last executing test programs:

26m44.969549903s ago: executing program 2 (id=1666):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
close_range(r1, r0, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r3, 0x890c, &(0x7f00000001c0)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x2, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x55e, 0x1, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

26m42.745669073s ago: executing program 2 (id=1673):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
timerfd_create(0x1, 0x80800)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000180)=0x2e45, 0x4)
recvmmsg(0xffffffffffffffff, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
keyctl$set_timeout(0xf, 0x0, 0x100)
pipe2$watch_queue(&(0x7f0000000080), 0x80)
pipe2$watch_queue(&(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, r2, 0xe)
getresuid(0x0, &(0x7f0000000200), &(0x7f0000000240))

26m40.948336329s ago: executing program 2 (id=1674):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000005c0), 0x20000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000600)={0x7fffffff, 0x9, 0x0, 'queue1\x00', 0x29})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvlan0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000002200f30c0000000000feff00760000000f00001e37000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffa1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000003c0)='io_uring_register\x00', r6, 0x0, 0x9}, 0x18)
r7 = io_uring_setup(0x931, &(0x7f0000000000)={0x0, 0xc14c, 0x26a8, 0x2, 0x328})
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000740)={0x0, 0x0, 0x0, 0xa00}, 0x1)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, <r9=>0x0], &(0x7f0000000200), 0x4, r8})
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x2}, 0x0)
r10 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r10, r10, r10}, &(0x7f0000000040)=""/80, 0x50, &(0x7f00000001c0)={&(0x7f00000000c0)={'sha3-256\x00'}})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = openat$cgroup_ro(r11, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
read$msr(r12, &(0x7f00000000c0)=""/234, 0xea)
write$cgroup_freezer_state(r12, &(0x7f00000006c0)='FROZEN\x00', 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x180)
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000300)={0x200, 0x4000000000000141, &(0x7f0000000340), &(0x7f00000000c0)=[0x2], &(0x7f0000000400)=[r9, r9], &(0x7f00000001c0), 0x0, 0xff7ffffffffffffe})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000480)={&(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0], &(0x7f0000000280)=[0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x1, 0x1, 0xa})
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

26m39.54399587s ago: executing program 2 (id=1679):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22'])
close_range(r0, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001280), 0x2, 0x0)
getrlimit(0xc, &(0x7f0000000240))
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000080)={{0x0, 0x0, 0x4, 0x10}, 'syz1\x00', 0x26})
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000040000000000000000000003000000000500000007000000070000000000000000000000000400000003000000ed79712b2e7c30000c0200020000000000001202000000"], 0x0, 0x58, 0x0, 0x4, 0x6, 0x0, @void, @value}, 0x8c)
socketpair(0x23, 0x5, 0x0, &(0x7f0000000000))
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000040)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45bebe3f5b53e0ca34dd02acecdc67c5e3126628168", r4, <r7=>0xffffffffffffffff})
close(r5)
ioctl$SYNC_IOC_MERGE(r7, 0x40103e05, &(0x7f0000000080)={"df000000000000000000000000000000000000002000a400", r7})

26m38.189830664s ago: executing program 2 (id=1682):
sched_setscheduler(0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
r0 = socket(0x2, 0x2, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x0, 0x0)
ioctl$NBD_DO_IT(r1, 0xab03)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)

26m37.470734485s ago: executing program 2 (id=1686):
mknodat(0xffffffffffffffff, 0x0, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000040)={[{0x10, 0x3, 0x4, 0xc, 0xc, 0xfa, 0xfe, 0x3, 0x2, 0x1, 0x10, 0xf8, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xae, 0x5, 0x2, 0xc, 0xfe, 0x40, 0x6, 0x17, 0x3c}, {0xa20000, 0x7, 0x4, 0x7, 0x2, 0x77, 0x1, 0x9, 0x2, 0x1, 0x8, 0x54, 0x18bb}], 0xd9})
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaa3dffffffffffffa0da2f008100490086dd6000000000142f0000000000000000000000ffffac1414aa00000000000000000000000000000000000089061566791eaff8024e52fe7c6e409f9953a77817876f02541559f0c4b510ba048f620eafc019098d7c101af028a6789d3c5f4e2d82190bf503909f8834b5188462e9e7e9ded3fc9a61845b85b794f8b1b262ec9eaaae98d3e814472b1dddce27d15fd7929ca0b1d37dc9617a43b265289eb7d8c7dd69bcc5d08263cb24a36a8a5e7a8de7e8dd8ab653b5d158a10f16df38fc29967454ed7f6da440acdeefcd753236d39dd1801d77fc35cc472a", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="504000009078fffe"], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000b40)="f30f09ba6100b8c400ef66b9eb0a00000f3266b9830000c066b84700000066ba000000000f30f2a60fc75add650fdabc755ac09af67f0066b98004000066b8532ebe1866ba0bffd3710f3066b9830500000f32", 0x53}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0))
read$dsp(r4, &(0x7f00000011c0)=""/4117, 0x200021d5)
shutdown(0xffffffffffffffff, 0x1)

26m22.321269258s ago: executing program 32 (id=1686):
mknodat(0xffffffffffffffff, 0x0, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000040)={[{0x10, 0x3, 0x4, 0xc, 0xc, 0xfa, 0xfe, 0x3, 0x2, 0x1, 0x10, 0xf8, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xae, 0x5, 0x2, 0xc, 0xfe, 0x40, 0x6, 0x17, 0x3c}, {0xa20000, 0x7, 0x4, 0x7, 0x2, 0x77, 0x1, 0x9, 0x2, 0x1, 0x8, 0x54, 0x18bb}], 0xd9})
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaa3dffffffffffffa0da2f008100490086dd6000000000142f0000000000000000000000ffffac1414aa00000000000000000000000000000000000089061566791eaff8024e52fe7c6e409f9953a77817876f02541559f0c4b510ba048f620eafc019098d7c101af028a6789d3c5f4e2d82190bf503909f8834b5188462e9e7e9ded3fc9a61845b85b794f8b1b262ec9eaaae98d3e814472b1dddce27d15fd7929ca0b1d37dc9617a43b265289eb7d8c7dd69bcc5d08263cb24a36a8a5e7a8de7e8dd8ab653b5d158a10f16df38fc29967454ed7f6da440acdeefcd753236d39dd1801d77fc35cc472a", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="504000009078fffe"], 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000b40)="f30f09ba6100b8c400ef66b9eb0a00000f3266b9830000c066b84700000066ba000000000f30f2a60fc75add650fdabc755ac09af67f0066b98004000066b8532ebe1866ba0bffd3710f3066b9830500000f32", 0x53}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0))
read$dsp(r4, &(0x7f00000011c0)=""/4117, 0x200021d5)
shutdown(0xffffffffffffffff, 0x1)

15m13.957690942s ago: executing program 3 (id=3515):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
pipe2(0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
r1 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000080)={0x20000000})
close(r0)
r4 = socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}})
write$cgroup_type(r0, 0x0, 0x0)
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), 0x0}, 0x20)
splice(0xffffffffffffffff, &(0x7f0000000040)=0x6, 0xffffffffffffffff, 0x0, 0x5, 0x1)
r6 = socket$kcm(0x10, 0x2, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000002140)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x4, 0x6, 0x0, 0x402, 0x40, @ipv4={'\x00', '\xff\xff', @remote}, @loopback={0x300, 0xffff8881114a4aa8}, 0x0, 0x0, 0xfffffffc}})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a0f0000}, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)

15m13.033730139s ago: executing program 3 (id=3521):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20\x00'}, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x8, 0x0, @time={0x0, 0xfb}, {}, {}, @raw32={[0x0, 0x0, 0xffffffff]}}], 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f00000000c0)={0x2b2})
r3 = socket$unix(0x1, 0x5, 0x0)
connect$unix(r3, &(0x7f00000003c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000000c0), 0x8, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000001a00010000001a00000000001c140000da"], 0x1c}}, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000200)={0x2, @sliced={0x4, [0x0, 0xb95, 0x6, 0x0, 0x3, 0x86d3, 0xf, 0x6, 0x4, 0x80, 0x7fff, 0x9, 0x1, 0x1000, 0x4, 0x7, 0x2, 0xad, 0xfff, 0x7, 0x8, 0xfffc, 0x5, 0x8000, 0x800, 0x6, 0x2e53, 0x975f, 0x4, 0x1, 0x9, 0x8001, 0xa, 0x1, 0x7, 0x5, 0x9, 0x6, 0x7e70, 0x0, 0x47, 0x5, 0xff, 0x2, 0xd06, 0x2, 0x1, 0xbb7], 0x3ff}})

15m12.800264802s ago: executing program 3 (id=3524):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket(0x2000000000000021, 0x2, 0x2)
shutdown(r1, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_unix(0x0, 0x0, 0x0, 0x802ca2, 0x0)
r2 = syz_open_dev$cec(0x0, 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
ioctl$CEC_TRANSMIT(r2, 0xc0386105, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
r4 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0xffffffff, 0x10100}, &(0x7f0000000480), &(0x7f0000000300)=<r5=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0xc5f7}, &(0x7f0000000040)=<r6=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r4, 0x48e9, 0x0, 0x0, 0x0, 0x0)

15m11.277393129s ago: executing program 3 (id=3526):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket(0x2000000000000021, 0x2, 0x2)
shutdown(r1, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mount$9p_unix(0x0, 0x0, 0x0, 0x802ca2, 0x0)
r2 = syz_open_dev$cec(0x0, 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
ioctl$CEC_TRANSMIT(r2, 0xc0386105, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
r4 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0xffffffff, 0x10100}, &(0x7f0000000480), &(0x7f0000000300)=<r5=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0xc5f7}, &(0x7f0000000040)=<r6=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r4, 0x48e9, 0x0, 0x0, 0x0, 0x0)

15m10.062220888s ago: executing program 3 (id=3532):
r0 = syz_open_dev$dri(&(0x7f00000007c0), 0x86cd, 0x400c0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r2, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x9, 0x0, [], [0xff, 0x0, 0x39a], [], [0x100000001]})
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000800)={r4})
pipe2(&(0x7f00000003c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
unshare(0x60400)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil})
r10 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r10, 0x40086602, &(0x7f0000000200)=0x10)
bind$unix(r9, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000000206050000000000000000000000000011000300686173683a6e65742c6e6574000000000900020073000500050002000000050001000600000014000780080006400000000008000840000070d500"/96], 0x60}}, 0x0)
lseek(r8, 0x0, 0x2)
sendmsg$rds(r6, &(0x7f0000000780)={&(0x7f0000000240)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000280)=""/101, 0x65}], 0x1, &(0x7f0000000600)=[@zcopy_cookie={0x18, 0x114, 0xc, 0xd}, @rdma_map={0x30, 0x114, 0x3, {{&(0x7f0000000400)=""/81, 0x51}, &(0x7f0000000380), 0x1}}, @fadd={0x58, 0x114, 0x6, {{0x2, 0x200}, &(0x7f0000000480)=0x3ff, &(0x7f00000004c0)=0x1ff, 0x9, 0x1, 0xfffffffffffffff1, 0x0, 0x40, 0x8}}, @mask_cswp={0x58, 0x114, 0x9, {{0x3, 0x6}, &(0x7f0000000500)=0x1, &(0x7f0000000540)=0x7, 0xffffffffffffec8b, 0x100000001, 0x7, 0x59, 0x14, 0xfffffffffffffe00}}, @fadd={0x58, 0x114, 0x6, {{0x10001, 0x3c}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=0x4, 0x6, 0x10001, 0x21, 0x6, 0x69, 0x81}}], 0x150, 0x4000000}, 0x10)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000001c0)={0x9, 0x2, 0x1})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYRES32=r6, @ANYRESHEX=r6, @ANYBLOB="2c63616368653d667363616368652c63616368657461673d14e2c311e2cb86c82d4873c6af6ddc7bde3c511a1315e4f85948a98ae388123b56361ed3cc4c3e5523eb70372d9fb8f341b24358d32f2fdd32382b9d53229b6d19d04b3461e6fbdbf7e44bb5c8945f07e63191e43c40c3372b9cb2e8453d54d5b127c3770c27d497f8bae8a00a8fc4c97fa81d88a317caa5657f596a825ae94ba0545c87758c6f4c077cc8665e0104e48e0ffe16a747d4a1efc5a76b1d45b09d2169995c5e5c5d473f452bcd7df769e2a28d4557abdc8ce959b1c8c49721bcf4efc90376f320b2c5d5f024a04b4435f49ce10dc4a0d127ad43b75a0c5b74d1ad596b90763c69649202169de1726d6b5590993406e55c"])

15m7.657423147s ago: executing program 3 (id=3540):
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000040)={0x7, {{0xa, 0x4e24, 0x2, @mcast1, 0x1}}}, 0x88)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d)
syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, @loopback, @local}}}}}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r4, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x3f8, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x8980}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

14m51.858517315s ago: executing program 33 (id=3540):
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000040)={0x7, {{0xa, 0x4e24, 0x2, @mcast1, 0x1}}}, 0x88)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d)
syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, @loopback, @local}}}}}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
bpf$MAP_DELETE_ELEM(0x15, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r4, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x3f8, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x8980}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)

28.084045128s ago: executing program 4 (id=6073):
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r3 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)

26.959885767s ago: executing program 4 (id=6079):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$tipc(0x1e, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000d00)='/sys/power/mem_sleep', 0x122102, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
r4 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r5 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x8c7)
write$binfmt_elf32(r4, &(0x7f0000000040)=ANY=[@ANYRES64=r5], 0x69)
close(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

25.696085571s ago: executing program 4 (id=6082):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

24.210177595s ago: executing program 4 (id=6085):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)

23.782860802s ago: executing program 4 (id=6086):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r0 = getpid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x22020400)
getdents(0xffffffffffffffff, 0x0, 0x58)
ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000240)={{{0x1, 0x1}}, 0x0, 0x14, 0x0})
mincore(&(0x7f0000ffe000/0x1000)=nil, 0x1000, &(0x7f0000000000)=""/174)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmsg$IPCTNL_MSG_EXP_DELETE(r1, &(0x7f0000002980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48004}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

22.57826406s ago: executing program 4 (id=6091):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
sync()
sync()

19.222996914s ago: executing program 6 (id=6107):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b3234076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

17.727486103s ago: executing program 6 (id=6110):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x28800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xf101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"})

16.248705803s ago: executing program 0 (id=6117):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}}, 0x0)

14.07121669s ago: executing program 1 (id=6121):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x800000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = dup2(r1, r0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
r3 = epoll_create(0x2)
epoll_wait(r3, &(0x7f0000000080)=[{}], 0x1, 0xc)

13.964450111s ago: executing program 1 (id=6122):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
fsync(r0)
r1 = syz_open_dev$loop(&(0x7f00000001c0), 0x75c, 0x38f780)
ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x100000001)
syz_open_procfs(0x0, &(0x7f0000000240)='projid_map\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x5000)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e85000000070000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000ff0000000800000005"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x8, {0x9}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x3}}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x68}}, 0x0)

12.164171035s ago: executing program 5 (id=6123):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, 0x0, 0x185600, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r4, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x8, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000100000000000000840a00000000000095000000000000"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000003480)={0x2020}, 0x2020)

11.10784499s ago: executing program 5 (id=6124):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
dup(r3)
getitimer(0x0, &(0x7f0000000380))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0)
vmsplice(r5, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

10.179948035s ago: executing program 5 (id=6125):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0xc, 0xffffbffb, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000000180)=@abs={0x1, 0x5c, 0x1}, 0x6e, 0x0}, 0x20000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10)
ioctl$TUNGETVNETLE(r1, 0x40047451, &(0x7f0000000180))

9.908370142s ago: executing program 0 (id=6126):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

9.823885618s ago: executing program 1 (id=6127):
socket(0x1e, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e"], 0x44}}, 0x0)

9.701618575s ago: executing program 0 (id=6128):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa0806000108000604000100000000000000000000ffffffffffffac1414"], 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x46, 0x0, @vifc_lcl_ifindex, @multicast1}, 0x10)
socket$inet6(0xa, 0x802, 0x88)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)

9.701125296s ago: executing program 6 (id=6129):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

9.700631988s ago: executing program 5 (id=6130):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0xd0d, 0x0, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
ptrace(0x10, 0x0)
ptrace$ARCH_SHSTK_ENABLE(0x1e, 0x0, 0x1, 0x5001)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0)

9.534866846s ago: executing program 6 (id=6131):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, @in=@local, 0x100, 0x0, 0x2, 0x4, 0xa, 0x10, 0x20}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, {0x0, 0x40000000, 0x0, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@multicast2, 0x4d6, 0x32}, 0x0, @in6=@empty, 0xfffffffe, 0x4}}, 0xe8)
sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x1, 0x0)

8.799926672s ago: executing program 5 (id=6132):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$inet6(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x40004}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r6, 0x0, 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$invalidate(0x15, r8)
keyctl$read(0xb, r8, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
sendto$inet6(r1, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)

8.799326698s ago: executing program 6 (id=6133):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000400)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioprio_get$uid(0x3, 0xee01)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000ffff0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3, 0x0, 0x100}, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'macsec0\x00', @random="06517dc2e6ea"})

