last executing test programs:

10.31635181s ago: executing program 0 (id=609):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x14, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x9, 0x0, 0x0, 0xd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0xffffffff, 0x1, 0x7, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0xe, 0x0, 0x80000, 0x0, 0xedc0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb6, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800081, 0x0, 0x0, 0x0, 0x4c6, 0x2, 0x0, 0x40476f], [0x0, 0x7c, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x9, 0x4, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x800], [0x2, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x90000000, 0x0, 0x0, 0x0, 0x5, 0xfffffff8, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x800, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$UI_DEV_DESTROY(r1, 0x5502)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000200)=<r7=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000240)=<r8=>0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r4, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8082)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r10, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x800, 0x0, 0x0, 0x0, 0xa5, 0xbd, 0x1, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x5, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x3fe, 0x9, 0x0, 0xfd, 0x0, 0x0, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0x7}], 0x5})

9.288565217s ago: executing program 0 (id=615):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r1}, 0x18)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x18)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
r7 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = epoll_create(0xa000)
sendmmsg$unix(r9, &(0x7f00000027c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000f00)=[@rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [r2, r9, r2]}}, @cred={{0x1c, 0x1, 0x2, {r7}}}, @rights={{0x30, 0x1, 0x1, [r5, r0, r10, r1, r6, r6, r1, r3]}}, @cred={{0x1c, 0x1, 0x2, {r7}}}, @rights={{0x20, 0x1, 0x1, [r1, r9, r8, r0]}}], 0xc0, 0x4005}}], 0x1, 0x0)

8.819022431s ago: executing program 2 (id=617):
r0 = socket$inet6(0xa, 0x3, 0x26)
r1 = syz_open_dev$vbi(&(0x7f0000000440), 0x2, 0x2)
ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000580)=@multiplanar_mmap={0x6, 0x6, 0x4, 0x40, 0x6, {0x0, 0x2710}, {0x3, 0x1, 0x9, 0xe, 0x6, 0x4, "b6e06162"}, 0xfffffff8, 0x1, {0x0}, 0x9, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x9c, &(0x7f0000000380)={0x0, 0xec23, 0x0, 0x0, 0x22c}, &(0x7f0000000280)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x4000, @fd_index=0x1, 0x7fffffffffffffff, &(0x7f0000000600)=[{&(0x7f00000002c0)="d1", 0x1}], 0x1, 0x14, 0x1, {0x1}})
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0)
ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000100))
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES16=r2, @ANYBLOB="0000000000000000b704000006000000850000001c00000095", @ANYRESHEX=r1, @ANYRES16=0x0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0xfffffe8e, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r6, &(0x7f0000000180)="a3e7e027b39035999a9d119338b394b0de840b27656b832486c6d81066a06ad30f89f493f9bf497ddfc05a8824b7ae1c5a393a8a130a556641a97ebc89d40d01a261d2a0eb31d6a8bad3f8249e2b1160ee38e4a42b3f861dea040f303c1061d6f3644c030a1dd0fe8a099ab86c051b25bb45e4a0d2a61b26b1707304d73e3c7d65f2c00d73b9eaecc43bfaea870dc1bb92550f248e6a047d36c01a2e1fb02bfe0c4aa3a86a8605063d63843a7ff717dfcb287748ad37cdeef7fb277a56eff745ae33381a7ea1ce8900917dff94788a124914c47bb13b3375eb3d09c73fc3d62bc4e39a59b214af4d4b025fd4833c77c46133bbf642", &(0x7f0000000440)=""/207}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x2, 0x2, 0x4}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r7, &(0x7f0000000580), &(0x7f0000000400)=""/16, 0x2}, 0x20)
r8 = socket(0xa, 0x3, 0x87)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'lo\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x18, r10})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000140)={@private1, 0x18, r10})
ioctl$sock_inet6_tcp_SIOCINQ(r8, 0x8936, &(0x7f0000000000))
io_setup(0x96, &(0x7f0000000040))
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r11 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r11, &(0x7f00000005c0)=[{&(0x7f0000000a40)="89be", 0x2}], 0x1)

8.712121445s ago: executing program 0 (id=618):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e344", 0x1b1}], 0x1}}], 0x1, 0x4000001)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000075c0)={0x2020}, 0x2020)
recvmsg$kcm(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/3, 0x3}, 0x10020)

7.574079872s ago: executing program 0 (id=627):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x8, 0x6, 0x5, 0x2, 0xe2, 0xc1, 0x8, 0xd1, 0x4, 0xf, 0x2, 0xd2, 0x53, 0xf}, 0xe)
recvmmsg(r0, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000480)=""/228, 0xe4}], 0x1, &(0x7f00000003c0)=""/21, 0x15}, 0x1ff}], 0x1, 0x40000040, 0x0)

6.461588252s ago: executing program 0 (id=631):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x109800)
r1 = syz_clone(0xc8000000, &(0x7f0000000040)="284e05c1f6ed19c87bb348b5093210f772fd06b934db0bf78a9f5fb3625c173a02d7449f36afcaad7e55ea7742eb6fe1e72b219521453bb7d1248eb3a0ca0715be7eac3ca8e8f6f27d6fdaeb5b9319e059013bd1994dc6f1d4fa4428253d6b0dd90e49e5a381d23eb21e46ab097c02036f496d8fe261109a7fa3c9922af91e3c9125b566bd7dbebe5819ccb401a21e5586c2b8a38cbb74456641e1e0e1e390d742009cb26d756fdda173310d68c89559338dff9d", 0xb4, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="6a91a32538e265791d9bf0e0bcb64f7b544664e9f4bdabe2382767985730e102b9e79555727e4fd837f93c681c8124b4b80c7ec03cb3cfd8426554ff3624e281deb9f0ce6f908672ce3b65eecc3f982a6596b2db60525a8ce1afd1dda934504c6f304b4be83cfa9acf5b5f7441fb831357007d8c8048ea8c9b4513b76e249c8566993008542088e5280df526f11990285bdac68c05aa094e73c8b69f9463027705933c6ca15c4aad0b7d6b14a00566df012675c68ded4cf64aad67bbc03401e74ceae0e615ef0cb2b1eb")
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000480)={&(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[{}, {}, {}], &(0x7f0000000400)=[0x0, 0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0], 0x3, 0x8, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000540)={0x0, 0x0, <r4=>0x0, 0x0, 0x0, 0x2, &(0x7f0000000500)=[0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r2, 0xc01864ba, &(0x7f0000000580)={0x10, r3, r4, 0xeeeeeeee})
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000600)={{0x1, 0x1, 0x18, <r6=>r0, {0x1}}, './file0\x00'})
ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000640)={0x3, r6})
ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000680)={0xfff00000, 0x5000000, {<r7=>r1}, {0xffffffffffffffff}, 0x41, 0x101})
ptrace$pokeuser(0x6, r7, 0x6, 0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000ac0)={&(0x7f00000009c0)=[0x0], &(0x7f0000000a00)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0, 0x0], 0x1, 0x4, 0x7, 0x3})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000b00)={&(0x7f00000006c0)=[0x0, 0x0, 0x0], &(0x7f0000000700)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000940)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0, 0x0, 0x0], 0x8, 0x5, 0x3, 0x0, r8})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000b80), 0x400)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000bc0)={0x2, 0x2, 0x1, 0x0, 0x1})
r9 = socket$inet6(0xa, 0xa, 0x2)
ioctl$FS_IOC_RESVSP(r9, 0x40305828, &(0x7f0000000c00)={0x0, 0x1, 0xf14d, 0x3ff})
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f0000000c40)=[{{0x2, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x1}}, {{0x1, 0x0, 0x1}, {0x2, 0x1, 0x0, 0x1}}, {{0x3, 0x0, 0x1, 0x1}, {0x1}}], 0x18)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000c80)={0xeb}, 0x1)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000d00)={'wpan0\x00', <r11=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000d40)={'wpan3\x00', <r12=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000d80)={'wpan3\x00', <r13=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r10, &(0x7f0000000f00)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x60000000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0xfc, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_KEY={0xb0, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e349da8adbc5434a40a958f11e5e5328d56a15efbff72fb5ee24afbee81491ba"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "470c4e893c25f40522bfb3b11285c40b"}, @NL802154_KEY_ATTR_ID={0x14, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}]}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "6c12aa68b7b6113393ec2680e022d02c7ff88429f9b72e47c29966462979acf3"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "d3dd72131a6d0fbcbf6442f366781d1582d59244648e3647a5d03ccce7a916ca"}, @NL802154_KEY_ATTR_ID={0x4}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "c39110ad0e3f745a6a2b9c44c6aa4a95"}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008884}, 0x40)
ioctl$FS_IOC_GETFSSYSFSPATH(r2, 0x80811501, &(0x7f0000000f40)={0x80})
r14 = syz_open_dev$dri(&(0x7f0000001000), 0x7, 0x30000)
ioctl$DRM_IOCTL_GET_STATS(r14, 0x80f86406, &(0x7f0000001040)=""/254)
ioctl$DRM_IOCTL_MODE_ADDFB(r5, 0xc01c64ae, &(0x7f0000001140)={r4, 0x8000, 0x7, 0x38000, 0x5, 0x3, 0x2})
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000001180), r10)
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x28, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x8080}, 0x4004040)

5.256315284s ago: executing program 2 (id=637):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de", 0x1f9}], 0x1}}], 0x1, 0x4000001)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000075c0)={0x2020}, 0x2020)
recvmsg$kcm(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/3, 0x3}, 0x10020)

5.091517763s ago: executing program 4 (id=638):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x14, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x9, 0x0, 0x0, 0xd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0xffffffff, 0x1, 0x7, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0xe, 0x0, 0x80000, 0x0, 0xedc0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb6, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800081, 0x0, 0x0, 0x0, 0x4c6, 0x2, 0x0, 0x40476f], [0x0, 0x7c, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x9, 0x4, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x800], [0x2, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x90000000, 0x0, 0x0, 0x0, 0x5, 0xfffffff8, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x800, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$UI_DEV_DESTROY(r1, 0x5502)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000200)=<r7=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000240)=<r8=>0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r4, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8082)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x5, &(0x7f0000000f40)=ANY=[@ANYRES8=r10, @ANYRES64=r7, @ANYRES64=r8], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xfffffffe}, 0x8}, 0x94)

5.036249716s ago: executing program 3 (id=640):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d", 0x16f}], 0x1}}], 0x1, 0x1)
r1 = dup(r0)
write$cgroup_type(r1, &(0x7f0000000140), 0x9)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xfffffffffffffffe)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000040)="0f080f30360f645d01f30f38f6c4ba2100b00beebaf80c66b8807f1e8466efbafc0c66b8d3eb000066ef2e0f1c06b8e4baf80c66b8dc59b68966efbafc0c66ed0fc799c34c660f38821f", 0x4a}], 0xaaaaaaaaaaaacee, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x41, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, r5)
getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f0000000200), &(0x7f0000000240)=0x30)

4.853441112s ago: executing program 3 (id=641):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = socket(0x22, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x3a, 0x1, 0x0, 0x48)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @hyper}, 0x10)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x803a, [0xfffffff9, 0xc95a, 0xf, 0x8, 0x40000080, 0xffffff97, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x629, 0x7, 0xf4c, 0x8, 0x2, 0x80000000, 0x242, 0x3, 0xc, 0x0, 0x80008071, 0x7, 0x19, 0x1, 0x3, 0x5, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x5, 0x5, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x7, 0x1, 0x40], [0x10000007, 0x9, 0x2, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x5, 0x0, 0x4000000, 0xb, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x401, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0xfffffffd, 0x100000d, 0x4e2, 0x3, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3, 0x7c9d, 0x9, 0x8, 0x3, 0x3, 0x81, 0x3, 0x42, 0x3], [0x7, 0x40a, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x400005, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x83, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0xfffffffd, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x7, 0x0, 0xb9, 0xce7, 0x1ff, 0x1000002, 0x56, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0xb, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x8a, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x1, 0xa1b, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x8, 0x5, 0x400b1e, 0x1538, 0x200, 0xffff3441, 0x1001]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000240)={0x40, 0x0, &(0x7f00000001c0)=[@release={0x40046306, 0x3}, @enter_looper, @clear_death={0x400c630f, 0x2}, @acquire_done={0x40106309, 0x1}, @request_death={0x400c630e, 0x2}], 0x73, 0x0, &(0x7f0000000300)="f2514939c50ac78d6ab425dd17063013cfab3481ef83173c84524240750df3044abfe9cbabb5e982bda24342c624626a36d55dac3b76b8d1441d9a9805269cfa742834bf09c153dc2b9ac73057587b6b205f07460d344ba6ceaeae344fa51a200b49906c8ac5661bfcff48e0306de4c6060cb3"})
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000280)={r7}, 0xc)
socket$l2tp(0x2, 0x2, 0x73)
r8 = socket(0xa, 0x3, 0x3a)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x80080, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$MRT6_FLUSH(r8, 0x29, 0xd4, &(0x7f0000000080)=0x1, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x4, &(0x7f0000000380))
ioctl$KVM_SET_SREGS2(0xffffffffffffffff, 0x4140aecd, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x4, 0x0, 0x0)

4.355859725s ago: executing program 4 (id=643):
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x9, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
r4 = socket$inet(0xa, 0x801, 0x0)
accept4(r4, 0x0, 0x0, 0x800)

4.262416885s ago: executing program 3 (id=644):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f00000000c0)=0x4, 0x4)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000200)=0x1ff, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000340)=""/17, &(0x7f00000003c0)=0x11)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe8000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000140)={'ip6gre0\x00', <r6=>0x0, 0x52, 0x7, 0x2, 0x6, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x27}, 0x700, 0x8000, 0x0, 0x5}})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff})
fstat(r7, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setresuid(0x0, 0x0, r8)
getresuid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480)=<r9=>0x0)
connect$unix(r2, &(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e)
setreuid(r8, r9)
sendmsg$nl_xfrm(r5, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)=@newsa={0x300, 0x10, 0xa0a, 0x70bd29, 0x25dfdbfd, {{@in=@remote, @in=@multicast1, 0x4e21, 0xe, 0x4e23, 0x8, 0xa, 0xa0, 0x80, 0x33, r6, r8}, {@in=@loopback, 0x4d2, 0x2b}, @in=@remote, {0x0, 0x3, 0x7, 0x0, 0xd3, 0x8, 0x0, 0xffffffffffff495c}, {0x400, 0xd101, 0x4}, {0x0, 0x0, 0x4}, 0x70bd2b, 0x3506, 0x2, 0x2, 0xf7, 0x4}, [@algo_comp={0x117, 0x3, {{'lzjh\x00'}, 0x678, "84f9051f957b81d3313bb90aec56d982c5a254ce4bc6ad150d1ca465c418c9178a92a732d160e3242047ffc623034fcf4ff4735c57010bc341ca66b5b203c1aac8381576f46ceb129d55229ed0bc66f276dc9113b821c7068d72d90f24eab20d942249be3fec4e791e92e60397ed7ded2e2d9702aa9775894107b7b20f2e4accd0689b36a9c8e8c24c2fb3632ae3908e4bf30c3586cf0c87d153c6582f961561b91febee09dcc5c11653f1ced7f9f92df22c2430f818981d01d58dd6b725f8e035930de84029105cd6c31af5213da5"}}, @sec_ctx={0xf0, 0x8, {0xec, 0x8, 0x0, 0x40, 0xe4, "19375157af2ccff7776b700fe550bec992c1e85d4c35ca2acbba2a6b27dd5ab89a476f93fef77385fb5aa7fbbffd36d8b356d72d701dda5ca921f2cbc92f72f60129669293322deaba7a5fdc57e497c0a711c2ec07429aa2bd981ed037f71e752acd90e66bdd9fdbe4ff15a701b01e11534ae43d4d6037c0df7f64176dbcae5c2dbd186c132705a42c1d5935d73438cd64d3ecfaa79aeb8528f5841157921d3a51716b6853fffc2b3848339293e6c5945a17e4c857171e538d0e6d076402a798741dda3fa30bae80b3a652e270ffeede2090757eec9244635004a7112abc8cd7cdd74e93"}}, @extra_flags={0x8, 0x18, 0x1}]}, 0x300}}, 0x4808)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r10, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000100)=ANY=[@ANYRES8=r11, @ANYRES16=r4, @ANYBLOB="01002cbd7000000000008900000008000300", @ANYRES32=r11, @ANYBLOB="10001d810c00000006000500c2"], 0x2c}}, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r10)

4.152333659s ago: executing program 1 (id=645):
r0 = add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$clear(0x7, r0)
socket(0xa, 0x3, 0xff)
socket(0x22, 0x2, 0x3)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201fb00fb030320d812010079de01ec020109021b0001000003000904000001785ecc0009"], 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x20008080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_disconnect(r2)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2)
r4 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r4, 0x1268, 0x1000001000104)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x460b00, 0x0)

