last executing test programs:

3m59.208718676s ago: executing program 3 (id=2113):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newtclass={0x24, 0x28, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff9}}}, 0x24}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014976ab94c1fb10628c46d2e681cdb9e5c1a31965c61e0df52c5e"})
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x8, 0x17, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x3000000}, 0x0)
ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c02000019000100000000000000000000000000000000000000000000000000ac1414bb00000000000000000000000000000000000000000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000084010500e0000002000000000023450000000000000000003c00000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000000003c00000000000000fe80000000000000000000000000000000000000000000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000ac1414aa0000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000aa000000003300000000000000fe8000000000000000000000000000bb0000000000000600000000000000000000000000fe880000000000000000000000000001000000002b"], 0x23c}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000200)={0x0, 0x2}, 0x8)

3m58.305575407s ago: executing program 3 (id=2116):
r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000004080eff95"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r1}, 0x10)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f0000000000)={{0x80}, 'port1\x00', 0xc0, 0x61442, 0x8, 0xffffffff})
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000000)={0x0, 0x2, 0xfffffbf8})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, r3, 0x2000)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_SIOCGIFADDR(r4, 0x8915, &(0x7f0000000100)={'geneve0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x705, 0x8000000000000000)
sched_setaffinity(0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x3e)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x1000000000006005, 0x1)
r7 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r7, 0x84, 0x6, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e20, @remote}}}, 0x84)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r8 = dup2(0xffffffffffffffff, r4)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0xa, 0x197b5a})

3m56.193740793s ago: executing program 3 (id=2126):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) (fail_nth: 1)

3m55.665319546s ago: executing program 3 (id=2130):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000540)={0x6, 0x9a, 0xfa00, {{0xfffffffd, 0x9, "145afb30733decdcdac38bcf0eb3da6d2382606ecd972193645e67b11b4359537edbde960078ac9f279c4b729339e483b1163e354b3bc1daa66a677908a57728d133973f60ed3299b46a4d744874cec18bdfb1f05104e3d709e86cefd5d0d107d23c2b43c87e7c1737349e674746de92fcf98fb1de63a178585456c2c6f8c35976934e04000000d80fc8a75f26b3a3f22794da50550875c18334978d37dc948d316ead36ff3be98e24e7b9eb59c95851123ec88e28c12e2e3c281bad58e0ec7cf3b46d9a670cf5e4ed333f0a7a88f61886e9ce20a812425b6685424a2ff802039613755894feb8a92ecf57b0b005d30000d72fbed446b3da0478ff8b40d2dff4", 0x0, 0x0, 0x4}}}, 0x120)

3m55.569962215s ago: executing program 3 (id=2133):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@ipv6_deladdrlabel={0x38, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x12, 0x1, @loopback}]}, 0x38}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x503, 0x1, 0x25dfdbfd, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000680)=ANY=[@ANYRESDEC, @ANYRESOCT], 0x1000)
mount(&(0x7f0000000180)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='adfs\x00', 0x8003, 0x0)

3m54.930623704s ago: executing program 3 (id=2134):
io_setup(0x5, &(0x7f0000000e80))
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x69, 0xa, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000002295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='contention_begin\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r6 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000003c0)='./binderfs2/custom1\x00', 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r6, 0x6, &(0x7f0000000240)={0x7fffffff, 0x0, &(0x7f0000000200)=[r1, r1]}, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000300))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0})
r10 = dup3(r9, r8, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)="fa"})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x400c6313, 0x0, 0xffffff7f00000000}], 0x2, 0x1000000000000, 0x0})

3m39.919413192s ago: executing program 32 (id=2134):
io_setup(0x5, &(0x7f0000000e80))
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x69, 0xa, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000002295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='contention_begin\x00', r2}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f00000001c0), 0x12)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r6 = dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000003c0)='./binderfs2/custom1\x00', 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r6, 0x6, &(0x7f0000000240)={0x7fffffff, 0x0, &(0x7f0000000200)=[r1, r1]}, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000300))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0})
r10 = dup3(r9, r8, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000080)="fa"})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000580)={0x10, 0x0, &(0x7f0000000700)=[@request_death={0x400c6313, 0x0, 0xffffff7f00000000}], 0x2, 0x1000000000000, 0x0})

13.496634681s ago: executing program 2 (id=2949):
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r1 = accept(r0, 0x0, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x3}}}, 0x10)
sendmmsg$unix(r2, &(0x7f0000004400), 0x400000000000203, 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x4, 0x4}}, 0x10)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25}], 0x1, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xd)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r3 = userfaultfd(0x801)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x1800)
sendmsg$kcm(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)="5a07e4", 0x3}], 0x1}, 0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040))
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001b8568316f3000a00000008000500000000000c00070100004000000000000800090030190000070006151ca2ee8d78e201000000000008000b"], 0x54}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="14af1100", @ANYRES16=r6, @ANYBLOB="04002bbd7000fbdbdf250500000028000380080001000000000006000400a202000014000600fc02000000000000000000000000000134000280080004000200000005000d000000000008000800f8ffffff06000e004e2100000800060025ff000006000f00230000002800028008000500b6ad0000080005000d00000014000100fe880000000000000000000000000001080004006efe00003800018006000200890000000c000700080000000100000008000b007369700008000b0073697000060002005c000000060001000a0000002c000280080004000100000006000e004e210000080007000400000006000b000a00000006000f00210c000008000600020000000800050005000000"], 0x114}}, 0x20000840)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
fcntl$dupfd(r3, 0x0, r3)
ioctl$UFFDIO_CONTINUE(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
mremap(&(0x7f0000c2e000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000462000/0x3000)=nil)
recvmsg$can_raw(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)=""/70, 0x46}], 0x1}, 0x40012002)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)

12.216052363s ago: executing program 2 (id=2955):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f00000001c0)={0x14, &(0x7f0000000440)=ANY=[@ANYBLOB="4009020100000205f2f17cf4da827480355a6ebc429a30c144148fca87410885fd109f8dbff2571ea81cb254719eb718fea03530ae8c7d9eba354fb25c62b3387f303f89904de6b0213da76fb7942ac9b4a3c2ce69fb188f276242b3da375dbed8005b714af6b78c30b64b957f84dc5c19f232f266c5d3ea613976dac9c5d8a7f78dab04b5506b8e20feac660fc16b8625384ea6cd74c062514aeb916ada72a999c734569c57a74dd2baf062f1e54c8ba5336885e298c9622443980dba4a9bfc48f28f957d05fe6a2adc39faa578a5eaa6573da8ac580a75ac4a3ec988f4f483704602adfb72964f2d4b346a0e8213bb987b44dd51e71c2493bf2bba6d50549010e05add3ac2ab20"], &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000800)={0x44, &(0x7f0000000600)=ANY=[@ANYBLOB="40123d00000051bb2e053c65ff7c86e02f91bcb8b649f85cfa2a460ce2233a09a797eb1b82d5be677998957fc7a6c55b3ca25e65581ab1f05676f68d0a4168d5156541"], &(0x7f0000000580)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x4}, &(0x7f00000006c0)={0x20, 0x80, 0x1c, {0x3, 0x9f, 0x8001, 0x81, 0x0, 0x8, 0x6, 0x80000000, 0x6, 0x3, 0x8, 0x101}}, &(0x7f0000000700)={0x20, 0x85, 0x4, 0x9ed}, &(0x7f0000000740)={0x20, 0x83, 0x2}, &(0x7f0000000780)={0x20, 0x87, 0x2, 0xc}, &(0x7f00000007c0)={0x20, 0x89, 0x2}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x10e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x20, 0x7, [{{0x9, 0x4, 0x0, 0x81, 0x1, 0x3, 0x1, 0x2, 0x71, {0x9, 0x21, 0x3, 0xa1, 0x1, {0x22, 0xa1d}}, {{{0x9, 0x5, 0x81, 0x3, 0x4f649b3e4ab0f6cc, 0x6, 0x24, 0x9}}}}}]}}]}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000004000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000000/0xb000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0}, 0x68)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
sendmsg$inet6(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x6b87bd76ddbcbbe)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560702000f0200006706000020000000620a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5d0e14c6c946eeb44fe63275c00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

9.061716335s ago: executing program 2 (id=2965):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r1, 0x8aa, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)

8.979800414s ago: executing program 0 (id=2966):
socket(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000080603000007000000000000000000000500010007000000bb1e27dc0578"], 0x1c}}, 0x0)
recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)

8.908848416s ago: executing program 5 (id=2969):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r3, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8541)
ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522)
syz_emit_ethernet(0x76, &(0x7f0000000580)=ANY=[@ANYBLOB="ffffffffffffaaaaab0000403a00fe80000000000000000000000000000000004000000000000000000001020090780000000166c1665dfffb0001000000000000000000ff000000000001ff0200000000000000000000000000013300014600000000d500cff1640000000000000000000000000000cc8e1754b890acf4e51a5ff09082c07d064151b8725e2daad920ba24c8efec71684eb8b0a5b9822c20a6d4301959e5efcfdc55a82f3aa5ddfe9c268409cb2e0496d95625b434f635240afd0d1ea3e41ba6a8fe0e14439979705684e178a8fc805e6c574c8af1ae06bdb9d2f1"], 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800490000380000000000059078ac1e01010a010100830be4ac1e0101640101008902000000fffc0000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
r7 = dup(0xffffffffffffffff)
ioctl$TIOCL_SETSEL(r7, 0x5605, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})

8.302944129s ago: executing program 5 (id=2972):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000600)={@cgroup, 0xffffffffffffffff, 0x20, 0x1, 0xffffffffffffffff, @void, @value}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/161, 0xa1}, {&(0x7f0000000180)=""/33, 0x21}], 0x2}, 0x28f2609ed101178a)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000280)={0x1f, @fixed}, 0x8)
setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x2)
r5 = fsopen(&(0x7f0000000040)='ntfs3\x00', 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={0x0, &(0x7f0000000200)=""/169, &(0x7f0000000040), 0x0, 0x2}, 0x38)
syz_io_uring_setup(0x7c04, &(0x7f00000000c0)={0x0, 0x7, 0x800}, &(0x7f0000000140)=<r6=>0x0, &(0x7f00000001c0))
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r7, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000040)=[0x0, 0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
mount$tmpfs(0x0, 0x0, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r6])
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000240)={[{@stats}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')

6.985575518s ago: executing program 0 (id=2973):
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000040)={0x66, 0x1, 'client0\x00', 0x2, "7b86aa149ff94bd2", "b5a6753d21438c5ca95a7d36946ff4ea73820aa3358c0134137a768e1e52e700", 0x6, 0x9})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ptrace$setregset(0x4205, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00')
read$FUSE(r4, &(0x7f0000000000)={0x2020}, 0x2020)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x60, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}]}, 0x60}}, 0x0)

6.930791006s ago: executing program 2 (id=2974):
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
syz_open_dev$MSR(&(0x7f0000000000), 0x1, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x3a)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r1, &(0x7f0000000680)=""/102400, 0x19000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='afs_make_fs_call1\x00', r2, 0x0, 0x80000007ffffd}, 0x18)
mkdirat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[<r4=>0x0], &(0x7f0000000340)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2, 0x0, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000100)=[<r7=>0x0]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000000240)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x48, 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

6.924985043s ago: executing program 4 (id=2975):
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="020023"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140), 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0) (fail_nth: 4)
sendmsg$alg(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
read$alg(r4, &(0x7f0000000000)=""/35, 0x23)

6.789590761s ago: executing program 5 (id=2977):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r4}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0xf4ffffff, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x14, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast})
close(r5)
syz_usb_connect(0x3, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120100009ede5c00820544010024010203010902120001fe0000f508043801004981ee030f9ac0e2c3c09d425782f1982961133496"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x2001442, 0x0)
unshare(0x2a020400)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_virtio(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x20000, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r8, 0x10001, 0x0)
connect$pppl2tp(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2, 0xfffffffd}}, 0x2e)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x4, 0x20000000, 0x4)

5.39450258s ago: executing program 1 (id=2978):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000440)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="47000e0080"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0) (fail_nth: 1)

5.381333844s ago: executing program 0 (id=2979):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b702000001040000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006502040001001f000404000001007d60b7030000000000006a0a00fefdff00008500000026000000b7000000000000009500000000000000c743a0c8e3ebbadc20e5a7efcc9ac1467fb2ea80dbcf8df265e1b40e4c8afd5c0c000000008da68076774bbcdb2c769937000090af27db5b56024db96bcbbbd2cb2000ce03000000000000007e357754508535766c80114604a86fe569b05614eab9297eb290a248a120c9c6e39f403ff065fd3052aae80675eeba68562eaeaea5fecf298ca20f274233106eab63ecf772de7b265040b6c50b7420b48a93fe94c756108afcd0b2eb78040000005f02a5a6474ae549070004000000001294fba0ed5020e6474ac921fee1f6d8ad6a80d0947cd6d4a561ced21a0b4a902be6af7ec2d1ba002e57", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32, @ANYBLOB="47000e0080"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0)

5.230207063s ago: executing program 4 (id=2980):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000002c0)={0x14, 0x5e, 0x1}, 0x14}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14}, 0x14}}, 0x8081)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
syz_open_dev$loop(0x0, 0x75f, 0x103382)
syz_io_uring_setup(0x52ab, &(0x7f0000000380)={0x0, 0x673, 0x2, 0x80000000, 0xd7}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000180)={0xfbfd, 0x6}, 0x4)
socket$inet6(0xa, 0x3, 0x40)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x38, r6, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x38}}, 0x0)

4.846721894s ago: executing program 0 (id=2981):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="020600ffd0cd9e4a000000000000000000000000001b455f719afe596289f22d2a2248be30"], 0x15)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/74, 0x4a}], 0x3a}, 0x2043)

4.671149492s ago: executing program 1 (id=2982):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-avx\x00'}, 0x58)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r3, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8541)
ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522)
syz_emit_ethernet(0x76, &(0x7f0000000580)=ANY=[@ANYBLOB="ffffffffffffaaaaab0000403a00fe80000000000000000000000000000000004000000000000000000001020090780000000166c1665dfffb0001000000000000000000ff000000000001ff0200000000000000000000000000013300014600000000d500cff1640000000000000000000000000000cc8e1754b890acf4e51a5ff09082c07d064151b8725e2daad920ba24c8efec71684eb8b0a5b9822c20a6d4301959e5efcfdc55a82f3aa5ddfe9c268409cb2e0496d95625b434f635240afd0d1ea3e41ba6a8fe0e14439979705684e178a8fc805e6c574c8af1ae06bdb9d2f1"], 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800490000380000000000059078ac1e01010a010100830be4ac1e0101640101008902000000fffc0000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
r7 = dup(0xffffffffffffffff)
ioctl$TIOCL_SETSEL(r7, 0x5605, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x5522, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})

4.596313682s ago: executing program 2 (id=2983):
r0 = socket(0x10, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x14, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x2b, 0xa, 0x0)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x10000a0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r3 = dup(r2)
ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000180))
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
bind$netlink(r8, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYBLOB="00001000252155b21c0012000c00010062"], 0x3c}}, 0x0)
setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000180)={r9, 0x1, 0x6, @random="bb2a016e5b90"}, 0x10)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a00", @ANYRES32=r9], 0x3c}}, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r10=>0x0})
syz_usb_connect(0x0, 0x24, &(0x7f0000001380)=ANY=[@ANYBLOB="120100004bdcad4066a7b57c3a550000000109021200010000000009040000000802"], 0x0)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_DESTROY$ioas(r11, 0x3b80, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r11, 0x3b82, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0, 0x0})
r12 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r12, &(0x7f0000000600)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
getsockopt$IP_VS_SO_GET_SERVICE(r12, 0x0, 0xe, 0x0, &(0x7f0000000900))
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r10, @ANYBLOB="140001000040000003000000000000000000000014000200fe8000000000000004000000002300aa140006"], 0x54}}, 0x0)

3.849694087s ago: executing program 0 (id=2984):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0, 0x0, 0xffffffffffffffff}, 0x18)
r1 = syz_io_uring_setup(0x110, 0x0, &(0x7f0000000440)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x30, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40, 0x1, {0x1}})
io_uring_enter(r1, 0x8aa, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)

3.499429565s ago: executing program 5 (id=2985):
socket(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000080603000007000000000000000000000500010007000000bb1e27dc0578"], 0x1c}}, 0x0)
recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)

