00007f84c6f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  142.674594][ T6391] RAX: ffffffffffffffda RBX: 00007f84c63b5fa0 RCX: 00007f84c618ebe9
[  142.674608][ T6391] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  142.674621][ T6391] RBP: 00007f84c6f33090 R08: 0000000000000000 R09: 0000000000000000
[  142.674633][ T6391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  142.674644][ T6391] R13: 00007f84c63b6038 R14: 00007f84c63b5fa0 R15: 00007fff41325058
[  142.674678][ T6391]  </TASK>
[  143.848015][ T5854] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  144.057528][ T5854] usb 3-1: Using ep0 maxpacket: 8
[  144.315300][ T5854] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.329399][ T5854] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.357665][ T5854] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[  144.366881][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.372906][ T5854] usb 3-1: config 0 descriptor??
[  145.786302][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: unknown main item tag 0x0
[  146.078727][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: unknown main item tag 0x0
[  146.106213][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: unknown main item tag 0x0
[  146.188862][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: unknown main item tag 0x0
[  146.224623][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: unknown main item tag 0x0
[  146.465183][ T6429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.124'.
[  146.501743][ T5854] aquacomputer_d5next 0003:0C70:F00A.0002: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.2-1/input0
[  147.307635][ T5854] usb 3-1: USB disconnect, device number 6
[  147.719596][ T6438] tipc: Started in network mode
[  147.794708][ T6446] input: syz1 as /devices/virtual/input/input12
[  147.808708][ T6438] tipc: Node identity 6a8aed4a9daf, cluster identity 4711
[  147.940278][ T6438] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.094378][ T6447] syzkaller0: entered promiscuous mode
[  148.211445][ T6441] fido_id[6441]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  148.238110][ T6447] syzkaller0: entered allmulticast mode
[  148.376440][ T6438] tipc: Resetting bearer <eth:syzkaller0>
[  148.638803][ T6437] tipc: Resetting bearer <eth:syzkaller0>
[  149.851355][ T5926] tipc: Node number set to 4146457930
[  149.875105][ T6437] tipc: Disabling bearer <eth:syzkaller0>
[  150.726932][ T6487] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'.
[  152.287635][   T43] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  153.297603][   T43] usb 3-1: Using ep0 maxpacket: 16
[  153.326022][   T43] usb 3-1: config 0 has an invalid interface number: 148 but max is 0
[  153.377161][   T43] usb 3-1: config 0 has no interface number 0
[  153.386192][ T6513] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  153.405937][   T43] usb 3-1: config 0 interface 148 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 32
[  153.417152][ T6513] syzkaller0: entered promiscuous mode
[  153.445280][ T6513] syzkaller0: entered allmulticast mode
[  153.447604][   T43] usb 3-1: New USB device found, idVendor=0499, idProduct=8206, bcdDevice=f4.55
[  153.485366][ T6513] tipc: Resetting bearer <eth:syzkaller0>
[  153.493722][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.515474][   T43] usb 3-1: config 0 descriptor??
[  153.526510][ T6512] tipc: Resetting bearer <eth:syzkaller0>
[  153.555346][ T6503] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  153.711932][ T6519] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  153.972566][ T6512] tipc: Disabling bearer <eth:syzkaller0>
[  154.641560][ T1210] tipc: Node number set to 3789684400
[  155.741274][   T43] usb 3-1: USB disconnect, device number 7
[  156.614250][ T6547] netlink: 'syz.3.155': attribute type 10 has an invalid length.
[  156.859047][ T6547] team0: Port device wlan1 added
[  157.790836][ T6544] mmap: syz.4.153 (6544) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  158.090652][ T6562] netlink: 'syz.3.156': attribute type 10 has an invalid length.