4.151831712s ago: executing program 2 (id=646):
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f}}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
munlock(&(0x7f00002c9000/0x1000)=nil, 0x1000)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b7050000000b00006110200000000000d40500002000000095000000000000009abb1723bf2c203831c9545b21c751ee4024f479cbe4b89f9807836ea5847c95ffc926c2e182c7a3221481f5009edaf5f542a715b99fb3d2a73dd02584a54ee68c70dbfbcdcea76ee541e318cbe84cd4f5381f522e258a4d9aeb9b16feb66bf40fdf73be95633dc5de907f2ffdcc18494f09c327abd3a76fee11357181f05f7ac06d6a9078df8bc21f00cd8ac4109850ce4aa147beacafecd5c7ccdeecb146ca1e7611f8b3adb41b39029c1b9b59fbf1b4a80167ca6b113a1600000000000000000000cdb7fe6d684423596ee2bdad7787936c24c84d4721327a695ed24946de35ff5e000091e0610ac2d72b9b6f453f98e7b5a25941905bd564aac36dbe7d1db9f5561ad6f7c2e79fb80b6949d626024b5fb96e3da0d7113b1c826f49a2cbc18001d315aaf280a8a762689f8c6fee958836002f48815ad19ee99d81c9e3cda430cef4a75e5c4dd14c3cbb6af58e3f3b3f8cbd858532b02995d79ca5dac0fd49aa150f6e212e3f46e4f37f372ee43f136e4d3af6cc4a0ce2379cc1010d8483b82e54feeefa1e89d6a3b74fbb4b619c43984223674b40fbe29ea5752c76a5e6a44d95382a9e04f9a51881aedb6d6242d0fe2e7dcf1f8b22f46c37fb010f8e86c62a4c72327c7eaaf720aff72529429aed45219cb1b6476e53b650927d193b4062c4640de2781643edc5e59280c59332e92b52675a02009db11b3829d8424fdf33ccdb7f89bfa14f9c2a17f9183cb48222e685f49340891845efdac175d90c116eaa013315165865f9a3785e21b41fd4b5eda7eb5a7462307fe72a3fe53eb02c75867e6eeebfc3037683f66d407fc28c4735a221bb5b78a6f966474a98ceceb20f0d4757b8e81ab14d29bad2b19aa5aff53ee333009688b401064898f58f88226f0e675cc74f0adaf4b97315e12e88b5eabd519e523a7f0e839fe91774f85a65068de244a78687c12e4e6dffb556c8d30b8ee73faaac455701569da7ae1a4e44fdd2cf28965a9f5e09acf476e07e5ea768c558a5622601742b27b91724dde6a0f96d3e53e67db57bbd0d3f2dd8439192dfc71f9e5f289c7f519e8b794fb09b64fb3c1bcd46731051de09510ebd717eb57655d447753fd2ff052a9d6889ddb5a5f68564bd00a5ff58a75805eadb00000000000000006a9af2471aada1ad164502199e0a668ad4daa53e5658f82733b3c7f36fcf3146adf7025dfd79c5a67c27395f5ca5a90d45402e58b42946b5a977a56385f31083a4b65d61ec4991cd6c91a02bd788825a"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
listen(0xffffffffffffffff, 0x9)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r4, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7000ffdbdf2504000000"], 0x14}, 0x1, 0x1000000, 0x0, 0x20000800}, 0x800)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xb, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f00000003c0)='pstore\x00', 0x0, &(0x7f0000000300)='usrquota')

2.8052341s ago: executing program 4 (id=647):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000), 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e21, 0x2, @private0={0xfc, 0x0, '\x00', 0x41}, 0xc}, 0x1c)

1.941818847s ago: executing program 3 (id=648):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x5, 0x9fd, 0x85, 0x41}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r0}, 0x38)

1.922714358s ago: executing program 1 (id=649):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000200)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84022, &(0x7f0000000840)=ANY=[@ANYBLOB='nr_i/=7,\x00'])
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f0000000040)={0x980902, 0x0, @name="a13c67a9121fb71a1d3e142fe2fb8f9ba5ee159b867aa7d60668087c38d76487"})
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000000c0), &(0x7f0000000140)=0x30)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0xffff, 0x0, 0x0, 0xb65, 0x10, "3eded8000000000000000010000000040100"})

1.91944637s ago: executing program 2 (id=650):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000018c0)={0x0, 0x4, 0x3, 0x1000008, @vifc_lcl_addr=@private=0xa010101, @multicast1}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="01000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x0}, 0x94)
r2 = getpid()
memfd_create(0x0, 0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0x3, 0x4, 0x7d, 0x2, @vifc_lcl_addr=@private=0xa010102, @multicast2}, 0x10)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x2800)
fcntl$setstatus(r3, 0x4, 0x40800)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
socket$vsock_stream(0x28, 0x1, 0x0)

1.600459086s ago: executing program 1 (id=651):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000300)='cgroup\x00'}, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000100031418110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10)
r4 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x8, 0x4000000000000ffd, 0x0, 0x0, 0x15, 0x0, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "7152376050f87f3e30ad1b7c02c4dab8160643ac4ad9ad33000020e3c4cd6100", [0xfffffffffffffce8, 0xa]}})
r6 = socket$pptp(0x18, 0x1, 0x2)
r7 = openat$smackfs_ipv6host(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_ipv6host(r7, &(0x7f0000000b00)=ANY=[@ANYBLOB='0x0000000000000007:0x0000000000000009:0x0000000000000009:0x0000000000000009:0x0000000000004080:0x0000000000000f54:0x0000000000000008:0x0000000000000038/00000000000000000016 (%(\x00'], 0xb1)
bind$pptp(r6, &(0x7f0000000340)={0x18, 0x2, {0x0, @local}}, 0x1a)
connect$pptp(r6, &(0x7f0000000080)={0x18, 0x2, {0x0, @broadcast}}, 0x1e)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

1.076212904s ago: executing program 4 (id=652):
r0 = open(&(0x7f0000000100)='./bus\x00', 0x400161042, 0x1b9)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@sack_perm, @timestamp], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb)

998.271744ms ago: executing program 3 (id=653):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0800fe2c00010026bd7000fc"], 0x2c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20008010)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)
r1 = socket(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f00000012c0)={0x654, r2, 0x400, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x34, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x3}, @broadcast, @device_b, @random="23c883aa75c9", {0x1, 0xff7}, @value=@ver_80211n={0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x22, @val={0x8c, 0x10, {0x42d, "cf771fdc6526", @short="501504f3d881cec8"}}}}, @NL80211_ATTR_FRAME={0x604, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x40}, @device_b, @broadcast, @random="c2cde9cfecbe", {0x3, 0x3}, @value=@ver_80211n={0x0, 0xf, 0x2, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, 0x0, 0xfd23, @device_a, {0x0, 0xb, @random="4ddc37eb32efe1e0d58612"}, @void, @void, [{0xdd, 0x7, "cdcf9317399c52"}, {0xdd, 0xbd, "5eddc7b7858bd87e7dff2f5d63f45e51a4e202f80f81fe4c4f61a9c11f39dda5a48349b4115dde1d085b2529797f6afbf62ff50ce233dc70f545fe9d0b8e8d658e0af2a4eeda15cf866d0a60760440f851c6c4c26825286fa6dca586f2697cb9f4572f3c5c60fc447efa02f226b1cb811a40cbc17c5231e24986f5decafacd93923fa0c5ac4f95783f5bfbdd9307bccddbb7f431120f5861109d5af851365463d9e36a7b731cb3440d82783ad5baed600572802a91dbd1aa5af8a98803"}, {0xdd, 0x7e, "3fec68ec1ef45334ef2f3af122853a3809a82e5e76c2bf8c4e14e1b22a28ab3159784589d78da169fae67b30301a8f000cdf09b5b7077bb15869fd8bd2002ca2c71ca708a6d1a5ec0f7a3902e6a7eaf9e4802b3fe129967f3b4743be1b727d2115ccbdf3938a01b50cab1d6a95182dcf47e56d3199a5aff1e48799226e75"}, {0xdd, 0xc4, "ffea6347bf6b6938e49f340ea7261481dd01bc3cf81e192c1ea843ef8c73b48921c2ea714eccef214050cb621fed89182c02b6e422f6c40cc05da1000b0089b5a676bdcb03308e7b96690f7ddd2002e14c30bb48e918a82c489c344df4f53293113ff6dfd520292d2b673b2e6d6451e1f64d6614e6c033a8781c148777081128881df5f4a6267c756804f0f1d07204d8e94bc0a6ecbc9bfd08a7704a5c32365bd81f4e3bdbe838594e8b32c82f1b83b22741a5878de71a471cb7de552a63f43746dbf60a"}, {0xdd, 0xee, "a5e6845b934a68ea46312f76a6e16afec5559d6fdf8c69b8e3b36ce94490d7a493cc56bac43cc235960edbee1c85e10bd13bec9a743c660a0632185c137a7a35038e6e027e41caa83d4bebeade148efe807181f23ba3de85f14994864714779b185c7c0b384ddd17968b1ad26c709a1b50ca016f053fc5910c61e11313c340fe1f31ead6216a07f7b8aab359f0a77326d47a34749e0b43af0dd3f11e955db99e1537a812388eed47f958d3a81c0745c706d3b15aa4ab2759a81033a9c7112a3f2dab6a43c652f92251f44a994826896f026a47ceebbe63044379aff8103c65fcf6f9e63b78062a0eee500a315e94"}, {0xdd, 0x7e, "b447dc691c93f4671ca3b4c23ad2f59dbf578c99438b6867b7706cd1db963e5c4f6e88ccfc86a7d7af1e4e6bf916592e0046c0f519c473601212e2ab031d26b9757f81e26f6d1baedb97b27cbdeedbf24d6b1db4043d73ea10e8cf638e2bd39f01194102aae491c5e45492bc83019e79b9746799269dc3051c8876afde94"}, {0xdd, 0xda, "1a977db56ff3e3547eae5c6d25a7c76e359688330e0c7779937ab9c2b42486b854584c58d428f7a30dfa185c10ab0a73ae421cc41fc48c0e8f2d17b377e5bdbe7a989eab427668bb4345f7e8f76707569e137a91343f85aac717ccbdd536ff8a4c6a4fc6dcafc9c8b1159d79b404056b7ac4ab0cc144517434f7e128e59145932d33306e38bd1f2e47ea077fbd6a243def764ace6d74ebb483b89a826d7a6db9d4de04a154b4f184ad6413f7570ca761405f583f015f91226fc53a28951361d670901c2750204b7f614ebe943b777544a747b0fdf22043ef811e"}, {0xdd, 0xb4, "35f8a92bc14817f874bac507f2bc47f3d0b9235cac8b6b952ac3f45bfa742682c6f3162953f302de80767105cd078782277e3916dfd43feb0501be429b333d79f7e3b408aad3ef3d153f90d6a7f534f8b8b3f4bad29a16011173e28eeb0fa75a901d8b65eae6fb4a110d2095d7428e4f8f4139c9b2e67bc3d902838eafb69204473209c5a4523f2340a166bedada0cbbf568e9616dd556bd95597c21a2bd119f887e39e018d0eebbce184292c9559ac7fbc8eea5"}, {0xdd, 0x25, "b53216f3d663f24c46c33dd5979421712716851e5e4ac9c4c29b26d7fd9a31fec4a6a83c1d"}, {0xdd, 0x94, "665a76ee2f2b1ebc4444d8411a7f02a0248c0c4811e99746363e7056b1bfe2fb8c112bbc20106443f15a3de7a34359125875f54f36c405d3805f2c2b31d8ce53864f2027ab29a912136dd9e243c6f48a80b0c63ad71e6cb8753e938954b1d024ae3b9cfebaf84e425b99e19971be5921186c444fd1bdae1163272627603a35200797b9cd36bd7d7ea8c6f6c8754a6f1145d44a91"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x654}, 0x1, 0x0, 0x0, 0x4044000}, 0x80)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELFLOWTABLE={0x3c, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x10, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_NUM={0x8, 0x1, 0x1, 0x0, 0x20}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc4}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000840), 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000200)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000880)={0x1c, r5, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x880}, 0x4040000)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan4\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0xb8, r5, 0x0, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_LEVEL={0x2c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x4}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x9}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_LEVEL={0x44, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x8}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x1}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x7}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000}, 0x80)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001280)=@newtaction={0x18, 0x31, 0x3d, 0x4, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x10}, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
capset(&(0x7f00000000c0)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3})
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_ACTIVATE(r10, 0x5606, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x4, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000e60000000000000010000085100000fdffffff95"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0x100b, &(0x7f0000001e40)=""/4107, 0x1f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94)

848.58501ms ago: executing program 2 (id=654):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x14, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x9, 0x0, 0x0, 0xd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0xffffffff, 0x1, 0x7, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0xe, 0x0, 0x80000, 0x0, 0xedc0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb6, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x800081, 0x0, 0x0, 0x0, 0x4c6, 0x2, 0x0, 0x40476f], [0x0, 0x7c, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x9, 0x4, 0x1, 0xfffffffd, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x800], [0x2, 0x0, 0x6, 0x0, 0xe, 0x0, 0x0, 0x90000000, 0x0, 0x0, 0x0, 0x5, 0xfffffff8, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x800, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$UI_DEV_DESTROY(r1, 0x5502)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r2)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r5=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000001c0)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000200)=<r7=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000240)=<r8=>0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r4, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8082)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x5, &(0x7f0000000f40)=ANY=[@ANYRES8=r10, @ANYRES64=r7, @ANYRES64=r8], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xfffffffe}, 0x8}, 0x94)

800.737171ms ago: executing program 1 (id=655):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_rr_get_interval(0x0, &(0x7f0000000900))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r3, r3, &(0x7f0000001000), 0xffff)
process_vm_writev(0x0, &(0x7f0000000580)=[{&(0x7f00000001c0)=""/47, 0x2f}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/180, 0xb4}, {&(0x7f0000000340)=""/60, 0x3c}], 0x5, &(0x7f00000008c0)=[{&(0x7f0000000600)=""/246, 0xf6}, {&(0x7f0000000700)=""/92, 0x5c}, {&(0x7f0000000780)=""/91, 0x5b}, {&(0x7f0000000800)=""/135, 0x87}], 0x4, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000040), 0x3, 0x840)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={'\x00', 0x200, 0x98ed, 0x6, 0xd8, 0x7b9, <r5=>0x0})
ioctl$SG_BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x2, 0x6, 0xec0, 0x3, 0x8, r5})
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x20010, r3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)

799.81628ms ago: executing program 4 (id=656):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de", 0x1f9}], 0x1}}], 0x1, 0x4000001)
r1 = dup(r0)
read$FUSE(r1, &(0x7f00000075c0)={0x2020}, 0x2020)
recvmsg$kcm(r1, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/3, 0x3}, 0x10020)

600.594345ms ago: executing program 0 (id=657):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e21, 0x2, @private0={0xfc, 0x0, '\x00', 0x41}, 0xc}, 0x1c)

549.74465ms ago: executing program 3 (id=658):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x1bd)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="030000000400000004000000b5"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x4, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000180)="c1dfb080cd21d308098ee68886dd", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148)
pwrite64(r4, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
close(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
inotify_init()
fanotify_mark(0xffffffffffffffff, 0x80, 0x40100000, r1, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0x5)

503.138835ms ago: executing program 4 (id=659):
r0 = add_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$clear(0x7, r0)
socket(0xa, 0x3, 0xff)
socket(0x22, 0x2, 0x3)
r1 = socket(0x10, 0x803, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201fb00fb030320d812010079de01ec020109021b0001000003000904000001785ecc0009"], 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x20008080)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_usb_disconnect(r2)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x9)
syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2)
r4 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r4, 0x1268, 0x1000001000104)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x460b00, 0x0)

420.663027ms ago: executing program 1 (id=660):
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000a40)="89be", 0x2}], 0x1)