3.498849989s ago: executing program 1 (id=2986):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0xffffffffffffffff, 0x7, &(0x7f0000000200)=0x200)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000040)=0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x10122, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$MAP_CREATE(0x8001000000000000, &(0x7f0000000380)=ANY=[@ANYBLOB='\t\x00\x00\x00\n\x00\x00\x00B\x00\x00\x00@\x00\x00\x00\x00\x00\x00', @ANYBLOB, @ANYRES32=0x0], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r3}, 0x38)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'})

3.339344693s ago: executing program 4 (id=2987):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000004d80), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010000001c0001"], 0x30}}, 0x10) (fail_nth: 7)

2.937757558s ago: executing program 0 (id=2988):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'geneve1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x0)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@const={0x3, 0x0, 0x0, 0xa, 0x1}, @fwd={0xa}]}, {0x0, [0x0, 0x30, 0x0]}}, &(0x7f0000000140)=""/25, 0x35, 0x19, 0x0, 0x4, 0x10000, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180010000000000000000000000000006110ffff0000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x1a, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007baaaa40b10e6866b857010203210902120001000000000904"], 0x0)

2.937467452s ago: executing program 4 (id=2989):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x6}]}}]}, 0x3c}}, 0x20000000)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)

2.913052192s ago: executing program 4 (id=2990):
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000040)={0x66, 0x1, 'client0\x00', 0x2, "7b86aa149ff94bd2", "b5a6753d21438c5ca95a7d36946ff4ea73820aa3358c0134137a768e1e52e700", 0x6, 0x9})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ptrace$setregset(0x4205, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00')
read$FUSE(r5, &(0x7f0000000000)={0x2020}, 0x2020)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x60, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}]}, 0x60}}, 0x0)

2.155344587s ago: executing program 1 (id=2991):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x1)
sendmsg$IPSET_CMD_DESTROY(r4, 0x0, 0x5)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800020000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000080), 0x0, r5)
socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18}], 0x18}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1871f6ea8a4c2d02000003000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffff9}, 0x1c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000019000000200012800b00010067656e657665000010000280060005004e200000040006"], 0x40}}, 0x0)

2.094752257s ago: executing program 2 (id=2992):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee000000000000", 0x51}], 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing]}}}}}}}, 0x0) (async)
syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing]}}}}}}}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0) (async)
syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
io_setup(0x3, &(0x7f0000000180)) (async)
io_setup(0x3, &(0x7f0000000180)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) (async)
io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x2, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x7, 0x1, 0x7, 0x1, 0x2, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x2, 0xf, 0x12}}}}}]}}]}}, 0x0)
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x1c)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0), 0x8042, 0x0)
write$vga_arbiter(r4, &(0x7f00000002c0)=ANY=[@ANYBLOB='lock io'], 0x8)
io_setup(0x3, &(0x7f0000000180)) (async)
io_setup(0x3, &(0x7f0000000180)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
write$vga_arbiter(r4, &(0x7f0000000200)=ANY=[@ANYBLOB='unlock mem'], 0xb) (async)
write$vga_arbiter(r4, &(0x7f0000000200)=ANY=[@ANYBLOB='unlock mem'], 0xb)
syz_emit_ethernet(0xfdef, &(0x7f0000000880)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010448", 0x20, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0)

1.992878025s ago: executing program 4 (id=2993):
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
syz_open_dev$MSR(&(0x7f0000000000), 0x1, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x3a)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r1, &(0x7f0000000680)=""/102400, 0x19000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='afs_make_fs_call1\x00', r2, 0x0, 0x80000007ffffd}, 0x18)
mkdirat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[<r4=>0x0], &(0x7f0000000340)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2, 0x0, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000100)=[<r7=>0x0]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f0000000240)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x48, 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

1.251526098s ago: executing program 5 (id=2994):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="020600ffd0cd9e4a000000000000000000000000001b455f719afe596289f22d2a2248be30"], 0x15)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/74, 0x4a}], 0x3a}, 0x2043)

1.250928955s ago: executing program 1 (id=2995):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
io_setup(0x22, &(0x7f00000003c0)=<r2=>0x0)
r3 = socket$rxrpc(0x21, 0x2, 0xa)
io_submit(r2, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x212d, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="280000001e00431b000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32], 0x28}}, 0x4)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r0, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0x80045515, &(0x7f0000000080)={0x60, 0xc, 0x4, 0xff68, 0x0, 0x5, 0x0})

58.484606ms ago: executing program 1 (id=2996):
syz_emit_ethernet(0x6e, &(0x7f0000000080)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @loopback, @local, [@srh]}}}}}}}, 0x0)
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, 0x0, 0x20044811)
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
r2 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b30, &(0x7f0000000240)={'wlan0\x00'})
listen(r1, 0x400000001ffffffd)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'macvtap0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000006a00000f0007000000", @ANYRES32=r4, @ANYBLOB="800202000a0002"], 0x48}, 0x1, 0x0, 0x0, 0x4c880}, 0x80)
socket$kcm(0x10, 0x2, 0x0)
r5 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r6 = accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r6)
sendmmsg$inet6(r5, &(0x7f0000006d80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x80)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r6)

0s ago: executing program 5 (id=2997):
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
syz_open_dev$MSR(&(0x7f0000000000), 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x3a)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
read$msr(r0, &(0x7f0000000680)=""/102400, 0x19000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='afs_make_fs_call1\x00', r1, 0x0, 0x80000007ffffd}, 0x18)
r2 = open$dir(0x0, 0x260003, 0x0)
mkdirat(r2, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[<r4=>0x0], &(0x7f0000000340)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2, 0x0, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000100)=[0x0]})
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x1100, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

kernel console output (not intermixed with test programs):