[  158.497015][ T6562] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  159.342496][ T5995] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  159.912070][ T6581] input: syz1 as /devices/virtual/input/input13
[  159.945387][ T5995] usb 5-1: config 0 has an invalid interface number: 91 but max is 0
[  159.954199][ T5995] usb 5-1: config 0 has no interface number 0
[  162.180156][ T6587] =======================================================
[  162.180156][ T6587] WARNING: The mand mount option has been deprecated and
[  162.180156][ T6587]          and is ignored by this kernel. Remove the mand
[  162.180156][ T6587]          option from the mount to silence this warning.
[  162.180156][ T6587] =======================================================
[  162.215100][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.291505][ T5995] usb 5-1: string descriptor 0 read error: -71
[  162.793251][ T5995] usb 5-1: New USB device found, idVendor=05ac, idProduct=a9d2, bcdDevice=95.16
[  162.802545][ T5995] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.832465][ T5995] usb 5-1: config 0 descriptor??
[  162.909374][ T5995] usb 5-1: can't set config #0, error -71
[  162.950084][ T5995] usb 5-1: USB disconnect, device number 2
[  164.388775][ T6613] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  164.435533][ T6613] syzkaller0: entered promiscuous mode
[  164.441240][ T6613] syzkaller0: entered allmulticast mode
[  164.455314][ T6613] tipc: Resetting bearer <eth:syzkaller0>
[  164.469092][ T5926] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  164.472428][ T6612] tipc: Resetting bearer <eth:syzkaller0>
[  164.624554][ T6612] tipc: Disabling bearer <eth:syzkaller0>
[  164.697547][ T5926] usb 5-1: Using ep0 maxpacket: 16
[  164.720692][ T5926] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  164.745607][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.764052][ T5926] usb 5-1: Product: syz
[  164.777539][ T5926] usb 5-1: Manufacturer: syz
[  164.782217][ T5926] usb 5-1: SerialNumber: syz
[  164.814880][ T5926] usb 5-1: config 0 descriptor??
[  164.846309][ T5926] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  165.671526][ T5926] usb 5-1: Sony Clie 3.5 converter now attached to ttyUSB0
[  165.757865][ T6628] tipc: Started in network mode
[  165.762825][ T6628] tipc: Node identity 3acd7108280c, cluster identity 4711
[  165.826581][ T6628] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  165.858923][ T6628] syzkaller0: entered promiscuous mode
[  165.872238][ T5926] usb 5-1: USB disconnect, device number 3
[  165.895098][ T6628] syzkaller0: entered allmulticast mode
[  165.906443][ T5926] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0
[  165.927752][ T6628] trusted_key: syz.3.175 sent an empty control message without MSG_MORE.
[  165.933165][ T5926] visor 5-1:0.0: device disconnected
[  166.014001][ T6630] lo speed is unknown, defaulting to 1000
[  166.024652][ T6628] tipc: Resetting bearer <eth:syzkaller0>
[  166.055884][ T6626] tipc: Resetting bearer <eth:syzkaller0>
[  166.090417][ T6626] tipc: Disabling bearer <eth:syzkaller0>
[  168.169798][ T6659] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.206756][ T6659] syzkaller0: entered promiscuous mode
[  168.222374][ T6659] syzkaller0: entered allmulticast mode
[  168.284764][ T6659] tipc: Resetting bearer <eth:syzkaller0>
[  168.684437][ T6657] tipc: Resetting bearer <eth:syzkaller0>
[  168.738444][ T6657] tipc: Disabling bearer <eth:syzkaller0>
[  168.825460][ T6667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.185'.
[  168.856393][ T6667] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  168.880227][ T6667] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  169.357523][ T5843] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  169.389577][ T6677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.189'.
[  169.539878][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.562598][ T5843] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.577845][ T5843] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  169.596401][ T5843] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  169.606873][ T5843] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.670331][ T5843] usb 1-1: config 0 descriptor??