207.539116ms ago: executing program 1 (id=661):
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f}}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
munlock(&(0x7f00002c9000/0x1000)=nil, 0x1000)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b7050000000b00006110200000000000d40500002000000095000000000000009abb1723bf2c203831c9545b21c751ee4024f479cbe4b89f9807836ea5847c95ffc926c2e182c7a3221481f5009edaf5f542a715b99fb3d2a73dd02584a54ee68c70dbfbcdcea76ee541e318cbe84cd4f5381f522e258a4d9aeb9b16feb66bf40fdf73be95633dc5de907f2ffdcc18494f09c327abd3a76fee11357181f05f7ac06d6a9078df8bc21f00cd8ac4109850ce4aa147beacafecd5c7ccdeecb146ca1e7611f8b3adb41b39029c1b9b59fbf1b4a80167ca6b113a1600000000000000000000cdb7fe6d684423596ee2bdad7787936c24c84d4721327a695ed24946de35ff5e000091e0610ac2d72b9b6f453f98e7b5a25941905bd564aac36dbe7d1db9f5561ad6f7c2e79fb80b6949d626024b5fb96e3da0d7113b1c826f49a2cbc18001d315aaf280a8a762689f8c6fee958836002f48815ad19ee99d81c9e3cda430cef4a75e5c4dd14c3cbb6af58e3f3b3f8cbd858532b02995d79ca5dac0fd49aa150f6e212e3f46e4f37f372ee43f136e4d3af6cc4a0ce2379cc1010d8483b82e54feeefa1e89d6a3b74fbb4b619c43984223674b40fbe29ea5752c76a5e6a44d95382a9e04f9a51881aedb6d6242d0fe2e7dcf1f8b22f46c37fb010f8e86c62a4c72327c7eaaf720aff72529429aed45219cb1b6476e53b650927d193b4062c4640de2781643edc5e59280c59332e92b52675a02009db11b3829d8424fdf33ccdb7f89bfa14f9c2a17f9183cb48222e685f49340891845efdac175d90c116eaa013315165865f9a3785e21b41fd4b5eda7eb5a7462307fe72a3fe53eb02c75867e6eeebfc3037683f66d407fc28c4735a221bb5b78a6f966474a98ceceb20f0d4757b8e81ab14d29bad2b19aa5aff53ee333009688b401064898f58f88226f0e675cc74f0adaf4b97315e12e88b5eabd519e523a7f0e839fe91774f85a65068de244a78687c12e4e6dffb556c8d30b8ee73faaac455701569da7ae1a4e44fdd2cf28965a9f5e09acf476e07e5ea768c558a5622601742b27b91724dde6a0f96d3e53e67db57bbd0d3f2dd8439192dfc71f9e5f289c7f519e8b794fb09b64fb3c1bcd46731051de09510ebd717eb57655d447753fd2ff052a9d6889ddb5a5f68564bd00a5ff58a75805eadb00000000000000006a9af2471aada1ad164502199e0a668ad4daa53e5658f82733b3c7f36fcf3146adf7025dfd79c5a67c27395f5ca5a90d45402e58b42946b5a977a56385f31083a4b65d61ec4991cd6c91a02bd788825a"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
listen(0xffffffffffffffff, 0x9)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r4, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\"\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7000ffdbdf2504000000"], 0x14}, 0x1, 0x1000000, 0x0, 0x20000800}, 0x800)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)