onnect, device number 50
[  799.130003][T11545] Bluetooth: hci5: command 0x0c1a tx timeout
[  799.279883][ T5876] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  799.376286][T15967] UBIFS error (pid: 15967): cannot open "(null)", error -22
[  799.435850][ T5916] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  799.450981][ T5876] usb 3-1: Using ep0 maxpacket: 32
[  799.459464][ T5876] usb 3-1: config 0 has an invalid interface number: 9 but max is 0
[  799.582082][ T5875] usb 1-1: new low-speed USB device number 51 using dummy_hcd
[  799.616018][ T5876] usb 3-1: config 0 has no interface number 0
[  799.631030][ T5876] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  799.648404][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.666652][ T5876] usb 3-1: Product: syz
[  799.677438][ T5876] usb 3-1: Manufacturer: syz
[  799.686405][ T5876] usb 3-1: SerialNumber: syz
[  799.696449][ T5876] usb 3-1: config 0 descriptor??
[  799.710382][ T5876] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  799.739766][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  799.746814][ T5875] usb 1-1: unable to get BOS descriptor or descriptor too short
[  799.755469][ T5916] usb 5-1: config index 0 descriptor too short (expected 66, got 36)
[  799.770705][ T5875] usb 1-1: config 2 has an invalid interface number: 115 but max is 0
[  799.780497][ T5916] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  799.792153][ T5875] usb 1-1: config 2 has no interface number 0
[  799.799166][ T5875] usb 1-1: config 2 interface 115 has no altsetting 0
[  799.806100][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  799.816094][ T5916] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  799.826244][ T5916] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 255
[  799.839205][ T5875] usb 1-1: string descriptor 0 read error: -22
[  799.845754][ T5875] usb 1-1: New USB device found, idVendor=07aa, idProduct=0051, bcdDevice=d8.fb
[  799.855383][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.864173][ T5916] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  799.873472][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.891344][ T5916] usb 5-1: Product: syz
[  799.895921][ T5916] usb 5-1: Manufacturer: syz
[  799.902045][ T5875] r8712u: register rtl8712_netdev_ops to netdev_ops
[  799.908885][ T5916] usb 5-1: SerialNumber: syz
[  799.913692][ T5875] usb 1-1: r8712u: USB_SPEED_LOW with 0 endpoints
[  799.933850][ T5916] usb 5-1: config 0 descriptor??
[  799.948965][T15955] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  799.972924][ T5916] mcba_usb 5-1:0.0: Can't find endpoints
[  800.124760][T15961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  800.138796][T15961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  800.257820][   T52] usb 5-1: USB disconnect, device number 65
[  800.339817][T15971] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2617'.
[  800.348895][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2617'.
[  800.900457][ T5875] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed
[  800.947947][ T5875] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  800.966245][ T5875] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  800.998245][T15975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.008648][T15975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  801.640058][ T5876] gspca_topro: reg_w err -110
[  801.669716][ T5876] gspca_topro: Sensor soi763a
[  801.697515][ T5876] usb 3-1: USB disconnect, device number 65
[  801.925748][T15980] fuse: Unknown parameter 'fd0x0000000000000003'
[  801.988625][ T5916] usb 1-1: USB disconnect, device number 51
[  803.338922][T15999] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2625'.
[  803.356559][   T29] audit: type=1326 audit(1731835937.489:2308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  803.398343][   T29] audit: type=1326 audit(1731835937.489:2309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  803.427718][   T29] audit: type=1326 audit(1731835937.489:2310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  803.609136][   T29] audit: type=1326 audit(1731835937.489:2311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  803.637488][   T29] audit: type=1326 audit(1731835937.489:2312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.414977][   T29] audit: type=1326 audit(1731835937.489:2313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.614694][   T29] audit: type=1326 audit(1731835937.489:2314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.638211][    C0] vkms_vblank_simulate: vblank timer overrun
[  804.772737][   T29] audit: type=1326 audit(1731835937.489:2315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.802557][   T29] audit: type=1326 audit(1731835937.489:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.826244][   T29] audit: type=1326 audit(1731835937.489:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16005 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2611f7e719 code=0x7ffc0000
[  804.965026][T16029] xt_socket: unknown flags 0xe0
[  805.175749][   T52] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  805.184296][ T5876] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  806.049714][   T52] usb 2-1: Using ep0 maxpacket: 8
[  806.057756][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  806.065688][   T52] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  806.073353][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.088658][   T52] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.357610][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.368950][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.628218][   T52] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  806.636022][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.647596][   T52] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.659359][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.670880][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.687746][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  806.698792][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  806.708633][ T5876] usb 3-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  806.718123][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.779706][   T52] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  806.787138][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  806.798706][   T52] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  806.810492][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  806.821993][   T52] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  806.834333][ T5876] usb 3-1: config 0 descriptor??
[  806.845363][T16063] overlayfs: overlapping lowerdir path
[  806.886103][   T52] usb 2-1: string descriptor 0 read error: -22
[  806.892942][   T52] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  806.902974][   T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.971039][   T52] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  807.279474][ T5876] usbhid 3-1:0.0: can't add hid device: -71
[  807.285990][ T5876] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  807.311974][ T5876] usb 3-1: USB disconnect, device number 66
[  807.802586][  T968] usb 2-1: USB disconnect, device number 72
[  808.030502][T16082] sctp: [Deprecated]: syz.4.2650 (pid 16082) Use of int in maxseg socket option.
[  808.030502][T16082] Use struct sctp_assoc_value instead
[  808.328135][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  808.339671][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  809.109987][T11545] Bluetooth: hci5: unknown advertising packet type: 0xae
[  809.275885][T16096] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2654'.
[  809.292669][T16096] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2654'.
[  809.709158][T16103] (syz.2.2658,16103,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options
[  809.738670][T16103] (syz.2.2658,16103,0):ocfs2_fill_super:1178 ERROR: status = -22
[  810.335142][T16119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2659'.
[  810.344321][T16119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2659'.
[  811.370928][ T5916] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  811.530700][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  811.551741][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  811.579622][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  811.684714][T16132] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2667'.
[  811.765677][ T5916] usb 5-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  811.774942][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.814511][ T5916] usb 5-1: config 0 descriptor??
[  813.010536][   T29] kauditd_printk_skb: 23 callbacks suppressed
[  813.010551][   T29] audit: type=1326 audit(1731835947.109:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.080971][ T5916] usbhid 5-1:0.0: can't add hid device: -71
[  813.086970][ T5916] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  813.134316][T16152] PKCS7: Unknown OID: [4] (bad)
[  813.140590][T16152] PKCS7: Only support pkcs7_signedData type
[  813.149017][   T29] audit: type=1326 audit(1731835947.109:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.186530][   T29] audit: type=1326 audit(1731835947.109:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.210051][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.236629][   T29] audit: type=1326 audit(1731835947.109:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.260150][    C1] vkms_vblank_simulate: vblank timer overrun
[  813.355421][ T5916] usb 5-1: USB disconnect, device number 66
[  813.522907][   T29] audit: type=1326 audit(1731835947.109:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.549400][   T29] audit: type=1326 audit(1731835947.109:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.574212][   T29] audit: type=1326 audit(1731835947.109:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  813.753468][T16162] UBIFS error (pid: 16162): cannot open "(null)", error -22
[  814.019868][   T29] audit: type=1326 audit(1731835947.109:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  814.150142][   T29] audit: type=1326 audit(1731835947.109:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  814.199192][   T29] audit: type=1326 audit(1731835947.109:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16142 comm="syz.2.2670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  814.528618][T16175] ip6t_srh: unknown srh invflags 7863
[  814.756340][T16182] Process accounting resumed
[  815.359741][T16182] Process accounting resumed
[  815.412415][T16183] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  815.566188][T11545] Bluetooth: hci5: ACL packet for unknown connection handle 201
[  815.804617][T16194] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2682'.
[  815.819745][T16194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2682'.
[  816.179808][  T968] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  816.295286][T16201] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2687'.
[  818.054863][T16234] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2694'.
[  818.393674][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  818.393689][   T29] audit: type=1326 audit(1731835952.529:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16223 comm="syz.1.2694" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffb26b7e719 code=0x0
[  818.533209][T16242] vivid-000: disconnect
[  818.537762][T16242] vivid-000: reconnect
[  819.183607][T16248] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2698'.
[  819.192838][T16248] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2698'.
[  819.303993][T11545] Bluetooth: hci5: ACL packet for unknown connection handle 201
[  819.437758][T16252] lo speed is unknown, defaulting to 1000
[  819.444994][T16252] ip6gretap0 speed is unknown, defaulting to 1000
[  819.808630][T16224] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  819.901505][T16264] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  820.123468][T16224] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  820.123868][T11545] Bluetooth: hci5: ACL packet for unknown connection handle 201
[  820.319698][T11545] Bluetooth: hci2: command 0x0c1a tx timeout
[  820.488596][T16267] UBIFS error (pid: 16267): cannot open "(null)", error -22
[  820.634407][ T5916] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  820.650146][ T5903] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  820.793829][   T29] audit: type=1326 audit(1731835954.929:2376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.817595][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  820.823573][   T29] audit: type=1326 audit(1731835954.959:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.864149][ T5903] usb 1-1: unable to get BOS descriptor or descriptor too short
[  820.883968][ T5903] usb 1-1: config 8 has an invalid interface number: 2 but max is -1
[  820.895224][ T5916] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  820.905491][   T29] audit: type=1326 audit(1731835954.959:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.929727][ T5903] usb 1-1: config 8 has 1 interface, different from the descriptor's value: 0
[  820.938601][ T5903] usb 1-1: config 8 has no interface number 0
[  820.944738][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.952734][   T29] audit: type=1326 audit(1731835954.959:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.952769][   T29] audit: type=1326 audit(1731835954.959:2380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.952803][   T29] audit: type=1326 audit(1731835954.979:2381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.952833][   T29] audit: type=1326 audit(1731835954.979:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.952863][   T29] audit: type=1326 audit(1731835954.989:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  820.952893][   T29] audit: type=1326 audit(1731835954.989:2384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16251 comm="syz.2.2700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fceb1f7e719 code=0x7ffc0000
[  821.099775][ T5916] usb 5-1: Product: syz
[  821.104015][ T5916] usb 5-1: Manufacturer: syz
[  821.108660][ T5916] usb 5-1: SerialNumber: syz
[  821.125108][ T5916] r8152-cfgselector 5-1: Unknown version 0x0000
[  821.239929][ T5916] r8152-cfgselector 5-1: config 0 descriptor??
[  821.247832][ T5916] r8152-cfgselector 5-1: can't set config #0, error -71
[  821.263745][ T5903] usb 1-1: New USB device found, idVendor=0545, idProduct=0080, bcdDevice= 0.02
[  821.888982][T11545] Bluetooth: hci5: command 0x0c1a tx timeout
[  821.895205][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.917391][ T5903] usb 1-1: Product: syz
[  821.925196][ T5903] usb 1-1: Manufacturer: syz
[  821.935295][ T5903] usb 1-1: SerialNumber: syz
[  821.943810][ T5916] r8152-cfgselector 5-1: USB disconnect, device number 68
[  822.290660][ T5876] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[  822.334369][  T965] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.352798][  T965] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  822.458581][  T965] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.473155][  T965] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  822.703939][  T965] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.886169][ T5876] usb 3-1: config 0 has an invalid interface number: 10 but max is 0
[  822.896366][ T5876] usb 3-1: config 0 has no interface number 0
[  822.902540][ T5876] usb 3-1: config 0 interface 10 altsetting 0 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  822.913455][ T5876] usb 3-1: config 0 interface 10 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  822.928768][ T5876] usb 3-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=1d.a7
[  822.942054][ T5903] usb 1-1: USB disconnect, device number 52
[  822.950655][ T5142] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  822.962241][ T5142] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  822.982102][ T5142] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  822.991971][ T5142] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  822.996124][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.000866][ T5142] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  823.015511][ T5142] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  823.018065][ T5876] usb 3-1: Product: syz
[  823.034552][  T965] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  823.054976][ T5876] usb 3-1: Manufacturer: syz
[  823.131935][ T5876] usb 3-1: SerialNumber: syz
[  823.144057][ T5876] usb 3-1: config 0 descriptor??
[  823.310767][ T5876] usb 3-1: Error in usbnet_get_endpoints (-22)
[  823.370866][T16297] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  823.509581][ T5876] usb 3-1: USB disconnect, device number 67
[  823.615482][T16300] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2716'.
[  824.023699][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  824.023712][   T29] audit: type=1326 audit(1731835957.939:2387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16298 comm="syz.0.2716" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2611f7e719 code=0x0
[  824.205667][  T965] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.216220][  T965] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  825.067680][ T5142] Bluetooth: hci3: command tx timeout
[  825.104433][T16290] lo speed is unknown, defaulting to 1000
[  825.118740][T16290] ip6gretap0 speed is unknown, defaulting to 1000
[  825.530111][T16299] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  825.545996][T16299] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  825.687739][T16299] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  825.781167][T16299] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  825.788574][T16299] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  826.117895][T16326] UBIFS error (pid: 16326): cannot open "(null)", error -22
[  827.267044][T16344] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2725'.
[  827.283489][T16344] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2725'.
[  827.914268][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout
[  827.914285][T11545] Bluetooth: hci5: command 0x0c1a tx timeout
[  827.920390][ T5142] Bluetooth: hci3: command 0x040f tx timeout
[  829.135660][T16357] FAULT_INJECTION: forcing a failure.
[  829.135660][T16357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  829.151915][T16357] CPU: 0 UID: 0 PID: 16357 Comm: syz.5.2730 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  829.162701][T16357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  829.172748][T16357] Call Trace:
[  829.176030][T16357]  <TASK>
[  829.178959][T16357]  dump_stack_lvl+0x16c/0x1f0
[  829.183642][T16357]  should_fail_ex+0x497/0x5b0
[  829.188332][T16357]  _copy_to_user+0x32/0xd0
[  829.192769][T16357]  do_ip_getsockopt+0x1966/0x2720
[  829.197805][T16357]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  829.203176][T16357]  ? __pfx_lock_release+0x10/0x10
[  829.208176][T16357]  ? trace_lock_acquire+0x14a/0x1d0
[  829.213368][T16357]  ? __pfx_mark_lock+0x10/0x10
[  829.218132][T16357]  ? hlock_class+0x4e/0x130
[  829.222628][T16357]  ? __lock_acquire+0x163e/0x3ce0
[  829.227667][T16357]  ? __pfx___lock_acquire+0x10/0x10
[  829.232878][T16357]  ? find_held_lock+0x2d/0x110
[  829.237653][T16357]  ip_getsockopt+0x9c/0x1e0
[  829.242161][T16357]  ? __pfx_lock_release+0x10/0x10
[  829.247191][T16357]  ? __pfx_ip_getsockopt+0x10/0x10
[  829.252309][T16357]  ? lock_acquire+0x2f/0xb0
[  829.256817][T16357]  ? __might_fault+0xe3/0x190