[  170.352973][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  170.589611][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  170.597084][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  171.632979][ T6693] bridge0: port 3(syz_tun) entered blocking state
[  171.640547][ T6693] bridge0: port 3(syz_tun) entered disabled state
[  171.648202][ T6693] syz_tun: entered allmulticast mode
[  171.659616][ T6693] syz_tun: entered promiscuous mode
[  171.666277][ T6693] bridge0: port 3(syz_tun) entered blocking state
[  171.673153][ T6693] bridge0: port 3(syz_tun) entered forwarding state
[  171.709546][ T6693] xt_CT: You must specify a L4 protocol and not use inversions on it
[  172.437775][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  172.445353][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  172.475573][ T5843] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  173.183458][ T5843] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  173.610435][ T6695] syzkaller0: entered promiscuous mode
[  173.617868][ T6695] syzkaller0: entered allmulticast mode
[  173.756653][ T5843] usb 1-1: USB disconnect, device number 5
[  173.958426][ T6704] loop6: detected capacity change from 0 to 7
[  174.020911][ T6704] Dev loop6: unable to read RDB block 7
[  174.026876][ T6704]  loop6: unable to read partition table
[  174.032807][ T6704] loop6: partition table beyond EOD, truncated
[  174.039018][ T6704] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  174.400282][ T6715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.198'.
[  175.075805][ T6722] netlink: 4 bytes leftover after parsing attributes in process `syz.2.198'.
[  175.390616][ T6699] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  175.433569][ T6699] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  175.446478][ T6699] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  175.516563][ T6699] syz.1.195 (6699) used greatest stack depth: 18136 bytes left
[  175.596293][ T6728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.201'.
[  175.712233][ T6728] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.160908][ T6728] bridge_slave_1 (unregistering): left allmulticast mode
[  177.168287][ T6728] bridge_slave_1 (unregistering): left promiscuous mode
[  177.175477][ T6728] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.768371][ T5854] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  177.992850][ T5854] usb 2-1: config 0 has no interfaces?
[  178.001492][ T5854] usb 2-1: New USB device found, idVendor=06cd, idProduct=0135, bcdDevice=a8.a4
[  178.022068][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.377145][ T5854] usb 2-1: config 0 descriptor??
[  179.317615][ T5888] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  179.390176][ T5995] usb 2-1: USB disconnect, device number 3
[  179.497770][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  179.517730][ T5888] usb 4-1: too many configurations: 17, using maximum allowed: 8
[  179.539089][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  179.560523][ T5888] usb 4-1: config 0 has no interface number 0
[  179.575673][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  179.608317][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  179.750038][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  179.831964][ T5888] usb 4-1: config 0 has no interface number 0
[  179.929041][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.069494][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.214438][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.285882][ T5888] usb 4-1: config 0 has no interface number 0
[  180.356203][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.417600][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.496379][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.524062][ T5888] usb 4-1: config 0 has no interface number 0
[  180.536946][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.575087][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.605981][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.615130][ T5888] usb 4-1: config 0 has no interface number 0
[  180.623985][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.652793][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.695089][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.703396][ T5888] usb 4-1: config 0 has no interface number 0
[  180.709752][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.731234][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.781947][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.793036][ T5888] usb 4-1: config 0 has no interface number 0
[  180.817606][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.847560][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  180.870011][ T5888] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  180.878455][ T5888] usb 4-1: config 0 has no interface number 0
[  180.884906][ T5888] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  180.915846][ T5888] usb 4-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  181.162624][ T5888] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  181.172790][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.190336][ T5888] usb 4-1: Product: syz
[  181.195664][ T5888] usb 4-1: Manufacturer: syz
[  181.217646][ T5888] usb 4-1: SerialNumber: syz
[  181.880951][ T5888] usb 4-1: config 0 descriptor??
[  181.896366][ T5888] etas_es58x 4-1:0.2: Starting syz syz (Serial Number syz)
[  182.059210][ T6767] loop6: detected capacity change from 0 to 7
[  182.069991][ T6767] Dev loop6: unable to read RDB block 7
[  182.099498][ T6767]  loop6: unable to read partition table
[  182.112634][ T5888] etas_es58x 4-1:0.2: could not retrieve the product info string
[  182.155499][ T6767] loop6: partition table beyond EOD, truncated
[  182.177906][ T6767] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  182.227790][ T5888] usb 4-1: USB disconnect, device number 6
[  182.259709][ T5888] etas_es58x 4-1:0.2: Disconnecting syz syz
[  182.510882][ T6793] netlink: 12 bytes leftover after parsing attributes in process `syz.2.221'.