0s ago: executing program 2 (id=662):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
socket(0x10, 0x3, 0x0)
r6 = socket$inet(0xa, 0x801, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
accept4(r6, 0x0, 0x0, 0x800)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x804)
socket$packet(0x11, 0x3, 0x300)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000a00)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x98, 0x160, 0x160, 0x0, 0x220, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0xff, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x6, 0x0, 0x40}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@ip={@private=0xa010102, @multicast1, 0xffffffff, 0xff000000, 'veth1\x00', 'veth1_to_hsr\x00', {0xff}, {0xff}, 0xff, 0x1, 0xc}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x2, 0x7}}}, {{@ip={@rand_addr, @local, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00', {0xff}}, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xffff]}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478)
openat(0xffffffffffffff9c, 0x0, 0x107042, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
[   81.374698][ T5787] cgroup: Unknown subsys name 'net'
[   81.615921][ T5787] cgroup: Unknown subsys name 'cpuset'
[   81.671406][ T5787] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   83.475017][ T5787] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.973791][  T986] cfg80211: failed to load regulatory.db
[   87.238914][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.254099][ T5800] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.255035][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.275210][ T5800] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.288271][ T5800] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.374905][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   87.376817][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   87.377566][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   87.378732][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   87.411421][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.494842][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.503212][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.532409][   T61] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.533047][   T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.534627][   T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.537990][   T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.540473][ T5810] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.541897][ T5810] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.560780][   T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.561596][   T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.631648][ T5800] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   87.633186][ T5800] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   87.633936][ T5800] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   87.635102][ T5800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   87.641095][ T5800] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   88.354495][ T5802] chnl_net:caif_netlink_parms(): no params data found
[   88.419152][ T5799] chnl_net:caif_netlink_parms(): no params data found
[   88.782523][ T5807] chnl_net:caif_netlink_parms(): no params data found
[   88.787312][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   88.927291][ T5805] chnl_net:caif_netlink_parms(): no params data found
[   89.277814][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.279170][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.279550][ T5802] bridge_slave_0: entered allmulticast mode
[   89.281964][ T5802] bridge_slave_0: entered promiscuous mode
[   89.362589][ T5800] Bluetooth: hci0: command tx timeout
[   89.409312][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.409390][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.409659][ T5802] bridge_slave_1: entered allmulticast mode
[   89.412662][ T5802] bridge_slave_1: entered promiscuous mode
[   89.416017][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.416143][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.416661][ T5799] bridge_slave_0: entered allmulticast mode
[   89.419344][ T5799] bridge_slave_0: entered promiscuous mode
[   89.445179][ T5800] Bluetooth: hci1: command tx timeout
[   89.571626][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.571717][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.571827][ T5799] bridge_slave_1: entered allmulticast mode
[   89.573383][ T5799] bridge_slave_1: entered promiscuous mode
[   89.602965][   T61] Bluetooth: hci2: command tx timeout
[   89.603166][ T5800] Bluetooth: hci3: command tx timeout
[   89.680787][ T5800] Bluetooth: hci4: command tx timeout
[   89.952406][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.172853][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.175596][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.175834][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.176027][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.176186][ T5807] bridge_slave_0: entered allmulticast mode
[   90.177927][ T5807] bridge_slave_0: entered promiscuous mode
[   90.183950][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.184075][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.184616][ T5814] bridge_slave_0: entered allmulticast mode
[   90.187238][ T5814] bridge_slave_0: entered promiscuous mode
[   90.374023][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.380962][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.381087][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.381300][ T5807] bridge_slave_1: entered allmulticast mode
[   90.384050][ T5807] bridge_slave_1: entered promiscuous mode
[   90.385565][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.385687][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.385861][ T5814] bridge_slave_1: entered allmulticast mode
[   90.388488][ T5814] bridge_slave_1: entered promiscuous mode
[   90.881937][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.882046][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.882192][ T5805] bridge_slave_0: entered allmulticast mode
[   90.883722][ T5805] bridge_slave_0: entered promiscuous mode
[   90.887998][ T5802] team0: Port device team_slave_0 added
[   91.121597][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.121746][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.121925][ T5805] bridge_slave_1: entered allmulticast mode
[   91.123768][ T5805] bridge_slave_1: entered promiscuous mode
[   91.126783][ T5802] team0: Port device team_slave_1 added
[   91.128491][ T5799] team0: Port device team_slave_0 added
[   91.135760][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.142303][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.323009][ T5799] team0: Port device team_slave_1 added
[   91.325757][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.328470][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.440677][ T5800] Bluetooth: hci0: command tx timeout
[   91.520725][ T5800] Bluetooth: hci1: command tx timeout
[   91.680759][   T61] Bluetooth: hci2: command tx timeout
[   91.680839][ T5800] Bluetooth: hci3: command tx timeout
[   91.705572][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.706821][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.706835][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.706854][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.760615][ T5800] Bluetooth: hci4: command tx timeout
[   91.983939][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.984638][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.984651][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.984665][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.985853][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.985861][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   91.985874][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.133017][ T5814] team0: Port device team_slave_0 added
[   92.135033][ T5807] team0: Port device team_slave_0 added
[   92.239718][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.239734][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.239748][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.243673][ T5814] team0: Port device team_slave_1 added
[   92.246488][ T5807] team0: Port device team_slave_1 added
[   92.462863][ T5805] team0: Port device team_slave_0 added
[   92.653377][ T5805] team0: Port device team_slave_1 added
[   92.723025][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.723037][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.723052][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.724420][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.724437][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   92.724461][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.032271][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.032283][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.032297][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.033243][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.033253][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.033267][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.177805][ T5802] hsr_slave_0: entered promiscuous mode
[   93.178847][ T5802] hsr_slave_1: entered promiscuous mode
[   93.354266][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.354283][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.354304][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.362326][ T5799] hsr_slave_0: entered promiscuous mode
[   93.363760][ T5799] hsr_slave_1: entered promiscuous mode
[   93.364773][ T5799] debugfs: 'hsr0' already exists in 'hsr'
[   93.364889][ T5799] Cannot create hsr debugfs directory
[   93.372434][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.372449][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   93.372473][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.520731][ T5800] Bluetooth: hci0: command tx timeout
[   93.600863][ T5800] Bluetooth: hci1: command tx timeout
[   93.760892][ T5800] Bluetooth: hci2: command tx timeout
[   93.760906][   T61] Bluetooth: hci3: command tx timeout
[   93.840887][   T61] Bluetooth: hci4: command tx timeout
[   94.073084][ T5814] hsr_slave_0: entered promiscuous mode
[   94.073865][ T5814] hsr_slave_1: entered promiscuous mode
[   94.075343][ T5814] debugfs: 'hsr0' already exists in 'hsr'
[   94.075361][ T5814] Cannot create hsr debugfs directory
[   94.080479][ T5807] hsr_slave_0: entered promiscuous mode
[   94.083861][ T5807] hsr_slave_1: entered promiscuous mode
[   94.084741][ T5807] debugfs: 'hsr0' already exists in 'hsr'
[   94.084763][ T5807] Cannot create hsr debugfs directory
[   94.527281][ T5805] hsr_slave_0: entered promiscuous mode
[   94.528159][ T5805] hsr_slave_1: entered promiscuous mode
[   94.528758][ T5805] debugfs: 'hsr0' already exists in 'hsr'
[   94.528776][ T5805] Cannot create hsr debugfs directory
[   95.571893][ T5802] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   95.600947][   T61] Bluetooth: hci0: command tx timeout
[   95.622214][ T5802] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   95.674469][ T5802] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   95.680890][   T61] Bluetooth: hci1: command tx timeout
[   95.728869][ T5802] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   95.836696][ T5799] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   95.841637][   T61] Bluetooth: hci2: command tx timeout
[   95.841670][   T61] Bluetooth: hci3: command tx timeout
[   95.890681][ T5799] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   95.916967][ T5799] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   95.920862][ T5800] Bluetooth: hci4: command tx timeout
[   95.978909][ T5799] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   96.119619][ T5814] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   96.150387][ T5814] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   96.188504][ T5814] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   96.247724][ T5814] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   96.395919][ T5807] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.428431][ T5807] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.471232][ T5807] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.522675][ T5807] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   96.568325][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.666225][ T5805] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   96.709292][ T5805] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   96.748027][ T5802] 8021q: adding VLAN 0 to HW filter on device team0
[   96.753094][ T5805] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   96.787789][ T5805] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   96.846786][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.847351][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.887223][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.887351][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.923488][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.021195][ T5799] 8021q: adding VLAN 0 to HW filter on device team0
[   97.049511][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.062019][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.062146][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.096809][ T1560] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.096952][ T1560] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.158617][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   97.209870][ T1560] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.210044][ T1560] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.219414][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.268073][ T1560] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.268247][ T1560] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.346899][ T5807] 8021q: adding VLAN 0 to HW filter on device team0
[   97.386465][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.413213][ T3517] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.413424][ T3517] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.465658][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.465877][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.528893][ T5805] 8021q: adding VLAN 0 to HW filter on device team0
[   97.580264][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.580392][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.638542][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.639455][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.709593][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.857345][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.988796][ T5802] veth0_vlan: entered promiscuous mode
[   98.079812][ T5802] veth1_vlan: entered promiscuous mode
[   98.130175][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.166829][ T5799] veth0_vlan: entered promiscuous mode
[   98.233646][ T5799] veth1_vlan: entered promiscuous mode
[   98.261730][ T5802] veth0_macvtap: entered promiscuous mode
[   98.286653][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.302834][ T5802] veth1_macvtap: entered promiscuous mode
[   98.399450][ T5814] veth0_vlan: entered promiscuous mode
[   98.411810][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.445241][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.448115][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.455470][ T5799] veth0_macvtap: entered promiscuous mode
[   98.488930][ T5814] veth1_vlan: entered promiscuous mode
[   98.517829][ T5799] veth1_macvtap: entered promiscuous mode
[   98.533283][ T3517] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.542428][ T3517] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.551315][ T3517] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.575527][ T3517] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.716527][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.799789][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.845172][ T5814] veth0_macvtap: entered promiscuous mode
[   98.846804][  T156] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.858544][  T156] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.877386][  T156] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.898276][  T156] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.908269][ T5814] veth1_macvtap: entered promiscuous mode
[   98.949470][ T5805] veth0_vlan: entered promiscuous mode
[   99.008697][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.008722][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.132744][ T5805] veth1_vlan: entered promiscuous mode
[   99.167823][ T5807] veth0_vlan: entered promiscuous mode
[   99.196158][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.242795][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.262335][ T3517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.262354][ T3517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.284859][ T5807] veth1_vlan: entered promiscuous mode
[   99.308534][ T3008] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.324991][ T3008] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.330364][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.330386][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.365039][ T3008] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.392991][   T43] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.562855][ T5805] veth0_macvtap: entered promiscuous mode
[   99.577148][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.577166][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.601831][ T5805] veth1_macvtap: entered promiscuous mode
[   99.726792][ T5915] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1'.
[   99.726827][ T5915] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1'.
[   99.740351][ T5807] veth0_macvtap: entered promiscuous mode
[   99.798497][ T5807] veth1_macvtap: entered promiscuous mode
[   99.813452][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.827641][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.827660][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.880706][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.932338][ T5915] mmap: syz.0.1 (5915) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  100.016325][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.034149][ T3517] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.053247][ T3517] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.055023][ T3008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.055036][ T3008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.058605][ T3517] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.060073][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.070857][ T3517] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.416075][   T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.933782][ T1159] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.016022][ T1159] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.036387][ T1159] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.442648][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.442669][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.075358][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.075379][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.229846][ T3517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.229868][ T3517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.383398][ T5920] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.383418][ T5920] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.731096][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731144][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731224][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731307][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731341][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731374][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731407][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731441][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731475][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.731515][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  108.423656][ T5975] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5'.
[  108.423683][ T5975] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5'.
[  110.453940][ T5993] netlink: 48 bytes leftover after parsing attributes in process `syz.2.20'.
[  110.910843][ T5865] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  111.183785][ T5865] usb 4-1: config index 0 descriptor too short (expected 72, got 10)
[  111.183814][ T5865] usb 4-1: config 1 descriptor has 1 excess byte, ignoring
[  111.183833][ T5865] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  111.413455][ T6004] input: syz1 as /devices/virtual/input/input5
[  113.643629][ T5865] usb 4-1: string descriptor 0 read error: -71
[  113.643800][ T5865] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  113.643825][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.740796][ T5865] usb 4-1: can't set config #1, error -71
[  113.758228][ T5865] usb 4-1: USB disconnect, device number 2
[  115.359075][ T6022] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  115.613902][ T6028] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  115.695339][ T6026] Bluetooth: MGMT ver 1.23
[  115.912633][ T6030] netlink: 40 bytes leftover after parsing attributes in process `syz.2.31'.
[  117.186231][ T6039] Process accounting resumed
[  117.213989][    C0] vkms_vblank_simulate: vblank timer overrun
[  117.308863][ T6037] vxcan1: entered allmulticast mode
[  117.584031][ T6046] input: syz1 as /devices/virtual/input/input6
[  118.565603][ T6054] input: syz1 as /devices/virtual/input/input7
[  119.707224][    C0] vkms_vblank_simulate: vblank timer overrun
[  120.244839][ T6080] netlink: 24 bytes leftover after parsing attributes in process `syz.0.48'.
[  122.327540][ T6092] program syz.3.51 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  123.899208][ T6106] netlink: 104 bytes leftover after parsing attributes in process `syz.2.52'.
[  123.940560][ T6106] process 'syz.2.52' launched '/dev/fd/10' with NULL argv: empty string added