[  829.261500][T16357]  tcp_getsockopt+0x9e/0x100
[  829.266071][T16357]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  829.271966][T16357]  do_sock_getsockopt+0x3fe/0x800
[  829.276988][T16357]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  829.282512][T16357]  ? __fget_files+0x244/0x3f0
[  829.287185][T16357]  __sys_getsockopt+0x1a1/0x270
[  829.292014][T16357]  ? __pfx___sys_getsockopt+0x10/0x10
[  829.297361][T16357]  ? fput+0x30/0x390
[  829.301233][T16357]  ? ksys_write+0x1ad/0x260
[  829.305711][T16357]  ? __pfx_ksys_write+0x10/0x10
[  829.310536][T16357]  __x64_sys_getsockopt+0xbd/0x160
[  829.315625][T16357]  ? do_syscall_64+0x91/0x250
[  829.320279][T16357]  ? lockdep_hardirqs_on+0x7c/0x110
[  829.325470][T16357]  do_syscall_64+0xcd/0x250
[  829.329965][T16357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  829.335849][T16357] RIP: 0033:0x7f1559f7e719
[  829.340242][T16357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  829.359826][T16357] RSP: 002b:00007f155ad1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  829.368214][T16357] RAX: ffffffffffffffda RBX: 00007f155a135f80 RCX: 00007f1559f7e719
[  829.376165][T16357] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000003
[  829.384130][T16357] RBP: 00007f155ad1a090 R08: 0000000020000340 R09: 0000000000000000
[  829.392096][T16357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  829.400043][T16357] R13: 0000000000000000 R14: 00007f155a135f80 R15: 00007fffe605e2f8
[  829.407998][T16357]  </TASK>
[  829.462839][  T965] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  829.478273][  T965] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  829.489397][  T965] bond0 (unregistering): Released all slaves
[  829.612230][T16366] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2734'.
[  829.811790][   T29] audit: type=1400 audit(1731835963.819:2388): avc:  denied  { shutdown } for  pid=16362 comm="syz.2.2733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  830.049855][T16346] Bluetooth: hci3: command 0x040f tx timeout
[  830.333129][T11540] Bluetooth: hci2: unknown advertising packet type: 0xae
[  831.024441][T16378] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2736'.
[  831.270372][  T965] tipc: Left network mode
[  831.325910][T16370] siw: device registration error -23
[  831.348045][T16290] chnl_net:caif_netlink_parms(): no params data found
[  832.108532][T16380] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  832.118685][T16380] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  832.121694][T11540] Bluetooth: hci3: command 0x040f tx timeout
[  832.134977][T16380] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  832.886825][T16290] bridge0: port 1(bridge_slave_0) entered blocking state
[  832.922547][T16290] bridge0: port 1(bridge_slave_0) entered disabled state
[  832.964549][T16290] bridge_slave_0: entered allmulticast mode
[  832.981938][T16290] bridge_slave_0: entered promiscuous mode
[  832.991262][T16290] bridge0: port 2(bridge_slave_1) entered blocking state
[  832.998458][T16290] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.006191][T16290] bridge_slave_1: entered allmulticast mode
[  833.013398][T16290] bridge_slave_1: entered promiscuous mode
[  833.073327][T16290] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  833.149702][T16290] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  833.281548][T16290] team0: Port device team_slave_0 added
[  833.297149][T16290] team0: Port device team_slave_1 added
[  833.306161][T16416] libceph: resolve '
[  833.306161][T16416] -&õÌ×fÍY¹Ç�²a×ïÅ2iˆ
[  833.306161][T16416] .ÖúÕ?Çý&�*»§&' (ret=-3): failed
[  833.387330][  T965] hsr_slave_0: left promiscuous mode
[  833.421398][  T965] hsr_slave_1: left promiscuous mode
[  833.439049][  T965] batman_adv: batadv0: Removing interface: batadv_slave_0
[  833.518624][T16424] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2746'.
[  833.529415][  T965] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  833.549852][  T965] batman_adv: batadv0: Removing interface: batadv_slave_1
[  833.981015][T16430] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2749'.
[  834.184620][T11540] Bluetooth: hci3: command 0x040f tx timeout
[  834.619340][  T965] veth1_macvtap: left promiscuous mode
[  834.639773][  T965] veth0_macvtap: left promiscuous mode
[  834.646578][  T965] veth1_vlan: left promiscuous mode
[  834.653308][T16423] xt_addrtype: ipv6 does not support BROADCAST matching
[  834.661665][  T965] veth0_vlan: left promiscuous mode
[  835.057516][  T965] team0 (unregistering): Port device team_slave_1 removed
[  835.096043][  T965] team0 (unregistering): Port device team_slave_0 removed
[  835.360279][T16290] batman_adv: batadv0: Adding interface: batadv_slave_0
[  835.367247][T16290] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  835.393151][    C1] vkms_vblank_simulate: vblank timer overrun
[  835.501028][T16290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  835.513348][T16290] batman_adv: batadv0: Adding interface: batadv_slave_1
[  835.520446][T16290] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  835.896761][T16290] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  836.235087][T16290] hsr_slave_0: entered promiscuous mode
[  836.253894][T11540] Bluetooth: hci3: command 0x040f tx timeout
[  836.266297][T16290] hsr_slave_1: entered promiscuous mode
[  836.344838][T16290] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  836.355949][T16290] Cannot create hsr debugfs directory
[  836.419349][  T965] IPVS: stop unused estimator thread 0...
[  836.481078][T16457] syz_tun: VLAN not yet supported
[  836.555763][    T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  836.709793][    T9] usb 1-1: device descriptor read/64, error -71
[  836.785185][T16290] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  836.797436][T16290] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  836.814328][T16290] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  836.827875][T16290] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  836.903110][T16290] 8021q: adding VLAN 0 to HW filter on device bond0
[  836.918141][T16290] 8021q: adding VLAN 0 to HW filter on device team0
[  836.929729][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  836.936850][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  837.029245][  T965] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.036372][  T965] bridge0: port 2(bridge_slave_1) entered forwarding state
[  837.045078][    T9] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  837.560014][    T9] usb 1-1: device descriptor read/64, error -71
[  837.615137][T16290] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  837.625861][T16290] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  837.792704][    T9] usb usb1-port1: attempt power cycle
[  837.831615][T16290] 8021q: adding VLAN 0 to HW filter on device batadv0
[  837.930577][T16290] veth0_vlan: entered promiscuous mode
[  837.956179][T16290] veth1_vlan: entered promiscuous mode
[  838.023839][T16290] veth0_macvtap: entered promiscuous mode
[  838.040998][T16290] veth1_macvtap: entered promiscuous mode
[  838.083353][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.093937][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.103878][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.114397][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.124398][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.135000][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.145031][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  838.156056][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.174822][T16290] batman_adv: batadv0: Interface activated: batadv_slave_0
[  838.191778][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.202326][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.212264][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.222824][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.232862][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.243695][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.253608][T16290] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  838.264606][T16290] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  838.275951][T16290] batman_adv: batadv0: Interface activated: batadv_slave_1
[  838.292949][T16290] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  838.303246][T16290] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  838.309702][ T5875] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  838.312359][T16290] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  838.329699][T16290] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  838.396967][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.408950][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  838.435560][ T7302] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.444606][ T7302] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  838.480052][ T5875] usb 3-1: Using ep0 maxpacket: 16
[  838.489793][ T5875] usb 3-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[  838.500494][ T5875] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  838.516762][ T5875] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  838.526253][    T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  838.534756][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.543624][ T5875] usb 3-1: Product: syz
[  838.547916][ T5875] usb 3-1: Manufacturer: syz
[  838.552981][T16492] FAULT_INJECTION: forcing a failure.
[  838.552981][T16492] name failslab, interval 1, probability 0, space 0, times 0
[  838.566543][ T5875] usb 3-1: SerialNumber: syz
[  838.569699][T16492] CPU: 1 UID: 0 PID: 16492 Comm: syz.1.2711 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  838.581879][T16492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  838.591938][T16492] Call Trace:
[  838.595212][T16492]  <TASK>
[  838.598140][T16492]  dump_stack_lvl+0x16c/0x1f0
[  838.602824][T16492]  should_fail_ex+0x497/0x5b0
[  838.607506][T16492]  ? fs_reclaim_acquire+0xae/0x150
[  838.612620][T16492]  should_failslab+0xc2/0x120
[  838.617299][T16492]  __kmalloc_noprof+0xcb/0x400
[  838.622069][T16492]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  838.629188][T16492]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  838.631930][    T9] usb 1-1: device descriptor read/8, error -71
[  838.634640][T16492]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  838.634669][T16492]  ? bpf_lsm_capable+0x9/0x10
[  838.634690][T16492]  ? security_capable+0x7e/0x260
[  838.656437][T16492]  ? ns_capable+0xd7/0x110
[  838.660835][T16492]  genl_rcv_msg+0x565/0x800
[  838.665328][T16492]  ? __pfx_genl_rcv_msg+0x10/0x10
[  838.670340][T16492]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  838.676256][T16492]  netlink_rcv_skb+0x16b/0x440
[  838.681026][T16492]  ? __pfx_genl_rcv_msg+0x10/0x10
[  838.686063][T16492]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  838.691364][T16492]  ? down_read+0xc9/0x330
[  838.695701][T16492]  ? __pfx_down_read+0x10/0x10
[  838.700474][T16492]  ? netlink_deliver_tap+0x1ae/0xd90
[  838.705777][T16492]  genl_rcv+0x28/0x40
[  838.709767][T16492]  netlink_unicast+0x53c/0x7f0
[  838.714526][T16492]  ? __pfx_netlink_unicast+0x10/0x10
[  838.719818][T16492]  netlink_sendmsg+0x8b8/0xd70
[  838.724589][T16492]  ? __pfx_netlink_sendmsg+0x10/0x10
[  838.729875][T16492]  ____sys_sendmsg+0xaaf/0xc90
[  838.734637][T16492]  ? copy_msghdr_from_user+0x10b/0x160
[  838.740086][T16492]  ? __pfx_____sys_sendmsg+0x10/0x10
[  838.745357][T16492]  ? __pfx___lock_acquire+0x10/0x10
[  838.750543][T16492]  ___sys_sendmsg+0x135/0x1e0
[  838.755226][T16492]  ? __pfx____sys_sendmsg+0x10/0x10
[  838.760423][T16492]  ? lock_acquire+0x2f/0xb0
[  838.764905][T16492]  ? __fget_files+0x40/0x3f0
[  838.769504][T16492]  ? fdget+0x176/0x210
[  838.773587][T16492]  __sys_sendmsg+0x117/0x1f0
[  838.778186][T16492]  ? __pfx___sys_sendmsg+0x10/0x10
[  838.783286][T16492]  ? __fget_files+0x244/0x3f0
[  838.787957][T16492]  do_syscall_64+0xcd/0x250
[  838.792438][T16492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  838.798319][T16492] RIP: 0033:0x7f9f9fb7e719
[  838.802722][T16492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  838.822317][T16492] RSP: 002b:00007f9fa09df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  838.830739][T16492] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7e719
[  838.838692][T16492] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  838.846643][T16492] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  838.854609][T16492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  838.862579][T16492] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  838.870547][T16492]  </TASK>
[  838.873572][    C1] vkms_vblank_simulate: vblank timer overrun
[  838.915851][ T5875] usb 3-1: 0:2 : does not exist
[  838.923840][ T5875] usb 3-1: 5:0: cannot get min/max values for control 4 (id 5)
[  838.932009][    T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  838.953647][ T5875] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5)
[  838.968385][    T9] usb 1-1: device descriptor read/8, error -71
[  838.981255][ T5875] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5)
[  839.002346][ T5875] usb 3-1: 5:0: failed to get current value for ch 1 (-22)
[  839.046869][ T5875] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5)
[  839.090013][    T9] usb usb1-port1: unable to enumerate USB device
[  839.151129][ T5875] usb 3-1: USB disconnect, device number 68
[  839.433407][T16511] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2772'.
[  839.769231][T11540] Bluetooth: hci2: unknown advertising packet type: 0xae
[  839.909101][T16527] UBIFS error (pid: 16527): cannot open "(null)", error -22
[  840.132269][T16522] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2775'.
[  840.161853][T16525] fuse: Bad value for 'fd'
[  840.568453][   T29] audit: type=1326 audit(1731835974.699:2389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16518 comm="syz.2.2775" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x0
[  840.654559][T16535] fuse: Bad value for 'fd'
[  840.864229][T16519] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  840.870720][T16519] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  840.877076][T16519] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  841.047317][T16544] FAULT_INJECTION: forcing a failure.
[  841.047317][T16544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  841.224866][T16544] CPU: 0 UID: 0 PID: 16544 Comm: syz.1.2782 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  841.235670][T16544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  841.245735][T16544] Call Trace:
[  841.249011][T16544]  <TASK>
[  841.251934][T16544]  dump_stack_lvl+0x16c/0x1f0
[  841.256621][T16544]  should_fail_ex+0x497/0x5b0
[  841.261926][T16544]  _copy_to_user+0x32/0xd0
[  841.266345][T16544]  simple_read_from_buffer+0xd0/0x160
[  841.271710][T16544]  proc_fail_nth_read+0x198/0x270
[  841.276725][T16544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  841.282245][T16544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  841.287766][T16544]  vfs_read+0x1df/0xbe0
[  841.291902][T16544]  ? __fget_files+0x23a/0x3f0
[  841.296555][T16544]  ? fdget_pos+0x24c/0x360
[  841.300944][T16544]  ? __pfx_lock_release+0x10/0x10
[  841.305959][T16544]  ? trace_lock_acquire+0x14a/0x1d0
[  841.311134][T16544]  ? __pfx_vfs_read+0x10/0x10
[  841.315788][T16544]  ? __pfx___mutex_lock+0x10/0x10
[  841.320790][T16544]  ? __fget_files+0x244/0x3f0
[  841.325446][T16544]  ksys_read+0x12f/0x260
[  841.329678][T16544]  ? __pfx_ksys_read+0x10/0x10
[  841.334425][T16544]  do_syscall_64+0xcd/0x250
[  841.338905][T16544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.344787][T16544] RIP: 0033:0x7f9f9fb7d15c
[  841.349194][T16544] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  841.369298][T16544] RSP: 002b:00007f9fa09df030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  841.377686][T16544] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7d15c
[  841.385655][T16544] RDX: 000000000000000f RSI: 00007f9fa09df0a0 RDI: 0000000000000003
[  841.393601][T16544] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  841.401560][T16544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  841.409530][T16544] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  841.417496][T16544]  </TASK>
[  841.753890][T16551] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2783'.
[  841.763873][T16551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2783'.
[  842.001726][T11540] Bluetooth: hci2: command 0x0c1a tx timeout
[  842.099035][T16554] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  842.120414][T16554] batadv_slave_0: entered promiscuous mode
[  842.369018][T16573] FAULT_INJECTION: forcing a failure.
[  842.369018][T16573] name failslab, interval 1, probability 0, space 0, times 0
[  842.381987][T16573] CPU: 1 UID: 0 PID: 16573 Comm: syz.1.2794 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  842.392836][T16573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  842.402889][T16573] Call Trace:
[  842.406243][T16573]  <TASK>
[  842.409156][T16573]  dump_stack_lvl+0x16c/0x1f0
[  842.413820][T16573]  should_fail_ex+0x497/0x5b0
[  842.418531][T16573]  ? fs_reclaim_acquire+0xae/0x150
[  842.423626][T16573]  should_failslab+0xc2/0x120
[  842.428280][T16573]  __kmalloc_node_track_caller_noprof+0xcf/0x430
[  842.434584][T16573]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  842.439861][T16573]  kstrndup+0xc6/0x160
[  842.443942][T16573]  hwsim_new_radio_nl+0x9ff/0x12b0
[  842.449048][T16573]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  842.454586][T16573]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  842.461943][T16573]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  842.469397][T16573]  genl_family_rcv_msg_doit+0x202/0x2f0
[  842.474931][T16573]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  842.480996][T16573]  ? bpf_lsm_capable+0x9/0x10
[  842.485673][T16573]  ? security_capable+0x7e/0x260
[  842.490616][T16573]  ? ns_capable+0xd7/0x110
[  842.495024][T16573]  genl_rcv_msg+0x565/0x800
[  842.499521][T16573]  ? __pfx_genl_rcv_msg+0x10/0x10
[  842.504542][T16573]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  842.510085][T16573]  netlink_rcv_skb+0x16b/0x440
[  842.514843][T16573]  ? __pfx_genl_rcv_msg+0x10/0x10
[  842.519864][T16573]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  842.525144][T16573]  ? down_read+0xc9/0x330
[  842.529463][T16573]  ? __pfx_down_read+0x10/0x10
[  842.534213][T16573]  ? netlink_deliver_tap+0x1ae/0xd90
[  842.539490][T16573]  genl_rcv+0x28/0x40
[  842.543456][T16573]  netlink_unicast+0x53c/0x7f0
[  842.548223][T16573]  ? __pfx_netlink_unicast+0x10/0x10
[  842.553510][T16573]  netlink_sendmsg+0x8b8/0xd70
[  842.558272][T16573]  ? __pfx_netlink_sendmsg+0x10/0x10
[  842.563558][T16573]  ____sys_sendmsg+0xaaf/0xc90
[  842.568334][T16573]  ? copy_msghdr_from_user+0x10b/0x160
[  842.573783][T16573]  ? __pfx_____sys_sendmsg+0x10/0x10
[  842.579063][T16573]  ? __pfx___lock_acquire+0x10/0x10
[  842.584250][T16573]  ___sys_sendmsg+0x135/0x1e0
[  842.588914][T16573]  ? __pfx____sys_sendmsg+0x10/0x10
[  842.594106][T16573]  ? lock_acquire+0x2f/0xb0
[  842.598589][T16573]  ? __fget_files+0x40/0x3f0
[  842.603177][T16573]  ? fdget+0x176/0x210
[  842.607236][T16573]  __sys_sendmsg+0x117/0x1f0
[  842.611827][T16573]  ? __pfx___sys_sendmsg+0x10/0x10
[  842.616947][T16573]  ? __fget_files+0x244/0x3f0
[  842.621649][T16573]  do_syscall_64+0xcd/0x250
[  842.626148][T16573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.632041][T16573] RIP: 0033:0x7f9f9fb7e719