[  182.535045][ T6790] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  182.570672][ T5843] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  182.698342][ T6792] syzkaller0: entered promiscuous mode
[  182.918116][ T6792] syzkaller0: entered allmulticast mode
[  183.168288][ T6792] tipc: Resetting bearer <eth:syzkaller0>
[  183.228580][ T5843] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  183.307909][ T5926] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  183.338883][ T1141] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  183.360991][ T6789] tipc: Resetting bearer <eth:syzkaller0>
[  183.387748][ T5843] usb 3-1: device descriptor read/64, error -71
[  183.403271][ T6789] tipc: Disabling bearer <eth:syzkaller0>
[  183.428732][ T6802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.223'.
[  183.596906][ T6806] IPVS: set_ctl: invalid protocol: 108 255.255.255.255:20000
[  183.637595][ T5843] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  184.045907][ T5843] usb 3-1: device descriptor read/64, error -71
[  184.170109][ T5843] usb usb3-port1: attempt power cycle
[  184.349359][ T1141] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  184.457179][ T1141] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  184.572713][   T43] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  184.687532][ T5843] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  184.728457][ T5843] usb 3-1: device descriptor read/8, error -71
[  184.997986][   T43] usb 5-1: Using ep0 maxpacket: 8
[  185.020271][   T43] usb 5-1: unable to get BOS descriptor or descriptor too short
[  185.483113][ T6821] netlink: set zone limit has 4 unknown bytes
[  185.544374][   T43] usb 5-1: config 7 has an invalid interface number: 67 but max is 0
[  185.555120][   T43] usb 5-1: config 7 has no interface number 0
[  185.592817][   T43] usb 5-1: string descriptor 0 read error: -22
[  185.619408][   T43] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  185.621707][ T1210] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  185.636705][ T5843] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  185.645989][ T5926] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  185.661968][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.808396][ T5843] usb 3-1: device descriptor read/8, error -71
[  185.885824][ T6804] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  185.896637][   T43] usb 5-1: USB disconnect, device number 4
[  185.914083][ T6827] bridge0: port 2(gretap0) entered blocking state
[  185.917926][ T5843] usb usb3-port1: unable to enumerate USB device
[  185.932959][ T6827] bridge0: port 2(gretap0) entered disabled state
[  185.948173][ T6827] gretap0: entered allmulticast mode
[  185.959787][ T6827] gretap0: entered promiscuous mode
[  185.966590][ T6827] bridge0: port 2(gretap0) entered blocking state
[  185.973259][ T6827] bridge0: port 2(gretap0) entered forwarding state
[  186.114498][ T1210] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02
[  186.123858][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.132336][ T1210] usb 4-1: Product: syz
[  186.136535][ T1210] usb 4-1: Manufacturer: syz
[  186.141411][ T1210] usb 4-1: SerialNumber: syz
[  186.148787][ T1210] usb 4-1: config 0 descriptor??
[  187.089487][ T1210] hso 4-1:0.0: Failed to find BULK IN ep
[  187.181642][ T6842] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  187.189840][ T6842] syzkaller0: entered promiscuous mode
[  187.195501][ T6842] syzkaller0: entered allmulticast mode
[  187.355466][ T6842] tipc: Resetting bearer <eth:syzkaller0>
[  187.893831][ T6841] tipc: Resetting bearer <eth:syzkaller0>
[  187.926231][ T5843] usb 4-1: USB disconnect, device number 7
[  188.017007][ T6841] tipc: Disabling bearer <eth:syzkaller0>
[  188.348164][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  191.130966][ T6868] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  192.081486][ T6879] Illegal XDP return value 4294967274 on prog  (id 48) dev N/A, expect packet loss!