7.90252487s ago: executing program 6 (id=6134):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
prctl$PR_MCE_KILL(0x35, 0x0, 0x8)
prctl$PR_MCE_KILL(0x35, 0x0, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_type(r3, &(0x7f00000001c0), 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000800)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000100000061119900"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$cgroup_type(r4, &(0x7f0000000280), 0x9)
syz_clone(0x40200400, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f0000000c40), 0x12)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone(0x40020000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f00000004c0)={0x5, 0xfffffffffffffff3, 0x2, 0x7, 0x5, 0x0, [{0x8, 0x7fff, 0x75, '\x00', 0xd0f35a24a087bf25}, {0x6, 0x101, 0x0, '\x00', 0x400}, {0x35b, 0x831000000, 0x5, '\x00', 0x8}, {0x80000001, 0xffffffffffffffff, 0x9, '\x00', 0x1000}, {0x9, 0x84, 0x0, '\x00', 0x100}]})

7.751946893s ago: executing program 5 (id=6135):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000600)=ANY=[@ANYBLOB="b700000012ed07febfa30000000000007603000028feffff7a03f0fff8ffffff79a4f0ff0000000024040000000000007f000000000000002704000001ed0a0025000000170000005d040000000000007b0300fe000000002d03000000000000c6000000000000009500000000000000023bd14560d8e9bac065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef7054803d0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d85827513acd02b5a655a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f08050e46850600000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236ed200073826593c4e1a0f50a74bb482e486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c6133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc1caa80e64461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f6260a483632a2ab447f88dd6efec73a0271a19ca3aa860aa4dcaeebe3d53040b853a7c02a5fcc08b3a572969bbe91c921ac1476027772c87d172ab29967e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f522df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb520400000000000000c3ae49f88c462ea2050acf2d9a97d3be29a5ff4d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399fa5ee0b41e14a6fe6894e901a523fcbadfeff535fd9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014fa841061e63d40f4e536314beda5738fee012365f963b2a85e7d8075c333475b9f0284405e30700000041285fbe0bdd37220e31d4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe8c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae9f5a6ad28599dc36fc5fb481d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21da4fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68ad9fa2b2528798df1c36fc438d9c98f168490b41e158bb2e2d8ed19d44b9cce67c9c522b5136be09ed1b97ea3d5b317508df23e92c56fc2eb74d27d3861d91745b8fb9f6cc20e9f8b174000c62c4a2b212332a073fc5d0be7347e41454cb27e081c43e92ae7f9f046600db85d945a4666b588629ce0809d5c8506308688db21ec04d365497bf900600000000000000000000000000681474c0703174a92e9124dc8fc6da9f3cb3c2d12bc27fa87413a680bd09996bbd59b033c07c015617bc5142956fa065a9750774d635a19cdaf78b0fee37efcce6f4297156d5e6b2c9a06fbd3dccc8704b90647191d919a5b1f399889b8b3547dec24f3b846948424af9c63eaf074d2a954390735141befa99240a40defc1d937db2fd3a926eb10fb450baa9ad89c80365f9a24700752953e3c42779379591b5667597ad8a52a9a96dcec6706dba17749e6c59808b66fadd437e9fb16eedf7862d86d11c33ab3b49b7c6dcbde1e52d2a3b43443c3c36fdcf999ede1da0eb9450a27c2307de2b3af451c013"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000180)=r2)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1e0306003c5c9801288463"], 0xffdd)

7.447468033s ago: executing program 34 (id=6091):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
sync()
sync()

5.754303981s ago: executing program 1 (id=6137):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/35, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x11}, 0x9}, 0x1c)

5.697521691s ago: executing program 0 (id=6138):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x20000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0xa83f0000}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

5.423936759s ago: executing program 0 (id=6139):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.251922045s ago: executing program 0 (id=6140):
renameat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00')
socketpair$unix(0x1, 0xe8b21e2a732ba454, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)
unshare(0x64000600)
syz_emit_ethernet(0x9a, &(0x7f0000000300)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6001070000641100fc010000000000000000000000000000ff02000000000000000000000000000100000e2200649078020000000200000001000000bb577147f8c6ea630bf2addfd0edf624317d8ab859c3d9fe9a2f9edb8e36339e135d1f142a167f4628d3226f75568a75d33e838bef40d2fcff6cb8d91538c6c53faf7186e649c6d4a63039dec2f1d69b35638966ac733f3a2c21dd9d55f5767254"], 0x0)

4.688032841s ago: executing program 1 (id=6141):
syz_clone(0xc0400, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
socket$inet6(0xa, 0x3, 0x3c)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000000)=0x930d, 0x4)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000040)=0x10001, 0x4)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'erspan0\x00', <r8=>0x0})
sendto$packet(r6, &(0x7f00000002c0)="05030500d3fc030000004788031c09101128", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x8100, r8, 0x1, 0x0, 0x6, @multicast}, 0x14)

0s ago: executing program 1 (id=6142):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x37}]}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000009c0)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "080108", 0x14, 0x2f, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x40}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