[  123.961606][  T986] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  124.405466][  T986] usb 5-1: Using ep0 maxpacket: 32
[  124.431118][  T986] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  124.439062][  T986] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  125.355116][  T986] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  125.355147][  T986] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  125.355168][  T986] usb 5-1: Product: syz
[  125.355182][  T986] usb 5-1: Manufacturer: syz
[  125.355196][  T986] usb 5-1: SerialNumber: syz
[  125.698350][  T986] usb 5-1: config 0 descriptor??
[  126.790225][  T986] usb 5-1: USB disconnect, device number 2
[  127.158230][ T6120] capability: warning: `syz.0.59' uses deprecated v2 capabilities in a way that may be insecure
[  128.195291][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  128.387738][    T9] usb 4-1: Using ep0 maxpacket: 32
[  128.390720][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.390783][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  128.397495][    T9] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  128.397524][    T9] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  128.397544][    T9] usb 4-1: Product: syz
[  128.397558][    T9] usb 4-1: Manufacturer: syz
[  128.397572][    T9] usb 4-1: SerialNumber: syz
[  128.422753][    T9] usb 4-1: config 0 descriptor??
[  128.451244][ T5872] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  128.507026][ T6138] FAULT_INJECTION: forcing a failure.
[  128.507026][ T6138] name failslab, interval 1, probability 0, space 0, times 1
[  128.507082][ T6138] CPU: 0 UID: 0 PID: 6138 Comm: syz.4.64 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  128.507104][ T6138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  128.507118][ T6138] Call Trace:
[  128.507129][ T6138]  <TASK>
[  128.507137][ T6138]  dump_stack_lvl+0x189/0x250
[  128.507174][ T6138]  ? __pfx____ratelimit+0x10/0x10
[  128.507197][ T6138]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.507222][ T6138]  ? __pfx__printk+0x10/0x10
[  128.507259][ T6138]  should_fail_ex+0x46c/0x600
[  128.507288][ T6138]  ? __send_signal_locked+0x22c/0xec0
[  128.507305][ T6138]  should_failslab+0xa8/0x100
[  128.507331][ T6138]  ? __send_signal_locked+0x22c/0xec0
[  128.507345][ T6138]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  128.507369][ T6138]  ? sig_get_ucounts+0x26/0x450
[  128.507386][ T6138]  ? sig_get_ucounts+0x3e4/0x450
[  128.507409][ T6138]  __send_signal_locked+0x22c/0xec0
[  128.507437][ T6138]  ? __lock_task_sighand+0x29/0x2a0
[  128.507458][ T6138]  send_sig+0x80/0xf0
[  128.507479][ T6138]  sk_stream_error+0xa9/0x120
[  128.507503][ T6138]  tcp_sendmsg_locked+0x4eab/0x5550
[  128.507550][ T6138]  ? __local_bh_enable+0x27b/0x410
[  128.507576][ T6138]  ? __local_bh_enable+0x28c/0x410
[  128.507596][ T6138]  ? reacquire_held_locks+0x127/0x1d0
[  128.507624][ T6138]  ? __pfx___local_bh_enable+0x10/0x10
[  128.507653][ T6138]  ? __local_bh_enable_ip+0x1c0/0x2e0
[  128.507673][ T6138]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.507700][ T6138]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  128.507734][ T6138]  ? rt_spin_unlock+0x161/0x200
[  128.507755][ T6138]  ? lock_sock_nested+0x5f/0x130
[  128.507779][ T6138]  ? lock_sock_nested+0xdd/0x130
[  128.507806][ T6138]  tcp_sendmsg+0x2f/0x50
[  128.507831][ T6138]  __sock_sendmsg+0xe5/0x270
[  128.507859][ T6138]  ____sys_sendmsg+0x534/0x820
[  128.507887][ T6138]  ? __pfx_____sys_sendmsg+0x10/0x10
[  128.507919][ T6138]  ? import_iovec+0x74/0xa0
[  128.507944][ T6138]  ___sys_sendmsg+0x21f/0x2a0
[  128.507968][ T6138]  ? __pfx____sys_sendmsg+0x10/0x10
[  128.508029][ T6138]  ? __fget_files+0x2a/0x420
[  128.508052][ T6138]  ? __fget_files+0x3a6/0x420
[  128.508087][ T6138]  __sys_sendmmsg+0x22d/0x430
[  128.508115][ T6138]  ? __pfx___sys_sendmmsg+0x10/0x10
[  128.508147][ T6138]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  128.508185][ T6138]  ? ksys_write+0x230/0x260
[  128.508210][ T6138]  ? __pfx_ksys_write+0x10/0x10
[  128.508238][ T6138]  __x64_sys_sendmmsg+0xa0/0xc0
[  128.508280][ T6138]  do_syscall_64+0xfa/0xfa0
[  128.508302][ T6138]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.508324][ T6138]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.508342][ T6138]  ? clear_bhb_loop+0x60/0xb0
[  128.508366][ T6138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.508384][ T6138] RIP: 0033:0x7f93dffeefc9
[  128.508409][ T6138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.508431][ T6138] RSP: 002b:00007f93de24e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  128.508452][ T6138] RAX: ffffffffffffffda RBX: 00007f93e0245fa0 RCX: 00007f93dffeefc9
[  128.508465][ T6138] RDX: 0000000000000001 RSI: 0000200000003c00 RDI: 0000000000000003
[  128.508477][ T6138] RBP: 00007f93de24e090 R08: 0000000000000000 R09: 0000000000000000
[  128.508488][ T6138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.508499][ T6138] R13: 00007f93e0246038 R14: 00007f93e0245fa0 R15: 00007ffd1063f938
[  128.508532][ T6138]  </TASK>
[  128.604954][ T5872] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  128.604988][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  128.608932][ T5872] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  128.608959][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.608979][ T5872] usb 2-1: Product: syz
[  128.608992][ T5872] usb 2-1: Manufacturer: syz
[  128.609006][ T5872] usb 2-1: SerialNumber: syz
[  128.679948][ T5872] usb 2-1: config 0 descriptor??
[  128.681160][ T6125] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  128.890265][    T9] usb 4-1: USB disconnect, device number 3
[  129.319068][ T6146] fuse: Unknown parameter ''
[  129.605814][ T6147] netlink: 104 bytes leftover after parsing attributes in process `syz.2.65'.
[  129.679269][   T31] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  129.968568][   T31] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  129.968647][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  130.076392][   T31] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  130.076434][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.076485][   T31] usb 1-1: Product: syz
[  130.076500][   T31] usb 1-1: Manufacturer: syz
[  130.076553][   T31] usb 1-1: SerialNumber: syz
[  131.681939][ T5872] rc_core: IR keymap rc-streamzap not found
[  131.681961][ T5872] Registered IR keymap rc-empty
[  132.793991][ T5872] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  133.533654][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  133.533764][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  133.952346][ T6166] FAULT_INJECTION: forcing a failure.
[  133.952346][ T6166] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  133.952381][ T6166] CPU: 1 UID: 0 PID: 6166 Comm: syz.1.71 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  133.952402][ T6166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  133.952413][ T6166] Call Trace:
[  133.952420][ T6166]  <TASK>
[  133.952429][ T6166]  dump_stack_lvl+0x189/0x250
[  133.952459][ T6166]  ? __pfx____ratelimit+0x10/0x10
[  133.952483][ T6166]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.952509][ T6166]  ? __pfx__printk+0x10/0x10
[  133.952531][ T6166]  ? __might_fault+0xb0/0x130
[  133.952571][ T6166]  should_fail_ex+0x46c/0x600
[  133.952601][ T6166]  _copy_from_user+0x2d/0xb0
[  133.952623][ T6166]  memdup_user+0x5e/0xd0
[  133.952645][ T6166]  strndup_user+0x68/0xd0
[  133.952666][ T6166]  __se_sys_mount+0x9d/0x410
[  133.952692][ T6166]  ? ksys_write+0x230/0x260
[  133.952717][ T6166]  ? __pfx___se_sys_mount+0x10/0x10
[  133.952745][ T6166]  ? do_syscall_64+0xbe/0xfa0
[  133.952766][ T6166]  ? __x64_sys_mount+0x20/0xc0
[  133.952793][ T6166]  do_syscall_64+0xfa/0xfa0
[  133.952814][ T6166]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.952837][ T6166]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.952856][ T6166]  ? clear_bhb_loop+0x60/0xb0
[  133.952878][ T6166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.952896][ T6166] RIP: 0033:0x7ff417a0efc9
[  133.952912][ T6166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.952927][ T6166] RSP: 002b:00007ff415c76038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  133.952947][ T6166] RAX: ffffffffffffffda RBX: 00007ff417c65fa0 RCX: 00007ff417a0efc9
[  133.952961][ T6166] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 0000000000000000
[  133.952974][ T6166] RBP: 00007ff415c76090 R08: 00002000000003c0 R09: 0000000000000000
[  133.952986][ T6166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.952997][ T6166] R13: 00007ff417c66038 R14: 00007ff417c65fa0 R15: 00007ffde2737658
[  133.953028][ T6166]  </TASK>
[  134.753514][    C0] vkms_vblank_simulate: vblank timer overrun
[  135.028068][    C0] vkms_vblank_simulate: vblank timer overrun
[  135.406087][    C0] vkms_vblank_simulate: vblank timer overrun
[  135.894543][ T5872] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8
[  135.930325][   T31] usb 1-1: config 0 descriptor??
[  135.931501][   T31] usb 1-1: can't set config #0, error -71
[  135.994595][   T31] usb 1-1: USB disconnect, device number 2
[  136.126197][ T5872] usb 2-1: USB disconnect, device number 2
[  136.380673][ T5903] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  137.791503][ T6193] afs: Unknown parameter 'd}.'
[  137.797857][ T5903] usb 3-1: config index 0 descriptor too short (expected 72, got 10)
[  137.797886][ T5903] usb 3-1: config 1 descriptor has 1 excess byte, ignoring
[  137.797906][ T5903] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  140.962437][ T5903] usb 3-1: string descriptor 0 read error: -71
[  140.962583][ T5903] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  140.962608][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.047689][ T5903] usb 3-1: can't set config #1, error -71
[  141.050436][ T5903] usb 3-1: USB disconnect, device number 2
[  141.180036][ T6205] fuse: Unknown parameter ''
[  141.430634][ T5789] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  141.583252][ T5789] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  141.583282][ T5789] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.647141][ T5789] usb 1-1: config 0 descriptor??
[  141.690310][ T5789] gspca_main: cpia1-2.14.0 probing 0813:0001
[  142.083888][ T5789] cpia1 1-1:0.0: unexpected state after lo power cmd: 00
[  142.264344][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  143.365252][ T5789] gspca_cpia1: usb_control_msg 02, error -110
[  143.365703][ T5789] gspca_cpia1: usb_control_msg 05, error -32
[  143.366106][ T5789] gspca_cpia1: usb_control_msg 05, error -32
[  143.366506][ T5789] gspca_cpia1: usb_control_msg 05, error -32
[  143.366918][ T5789] gspca_cpia1: usb_control_msg 05, error -32
[  143.366932][ T5789] cpia1 1-1:0.0: unexpected systemstate: 00
[  143.483315][ T6221] afs: Unknown parameter 'd}.'
[  143.783738][ T5903] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  143.860590][    T9] usb 5-1: Using ep0 maxpacket: 8
[  143.865726][    T9] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  143.865753][    T9] usb 5-1: config 0 has no interface number 0
[  143.865803][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  143.865840][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  143.865865][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  143.865889][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  143.865918][    T9] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  143.865961][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  143.865982][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.876569][    T9] usb 5-1: config 0 descriptor??
[  143.977177][    T9] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  143.985276][ T5872] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  143.998244][ T5903] usb 2-1: Using ep0 maxpacket: 32
[  144.010688][ T5903] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  144.010746][ T5903] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  144.010773][ T5903] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  144.010800][ T5903] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  144.013821][ T5903] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  144.013848][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.013865][ T5903] usb 2-1: Product: syz
[  144.013877][ T5903] usb 2-1: Manufacturer: syz
[  144.013892][ T5903] usb 2-1: SerialNumber: syz
[  144.130667][ T5872] usb 3-1: device descriptor read/64, error -71
[  144.136118][    C1] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  144.164890][ T5903] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input9
[  144.226635][ T6226] Zero length message leads to an empty skb
[  144.346160][ T6213] ldusb 5-1:0.55: Couldn't submit interrupt_in_urb -90
[  144.383056][ T5872] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  144.563147][ T5872] usb 3-1: device descriptor read/64, error -71
[  144.677380][ T5872] usb usb3-port1: attempt power cycle
[  144.682798][    T9] usb 1-1: USB disconnect, device number 3
[  144.905025][ T5903] imon:send_packet: packet tx failed (-71)
[  144.934209][ T5903] imon 2-1:155.0: panel buttons/knobs setup failed
[  144.934232][ T5903] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  144.934245][ T5903]  (id 0x00)
[  145.080640][ T5872] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  145.104644][ T5872] usb 3-1: device descriptor read/8, error -71
[  145.140666][ T5903] rc_core: IR keymap rc-imon-pad not found
[  145.140687][ T5903] Registered IR keymap rc-empty
[  145.142685][ T5903] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  145.142708][ T5903] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  145.143066][ T5903] imon:send_packet: packet tx failed (-71)
[  145.160647][ T5903] imon 2-1:155.0: remote input dev register failed
[  145.160812][ T5903] imon 2-1:155.0: imon_init_intf0: rc device setup failed
[  145.343464][ T6236] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  145.362494][ T5872] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  145.386431][ T5872] usb 3-1: device descriptor read/8, error -71
[  145.492098][ T5872] usb usb3-port1: unable to enumerate USB device
[  145.506167][ T5872] usb 5-1: USB disconnect, device number 3
[  145.517476][ T5872] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  145.550340][ T5903] imon 2-1:155.0: unable to initialize intf0, err 0
[  145.550363][ T5903] imon:imon_probe: failed to initialize context!
[  145.550376][ T5903] imon 2-1:155.0: unable to register, err -19
[  145.591789][ T5903] usb 2-1: USB disconnect, device number 3
[  145.640701][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  145.763893][ T6246] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  145.763920][ T6246] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  145.832842][ T6246] vhci_hcd vhci_hcd.0: Device attached
[  146.110985][ T5888] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  146.262471][ T6247] vhci_hcd: connection reset by peer
[  146.307974][ T3517] vhci_hcd: stop threads
[  146.312422][ T3517] vhci_hcd: release socket
[  146.377061][ T3517] vhci_hcd: disconnect device
[  146.876696][   T10] usb 4-1: Using ep0 maxpacket: 8
[  146.922783][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  146.929581][   T10] usb 4-1: config 5 has an invalid interface number: 97 but max is 1
[  146.929607][   T10] usb 4-1: config 5 has an invalid interface number: 175 but max is 1
[  146.929627][   T10] usb 4-1: config 5 has no interface number 0
[  146.929643][   T10] usb 4-1: config 5 has no interface number 1
[  146.929688][   T10] usb 4-1: config 5 interface 97 has no altsetting 0
[  146.929706][   T10] usb 4-1: config 5 interface 175 has no altsetting 0
[  146.961845][   T10] usb 4-1: string descriptor 0 read error: -22
[  146.962010][   T10] usb 4-1: New USB device found, idVendor=c643, idProduct=384d, bcdDevice=c9.f6
[  146.962034][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.006387][ T5872] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  147.170837][   T10] usb-storage 4-1:5.97: USB Mass Storage device detected
[  147.205514][ T5872] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  147.205549][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  147.230784][ T5872] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  147.230815][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.230835][ T5872] usb 5-1: Product: syz
[  147.230849][ T5872] usb 5-1: Manufacturer: syz
[  147.230863][ T5872] usb 5-1: SerialNumber: syz
[  147.306985][ T6239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.310925][ T5872] usb 5-1: config 0 descriptor??
[  147.312376][ T6245] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  147.315780][ T6239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.536192][   T31] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  147.550682][ T5872] rc_core: IR keymap rc-streamzap not found
[  147.550702][ T5872] Registered IR keymap rc-empty
[  147.830083][   T31] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  147.830152][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  148.253929][   T31] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  148.253960][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.253981][   T31] usb 3-1: Product: syz
[  148.253994][   T31] usb 3-1: Manufacturer: syz
[  148.254007][   T31] usb 3-1: SerialNumber: syz
[  148.258127][ T5872] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  148.272350][ T5872] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input11
[  148.281680][   T10] usb 4-1: USB disconnect, device number 4
[  148.624733][   T31] usb 3-1: config 0 descriptor??
[  148.648281][ T6254] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  148.666256][ T5872] usb 5-1: USB disconnect, device number 4
[  149.790411][ T6272] netlink: 16 bytes leftover after parsing attributes in process `syz.0.97'.
[  149.790438][ T6272] netlink: 16 bytes leftover after parsing attributes in process `syz.0.97'.
[  149.865250][   T31] rc_core: IR keymap rc-streamzap not found
[  149.865270][   T31] Registered IR keymap rc-empty
[  149.952354][   T31] rc rc1: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc1
[  149.982503][   T31] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc1/input12
[  150.030341][   T31] usb 3-1: USB disconnect, device number 7
[  151.190717][ T5888] vhci_hcd: vhci_device speed not set
[  154.744289][ T6329] vxcan1: entered allmulticast mode
[  155.061857][ T6330] netlink: 8 bytes leftover after parsing attributes in process `syz.4.120'.
[  155.164673][ T6336] input: syz1 as /devices/virtual/input/input13
[  156.511366][ T6352] FAULT_INJECTION: forcing a failure.
[  156.511366][ T6352] name failslab, interval 1, probability 0, space 0, times 0
[  156.511401][ T6352] CPU: 1 UID: 0 PID: 6352 Comm: syz.0.128 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  156.511422][ T6352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  156.511434][ T6352] Call Trace:
[  156.511442][ T6352]  <TASK>
[  156.511451][ T6352]  dump_stack_lvl+0x189/0x250
[  156.511482][ T6352]  ? __pfx____ratelimit+0x10/0x10
[  156.511506][ T6352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.511533][ T6352]  ? __pfx__printk+0x10/0x10
[  156.511559][ T6352]  ? __pfx___might_resched+0x10/0x10
[  156.511580][ T6352]  ? fs_reclaim_acquire+0x7d/0x100
[  156.511609][ T6352]  should_fail_ex+0x46c/0x600
[  156.511637][ T6352]  ? __alloc_skb+0x112/0x2d0
[  156.511654][ T6352]  should_failslab+0xa8/0x100
[  156.511680][ T6352]  ? __alloc_skb+0x112/0x2d0
[  156.511696][ T6352]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  156.511720][ T6352]  ? netlink_autobind+0xdb/0x300
[  156.511744][ T6352]  __alloc_skb+0x112/0x2d0
[  156.511767][ T6352]  netlink_sendmsg+0x5c6/0xb30
[  156.511785][ T6352]  ? is_bpf_text_address+0x26/0x2b0
[  156.511818][ T6352]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.511846][ T6352]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  156.511870][ T6352]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.511890][ T6352]  __sock_sendmsg+0x21c/0x270
[  156.511919][ T6352]  ____sys_sendmsg+0x508/0x820
[  156.511947][ T6352]  ? __pfx_____sys_sendmsg+0x10/0x10
[  156.511978][ T6352]  ? import_iovec+0x74/0xa0
[  156.512010][ T6352]  ___sys_sendmsg+0x21f/0x2a0
[  156.512034][ T6352]  ? __pfx____sys_sendmsg+0x10/0x10
[  156.512091][ T6352]  ? __fget_files+0x2a/0x420
[  156.512114][ T6352]  ? __fget_files+0x3a6/0x420
[  156.512148][ T6352]  __x64_sys_sendmsg+0x1a1/0x260
[  156.512172][ T6352]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  156.512204][ T6352]  ? __pfx_ksys_write+0x10/0x10
[  156.512230][ T6352]  ? do_syscall_64+0xbe/0xfa0
[  156.512257][ T6352]  do_syscall_64+0xfa/0xfa0
[  156.512278][ T6352]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.512300][ T6352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.512319][ T6352]  ? clear_bhb_loop+0x60/0xb0
[  156.512340][ T6352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.512357][ T6352] RIP: 0033:0x7f8b3604efc9
[  156.512373][ T6352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.512387][ T6352] RSP: 002b:00007f8b342ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.512407][ T6352] RAX: ffffffffffffffda RBX: 00007f8b362a5fa0 RCX: 00007f8b3604efc9
[  156.512419][ T6352] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  156.512431][ T6352] RBP: 00007f8b342ae090 R08: 0000000000000000 R09: 0000000000000000
[  156.512443][ T6352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.512454][ T6352] R13: 00007f8b362a6038 R14: 00007f8b362a5fa0 R15: 00007ffe8670da58
[  156.512486][ T6352]  </TASK>
[  159.280474][ T6381] FAULT_INJECTION: forcing a failure.
[  159.280474][ T6381] name failslab, interval 1, probability 0, space 0, times 0
[  159.280549][ T6381] CPU: 0 UID: 0 PID: 6381 Comm: syz.1.139 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  159.280570][ T6381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  159.280579][ T6381] Call Trace:
[  159.280586][ T6381]  <TASK>
[  159.280594][ T6381]  dump_stack_lvl+0x189/0x250
[  159.280623][ T6381]  ? __pfx____ratelimit+0x10/0x10
[  159.280643][ T6381]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.280681][ T6381]  ? __pfx__printk+0x10/0x10
[  159.280704][ T6381]  ? __pfx___might_resched+0x10/0x10
[  159.280721][ T6381]  ? fs_reclaim_acquire+0x7d/0x100