[  193.428711][ T1210] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  193.773450][ T1210] usb 3-1: Using ep0 maxpacket: 32
[  193.817958][ T1210] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  193.868949][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  193.942955][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  193.973429][ T1210] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  194.219683][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.251637][ T1210] usb 3-1: config 0 descriptor??
[  194.268529][ T6880] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  194.297723][ T1210] hub 3-1:0.0: USB hub found
[  194.512794][ T1210] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  194.556840][ T1210] usbhid 3-1:0.0: can't add hid device: -71
[  194.563151][ T1210] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  194.592672][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.599204][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.680123][ T1210] usb 3-1: USB disconnect, device number 12
[  195.289658][ T6920] FAULT_INJECTION: forcing a failure.
[  195.289658][ T6920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.329259][ T6916] netlink: 172 bytes leftover after parsing attributes in process `syz.2.254'.
[  195.371047][ T6916] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  195.387877][ T6920] CPU: 0 UID: 0 PID: 6920 Comm: syz.3.255 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  195.387916][ T6920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  195.387928][ T6920] Call Trace:
[  195.387936][ T6920]  <TASK>
[  195.387945][ T6920]  dump_stack_lvl+0x189/0x250
[  195.387975][ T6920]  ? __pfx____ratelimit+0x10/0x10
[  195.387998][ T6920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.388021][ T6920]  ? __pfx__printk+0x10/0x10
[  195.388047][ T6920]  ? __might_fault+0xb0/0x130
[  195.388081][ T6920]  should_fail_ex+0x414/0x560
[  195.388108][ T6920]  _copy_from_user+0x2d/0xb0
[  195.388137][ T6920]  snd_seq_oss_write+0x382/0x930
[  195.388181][ T6920]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  195.388208][ T6920]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  195.388236][ T6920]  ? security_file_permission+0x75/0x290
[  195.388264][ T6920]  odev_write+0x5a/0x80
[  195.388281][ T6920]  ? __pfx_odev_write+0x10/0x10
[  195.388300][ T6920]  vfs_write+0x27e/0xa90
[  195.388330][ T6920]  ? __pfx_vfs_write+0x10/0x10
[  195.388351][ T6920]  ? __fget_files+0x2a/0x420
[  195.388377][ T6920]  ? __fget_files+0x2a/0x420
[  195.388397][ T6920]  ? __fget_files+0x3a0/0x420
[  195.388418][ T6920]  ? __fget_files+0x2a/0x420
[  195.388450][ T6920]  ksys_write+0x145/0x250
[  195.388472][ T6920]  ? __pfx_ksys_write+0x10/0x10
[  195.388503][ T6920]  ? rcu_is_watching+0x15/0xb0
[  195.388540][ T6920]  ? do_syscall_64+0xbe/0x3b0
[  195.388567][ T6920]  do_syscall_64+0xfa/0x3b0
[  195.388592][ T6920]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.388613][ T6920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.388633][ T6920]  ? clear_bhb_loop+0x60/0xb0
[  195.388664][ T6920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.388683][ T6920] RIP: 0033:0x7f4641b8ebe9
[  195.388702][ T6920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.388718][ T6920] RSP: 002b:00007f4642adc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  195.388748][ T6920] RAX: ffffffffffffffda RBX: 00007f4641db5fa0 RCX: 00007f4641b8ebe9
[  195.388762][ T6920] RDX: 000000000000023c RSI: 00002000000001c0 RDI: 0000000000000003
[  195.388775][ T6920] RBP: 00007f4642adc090 R08: 0000000000000000 R09: 0000000000000000
[  195.388786][ T6920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  195.388798][ T6920] R13: 00007f4641db6038 R14: 00007f4641db5fa0 R15: 00007ffce2795948
[  195.388832][ T6920]  </TASK>
[  195.867636][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  196.084117][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  196.307251][   T43] usb 1-1: Using ep0 maxpacket: 32
[  196.377034][ T6934] mkiss: ax0: crc mode is auto.