12 bytes leftover after parsing attributes in process `syz.6.5242'.
[ 1981.083178][T12795] usb 7-1: new full-speed USB device number 34 using dummy_hcd
[ 1981.245727][T12795] usb 7-1: device descriptor read/64, error -71
[ 1981.452017][T26086] FAULT_INJECTION: forcing a failure.
[ 1981.452017][T26086] name failslab, interval 1, probability 0, space 0, times 0
[ 1981.467689][T26086] CPU: 0 UID: 0 PID: 26086 Comm: syz.4.5249 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 1981.467713][T26086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1981.467723][T26086] Call Trace:
[ 1981.467730][T26086]  <TASK>
[ 1981.467736][T26086]  dump_stack_lvl+0x241/0x360
[ 1981.467761][T26086]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1981.467778][T26086]  ? __pfx__printk+0x10/0x10
[ 1981.467803][T26086]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[ 1981.467829][T26086]  ? __pfx___might_resched+0x10/0x10
[ 1981.467853][T26086]  should_fail_ex+0x40a/0x550
[ 1981.467879][T26086]  should_failslab+0xac/0x100
[ 1981.467903][T26086]  kmem_cache_alloc_node_noprof+0x77/0x380
[ 1981.467926][T26086]  ? __alloc_skb+0x1c3/0x440
[ 1981.467950][T26086]  __alloc_skb+0x1c3/0x440
[ 1981.467975][T26086]  ? __pfx___alloc_skb+0x10/0x10
[ 1981.467998][T26086]  ? netlink_autobind+0xd6/0x2f0
[ 1981.468013][T26086]  ? netlink_autobind+0x2b0/0x2f0
[ 1981.468035][T26086]  netlink_sendmsg+0x634/0xcb0
[ 1981.468062][T26086]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1981.468086][T26086]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1981.468100][T26086]  __sock_sendmsg+0x221/0x270
[ 1981.468118][T26086]  ____sys_sendmsg+0x53a/0x860
[ 1981.468147][T26086]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1981.468169][T26086]  ? __fget_files+0x2a/0x410
[ 1981.468186][T26086]  ? __fget_files+0x2a/0x410
[ 1981.468204][T26086]  __sys_sendmsg+0x269/0x350
[ 1981.468235][T26086]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1981.468266][T26086]  ? do_sys_openat2+0x17a/0x1d0
[ 1981.468306][T26086]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1981.468330][T26086]  ? do_syscall_64+0x100/0x230
[ 1981.468353][T26086]  ? do_syscall_64+0xb6/0x230
[ 1981.468376][T26086]  do_syscall_64+0xf3/0x230
[ 1981.468396][T26086]  ? clear_bhb_loop+0x35/0x90
[ 1981.468419][T26086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1981.468439][T26086] RIP: 0033:0x7fbd1cb8d169
[ 1981.468453][T26086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1981.468468][T26086] RSP: 002b:00007fbd1da06038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1981.468487][T26086] RAX: ffffffffffffffda RBX: 00007fbd1cda6080 RCX: 00007fbd1cb8d169
[ 1981.468499][T26086] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000005
[ 1981.468510][T26086] RBP: 00007fbd1da06090 R08: 0000000000000000 R09: 0000000000000000
[ 1981.468520][T26086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1981.468530][T26086] R13: 0000000000000000 R14: 00007fbd1cda6080 R15: 00007ffce2988548
[ 1981.468555][T26086]  </TASK>
[ 1981.723985][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1981.798651][T12795] usb 7-1: new full-speed USB device number 35 using dummy_hcd
[ 1981.952871][T12795] usb 7-1: device descriptor read/64, error -71
[ 1982.063476][T12795] usb usb7-port1: attempt power cycle
[ 1982.464405][T26101] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5254'.
[ 1982.482888][T12795] usb 7-1: new full-speed USB device number 36 using dummy_hcd
[ 1982.909550][T12795] usb 7-1: device descriptor read/8, error -71
[ 1983.019680][T26097] lo speed is unknown, defaulting to 1000
[ 1983.054936][T26097] lo speed is unknown, defaulting to 1000
[ 1983.150472][T26097] lo speed is unknown, defaulting to 1000
[ 1983.204457][T26097] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1983.300784][T26097] lo speed is unknown, defaulting to 1000
[ 1983.319197][T26097] lo speed is unknown, defaulting to 1000
[ 1983.354958][T26097] lo speed is unknown, defaulting to 1000
[ 1983.362765][T26097] lo speed is unknown, defaulting to 1000
[ 1983.983881][T26097] lo speed is unknown, defaulting to 1000
[ 1984.364600][   T29] audit: type=1326 audit(1740232553.794:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26120 comm="syz.1.5261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x0
[ 1984.385720][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1984.978911][   T29] audit: type=1800 audit(1740232554.404:167): pid=26129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.5263" name="file1" dev="tmpfs" ino=2734 res=0 errno=0
[ 1985.473410][T26138] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5265'.
[ 1986.690478][T26150] /dev/nullb0: Can't lookup blockdev
[ 1987.512414][T26167] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5276'.
[ 1988.181314][T26173] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5279'.
[ 1988.522253][T26174] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5277'.
[ 1988.978828][T26179] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5280'.
[ 1989.435977][T26183] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5283'.
[ 1989.477469][T26183] FAULT_INJECTION: forcing a failure.
[ 1989.477469][T26183] name failslab, interval 1, probability 0, space 0, times 0
[ 1989.506421][T26183] CPU: 1 UID: 0 PID: 26183 Comm: syz.5.5283 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 1989.506446][T26183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1989.506457][T26183] Call Trace:
[ 1989.506464][T26183]  <TASK>
[ 1989.506472][T26183]  dump_stack_lvl+0x241/0x360
[ 1989.506499][T26183]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1989.506517][T26183]  ? __pfx__printk+0x10/0x10
[ 1989.506545][T26183]  ? __kmalloc_node_track_caller_noprof+0xb4/0x4c0
[ 1989.506566][T26183]  ? __pfx___might_resched+0x10/0x10
[ 1989.506592][T26183]  should_fail_ex+0x40a/0x550
[ 1989.506629][T26183]  should_failslab+0xac/0x100
[ 1989.506656][T26183]  __kmalloc_node_track_caller_noprof+0xdc/0x4c0
[ 1989.506674][T26183]  ? kernfs_rename_ns+0x3be/0x860
[ 1989.506692][T26183]  ? kernfs_find_ns+0x21/0x340
[ 1989.506713][T26183]  kstrdup+0x42/0x100
[ 1989.506735][T26183]  kernfs_rename_ns+0x3be/0x860
[ 1989.506762][T26183]  sysfs_rename_link_ns+0x178/0x1c0
[ 1989.506791][T26183]  device_rename+0x11c/0x200
[ 1989.506821][T26183]  cfg80211_dev_rename+0x141/0x220
[ 1989.506846][T26183]  nl80211_set_wiphy+0x2c5/0x2c90
[ 1989.506877][T26183]  ? __rtnl_unlock+0xcc/0xf0
[ 1989.506899][T26183]  ? netdev_run_todo+0xeac/0xf30
[ 1989.506923][T26183]  ? nl80211_pre_doit+0x5f/0x8b0
[ 1989.506952][T26183]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1989.506981][T26183]  ? __pfx_nl80211_set_wiphy+0x10/0x10
[ 1989.507007][T26183]  ? __nla_parse+0x40/0x60
[ 1989.507039][T26183]  genl_rcv_msg+0xb1f/0xec0
[ 1989.507072][T26183]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1989.507124][T26183]  ? __pfx_lock_acquire+0x10/0x10
[ 1989.507146][T26183]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1989.507168][T26183]  ? __pfx_nl80211_set_wiphy+0x10/0x10
[ 1989.507189][T26183]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1989.507214][T26183]  ? __pfx___might_resched+0x10/0x10
[ 1989.507246][T26183]  netlink_rcv_skb+0x206/0x480
[ 1989.507272][T26183]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1989.507295][T26183]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1989.507335][T26183]  ? __netlink_deliver_tap+0x7b0/0x7f0
[ 1989.507369][T26183]  genl_rcv+0x28/0x40
[ 1989.507388][T26183]  netlink_unicast+0x7f6/0x990
[ 1989.507421][T26183]  ? __pfx_netlink_unicast+0x10/0x10
[ 1989.507442][T26183]  ? __virt_addr_valid+0x45f/0x530
[ 1989.507467][T26183]  ? __phys_addr_symbol+0x2f/0x70
[ 1989.507490][T26183]  ? __check_object_size+0x47a/0x730
[ 1989.507520][T26183]  netlink_sendmsg+0x8de/0xcb0
[ 1989.507552][T26183]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1989.507584][T26183]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1989.507600][T26183]  __sock_sendmsg+0x221/0x270
[ 1989.507629][T26183]  ____sys_sendmsg+0x53a/0x860
[ 1989.507663][T26183]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1989.507685][T26183]  ? __fget_files+0x2a/0x410
[ 1989.507707][T26183]  ? __fget_files+0x2a/0x410
[ 1989.507740][T26183]  __sys_sendmsg+0x269/0x350
[ 1989.507770][T26183]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1989.507809][T26183]  ? do_sys_openat2+0x17a/0x1d0
[ 1989.507857][T26183]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1989.507882][T26183]  ? do_syscall_64+0x100/0x230
[ 1989.507907][T26183]  ? do_syscall_64+0xb6/0x230
[ 1989.507931][T26183]  do_syscall_64+0xf3/0x230
[ 1989.507952][T26183]  ? clear_bhb_loop+0x35/0x90
[ 1989.507978][T26183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1989.507999][T26183] RIP: 0033:0x7f5931d8d169
[ 1989.508015][T26183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1989.508030][T26183] RSP: 002b:00007f5932c9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1989.508049][T26183] RAX: ffffffffffffffda RBX: 00007f5931fa5fa0 RCX: 00007f5931d8d169
[ 1989.508062][T26183] RDX: 0000000000000000 RSI: 0000400000000200 RDI: 0000000000000004
[ 1989.508073][T26183] RBP: 00007f5932c9b090 R08: 0000000000000000 R09: 0000000000000000
[ 1989.508084][T26183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1989.508094][T26183] R13: 0000000000000000 R14: 00007f5931fa5fa0 R15: 00007ffc6e5a4a18
[ 1989.508124][T26183]  </TASK>
[ 1993.066061][T26206] netlink: 'syz.4.5290': attribute type 4 has an invalid length.
[ 1994.396486][   T29] audit: type=1326 audit(1740232563.824:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.421609][   T29] audit: type=1326 audit(1740232563.824:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.446056][   T29] audit: type=1326 audit(1740232563.844:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.474420][   T29] audit: type=1326 audit(1740232563.844:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.502945][   T29] audit: type=1326 audit(1740232563.844:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.555552][   T29] audit: type=1326 audit(1740232563.864:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.609413][   T29] audit: type=1326 audit(1740232563.864:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.631269][   T29] audit: type=1326 audit(1740232563.864:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1994.912963][   T29] audit: type=1326 audit(1740232563.864:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5931d8effc code=0x7ffc0000
[ 1994.935603][   T29] audit: type=1326 audit(1740232563.864:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26238 comm="syz.5.5301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x7ffc0000
[ 1995.849762][T26248] netlink: 'syz.0.5303': attribute type 4 has an invalid length.
[ 1997.067268][T26260] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5308'.
[ 1999.146271][T26277] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5313'.
[ 1999.155446][T26277] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5313'.
[ 2000.883982][T26302] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5322'.
[ 2001.940800][T26322] netlink: 16215 bytes leftover after parsing attributes in process `syz.5.5331'.
[ 2001.984246][T26321] netlink: 144 bytes leftover after parsing attributes in process `syz.4.5330'.
[ 2002.721591][T26328] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5333'.
[ 2004.168246][T26335] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5335'.
[ 2004.177438][T26335] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5335'.
[ 2004.218348][T26341] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5336'.
[ 2005.339162][T26358] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2010.248911][T26411] netlink: 'syz.4.5357': attribute type 4 has an invalid length.
[ 2011.152999][ T5870] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 2011.327542][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2011.367960][ T5870] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2011.388966][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2011.416616][ T5870] usb 5-1: config 0 descriptor??
[ 2011.903394][T26421] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2011.932313][T26433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5366'.
[ 2011.969918][T26433] netlink: 'syz.1.5366': attribute type 1 has an invalid length.
[ 2011.977889][T26433] netlink: 'syz.1.5366': attribute type 2 has an invalid length.
[ 2012.598114][T26440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2012.625401][T26440] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2012.788868][T26442] 9pnet: Could not find request transport: fd.rfdno=é-Uæ:õk†¤yA³÷&hNR€àÊît0x0000000000000003
[ 2012.895347][T26442] 9pnet_fd: Insufficient options for proto=fd
[ 2013.640366][T26447] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5368'.
[ 2014.183603][ T5870] usbhid 5-1:0.0: can't add hid device: -71
[ 2014.207564][ T5870] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2014.232148][ T5870] usb 5-1: USB disconnect, device number 44
[ 2014.606275][T26454] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5371'.
[ 2015.042592][T26464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5375'.
[ 2015.676203][T18894] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 2015.846950][T18894] usb 2-1: Using ep0 maxpacket: 8
[ 2015.857731][T18894] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[ 2015.886507][T18894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2015.896373][T18894] usb 2-1: Product: syz
[ 2015.900631][T18894] usb 2-1: Manufacturer: syz
[ 2015.907266][T18894] usb 2-1: SerialNumber: syz
[ 2015.918031][T18894] usb 2-1: config 0 descriptor??
[ 2015.948358][T26474] sctp: [Deprecated]: syz.0.5379 (pid 26474) Use of int in max_burst socket option deprecated.
[ 2015.948358][T26474] Use struct sctp_assoc_value instead
[ 2016.129166][T18894] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[ 2016.333057][T26486] netlink: 'syz.0.5381': attribute type 10 has an invalid length.
[ 2016.341645][T26486] veth1_vlan: entered allmulticast mode
[ 2016.350589][T26486] team0: Device veth1_vlan failed to register rx_handler
[ 2016.572521][T26489] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5382'.
[ 2018.228657][T18894] usb write operation failed. (-71)
[ 2018.263886][T18894] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 2018.287190][T18894] dvbdev: DVB: registering new adapter (Terratec H7)
[ 2018.305701][T18894] usb 2-1: media controller created
[ 2018.311429][T18894] usb read operation failed. (-71)
[ 2018.328306][T18894] usb write operation failed. (-71)
[ 2018.354711][T18894] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[ 2018.396546][T18894] usb 2-1: USB disconnect, device number 28
[ 2018.893087][    T9] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 2019.738126][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 2020.108012][T13898] Bluetooth: hci5: sending frame failed (-49)
[ 2020.119238][T22059] Bluetooth: hci5: Opcode 0x1003 failed: -49
[ 2020.597381][T26527] ipvlan2: entered promiscuous mode
[ 2020.740580][T26532] nlmon0: Master is either lo or non-ether device
[ 2021.583142][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 2021.591556][    T9] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 2021.599282][    T9] usb 5-1: can't read configurations, error -71
[ 2023.102928][    T9] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 2023.242917][    T9] usb 5-1: device descriptor read/64, error -71
[ 2023.363177][    T9] usb usb5-port1: attempt power cycle
[ 2024.402910][    T9] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 2024.480784][    T9] usb 5-1: device descriptor read/8, error -71
[ 2024.743009][    T9] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 2024.889973][    T9] usb 5-1: device descriptor read/8, error -71
[ 2025.664253][T26573] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5413'.
[ 2025.673483][T26573] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5413'.
[ 2025.682562][T26573] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5413'.
[ 2025.753189][    T9] usb usb5-port1: unable to enumerate USB device
[ 2025.888550][T24739] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2025.907073][T24739] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2027.591085][ T5922] usb 6-1: new high-speed USB device number 119 using dummy_hcd
[ 2028.159828][T22059] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 2028.459279][T26610] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5424'.
[ 2028.688206][ T5922] usb 6-1: Using ep0 maxpacket: 32
[ 2028.725958][ T5922] usb 6-1: config 5 has an invalid interface number: 114 but max is 0
[ 2028.823712][ T5922] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 2029.166131][ T5922] usb 6-1: config 5 has no interface number 0
[ 2029.179579][ T5922] usb 6-1: config 5 interface 114 altsetting 127 endpoint 0x5 has an invalid bInterval 0, changing to 7
[ 2029.216745][ T5922] usb 6-1: config 5 interface 114 has no altsetting 0
[ 2029.238571][ T5922] usb 6-1: New USB device found, idVendor=0499, idProduct=1013, bcdDevice=38.cd
[ 2029.250362][ T5922] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2029.281258][ T5922] usb 6-1: Product: syz
[ 2029.289729][ T5922] usb 6-1: Manufacturer: syz
[ 2029.296198][ T5922] usb 6-1: SerialNumber: syz
[ 2030.982545][ T5922] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2031.141221][ T5922] usb 6-1: USB disconnect, device number 119
[ 2032.207181][T21731] udevd[21731]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:5.114/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2032.324955][T26644] netlink: 144 bytes leftover after parsing attributes in process `syz.6.5433'.
[ 2033.939933][T26655] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5436'.
[ 2034.503551][T26661] netlink: 'syz.5.5437': attribute type 16 has an invalid length.
[ 2036.619606][T12795] libceph: connect (1)[c::]:6789 error -101
[ 2036.888168][T26680] ceph: No mds server is up or the cluster is laggy
[ 2036.961636][T12795] libceph: mon0 (1)[c::]:6789 connect error
[ 2037.739805][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2038.412918][   T29] kauditd_printk_skb: 33 callbacks suppressed
[ 2038.412937][   T29] audit: type=1326 audit(1740232607.824:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2038.440605][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2039.321840][   T29] audit: type=1326 audit(1740232607.824:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2039.366087][   T29] audit: type=1326 audit(1740232607.824:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2039.382990][T26710] netlink: 'syz.6.5452': attribute type 10 has an invalid length.
[ 2039.387664][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2040.143964][T26710] veth1_vlan: entered allmulticast mode
[ 2040.178267][T26710] team0: Device veth1_vlan failed to register rx_handler
[ 2040.209903][   T29] audit: type=1326 audit(1740232607.824:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2040.335972][   T29] audit: type=1326 audit(1740232607.824:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2040.650226][   T29] audit: type=1326 audit(1740232607.824:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2040.671818][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2040.943764][    T9] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[ 2041.010506][   T29] audit: type=1326 audit(1740232607.824:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2041.482867][   T29] audit: type=1326 audit(1740232607.824:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2041.504704][   T29] audit: type=1326 audit(1740232607.824:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2041.527313][   T29] audit: type=1326 audit(1740232607.824:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26702 comm="syz.6.5449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7ffc0000
[ 2041.549751][    T9] usb 6-1: device descriptor read/64, error -71
[ 2041.581578][T26726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5455'.
[ 2041.602746][T26726] bond4: entered promiscuous mode
[ 2041.602895][T12795] usb 2-1: new low-speed USB device number 29 using dummy_hcd
[ 2041.621792][T26726] team_slave_1: entered promiscuous mode
[ 2041.627947][T26726] bond4: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2041.761456][T12795] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[ 2041.776575][T12795] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x3 is Bulk; changing to Interrupt
[ 2041.802898][    T9] usb 6-1: new high-speed USB device number 121 using dummy_hcd
[ 2041.813155][T12795] usb 2-1: config 1 interface 0 has no altsetting 0
[ 2041.826405][T12795] usb 2-1: string descriptor 0 read error: -22
[ 2041.832913][T12795] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2041.837656][T22059] Bluetooth: hci5: sending frame failed (-49)
[ 2041.841944][T12795] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2041.860455][T13898] Bluetooth: hci5: Opcode 0x1003 failed: -49
[ 2041.876667][T26721] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 2041.903211][T26721] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 2041.922483][T12795] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 2041.973003][    T9] usb 6-1: device descriptor read/64, error -71