[  159.280748][ T6381]  should_fail_ex+0x46c/0x600
[  159.280772][ T6381]  ? __alloc_skb+0x112/0x2d0
[  159.280784][ T6381]  should_failslab+0xa8/0x100
[  159.280804][ T6381]  ? __alloc_skb+0x112/0x2d0
[  159.280815][ T6381]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  159.280834][ T6381]  ? netlink_autobind+0xdb/0x300
[  159.280853][ T6381]  __alloc_skb+0x112/0x2d0
[  159.280870][ T6381]  netlink_sendmsg+0x5c6/0xb30
[  159.280884][ T6381]  ? is_bpf_text_address+0x26/0x2b0
[  159.280913][ T6381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.280936][ T6381]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  159.280957][ T6381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.280973][ T6381]  __sock_sendmsg+0x21c/0x270
[  159.280995][ T6381]  ____sys_sendmsg+0x508/0x820
[  159.281022][ T6381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  159.281046][ T6381]  ? import_iovec+0x74/0xa0
[  159.281065][ T6381]  ___sys_sendmsg+0x21f/0x2a0
[  159.281085][ T6381]  ? __pfx____sys_sendmsg+0x10/0x10
[  159.281138][ T6381]  ? __fget_files+0x2a/0x420
[  159.281158][ T6381]  ? __fget_files+0x3a6/0x420
[  159.281187][ T6381]  __x64_sys_sendmsg+0x1a1/0x260
[  159.281208][ T6381]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  159.281235][ T6381]  ? __pfx_ksys_write+0x10/0x10
[  159.281258][ T6381]  ? do_syscall_64+0xbe/0xfa0
[  159.281282][ T6381]  do_syscall_64+0xfa/0xfa0
[  159.281300][ T6381]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.281320][ T6381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.281335][ T6381]  ? clear_bhb_loop+0x60/0xb0
[  159.281354][ T6381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.281371][ T6381] RIP: 0033:0x7ff417a0efc9
[  159.281385][ T6381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.281396][ T6381] RSP: 002b:00007ff415c76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.281412][ T6381] RAX: ffffffffffffffda RBX: 00007ff417c65fa0 RCX: 00007ff417a0efc9
[  159.281423][ T6381] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  159.281432][ T6381] RBP: 00007ff415c76090 R08: 0000000000000000 R09: 0000000000000000
[  159.281441][ T6381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.281448][ T6381] R13: 00007ff417c66038 R14: 00007ff417c65fa0 R15: 00007ffde2737658
[  159.281473][ T6381]  </TASK>
[  160.179604][ T6382] netlink: 20 bytes leftover after parsing attributes in process `syz.0.138'.
[  160.179641][ T6382] netlink: 60 bytes leftover after parsing attributes in process `syz.0.138'.
[  160.423313][ T5903] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  160.427490][ T6382] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  160.579331][ T6395] 9pnet_fd: Insufficient options for proto=fd
[  160.840353][ T5903] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  160.840384][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.848847][ T5903] usb 4-1: config 0 descriptor??
[  160.856468][ T6382] bond1 (unregistering): Released all slaves
[  161.065227][ T6402] FAULT_INJECTION: forcing a failure.
[  161.065227][ T6402] name failslab, interval 1, probability 0, space 0, times 0
[  161.065261][ T6402] CPU: 0 UID: 0 PID: 6402 Comm: syz.1.148 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  161.065283][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  161.065294][ T6402] Call Trace:
[  161.065308][ T6402]  <TASK>
[  161.065317][ T6402]  dump_stack_lvl+0x189/0x250
[  161.065349][ T6402]  ? __pfx____ratelimit+0x10/0x10
[  161.065372][ T6402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.065398][ T6402]  ? __pfx__printk+0x10/0x10
[  161.065426][ T6402]  ? __pfx___might_resched+0x10/0x10
[  161.065446][ T6402]  ? fs_reclaim_acquire+0x7d/0x100
[  161.065476][ T6402]  should_fail_ex+0x46c/0x600
[  161.065509][ T6402]  should_failslab+0xa8/0x100
[  161.065536][ T6402]  __kmalloc_noprof+0xcc/0x7d0
[  161.065558][ T6402]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  161.065579][ T6402]  ? sock_kmalloc+0xd6/0x160
[  161.065606][ T6402]  sock_kmalloc+0xd6/0x160
[  161.065631][ T6402]  af_alg_alloc_areq+0x8d/0x260
[  161.065659][ T6402]  skcipher_recvmsg+0x359/0x11d0
[  161.065704][ T6402]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  161.065728][ T6402]  ? __lock_acquire+0xab9/0xd20
[  161.065752][ T6402]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  161.065775][ T6402]  ? security_socket_recvmsg+0x7e/0x2e0
[  161.065801][ T6402]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  161.065825][ T6402]  sock_recvmsg+0x22c/0x270
[  161.065856][ T6402]  ____sys_recvmsg+0x1ce/0x470
[  161.065888][ T6402]  ? __pfx_____sys_recvmsg+0x10/0x10
[  161.065926][ T6402]  ? import_iovec+0x74/0xa0
[  161.065951][ T6402]  ___sys_recvmsg+0x1b5/0x510
[  161.065980][ T6402]  ? __pfx____sys_recvmsg+0x10/0x10
[  161.066029][ T6402]  ? __fget_files+0x3a6/0x420
[  161.066066][ T6402]  __x64_sys_recvmsg+0x19e/0x260
[  161.066092][ T6402]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  161.066125][ T6402]  ? __pfx_ksys_write+0x10/0x10
[  161.066152][ T6402]  ? do_syscall_64+0xbe/0xfa0
[  161.066179][ T6402]  do_syscall_64+0xfa/0xfa0
[  161.066200][ T6402]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.066222][ T6402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.066241][ T6402]  ? clear_bhb_loop+0x60/0xb0
[  161.066263][ T6402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.066281][ T6402] RIP: 0033:0x7ff417a0efc9
[  161.066305][ T6402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.066320][ T6402] RSP: 002b:00007ff415c76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  161.066339][ T6402] RAX: ffffffffffffffda RBX: 00007ff417c65fa0 RCX: 00007ff417a0efc9
[  161.066353][ T6402] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  161.066364][ T6402] RBP: 00007ff415c76090 R08: 0000000000000000 R09: 0000000000000000
[  161.066376][ T6402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.066386][ T6402] R13: 00007ff417c66038 R14: 00007ff417c65fa0 R15: 00007ffde2737658
[  161.066418][ T6402]  </TASK>
[  162.752637][ T5903] kye 0003:0458:0138.0001: unbalanced delimiter at end of report description
[  162.753560][ T5903] kye 0003:0458:0138.0001: parse failed
[  162.753638][ T5903] kye 0003:0458:0138.0001: probe with driver kye failed with error -22
[  162.826562][ T5903] usb 4-1: USB disconnect, device number 5
[  164.221530][ T6424] FAULT_INJECTION: forcing a failure.
[  164.221530][ T6424] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.221562][ T6424] CPU: 1 UID: 0 PID: 6424 Comm: syz.0.156 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  164.221580][ T6424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  164.221590][ T6424] Call Trace:
[  164.221596][ T6424]  <TASK>
[  164.221604][ T6424]  dump_stack_lvl+0x189/0x250
[  164.221633][ T6424]  ? __pfx____ratelimit+0x10/0x10
[  164.221660][ T6424]  ? __pfx_dump_stack_lvl+0x10/0x10
[  164.221687][ T6424]  ? __pfx__printk+0x10/0x10
[  164.221706][ T6424]  ? __might_fault+0xb0/0x130
[  164.221737][ T6424]  should_fail_ex+0x46c/0x600
[  164.221762][ T6424]  _copy_from_user+0x2d/0xb0
[  164.221781][ T6424]  ___sys_sendmsg+0x158/0x2a0
[  164.221803][ T6424]  ? __pfx____sys_sendmsg+0x10/0x10
[  164.221845][ T6424]  ? __fget_files+0x2a/0x420
[  164.221864][ T6424]  ? __fget_files+0x3a6/0x420
[  164.221890][ T6424]  __sys_sendmmsg+0x22d/0x430
[  164.221910][ T6424]  ? __pfx___sys_sendmmsg+0x10/0x10
[  164.221935][ T6424]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  164.221966][ T6424]  ? ksys_write+0x230/0x260
[  164.221986][ T6424]  ? __pfx_ksys_write+0x10/0x10
[  164.222008][ T6424]  __x64_sys_sendmmsg+0xa0/0xc0
[  164.222025][ T6424]  do_syscall_64+0xfa/0xfa0
[  164.222054][ T6424]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.222068][ T6424]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  164.222082][ T6424]  ? clear_bhb_loop+0x60/0xb0
[  164.222100][ T6424]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.222115][ T6424] RIP: 0033:0x7f8b3604efc9
[  164.222130][ T6424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.222142][ T6424] RSP: 002b:00007f8b342ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  164.222159][ T6424] RAX: ffffffffffffffda RBX: 00007f8b362a5fa0 RCX: 00007f8b3604efc9
[  164.222170][ T6424] RDX: 0000000000000001 RSI: 0000200000000500 RDI: 0000000000000003
[  164.222179][ T6424] RBP: 00007f8b342ae090 R08: 0000000000000000 R09: 0000000000000000
[  164.222188][ T6424] R10: 0000000004000801 R11: 0000000000000246 R12: 0000000000000001
[  164.222198][ T6424] R13: 00007f8b362a6038 R14: 00007f8b362a5fa0 R15: 00007ffe8670da58
[  164.222223][ T6424]  </TASK>
[  165.138874][ T6443] FAULT_INJECTION: forcing a failure.
[  165.138874][ T6443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  165.138920][ T6443] CPU: 0 UID: 0 PID: 6443 Comm: syz.2.165 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  165.138941][ T6443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  165.138952][ T6443] Call Trace:
[  165.138960][ T6443]  <TASK>
[  165.138969][ T6443]  dump_stack_lvl+0x189/0x250
[  165.139000][ T6443]  ? __pfx____ratelimit+0x10/0x10
[  165.139023][ T6443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.139049][ T6443]  ? __pfx__printk+0x10/0x10
[  165.139084][ T6443]  should_fail_ex+0x46c/0x600
[  165.139118][ T6443]  _copy_to_user+0x31/0xb0
[  165.139141][ T6443]  io_query+0x296/0x5a0
[  165.139167][ T6443]  ? __pfx_io_query+0x10/0x10
[  165.139185][ T6443]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  165.139223][ T6443]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  165.139243][ T6443]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  165.139267][ T6443]  __se_sys_io_uring_register+0x143/0x1220
[  165.139291][ T6443]  ? fput+0xa0/0xd0
[  165.139309][ T6443]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  165.139327][ T6443]  ? ksys_write+0x230/0x260
[  165.139351][ T6443]  ? __pfx_ksys_write+0x10/0x10
[  165.139376][ T6443]  ? do_syscall_64+0xbe/0xfa0
[  165.139403][ T6443]  do_syscall_64+0xfa/0xfa0
[  165.139425][ T6443]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.139448][ T6443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.139466][ T6443]  ? clear_bhb_loop+0x60/0xb0
[  165.139489][ T6443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.139507][ T6443] RIP: 0033:0x7fd2b175efc9
[  165.139523][ T6443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.139538][ T6443] RSP: 002b:00007fd2af9c6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  165.139558][ T6443] RAX: ffffffffffffffda RBX: 00007fd2b19b5fa0 RCX: 00007fd2b175efc9
[  165.139572][ T6443] RDX: 0000200000000000 RSI: 0000000000000023 RDI: ffffffffffffffff
[  165.139585][ T6443] RBP: 00007fd2af9c6090 R08: 0000000000000000 R09: 0000000000000000
[  165.139596][ T6443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.139607][ T6443] R13: 00007fd2b19b6038 R14: 00007fd2b19b5fa0 R15: 00007ffe6fb91348
[  165.139639][ T6443]  </TASK>
[  166.356474][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.489699][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.542883][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.004342][ T6464] usb usb1: check_ctrlrecip: process 6464 (syz.0.171) requesting ep 01 but needs 81
[  167.004376][ T6464] usb usb1: usbfs: process 6464 (syz.0.171) did not claim interface 0 before use
[  168.058909][    C0] vkms_vblank_simulate: vblank timer overrun
[  168.395848][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.513024][    C0] vkms_vblank_simulate: vblank timer overrun
[  169.577733][ T6484] FAULT_INJECTION: forcing a failure.
[  169.577733][ T6484] name failslab, interval 1, probability 0, space 0, times 0
[  169.577766][ T6484] CPU: 0 UID: 0 PID: 6484 Comm: syz.4.178 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  169.577788][ T6484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  169.577799][ T6484] Call Trace:
[  169.577807][ T6484]  <TASK>
[  169.577815][ T6484]  dump_stack_lvl+0x189/0x250
[  169.577846][ T6484]  ? __pfx____ratelimit+0x10/0x10
[  169.577869][ T6484]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.577894][ T6484]  ? __pfx__printk+0x10/0x10
[  169.577922][ T6484]  ? __pfx___might_resched+0x10/0x10
[  169.577941][ T6484]  ? fs_reclaim_acquire+0x7d/0x100
[  169.577971][ T6484]  should_fail_ex+0x46c/0x600
[  169.578001][ T6484]  should_failslab+0xa8/0x100
[  169.578028][ T6484]  __kmalloc_noprof+0xcc/0x7d0
[  169.578051][ T6484]  ? tomoyo_encode+0x28b/0x550
[  169.578078][ T6484]  tomoyo_encode+0x28b/0x550
[  169.578106][ T6484]  tomoyo_realpath_from_path+0x58d/0x5d0
[  169.578130][ T6484]  ? tomoyo_domain+0xda/0x130
[  169.578157][ T6484]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  169.578185][ T6484]  tomoyo_path_number_perm+0x1e8/0x5a0
[  169.578215][ T6484]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  169.578247][ T6484]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  169.578272][ T6484]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.578327][ T6484]  ? __fget_files+0x2a/0x420
[  169.578356][ T6484]  ? __fget_files+0x3a6/0x420
[  169.578378][ T6484]  ? __fget_files+0x2a/0x420
[  169.578406][ T6484]  security_file_ioctl+0xcb/0x2d0
[  169.578428][ T6484]  __se_sys_ioctl+0x47/0x170
[  169.578451][ T6484]  do_syscall_64+0xfa/0xfa0
[  169.578473][ T6484]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.578495][ T6484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.578514][ T6484]  ? clear_bhb_loop+0x60/0xb0
[  169.578537][ T6484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.578555][ T6484] RIP: 0033:0x7f93dffeefc9
[  169.578572][ T6484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.578587][ T6484] RSP: 002b:00007f93de24e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  169.578607][ T6484] RAX: ffffffffffffffda RBX: 00007f93e0245fa0 RCX: 00007f93dffeefc9
[  169.578621][ T6484] RDX: 0000000000000000 RSI: 000000004040ae79 RDI: 0000000000000004
[  169.578633][ T6484] RBP: 00007f93de24e090 R08: 0000000000000000 R09: 0000000000000000
[  169.578645][ T6484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.578656][ T6484] R13: 00007f93e0246038 R14: 00007f93e0245fa0 R15: 00007ffd1063f938
[  169.578689][ T6484]  </TASK>
[  169.578713][ T6484] ERROR: Out of memory at tomoyo_realpath_from_path.
[  174.918474][ T5872] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  176.050691][ T5872] usb 3-1: Using ep0 maxpacket: 32
[  176.053675][ T5872] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  176.070687][ T5872] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  176.070718][ T5872] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  176.070738][ T5872] usb 3-1: Product: syz
[  176.070752][ T5872] usb 3-1: Manufacturer: syz
[  176.070767][ T5872] usb 3-1: SerialNumber: syz
[  176.131320][ T5872] usb 3-1: config 0 descriptor??
[  176.171265][ T6518] ubi31: attaching mtd0
[  176.218836][ T6518] ubi31: scanning is finished
[  176.218861][ T6518] ubi31: empty MTD device detected
[  176.849055][ T5872] usb 3-1: USB disconnect, device number 8
[  177.244327][ T6518] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  177.244353][ T6518] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  177.244369][ T6518] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  177.244385][ T6518] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  177.244401][ T6518] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  177.244418][ T6518] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  177.244434][ T6518] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1576688162
[  177.244453][ T6518] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  177.266408][ T6536] ubi31: background thread "ubi_bgt31d" started, PID 6536
[  177.723361][ T6549] FAULT_INJECTION: forcing a failure.
[  177.723361][ T6549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.723394][ T6549] CPU: 1 UID: 0 PID: 6549 Comm: syz.4.202 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  177.723416][ T6549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  177.723426][ T6549] Call Trace:
[  177.723434][ T6549]  <TASK>
[  177.723442][ T6549]  dump_stack_lvl+0x189/0x250
[  177.723472][ T6549]  ? __pfx____ratelimit+0x10/0x10
[  177.723512][ T6549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  177.723537][ T6549]  ? __pfx__printk+0x10/0x10
[  177.723556][ T6549]  ? __might_fault+0xb0/0x130
[  177.723591][ T6549]  should_fail_ex+0x46c/0x600
[  177.723620][ T6549]  _copy_from_iter+0x1de/0x1790
[  177.723657][ T6549]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  177.723694][ T6549]  ? __pfx__copy_from_iter+0x10/0x10
[  177.723722][ T6549]  ? set_page_refcounted+0xa0/0x1e0
[  177.723745][ T6549]  ? page_copy_sane+0x4e/0x280
[  177.723762][ T6549]  copy_page_from_iter+0xdd/0x170
[  177.723783][ T6549]  tun_get_user+0x1d7b/0x3ec0
[  177.723811][ T6549]  ? tun_get_user+0x6f6/0x3ec0
[  177.723837][ T6549]  ? __might_fault+0xb0/0x130
[  177.723858][ T6549]  ? __pfx_tun_get_user+0x10/0x10
[  177.723877][ T6549]  ? _parse_integer_limit+0x1ae/0x1f0
[  177.723909][ T6549]  ? __lock_acquire+0xab9/0xd20
[  177.723937][ T6549]  ? ref_tracker_alloc+0x2fe/0x450
[  177.723958][ T6549]  ? __lock_acquire+0xab9/0xd20
[  177.723981][ T6549]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  177.724009][ T6549]  ? tun_get+0x1c/0x2f0
[  177.724035][ T6549]  ? tun_get+0x1c/0x2f0
[  177.724055][ T6549]  ? tun_get+0x1c/0x2f0
[  177.724079][ T6549]  tun_chr_write_iter+0x119/0x200
[  177.724103][ T6549]  vfs_write+0x5d5/0xb40
[  177.724129][ T6549]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  177.724151][ T6549]  ? __pfx_vfs_write+0x10/0x10
[  177.724180][ T6549]  ? __fget_files+0x2a/0x420
[  177.724214][ T6549]  ksys_write+0x14b/0x260
[  177.724237][ T6549]  ? __pfx_ksys_write+0x10/0x10
[  177.724263][ T6549]  ? do_syscall_64+0xbe/0xfa0
[  177.724290][ T6549]  do_syscall_64+0xfa/0xfa0
[  177.724311][ T6549]  ? lockdep_hardirqs_on+0x9c/0x150
[  177.724334][ T6549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.724352][ T6549]  ? clear_bhb_loop+0x60/0xb0
[  177.724374][ T6549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  177.724391][ T6549] RIP: 0033:0x7f93dffeda7f
[  177.724408][ T6549] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  177.724423][ T6549] RSP: 002b:00007f93de24e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  177.724443][ T6549] RAX: ffffffffffffffda RBX: 00007f93e0245fa0 RCX: 00007f93dffeda7f
[  177.724457][ T6549] RDX: 000000000000004e RSI: 0000200000001600 RDI: 00000000000000c8
[  177.724468][ T6549] RBP: 00007f93de24e090 R08: 0000000000000000 R09: 0000000000000000
[  177.724480][ T6549] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  177.724491][ T6549] R13: 00007f93e0246038 R14: 00007f93e0245fa0 R15: 00007ffd1063f938
[  177.724523][ T6549]  </TASK>
[  178.502456][ T1825] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  178.624232][ T5872] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  178.744174][ T1825] usb 4-1: config index 0 descriptor too short (expected 72, got 10)
[  178.744204][ T1825] usb 4-1: config 1 descriptor has 1 excess byte, ignoring
[  178.744223][ T1825] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  178.776237][ T5872] usb 5-1: device descriptor read/64, error -71
[  179.091971][ T5872] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  179.280164][ T5872] usb 5-1: device descriptor read/64, error -71
[  180.051280][ T5872] usb usb5-port1: attempt power cycle
[  180.451163][ T5872] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  180.471312][ T5872] usb 5-1: device descriptor read/8, error -71
[  181.835216][ T1825] usb 4-1: string descriptor 0 read error: -71
[  181.835380][ T1825] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  181.835404][ T1825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.720790][ T1825] usb 4-1: can't set config #1, error -71
[  182.831095][ T1825] usb 4-1: USB disconnect, device number 6
[  182.912233][ T6595] fuse: Bad value for 'fd'
[  183.128733][ T6601] input: syz1 as /devices/virtual/input/input14
[  187.009923][ T6649] FAULT_INJECTION: forcing a failure.
[  187.009923][ T6649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.009972][ T6649] CPU: 0 UID: 0 PID: 6649 Comm: syz.4.235 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  187.009993][ T6649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  187.010004][ T6649] Call Trace:
[  187.010012][ T6649]  <TASK>
[  187.010021][ T6649]  dump_stack_lvl+0x189/0x250
[  187.010063][ T6649]  ? __pfx____ratelimit+0x10/0x10
[  187.010086][ T6649]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.010113][ T6649]  ? __pfx__printk+0x10/0x10
[  187.010135][ T6649]  ? __might_fault+0xb0/0x130
[  187.010172][ T6649]  should_fail_ex+0x46c/0x600
[  187.010203][ T6649]  _copy_from_user+0x2d/0xb0
[  187.010225][ T6649]  kstrtouint_from_user+0xc4/0x170
[  187.010254][ T6649]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  187.010298][ T6649]  proc_fail_nth_write+0x88/0x200
[  187.010319][ T6649]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  187.010346][ T6649]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  187.010368][ T6649]  vfs_write+0x287/0xb40
[  187.010401][ T6649]  ? __pfx_vfs_write+0x10/0x10
[  187.010420][ T6649]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  187.010450][ T6649]  ? mutex_lock_nested+0x154/0x1d0
[  187.010468][ T6649]  ? fdget_pos+0x253/0x320
[  187.010501][ T6649]  ksys_write+0x14b/0x260
[  187.010519][ T6649]  ? __fget_files+0x2a/0x420
[  187.010541][ T6649]  ? __pfx_ksys_write+0x10/0x10
[  187.010567][ T6649]  ? do_syscall_64+0xbe/0xfa0
[  187.010594][ T6649]  do_syscall_64+0xfa/0xfa0
[  187.010616][ T6649]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.010639][ T6649]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.010658][ T6649]  ? clear_bhb_loop+0x60/0xb0
[  187.010681][ T6649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.010699][ T6649] RIP: 0033:0x7f93dffeda7f
[  187.010717][ T6649] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  187.010732][ T6649] RSP: 002b:00007f93de22d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  187.010758][ T6649] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93dffeda7f
[  187.010772][ T6649] RDX: 0000000000000001 RSI: 00007f93de22d0a0 RDI: 0000000000000003
[  187.010782][ T6649] RBP: 00007f93de22d090 R08: 0000000000000000 R09: 0000000000000000