[  196.442550][   T43] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  196.493331][   T43] usb 1-1: config 0 interface 0 has no altsetting 0
[  196.523939][   T43] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  196.554346][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.590053][   T43] usb 1-1: config 0 descriptor??
[  197.587547][   T24] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  197.605949][ T6925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.648119][ T6925] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.747240][ T6925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.824124][   T24] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  197.829569][ T6925] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.867484][   T24] usb 2-1: config 8 has 0 interfaces, different from the descriptor's value: 1
[  197.917192][   T24] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  197.947149][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.949571][ T6947] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  197.970806][ T6947] syzkaller0: entered promiscuous mode
[  197.980932][ T6947] syzkaller0: entered allmulticast mode
[  198.011406][ T6947] tipc: Resetting bearer <eth:syzkaller0>
[  198.031883][ T6946] tipc: Resetting bearer <eth:syzkaller0>
[  198.046436][ T6949] netlink: 4 bytes leftover after parsing attributes in process `syz.2.264'.
[  198.078844][ T6946] tipc: Disabling bearer <eth:syzkaller0>
[  198.165953][ T6951] input: syz1 as /devices/virtual/input/input14
[  198.434330][ T6925] ucma_write: process 156 (syz.0.257) changed security contexts after opening file descriptor, this is not allowed.
[  199.036087][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  199.467707][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  199.511614][   T43] usb 1-1: USB disconnect, device number 6
[  199.552479][ T6957] netlink: 20 bytes leftover after parsing attributes in process `syz.3.266'.
[  200.707588][   T43] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  201.236776][   T24] usb 2-1: USB disconnect, device number 4
[  201.248070][ T1210] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  201.380371][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  201.397721][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.417652][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  201.418496][ T1210] usb 4-1: Using ep0 maxpacket: 16
[  201.431715][   T43] usb 5-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00
[  201.452239][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.454179][ T1210] usb 4-1: config 0 has an invalid interface number: 30 but max is 0
[  201.478028][   T43] usb 5-1: config 0 descriptor??
[  201.484016][ T1210] usb 4-1: config 0 has no interface number 0
[  201.494618][ T1210] usb 4-1: config 0 interface 30 has no altsetting 0
[  201.504281][ T1210] usb 4-1: New USB device found, idVendor=06cd, idProduct=0109, bcdDevice=25.04
[  201.517877][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.526022][ T1210] usb 4-1: Product: syz
[  201.533635][ T1210] usb 4-1: Manufacturer: syz
[  201.539301][ T1210] usb 4-1: SerialNumber: syz
[  201.547331][ T1210] usb 4-1: config 0 descriptor??
[  201.552643][ T5843] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  201.569591][ T1210] hub 4-1:0.30: bad descriptor, ignoring hub
[  201.583099][ T1210] hub 4-1:0.30: probe with driver hub failed with error -5
[  201.592282][ T1210] keyspan 4-1:0.30: Keyspan - (without firmware) converter detected
[  201.709812][ T5843] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.722157][ T5843] usb 1-1: config 0 interface 0 has no altsetting 0
[  201.733349][ T5843] usb 1-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  201.746004][ T5843] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.756548][ T5843] usb 1-1: Product: syz
[  201.763363][ T5843] usb 1-1: Manufacturer: syz
[  201.768492][ T5843] usb 1-1: SerialNumber: syz
[  201.782134][ T5843] usb 1-1: config 0 descriptor??