[ 2042.203113][T12795] usb 2-1: USB disconnect, device number 29
[ 2042.373485][    T9] usb usb6-port1: attempt power cycle
[ 2043.192881][    T9] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[ 2043.241262][    T9] usb 6-1: device descriptor read/8, error -71
[ 2044.334286][T26738] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5460'.
[ 2044.503196][T26745] tmpfs: Unknown parameter '00000000000000000000000'
[ 2044.550974][   T29] kauditd_printk_skb: 10 callbacks suppressed
[ 2044.550990][   T29] audit: type=1326 audit(1740232613.964:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2044.658501][   T29] audit: type=1326 audit(1740232613.964:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2044.732951][   T29] audit: type=1326 audit(1740232613.964:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2044.852898][   T29] audit: type=1326 audit(1740232613.964:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2044.947817][   T29] audit: type=1326 audit(1740232613.964:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2045.100585][   T29] audit: type=1326 audit(1740232613.964:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2045.273000][   T29] audit: type=1326 audit(1740232613.964:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2045.322909][   T29] audit: type=1326 audit(1740232613.964:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2045.583237][T26757] overlayfs: failed to clone upperpath
[ 2046.209204][   T29] audit: type=1326 audit(1740232613.964:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2046.296529][   T29] audit: type=1326 audit(1740232613.964:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26737 comm="syz.6.5460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x7fc00000
[ 2049.102935][T26796] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5476'.
[ 2049.624568][T26796] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 2049.673563][T26797] bond1: (slave team_slave_1): Releasing backup interface
[ 2049.709994][T26797] team_slave_1: left promiscuous mode
[ 2049.976869][T26801] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5479'.
[ 2050.446397][T26804] netlink: 1 bytes leftover after parsing attributes in process `syz.5.5478'.
[ 2053.041595][T26834] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5488'.
[ 2053.579161][T26834] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 2054.718415][T26848] FAULT_INJECTION: forcing a failure.
[ 2054.718415][T26848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2054.853047][T26848] CPU: 1 UID: 0 PID: 26848 Comm: syz.5.5492 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2054.853076][T26848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2054.853088][T26848] Call Trace:
[ 2054.853094][T26848]  <TASK>
[ 2054.853103][T26848]  dump_stack_lvl+0x241/0x360
[ 2054.853128][T26848]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2054.853145][T26848]  ? __pfx__printk+0x10/0x10
[ 2054.853170][T26848]  ? __pfx_lock_release+0x10/0x10
[ 2054.853196][T26848]  should_fail_ex+0x40a/0x550
[ 2054.853221][T26848]  _copy_from_user+0x2d/0xb0
[ 2054.853240][T26848]  copy_msghdr_from_user+0xae/0x680
[ 2054.853273][T26848]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2054.853290][T26848]  ? __fget_files+0x2a/0x410
[ 2054.853309][T26848]  ? __fget_files+0x2a/0x410
[ 2054.853335][T26848]  __sys_sendmsg+0x209/0x350
[ 2054.853364][T26848]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2054.853399][T26848]  ? do_sys_openat2+0x17a/0x1d0
[ 2054.853440][T26848]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2054.853465][T26848]  ? do_syscall_64+0x100/0x230
[ 2054.853489][T26848]  ? do_syscall_64+0xb6/0x230
[ 2054.853513][T26848]  do_syscall_64+0xf3/0x230
[ 2054.853534][T26848]  ? clear_bhb_loop+0x35/0x90
[ 2054.853558][T26848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2054.853580][T26848] RIP: 0033:0x7f5931d8d169
[ 2054.853596][T26848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2054.853610][T26848] RSP: 002b:00007f5932c9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2054.853629][T26848] RAX: ffffffffffffffda RBX: 00007f5931fa5fa0 RCX: 00007f5931d8d169
[ 2054.853641][T26848] RDX: 0000000000000000 RSI: 0000400000000380 RDI: 0000000000000003
[ 2054.853653][T26848] RBP: 00007f5932c9b090 R08: 0000000000000000 R09: 0000000000000000
[ 2054.853664][T26848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2054.853674][T26848] R13: 0000000000000000 R14: 00007f5931fa5fa0 R15: 00007ffc6e5a4a18
[ 2054.853699][T26848]  </TASK>
[ 2055.389923][T26855] bond4: (slave team_slave_1): Releasing backup interface
[ 2055.398380][T18894] usb 6-1: new full-speed USB device number 124 using dummy_hcd
[ 2055.452320][T26855] team_slave_1: left promiscuous mode
[ 2055.589256][T18894] usb 6-1: not running at top speed; connect to a high speed hub
[ 2055.680938][T18894] usb 6-1: config 1 has an invalid interface number: 35 but max is 0
[ 2055.784001][T18894] usb 6-1: config 1 has no interface number 0
[ 2055.844218][T18894] usb 6-1: config 1 interface 35 has no altsetting 0
[ 2055.995128][T25537] lo speed is unknown, defaulting to 1000
[ 2056.012971][T18894] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=bf.ea
[ 2056.022145][T18894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2056.043236][ T5870] usb 7-1: new full-speed USB device number 38 using dummy_hcd
[ 2056.070649][T18894] usb 6-1: Product: syz
[ 2056.083902][T26860] bridge_slave_0: left allmulticast mode
[ 2056.089728][T26860] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2056.092541][T18894] usb 6-1: Manufacturer: syz
[ 2056.103319][T18894] usb 6-1: SerialNumber: syz
[ 2056.150351][T26860] bridge_slave_1: left allmulticast mode
[ 2056.163583][T26860] bridge_slave_1: left promiscuous mode
[ 2056.182897][T26860] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2056.222298][T26860] bond0: (slave bond_slave_0): Releasing backup interface
[ 2056.247978][ T5870] usb 7-1: not running at top speed; connect to a high speed hub
[ 2056.273047][T12795] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 2056.277349][ T5870] usb 7-1: config 1 has an invalid interface number: 35 but max is 0
[ 2056.763142][T26860] bond_slave_0: left promiscuous mode
[ 2056.825529][T26860] bond0: (slave bond_slave_1): Releasing backup interface
[ 2056.832852][ T5870] usb 7-1: config 1 has no interface number 0
[ 2056.832895][ T5870] usb 7-1: config 1 interface 35 has no altsetting 0
[ 2056.835289][ T5870] usb 7-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=bf.ea
[ 2056.875332][T26860] bond_slave_1: left promiscuous mode
[ 2056.899712][ T5870] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2056.902961][T12795] usb 5-1: device descriptor read/64, error -71
[ 2056.910853][T26860] team0: Port device team_slave_0 removed
[ 2056.944825][ T5870] usb 7-1: Product: syz
[ 2056.954051][ T5870] usb 7-1: Manufacturer: syz
[ 2056.959545][T26860] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2056.967621][ T5870] usb 7-1: SerialNumber: syz
[ 2056.974311][T26860] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2056.989445][T26860] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2057.005750][T26860] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2057.049215][T26860] vlan0: left allmulticast mode
[ 2057.058891][T26860] syz_tun: left allmulticast mode
[ 2057.066634][T26860] vlan0: left promiscuous mode
[ 2057.073107][T26860] syz_tun: left promiscuous mode
[ 2057.079824][T26860] bridge0: port 3(vlan0) entered disabled state
[ 2057.121274][T26860] batman_adv: batadv0: Removing interface: geneve2
[ 2057.132053][T26869] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5497'.
[ 2057.163500][T12795] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 2057.264028][T18894] usb_ehset_test 6-1:1.35: probe with driver usb_ehset_test failed with error -32
[ 2057.277881][T18894] usb 6-1: USB disconnect, device number 124
[ 2057.363034][T12795] usb 5-1: device descriptor read/64, error -71
[ 2057.553443][T12795] usb usb5-port1: attempt power cycle
[ 2057.576930][ T5870] usb_ehset_test 7-1:1.35: probe with driver usb_ehset_test failed with error -32
[ 2058.364839][ T5870] usb 7-1: USB disconnect, device number 38
[ 2058.719278][T26885] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5500'.
[ 2059.329871][T12795] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 2059.339093][T26885] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[ 2059.428177][T26888] netlink: 160 bytes leftover after parsing attributes in process `syz.5.5501'.
[ 2059.544630][T24739] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2059.700510][T12795] usb 5-1: device not accepting address 51, error -71
[ 2059.837413][ T5870] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[ 2060.262732][T26904] Non-string source
[ 2060.340949][ T5870] usb 6-1: config 0 has an invalid interface number: 91 but max is 0
[ 2060.360024][ T5870] usb 6-1: config 0 has no interface number 0
[ 2060.381473][ T5870] usb 6-1: config 0 interface 91 has no altsetting 0
[ 2060.395386][ T5870] usb 6-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=60.41
[ 2060.444348][ T5870] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2060.463794][ T5870] usb 6-1: config 0 descriptor??
[ 2060.628288][T26906] netlink: 'syz.1.5507': attribute type 16 has an invalid length.
[ 2060.865143][ T5870] usb 6-1: string descriptor 0 read error: -71
[ 2060.885391][ T5870] usb 6-1: Found UVC 0.00 device <unnamed> (174f:5212)
[ 2060.917434][ T5870] usb 6-1: No valid video chain found.
[ 2060.937711][ T5870] usb 6-1: USB disconnect, device number 125
[ 2061.420176][T26914] syzkaller0: entered promiscuous mode
[ 2061.458955][T26914] syzkaller0: entered allmulticast mode
[ 2062.023491][T13898] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 2065.820851][T26926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5512'.
[ 2066.906680][T26921] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5510'.
[ 2066.915939][T26921] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5510'.
[ 2068.128750][T26926] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[ 2068.563454][T26949] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5517'.
[ 2068.986581][T26946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5515'.
[ 2069.312429][T24718] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2069.320687][T24718] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2069.331798][T24718] Bluetooth: hci5: Frame reassembly failed (-84)
[ 2069.393857][T18894] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[ 2069.727614][T18894] usb 7-1: config 101 has an invalid interface number: 232 but max is 0
[ 2069.737122][T18894] usb 7-1: config 101 has no interface number 0
[ 2069.748791][T18894] usb 7-1: config 101 interface 232 altsetting 0 endpoint 0xE has invalid maxpacket 1023, setting to 64
[ 2069.762915][T18894] usb 7-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice=76.eb
[ 2069.792971][T18894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2070.486617][T18894] usb 7-1: string descriptor 0 read error: -71
[ 2070.506763][T18894] pxrc 7-1:101.232: Could not find endpoint
[ 2070.526078][T18894] usb 7-1: USB disconnect, device number 39
[ 2071.235010][T26976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5528'.
[ 2071.353126][T13898] Bluetooth: hci5: command 0x1003 tx timeout
[ 2071.361043][T22059] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 2074.010555][T27036] FAULT_INJECTION: forcing a failure.
[ 2074.010555][T27036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2074.055380][T27036] CPU: 0 UID: 0 PID: 27036 Comm: syz.4.5545 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2074.055405][T27036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2074.055416][T27036] Call Trace:
[ 2074.055423][T27036]  <TASK>
[ 2074.055431][T27036]  dump_stack_lvl+0x241/0x360
[ 2074.055458][T27036]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2074.055477][T27036]  ? __pfx__printk+0x10/0x10
[ 2074.055507][T27036]  ? snprintf+0xda/0x120
[ 2074.055528][T27036]  should_fail_ex+0x40a/0x550
[ 2074.055555][T27036]  _copy_to_user+0x31/0xb0
[ 2074.055578][T27036]  simple_read_from_buffer+0xca/0x150
[ 2074.055607][T27036]  proc_fail_nth_read+0x1e9/0x250
[ 2074.055635][T27036]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2074.055663][T27036]  ? rw_verify_area+0x243/0x630
[ 2074.055682][T27036]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2074.055708][T27036]  vfs_read+0x1f8/0xb40
[ 2074.055730][T27036]  ? fdget_pos+0x254/0x320
[ 2074.055748][T27036]  ? __pfx___mutex_lock+0x10/0x10
[ 2074.055770][T27036]  ? __pfx_vfs_read+0x10/0x10
[ 2074.055794][T27036]  ? __fget_files+0x2a/0x410
[ 2074.055813][T27036]  ? __fget_files+0x395/0x410
[ 2074.055829][T27036]  ? __fget_files+0x2a/0x410
[ 2074.055856][T27036]  ksys_read+0x18f/0x2b0
[ 2074.055882][T27036]  ? __pfx_ksys_read+0x10/0x10
[ 2074.055904][T27036]  ? do_syscall_64+0x100/0x230
[ 2074.055929][T27036]  ? do_syscall_64+0xb6/0x230
[ 2074.055954][T27036]  do_syscall_64+0xf3/0x230
[ 2074.055975][T27036]  ? clear_bhb_loop+0x35/0x90
[ 2074.056006][T27036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2074.056027][T27036] RIP: 0033:0x7fbd1cb8bb7c
[ 2074.056043][T27036] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2074.056057][T27036] RSP: 002b:00007fbd1da27030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2074.056076][T27036] RAX: ffffffffffffffda RBX: 00007fbd1cda5fa0 RCX: 00007fbd1cb8bb7c
[ 2074.056089][T27036] RDX: 000000000000000f RSI: 00007fbd1da270a0 RDI: 0000000000000004
[ 2074.056100][T27036] RBP: 00007fbd1da27090 R08: 0000000000000000 R09: 0000000000000000
[ 2074.056110][T27036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2074.056121][T27036] R13: 0000000000000000 R14: 00007fbd1cda5fa0 R15: 00007ffce2988548
[ 2074.056149][T27036]  </TASK>
[ 2074.284169][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2074.453746][T27043] program syz.6.5543 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2074.906521][T27059] FAULT_INJECTION: forcing a failure.
[ 2074.906521][T27059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2074.919690][T27059] CPU: 1 UID: 0 PID: 27059 Comm: syz.4.5547 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2074.919712][T27059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2074.919723][T27059] Call Trace:
[ 2074.919730][T27059]  <TASK>
[ 2074.919737][T27059]  dump_stack_lvl+0x241/0x360
[ 2074.919763][T27059]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2074.919781][T27059]  ? __pfx__printk+0x10/0x10
[ 2074.919808][T27059]  ? ___ratelimit+0xc5/0x690
[ 2074.919836][T27059]  should_fail_ex+0x40a/0x550
[ 2074.919863][T27059]  _copy_to_user+0x31/0xb0
[ 2074.919886][T27059]  simple_read_from_buffer+0xca/0x150
[ 2074.919914][T27059]  proc_fail_nth_read+0x1e9/0x250
[ 2074.919942][T27059]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2074.919970][T27059]  ? rw_verify_area+0x243/0x630
[ 2074.919989][T27059]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2074.920016][T27059]  vfs_read+0x1f8/0xb40
[ 2074.920038][T27059]  ? fdget_pos+0x254/0x320
[ 2074.920057][T27059]  ? __pfx___mutex_lock+0x10/0x10
[ 2074.920084][T27059]  ? __pfx_vfs_read+0x10/0x10
[ 2074.920107][T27059]  ? __rcu_read_unlock+0xa1/0x110
[ 2074.920127][T27059]  ? __fget_files+0x2a/0x410
[ 2074.920146][T27059]  ? __fget_files+0x395/0x410
[ 2074.920163][T27059]  ? __fget_files+0x2a/0x410
[ 2074.920189][T27059]  ksys_read+0x18f/0x2b0
[ 2074.920212][T27059]  ? __pfx_ksys_read+0x10/0x10
[ 2074.920234][T27059]  ? do_syscall_64+0x100/0x230
[ 2074.920258][T27059]  ? do_syscall_64+0xb6/0x230
[ 2074.920282][T27059]  do_syscall_64+0xf3/0x230
[ 2074.920304][T27059]  ? clear_bhb_loop+0x35/0x90
[ 2074.920329][T27059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2074.920351][T27059] RIP: 0033:0x7fbd1cb8bb7c
[ 2074.920367][T27059] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2074.920381][T27059] RSP: 002b:00007fbd1d9e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2074.920401][T27059] RAX: ffffffffffffffda RBX: 00007fbd1cda6160 RCX: 00007fbd1cb8bb7c
[ 2074.920414][T27059] RDX: 000000000000000f RSI: 00007fbd1d9e50a0 RDI: 0000000000000006
[ 2074.920425][T27059] RBP: 00007fbd1d9e5090 R08: 0000000000000000 R09: 0000000000000000
[ 2074.920437][T27059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2074.920447][T27059] R13: 0000000000000000 R14: 00007fbd1cda6160 R15: 00007ffce2988548
[ 2074.920475][T27059]  </TASK>
[ 2075.425298][T27061] block nbd4: shutting down sockets
[ 2080.464136][T27121] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5560'.
[ 2083.703204][T27158] netlink: 'syz.0.5572': attribute type 16 has an invalid length.
[ 2084.165908][T27167] netlink: set zone limit has 8 unknown bytes
[ 2085.564902][T27170] netlink: 'syz.0.5576': attribute type 10 has an invalid length.
[ 2085.654269][T27170] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2085.662042][T27170] team0: Port device bond0 added
[ 2085.779994][T27170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5576'.
[ 2086.038862][T27181] bond0: (slave bond3): Error -95 calling ndo_bpf
[ 2086.376811][T27178] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5578'.
[ 2087.560742][T27192] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5580'.
[ 2087.570058][T27192] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5580'.
[ 2087.658593][T27198] pim6reg1: entered promiscuous mode
[ 2087.664185][T27198] pim6reg1: entered allmulticast mode
[ 2089.453904][T27215] netlink: 'syz.0.5586': attribute type 16 has an invalid length.
[ 2090.233324][ T5870] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 2090.309355][T27228] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5590'.
[ 2091.185417][ T5870] usb 7-1: device descriptor read/64, error -71
[ 2091.433292][ T5870] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 2091.569722][T27240] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5593'.
[ 2092.012867][ T5870] usb 7-1: device descriptor read/64, error -71
[ 2092.134450][ T5870] usb usb7-port1: attempt power cycle
[ 2092.246675][T27249] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5595'.
[ 2092.922632][T27249] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[ 2093.267496][T27259] netlink: 'syz.4.5598': attribute type 16 has an invalid length.
[ 2093.284608][   T29] kauditd_printk_skb: 56 callbacks suppressed
[ 2093.284635][   T29] audit: type=1326 audit(3480465292.292:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2093.426944][   T29] audit: type=1326 audit(3480465292.292:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2093.696595][T27272] lo speed is unknown, defaulting to 1000
[ 2094.305342][   T29] audit: type=1326 audit(3480465292.312:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc6e198bad0 code=0x7ffc0000
[ 2094.327109][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2094.409552][   T29] audit: type=1326 audit(3480465292.312:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2094.611094][T27282] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5603'.
[ 2094.963767][   T29] audit: type=1326 audit(3480465292.312:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2095.125352][T27285] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5604'.
[ 2095.535782][   T29] audit: type=1326 audit(3480465292.312:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2095.875684][   T29] audit: type=1326 audit(3480465292.422:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2096.003604][   T29] audit: type=1326 audit(3480465292.422:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2096.033036][   T29] audit: type=1326 audit(3480465292.422:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2096.063043][   T29] audit: type=1326 audit(3480465292.422:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27261 comm="syz.1.5600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc6e198d169 code=0x7ffc0000
[ 2097.117192][T27311] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5609'.
[ 2098.293132][ T5870] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[ 2098.452970][ T5870] usb 6-1: Using ep0 maxpacket: 32
[ 2098.628804][ T5870] usb 6-1: config 5 has an invalid interface number: 114 but max is 0
[ 2098.684290][ T5870] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 2098.866217][ T5870] usb 6-1: config 5 has no interface number 0
[ 2098.947742][ T5870] usb 6-1: config 5 interface 114 altsetting 127 endpoint 0x5 has an invalid bInterval 0, changing to 7
[ 2099.206884][ T5870] usb 6-1: config 5 interface 114 has no altsetting 0
[ 2099.207200][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2099.309424][ T5870] usb 6-1: New USB device found, idVendor=0499, idProduct=1013, bcdDevice=38.cd
[ 2099.423031][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2099.435365][ T5870] usb 6-1: Product: syz
[ 2099.439637][ T5870] usb 6-1: Manufacturer: syz
[ 2099.444560][ T5870] usb 6-1: SerialNumber: syz
[ 2099.557340][T26520] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 2099.939458][T27328] pim6reg1: entered promiscuous mode
[ 2099.953410][T26520] usb 7-1: device descriptor read/64, error -71
[ 2099.963687][T27328] pim6reg1: entered allmulticast mode