[  187.010793][ T6649] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  187.010804][ T6649] R13: 00007f93e0246128 R14: 00007f93e0246090 R15: 00007ffd1063f938
[  187.010838][ T6649]  </TASK>
[  188.842623][ T6670] input: syz1 as /devices/virtual/input/input15
[  189.004810][ T1825] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  190.176266][ T1825] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  190.176302][ T1825] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.176322][ T1825] usb 3-1: Product: syz
[  190.176334][ T1825] usb 3-1: Manufacturer: syz
[  190.176346][ T1825] usb 3-1: SerialNumber: syz
[  190.277102][ T1825] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  190.441598][    T9] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  191.977854][ T5888] usb 3-1: USB disconnect, device number 9
[  192.055780][ T6699] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  192.244229][ T6705] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  192.246302][ T6705] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  192.247533][ T6705] vhci_hcd vhci_hcd.0: Device attached
[  192.575710][ T5789] usb 33-1: new low-speed USB device number 3 using vhci_hcd
[  192.734391][ T6706] vhci_hcd: connection reset by peer
[  192.735021][ T6498] vhci_hcd: stop threads
[  192.735040][ T6498] vhci_hcd: release socket
[  192.738800][ T6498] vhci_hcd: disconnect device
[  192.800581][    T9] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  192.801328][    T9] ath9k_htc: Failed to initialize the device
[  192.922801][ T5888] usb 3-1: ath9k_htc: USB layer deinitialized
[  194.846741][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  194.846811][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  195.167943][ T6732] FAULT_INJECTION: forcing a failure.
[  195.167943][ T6732] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.167976][ T6732] CPU: 0 UID: 0 PID: 6732 Comm: syz.3.265 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  195.168006][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  195.168017][ T6732] Call Trace:
[  195.168024][ T6732]  <TASK>
[  195.168033][ T6732]  dump_stack_lvl+0x189/0x250
[  195.168064][ T6732]  ? __pfx____ratelimit+0x10/0x10
[  195.168088][ T6732]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.168113][ T6732]  ? __pfx__printk+0x10/0x10
[  195.168136][ T6732]  ? __might_fault+0xb0/0x130
[  195.168168][ T6732]  should_fail_ex+0x46c/0x600
[  195.168197][ T6732]  _copy_from_user+0x2d/0xb0
[  195.168219][ T6732]  ____sys_sendmsg+0x2fa/0x820
[  195.168246][ T6732]  ? __pfx_____sys_sendmsg+0x10/0x10
[  195.168278][ T6732]  ? import_iovec+0x74/0xa0
[  195.168301][ T6732]  ___sys_sendmsg+0x21f/0x2a0
[  195.168325][ T6732]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.168384][ T6732]  ? __fget_files+0x2a/0x420
[  195.168408][ T6732]  ? __fget_files+0x3a6/0x420
[  195.168438][ T6732]  __sys_sendmmsg+0x22d/0x430
[  195.168471][ T6732]  ? __pfx___sys_sendmmsg+0x10/0x10
[  195.168502][ T6732]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  195.168550][ T6732]  ? ksys_write+0x230/0x260
[  195.168574][ T6732]  ? __pfx_ksys_write+0x10/0x10
[  195.168600][ T6732]  __x64_sys_sendmmsg+0xa0/0xc0
[  195.168623][ T6732]  do_syscall_64+0xfa/0xfa0
[  195.168644][ T6732]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.168666][ T6732]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.168685][ T6732]  ? clear_bhb_loop+0x60/0xb0
[  195.168708][ T6732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.168725][ T6732] RIP: 0033:0x7fba4011efc9
[  195.168742][ T6732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.168757][ T6732] RSP: 002b:00007fba3e37e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  195.168777][ T6732] RAX: ffffffffffffffda RBX: 00007fba40375fa0 RCX: 00007fba4011efc9
[  195.168791][ T6732] RDX: 0000000000000001 RSI: 0000200000001fc0 RDI: 0000000000000003
[  195.168802][ T6732] RBP: 00007fba3e37e090 R08: 0000000000000000 R09: 0000000000000000
[  195.168813][ T6732] R10: 0000000004000045 R11: 0000000000000246 R12: 0000000000000001
[  195.168825][ T6732] R13: 00007fba40376038 R14: 00007fba40375fa0 R15: 00007fffda32c828
[  195.168857][ T6732]  </TASK>
[  197.913122][ T6773] tipc: Started in network mode
[  197.913144][ T6773] tipc: Node identity 1, cluster identity 7
[  197.913154][ T6773] tipc: Node number set to 1
[  197.914285][ T6773] tipc: Cannot configure node identity twice
[  198.080734][ T5789] vhci_hcd: vhci_device speed not set
[  198.380187][ T6780] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  198.526576][ T6789] fuse: Unknown parameter ''
[  198.629398][ T6786] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  198.629444][ T6786] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  198.792346][ T6786] vhci_hcd vhci_hcd.0: Device attached
[  198.826974][ T6791] vhci_hcd: connection closed
[  198.829617][ T1149] vhci_hcd: stop threads
[  198.829646][ T1149] vhci_hcd: release socket
[  198.829681][ T1149] vhci_hcd: disconnect device
[  198.867933][ T6796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.286'.
[  199.012147][   T31] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  199.274642][   T31] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  199.274674][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.295930][   T31] usb 4-1: config 0 descriptor??
[  199.308190][   T31] gspca_main: cpia1-2.14.0 probing 0813:0001
[  199.706150][   T31] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  200.876166][ T6816] netlink: 16 bytes leftover after parsing attributes in process `syz.4.296'.
[  200.876190][ T6816] netlink: 16 bytes leftover after parsing attributes in process `syz.4.296'.
[  201.920081][   T31] gspca_cpia1: usb_control_msg 02, error -110
[  201.920606][   T31] gspca_cpia1: usb_control_msg 05, error -32
[  201.921002][   T31] gspca_cpia1: usb_control_msg 05, error -32
[  201.921419][   T31] gspca_cpia1: usb_control_msg 05, error -32
[  201.921809][   T31] gspca_cpia1: usb_control_msg 05, error -32
[  201.921822][   T31] cpia1 4-1:0.0: unexpected systemstate: 00
[  202.964383][   T31] usb 4-1: USB disconnect, device number 7
[  203.249852][ T6849] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  203.498133][ T6852] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  203.498220][ T6852] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  203.498624][ T6852] vhci_hcd vhci_hcd.0: Device attached
[  203.971027][   T31] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  204.109345][ T6859] vhci_hcd: connection reset by peer
[  204.212879][ T6117] vhci_hcd: stop threads
[  204.212935][ T6117] vhci_hcd: release socket
[  204.213154][ T6117] vhci_hcd: disconnect device
[  204.724207][ T6876] fuse: Unknown parameter ''
[  204.871812][ T6883] afs: Unknown parameter 'd}.'
[  204.960616][ T5872] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  205.114392][ T5872] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  205.114426][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.140631][ T5888] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  205.144442][ T5872] usb 3-1: config 0 descriptor??
[  205.177920][ T5872] gspca_main: cpia1-2.14.0 probing 0813:0001
[  205.290642][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  205.293584][ T5888] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  205.293644][ T5888] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  205.293671][ T5888] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  205.293699][ T5888] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  205.296711][ T5888] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  205.296741][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.296763][ T5888] usb 4-1: Product: syz
[  205.296778][ T5888] usb 4-1: Manufacturer: syz
[  205.296793][ T5888] usb 4-1: SerialNumber: syz
[  205.346944][    C1] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  205.373763][ T5888] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input16
[  205.530647][ T5888] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  205.530669][ T5888]  (id 0x00)
[  205.553261][ T5872] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  205.700663][ T5888] rc_core: IR keymap rc-imon-pad not found
[  205.700684][ T5888] Registered IR keymap rc-empty
[  205.700786][ T5888] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  205.700805][ T5888] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  205.737337][ T5888] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0
[  205.748591][ T5888] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input17
[  205.845058][ T5888] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:8> initialized
[  206.167833][  T986] usb 4-1: USB disconnect, device number 8
[  206.365194][ T6911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  206.813369][ T5872] gspca_cpia1: usb_control_msg 02, error -110
[  206.814338][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  206.846525][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  206.858505][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  206.893140][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  206.893209][ T5872] cpia1 3-1:0.0: unexpected systemstate: 00
[  207.574162][ T6914] vhci_hcd vhci_hcd.0: failed to lookup sock
[  207.959052][ T5872] usb 3-1: USB disconnect, device number 10
[  208.920802][ T6922] input: syz1 as /devices/virtual/input/input18
[  209.310773][   T31] vhci_hcd: vhci_device speed not set
[  209.333907][ T6928] afs: Unknown parameter 'd}.'
[  209.593542][ T5789] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  209.750672][ T5789] usb 5-1: Using ep0 maxpacket: 32
[  209.753066][ T5789] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  209.753123][ T5789] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  209.753149][ T5789] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  209.753176][ T5789] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  209.756543][ T5789] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  209.756571][ T5789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.756590][ T5789] usb 5-1: Product: syz
[  209.756604][ T5789] usb 5-1: Manufacturer: syz
[  209.756618][ T5789] usb 5-1: SerialNumber: syz
[  209.946524][    C1] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  209.962648][ T5789] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/input/input19
[  210.173278][ T5789] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  210.173299][ T5789]  (id 0x00)
[  210.230688][ T5872] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  210.391860][ T5872] usb 1-1: Using ep0 maxpacket: 8
[  210.392604][ T5789] rc_core: IR keymap rc-imon-pad not found
[  210.392620][ T5789] Registered IR keymap rc-empty
[  210.392701][ T5789] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  210.392718][ T5789] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  210.395557][ T5872] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  210.395585][ T5872] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  210.395608][ T5872] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  210.395632][ T5872] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  210.395675][ T5872] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  210.395697][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.531482][ T5789] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/rc/rc0
[  210.553330][ T5789] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/rc/rc0/input20
[  210.563948][ T6955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  210.601099][ T5789] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:9> initialized
[  210.639659][ T5789] usb 5-1: USB disconnect, device number 9
[  210.752717][ T5872] usb 1-1: GET_CAPABILITIES returned 0
[  210.752774][ T5872] usbtmc 1-1:16.0: can't read capabilities
[  211.180725][ T5888] usb 1-1: USB disconnect, device number 4
[  211.227902][ T6957] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  211.228040][ T6957] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  211.232320][ T6965] fuse: Unknown parameter ''
[  211.267495][ T6957] vhci_hcd vhci_hcd.0: Device attached
[  211.270045][ T6961] vhci_hcd: connection closed
[  211.281310][ T1179] vhci_hcd: stop threads
[  211.281330][ T1179] vhci_hcd: release socket
[  211.281363][ T1179] vhci_hcd: disconnect device
[  211.550679][  T986] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  211.704362][  T986] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  211.704401][  T986] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.711716][  T986] usb 3-1: config 0 descriptor??
[  211.734004][  T986] gspca_main: cpia1-2.14.0 probing 0813:0001
[  211.930876][ T6945] Bluetooth: hci2: command 0x0406 tx timeout
[  211.931009][ T6945] Bluetooth: hci0: command 0x0406 tx timeout
[  211.931035][ T6945] Bluetooth: hci4: command 0x0406 tx timeout
[  211.931059][ T6945] Bluetooth: hci3: command 0x0406 tx timeout
[  211.931084][ T6945] Bluetooth: hci1: command 0x0406 tx timeout
[  212.117786][  T986] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  212.415729][ T6994] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  212.516079][ T6991] afs: Unknown parameter 'd}.'
[  212.767737][ T5872] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  212.910657][ T5872] usb 5-1: Using ep0 maxpacket: 32
[  212.913142][ T5872] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  212.913199][ T5872] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  212.913228][ T5872] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  212.913254][ T5872] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  212.921647][ T5872] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  212.921677][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.921696][ T5872] usb 5-1: Product: syz
[  212.921710][ T5872] usb 5-1: Manufacturer: syz
[  212.921724][ T5872] usb 5-1: SerialNumber: syz
[  212.959367][    C0] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  213.055195][ T5872] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/input/input21
[  213.345181][ T5872] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  213.345202][ T5872]  (id 0x00)
[  213.365853][  T986] gspca_cpia1: usb_control_msg 02, error -110
[  213.366274][  T986] gspca_cpia1: usb_control_msg 05, error -32
[  213.366671][  T986] gspca_cpia1: usb_control_msg 05, error -32
[  213.367071][  T986] gspca_cpia1: usb_control_msg 05, error -32
[  213.367452][  T986] gspca_cpia1: usb_control_msg 05, error -32
[  213.367466][  T986] cpia1 3-1:0.0: unexpected systemstate: 00
[  214.450722][ T5872] rc_core: IR keymap rc-imon-pad not found
[  214.450743][ T5872] Registered IR keymap rc-empty
[  214.450822][ T5872] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  214.450841][ T5872] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  214.743935][ T5872] imon:send_packet: packet tx failed (-71)
[  214.763805][ T5872] imon 5-1:155.0: remote input dev register failed
[  214.763969][ T5872] imon 5-1:155.0: imon_init_intf0: rc device setup failed
[  214.771862][ T5888] usb 3-1: USB disconnect, device number 11
[  215.490780][ T5872] imon 5-1:155.0: unable to initialize intf0, err 0
[  215.490804][ T5872] imon:imon_probe: failed to initialize context!
[  215.490817][ T5872] imon 5-1:155.0: unable to register, err -19
[  215.513161][ T5872] usb 5-1: USB disconnect, device number 10
[  215.651609][ T7042] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  216.053433][ T7042] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  216.053455][ T7042] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  216.053539][ T7042] vhci_hcd vhci_hcd.0: Device attached
[  216.056446][ T7055] vhci_hcd: connection closed
[  216.057011][   T59] vhci_hcd: stop threads
[  216.057029][   T59] vhci_hcd: release socket
[  216.057061][   T59] vhci_hcd: disconnect device
[  217.130614][ T5872] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  217.286400][ T5872] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.286462][ T5872] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  217.286487][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.330007][ T5872] usb 5-1: config 0 descriptor??
[  217.350883][ T5872] pwc: Askey VC010 type 2 USB webcam detected.
[  217.554673][ T7065] afs: Unknown parameter 'd}.'
[  217.750657][ T5872] pwc: recv_control_msg error -32 req 02 val 2b00
[  217.756310][ T5872] pwc: recv_control_msg error -32 req 02 val 2700
[  217.758526][ T5872] pwc: recv_control_msg error -32 req 02 val 2c00
[  217.759434][ T5872] pwc: recv_control_msg error -32 req 04 val 1000
[  217.763157][ T5872] pwc: recv_control_msg error -32 req 04 val 1300
[  217.765151][ T5872] pwc: recv_control_msg error -32 req 04 val 1400
[  217.769187][ T5872] pwc: recv_control_msg error -32 req 02 val 2000
[  217.810692][ T5789] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  218.370688][ T5789] usb 3-1: Using ep0 maxpacket: 32
[  218.378798][ T5789] usb 3-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  218.378856][ T5789] usb 3-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  218.378885][ T5789] usb 3-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  218.378912][ T5789] usb 3-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  218.385509][ T5789] usb 3-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  218.385541][ T5789] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.385562][ T5789] usb 3-1: Product: syz
[  218.385575][ T5789] usb 3-1: Manufacturer: syz
[  218.385589][ T5789] usb 3-1: SerialNumber: syz
[  218.409937][    C1] imon 3-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  218.458053][ T5789] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/input/input23
[  218.678333][ T5789] imon 3-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  218.678356][ T5789]  (id 0x00)
[  218.860628][ T5789] rc_core: IR keymap rc-imon-pad not found
[  218.860649][ T5789] Registered IR keymap rc-empty
[  218.860729][ T5789] imon 3-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  218.860748][ T5789] imon 3-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  218.904894][ T5789] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0
[  218.927419][ T5789] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:155.0/rc/rc0/input24
[  218.982140][ T5789] imon 3-1:155.0: iMON device (15c2:ffdc, intf0) on usb<3:12> initialized
[  220.045385][ T5789] usb 3-1: USB disconnect, device number 12
[  220.228721][ T7104] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  220.671299][ T5872] pwc: recv_control_msg error -71 req 02 val 2100
[  220.673608][ T5872] pwc: recv_control_msg error -71 req 04 val 1500
[  220.674206][ T5872] pwc: recv_control_msg error -71 req 02 val 2500
[  220.676567][ T5872] pwc: recv_control_msg error -71 req 02 val 2400
[  220.680031][ T5872] pwc: recv_control_msg error -71 req 02 val 2600
[  220.681597][ T5872] pwc: recv_control_msg error -71 req 02 val 2900
[  220.682808][ T5872] pwc: recv_control_msg error -71 req 02 val 2800
[  220.683545][ T5872] pwc: recv_control_msg error -71 req 04 val 1100
[  220.684130][ T5872] pwc: recv_control_msg error -71 req 04 val 1200
[  220.712092][ T5872] pwc: Registered as video103.
[  220.762320][ T5872] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input25
[  220.801801][ T5872] usb 5-1: USB disconnect, device number 11
[  220.938767][ T7105] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  220.938792][ T7105] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  220.962956][ T7105] vhci_hcd vhci_hcd.0: Device attached
[  221.215424][ T7111] vhci_hcd: connection closed
[  221.263436][ T1560] vhci_hcd: stop threads
[  221.263471][ T1560] vhci_hcd: release socket
[  221.263507][ T1560] vhci_hcd: disconnect device
[  222.161033][ T7139] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  224.767001][ T7176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.424'.
[  225.890657][   T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  226.043381][   T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  226.043416][   T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.043439][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  226.043471][   T10] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  226.043493][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.067162][   T10] usb 1-1: config 0 descriptor??
[  226.892249][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  226.892381][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  226.971690][   T10] usb 1-1: USB disconnect, device number 5
[  228.912968][ T7255] netlink: 24 bytes leftover after parsing attributes in process `syz.4.452'.
[  231.810923][ T7296] block nbd2: shutting down sockets
[  232.019752][ T7313] fuse: Unknown parameter ''
[  232.271588][ T5872] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  232.443273][ T5872] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  232.443305][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.456446][ T5872] usb 4-1: config 0 descriptor??
[  232.493141][ T5872] gspca_main: cpia1-2.14.0 probing 0813:0001
[  232.712877][    C0] vkms_vblank_simulate: vblank timer overrun
[  232.793646][    C0] vkms_vblank_simulate: vblank timer overrun
[  233.046818][    C0] vkms_vblank_simulate: vblank timer overrun
[  233.528610][    C0] vkms_vblank_simulate: vblank timer overrun
[  233.857621][    C0] vkms_vblank_simulate: vblank timer overrun
[  234.028428][ T5872] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  234.967838][    C0] vkms_vblank_simulate: vblank timer overrun
[  235.412832][ T5789] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  235.621106][ T5789] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  235.621138][ T5789] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  235.621181][ T5789] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  235.621203][ T5789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.934640][ T5789] usb 3-1: usb_control_msg returned -32
[  235.934695][ T5789] usbtmc 3-1:16.0: can't read capabilities
[  236.010595][ T5872] gspca_cpia1: usb_control_msg 02, error -110
[  236.014078][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  236.015682][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  236.042964][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  236.051875][ T5872] gspca_cpia1: usb_control_msg 05, error -32
[  236.051894][ T5872] cpia1 4-1:0.0: unexpected systemstate: 00
[  237.038141][ T5789] usb 3-1: USB disconnect, device number 13