[  842.636442][T16573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  842.656043][T16573] RSP: 002b:00007f9fa09df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  842.664443][T16573] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7e719
[  842.672398][T16573] RDX: 0000000000000040 RSI: 0000000020000080 RDI: 0000000000000003
[  842.680351][T16573] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  842.688312][T16573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  842.696265][T16573] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  842.704232][T16573]  </TASK>
[  842.707269][    C1] vkms_vblank_simulate: vblank timer overrun
[  842.747358][T16574] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2793'.
[  842.783326][   T29] audit: type=1400 audit(1731835976.919:2390): avc:  denied  { read } for  pid=16564 comm="syz.2.2790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  842.890020][T11540] Bluetooth: hci3: command 0x040f tx timeout
[  842.890028][T16346] Bluetooth: hci5: command 0x0c1a tx timeout
[  843.848917][   T29] audit: type=1400 audit(1731835977.979:2391): avc:  denied  { write } for  pid=16599 comm="syz.0.2800" name="usbmon0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  843.926269][T16602] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2801'.
[  844.120002][   T29] audit: type=1326 audit(1731835978.219:2392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16601 comm="syz.2.2801" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fceb1f7e719 code=0x0
[  844.400769][T16611] UBIFS error (pid: 16611): cannot open "(null)", error -22
[  844.853883][T16627] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  844.867668][T16627] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  844.876270][T16627] vhci_hcd vhci_hcd.0: Device attached
[  844.894159][T16629] vhci_hcd: connection closed
[  844.894258][ T3528] vhci_hcd: stop threads
[  844.916303][ T3528] vhci_hcd: release socket
[  844.922131][ T3528] vhci_hcd: disconnect device
[  845.013054][    T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  845.275032][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  845.288201][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  845.300873][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  845.312297][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  845.339664][    T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  845.375444][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.378587][   T29] audit: type=1400 audit(1731835979.509:2393): avc:  denied  { create } for  pid=16637 comm="syz.1.2812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  845.386066][    T9] usb 1-1: config 0 descriptor??
[  845.404366][    C1] vkms_vblank_simulate: vblank timer overrun
[  845.448813][T16619] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  845.634490][T16647] UBIFS error (pid: 16647): cannot open "(null)", error -22
[  845.859558][T16649] FAULT_INJECTION: forcing a failure.
[  845.859558][T16649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  845.885934][T16649] CPU: 1 UID: 0 PID: 16649 Comm: syz.2.2816 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  845.896712][T16649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  845.906775][T16649] Call Trace:
[  845.910057][T16649]  <TASK>
[  845.912980][T16649]  dump_stack_lvl+0x16c/0x1f0
[  845.917645][T16649]  should_fail_ex+0x497/0x5b0
[  845.922321][T16649]  _copy_from_iter+0x2a1/0x1560
[  845.927179][T16649]  ? __pfx__copy_from_iter+0x10/0x10
[  845.932467][T16649]  ? __virt_addr_valid+0x1a4/0x590
[  845.937575][T16649]  ? __virt_addr_valid+0x5e/0x590
[  845.942599][T16649]  ? __phys_addr_symbol+0x30/0x80
[  845.947607][T16649]  ? __check_object_size+0x488/0x710
[  845.952900][T16649]  pppoe_sendmsg+0x4c2/0x770
[  845.957489][T16649]  ? __pfx_pppoe_sendmsg+0x10/0x10
[  845.962622][T16649]  ____sys_sendmsg+0xaaf/0xc90
[  845.967396][T16649]  ? copy_msghdr_from_user+0x10b/0x160
[  845.972844][T16649]  ? __pfx_____sys_sendmsg+0x10/0x10
[  845.978127][T16649]  ? hlock_class+0x4e/0x130
[  845.982626][T16649]  ? __lock_acquire+0x163e/0x3ce0
[  845.987631][T16649]  ___sys_sendmsg+0x135/0x1e0
[  845.992300][T16649]  ? __pfx____sys_sendmsg+0x10/0x10
[  845.997490][T16649]  ? __pfx___lock_acquire+0x10/0x10
[  846.002709][T16649]  ? __pfx___might_resched+0x10/0x10
[  846.007980][T16649]  ? __might_fault+0xe3/0x190
[  846.012661][T16649]  __sys_sendmmsg+0x1a1/0x450
[  846.017330][T16649]  ? __pfx___sys_sendmmsg+0x10/0x10
[  846.018624][    T9] plantronics 0003:047F:FFFF.001B: unknown main item tag 0xd
[  846.022515][T16649]  ? vfs_write+0x306/0x1150
[  846.031367][    T9] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving
[  846.034369][T16649]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  846.034403][T16649]  ? fput+0x30/0x390
[  846.046127][    T9] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  846.048025][T16649]  ? ksys_write+0x1ad/0x260
[  846.048049][T16649]  ? __pfx_ksys_write+0x10/0x10
[  846.048072][T16649]  __x64_sys_sendmmsg+0x9c/0x100
[  846.078348][T16649]  ? lockdep_hardirqs_on+0x7c/0x110
[  846.083531][T16649]  do_syscall_64+0xcd/0x250
[  846.088011][T16649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.093884][T16649] RIP: 0033:0x7fceb1f7e719
[  846.098282][T16649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  846.117875][T16649] RSP: 002b:00007fceb2e22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  846.126362][T16649] RAX: ffffffffffffffda RBX: 00007fceb2135f80 RCX: 00007fceb1f7e719
[  846.134320][T16649] RDX: 04000000000001f0 RSI: 0000000020000080 RDI: 0000000000000003
[  846.142280][T16649] RBP: 00007fceb2e22090 R08: 0000000000000000 R09: 0000000000000000
[  846.150232][T16649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  846.158201][T16649] R13: 0000000000000000 R14: 00007fceb2135f80 R15: 00007ffeb53c8fc8
[  846.166177][T16649]  </TASK>
[  846.169198][    C1] vkms_vblank_simulate: vblank timer overrun
[  846.483026][T16660] overlayfs: overlapping lowerdir path
[  846.539747][ T5876] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  846.839694][ T5876] usb 5-1: Using ep0 maxpacket: 16
[  847.803913][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  847.819743][ T5876] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  847.830085][ T5876] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 14
[  847.861677][ T5876] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  847.871109][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.879112][ T5876] usb 5-1: Product: syz
[  847.884572][ T5876] usb 5-1: Manufacturer: syz
[  847.889287][ T5876] usb 5-1: SerialNumber: syz
[  847.895810][ T5876] usb 5-1: config 0 descriptor??
[  847.901352][T16654] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  847.908603][T16654] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  847.916912][    C1] port100 5-1:0.0: NFC: Urb failure (status -71)
[  847.923284][    C1] port100 5-1:0.0: NFC: Urb failure (status -71)
[  847.933337][ T5876] port100 5-1:0.0: NFC: Could not get supported command types
[  848.088189][T16680] xt_l2tp: unknown flags: 19
[  848.882972][T12563] usb 2-1: new full-speed USB device number 73 using dummy_hcd
[  850.094409][T16490] usb 5-1: USB disconnect, device number 69
[  850.268961][T12563] usb 2-1: unable to get BOS descriptor or descriptor too short
[  850.423984][T16697] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2828'.
[  850.439853][T12563] usb 2-1: not running at top speed; connect to a high speed hub
[  850.465857][T16695] UBIFS error (pid: 16695): cannot open "(null)", error -22
[  850.503741][T12563] usb 2-1: config 15 has an invalid interface number: 168 but max is 0
[  850.519384][T12563] usb 2-1: config 15 has no interface number 0
[  850.525937][T12563] usb 2-1: config 15 interface 168 has no altsetting 0
[  850.545619][T12563] usb 2-1: New USB device found, idVendor=1044, idProduct=7002, bcdDevice=f0.ca
[  850.576233][T12563] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  850.598814][T12563] usb 2-1: Product: syz
[  850.607606][T12563] usb 2-1: Manufacturer: syz
[  850.612323][T12563] usb 2-1: SerialNumber: syz
[  850.732675][T16490] usb 1-1: USB disconnect, device number 57
[  851.009736][ T5876] usb 3-1: new low-speed USB device number 69 using dummy_hcd
[  851.266402][ T5876] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  851.603284][T12563] dvb-usb: found a 'Gigabyte U8000-RH' in warm state.
[  851.704603][ T5876] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  851.734643][T12563] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  851.818486][ T5876] usb 3-1: config 0 has no interface number 0
[  851.827366][T12563] dvbdev: DVB: registering new adapter (Gigabyte U8000-RH)
[  851.839832][ T5876] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  851.893953][T12563] usb 2-1: media controller created
[  851.902745][T12563] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  851.911839][ T5876] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  851.942224][ T5876] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  851.953643][ T5876] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  851.962862][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.983197][ T5876] usb 3-1: config 0 descriptor??
[  851.990541][T16702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  852.010466][T12563] DVB: Unable to find symbol dib7000p_attach()
[  852.016610][T12563] dvb-usb: no frontend was attached by 'Gigabyte U8000-RH'
[  852.028682][T16717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2835'.
[  852.099649][T12563] rc_core: IR keymap rc-dib0700-rc5 not found
[  852.105877][T12563] Registered IR keymap rc-empty
[  852.114056][T12563] dvb-usb: could not initialize remote control.
[  852.124711][T12563] dvb-usb: Gigabyte U8000-RH successfully initialized and connected.
[  852.149688][ T5875] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  852.217440][ T5876] usb 3-1: USB disconnect, device number 69
[  852.319846][ T5875] usb 1-1: Using ep0 maxpacket: 16
[  852.328707][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  852.357445][    T9] usb 2-1: USB disconnect, device number 73
[  852.370165][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  852.398952][    T9] dvb-usb: Gigabyte U8000-RH successfully deinitialized and disconnected.
[  852.410642][ T5875] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  852.440433][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  852.454324][ T5875] usb 1-1: config 0 descriptor??
[  852.481458][T16726] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2838'.
[  852.645447][   T29] audit: type=1326 audit(1731835986.779:2394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16724 comm="syz.4.2838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x0
[  852.728925][ T5875] usbhid 1-1:0.0: can't add hid device: -71
[  852.745502][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  852.763377][ T5875] usb 1-1: USB disconnect, device number 58
[  853.898584][T16725] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  853.917262][T16725] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  853.930974][T16725] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  853.966322][T11540] Bluetooth: hci3: unknown advertising packet type: 0xae
[  854.196123][T16752] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2845'.
[  854.199691][ T5876] usb 3-1: new low-speed USB device number 70 using dummy_hcd
[  854.206839][T16752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2845'.
[  854.395294][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  854.479387][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  854.489748][T11540] Bluetooth: hci2: command 0x0c1a tx timeout
[  854.500177][ T5876] usb 3-1: New USB device found, idVendor=1e71, idProduct=2010, bcdDevice= 0.00
[  854.515536][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  854.530339][ T5876] usb 3-1: config 0 descriptor??
[  855.280978][T16764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2850'.
[  855.716366][ T5876] nzxt-smart2 0003:1E71:2010.001C: unbalanced delimiter at end of report description
[  856.448908][T11540] Bluetooth: hci5: command 0x0c1a tx timeout
[  856.453704][ T5876] nzxt-smart2 0003:1E71:2010.001C: probe with driver nzxt-smart2 failed with error -22
[  856.455145][T11540] Bluetooth: hci3: command 0x040f tx timeout
[  857.736885][T16795] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2859'.
[  857.836152][T16795] openvswitch: netlink: Key type 29 is not supported
[  857.840573][T16490] usb 3-1: USB disconnect, device number 70
[  858.048523][ T5875] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  858.876773][ T5875] usb 5-1: Using ep0 maxpacket: 32
[  858.885710][ T5875] usb 5-1: config 0 has an invalid interface number: 9 but max is 0
[  859.228862][ T5875] usb 5-1: config 0 has no interface number 0
[  859.238150][ T5875] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  859.256226][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  859.264531][ T5875] usb 5-1: Product: syz
[  859.269020][ T5875] usb 5-1: Manufacturer: syz
[  859.274432][ T5875] usb 5-1: SerialNumber: syz
[  859.280608][T16808] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  859.296257][ T5875] usb 5-1: config 0 descriptor??
[  859.335903][T16806] fuse: Bad value for 'user_id'
[  859.340954][T16806] fuse: Bad value for 'user_id'
[  859.621189][ T5875] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  860.382231][T16825] FAULT_INJECTION: forcing a failure.
[  860.382231][T16825] name failslab, interval 1, probability 0, space 0, times 0
[  860.395057][T16825] CPU: 1 UID: 0 PID: 16825 Comm: syz.2.2867 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  860.405820][T16825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  860.415858][T16825] Call Trace:
[  860.419121][T16825]  <TASK>
[  860.422031][T16825]  dump_stack_lvl+0x16c/0x1f0
[  860.426690][T16825]  should_fail_ex+0x497/0x5b0
[  860.431343][T16825]  ? fs_reclaim_acquire+0xae/0x150
[  860.436431][T16825]  should_failslab+0xc2/0x120
[  860.441086][T16825]  __kmalloc_noprof+0xcb/0x400
[  860.445830][T16825]  ? trace_lock_acquire+0x14a/0x1d0
[  860.451029][T16825]  tomoyo_encode2+0x100/0x3e0
[  860.455713][T16825]  tomoyo_encode+0x29/0x50
[  860.460128][T16825]  tomoyo_mount_acl+0x145/0x880
[  860.464974][T16825]  ? hlock_class+0x4e/0x130
[  860.469476][T16825]  ? __lock_acquire+0x163e/0x3ce0
[  860.474510][T16825]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  860.479883][T16825]  ? __pfx___lock_acquire+0x10/0x10
[  860.485078][T16825]  ? stack_trace_save+0x95/0xd0
[  860.489915][T16825]  ? __pfx_lock_release+0x10/0x10
[  860.494949][T16825]  ? trace_lock_acquire+0x14a/0x1d0
[  860.500150][T16825]  ? tomoyo_mount_permission+0x146/0x410
[  860.505791][T16825]  ? lock_acquire+0x2f/0xb0
[  860.510280][T16825]  ? tomoyo_mount_permission+0x146/0x410
[  860.515903][T16825]  tomoyo_mount_permission+0x16b/0x410
[  860.521355][T16825]  ? tomoyo_mount_permission+0x146/0x410
[  860.526976][T16825]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  860.532958][T16825]  ? get_current_fs_domain+0x184/0x1f0
[  860.538414][T16825]  security_sb_mount+0x9b/0x260
[  860.543244][T16825]  path_mount+0x129/0x1f20
[  860.547661][T16825]  ? kmem_cache_free+0x152/0x4b0
[  860.552603][T16825]  ? __pfx_path_mount+0x10/0x10
[  860.557453][T16825]  ? putname+0x12e/0x170
[  860.561684][T16825]  __x64_sys_mount+0x294/0x320
[  860.566446][T16825]  ? __pfx___x64_sys_mount+0x10/0x10
[  860.571743][T16825]  do_syscall_64+0xcd/0x250
[  860.576251][T16825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.582151][T16825] RIP: 0033:0x7fceb1f7e719
[  860.586549][T16825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  860.592393][T16785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  860.606151][T16825] RSP: 002b:00007fceb2e22038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  860.606194][T16825] RAX: ffffffffffffffda RBX: 00007fceb2135f80 RCX: 00007fceb1f7e719
[  860.606208][T16825] RDX: 0000000020002100 RSI: 00000000200020c0 RDI: 0000000000000000
[  860.606220][T16825] RBP: 00007fceb2e22090 R08: 00000000200003c0 R09: 0000000000000000
[  860.606232][T16825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  860.606242][T16825] R13: 0000000000000000 R14: 00007fceb2135f80 R15: 00007ffeb53c8fc8
[  860.606264][T16825]  </TASK>
[  860.615035][ T5876] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  860.693105][T16785] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  860.744159][ T5875] gspca_topro: reg_w err -71
[  860.769766][ T5875] gspca_topro: Sensor soi763a
[  860.776702][ T5875] usb 5-1: USB disconnect, device number 70
[  860.919780][ T5876] usb 2-1: Using ep0 maxpacket: 32
[  860.938720][ T5876] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  860.948391][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.592964][ T5876] usb 2-1: Product: syz
[  861.597299][ T5876] usb 2-1: Manufacturer: syz
[  861.597952][T16840] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2871'.
[  861.602507][ T5876] usb 2-1: SerialNumber: syz
[  861.655997][T16346] Bluetooth: hci0: command tx timeout
[  861.693350][ T5876] usb 2-1: config 0 descriptor??
[  861.783180][T16840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2871'.
[  862.201714][T16851] can0: slcan on ttyS3.
[  862.259819][  T968] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  862.297768][ T5876] airspy 2-1:0.0: Board ID: 00
[  862.302730][ T5876] airspy 2-1:0.0: Firmware version: 
[  862.469952][  T968] usb 3-1: Using ep0 maxpacket: 16
[  862.484933][  T968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  862.525118][  T968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  862.575973][  T968] usb 3-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  862.601592][  T968] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.621995][  T968] usb 3-1: config 0 descriptor??
[  862.636003][T16855] FAULT_INJECTION: forcing a failure.
[  862.636003][T16855] name failslab, interval 1, probability 0, space 0, times 0
[  862.654975][T16849] can0 (unregistered): slcan off ttyS3.
[  862.671968][T16855] CPU: 1 UID: 0 PID: 16855 Comm: syz.4.2877 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  862.682749][T16855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  862.692796][T16855] Call Trace:
[  862.696052][T16855]  <TASK>
[  862.698958][T16855]  dump_stack_lvl+0x16c/0x1f0
[  862.703615][T16855]  should_fail_ex+0x497/0x5b0
[  862.708270][T16855]  ? fs_reclaim_acquire+0xae/0x150
[  862.713360][T16855]  should_failslab+0xc2/0x120
[  862.718026][T16855]  __kmalloc_cache_noprof+0x6b/0x300
[  862.723300][T16855]  ? shmem_acquire_dquot+0x23b/0x8c0
[  862.728575][T16855]  shmem_acquire_dquot+0x23b/0x8c0
[  862.733681][T16855]  dqget+0x691/0x1160
[  862.737646][T16855]  ? __pfx_dqget+0x10/0x10
[  862.742055][T16855]  ? from_kqid+0xfa/0x1d0
[  862.746544][T16855]  ? __pfx_from_kqid+0x10/0x10
[  862.751292][T16855]  dquot_get_dqblk+0x21/0x90
[  862.755859][T16855]  quota_getquota+0x25e/0x4a0
[  862.760511][T16855]  ? __pfx_quota_getquota+0x10/0x10
[  862.765686][T16855]  ? avc_has_perm+0x11b/0x1c0
[  862.770347][T16855]  ? selinux_quotactl+0x292/0x300
[  862.775366][T16855]  do_quotactl+0x572/0x13d0
[  862.779845][T16855]  ? __pfx_do_quotactl+0x10/0x10
[  862.784754][T16855]  ? rwsem_read_trylock+0x12d/0x250
[  862.789935][T16855]  ? __pfx_rwsem_read_trylock+0x10/0x10
[  862.795461][T16855]  ? __x64_sys_quotactl_fd+0x2cc/0x520
[  862.800909][T16855]  ? lock_acquire+0x2f/0xb0
[  862.805385][T16855]  ? __x64_sys_quotactl_fd+0x2cc/0x520
[  862.810817][T16855]  ? down_read+0xc9/0x330