[ 2100.213331][T26520] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 2100.317772][T13898] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2100.332927][T13898] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2100.346428][T13898] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2100.357472][T13898] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2100.369037][T13898] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 2100.376866][T13898] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2100.403418][T26520] usb 7-1: device descriptor read/64, error -71
[ 2100.529909][T27334] lo speed is unknown, defaulting to 1000
[ 2100.593531][T26520] usb usb7-port1: attempt power cycle
[ 2100.924082][ T5870] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2100.953345][T26520] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 2100.961324][ T5870] usb 6-1: USB disconnect, device number 126
[ 2101.030420][T26520] usb 7-1: device descriptor read/8, error -71
[ 2101.374706][T27350] udevd[27350]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:5.114/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2101.493066][T26520] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 2101.656426][T27354] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5618'.
[ 2101.661305][T27359] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2101.729425][T26520] usb 7-1: device descriptor read/8, error -71
[ 2101.752319][T24739] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2101.790349][T24739] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 53552 - 0
[ 2101.811861][T24739] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 37111 - 0
[ 2101.873102][T26520] usb usb7-port1: unable to enumerate USB device
[ 2102.174727][T24739] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2102.192059][T24739] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 53552 - 0
[ 2102.213794][T27368] netlink: 'syz.6.5621': attribute type 9 has an invalid length.
[ 2102.276663][T24739] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 37111 - 0
[ 2102.495673][T22059] Bluetooth: hci5: command tx timeout
[ 2103.850925][T24739] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2103.960280][T24739] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 53552 - 0
[ 2103.971073][T24739] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 37111 - 0
[ 2104.563124][T22059] Bluetooth: hci5: command tx timeout
[ 2105.143142][T12795] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[ 2105.319259][T24739] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2106.069418][T12795] usb 6-1: Using ep0 maxpacket: 32
[ 2106.092367][T24739] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 53552 - 0
[ 2106.571892][T12795] usb 6-1: config 5 has an invalid interface number: 114 but max is 0
[ 2106.595996][T24739] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 37111 - 0
[ 2106.598631][T12795] usb 6-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 2106.639296][T22059] Bluetooth: hci5: command tx timeout
[ 2106.653136][T12795] usb 6-1: config 5 has no interface number 0
[ 2106.659667][T12795] usb 6-1: config 5 interface 114 altsetting 127 endpoint 0x5 has an invalid bInterval 0, changing to 7
[ 2106.673027][T12795] usb 6-1: config 5 interface 114 has no altsetting 0
[ 2106.684869][T12795] usb 6-1: New USB device found, idVendor=0499, idProduct=1013, bcdDevice=38.cd
[ 2106.695309][T12795] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2106.703845][T12795] usb 6-1: Product: syz
[ 2106.708182][T12795] usb 6-1: Manufacturer: syz
[ 2106.708483][T27334] chnl_net:caif_netlink_parms(): no params data found
[ 2106.713181][T12795] usb 6-1: SerialNumber: syz
[ 2106.827991][T27396] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5628'.
[ 2107.827866][T27400] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5630'.
[ 2107.970604][T27400] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5630'.
[ 2108.019643][T12795] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2108.119032][T27334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2108.152893][T27334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2108.160268][T27334] bridge_slave_0: entered allmulticast mode
[ 2108.166831][T12795] usb 6-1: USB disconnect, device number 127
[ 2108.196812][T27334] bridge_slave_0: entered promiscuous mode
[ 2108.560612][T27408] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5631'.
[ 2108.598813][T27345] udevd[27345]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:5.114/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2108.612239][T27334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2108.748909][T22059] Bluetooth: hci5: command tx timeout
[ 2108.749632][T27334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2108.775042][T27334] bridge_slave_1: entered allmulticast mode
[ 2109.307340][T27334] bridge_slave_1: entered promiscuous mode
[ 2109.423982][    T9] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 2109.484453][T27334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2109.529912][T27334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2109.585306][    T9] usb 5-1: device descriptor read/64, error -71
[ 2109.835923][T27415] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5634'.
[ 2110.124743][    T9] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 2110.406086][T27420] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5635'.
[ 2110.705552][    T9] usb 5-1: device descriptor read/64, error -71
[ 2111.106333][    T9] usb usb5-port1: attempt power cycle
[ 2111.496658][    T9] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 2112.501059][    T9] usb 5-1: device descriptor read/8, error -71
[ 2112.762904][    T9] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 2112.897546][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2113.052888][    T9] usb 5-1: device not accepting address 56, error -71
[ 2113.060316][    T9] usb usb5-port1: unable to enumerate USB device
[ 2113.426525][T26520] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 2113.793084][T26520] usb 7-1: Using ep0 maxpacket: 16
[ 2113.800170][T26520] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2113.835402][T26520] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2113.846694][T26520] usb 7-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[ 2113.856362][T26520] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2113.869365][T26520] usb 7-1: config 0 descriptor??
[ 2114.281486][T24739] team0: Port device bond0 removed
[ 2114.296581][T24739] bond0 (unregistering): Released all slaves
[ 2114.337578][T26520] playstation 0003:054C:05C4.0014: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.6-1/input0
[ 2114.371700][T24739] bond1 (unregistering): Released all slaves
[ 2114.430838][T24739] bond2 (unregistering): Released all slaves
[ 2114.474802][T24739] bond3 (unregistering): Released all slaves
[ 2114.527623][T26520] playstation 0003:054C:05C4.0014: Invalid byte count transferred, expected 16 got 0
[ 2114.537578][T26520] playstation 0003:054C:05C4.0014: Failed to retrieve DualShock4 pairing info: -22
[ 2114.552345][T24739] bond4 (unregistering): Released all slaves
[ 2114.558742][T26520] playstation 0003:054C:05C4.0014: Failed to get MAC address from DualShock4
[ 2114.585743][T26520] playstation 0003:054C:05C4.0014: Failed to create dualshock4.
[ 2114.654578][T26520] playstation 0003:054C:05C4.0014: probe with driver playstation failed with error -22
[ 2114.939132][T27334] team0: Port device team_slave_0 added
[ 2114.992693][T27334] team0: Port device team_slave_1 added
[ 2115.622295][ T5870] usb 7-1: USB disconnect, device number 47
[ 2115.654807][T27334] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2115.673296][T27334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2115.699261][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2115.755081][T27334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2115.769956][T27469] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5646'.
[ 2115.852838][    T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 2116.402889][    T9] usb 2-1: device descriptor read/64, error -71
[ 2116.455614][T27334] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2116.463093][T27334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2116.489001][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2116.535737][T27334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2116.643162][    T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 2116.690851][T27334] hsr_slave_0: entered promiscuous mode
[ 2116.732456][T27334] hsr_slave_1: entered promiscuous mode
[ 2116.766218][T27334] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2116.787094][T27334] Cannot create hsr debugfs directory
[ 2116.792883][    T9] usb 2-1: device descriptor read/64, error -71
[ 2116.878271][T24739] hsr_slave_0: left promiscuous mode
[ 2117.145595][    T9] usb usb2-port1: attempt power cycle
[ 2117.312096][T24739] hsr_slave_1: left promiscuous mode
[ 2117.392576][T24739] veth1_macvtap: left promiscuous mode
[ 2117.419766][T24739] veth0_macvtap: left promiscuous mode
[ 2117.440645][T24739] veth0_vlan: left promiscuous mode
[ 2117.646690][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 2118.403633][    T9] usb 2-1: device not accepting address 32, error -71
[ 2118.466170][T26520] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 2119.312063][T26520] usb 7-1: device descriptor read/64, error -71
[ 2119.320695][T27505] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5654'.
[ 2119.329980][T27505] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5654'.
[ 2119.554787][T26520] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[ 2119.731879][T26520] usb 7-1: device descriptor read/64, error -71
[ 2119.864077][T26520] usb usb7-port1: attempt power cycle
[ 2120.249951][T26520] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[ 2120.280495][T26520] usb 7-1: device descriptor read/8, error -71
[ 2120.542944][T26520] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[ 2120.767205][T26520] usb 7-1: device not accepting address 51, error -71
[ 2120.789539][T26520] usb usb7-port1: unable to enumerate USB device
[ 2120.946235][T27525] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5657'.
[ 2122.501934][T27534] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5659'.
[ 2123.972137][ T5922] lo speed is unknown, defaulting to 1000
[ 2123.993190][ T5922] infiniband syz2: ib_query_port failed (-19)
[ 2126.262848][ T5870] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 2126.319748][ T5922] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 2126.433182][ T5870] usb 2-1: device descriptor read/64, error -71
[ 2126.482943][ T5922] usb 6-1: device descriptor read/64, error -71
[ 2126.753267][ T5870] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 2127.195356][    T9] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 2127.205493][ T5922] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 2127.212988][ T5870] usb 2-1: device descriptor read/64, error -71
[ 2127.333741][ T5870] usb usb2-port1: attempt power cycle
[ 2127.355580][ T5922] usb 6-1: device descriptor read/64, error -71
[ 2127.362317][    T9] usb 5-1: device descriptor read/64, error -71
[ 2127.377557][T27334] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2127.389928][T27334] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2127.430530][T27334] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2127.451354][T27334] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2127.486878][ T5922] usb usb6-port1: attempt power cycle
[ 2127.608031][T27334] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2127.615093][    T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 2127.650070][T27334] 8021q: adding VLAN 0 to HW filter on device team0
[ 2127.677316][T25292] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2127.684793][T25292] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2127.694867][ T5870] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 2127.725128][ T5870] usb 2-1: device descriptor read/8, error -71
[ 2127.726516][T25292] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2127.738587][T25292] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2127.763372][    T9] usb 5-1: device descriptor read/64, error -71
[ 2127.810348][T27334] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2127.843075][ T5922] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 2128.016518][    T9] usb usb5-port1: attempt power cycle
[ 2128.033421][ T5870] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 2128.055206][ T5922] usb 6-1: device descriptor read/8, error -71
[ 2128.825268][ T5870] usb 2-1: device descriptor read/8, error -71
[ 2128.948689][ T5870] usb usb2-port1: unable to enumerate USB device
[ 2129.052867][    T9] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 2130.364520][    T9] usb 5-1: device descriptor read/8, error -71
[ 2130.469819][T27334] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2130.626696][ T5922] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 2130.698449][ T5922] usb 6-1: device descriptor read/8, error -71
[ 2130.967189][ T5922] usb usb6-port1: unable to enumerate USB device
[ 2131.058378][T27334] veth0_vlan: entered promiscuous mode
[ 2131.131462][T27334] veth1_vlan: entered promiscuous mode
[ 2131.427081][T27334] veth0_macvtap: entered promiscuous mode
[ 2131.756410][T27334] veth1_macvtap: entered promiscuous mode
[ 2131.821196][T27334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2131.942710][T27334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2132.222316][T27334] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2132.346374][T27334] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2132.397310][T27334] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2132.421625][T27334] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2132.470268][ T5922] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 2132.474782][T27334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2132.538295][T27334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2132.561748][T27334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2132.596641][T27334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2132.633132][ T5922] usb 5-1: Using ep0 maxpacket: 16
[ 2132.644725][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2132.717235][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2132.752906][    T9] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[ 2132.764619][ T5922] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[ 2132.795159][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2132.833936][ T5922] usb 5-1: config 0 descriptor??
[ 2132.935928][    T9] usb 7-1: Using ep0 maxpacket: 16
[ 2132.971734][    T9] usb 7-1: config 0 has an invalid interface number: 62 but max is 0
[ 2132.997970][    T9] usb 7-1: config 0 has no interface number 0
[ 2133.057014][    T9] usb 7-1: New USB device found, idVendor=0421, idProduct=0492, bcdDevice=57.f1
[ 2133.089428][ T5922] usbhid 5-1:0.0: can't add hid device: -71
[ 2133.124315][T24733] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2133.132481][ T5922] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2133.141106][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2133.903876][T24733] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2133.923327][ T5922] usb 5-1: USB disconnect, device number 61
[ 2133.988063][    T9] usb 7-1: config 0 descriptor??
[ 2134.024396][    T9] usb-storage 7-1:0.62: USB Mass Storage device detected
[ 2134.048232][T24718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2134.072497][T24718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2134.094687][    T9] usb-storage 7-1:0.62: Quirks match for vid 0421 pid 0492: 400
[ 2134.140183][T27664] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5682'.
[ 2135.185039][    T9] usb 7-1: USB disconnect, device number 52
[ 2135.732019][T27689] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2138.377986][T27727] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5694'.
[ 2138.743584][ T5870] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[ 2139.098978][ T5870] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[ 2139.171644][ T5870] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[ 2139.234591][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2139.254294][T27740] Bluetooth: MGMT ver 1.23
[ 2139.283851][ T5870] usb 2-1: Product: syz
[ 2139.307658][ T5870] usb 2-1: Manufacturer: syz
[ 2139.333050][ T5870] usb 2-1: SerialNumber: syz
[ 2139.348364][ T5870] usb 2-1: config 0 descriptor??
[ 2140.030223][T27750] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2140.184679][ T5870] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 2140.685025][T27763] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5702'.
[ 2141.380499][T27769] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5703'.
[ 2141.450845][ T5870] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2141.567462][ T5870] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 2142.063135][ T5870] asix 2-1:0.0: probe with driver asix failed with error -71
[ 2142.615457][ T5870] usb 2-1: USB disconnect, device number 38
[ 2143.199295][T27788] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5707'.
[ 2144.483341][T18894] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 2144.942984][T18894] usb 5-1: device descriptor read/64, error -71
[ 2145.376593][T18894] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 2145.603745][T18894] usb 5-1: device descriptor read/64, error -71
[ 2145.714309][T18894] usb usb5-port1: attempt power cycle
[ 2145.891564][T27821] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5714'.
[ 2146.203098][T27822] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2146.451065][T27829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5716'.
[ 2146.460263][T27829] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5716'.
[ 2146.488963][T27829] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5716'.
[ 2146.543726][   T29] kauditd_printk_skb: 37 callbacks suppressed
[ 2146.543743][   T29] audit: type=1804 audit(3480465345.572:344): pid=27828 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.5716" name="/newroot/536/file1/file0" dev="ramfs" ino=110661 res=1 errno=0
[ 2146.704877][T27829] nbd1: detected capacity change from 0 to 256
[ 2146.750808][T22059] block nbd1: Receive control failed (result -104)
[ 2148.193190][T26520] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 2148.323390][T26520] usb 6-1: device descriptor read/64, error -71
[ 2148.541356][T27850] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5722'.
[ 2148.589366][T26520] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 2148.843247][T26520] usb 6-1: device descriptor read/64, error -71
[ 2149.041983][T26520] usb usb6-port1: attempt power cycle
[ 2149.047825][T27857] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5724'.
[ 2149.521913][T26520] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 2149.619161][T26520] usb 6-1: device descriptor read/8, error -71
[ 2150.151861][T27864] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5727'.
[ 2150.484903][T26520] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 2150.535395][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 2150.561449][T26520] usb 6-1: device descriptor read/8, error -71
[ 2150.683250][T26520] usb usb6-port1: unable to enumerate USB device
[ 2150.692969][    T9] usb 2-1: device descriptor read/64, error -71
[ 2150.706533][T27874] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[ 2151.722126][    T9] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 2152.067085][    T9] usb 2-1: device descriptor read/64, error -71
[ 2152.586063][    T9] usb usb2-port1: attempt power cycle
[ 2152.634529][T27882] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5733'.
[ 2154.181270][T27904] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5741'.
[ 2154.873459][T18894] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 2155.153520][T18894] usb 5-1: Using ep0 maxpacket: 32
[ 2155.339047][T18894] usb 5-1: config 128 has an invalid interface number: 241 but max is 0
[ 2155.358449][T18894] usb 5-1: config 128 has an invalid descriptor of length 203, skipping remainder of the config
[ 2155.372058][T18894] usb 5-1: config 128 has no interface number 0
[ 2155.494807][T18894] usb 5-1: New USB device found, idVendor=16d5, idProduct=650a, bcdDevice=51.96
[ 2155.663266][T18894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2155.729690][T18894] usb 5-1: Product: syz
[ 2155.739044][T18894] usb 5-1: Manufacturer: syz
[ 2155.773650][T18894] usb 5-1: SerialNumber: syz
[ 2156.378865][T18894] qmi_wwan 5-1:128.241: skipping garbage
[ 2156.408191][T18894] qmi_wwan 5-1:128.241: probe with driver qmi_wwan failed with error -22
[ 2157.043846][T27909] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5742'.
[ 2157.573216][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 2157.712970][    T9] usb 2-1: device descriptor read/64, error -71
[ 2158.182862][    T9] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 2158.292893][T27955] FAULT_INJECTION: forcing a failure.
[ 2158.292893][T27955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2158.322512][T27955] CPU: 0 UID: 0 PID: 27955 Comm: syz.0.5751 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2158.322538][T27955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2158.322549][T27955] Call Trace:
[ 2158.322556][T27955]  <TASK>