[  201.791118][ T5843] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  201.804554][ T5843] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  201.814932][ T5926] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  201.826299][ T5843] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  201.835500][ T5843] usb 1-1: media controller created
[  201.865142][ T5843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  201.898886][ T6972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.908822][ T6972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.913768][   T24] usb 4-1: USB disconnect, device number 8
[  201.926450][   T24] keyspan 4-1:0.30: device disconnected
[  201.945163][   T43] usbhid 5-1:0.0: can't add hid device: -71
[  201.955193][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  201.975262][ T5926] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  201.979107][   T43] usb 5-1: USB disconnect, device number 5
[  202.005499][ T5926] usb 2-1: config 0 has no interface number 0
[  202.026716][ T5843] DVB: Unable to find symbol tda10046_attach()
[  202.035094][ T5843] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  202.047972][ T5843] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  202.060656][ T5926] usb 2-1: New USB device found, idVendor=0403, idProduct=da71, bcdDevice=a2.95
[  202.070147][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.078378][ T5926] usb 2-1: Product: syz
[  202.085019][ T5926] usb 2-1: Manufacturer: syz
[  202.094099][ T5926] usb 2-1: SerialNumber: syz
[  202.109444][ T5926] usb 2-1: config 0 descriptor??
[  202.118057][ T5926] usb 2-1: NDI device with a latency value of 1
[  202.293791][ T5843] dvb_usb_m920x 1-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  202.320849][ T5843] usb 1-1: USB disconnect, device number 7
[  202.327143][ T5926] ftdi_sio 2-1:0.8: FTDI USB Serial Device converter detected
[  202.336630][ T5926] ftdi_sio ttyUSB0: unknown device type: 0xa295
[  202.371557][ T5926] usb 2-1: USB disconnect, device number 5
[  202.392540][ T5926] ftdi_sio 2-1:0.8: device disconnected
[  204.017656][   T10] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[  204.191806][ T7005] input: syz1 as /devices/virtual/input/input15
[  204.220095][   T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  204.577312][ T7006] ------------[ cut here ]------------
[  204.583328][ T7006] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl726.c:331:46
[  204.592703][ T7006] shift exponent 122 is too large for 32-bit type 'int'
[  204.601219][ T7006] CPU: 0 UID: 0 PID: 7006 Comm: syz.3.285 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  204.601248][ T7006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.601260][ T7006] Call Trace:
[  204.601268][ T7006]  <TASK>
[  204.601277][ T7006]  dump_stack_lvl+0x189/0x250
[  204.601313][ T7006]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.601337][ T7006]  ? __pfx__printk+0x10/0x10
[  204.601372][ T7006]  ? __ubsan_handle_shift_out_of_bounds+0x247/0x410
[  204.601409][ T7006]  ubsan_epilogue+0xa/0x40
[  204.601436][ T7006]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  204.601475][ T7006]  ? __kmalloc_noprof+0x29b/0x4f0
[  204.601507][ T7006]  pcl726_attach+0xac4/0xd50
[  204.601545][ T7006]  comedi_device_attach+0x520/0x670
[  204.601581][ T7006]  comedi_unlocked_ioctl+0x686/0xfc0
[  204.601613][ T7006]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  204.601671][ T7006]  ? rcu_is_watching+0x15/0xb0
[  204.601694][ T7006]  ? trace_irq_disable+0x37/0x110
[  204.601722][ T7006]  ? preempt_schedule_irq+0xde/0x150
[  204.601745][ T7006]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  204.601782][ T7006]  ? irqentry_exit+0x74/0x90
[  204.601804][ T7006]  ? lockdep_hardirqs_on+0x9c/0x150
[  204.601840][ T7006]  ? security_file_ioctl+0x282/0x2d0
[  204.601867][ T7006]  ? bpf_lsm_file_ioctl+0x4/0x20
[  204.601893][ T7006]  ? bpf_lsm_file_ioctl+0x9/0x20