[  862.815118][T16855]  ? __pfx_down_read+0x10/0x10
[  862.819854][T16855]  ? mnt_get_write_access+0x20c/0x300
[  862.825202][T16855]  __x64_sys_quotactl_fd+0x2e8/0x520
[  862.830476][T16855]  do_syscall_64+0xcd/0x250
[  862.834983][T16855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.840854][T16855] RIP: 0033:0x7f7534b7e719
[  862.845241][T16855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  862.864821][T16855] RSP: 002b:00007f7535a18038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb
[  862.873207][T16855] RAX: ffffffffffffffda RBX: 00007f7534d35f80 RCX: 00007f7534b7e719
[  862.881152][T16855] RDX: 000000000000ee01 RSI: ffffffff80000700 RDI: 0000000000000003
[  862.889092][T16855] RBP: 00007f7535a18090 R08: 0000000000000000 R09: 0000000000000000
[  862.897034][T16855] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  862.904978][T16855] R13: 0000000000000000 R14: 00007f7534d35f80 R15: 00007ffc1e16d058
[  862.912929][T16855]  </TASK>
[  862.930056][T16853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2876'.
[  862.953547][T16853] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2876'.
[  863.131863][  T968] usbhid 3-1:0.0: can't add hid device: -71
[  863.146423][  T968] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  863.184309][  T968] usb 3-1: USB disconnect, device number 71
[  863.379837][T12563] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  863.541085][T12563] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  863.553115][T12563] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  863.565049][T12563] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  863.574544][T12563] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.582770][ T5876] airspy 2-1:0.0: usb_control_msg() failed -71 request 10
[  863.591766][T12563] usb 5-1: config 0 descriptor??
[  863.600047][ T5876] airspy 2-1:0.0: Registered as swradio24
[  863.606906][ T5876] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  863.619511][ T5876] usb 2-1: USB disconnect, device number 74
[  864.017741][T12563] zydacron 0003:13EC:0006.001D: unknown main item tag 0x0
[  864.035340][T12563] zydacron 0003:13EC:0006.001D: unknown main item tag 0x0
[  864.045480][T12563] zydacron 0003:13EC:0006.001D: unknown main item tag 0x0
[  864.065722][T12563] zydacron 0003:13EC:0006.001D: unknown main item tag 0x0
[  864.082194][T12563] zydacron 0003:13EC:0006.001D: unknown main item tag 0x0
[  864.086177][T11540] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  864.115216][T12563] zydacron 0003:13EC:0006.001D: hidraw0: USB HID v0.00 Device [HID 13ec:0006] on usb-dummy_hcd.4-1/input0
[  864.117888][T11540] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  864.142113][T11540] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  864.160596][T11540] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  864.168622][T11540] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  864.175995][T11540] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  864.199670][ T5876] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  864.212527][T16874] lo speed is unknown, defaulting to 1000
[  864.213179][T16874] ip6gretap0 speed is unknown, defaulting to 1000
[  864.260257][   T29] audit: type=1326 audit(1731835998.399:2395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16876 comm="syz.1.2884" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f9fb7e719 code=0x0
[  864.307905][ T7410] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.318500][ T7410] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  864.359843][ T5876] usb 3-1: Using ep0 maxpacket: 32
[  864.370178][ T5876] usb 3-1: config 0 has an invalid interface number: 9 but max is 0
[  864.378165][ T5876] usb 3-1: config 0 has no interface number 0
[  864.409562][ T5876] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  864.428973][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  864.442213][ T7410] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.452712][ T7410] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  864.462815][ T5876] usb 3-1: Product: syz
[  864.471075][T16874] chnl_net:caif_netlink_parms(): no params data found
[  864.479922][ T5876] usb 3-1: Manufacturer: syz
[  864.484516][ T5876] usb 3-1: SerialNumber: syz
[  864.510720][ T5876] usb 3-1: config 0 descriptor??
[  864.521283][ T5876] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  864.566441][ T7410] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.581573][ T7410] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  864.675419][ T7410] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.692507][ T7410] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  864.717210][T16874] bridge0: port 1(bridge_slave_0) entered blocking state
[  864.746688][T16874] bridge0: port 1(bridge_slave_0) entered disabled state
[  864.758776][T16874] bridge_slave_0: entered allmulticast mode
[  864.767139][T16874] bridge_slave_0: entered promiscuous mode
[  864.796301][T16874] bridge0: port 2(bridge_slave_1) entered blocking state
[  864.808031][T16874] bridge0: port 2(bridge_slave_1) entered disabled state
[  864.821367][T16874] bridge_slave_1: entered allmulticast mode
[  864.828319][T16874] bridge_slave_1: entered promiscuous mode
[  864.897154][T16874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  864.913871][T16874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  864.925674][T16890] FAULT_INJECTION: forcing a failure.
[  864.925674][T16890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  864.939237][T16890] CPU: 0 UID: 0 PID: 16890 Comm: syz.1.2886 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  864.950005][T16890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  864.960061][T16890] Call Trace:
[  864.963333][T16890]  <TASK>
[  864.966260][T16890]  dump_stack_lvl+0x16c/0x1f0
[  864.970937][T16890]  should_fail_ex+0x497/0x5b0
[  864.975695][T16890]  _copy_from_iter+0x469/0x1560
[  864.980557][T16890]  ? __pfx__copy_from_iter+0x10/0x10
[  864.985840][T16890]  ? vivid_vid_cap_s_selection+0x29bf/0x2b70
[  864.991814][T16890]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  864.997710][T16890]  ? __check_object_size+0xad/0x710
[  865.002893][T16890]  ? __lock_acquire+0x163e/0x3ce0
[  865.007897][T16890]  ping_common_sendmsg+0xc7/0x2d0
[  865.012906][T16890]  ping_v4_sendmsg+0x1d6/0x1af0
[  865.017752][T16890]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[  865.023038][T16890]  ? find_held_lock+0x2d/0x110
[  865.027791][T16890]  ? __pfx_lock_release+0x10/0x10
[  865.032797][T16890]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  865.038164][T16890]  ? __local_bh_enable_ip+0xa4/0x120
[  865.043438][T16890]  ? lockdep_hardirqs_on+0x7c/0x110
[  865.048623][T16890]  ? inet_autobind+0x145/0x1a0
[  865.053373][T16890]  ? __local_bh_enable_ip+0xa4/0x120
[  865.058640][T16890]  ? __pfx_ping_v4_sendmsg+0x10/0x10
[  865.063920][T16890]  ? inet_sendmsg+0x119/0x140
[  865.068581][T16890]  inet_sendmsg+0x119/0x140
[  865.073070][T16890]  ____sys_sendmsg+0x98c/0xc90
[  865.077836][T16890]  ? copy_msghdr_from_user+0x10b/0x160
[  865.083300][T16890]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.088605][T16890]  ? __pfx___lock_acquire+0x10/0x10
[  865.093798][T16890]  ___sys_sendmsg+0x135/0x1e0
[  865.098475][T16890]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.103669][T16890]  ? lock_acquire+0x2f/0xb0
[  865.108155][T16890]  ? __fget_files+0x40/0x3f0
[  865.112742][T16890]  ? fdget+0x176/0x210
[  865.116800][T16890]  __sys_sendmsg+0x117/0x1f0
[  865.121377][T16890]  ? __pfx___sys_sendmsg+0x10/0x10
[  865.126475][T16890]  ? __fget_files+0x244/0x3f0
[  865.131154][T16890]  do_syscall_64+0xcd/0x250
[  865.135649][T16890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.141621][T16890] RIP: 0033:0x7f9f9fb7e719
[  865.146019][T16890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.165608][T16890] RSP: 002b:00007f9fa09df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  865.174009][T16890] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7e719
[  865.181965][T16890] RDX: 0000000024088854 RSI: 0000000020000080 RDI: 0000000000000003
[  865.189925][T16890] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  865.197885][T16890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  865.205838][T16890] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  865.213888][T16890]  </TASK>
[  865.216978][    C0] vkms_vblank_simulate: vblank timer overrun
[  865.629655][T16873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  865.638369][T16873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  865.673703][ T5876] gspca_topro: reg_w err -71
[  865.702108][ T5876] gspca_topro: Sensor soi763a
[  865.713373][   T29] audit: type=1400 audit(1731835999.849:2396): avc:  denied  { getopt } for  pid=16896 comm="syz.1.2888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  865.734541][ T5876] usb 3-1: USB disconnect, device number 72
[  865.764702][ T7410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  865.783866][ T7410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  865.805096][ T7410] bond0 (unregistering): Released all slaves
[  865.820640][ T7410] bond1 (unregistering): Released all slaves
[  865.835831][T16874] team0: Port device team_slave_0 added
[  865.846659][T16874] team0: Port device team_slave_1 added
[  865.892517][T16874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  865.902195][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  865.928117][    C0] vkms_vblank_simulate: vblank timer overrun
[  865.952414][T16874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  865.974199][T16874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  865.984115][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  866.019123][T16874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  866.051412][T16490] usb 5-1: USB disconnect, device number 71
[  866.180694][T16874] hsr_slave_0: entered promiscuous mode
[  866.186722][T16874] hsr_slave_1: entered promiscuous mode
[  866.196341][T16874] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  866.204735][T16874] Cannot create hsr debugfs directory
[  866.226547][T16912] workqueue: name exceeds WQ_NAME_LEN. Truncating to: †<)Ù2¼”›U7‘Åä‹¡ô¾ÐËÝ;&!éi‡¼
[  866.241498][T11540] Bluetooth: hci6: command tx timeout
[  866.616478][ T7410] hsr_slave_0: left promiscuous mode
[  866.628382][ T7410] hsr_slave_1: left promiscuous mode
[  866.636750][ T7410] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  866.648827][ T7410] batman_adv: batadv0: Removing interface: batadv_slave_0
[  866.664406][ T7410] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  866.673004][ T7410] batman_adv: batadv0: Removing interface: batadv_slave_1
[  866.696965][ T7410] veth1_macvtap: left promiscuous mode
[  866.708390][ T7410] veth1_vlan: left promiscuous mode
[  866.715097][ T7410] veth0_vlan: left promiscuous mode
[  866.829833][ T5876] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  866.983684][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  866.996222][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  867.016307][ T5876] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.04
[  867.032085][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.055294][ T5876] usb 2-1: config 0 descriptor??
[  867.119783][T16490] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  867.217948][ T7410] team0 (unregistering): Port device team_slave_1 removed
[  867.255472][T16927] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2897'.
[  867.264532][T16927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2897'.
[  867.275321][T16927] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  867.309962][T16490] usb 5-1: Using ep0 maxpacket: 16
[  867.321701][T16490] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.333234][ T7410] team0 (unregistering): Port device team_slave_0 removed
[  867.363195][T16490] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  867.398304][T16490] usb 5-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  867.407691][T16490] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.551687][T16490] usb 5-1: config 0 descriptor??
[  867.897333][T16490] usbhid 5-1:0.0: can't add hid device: -71
[  867.931631][T16490] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  867.947350][T16490] usb 5-1: USB disconnect, device number 72
[  868.095701][ T5876] hid-thrustmaster 0003:044F:B65D.001E: unknown main item tag 0x0
[  868.113538][ T5876] hid-thrustmaster 0003:044F:B65D.001E: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0
[  868.125848][ T5876] hid-thrustmaster 0003:044F:B65D.001E: Wrong number of endpoints?
[  868.329715][T11540] Bluetooth: hci6: command tx timeout
[  868.886180][    C1] hid-thrustmaster 0003:044F:B65D.001E: URB to get model id failed with error -71
[  868.886508][T16490] usb 2-1: USB disconnect, device number 75
[  869.180358][ T5876] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  869.336051][ T5876] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  869.345963][ T7410] IPVS: stop unused estimator thread 0...
[  869.352259][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  869.371026][T16874] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  869.378458][ T5876] usb 3-1: config 0 descriptor??
[  869.387257][T16874] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  869.395479][ T5876] gspca_main: cpia1-2.14.0 probing 0813:0001
[  869.404527][T16874] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  869.413645][T16874] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  869.473774][T16874] 8021q: adding VLAN 0 to HW filter on device bond0
[  869.497495][T16874] 8021q: adding VLAN 0 to HW filter on device team0
[  869.518115][  T965] bridge0: port 1(bridge_slave_0) entered blocking state
[  869.525217][  T965] bridge0: port 1(bridge_slave_0) entered forwarding state
[  869.563597][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[  869.570711][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  869.580971][T16946] FAULT_INJECTION: forcing a failure.
[  869.580971][T16946] name failslab, interval 1, probability 0, space 0, times 0
[  869.611989][T16948] FAULT_INJECTION: forcing a failure.
[  869.611989][T16948] name failslab, interval 1, probability 0, space 0, times 0
[  869.623837][T16946] CPU: 1 UID: 0 PID: 16946 Comm: syz.4.2904 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  869.635325][T16946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  869.645366][T16946] Call Trace:
[  869.648627][T16946]  <TASK>
[  869.651545][T16946]  dump_stack_lvl+0x16c/0x1f0
[  869.656212][T16946]  should_fail_ex+0x497/0x5b0
[  869.660879][T16946]  should_failslab+0xc2/0x120
[  869.665545][T16946]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  869.670911][T16946]  ? skb_clone+0x190/0x3f0
[  869.675331][T16946]  skb_clone+0x190/0x3f0
[  869.679561][T16946]  netlink_deliver_tap+0xab3/0xd90
[  869.684675][T16946]  netlink_unicast+0x5e1/0x7f0
[  869.689422][T16946]  ? __pfx_netlink_unicast+0x10/0x10
[  869.694697][T16946]  netlink_sendmsg+0x8b8/0xd70
[  869.699446][T16946]  ? __pfx_netlink_sendmsg+0x10/0x10
[  869.704719][T16946]  ____sys_sendmsg+0xaaf/0xc90
[  869.709474][T16946]  ? copy_msghdr_from_user+0x10b/0x160
[  869.714918][T16946]  ? __pfx_____sys_sendmsg+0x10/0x10
[  869.720202][T16946]  ? __pfx___lock_acquire+0x10/0x10
[  869.725394][T16946]  ___sys_sendmsg+0x135/0x1e0
[  869.730065][T16946]  ? __pfx____sys_sendmsg+0x10/0x10
[  869.735256][T16946]  ? lock_acquire+0x2f/0xb0
[  869.739742][T16946]  ? __fget_files+0x40/0x3f0
[  869.744334][T16946]  ? fdget+0x176/0x210
[  869.748393][T16946]  __sys_sendmsg+0x117/0x1f0
[  869.752968][T16946]  ? __pfx___sys_sendmsg+0x10/0x10
[  869.758076][T16946]  ? __fget_files+0x244/0x3f0
[  869.762757][T16946]  do_syscall_64+0xcd/0x250
[  869.767244][T16946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.773141][T16946] RIP: 0033:0x7f7534b7e719
[  869.777538][T16946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.797134][T16946] RSP: 002b:00007f7535a18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  869.805533][T16946] RAX: ffffffffffffffda RBX: 00007f7534d35f80 RCX: 00007f7534b7e719
[  869.813487][T16946] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[  869.821439][T16946] RBP: 00007f7535a18090 R08: 0000000000000000 R09: 0000000000000000
[  869.829393][T16946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  869.837360][T16946] R13: 0000000000000000 R14: 00007f7534d35f80 R15: 00007ffc1e16d058
[  869.845323][T16946]  </TASK>
[  869.851652][T16874] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  869.862107][T16874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  869.868835][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  869.884480][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  869.893780][ T5876] cpia1 3-1:0.0: unexpected state after lo power cmd: 4e
[  869.893899][T16948] CPU: 0 UID: 0 PID: 16948 Comm: syz.5.2902 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  869.911556][T16948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  869.921615][T16948] Call Trace:
[  869.924896][T16948]  <TASK>
[  869.927828][T16948]  dump_stack_lvl+0x16c/0x1f0
[  869.932513][T16948]  should_fail_ex+0x497/0x5b0
[  869.937193][T16948]  ? fs_reclaim_acquire+0xae/0x150
[  869.942304][T16948]  should_failslab+0xc2/0x120
[  869.946987][T16948]  __kmalloc_node_track_caller_noprof+0xcf/0x430
[  869.953319][T16948]  ? __pfx_lock_release+0x10/0x10
[  869.958341][T16948]  ? kvasprintf_const+0x66/0x1a0
[  869.963287][T16948]  kvasprintf+0xbd/0x160
[  869.967537][T16948]  ? __pfx_kvasprintf+0x10/0x10
[  869.972388][T16948]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  869.978198][T16948]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  869.984012][T16948]  ? __debug_object_init+0x34a/0x480
[  869.989305][T16948]  kvasprintf_const+0x66/0x1a0
[  869.994076][T16948]  kobject_set_name_vargs+0x5a/0x140
[  869.999364][T16948]  dev_set_name+0xc8/0x100
[  870.003790][T16948]  ? __pfx_dev_set_name+0x10/0x10
[  870.008821][T16948]  ? __init_waitqueue_head+0xca/0x150
[  870.014196][T16948]  ? input_allocate_device+0x271/0x350
[  870.019656][T16948]  input_allocate_device+0x293/0x350
[  870.024940][T16948]  uinput_ioctl_handler.isra.0+0x897/0x1d70
[  870.030837][T16948]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  870.037341][T16948]  ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10
[  870.043670][T16948]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  870.050525][T16948]  ? trace_lock_acquire+0x14a/0x1d0
[  870.055737][T16948]  ? selinux_file_ioctl+0x180/0x270
[  870.060936][T16948]  ? selinux_file_ioctl+0xb4/0x270
[  870.066050][T16948]  ? __pfx_uinput_ioctl+0x10/0x10
[  870.071080][T16948]  __x64_sys_ioctl+0x18f/0x220
[  870.075851][T16948]  do_syscall_64+0xcd/0x250
[  870.080358][T16948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.086247][T16948] RIP: 0033:0x7f1559f7e719
[  870.090646][T16948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.110240][T16948] RSP: 002b:00007f155ad1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  870.118640][T16948] RAX: ffffffffffffffda RBX: 00007f155a135f80 RCX: 00007f1559f7e719
[  870.126593][T16948] RDX: 0000000020000140 RSI: 000000008004552d RDI: 0000000000000003
[  870.134550][T16948] RBP: 00007f155ad1a090 R08: 0000000000000000 R09: 0000000000000000
[  870.142509][T16948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.150471][T16948] R13: 0000000000000000 R14: 00007f155a135f80 R15: 00007fffe605e2f8
[  870.158439][T16948]  </TASK>
[  870.161532][    C0] vkms_vblank_simulate: vblank timer overrun