[ 2158.322565][T27955]  dump_stack_lvl+0x241/0x360
[ 2158.322592][T27955]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2158.322615][T27955]  ? __pfx__printk+0x10/0x10
[ 2158.322639][T27955]  ? __pfx_lock_release+0x10/0x10
[ 2158.322669][T27955]  should_fail_ex+0x40a/0x550
[ 2158.322695][T27955]  _copy_from_iter+0x1df/0x1c40
[ 2158.322718][T27955]  ? __virt_addr_valid+0x183/0x530
[ 2158.322740][T27955]  ? __pfx_lock_release+0x10/0x10
[ 2158.322767][T27955]  ? __alloc_skb+0x28f/0x440
[ 2158.322788][T27955]  ? __pfx__copy_from_iter+0x10/0x10
[ 2158.322816][T27955]  ? __virt_addr_valid+0x183/0x530
[ 2158.322837][T27955]  ? __virt_addr_valid+0x183/0x530
[ 2158.322858][T27955]  ? __virt_addr_valid+0x45f/0x530
[ 2158.322880][T27955]  ? __phys_addr_symbol+0x2f/0x70
[ 2158.322902][T27955]  ? __check_object_size+0x47a/0x730
[ 2158.322931][T27955]  netlink_sendmsg+0x742/0xcb0
[ 2158.322961][T27955]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2158.322991][T27955]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2158.323007][T27955]  __sock_sendmsg+0x221/0x270
[ 2158.323030][T27955]  ____sys_sendmsg+0x53a/0x860
[ 2158.323061][T27955]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2158.323083][T27955]  ? __fget_files+0x2a/0x410
[ 2158.323104][T27955]  ? __fget_files+0x2a/0x410
[ 2158.323130][T27955]  __sys_sendmsg+0x269/0x350
[ 2158.323159][T27955]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2158.323195][T27955]  ? do_sys_openat2+0x17a/0x1d0
[ 2158.323237][T27955]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2158.323262][T27955]  ? do_syscall_64+0x100/0x230
[ 2158.323287][T27955]  ? do_syscall_64+0xb6/0x230
[ 2158.323310][T27955]  do_syscall_64+0xf3/0x230
[ 2158.323328][T27955]  ? clear_bhb_loop+0x35/0x90
[ 2158.323354][T27955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2158.323376][T27955] RIP: 0033:0x7f7bd9f8d169
[ 2158.323393][T27955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2158.323407][T27955] RSP: 002b:00007f7bdadd2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2158.323427][T27955] RAX: ffffffffffffffda RBX: 00007f7bda1a5fa0 RCX: 00007f7bd9f8d169
[ 2158.323439][T27955] RDX: 00000000000408c0 RSI: 0000400000001300 RDI: 0000000000000003
[ 2158.323450][T27955] RBP: 00007f7bdadd2090 R08: 0000000000000000 R09: 0000000000000000
[ 2158.323460][T27955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2158.323470][T27955] R13: 0000000000000000 R14: 00007f7bda1a5fa0 R15: 00007ffd805125c8
[ 2158.323497][T27955]  </TASK>
[ 2158.611062][    T9] usb 2-1: device descriptor read/64, error -71
[ 2158.677042][T26520] usb 5-1: USB disconnect, device number 65
[ 2158.724704][    T9] usb usb2-port1: attempt power cycle
[ 2158.955053][T13223] Bluetooth: hci0: Frame reassembly failed (-84)
[ 2159.733315][    T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 2160.051000][    T9] usb 2-1: device not accepting address 44, error -71
[ 2160.564002][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2160.953255][T22059] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2161.966633][T28001] netlink: 'syz.1.5762': attribute type 16 has an invalid length.
[ 2162.185916][T28003] netlink: 'syz.4.5763': attribute type 16 has an invalid length.
[ 2163.723199][ T5902] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 2164.622908][ T5902] usb 6-1: device descriptor read/64, error -71
[ 2165.222902][ T5902] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 2170.024464][ T5902] usb 7-1: new high-speed USB device number 53 using dummy_hcd
[ 2170.030672][T24735] Bluetooth: hci0: Frame reassembly failed (-84)
[ 2170.162898][ T5902] usb 7-1: device descriptor read/64, error -71
[ 2170.762843][ T5902] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[ 2170.922848][ T5902] usb 7-1: device descriptor read/64, error -71
[ 2171.035162][ T5902] usb usb7-port1: attempt power cycle
[ 2171.879845][ T5902] usb 7-1: new high-speed USB device number 55 using dummy_hcd
[ 2172.089570][T13898] Bluetooth: hci0: command 0x1003 tx timeout
[ 2172.092954][T22059] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2172.454659][ T5902] usb 7-1: device descriptor read/8, error -71
[ 2172.762896][T26520] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 2172.932592][T26520] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04
[ 2172.942918][ T5902] usb 7-1: new high-speed USB device number 56 using dummy_hcd
[ 2172.958540][T26520] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2173.065078][ T5902] usb 7-1: config index 0 descriptor too short (expected 4114, got 18)
[ 2173.076893][ T5902] usb 7-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[ 2173.087774][T26520] usb 5-1: config 0 descriptor??
[ 2173.093351][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2173.101381][ T5902] usb 7-1: Product: syz
[ 2173.109156][T26520] go7007 5-1:0.0: probe with driver go7007 failed with error -12
[ 2173.323706][ T5902] usb 7-1: Manufacturer: syz
[ 2173.328652][ T5902] usb 7-1: SerialNumber: syz
[ 2173.337828][ T5902] usb 7-1: config 0 descriptor??
[ 2174.275094][T25537] usb 5-1: USB disconnect, device number 66
[ 2174.722969][ T5902] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 2175.552044][ T5902] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2175.571527][ T5902] asix 7-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 2175.603071][ T5902] asix 7-1:0.0: probe with driver asix failed with error -71
[ 2175.628850][ T5902] usb 7-1: USB disconnect, device number 56
[ 2175.780214][T28155] netlink: 'syz.5.5811': attribute type 32 has an invalid length.
[ 2176.393572][T28176] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5817'.
[ 2177.192962][T25537] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 2177.203339][   T40] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 30 seconds
[ 2177.355148][T25537] usb 6-1: config index 0 descriptor too short (expected 4114, got 18)
[ 2177.446644][T25537] usb 6-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94
[ 2177.555096][T25537] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2177.695569][T25537] usb 6-1: Product: syz
[ 2177.699811][T25537] usb 6-1: Manufacturer: syz
[ 2177.732900][T25537] usb 6-1: SerialNumber: syz
[ 2177.734629][ T5902] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 2177.755422][T25537] usb 6-1: config 0 descriptor??
[ 2177.956479][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2178.027825][ T5902] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2178.094112][ T5902] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2178.131876][T28206] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5828'.
[ 2178.233098][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2178.241214][ T5902] usb 2-1: Product: syz
[ 2178.288351][ T5902] usb 2-1: Manufacturer: syz
[ 2178.358712][ T5902] usb 2-1: SerialNumber: syz
[ 2178.404825][T25537] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 2178.532249][ T5902] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 2178.579973][ T5902] hub 2-1:1.0: probe with driver hub failed with error -22
[ 2178.960810][T28217] netlink: 'syz.6.5832': attribute type 1 has an invalid length.
[ 2179.014297][T28217] bond2: entered promiscuous mode
[ 2179.031070][T28217] bond2: (slave team_slave_1): making interface the new active one
[ 2179.039780][T28217] team_slave_1: entered promiscuous mode
[ 2179.046716][T28217] bond2: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2179.107418][ T5902] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[ 2179.129098][ T5902] cdc_ncm 2-1:1.0: bind() failure
[ 2179.136645][T28220] pim6reg1: entered promiscuous mode
[ 2179.151605][T28220] pim6reg1: entered allmulticast mode
[ 2179.158500][ T5902] hub 2-1:1.1: Invalid hub with more than one config or interface
[ 2179.195924][ T5902] hub 2-1:1.1: probe with driver hub failed with error -22
[ 2179.198849][T25537] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2179.243366][ T5902] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 2179.271712][ T5902] cdc_ncm 2-1:1.1: bind() failure
[ 2179.285548][T25537] asix 6-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 2179.325921][T25537] asix 6-1:0.0: probe with driver asix failed with error -71
[ 2179.421539][T28228] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5835'.
[ 2179.768853][T25537] usb 6-1: USB disconnect, device number 12
[ 2179.884404][T28231] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2180.916110][T28236] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5837'.
[ 2181.924923][T25537] usb 2-1: USB disconnect, device number 46
[ 2182.797517][   T29] audit: type=1804 audit(3480465381.822:345): pid=28253 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.5844" name="/newroot/564/file0" dev="tmpfs" ino=3018 res=1 errno=0
[ 2183.221864][T28263] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5847'.
[ 2183.535191][T28264] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2184.695711][T12795] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 2185.212923][T12795] usb 2-1: device descriptor read/64, error -71
[ 2185.242524][T28283] pim6reg1: entered promiscuous mode
[ 2185.249373][T28283] pim6reg1: entered allmulticast mode
[ 2185.453107][T12795] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 2185.612923][T12795] usb 2-1: device descriptor read/64, error -71
[ 2185.763555][T12795] usb usb2-port1: attempt power cycle
[ 2186.352955][T12795] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 2186.890770][T12795] usb 2-1: device descriptor read/8, error -71
[ 2189.543250][T28318] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5862'.
[ 2190.186279][T28325] pim6reg1: entered promiscuous mode
[ 2190.217042][T28325] pim6reg1: entered allmulticast mode
[ 2190.227686][T28326] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5867'.
[ 2192.609446][T28351] pim6reg1: entered promiscuous mode
[ 2192.616794][T28351] pim6reg1: entered allmulticast mode
[ 2192.658537][T12795] kernel write not supported for file [eventfd] (pid: 12795 comm: kworker/0:4)
[ 2192.761801][T28358] FAULT_INJECTION: forcing a failure.
[ 2192.761801][T28358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2192.775465][T25537] kernel write not supported for file [eventfd] (pid: 25537 comm: kworker/1:0)
[ 2192.805347][T28358] CPU: 1 UID: 0 PID: 28358 Comm: syz.4.5877 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2192.805383][T28358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2192.805395][T28358] Call Trace:
[ 2192.805403][T28358]  <TASK>
[ 2192.805412][T28358]  dump_stack_lvl+0x241/0x360
[ 2192.805440][T28358]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2192.805456][T28358]  ? __pfx__printk+0x10/0x10
[ 2192.805472][T28358]  ? __pfx_lock_release+0x10/0x10
[ 2192.805491][T28358]  should_fail_ex+0x40a/0x550
[ 2192.805507][T28358]  _copy_to_iter+0x1df/0x1c40
[ 2192.805525][T28358]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2192.805539][T28358]  ? __pfx__copy_to_iter+0x10/0x10
[ 2192.805549][T28358]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2192.805565][T28358]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2192.805578][T28358]  ? lockdep_hardirqs_on+0x99/0x150
[ 2192.805600][T28358]  eventfd_read+0x4ca/0x840
[ 2192.805627][T28358]  ? __pfx_eventfd_read+0x10/0x10
[ 2192.805654][T28358]  ? bpf_lsm_file_permission+0x9/0x10
[ 2192.805683][T28358]  vfs_read+0x975/0xb40
[ 2192.805706][T28358]  ? __pfx_vfs_read+0x10/0x10
[ 2192.805717][T28358]  ? do_sys_openat2+0x17a/0x1d0
[ 2192.805728][T28358]  ? __fget_files+0x2a/0x410
[ 2192.805740][T28358]  ? __fget_files+0x2a/0x410
[ 2192.805754][T28358]  ksys_read+0x18f/0x2b0
[ 2192.805767][T28358]  ? __pfx_ksys_read+0x10/0x10
[ 2192.805779][T28358]  ? do_syscall_64+0x100/0x230
[ 2192.805794][T28358]  ? do_syscall_64+0xb6/0x230
[ 2192.805807][T28358]  do_syscall_64+0xf3/0x230
[ 2192.805819][T28358]  ? clear_bhb_loop+0x35/0x90
[ 2192.805836][T28358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2192.805849][T28358] RIP: 0033:0x7fbd1cb8d169
[ 2192.805859][T28358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2192.805867][T28358] RSP: 002b:00007fbd1da06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2192.805878][T28358] RAX: ffffffffffffffda RBX: 00007fbd1cda6080 RCX: 00007fbd1cb8d169
[ 2192.805886][T28358] RDX: 0000000000002020 RSI: 0000400000000400 RDI: 0000000000000003
[ 2192.805892][T28358] RBP: 00007fbd1da06090 R08: 0000000000000000 R09: 0000000000000000
[ 2192.805899][T28358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2192.805904][T28358] R13: 0000000000000001 R14: 00007fbd1cda6080 R15: 00007ffce2988548
[ 2192.805918][T28358]  </TASK>
[ 2193.195079][T25537] kernel write not supported for file [eventfd] (pid: 25537 comm: kworker/1:0)
[ 2193.642321][T28369] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5879'.
[ 2194.003044][T25537] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 2194.459186][T28378] pim6reg1: entered promiscuous mode
[ 2194.468384][T28378] pim6reg1: entered allmulticast mode
[ 2194.504747][T25537] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2194.535527][T25537] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2194.567580][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2194.574990][T25537] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2194.593094][T25537] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2194.611801][T25537] usb 2-1: Product: syz
[ 2194.622404][T25537] usb 2-1: Manufacturer: syz
[ 2194.652842][T25537] usb 2-1: SerialNumber: syz
[ 2194.678787][T25537] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 2194.718685][T25537] hub 2-1:1.0: probe with driver hub failed with error -22
[ 2195.330881][T25537] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[ 2195.498895][T25537] cdc_ncm 2-1:1.0: bind() failure
[ 2196.557861][T25537] hub 2-1:1.1: Invalid hub with more than one config or interface
[ 2196.611407][T25537] hub 2-1:1.1: probe with driver hub failed with error -22
[ 2196.745672][T25537] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 2196.752909][T25537] cdc_ncm 2-1:1.1: bind() failure
[ 2197.711284][T25537] usb 2-1: USB disconnect, device number 51
[ 2201.818380][T28418] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5895'.
[ 2201.848175][T28427] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5896'.
[ 2201.875486][T28427] bond3: entered promiscuous mode
[ 2201.893670][T28428] bridge_slave_0: left allmulticast mode
[ 2201.900295][T28428] bridge_slave_0: left promiscuous mode
[ 2202.124525][T28428] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2202.398349][T28428] bridge_slave_1: left allmulticast mode
[ 2202.413004][T28428] bridge_slave_1: left promiscuous mode
[ 2202.433024][T28428] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2202.503523][T28428] bond0: (slave bond_slave_0): Releasing backup interface
[ 2202.578991][T28428] bond0: (slave bond_slave_1): Releasing backup interface
[ 2202.641428][T28428] team0: Port device team_slave_0 removed
[ 2202.669997][T28428] team0: Port device team_slave_1 removed
[ 2202.696984][T28428] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2202.708296][T28428] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2202.806275][T28428] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2202.815462][T28428] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2202.835577][T28427] bond2: (slave team_slave_1): Releasing backup interface
[ 2202.853180][T28427] team_slave_1: left promiscuous mode
[ 2203.576523][ T5902] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 2203.593703][T28427] team_slave_1: entered promiscuous mode
[ 2203.599938][T28427] bond3: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2203.758379][T28444] pim6reg1: entered promiscuous mode
[ 2203.763934][T28444] pim6reg1: entered allmulticast mode
[ 2203.819627][ T5902] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2203.852826][ T5902] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2203.951792][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2204.013728][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2204.348106][ T5902] usb 6-1: Product: syz
[ 2204.414375][ T5902] usb 6-1: Manufacturer: syz
[ 2204.481943][ T5902] usb 6-1: SerialNumber: syz
[ 2204.524301][ T5902] hub 6-1:1.0: Invalid hub with more than one config or interface
[ 2204.532194][ T5902] hub 6-1:1.0: probe with driver hub failed with error -22
[ 2205.140218][ T5902] cdc_ncm 6-1:1.0: failed GET_NTB_PARAMETERS
[ 2205.154695][ T5902] cdc_ncm 6-1:1.0: bind() failure
[ 2206.684427][ T5902] hub 6-1:1.1: Invalid hub with more than one config or interface
[ 2206.708219][ T5902] hub 6-1:1.1: probe with driver hub failed with error -22
[ 2206.785202][ T5902] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 2206.819363][ T5902] cdc_ncm 6-1:1.1: bind() failure
[ 2207.336173][   T40] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 60 seconds
[ 2207.447470][ T5870] usb 6-1: USB disconnect, device number 13
[ 2208.338248][T28483] netlink: 144 bytes leftover after parsing attributes in process `syz.4.5910'.
[ 2208.742548][T28484] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5911'.
[ 2208.771291][T28484] bond6: entered promiscuous mode
[ 2208.784847][T28484] bond4: (slave team_slave_1): Releasing backup interface
[ 2208.810487][T28484] team_slave_1: left promiscuous mode
[ 2208.818605][T28484] team_slave_1: entered promiscuous mode
[ 2208.824905][T28484] bond6: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2210.439415][T28511] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5916'.
[ 2210.773123][   T29] audit: type=1326 audit(3480465409.722:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28509 comm="syz.5.5916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x0
[ 2210.981920][   T29] audit: type=1326 audit(3480465409.762:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28509 comm="syz.5.5916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5931d8d169 code=0x0
[ 2211.003201][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2212.023437][ T5870] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 2212.254900][ T5870] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2212.460031][ T5870] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2212.805043][ T5870] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2212.929893][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2213.318722][ T5870] usb 2-1: Product: syz
[ 2213.323311][ T5870] usb 2-1: Manufacturer: syz
[ 2213.352777][ T5870] usb 2-1: SerialNumber: syz
[ 2213.366288][ T5870] hub 2-1:1.0: Invalid hub with more than one config or interface
[ 2213.391667][ T5870] hub 2-1:1.0: probe with driver hub failed with error -22
[ 2213.643087][T28555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5927'.
[ 2213.672893][T28555] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 2213.760750][T28561] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5925'.
[ 2213.804664][T28561] bond2: entered promiscuous mode
[ 2213.815998][T28556] team_slave_1: entered promiscuous mode
[ 2213.822390][T28556] bond2: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2213.981860][ T5870] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS
[ 2213.994190][ T5870] cdc_ncm 2-1:1.0: bind() failure
[ 2214.004482][ T5870] hub 2-1:1.1: Invalid hub with more than one config or interface
[ 2214.012654][ T5870] hub 2-1:1.1: probe with driver hub failed with error -22
[ 2214.020660][ T5870] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 2214.029721][ T5870] cdc_ncm 2-1:1.1: bind() failure
[ 2216.834588][T18894] usb 2-1: USB disconnect, device number 52
[ 2217.572081][T28589] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5934'.
[ 2219.757602][T28607] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5940'.
[ 2219.843266][T28607] bond7: entered promiscuous mode
[ 2219.943345][T28614] bond6: (slave team_slave_1): Releasing backup interface
[ 2219.951330][T28614] team_slave_1: left promiscuous mode
[ 2220.261393][T28614] team_slave_1: entered promiscuous mode
[ 2220.267490][T28614] bond7: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2220.947468][T28622] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5945'.
[ 2221.373958][T12795] usb 7-1: new high-speed USB device number 57 using dummy_hcd
[ 2221.505258][T24735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2221.536710][T12795] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2221.549273][T12795] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2221.567486][T24735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2221.624561][T12795] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2221.636742][T12795] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2221.658614][T12795] usb 7-1: Product: syz
[ 2221.666275][T12795] usb 7-1: Manufacturer: syz
[ 2221.671944][T12795] usb 7-1: SerialNumber: syz
[ 2221.697044][T12795] hub 7-1:1.0: Invalid hub with more than one config or interface
[ 2221.709109][T12795] hub 7-1:1.0: probe with driver hub failed with error -22
[ 2221.851533][T28634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5949'.
[ 2222.002275][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2222.312483][T12795] cdc_ncm 7-1:1.0: failed GET_NTB_PARAMETERS
[ 2222.320658][T12795] cdc_ncm 7-1:1.0: bind() failure
[ 2222.351443][T12795] hub 7-1:1.1: Invalid hub with more than one config or interface