[  204.601916][ T7006]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  204.601938][ T7006]  __se_sys_ioctl+0xfc/0x170
[  204.601973][ T7006]  do_syscall_64+0xfa/0x3b0
[  204.602004][ T7006]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.602023][ T7006]  ? asm_sysvec_call_function_single+0x1a/0x20
[  204.602043][ T7006]  ? clear_bhb_loop+0x60/0xb0
[  204.602069][ T7006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.602089][ T7006] RIP: 0033:0x7f4641b8ebe9
[  204.602110][ T7006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  204.602127][ T7006] RSP: 002b:00007f4642abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  204.602150][ T7006] RAX: ffffffffffffffda RBX: 00007f4641db6090 RCX: 00007f4641b8ebe9
[  204.602165][ T7006] RDX: 0000200000000440 RSI: 0000000040946400 RDI: 000000000000000a
[  204.602179][ T7006] RBP: 00007f4641c11e19 R08: 0000000000000000 R09: 0000000000000000
[  204.602192][ T7006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  204.602205][ T7006] R13: 00007f4641db6128 R14: 00007f4641db6090 R15: 00007ffce2795948
[  204.602241][ T7006]  </TASK>
[  204.602284][ T7006] ---[ end trace ]---
[  204.880949][ T7006] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  204.888198][ T7006] CPU: 0 UID: 0 PID: 7006 Comm: syz.3.285 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  204.898062][ T7006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.908169][ T7006] Call Trace:
[  204.911499][ T7006]  <TASK>
[  204.914473][ T7006]  dump_stack_lvl+0x99/0x250
[  204.919106][ T7006]  ? __asan_memcpy+0x40/0x70
[  204.923737][ T7006]  ? __pfx_dump_stack_lvl+0x10/0x10
[  204.928995][ T7006]  ? __pfx__printk+0x10/0x10
[  204.933643][ T7006]  panic+0x2db/0x790
[  204.937580][ T7006]  ? __pfx_panic+0x10/0x10
[  204.942047][ T7006]  ? _printk+0xcf/0x120
[  204.946269][ T7006]  ? __pfx__printk+0x10/0x10
[  204.950969][ T7006]  ? __ubsan_handle_shift_out_of_bounds+0x247/0x410
[  204.957575][ T7006]  check_panic_on_warn+0x89/0xb0
[  204.962611][ T7006]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  204.969091][ T7006]  ? __kmalloc_noprof+0x29b/0x4f0
[  204.974126][ T7006]  pcl726_attach+0xac4/0xd50
[  204.978757][ T7006]  comedi_device_attach+0x520/0x670
[  204.984018][ T7006]  comedi_unlocked_ioctl+0x686/0xfc0
[  204.989334][ T7006]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  204.995228][ T7006]  ? rcu_is_watching+0x15/0xb0
[  205.000015][ T7006]  ? trace_irq_disable+0x37/0x110
[  205.005063][ T7006]  ? preempt_schedule_irq+0xde/0x150
[  205.010378][ T7006]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  205.016118][ T7006]  ? irqentry_exit+0x74/0x90
[  205.020730][ T7006]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.026039][ T7006]  ? security_file_ioctl+0x282/0x2d0
[  205.031363][ T7006]  ? bpf_lsm_file_ioctl+0x4/0x20
[  205.036351][ T7006]  ? bpf_lsm_file_ioctl+0x9/0x20
[  205.041335][ T7006]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  205.047156][ T7006]  __se_sys_ioctl+0xfc/0x170
[  205.051805][ T7006]  do_syscall_64+0xfa/0x3b0
[  205.056344][ T7006]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.062430][ T7006]  ? asm_sysvec_call_function_single+0x1a/0x20
[  205.068597][ T7006]  ? clear_bhb_loop+0x60/0xb0
[  205.073287][ T7006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.079190][ T7006] RIP: 0033:0x7f4641b8ebe9
[  205.083618][ T7006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.103235][ T7006] RSP: 002b:00007f4642abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  205.111681][ T7006] RAX: ffffffffffffffda RBX: 00007f4641db6090 RCX: 00007f4641b8ebe9
[  205.119776][ T7006] RDX: 0000200000000440 RSI: 0000000040946400 RDI: 000000000000000a
[  205.127858][ T7006] RBP: 00007f4641c11e19 R08: 0000000000000000 R09: 0000000000000000
[  205.135913][ T7006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.143914][ T7006] R13: 00007f4641db6128 R14: 00007f4641db6090 R15: 00007ffce2795948
[  205.151946][ T7006]  </TASK>
[  205.155384][ T7006] Kernel Offset: disabled
[  205.159795][ T7006] Rebooting in 86400 seconds..