[  870.355126][T16874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  870.388081][T16874] veth0_vlan: entered promiscuous mode
[  870.400157][T11540] Bluetooth: hci6: command tx timeout
[  870.406151][ T5876] cpia1 3-1:0.0: only firmware version 1 is supported (got: 9)
[  870.410170][T16874] veth1_vlan: entered promiscuous mode
[  870.434508][T16874] veth0_macvtap: entered promiscuous mode
[  870.442069][T16874] veth1_macvtap: entered promiscuous mode
[  870.454391][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.465013][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.475164][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.485955][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.497117][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.507804][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.518857][T16874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  870.529507][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  870.540309][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.550214][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  870.561384][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.579903][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  870.603299][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.624627][   T52] usb 3-1: USB disconnect, device number 73
[  870.637801][T16874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  870.648652][T16874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  870.663258][T16874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  870.674947][T16958] FAULT_INJECTION: forcing a failure.
[  870.674947][T16958] name failslab, interval 1, probability 0, space 0, times 0
[  870.700196][T16958] CPU: 0 UID: 0 PID: 16958 Comm: syz.4.2907 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  870.710973][T16958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  870.721035][T16958] Call Trace:
[  870.724313][T16958]  <TASK>
[  870.727244][T16958]  dump_stack_lvl+0x16c/0x1f0
[  870.731942][T16958]  should_fail_ex+0x497/0x5b0
[  870.736624][T16958]  ? fs_reclaim_acquire+0xae/0x150
[  870.741743][T16958]  should_failslab+0xc2/0x120
[  870.746434][T16958]  __kmalloc_cache_noprof+0x6b/0x300
[  870.751731][T16958]  ? __nla_parse+0x40/0x60
[  870.756157][T16958]  ? tcf_action_init_1+0x27a/0x6c0
[  870.761276][T16958]  tcf_action_init_1+0x27a/0x6c0
[  870.766226][T16958]  ? tc_lookup_action_n+0xc9/0xf0
[  870.771255][T16958]  ? __pfx_tcf_action_init_1+0x10/0x10
[  870.776721][T16958]  ? __pfx_tc_action_load_ops+0x10/0x10
[  870.782288][T16958]  ? __nla_parse+0x40/0x60
[  870.786722][T16958]  tcf_action_init+0x42e/0x9c0
[  870.791513][T16958]  ? __pfx_tcf_action_init+0x10/0x10
[  870.796806][T16958]  ? __pfx_mark_lock+0x10/0x10
[  870.801600][T16958]  ? __pfx___lock_acquire+0x10/0x10
[  870.806781][T16958]  ? __pfx_lock_release+0x10/0x10
[  870.811788][T16958]  ? trace_lock_acquire+0x14a/0x1d0
[  870.816987][T16958]  tcf_action_add+0xfd/0x5d0
[  870.821572][T16958]  ? __pfx_tcf_action_add+0x10/0x10
[  870.826760][T16958]  ? __pfx_lock_release+0x10/0x10
[  870.831797][T16958]  ? __nla_parse+0x40/0x60
[  870.836203][T16958]  tc_ctl_action+0x35d/0x470
[  870.840782][T16958]  ? __pfx_tc_ctl_action+0x10/0x10
[  870.845886][T16958]  ? __pfx_tc_ctl_action+0x10/0x10
[  870.850984][T16958]  rtnetlink_rcv_msg+0x3c7/0xea0
[  870.855909][T16958]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  870.861363][T16958]  netlink_rcv_skb+0x16b/0x440
[  870.866107][T16958]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  870.871548][T16958]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  870.876825][T16958]  ? netlink_deliver_tap+0x1ae/0xd90
[  870.882101][T16958]  netlink_unicast+0x53c/0x7f0
[  870.886848][T16958]  ? __pfx_netlink_unicast+0x10/0x10
[  870.892121][T16958]  netlink_sendmsg+0x8b8/0xd70
[  870.896872][T16958]  ? __pfx_netlink_sendmsg+0x10/0x10
[  870.902147][T16958]  ____sys_sendmsg+0xaaf/0xc90
[  870.906899][T16958]  ? copy_msghdr_from_user+0x10b/0x160
[  870.912343][T16958]  ? __pfx_____sys_sendmsg+0x10/0x10
[  870.917621][T16958]  ? __pfx___lock_acquire+0x10/0x10
[  870.922803][T16958]  ___sys_sendmsg+0x135/0x1e0
[  870.927474][T16958]  ? __pfx____sys_sendmsg+0x10/0x10
[  870.932677][T16958]  ? lock_acquire+0x2f/0xb0
[  870.937163][T16958]  ? __fget_files+0x40/0x3f0
[  870.941750][T16958]  ? fdget+0x176/0x210
[  870.945813][T16958]  __sys_sendmsg+0x117/0x1f0
[  870.950387][T16958]  ? __pfx___sys_sendmsg+0x10/0x10
[  870.955915][T16958]  ? __fget_files+0x244/0x3f0
[  870.960593][T16958]  do_syscall_64+0xcd/0x250
[  870.965080][T16958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.970964][T16958] RIP: 0033:0x7f7534b7e719
[  870.975360][T16958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.994952][T16958] RSP: 002b:00007f7535a18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  871.003347][T16958] RAX: ffffffffffffffda RBX: 00007f7534d35f80 RCX: 00007f7534b7e719
[  871.011302][T16958] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  871.019256][T16958] RBP: 00007f7535a18090 R08: 0000000000000000 R09: 0000000000000000
[  871.027211][T16958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  871.035162][T16958] R13: 0000000000000000 R14: 00007f7534d35f80 R15: 00007ffc1e16d058
[  871.043127][T16958]  </TASK>
[  871.046320][    C0] vkms_vblank_simulate: vblank timer overrun
[  871.071869][T16874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  871.085015][T16874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  871.104547][T16874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  871.113398][T16874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  871.196485][ T7410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  871.212292][ T7410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  871.406909][ T7410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  871.421891][ T7410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  871.866034][T16973] overlayfs: overlapping lowerdir path
[  872.857957][T11540] Bluetooth: hci6: command tx timeout
[  874.190940][T16993] siw: device registration error -23
[  874.358224][T16995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2916'.
[  874.479781][T16995] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  874.487368][   T29] audit: type=1400 audit(1731836008.559:2397): avc:  denied  { write } for  pid=16994 comm="syz.1.2916" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  876.021501][T16998] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  876.030336][T16998] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  876.039106][T16998] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  876.048530][T16998] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  876.080068][T12563] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  876.204103][T17005] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2917'.
[  876.229648][T12563] usb 3-1: Using ep0 maxpacket: 8
[  876.239088][T12563] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  876.359267][T12563] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  876.545388][T12563] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  876.820371][T12563] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  876.831567][T12563] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  876.844664][T12563] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  876.853780][T12563] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.964564][T17009] IPVS: set_ctl: invalid protocol: 98 10.1.1.2:20004
[  877.015565][T17009] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17009 comm=syz.0.2921
[  877.089686][T17016] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2922'.
[  877.098764][T17016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2922'.
[  877.105663][T12563] usb 3-1: usb_control_msg returned -71
[  877.113927][T12563] usbtmc 3-1:16.0: can't read capabilities
[  877.186113][T17016] ebt_among: wrong size: 1048 against expected 710676, rounded to 710680
[  877.239121][T12563] usb 3-1: USB disconnect, device number 74
[  877.374863][T11540] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  877.850414][T17030] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2926'.
[  878.810703][ T5829] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  879.609751][ T5829] usb 1-1: Using ep0 maxpacket: 16
[  879.622915][ T5829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  879.719757][ T5829] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  879.740362][ T5829] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  879.759746][ T5829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.883454][T11540] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  880.287448][ T5829] usb 1-1: config 0 descriptor??
[  880.309232][T11540] Bluetooth: hci2: unknown advertising packet type: 0xae
[  880.584173][ T5829] usbhid 1-1:0.0: can't add hid device: -71
[  880.598473][ T5829] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  880.623483][T17046] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2931'.
[  880.632473][T17046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2931'.
[  880.652590][T17046] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  880.660787][T17046] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  880.669171][T17046] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  880.690208][ T5829] usb 1-1: USB disconnect, device number 59
[  881.217613][   T29] audit: type=1326 audit(1731836015.349:2398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.241373][   T29] audit: type=1326 audit(1731836015.349:2399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.265595][ T5875] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  881.277225][   T29] audit: type=1326 audit(1731836015.349:2400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.302629][   T29] audit: type=1326 audit(1731836015.349:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.326790][   T29] audit: type=1326 audit(1731836015.349:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.350678][   T29] audit: type=1326 audit(1731836015.349:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.374510][T16490] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  881.383541][   T29] audit: type=1326 audit(1731836015.349:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.407366][   T29] audit: type=1326 audit(1731836015.349:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.433125][   T29] audit: type=1326 audit(1731836015.349:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.469936][   T29] audit: type=1326 audit(1731836015.349:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17059 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7534b7e719 code=0x7ffc0000
[  881.499728][ T5875] usb 3-1: Using ep0 maxpacket: 8
[  881.544330][ T5875] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  881.575828][T16490] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  881.584542][ T5875] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  881.593866][T16490] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  881.607679][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.620243][ T5875] usb 3-1: Product: syz
[  881.624421][ T5875] usb 3-1: Manufacturer: syz
[  881.629187][T16490] usb 2-1: config 220 has no interface number 2
[  881.636037][T16490] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  881.649664][ T5875] usb 3-1: SerialNumber: syz
[  881.655197][T16490] usb 2-1: config 220 interface 0 has no altsetting 0
[  881.665200][T16490] usb 2-1: config 220 interface 76 has no altsetting 0
[  881.673011][T16490] usb 2-1: config 220 interface 1 has no altsetting 0
[  881.682407][T16490] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  881.693648][T16490] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.705732][T16490] usb 2-1: Product: syz
[  881.709991][T16490] usb 2-1: Manufacturer: syz
[  881.719798][T16490] usb 2-1: SerialNumber: syz
[  881.945731][T17071] siw: device registration error -23
[  881.948442][T16490] usb 2-1: selecting invalid altsetting 0
[  881.968303][T16490] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[  881.978442][T16490] usb 2-1: No valid video chain found.
[  881.994121][T16490] usb 2-1: selecting invalid altsetting 0
[  882.000363][T16490] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  882.021459][T16490] usb 2-1: USB disconnect, device number 76
[  882.499749][T16490] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  882.669908][ T5875] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42
[  882.676372][ T5875] cdc_ncm 3-1:1.0: setting tx_max = 16384
[  883.579773][T16490] usb 5-1: Using ep0 maxpacket: 16
[  883.591079][ T5875] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  883.607972][T16490] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  883.618104][T16490] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.764888][T16490] usb 5-1: Product: syz
[  883.813391][T16490] usb 5-1: Manufacturer: syz
[  883.818161][T16490] usb 5-1: SerialNumber: syz
[  885.015364][T17091] UBIFS error (pid: 17091): cannot open "(null)", error -22
[  886.100796][T17098] overlayfs: overlapping lowerdir path
[  886.120429][  T968] usb 3-1: USB disconnect, device number 75
[  886.127025][  T968] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP)
[  886.136559][T16490] r8152-cfgselector 5-1: Unknown version 0x0000
[  886.146961][T16490] r8152-cfgselector 5-1: config 0 descriptor??
[  886.155519][T16490] r8152-cfgselector 5-1: can't set config #0, error -71
[  886.199955][T16490] r8152-cfgselector 5-1: USB disconnect, device number 73
[  886.498263][T17115] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2951'.
[  887.449403][T17125] kAFS: No cell specified
[  887.636021][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  887.636037][   T29] audit: type=1400 audit(1731836021.769:2415): avc:  denied  { bind } for  pid=17134 comm="syz.4.2960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  887.762968][   T29] audit: type=1400 audit(1731836021.769:2416): avc:  denied  { ioctl } for  pid=17132 comm="syz.1.2958" path="socket:[56912]" dev="sockfs" ino=56912 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  889.229313][T16490] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  889.241971][ T5829] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  889.390477][T16490] usb 1-1: Using ep0 maxpacket: 32
[  889.406510][T16490] usb 1-1: too many configurations: 27, using maximum allowed: 8
[  889.425768][T16490] usb 1-1: unable to read config index 0 descriptor/start: -61
[  889.437796][T16490] usb 1-1: can't read configurations, error -61
[  889.459846][ T5829] usb 3-1: Using ep0 maxpacket: 32
[  889.476408][T11540] Bluetooth: hci3: unknown advertising packet type: 0xae
[  889.589711][T16490] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  889.864778][   T29] audit: type=1400 audit(1731836023.989:2417): avc:  denied  { setopt } for  pid=17150 comm="syz.1.2963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  889.909669][T16490] usb 1-1: Using ep0 maxpacket: 32
[  889.962760][T16490] usb 1-1: too many configurations: 27, using maximum allowed: 8
[  890.055089][   T29] audit: type=1326 audit(1731836023.989:2418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17150 comm="syz.1.2963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f9fb7e719 code=0x0
[  890.135569][T16490] usb 1-1: unable to read config index 0 descriptor/start: -61
[  890.166508][T16490] usb 1-1: can't read configurations, error -61
[  890.179612][T16490] usb usb1-port1: attempt power cycle
[  890.557806][ T5829] usb 3-1: unable to get BOS descriptor or descriptor too short
[  890.560684][   T29] audit: type=1400 audit(1731836024.689:2419): avc:  denied  { create } for  pid=17154 comm="syz.4.2964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  890.586718][   T29] audit: type=1400 audit(1731836024.689:2420): avc:  denied  { write } for  pid=17154 comm="syz.4.2964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  890.617209][T16490] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  890.659738][ T5829] usb 3-1: unable to read config index 0 descriptor/start: -71
[  890.667331][ T5829] usb 3-1: can't read configurations, error -71
[  890.747128][T17162] FAULT_INJECTION: forcing a failure.
[  890.747128][T17162] name failslab, interval 1, probability 0, space 0, times 0
[  890.784564][T17162] CPU: 1 UID: 0 PID: 17162 Comm: syz.1.2968 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  890.795359][T17162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  890.805419][T17162] Call Trace:
[  890.808698][T17162]  <TASK>
[  890.811625][T17162]  dump_stack_lvl+0x16c/0x1f0
[  890.816297][T17162]  should_fail_ex+0x497/0x5b0
[  890.820961][T17162]  ? fs_reclaim_acquire+0xae/0x150
[  890.826055][T17162]  should_failslab+0xc2/0x120
[  890.830720][T17162]  __kmalloc_cache_noprof+0x6b/0x300
[  890.835988][T17162]  ? nfnl_err_add+0x4e/0x2d0
[  890.840562][T17162]  nfnl_err_add+0x4e/0x2d0
[  890.844963][T17162]  nfnetlink_rcv_batch+0xe40/0x24e0
[  890.850155][T17162]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  890.855774][T17162]  ? avc_has_perm_noaudit+0x119/0x3a0
[  890.861141][T17162]  ? avc_has_perm_noaudit+0x143/0x3a0
[  890.866604][T17162]  ? __nla_parse+0x40/0x60
[  890.871009][T17162]  nfnetlink_rcv+0x3c3/0x430
[  890.875579][T17162]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  890.880675][T17162]  netlink_unicast+0x53c/0x7f0
[  890.885423][T17162]  ? __pfx_netlink_unicast+0x10/0x10
[  890.890696][T17162]  netlink_sendmsg+0x8b8/0xd70
[  890.895445][T17162]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.900720][T17162]  ____sys_sendmsg+0xaaf/0xc90
[  890.905474][T17162]  ? copy_msghdr_from_user+0x10b/0x160
[  890.910924][T17162]  ? __pfx_____sys_sendmsg+0x10/0x10
[  890.916203][T17162]  ? __pfx___lock_acquire+0x10/0x10
[  890.921387][T17162]  ___sys_sendmsg+0x135/0x1e0
[  890.926050][T17162]  ? __pfx____sys_sendmsg+0x10/0x10
[  890.931242][T17162]  ? lock_acquire+0x2f/0xb0
[  890.935728][T17162]  ? __fget_files+0x40/0x3f0
[  890.940314][T17162]  ? fdget+0x176/0x210
[  890.944373][T17162]  __sys_sendmsg+0x117/0x1f0
[  890.948945][T17162]  ? __pfx___sys_sendmsg+0x10/0x10
[  890.954041][T17162]  ? __fget_files+0x244/0x3f0
[  890.958720][T17162]  do_syscall_64+0xcd/0x250
[  890.963209][T17162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  890.969091][T17162] RIP: 0033:0x7f9f9fb7e719
[  890.973493][T17162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  890.993085][T17162] RSP: 002b:00007f9fa09df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  891.001485][T17162] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7e719
[  891.009437][T17162] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  891.017388][T17162] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  891.025342][T17162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  891.033307][T17162] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  891.041271][T17162]  </TASK>
[  891.049797][T16490] usb 1-1: device not accepting address 62, error -71
[  891.123077][T17165] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2967'.
[  891.603541][T17184] FAULT_INJECTION: forcing a failure.
[  891.603541][T17184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  891.617032][T17184] CPU: 0 UID: 0 PID: 17184 Comm: syz.1.2971 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  891.627793][T17184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  891.637853][T17184] Call Trace:
[  891.641136][T17184]  <TASK>
[  891.644071][T17184]  dump_stack_lvl+0x16c/0x1f0
[  891.648758][T17184]  should_fail_ex+0x497/0x5b0
[  891.653444][T17184]  _copy_from_user+0x2e/0xd0