[ 2222.368339][T12795] hub 7-1:1.1: probe with driver hub failed with error -22
[ 2222.382365][T12795] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[ 2222.399124][T12795] cdc_ncm 7-1:1.1: bind() failure
[ 2224.086250][T13898] Bluetooth: hci5: command 0x0406 tx timeout
[ 2224.702848][T28662] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5956'.
[ 2224.934895][T28662] bond3: entered promiscuous mode
[ 2225.079137][T28663] bond2: (slave team_slave_1): Releasing backup interface
[ 2225.090400][T28663] team_slave_1: left promiscuous mode
[ 2225.111779][T28663] team_slave_1: entered promiscuous mode
[ 2225.120192][T28663] bond3: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2225.405251][T18894] usb 7-1: USB disconnect, device number 57
[ 2225.705911][T28673] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5960'.
[ 2226.058972][   T29] audit: type=1326 audit(3480465425.072:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28670 comm="syz.6.5959" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1cd58d169 code=0x0
[ 2226.147798][T28674] CIFS mount error: No usable UNC path provided in device string!
[ 2226.147798][T28674] 
[ 2226.162887][T28674] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2228.034279][T28692] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5964'.
[ 2229.281125][T28707] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5970'.
[ 2229.292805][ T5902] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 2229.790503][T28707] bond8: entered promiscuous mode
[ 2230.328968][T28708] bond7: (slave team_slave_1): Releasing backup interface
[ 2230.365744][ T5902] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2230.377366][ T5902] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2230.390884][ T5902] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2230.392293][T28708] team_slave_1: left promiscuous mode
[ 2230.409119][T28708] team_slave_1: entered promiscuous mode
[ 2230.415431][T28708] bond8: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2230.521991][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2230.530895][ T5902] usb 5-1: Product: syz
[ 2230.535714][ T5902] usb 5-1: Manufacturer: syz
[ 2230.540385][ T5902] usb 5-1: SerialNumber: syz
[ 2230.602109][ T5902] hub 5-1:1.0: Invalid hub with more than one config or interface
[ 2230.637336][ T5902] hub 5-1:1.0: probe with driver hub failed with error -22
[ 2231.332145][ T5902] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[ 2231.348049][ T5902] cdc_ncm 5-1:1.0: bind() failure
[ 2231.371251][ T5902] hub 5-1:1.1: Invalid hub with more than one config or interface
[ 2231.423083][ T5902] hub 5-1:1.1: probe with driver hub failed with error -22
[ 2231.432045][ T5902] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 2231.440135][ T5902] cdc_ncm 5-1:1.1: bind() failure
[ 2233.359624][T24718] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2233.372467][T24718] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2233.395448][T28737] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5978'.
[ 2233.419431][T28737] netlink: 124 bytes leftover after parsing attributes in process `syz.5.5978'.
[ 2233.665476][T28738] block device autoloading is deprecated and will be removed.
[ 2234.154788][T12795] usb 5-1: USB disconnect, device number 67
[ 2234.226900][T28747] FAULT_INJECTION: forcing a failure.
[ 2234.226900][T28747] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2234.277977][T28747] CPU: 1 UID: 0 PID: 28747 Comm: syz.5.5982 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2234.278005][T28747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2234.278016][T28747] Call Trace:
[ 2234.278022][T28747]  <TASK>
[ 2234.278029][T28747]  dump_stack_lvl+0x241/0x360
[ 2234.278056][T28747]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2234.278073][T28747]  ? __pfx__printk+0x10/0x10
[ 2234.278096][T28747]  ? __pfx_lock_release+0x10/0x10
[ 2234.278124][T28747]  should_fail_ex+0x40a/0x550
[ 2234.278150][T28747]  _copy_from_iter+0x1df/0x1c40
[ 2234.278168][T28747]  ? __virt_addr_valid+0x183/0x530
[ 2234.278189][T28747]  ? __pfx_lock_release+0x10/0x10
[ 2234.278214][T28747]  ? __alloc_skb+0x28f/0x440
[ 2234.278234][T28747]  ? __pfx__copy_from_iter+0x10/0x10
[ 2234.278252][T28747]  ? __virt_addr_valid+0x183/0x530
[ 2234.278272][T28747]  ? __virt_addr_valid+0x183/0x530
[ 2234.278292][T28747]  ? __virt_addr_valid+0x45f/0x530
[ 2234.278312][T28747]  ? __phys_addr_symbol+0x2f/0x70
[ 2234.278332][T28747]  ? __check_object_size+0x47a/0x730
[ 2234.278360][T28747]  netlink_sendmsg+0x742/0xcb0
[ 2234.278388][T28747]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2234.278415][T28747]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2234.278430][T28747]  __sock_sendmsg+0x221/0x270
[ 2234.278450][T28747]  ____sys_sendmsg+0x53a/0x860
[ 2234.278479][T28747]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2234.278500][T28747]  ? __fget_files+0x2a/0x410
[ 2234.278519][T28747]  ? __fget_files+0x2a/0x410
[ 2234.278541][T28747]  __sys_sendmsg+0x269/0x350
[ 2234.278567][T28747]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2234.278599][T28747]  ? do_sys_openat2+0x17a/0x1d0
[ 2234.278636][T28747]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2234.278658][T28747]  ? do_syscall_64+0x100/0x230
[ 2234.278681][T28747]  ? do_syscall_64+0xb6/0x230
[ 2234.278703][T28747]  do_syscall_64+0xf3/0x230
[ 2234.278723][T28747]  ? clear_bhb_loop+0x35/0x90
[ 2234.278755][T28747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2234.278775][T28747] RIP: 0033:0x7f5931d8d169
[ 2234.278790][T28747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2234.278804][T28747] RSP: 002b:00007f5932c9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2234.278823][T28747] RAX: ffffffffffffffda RBX: 00007f5931fa5fa0 RCX: 00007f5931d8d169
[ 2234.278836][T28747] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003
[ 2234.278847][T28747] RBP: 00007f5932c9b090 R08: 0000000000000000 R09: 0000000000000000
[ 2234.278858][T28747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2234.278869][T28747] R13: 0000000000000000 R14: 00007f5931fa5fa0 R15: 00007ffc6e5a4a18
[ 2234.278895][T28747]  </TASK>
[ 2235.229114][T28755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5983'.
[ 2235.582576][T28755] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 2236.359354][T28768] netlink: 144 bytes leftover after parsing attributes in process `syz.6.5986'.
[ 2236.943050][T28767] pim6reg1: entered promiscuous mode
[ 2236.973611][T28767] pim6reg1: entered allmulticast mode
[ 2237.458534][   T40] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 90 seconds
[ 2237.771964][T28791] ubi31: attaching mtd0
[ 2237.803054][T28791] ubi31: scanning is finished
[ 2237.808076][T28791] ubi31: empty MTD device detected
[ 2238.549761][T28791] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[ 2238.734278][T28806] pimreg: entered allmulticast mode
[ 2238.902913][T28811] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 2238.992935][ T5902] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 2239.077690][T28813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5996'.
[ 2239.235405][T28813] bond9: entered promiscuous mode
[ 2239.646350][T28815] bond8: (slave team_slave_1): Releasing backup interface
[ 2239.671678][T28815] team_slave_1: left promiscuous mode
[ 2239.681343][T28815] team_slave_1: entered promiscuous mode
[ 2239.688003][T28815] bond9: (slave team_slave_1): Enslaving as an active interface with an up link
[ 2239.802969][ T5902] usb 6-1: Using ep0 maxpacket: 16
[ 2239.836691][ T5902] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2239.910215][ T5902] usb 6-1: New USB device found, idVendor=05ac, idProduct=0272, bcdDevice= 0.40
[ 2239.947219][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2240.002969][ T5902] usb 6-1: Product: syz
[ 2240.032267][ T5902] usb 6-1: Manufacturer: syz
[ 2240.063180][ T5902] usb 6-1: SerialNumber: syz
[ 2240.128958][ T5902] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input45
[ 2240.304229][T28806] pimreg: left allmulticast mode
[ 2240.596645][T18894] usb 6-1: USB disconnect, device number 14
[ 2240.603041][ T5182] bcm5974 6-1:1.0: could not read from device
[ 2240.698598][T27110] bcm5974 6-1:1.0: could not read from device
[ 2240.745436][T28824] netlink: 144 bytes leftover after parsing attributes in process `syz.1.6001'.
[ 2242.187046][T28833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2242.199691][T28833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2242.228041][T28833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2242.258745][T28833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2242.268760][T28833] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2242.276312][T28833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2243.587818][T28832] chnl_net:caif_netlink_parms(): no params data found
[ 2244.195377][T28832] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2244.202525][T28832] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2244.217813][T28832] bridge_slave_0: entered allmulticast mode
[ 2244.234377][T28832] bridge_slave_0: entered promiscuous mode
[ 2244.245211][T28832] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2244.252436][T28832] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2244.260460][T28832] bridge_slave_1: entered allmulticast mode
[ 2244.279716][T28832] bridge_slave_1: entered promiscuous mode
[ 2244.393514][T22059] Bluetooth: hci0: command tx timeout
[ 2244.456163][T28832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2244.985054][T28832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2245.057457][ T5902] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 2245.503467][T28871] netlink: 144 bytes leftover after parsing attributes in process `syz.6.6011'.
[ 2245.658558][T28866] ptm ptm0: ldisc open failed (-12), clearing slot 0
[ 2245.685915][ T5902] usb 2-1: device descriptor read/64, error -71
[ 2245.964233][T28832] team0: Port device team_slave_0 added
[ 2246.001973][T28832] team0: Port device team_slave_1 added
[ 2246.068592][T28832] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2246.082927][T28832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2246.108850][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2246.118897][T28832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2246.201085][ T5902] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 2246.588852][T22059] Bluetooth: hci0: command tx timeout
[ 2246.602838][T28832] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2246.609938][T28832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2246.635910][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2246.642863][T28832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2246.724504][ T5902] usb 2-1: device descriptor read/64, error -71
[ 2246.765122][T28832] hsr_slave_0: entered promiscuous mode
[ 2246.771649][T28832] hsr_slave_1: entered promiscuous mode
[ 2246.853224][ T5902] usb usb2-port1: attempt power cycle
[ 2247.158752][T28832] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2247.213141][ T5902] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 2247.262152][T28832] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2248.009499][ T5197] udevd[5197]: worker [27322] /devices/virtual/block/nbd1 is taking a long time
[ 2248.033804][ T5902] usb 2-1: device descriptor read/8, error -71
[ 2248.040418][T28832] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 40435 - 0
[ 2248.086940][T28832] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 42011 - 0
[ 2248.669299][T22059] Bluetooth: hci0: command tx timeout
[ 2248.727090][T28832] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2248.784020][T28832] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2249.193099][T28832] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 40435 - 0
[ 2249.222925][T28832] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 42011 - 0
[ 2249.849608][T28832] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2249.881268][T28832] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2249.943090][T28832] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 40435 - 0
[ 2249.975175][T28832] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 42011 - 0
[ 2250.546518][T28832] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2250.564670][T28832] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2250.593275][T28832] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 40435 - 0
[ 2250.613349][T28832] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 42011 - 0
[ 2250.712906][T22059] Bluetooth: hci0: command tx timeout
[ 2251.532303][T28832] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2251.604384][T28832] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2251.782958][T28919] Bluetooth: MGMT ver 1.23
[ 2251.912181][T28918] netlink: 144 bytes leftover after parsing attributes in process `syz.1.6022'.
[ 2251.922545][T28832] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2252.179841][T28832] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2252.401486][T28832] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2252.611969][T28832] 8021q: adding VLAN 0 to HW filter on device team0
[ 2252.627781][T24718] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2252.635015][T24718] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2252.686615][T24718] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2252.693786][T24718] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2254.050974][T28940] loop2: detected capacity change from 0 to 7
[ 2254.074591][T28940] Dev loop2: unable to read RDB block 7
[ 2254.091684][T28940]  loop2: unable to read partition table
[ 2254.100677][T28940] loop2: partition table beyond EOD, truncated
[ 2254.109156][T28940] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 2254.453200][T18894] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 2254.471457][T28951] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6031'.
[ 2255.018869][T28832] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2255.083904][T18894] usb 6-1: Using ep0 maxpacket: 16
[ 2255.133621][T18894] usb 6-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[ 2255.172859][T18894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2255.204960][T18894] usb 6-1: Product: syz
[ 2255.209305][T18894] usb 6-1: Manufacturer: syz
[ 2255.233832][T18894] usb 6-1: SerialNumber: syz
[ 2255.274237][T18894] usb 6-1: config 0 descriptor??
[ 2255.312190][T18894] ums-onetouch 6-1:0.0: USB Mass Storage device detected
[ 2255.437821][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2255.511099][T18894] usb 6-1: USB disconnect, device number 15
[ 2255.627273][T28832] veth0_vlan: entered promiscuous mode
[ 2255.679154][T28832] veth1_vlan: entered promiscuous mode
[ 2255.782303][T28832] veth0_macvtap: entered promiscuous mode
[ 2255.817982][T28832] veth1_macvtap: entered promiscuous mode
[ 2255.856521][T28832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2255.871058][T28832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2256.108147][T28832] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2256.456989][T28832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2256.515922][T28832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2256.535671][T28832] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2256.565629][T28832] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2256.582853][T28832] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2256.628496][T28832] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2256.653552][T28832] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2257.812248][T24732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2257.852813][ T5902] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 2257.860586][T24732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2257.996081][T28977] netlink: 144 bytes leftover after parsing attributes in process `syz.5.6037'.
[ 2258.360687][T24534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2258.392880][T24534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2258.402891][ T5902] usb 2-1: device descriptor read/64, error -71
[ 2258.647048][ T5902] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 2258.941031][ T5902] usb 2-1: device descriptor read/64, error -71
[ 2259.383103][ T5902] usb usb2-port1: attempt power cycle
[ 2259.874306][  T877] kernel write not supported for file [eventfd] (pid: 877 comm: kworker/0:2)
[ 2262.213591][T28930] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 2262.385921][T28930] usb 6-1: config index 0 descriptor too short (expected 32820, got 52)
[ 2262.435802][T28930] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2262.466372][T18894] usb 7-1: new high-speed USB device number 58 using dummy_hcd
[ 2262.562789][T28930] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97
[ 2262.572444][T28930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2262.585256][T28930] usb 6-1: Product: syz
[ 2262.589547][T28930] usb 6-1: Manufacturer: syz
[ 2262.597991][T28930] usb 6-1: SerialNumber: syz
[ 2262.631742][T28930] usb 6-1: config 0 descriptor??
[ 2262.671091][T28930] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2262.701899][T18894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2262.715396][T18894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2262.773831][T18894] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2262.809225][T18894] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2262.837807][T28930] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 2262.893918][T28930] usb 6-1: USB disconnect, device number 16
[ 2262.911106][T18894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2262.953846][T18894] usb 7-1: config 0 descriptor??
[ 2263.123779][T27108] udevd[27108]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2263.402272][T18894] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[ 2263.411121][T18894] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[ 2263.423703][T18894] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[ 2263.770623][T29039] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6054'.
[ 2263.899133][T18894] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 2264.207231][T18894] usb 7-1: USB disconnect, device number 58
[ 2264.751124][T29050] No such timeout policy "syz0"
[ 2265.593009][  T877] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 2266.681184][  T877] usb 2-1: Using ep0 maxpacket: 16
[ 2266.684725][  T877] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[ 2266.684758][  T877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2266.686842][  T877] usb 2-1: config 0 descriptor??
[ 2266.710032][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2268.386094][  T877] koneplus 0003:1E7D:2E22.0016: report_id 0 is invalid
[ 2268.395278][   T40] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 120 seconds
[ 2268.410738][  T877] koneplus 0003:1E7D:2E22.0016: item 0 0 1 8 parsing failed
[ 2268.418702][  T877] koneplus 0003:1E7D:2E22.0016: parse failed
[ 2268.425197][  T877] koneplus 0003:1E7D:2E22.0016: probe with driver koneplus failed with error -22
[ 2268.442896][  T877] usb 2-1: USB disconnect, device number 60
[ 2274.958349][T29154] veth1_macvtap: entered promiscuous mode
[ 2274.983159][T29154] macsec0: entered promiscuous mode
[ 2274.990284][T29154] macsec0: entered allmulticast mode
[ 2275.042945][T29154] veth1_macvtap: entered allmulticast mode
[ 2275.922400][T29168] xt_TCPMSS: Only works on TCP SYN packets
[ 2278.478620][T29209] netlink: 92 bytes leftover after parsing attributes in process `syz.0.6109'.
[ 2283.435910][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.570553][ T5902] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 2283.730994][ T5902] usb 6-1: Using ep0 maxpacket: 32
[ 2283.743756][ T5902] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 2283.752111][ T5902] usb 6-1: config 0 has no interface number 0
[ 2283.761390][ T5902] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 2283.770725][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2283.779281][ T5902] usb 6-1: Product: syz
[ 2283.784221][ T5902] usb 6-1: Manufacturer: syz
[ 2283.789018][ T5902] usb 6-1: SerialNumber: syz
[ 2284.391480][ T5902] usb 6-1: config 0 descriptor??
[ 2284.416325][ T5902] smsc95xx v2.0.0
[ 2284.420038][ T5902] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 2284.451405][ T5902] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[ 2284.649916][T28930] usb 6-1: USB disconnect, device number 17
[ 2287.691749][T29268] dvmrp0: entered allmulticast mode
[ 2288.144904][T29276] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6127'.
[ 2288.741785][T29283] veth1_macvtap: left allmulticast mode
[ 2288.773038][T29283] veth1_macvtap: left promiscuous mode
[ 2288.803431][T29283] macsec0: left allmulticast mode
[ 2289.040205][T29285] netlink: 96 bytes leftover after parsing attributes in process `syz.5.6132'.
[ 2290.736715][T29292] syzkaller0: entered promiscuous mode
[ 2290.763036][T29292] syzkaller0: entered allmulticast mode
[ 2291.732240][T28833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2291.750365][T28833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2291.760365][T28833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2291.792526][T28833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2291.802630][T28833] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 2291.812931][T28833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2291.991347][T29305] kvm: kvm [29304]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[ 2293.923026][T28833] Bluetooth: hci3: command tx timeout
[ 2295.998243][T28833] Bluetooth: hci3: command tx timeout
[ 2297.773104][T29334] No such timeout policy "syz0"
[ 2298.017594][T29303] chnl_net:caif_netlink_parms(): no params data found
[ 2298.074894][T28833] Bluetooth: hci3: command tx timeout
[ 2298.793580][T29072] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 150 seconds
[ 2298.829158][T29344] random: crng reseeded on system resumption
[ 2298.862862][  T877] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 2299.087446][T29303] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2299.103864][  T877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2299.150051][T29303] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2299.158323][  T877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2299.189240][T29303] bridge_slave_0: entered allmulticast mode
[ 2299.228802][T29303] bridge_slave_0: entered promiscuous mode
[ 2299.232810][  T877] usb 6-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[ 2299.247302][T29303] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2299.252857][  T877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2299.272606][T29303] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2299.278689][  T877] usb 6-1: config 0 descriptor??
[ 2299.280844][T29303] bridge_slave_1: entered allmulticast mode
[ 2299.302274][T29303] bridge_slave_1: entered promiscuous mode
[ 2300.087422][T29303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2300.145616][T29303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2300.155035][T28833] Bluetooth: hci3: command tx timeout
[ 2300.806968][  T877] hid-generic 0003:05AC:4262.0017: hidraw0: USB HID v0.00 Device [HID 05ac:4262] on usb-dummy_hcd.5-1/input0
[ 2300.822356][  T877] usb 6-1: USB disconnect, device number 18
[ 2300.958483][T29303] team0: Port device team_slave_0 added
[ 2300.976937][T29303] team0: Port device team_slave_1 added
[ 2301.001409][T29303] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2301.008973][T29303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2301.041502][T29303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2301.055762][T29303] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2301.063314][T29303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2301.089481][T29303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2301.127593][T29303] hsr_slave_0: entered promiscuous mode
[ 2301.133906][T29303] hsr_slave_1: entered promiscuous mode
[ 2301.139885][T29303] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2301.148151][T29303] Cannot create hsr debugfs directory
[ 2301.281489][T29303] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 2301.291328][T29303] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 2301.300665][T29303] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 2301.316415][T29303] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 2301.384796][T29303] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2301.406680][T29303] 8021q: adding VLAN 0 to HW filter on device team0
[ 2301.422093][T24729] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2301.429235][T24729] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2301.443654][T24534] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2301.450772][T24534] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2301.501484][T29303] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 2301.516163][T29303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2301.637271][T29303] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2301.806139][T29303] veth0_vlan: entered promiscuous mode
[ 2301.818419][T29303] veth1_vlan: entered promiscuous mode
[ 2301.851102][T29303] veth0_macvtap: entered promiscuous mode
[ 2301.859986][T29303] veth1_macvtap: entered promiscuous mode
[ 2301.878916][T29303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2301.889741][T29303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2301.900087][T29303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2301.910602][T29303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2301.922291][T29303] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2301.933200][T29303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2301.945627][T29303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2301.955982][T29303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2301.966723][T29303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2301.978434][T29303] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2301.992198][T29303] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2302.001223][T29303] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2302.010159][T29303] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2302.019100][T29303] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2302.119130][T24732] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2302.136353][T24732] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2302.170340][T24718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2302.179163][T24718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2328.883302][T29072] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 180 seconds
[ 2329.464869][ T5197] udevd[5197]: worker [27322] /devices/virtual/block/nbd1 timeout; kill it
[ 2329.475357][ T5197] udevd[5197]: seq 33119 '/devices/virtual/block/nbd1' killed
[ 2344.877204][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2358.956492][T29072] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 210 seconds
[ 2367.433047][T22059] Bluetooth: hci0: command 0x0406 tx timeout
[ 2389.036775][T29072] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 240 seconds
[ 2406.319264][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 2418.632900][T28833] Bluetooth: hci3: command 0x0406 tx timeout
[ 2419.113330][T29072] block nbd1: Possible stuck request ffff888025fb1880: control (read@0,4096B). Runtime 270 seconds
[ 2437.034261][   T30] INFO: task syz.4.6091:29152 blocked for more than 143 seconds.
[ 2437.042138][   T30]       Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2437.050954][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2437.059784][   T30] task:syz.4.6091      state:D stack:23736 pid:29152 tgid:29149 ppid:28832  task_flags:0x400140 flags:0x00004004
[ 2437.072084][   T30] Call Trace:
[ 2437.075445][   T30]  <TASK>
[ 2437.078393][   T30]  __schedule+0x18bc/0x4c40
[ 2437.083091][   T30]  ? __pfx___schedule+0x10/0x10
[ 2437.087999][   T30]  ? __pfx_lock_release+0x10/0x10
[ 2437.093131][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 2437.099064][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2437.105104][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2437.111930][   T30]  ? schedule+0x90/0x320
[ 2437.116856][   T30]  schedule+0x14b/0x320
[ 2437.121052][   T30]  schedule_preempt_disabled+0x13/0x30
[ 2437.126706][   T30]  __mutex_lock+0x817/0x1010
[ 2437.131329][   T30]  ? __mutex_lock+0x602/0x1010
[ 2437.136500][   T30]  ? sync_bdevs+0x1ae/0x340
[ 2437.141060][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 2437.146251][   T30]  ? do_raw_spin_lock+0x14f/0x370
[ 2437.151306][   T30]  ? __pfx_lock_release+0x10/0x10
[ 2437.156427][   T30]  ? _atomic_dec_and_lock+0x9a/0x130
[ 2437.161741][   T30]  ? iput+0x3be/0xa50
[ 2437.165874][   T30]  sync_bdevs+0x1ae/0x340
[ 2437.170238][   T30]  ksys_sync+0xe2/0x1c0
[ 2437.174716][   T30]  ? __pfx_ksys_sync+0x10/0x10
[ 2437.179515][   T30]  ? do_syscall_64+0x100/0x230
[ 2437.184379][   T30]  ? do_syscall_64+0xb6/0x230
[ 2437.189080][   T30]  __do_sys_sync+0xe/0x20
[ 2437.193504][   T30]  do_syscall_64+0xf3/0x230
[ 2437.198041][   T30]  ? clear_bhb_loop+0x35/0x90
[ 2437.202839][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2437.208772][   T30] RIP: 0033:0x7f38d778d169
[ 2437.213885][   T30] RSP: 002b:00007f38d864e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 2437.222338][   T30] RAX: ffffffffffffffda RBX: 00007f38d79a5fa0 RCX: 00007f38d778d169
[ 2437.230454][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2437.238528][   T30] RBP: 00007f38d79a5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 2437.246634][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2437.254989][   T30] R13: 0000000000000000 R14: 00007f38d79a5fa0 R15: 00007ffda8c3c7e8
[ 2437.263464][   T30]  </TASK>
[ 2437.266532][   T30] INFO: task syz.4.6091:29155 blocked for more than 143 seconds.
[ 2437.276714][   T30]       Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2437.284681][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2437.293835][   T30] task:syz.4.6091      state:D stack:26432 pid:29155 tgid:29149 ppid:28832  task_flags:0x400040 flags:0x00004004
[ 2437.305945][   T30] Call Trace:
[ 2437.309245][   T30]  <TASK>
[ 2437.312194][   T30]  __schedule+0x18bc/0x4c40
[ 2437.317444][   T30]  ? __pfx___schedule+0x10/0x10
[ 2437.322346][   T30]  ? __pfx_lock_release+0x10/0x10
[ 2437.327522][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 2437.333469][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2437.339363][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2437.345835][   T30]  ? schedule+0x90/0x320
[ 2437.350364][   T30]  schedule+0x14b/0x320
[ 2437.354749][   T30]  schedule_preempt_disabled+0x13/0x30
[ 2437.360233][   T30]  __mutex_lock+0x817/0x1010
[ 2437.365046][   T30]  ? __mutex_lock+0x602/0x1010
[ 2437.369842][   T30]  ? sync_bdevs+0x1ae/0x340
[ 2437.374459][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 2437.379512][   T30]  ? do_raw_spin_lock+0x14f/0x370
[ 2437.384668][   T30]  ? __pfx_lock_release+0x10/0x10
[ 2437.389737][   T30]  ? _atomic_dec_and_lock+0x9a/0x130
[ 2437.395314][   T30]  ? iput+0x3be/0xa50
[ 2437.399334][   T30]  sync_bdevs+0x1ae/0x340
[ 2437.404300][   T30]  ksys_sync+0xe2/0x1c0
[ 2437.408769][   T30]  ? __pfx_ksys_sync+0x10/0x10
[ 2437.413641][   T30]  ? do_syscall_64+0xb6/0x230
[ 2437.418813][   T30]  __do_sys_sync+0xe/0x20
[ 2437.423465][   T30]  do_syscall_64+0xf3/0x230
[ 2437.428013][   T30]  ? clear_bhb_loop+0x35/0x90
[ 2437.433120][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2437.439060][   T30] RIP: 0033:0x7f38d778d169
[ 2437.443650][   T30] RSP: 002b:00007f38d862d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[ 2437.452099][   T30] RAX: ffffffffffffffda RBX: 00007f38d79a6080 RCX: 00007f38d778d169
[ 2437.460129][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2437.468880][   T30] RBP: 00007f38d79a6080 R08: 0000000000000000 R09: 0000000000000000
[ 2437.477001][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2437.485117][   T30] R13: 0000000000000001 R14: 00007f38d79a6080 R15: 00007ffda8c3c7e8
[ 2437.493558][   T30]  </TASK>
[ 2437.496643][   T30] 
[ 2437.496643][   T30] Showing all locks held in the system:
[ 2437.504536][   T30] 1 lock held by khungtaskd/30:
[ 2437.509410][   T30]  #0: ffffffff8eb38f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[ 2437.520182][   T30] 2 locks held by getty/5582:
[ 2437.525141][   T30]  #0: ffff88814eb780a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 2437.537155][   T30]  #1: ffffc9000330b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770
[ 2437.547652][   T30] 1 lock held by udevd/27322:
[ 2437.552348][   T30]  #0: ffff888142f514c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[ 2437.562083][   T30] 1 lock held by syz.4.6091/29152:
[ 2437.567290][   T30]  #0: ffff888142f514c8 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x1ae/0x340
[ 2437.576781][   T30] 1 lock held by syz.4.6091/29155:
[ 2437.581882][   T30]  #0: ffff888142f514c8 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x1ae/0x340
[ 2437.591643][   T30] 
[ 2437.594018][   T30] =============================================
[ 2437.594018][   T30] 
[ 2437.602428][   T30] NMI backtrace for cpu 1
[ 2437.602438][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2437.602449][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2437.602456][   T30] Call Trace:
[ 2437.602462][   T30]  <TASK>
[ 2437.602468][   T30]  dump_stack_lvl+0x241/0x360
[ 2437.602485][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2437.602495][   T30]  ? __pfx__printk+0x10/0x10
[ 2437.602516][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 2437.602531][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2437.602540][   T30]  ? _printk+0xd5/0x120
[ 2437.602553][   T30]  ? __pfx__printk+0x10/0x10
[ 2437.602567][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 2437.602580][   T30]  ? __pfx__printk+0x10/0x10
[ 2437.602600][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 2437.602627][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 2437.602645][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 2437.602664][   T30]  watchdog+0x1058/0x10a0
[ 2437.602686][   T30]  ? watchdog+0x1ea/0x10a0
[ 2437.602711][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2437.602730][   T30]  kthread+0x7a9/0x920
[ 2437.602751][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602774][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2437.602796][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602816][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602838][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602856][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2437.602874][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 2437.602893][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602916][   T30]  ret_from_fork+0x4b/0x80
[ 2437.602934][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.602954][   T30]  ret_from_fork_asm+0x1a/0x30
[ 2437.602983][   T30]  </TASK>
[ 2437.766851][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 2437.772124][    C0] NMI backtrace for cpu 0
[ 2437.772140][    C0] CPU: 0 UID: 0 PID: 24534 Comm: kworker/u8:2 Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2437.772158][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2437.772168][    C0] Workqueue: wg-kex-wg0 wg_packet_handshake_send_worker
[ 2437.772192][    C0] RIP: 0010:__sanitizer_cov_trace_switch+0xbc/0x120
[ 2437.772215][    C0] Code: c2 49 39 d2 74 71 4c 8b 74 d6 10 65 8b 05 b4 14 42 7e 25 00 01 ff 00 74 11 3d 00 01 00 00 75 de 41 83 bb 2c 16 00 00 00 74 d4 <41> 8b 83 08 16 00 00 83 f8 03 75 c8 49 8b 8b 10 16 00 00 45 8b bb
[ 2437.772228][    C0] RSP: 0018:ffffc90004d9f350 EFLAGS: 00000246
[ 2437.772240][    C0] RAX: 0000000000000000 RBX: ffff888059155ac0 RCX: ffff88807cb5da00
[ 2437.772251][    C0] RDX: 0000000000000002 RSI: ffffffff8ffc9980 RDI: 0000000000000006
[ 2437.772260][    C0] RBP: 0000000000000006 R08: 0000000000000005 R09: ffffffff8a995c89
[ 2437.772271][    C0] R10: 000000000000000b R11: ffff88807cb5da00 R12: ffffc90004d9f500
[ 2437.772281][    C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000006
[ 2437.772291][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 2437.772304][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2437.772315][    C0] CR2: 000056483fa1a600 CR3: 000000000e938000 CR4: 00000000003526f0
[ 2437.772329][    C0] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008
[ 2437.772338][    C0] DR3: 1000000100000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2437.772355][    C0] Call Trace:
[ 2437.772361][    C0]  <NMI>
[ 2437.772369][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 2437.772385][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 2437.772405][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2437.772420][    C0]  ? nmi_handle+0x2a/0x5a0
[ 2437.772446][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 2437.772463][    C0]  ? nmi_handle+0x14f/0x5a0
[ 2437.772482][    C0]  ? nmi_handle+0x2a/0x5a0
[ 2437.772501][    C0]  ? __sanitizer_cov_trace_switch+0xbc/0x120
[ 2437.772518][    C0]  ? default_do_nmi+0x63/0x160
[ 2437.772533][    C0]  ? exc_nmi+0x123/0x1f0
[ 2437.772546][    C0]  ? end_repeat_nmi+0xf/0x53
[ 2437.772568][    C0]  ? ipv6_get_saddr_eval+0x69/0xf50
[ 2437.772588][    C0]  ? __sanitizer_cov_trace_switch+0xbc/0x120
[ 2437.772610][    C0]  ? __sanitizer_cov_trace_switch+0xbc/0x120
[ 2437.772627][    C0]  ? __sanitizer_cov_trace_switch+0xbc/0x120
[ 2437.772646][    C0]  </NMI>
[ 2437.772651][    C0]  <TASK>
[ 2437.772657][    C0]  ipv6_get_saddr_eval+0x69/0xf50
[ 2437.772677][    C0]  __ipv6_dev_get_saddr+0x1d3/0x4b0
[ 2437.772696][    C0]  ipv6_dev_get_saddr+0x555/0xc10
[ 2437.772712][    C0]  ? ipv6_dev_get_saddr+0x228/0xc10
[ 2437.772730][    C0]  ? __pfx_ipv6_dev_get_saddr+0x10/0x10
[ 2437.772746][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 2437.772761][    C0]  ? ip6_route_output_flags+0x30/0x610
[ 2437.772782][    C0]  ? ip6_route_output_flags+0x30/0x610
[ 2437.772800][    C0]  ? ip6_route_output_flags+0x499/0x610
[ 2437.772820][    C0]  ? ip6_dst_lookup_tail+0x213/0x1500
[ 2437.772841][    C0]  ip6_dst_lookup_tail+0xf20/0x1500
[ 2437.772868][    C0]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 2437.772895][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 2437.772917][    C0]  ip6_dst_lookup_flow+0xb9/0x180
[ 2437.772938][    C0]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[ 2437.772957][    C0]  ? dst_cache_per_cpu_get+0x1af/0x2b0
[ 2437.772979][    C0]  ? dst_cache_get_ip6+0xbb/0xf0
[ 2437.772996][    C0]  ? __pfx_ip6_dst_lookup_flow+0x10/0x10
[ 2437.773016][    C0]  send6+0x5cf/0xaf0
[ 2437.773032][    C0]  ? send6+0x2af/0xaf0
[ 2437.773049][    C0]  ? __pfx_send6+0x10/0x10
[ 2437.773063][    C0]  ? wg_socket_send_skb_to_peer+0x5a/0x1d0
[ 2437.773081][    C0]  ? __local_bh_enable_ip+0x168/0x200
[ 2437.773098][    C0]  ? wg_socket_send_buffer_to_peer+0x134/0x1c0
[ 2437.773117][    C0]  wg_socket_send_skb_to_peer+0x115/0x1d0
[ 2437.773135][    C0]  wg_packet_handshake_send_worker+0x1dd/0x330
[ 2437.773152][    C0]  ? __pfx_wg_packet_handshake_send_worker+0x10/0x10
[ 2437.773179][    C0]  ? process_scheduled_works+0x9c6/0x18e0
[ 2437.773196][    C0]  process_scheduled_works+0xabe/0x18e0
[ 2437.773224][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 2437.773245][    C0]  ? assign_work+0x364/0x3d0
[ 2437.773262][    C0]  worker_thread+0x870/0xd30
[ 2437.773282][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 2437.773300][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 2437.773319][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 2437.773336][    C0]  kthread+0x7a9/0x920
[ 2437.773359][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773378][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 2437.773394][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773411][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773430][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773447][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2437.773462][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 2437.773478][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773497][    C0]  ret_from_fork+0x4b/0x80
[ 2437.773513][    C0]  ? __pfx_kthread+0x10/0x10
[ 2437.773531][    C0]  ret_from_fork_asm+0x1a/0x30
[ 2437.773554][    C0]  </TASK>
[ 2437.784865][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 2437.784883][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc3-syzkaller-00267-gff202c5028a1 #0
[ 2437.784903][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 2437.784915][   T30] Call Trace:
[ 2437.784922][   T30]  <TASK>
[ 2437.784931][   T30]  dump_stack_lvl+0x241/0x360
[ 2437.784957][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2437.784977][   T30]  ? __pfx__printk+0x10/0x10
[ 2437.784999][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 2437.785030][   T30]  ? vscnprintf+0x5d/0x90
[ 2437.785052][   T30]  panic+0x349/0x880
[ 2437.785077][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 2437.785098][   T30]  ? __pfx_panic+0x10/0x10
[ 2437.785119][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 2437.785139][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 2437.785164][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 2437.785186][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 2437.785204][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 2437.785225][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 2437.785247][   T30]  watchdog+0x1097/0x10a0
[ 2437.785270][   T30]  ? watchdog+0x1ea/0x10a0
[ 2437.785297][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2437.785320][   T30]  kthread+0x7a9/0x920
[ 2437.785343][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785367][   T30]  ? __pfx_watchdog+0x10/0x10
[ 2437.785389][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785410][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785436][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785475][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2437.785494][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 2437.785514][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785538][   T30]  ret_from_fork+0x4b/0x80
[ 2437.785558][   T30]  ? __pfx_kthread+0x10/0x10
[ 2437.785581][   T30]  ret_from_fork_asm+0x1a/0x30
[ 2437.785617][   T30]  </TASK>
[ 2438.429545][   T30] Kernel Offset: disabled
[ 2438.433868][   T30] Rebooting in 86400 seconds..