[  891.658041][T17184]  kstrtouint_from_user+0xd7/0x1c0
[  891.663156][T17184]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  891.668890][T17184]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  891.674525][T17184]  proc_fail_nth_write+0x84/0x250
[  891.679550][T17184]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  891.685190][T17184]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  891.690820][T17184]  vfs_write+0x24c/0x1150
[  891.695160][T17184]  ? __fget_files+0x23a/0x3f0
[  891.699848][T17184]  ? fdget_pos+0x24c/0x360
[  891.704260][T17184]  ? __pfx_lock_release+0x10/0x10
[  891.709285][T17184]  ? trace_lock_acquire+0x14a/0x1d0
[  891.714491][T17184]  ? __pfx_vfs_write+0x10/0x10
[  891.719259][T17184]  ? __pfx___mutex_lock+0x10/0x10
[  891.724294][T17184]  ? __fget_files+0x244/0x3f0
[  891.728985][T17184]  ksys_write+0x12f/0x260
[  891.733315][T17184]  ? __pfx_ksys_write+0x10/0x10
[  891.738170][T17184]  do_syscall_64+0xcd/0x250
[  891.742679][T17184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.748577][T17184] RIP: 0033:0x7f9f9fb7d1ff
[  891.752988][T17184] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  891.772612][T17184] RSP: 002b:00007f9fa099d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  891.781029][T17184] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9f9fb7d1ff
[  891.788995][T17184] RDX: 0000000000000001 RSI: 00007f9fa099d0a0 RDI: 0000000000000006
[  891.796965][T17184] RBP: 00007f9fa099d090 R08: 0000000000000000 R09: 0000000000000000
[  891.804936][T17184] R10: 0000000020000200 R11: 0000000000000293 R12: 0000000000000001
[  891.812906][T17184] R13: 0000000000000000 R14: 00007f9f9fd36130 R15: 00007ffd89439708
[  891.820893][T17184]  </TASK>
[  893.042907][T17198] siw: device registration error -23
[  893.963019][T17200] FAULT_INJECTION: forcing a failure.
[  893.963019][T17200] name failslab, interval 1, probability 0, space 0, times 0
[  893.975689][T17200] CPU: 0 UID: 0 PID: 17200 Comm: syz.4.2975 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  893.986451][T17200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  893.996503][T17200] Call Trace:
[  893.999778][T17200]  <TASK>
[  894.002703][T17200]  dump_stack_lvl+0x16c/0x1f0
[  894.007384][T17200]  should_fail_ex+0x497/0x5b0
[  894.012061][T17200]  ? fs_reclaim_acquire+0xae/0x150
[  894.017172][T17200]  should_failslab+0xc2/0x120
[  894.021851][T17200]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  894.027225][T17200]  ? alloc_empty_file+0x73/0x1e0
[  894.032176][T17200]  alloc_empty_file+0x73/0x1e0
[  894.036940][T17200]  alloc_file_pseudo+0x147/0x210
[  894.041881][T17200]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  894.047351][T17200]  sock_alloc_file+0x50/0x1d0
[  894.052031][T17200]  do_accept+0x29c/0x530
[  894.056273][T17200]  ? __pfx_do_accept+0x10/0x10
[  894.061052][T17200]  __sys_accept4+0x102/0x1c0
[  894.065640][T17200]  ? __pfx___sys_accept4+0x10/0x10
[  894.070753][T17200]  ? __pfx_ksys_write+0x10/0x10
[  894.075605][T17200]  __x64_sys_accept4+0x96/0x100
[  894.080456][T17200]  ? lockdep_hardirqs_on+0x7c/0x110
[  894.085663][T17200]  do_syscall_64+0xcd/0x250
[  894.090166][T17200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.096062][T17200] RIP: 0033:0x7f7534b7e719
[  894.100474][T17200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  894.120084][T17200] RSP: 002b:00007f75359d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  894.128499][T17200] RAX: ffffffffffffffda RBX: 00007f7534d36130 RCX: 00007f7534b7e719
[  894.136466][T17200] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  894.144430][T17200] RBP: 00007f75359d6090 R08: 0000000000000000 R09: 0000000000000000
[  894.152489][T17200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  894.160454][T17200] R13: 0000000000000000 R14: 00007f7534d36130 R15: 00007ffc1e16d058
[  894.168434][T17200]  </TASK>
[  894.212531][T17201] pim6reg1: entered promiscuous mode
[  894.218072][T17201] pim6reg1: entered allmulticast mode
[  894.285816][T17207] FAULT_INJECTION: forcing a failure.
[  894.285816][T17207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  894.419794][T17207] CPU: 1 UID: 0 PID: 17207 Comm: syz.1.2978 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  894.430582][T17207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  894.440636][T17207] Call Trace:
[  894.443913][T17207]  <TASK>
[  894.446842][T17207]  dump_stack_lvl+0x16c/0x1f0
[  894.451543][T17207]  should_fail_ex+0x497/0x5b0
[  894.456199][T17207]  _copy_from_user+0x2e/0xd0
[  894.460764][T17207]  copy_msghdr_from_user+0x99/0x160
[  894.465937][T17207]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  894.471720][T17207]  ? __pfx___lock_acquire+0x10/0x10
[  894.476895][T17207]  ___sys_sendmsg+0xff/0x1e0
[  894.481467][T17207]  ? __pfx____sys_sendmsg+0x10/0x10
[  894.486644][T17207]  ? lock_acquire+0x2f/0xb0
[  894.491120][T17207]  ? __fget_files+0x40/0x3f0
[  894.495700][T17207]  ? fdget+0x176/0x210
[  894.499747][T17207]  __sys_sendmsg+0x117/0x1f0
[  894.504310][T17207]  ? __pfx___sys_sendmsg+0x10/0x10
[  894.509392][T17207]  ? __fget_files+0x244/0x3f0
[  894.514051][T17207]  do_syscall_64+0xcd/0x250
[  894.518541][T17207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.524420][T17207] RIP: 0033:0x7f9f9fb7e719
[  894.528813][T17207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  894.548403][T17207] RSP: 002b:00007f9fa09df038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  894.556799][T17207] RAX: ffffffffffffffda RBX: 00007f9f9fd35f80 RCX: 00007f9f9fb7e719
[  894.564749][T17207] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  894.572696][T17207] RBP: 00007f9fa09df090 R08: 0000000000000000 R09: 0000000000000000
[  894.580645][T17207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  894.588596][T17207] R13: 0000000000000000 R14: 00007f9f9fd35f80 R15: 00007ffd89439708
[  894.596551][T17207]  </TASK>
[  895.083953][T17223] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2983'.
[  895.207977][T11540] Bluetooth: hci6: ACL packet for unknown connection handle 6
[  895.619741][T12563] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  895.947228][T12563] usb 3-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a
[  895.956516][T12563] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  896.080167][T12563] usb 3-1: config 0 descriptor??
[  896.102216][T12563] usb-storage 3-1:0.0: USB Mass Storage device detected
[  896.200556][   T29] audit: type=1400 audit(1731836030.339:2421): avc:  denied  { getopt } for  pid=17233 comm="syz.1.2986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  896.293749][T17239] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2987'.
[  896.303417][T17239] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2987'.
[  896.318945][T17239] FAULT_INJECTION: forcing a failure.
[  896.318945][T17239] name failslab, interval 1, probability 0, space 0, times 0
[  896.332019][T17239] CPU: 1 UID: 0 PID: 17239 Comm: syz.4.2987 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[  896.342788][T17239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  896.352832][T17239] Call Trace:
[  896.356087][T17239]  <TASK>
[  896.358996][T17239]  dump_stack_lvl+0x16c/0x1f0
[  896.363650][T17239]  should_fail_ex+0x497/0x5b0
[  896.368308][T17239]  ? fs_reclaim_acquire+0xae/0x150
[  896.373403][T17239]  should_failslab+0xc2/0x120
[  896.378073][T17239]  kmem_cache_alloc_node_noprof+0x71/0x310
[  896.383854][T17239]  ? __alloc_skb+0x2b1/0x380
[  896.388425][T17239]  __alloc_skb+0x2b1/0x380
[  896.392840][T17239]  ? __pfx___alloc_skb+0x10/0x10
[  896.397762][T17239]  ? genl_rcv_msg+0x4bd/0x800
[  896.402430][T17239]  netlink_ack+0x164/0xb90
[  896.406833][T17239]  netlink_rcv_skb+0x348/0x440
[  896.411578][T17239]  ? __pfx_genl_rcv_msg+0x10/0x10
[  896.416586][T17239]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  896.421867][T17239]  ? down_read+0xc9/0x330
[  896.426179][T17239]  ? __pfx_down_read+0x10/0x10
[  896.430931][T17239]  ? netlink_deliver_tap+0x1ae/0xd90
[  896.436221][T17239]  genl_rcv+0x28/0x40
[  896.440198][T17239]  netlink_unicast+0x53c/0x7f0
[  896.444963][T17239]  ? __pfx_netlink_unicast+0x10/0x10
[  896.450246][T17239]  netlink_sendmsg+0x8b8/0xd70
[  896.455036][T17239]  ? __pfx_netlink_sendmsg+0x10/0x10
[  896.460320][T17239]  ____sys_sendmsg+0xaaf/0xc90
[  896.465077][T17239]  ? copy_msghdr_from_user+0x10b/0x160
[  896.470524][T17239]  ? __pfx_____sys_sendmsg+0x10/0x10
[  896.475804][T17239]  ? __pfx___lock_acquire+0x10/0x10
[  896.480996][T17239]  ___sys_sendmsg+0x135/0x1e0
[  896.485751][T17239]  ? __pfx____sys_sendmsg+0x10/0x10
[  896.490945][T17239]  ? lock_acquire+0x2f/0xb0
[  896.495431][T17239]  ? __fget_files+0x40/0x3f0
[  896.500031][T17239]  ? fdget+0x176/0x210
[  896.504112][T17239]  __sys_sendmsg+0x117/0x1f0
[  896.508701][T17239]  ? __pfx___sys_sendmsg+0x10/0x10
[  896.513800][T17239]  ? __fget_files+0x244/0x3f0
[  896.518487][T17239]  do_syscall_64+0xcd/0x250
[  896.522985][T17239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  896.528883][T17239] RIP: 0033:0x7f7534b7e719
[  896.533292][T17239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  896.552890][T17239] RSP: 002b:00007f7535a18038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  896.561288][T17239] RAX: ffffffffffffffda RBX: 00007f7534d35f80 RCX: 00007f7534b7e719
[  896.569255][T17239] RDX: 0000000000000010 RSI: 0000000020000400 RDI: 0000000000000003
[  896.577210][T17239] RBP: 00007f7535a18090 R08: 0000000000000000 R09: 0000000000000000
[  896.585169][T17239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  896.593127][T17239] R13: 0000000000000000 R14: 00007f7534d35f80 R15: 00007ffc1e16d058
[  896.601092][T17239]  </TASK>
[  896.626718][  T968] usb 3-1: USB disconnect, device number 78
[  896.656107][   T29] audit: type=1400 audit(1731836030.789:2422): avc:  denied  { ioctl } for  pid=17240 comm="syz.0.2988" path="socket:[57120]" dev="sockfs" ino=57120 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  896.992139][T17247] siw: device registration error -23
[  897.452418][T12563] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  897.779958][T17256] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  897.788862][T17256] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  897.797759][T17256] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  897.806654][T17256] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  898.362711][T12563] usb 1-1: too many configurations: 33, using maximum allowed: 8
[  898.450338][T16490] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  898.457338][T12563] usb 1-1: New USB device found, idVendor=0eb1, idProduct=6668, bcdDevice=57.b8
[  898.486967][T12563] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.511716][T12563] usb 1-1: Product: syz
[  898.517033][T12563] usb 1-1: Manufacturer: syz
[  898.527805][T12563] usb 1-1: SerialNumber: syz
[  898.544753][T12563] usb 1-1: config 0 descriptor??
[  898.663416][T12563] go7007-loader 1-1:0.0: can't handle multiple config
[  898.663807][T16490] usb 3-1: Using ep0 maxpacket: 32
[  898.670317][T12563] go7007-loader 1-1:0.0: probe failed
[  898.695049][T17251] netlink: 'syz.2.2992': attribute type 4 has an invalid length.
[  899.436906][T11540] Bluetooth: hci5: ACL packet for unknown connection handle 6
[  899.581674][    T8] lo speed is unknown, defaulting to 1000
[  899.584111][T17266] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2996'.
[ 1013.049665][    C1] ------------[ cut here ]------------
[ 1013.055931][    C1] WARNING: CPU: 1 PID: 0 at kernel/rcu/tree_stall.h:1010 rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.066803][    C1] Modules linked in:
[ 1013.070699][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[ 1013.081023][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1013.091074][    C1] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.098021][    C1] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 a0 b8 82 9a e8 b0 31 7b 00 b8 01 00 00 00 87 05 65 b5 0e 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 81 fd c0 34 1c 8e 48 c7 c3 98 90 5f 90 74 5a 48 b8 00
[ 1013.117628][    C1] RSP: 0018:ffffc90000a18df8 EFLAGS: 00010046
[ 1013.123695][    C1] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81740330
[ 1013.131665][    C1] RDX: fffffbfff3505714 RSI: 0000000000000004 RDI: ffffffff9a82b8a0
[ 1013.139634][    C1] RBP: ffffffff8e1c34c0 R08: 0000000000000001 R09: fffffbfff3505714
[ 1013.147602][    C1] R10: 0000000000000003 R11: 0000000000000000 R12: 1ffffffff1bc1e40
[ 1013.155569][    C1] R13: 0000000000000246 R14: ffffffff8e1c34c0 R15: ffff8880b873fe92
[ 1013.163556][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1013.172501][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1013.179114][    C1] CR2: 00005574e68266a8 CR3: 0000000036142000 CR4: 00000000003526f0
[ 1013.187095][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1013.195074][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1013.203047][    C1] Call Trace:
[ 1013.206326][    C1]  <IRQ>
[ 1013.209169][    C1]  ? __warn+0xea/0x3d0
[ 1013.213250][    C1]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.219588][    C1]  ? report_bug+0x3c0/0x580
[ 1013.224098][    C1]  ? handle_bug+0x54/0xa0
[ 1013.228429][    C1]  ? exc_invalid_op+0x17/0x50
[ 1013.233109][    C1]  ? asm_exc_invalid_op+0x1a/0x20
[ 1013.238149][    C1]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 1013.244489][    C1]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.250827][    C1]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 1013.257165][    C1]  rcu_core+0x4d0/0x14d0
[ 1013.261417][    C1]  ? __pfx_rcu_core+0x10/0x10
[ 1013.266095][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1013.271301][    C1]  ? run_timer_base+0x11e/0x190
[ 1013.276157][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1013.281369][    C1]  handle_softirqs+0x213/0x8f0
[ 1013.286140][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1013.291432][    C1]  irq_exit_rcu+0xbb/0x120
[ 1013.295852][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1013.301508][    C1]  </IRQ>
[ 1013.304440][    C1]  <TASK>
[ 1013.307374][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1013.313362][    C1] RIP: 0010:acpi_safe_halt+0x1a/0x20
[ 1013.318659][    C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 d8 fa df 74 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 68 63 b9 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1013.338278][    C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246
[ 1013.344351][    C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b23c459
[ 1013.352323][    C1] RDX: 0000000000000001 RSI: ffff888022eb0800 RDI: ffff888022eb0864
[ 1013.360293][    C1] RBP: ffff888022eb0864 R08: 0000000000000001 R09: ffffed10170e7025
[ 1013.368263][    C1] R10: ffff8880b873812b R11: 0000000000000000 R12: ffff88801eb04000
[ 1013.376232][    C1] R13: ffffffff8ee125e0 R14: 0000000000000001 R15: 0000000000000000
[ 1013.384210][    C1]  ? ct_kernel_exit+0x139/0x190
[ 1013.389069][    C1]  acpi_idle_enter+0xc5/0x160
[ 1013.393751][    C1]  cpuidle_enter_state+0xaa/0x4f0
[ 1013.398778][    C1]  ? __pfx_tsc_verify_tsc_adjust+0x10/0x10
[ 1013.404600][    C1]  cpuidle_enter+0x4e/0xa0
[ 1013.409020][    C1]  do_idle+0x313/0x3f0
[ 1013.413098][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1013.417703][    C1]  cpu_startup_entry+0x4f/0x60
[ 1013.422477][    C1]  start_secondary+0x222/0x2b0
[ 1013.427248][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1013.432544][    C1]  common_startup_64+0x13e/0x148
[ 1013.437497][    C1]  </TASK>
[ 1013.440515][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1013.447792][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0
[ 1013.458114][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[ 1013.468161][    C1] Call Trace:
[ 1013.471436][    C1]  <IRQ>
[ 1013.474275][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1013.478866][    C1]  panic+0x71d/0x800
[ 1013.482767][    C1]  ? __pfx_panic+0x10/0x10
[ 1013.487193][    C1]  ? show_trace_log_lvl+0x29d/0x3d0
[ 1013.492400][    C1]  ? check_panic_on_warn+0x1f/0xb0
[ 1013.497524][    C1]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.503861][    C1]  check_panic_on_warn+0xab/0xb0
[ 1013.508805][    C1]  __warn+0xf6/0x3d0
[ 1013.512704][    C1]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.519039][    C1]  report_bug+0x3c0/0x580
[ 1013.523369][    C1]  handle_bug+0x54/0xa0
[ 1013.527526][    C1]  exc_invalid_op+0x17/0x50
[ 1013.532029][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1013.536884][    C1] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[ 1013.543829][    C1] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 a0 b8 82 9a e8 b0 31 7b 00 b8 01 00 00 00 87 05 65 b5 0e 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 81 fd c0 34 1c 8e 48 c7 c3 98 90 5f 90 74 5a 48 b8 00
[ 1013.563457][    C1] RSP: 0018:ffffc90000a18df8 EFLAGS: 00010046
[ 1013.569534][    C1] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81740330
[ 1013.577503][    C1] RDX: fffffbfff3505714 RSI: 0000000000000004 RDI: ffffffff9a82b8a0
[ 1013.585471][    C1] RBP: ffffffff8e1c34c0 R08: 0000000000000001 R09: fffffbfff3505714
[ 1013.593439][    C1] R10: 0000000000000003 R11: 0000000000000000 R12: 1ffffffff1bc1e40
[ 1013.601409][    C1] R13: 0000000000000246 R14: ffffffff8e1c34c0 R15: ffff8880b873fe92
[ 1013.609408][    C1]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 1013.615760][    C1]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[ 1013.622100][    C1]  rcu_core+0x4d0/0x14d0
[ 1013.626352][    C1]  ? __pfx_rcu_core+0x10/0x10
[ 1013.631028][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1013.636237][    C1]  ? run_timer_base+0x11e/0x190
[ 1013.641091][    C1]  ? __pfx_run_timer_base+0x10/0x10
[ 1013.646300][    C1]  handle_softirqs+0x213/0x8f0
[ 1013.651071][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1013.656362][    C1]  irq_exit_rcu+0xbb/0x120
[ 1013.660781][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1013.666425][    C1]  </IRQ>
[ 1013.669352][    C1]  <TASK>
[ 1013.672278][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1013.678254][    C1] RIP: 0010:acpi_safe_halt+0x1a/0x20
[ 1013.683541][    C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 d8 fa df 74 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 68 63 b9 00 fb f4 <fa> c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1013.703146][    C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246
[ 1013.709211][    C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b23c459
[ 1013.717179][    C1] RDX: 0000000000000001 RSI: ffff888022eb0800 RDI: ffff888022eb0864
[ 1013.725145][    C1] RBP: ffff888022eb0864 R08: 0000000000000001 R09: ffffed10170e7025
[ 1013.733112][    C1] R10: ffff8880b873812b R11: 0000000000000000 R12: ffff88801eb04000
[ 1013.741079][    C1] R13: ffffffff8ee125e0 R14: 0000000000000001 R15: 0000000000000000
[ 1013.750096][    C1]  ? ct_kernel_exit+0x139/0x190
[ 1013.754950][    C1]  acpi_idle_enter+0xc5/0x160
[ 1013.759632][    C1]  cpuidle_enter_state+0xaa/0x4f0
[ 1013.764673][    C1]  ? __pfx_tsc_verify_tsc_adjust+0x10/0x10
[ 1013.770492][    C1]  cpuidle_enter+0x4e/0xa0
[ 1013.774908][    C1]  do_idle+0x313/0x3f0
[ 1013.778986][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1013.783589][    C1]  cpu_startup_entry+0x4f/0x60
[ 1013.788359][    C1]  start_secondary+0x222/0x2b0
[ 1013.793129][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1013.798434][    C1]  common_startup_64+0x13e/0x148
[ 1013.803384][    C1]  </TASK>
[ 1014.887500][    C1] Shutting down cpus with NMI
[ 1014.892412][    C1] Kernel Offset: disabled
[ 1014.897069][    C1] Rebooting in 86400 seconds..