[  237.047694][ T5872] usb 4-1: USB disconnect, device number 9
[  237.486035][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.486081][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.486107][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.486140][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487711][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487741][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487765][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487789][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487813][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487838][ T5789] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0
[  237.487938][ T5789] hid-generic 0003:0004:0000.0002: item fetching failed at offset 17/18
[  237.489947][ T5789] hid-generic 0003:0004:0000.0002: probe with driver hid-generic failed with error -22
[  237.538944][ T7388] netlink: 16 bytes leftover after parsing attributes in process `syz.0.505'.
[  237.538971][ T7388] netlink: 16 bytes leftover after parsing attributes in process `syz.0.505'.
[  237.800678][ T5789] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  237.953096][ T5789] usb 2-1: Using ep0 maxpacket: 16
[  237.958794][ T5789] usb 2-1: unable to get BOS descriptor or descriptor too short
[  238.947073][ T5789] usb 2-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  238.947107][ T5789] usb 2-1: config 1 interface 0 has no altsetting 0
[  238.958807][   T37] audit: type=1326 audit(1762015388.921:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7395 comm="syz.2.508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd2b175efc9 code=0x0
[  239.007357][ T5789] usb 2-1: New USB device found, idVendor=0eef, idProduct=720c, bcdDevice= 0.40
[  239.007389][ T5789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.007409][ T5789] usb 2-1: Product: syz
[  239.007424][ T5789] usb 2-1: Manufacturer: К
[  239.007437][ T5789] usb 2-1: SerialNumber: syz
[  239.106172][ T7400] netlink: 88 bytes leftover after parsing attributes in process `syz.2.508'.
[  239.437957][ T5789] usbhid 2-1:1.0: can't add hid device: -22
[  239.438098][ T5789] usbhid 2-1:1.0: probe with driver usbhid failed with error -22
[  239.449050][ T5789] usb 2-1: USB disconnect, device number 4
[  239.976104][ T7412] fuse: Unknown parameter ''
[  240.236213][ T5872] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  240.501583][ T5872] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  240.501615][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.523239][ T5872] usb 5-1: config 0 descriptor??
[  240.579720][ T5872] gspca_main: cpia1-2.14.0 probing 0813:0001
[  240.631000][   T44] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  240.834448][   T44] usb 3-1: Using ep0 maxpacket: 32
[  240.971164][ T5872] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  242.001183][ T5872] gspca_cpia1: usb_control_msg 01, error -110
[  242.001205][ T5872] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  242.109815][   T44] usb 3-1: too many configurations: 51, using maximum allowed: 8
[  242.131757][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.131785][   T44] usb 3-1: config 0 has no interface number 0
[  242.133486][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.133518][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.194083][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.194111][   T44] usb 3-1: config 0 has no interface number 0
[  242.194166][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.194192][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.313195][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.313223][   T44] usb 3-1: config 0 has no interface number 0
[  242.313271][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.313298][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.377065][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.377093][   T44] usb 3-1: config 0 has no interface number 0
[  242.377144][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.377168][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.438822][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.438852][   T44] usb 3-1: config 0 has no interface number 0
[  242.438908][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.438935][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.501939][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.502045][   T44] usb 3-1: config 0 has no interface number 0
[  242.502217][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.502245][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.619899][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.621824][   T44] usb 3-1: config 0 has no interface number 0
[  242.622080][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.622907][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.680329][   T44] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  242.680347][   T44] usb 3-1: config 0 has no interface number 0
[  242.680376][   T44] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 768
[  242.680398][   T44] usb 3-1: config 0 interface 12 has no altsetting 0
[  242.775131][   T44] usb 3-1: New USB device found, idVendor=2c42, idProduct=83ba, bcdDevice=92.f4
[  242.775164][   T44] usb 3-1: New USB device strings: Mfr=106, Product=88, SerialNumber=213
[  242.775185][   T44] usb 3-1: Product: syz
[  242.775199][   T44] usb 3-1: Manufacturer: syz
[  242.775214][   T44] usb 3-1: SerialNumber: syz
[  242.823078][   T44] usb 3-1: config 0 descriptor??
[  242.825087][ T7422] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  246.965071][   T44] usb 3-1: USB disconnect, device number 14
[  246.984154][  T986] usb 5-1: USB disconnect, device number 12
[  250.969750][    C0] vkms_vblank_simulate: vblank timer overrun
[  252.057350][    C0] vkms_vblank_simulate: vblank timer overrun
[  252.880661][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.001403][    C0] vkms_vblank_simulate: vblank timer overrun
[  253.952307][    C0] vkms_vblank_simulate: vblank timer overrun
[  255.932825][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  255.932900][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  256.124348][    C0] vkms_vblank_simulate: vblank timer overrun
[  256.998078][    C0] vkms_vblank_simulate: vblank timer overrun
[  257.316418][    C0] vkms_vblank_simulate: vblank timer overrun
[  257.626795][ T7568] netlink: 16 bytes leftover after parsing attributes in process `syz.3.569'.
[  257.626813][ T7568] netlink: 16 bytes leftover after parsing attributes in process `syz.3.569'.
[  261.460693][  T986] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  262.415816][  T986] usb 4-1: config 0 has an invalid descriptor of length 153, skipping remainder of the config
[  262.415878][  T986] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  262.445425][  T986] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  262.445455][  T986] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.445475][  T986] usb 4-1: Product: syz
[  262.445489][  T986] usb 4-1: Manufacturer: syz
[  262.445503][  T986] usb 4-1: SerialNumber: syz
[  262.504767][  T986] usb 4-1: config 0 descriptor??
[  262.661365][  T986] streamzap 4-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  262.864101][ T7631] FAULT_INJECTION: forcing a failure.
[  262.864101][ T7631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.864133][ T7631] CPU: 1 UID: 0 PID: 7631 Comm: syz.1.593 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  262.864154][ T7631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  262.864164][ T7631] Call Trace:
[  262.864172][ T7631]  <TASK>
[  262.864180][ T7631]  dump_stack_lvl+0x189/0x250
[  262.864211][ T7631]  ? __pfx____ratelimit+0x10/0x10
[  262.864234][ T7631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.864258][ T7631]  ? __pfx__printk+0x10/0x10
[  262.864280][ T7631]  ? __might_fault+0xb0/0x130
[  262.864319][ T7631]  should_fail_ex+0x46c/0x600
[  262.864348][ T7631]  _copy_from_user+0x2d/0xb0
[  262.864369][ T7631]  ___sys_sendmsg+0x158/0x2a0
[  262.864394][ T7631]  ? __pfx____sys_sendmsg+0x10/0x10
[  262.864457][ T7631]  ? __fget_files+0x2a/0x420
[  262.864479][ T7631]  ? __fget_files+0x3a6/0x420
[  262.864512][ T7631]  __x64_sys_sendmsg+0x1a1/0x260
[  262.864537][ T7631]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  262.864571][ T7631]  ? __pfx_ksys_write+0x10/0x10
[  262.864598][ T7631]  ? do_syscall_64+0xbe/0xfa0
[  262.864624][    T9] usb 4-1: USB disconnect, device number 10
[  262.864622][ T7631]  do_syscall_64+0xfa/0xfa0
[  262.864644][ T7631]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.864664][ T7631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.864680][ T7631]  ? clear_bhb_loop+0x60/0xb0
[  262.864701][ T7631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.864718][ T7631] RIP: 0033:0x7ff417a0efc9
[  262.864734][ T7631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.864749][ T7631] RSP: 002b:00007ff415c55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  262.864768][ T7631] RAX: ffffffffffffffda RBX: 00007ff417c66090 RCX: 00007ff417a0efc9
[  262.864782][ T7631] RDX: 000000002400c880 RSI: 00002000000002c0 RDI: 0000000000000007
[  262.864794][ T7631] RBP: 00007ff415c55090 R08: 0000000000000000 R09: 0000000000000000
[  262.864805][ T7631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.864817][ T7631] R13: 00007ff417c66128 R14: 00007ff417c66090 R15: 00007ffde2737658
[  262.864848][ T7631]  </TASK>
[  263.143597][ T7634] input: syz0 as /devices/virtual/input/input26
[  264.440834][ T7653] netlink: 16 bytes leftover after parsing attributes in process `syz.2.603'.
[  264.445095][ T7653] netlink: 16 bytes leftover after parsing attributes in process `syz.2.603'.
[  264.761168][ T7657] ksmbd: Unknown IPC event: 10, ignore.
[  264.982605][ T7663] FAULT_INJECTION: forcing a failure.
[  264.982605][ T7663] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.982640][ T7663] CPU: 0 UID: 0 PID: 7663 Comm: syz.3.600 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  264.982662][ T7663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  264.982673][ T7663] Call Trace:
[  264.982680][ T7663]  <TASK>
[  264.982689][ T7663]  dump_stack_lvl+0x189/0x250
[  264.982720][ T7663]  ? __pfx____ratelimit+0x10/0x10
[  264.982745][ T7663]  ? __pfx_dump_stack_lvl+0x10/0x10
[  264.982770][ T7663]  ? __pfx__printk+0x10/0x10
[  264.982809][ T7663]  should_fail_ex+0x46c/0x600
[  264.982839][ T7663]  _copy_to_user+0x31/0xb0
[  264.982862][ T7663]  simple_read_from_buffer+0xe1/0x170
[  264.982892][ T7663]  proc_fail_nth_read+0x1b6/0x220
[  264.982917][ T7663]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.982941][ T7663]  ? rw_verify_area+0x2ac/0x4e0
[  264.982963][ T7663]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  264.982984][ T7663]  vfs_read+0x206/0xa30
[  264.983016][ T7663]  ? __pfx_vfs_read+0x10/0x10
[  264.983034][ T7663]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  264.983065][ T7663]  ? mutex_lock_nested+0x154/0x1d0
[  264.983082][ T7663]  ? fdget_pos+0x253/0x320
[  264.983116][ T7663]  ksys_read+0x14b/0x260
[  264.983141][ T7663]  ? __pfx_ksys_read+0x10/0x10
[  264.983166][ T7663]  ? do_syscall_64+0xbe/0xfa0
[  264.983194][ T7663]  do_syscall_64+0xfa/0xfa0
[  264.983215][ T7663]  ? lockdep_hardirqs_on+0x9c/0x150
[  264.983238][ T7663]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.983256][ T7663]  ? clear_bhb_loop+0x60/0xb0
[  264.983279][ T7663]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.983297][ T7663] RIP: 0033:0x7fba4011d9dc
[  264.983314][ T7663] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  264.983329][ T7663] RSP: 002b:00007fba3e37e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  264.983350][ T7663] RAX: ffffffffffffffda RBX: 00007fba40375fa0 RCX: 00007fba4011d9dc
[  264.983363][ T7663] RDX: 000000000000000f RSI: 00007fba3e37e0a0 RDI: 0000000000000007
[  264.983375][ T7663] RBP: 00007fba3e37e090 R08: 0000000000000000 R09: 0000000000000000
[  264.983387][ T7663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.983398][ T7663] R13: 00007fba40376038 R14: 00007fba40375fa0 R15: 00007fffda32c828
[  264.983431][ T7663]  </TASK>
[  265.068388][ T7653] autofs: Unknown parameter 'P'
[  265.170705][   T44] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  265.367425][   T44] usb 1-1: unable to get BOS descriptor or descriptor too short
[  265.377069][   T44] usb 1-1: not running at top speed; connect to a high speed hub
[  265.447669][   T44] usb 1-1: config 1 interface 0 altsetting 14 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  265.447705][   T44] usb 1-1: config 1 interface 0 has no altsetting 0
[  265.497985][   T44] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  265.498016][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.498037][   T44] usb 1-1: Product: syz
[  265.498052][   T44] usb 1-1: Manufacturer: syz
[  265.498066][   T44] usb 1-1: SerialNumber: syz
[  265.612944][ T7657] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  265.881182][   T44] usb 1-1: USB disconnect, device number 6
[  266.677915][ T7688] input: syz0 as /devices/virtual/input/input27
[  267.360925][ T5812] Bluetooth: hci0: command 0x0406 tx timeout
[  267.361276][    T9] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  267.361307][    T9] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  268.500690][ T5789] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  268.683188][ T5789] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  268.683220][ T5789] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  268.683239][ T5789] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  268.683294][ T5789] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  268.683321][ T5789] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  268.685595][ T5789] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  268.685624][ T5789] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  268.685644][ T5789] usb 3-1: Product: syz
[  268.685658][ T5789] usb 3-1: Manufacturer: syz
[  268.709839][ T5789] cdc_wdm 3-1:1.0: skipping garbage
[  268.709859][ T5789] cdc_wdm 3-1:1.0: skipping garbage
[  268.719770][ T5789] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  268.719804][ T5789] cdc_wdm 3-1:1.0: Unknown control protocol
[  269.500614][ T5872] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  269.650720][ T5872] usb 4-1: Using ep0 maxpacket: 16
[  269.654700][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.654746][ T5872] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00
[  269.654779][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.712376][ T5872] usb 4-1: config 0 descriptor??
[  269.732089][ T5872] xbox_remote_probe: Unexpected endpoint_in
[  269.733297][ T5872] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  269.921543][ T5812] Bluetooth: hci1: command 0x0406 tx timeout
[  269.922461][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  269.922480][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  270.663848][ T7766] input: syz1 as /devices/virtual/input/input28
[  271.145992][ T5885] usb 3-1: USB disconnect, device number 15
[  271.374965][ T5789] usb 4-1: USB disconnect, device number 11
[  271.959693][ T7791] input: syz0 as /devices/virtual/input/input29
[  272.083001][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  272.083145][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  272.083162][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  274.320813][ T5812] Bluetooth: hci3: command 0x0406 tx timeout
[  274.399012][    T9] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  274.399077][    T9] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  275.490189][ T7835] pimreg: entered allmulticast mode
[  276.091370][ T7851] input: syz0 as /devices/virtual/input/input30
[  276.670626][ T5885] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  276.820639][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  276.822906][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  276.859365][ T5885] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  276.859398][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  276.859419][ T5885] usb 5-1: Product: syz
[  276.859434][ T5885] usb 5-1: Manufacturer: syz
[  276.859449][ T5885] usb 5-1: SerialNumber: syz
[  276.880570][    T9] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  276.880596][    T9] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  276.880709][    C1] ------------[ cut here ]------------
[  276.880717][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci4
[  276.880804][    C1] WARNING: CPU: 1 PID: 29 at kernel/workqueue.c:2258 __queue_work+0x2e5/0x1010
[  276.880830][    C1] Modules linked in:
[  276.880845][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.880863][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  276.880872][    C1] RIP: 0010:__queue_work+0x2e5/0x1010
[  276.880892][    C1] Code: 42 80 3c 28 00 74 08 48 89 ef e8 d6 a3 96 00 48 8b 75 00 49 81 c6 68 01 00 00 48 c7 c7 20 f4 e9 8a 4c 89 f2 e8 2c 31 f9 ff 90 <0f> 0b 90 90 e9 f2 fe ff ff e8 fd eb 34 00 eb 2e e8 f6 eb 34 00 e9
[  276.880905][    C1] RSP: 0018:ffffc90000a3f808 EFLAGS: 00010046
[  276.880920][    C1] RAX: 61c11d1465647c00 RBX: 0000000000000000 RCX: ffff88801bac1e00
[  276.880935][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  276.880946][    C1] RBP: ffff88805a3f89a0 R08: 0000000000000000 R09: 0000000000000100
[  276.880959][    C1] R10: dffffc0000000000 R11: ffffed101712487b R12: dffffc0000000000
[  276.880973][    C1] R13: dffffc0000000000 R14: ffff888035904968 R15: ffff88801bac294c
[  276.880986][    C1] FS:  0000000000000000(0000) GS:ffff888126ef9000(0000) knlGS:0000000000000000
[  276.881000][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  276.881013][    C1] CR2: 00007fddbb97b7e8 CR3: 000000003ecfe000 CR4: 00000000003526f0
[  276.881030][    C1] Call Trace:
[  276.881038][    C1]  <TASK>
[  276.881064][    C1]  call_timer_fn+0x17e/0x5f0
[  276.881092][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  276.881114][    C1]  ? call_timer_fn+0xbe/0x5f0
[  276.881142][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  276.881178][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  276.881203][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  276.881231][    C1]  __run_timer_base+0x709/0x970
[  276.881271][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  276.881326][    C1]  run_timer_softirq+0xb7/0x180
[  276.881352][    C1]  handle_softirqs+0x22f/0x710
[  276.881388][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  276.881424][    C1]  run_ktimerd+0xcf/0x190
[  276.881450][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  276.881475][    C1]  ? schedule+0x91/0x360
[  276.881508][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  276.881532][    C1]  smpboot_thread_fn+0x542/0xa60
[  276.881558][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  276.881594][    C1]  kthread+0x711/0x8a0
[  276.881626][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  276.881650][    C1]  ? __pfx_kthread+0x10/0x10
[  276.881676][    C1]  ? rt_spin_unlock+0x150/0x200
[  276.881702][    C1]  ? rt_spin_unlock+0x161/0x200
[  276.881721][    C1]  ? __pfx_kthread+0x10/0x10
[  276.881751][    C1]  ret_from_fork+0x4bc/0x870
[  276.881779][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  276.881811][    C1]  ? __switch_to_asm+0x39/0x70
[  276.881831][    C1]  ? __switch_to_asm+0x33/0x70
[  276.881850][    C1]  ? __pfx_kthread+0x10/0x10
[  276.881880][    C1]  ret_from_fork_asm+0x1a/0x30
[  276.881919][    C1]  </TASK>
[  276.881929][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  276.881944][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  276.881967][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  276.881979][    C1] Call Trace:
[  276.881987][    C1]  <TASK>
[  276.881995][    C1]  dump_stack_lvl+0x99/0x250
[  276.882026][    C1]  ? __asan_memcpy+0x40/0x70
[  276.882455][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.882492][    C1]  ? __pfx__printk+0x10/0x10
[  276.882530][    C1]  vpanic+0x237/0x6d0
[  276.882551][    C1]  ? __pfx_vpanic+0x10/0x10
[  276.882582][    C1]  panic+0xb9/0xc0
[  276.882600][    C1]  ? __pfx_panic+0x10/0x10
[  276.882636][    C1]  __warn+0x31b/0x4b0
[  276.882655][    C1]  ? __queue_work+0x2e5/0x1010
[  276.882683][    C1]  ? __queue_work+0x2e5/0x1010
[  276.882707][    C1]  report_bug+0x2be/0x4f0
[  276.882735][    C1]  ? __queue_work+0x2e5/0x1010
[  276.882761][    C1]  ? __queue_work+0x2e5/0x1010
[  276.882786][    C1]  ? __queue_work+0x2e7/0x1010
[  276.882811][    C1]  handle_bug+0x84/0x160
[  276.882842][    C1]  exc_invalid_op+0x1a/0x50
[  276.882870][    C1]  asm_exc_invalid_op+0x1a/0x20
[  276.882890][    C1] RIP: 0010:__queue_work+0x2e5/0x1010
[  276.882917][    C1] Code: 42 80 3c 28 00 74 08 48 89 ef e8 d6 a3 96 00 48 8b 75 00 49 81 c6 68 01 00 00 48 c7 c7 20 f4 e9 8a 4c 89 f2 e8 2c 31 f9 ff 90 <0f> 0b 90 90 e9 f2 fe ff ff e8 fd eb 34 00 eb 2e e8 f6 eb 34 00 e9
[  276.882935][    C1] RSP: 0018:ffffc90000a3f808 EFLAGS: 00010046
[  276.882954][    C1] RAX: 61c11d1465647c00 RBX: 0000000000000000 RCX: ffff88801bac1e00
[  276.883142][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[  276.883157][    C1] RBP: ffff88805a3f89a0 R08: 0000000000000000 R09: 0000000000000100
[  276.883171][    C1] R10: dffffc0000000000 R11: ffffed101712487b R12: dffffc0000000000
[  276.883187][    C1] R13: dffffc0000000000 R14: ffff888035904968 R15: ffff88801bac294c
[  276.883222][    C1]  ? __queue_work+0x2e4/0x1010
[  276.883263][    C1]  call_timer_fn+0x17e/0x5f0
[  276.883290][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  276.883324][    C1]  ? call_timer_fn+0xbe/0x5f0
[  276.884152][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  276.884187][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  276.884210][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  276.884248][    C1]  __run_timer_base+0x709/0x970
[  276.884287][    C1]  ? __pfx___run_timer_base+0x10/0x10
[  276.884326][    C1]  run_timer_softirq+0xb7/0x180
[  276.884351][    C1]  handle_softirqs+0x22f/0x710
[  276.884383][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  276.884416][    C1]  run_ktimerd+0xcf/0x190
[  276.884443][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  276.884467][    C1]  ? schedule+0x91/0x360
[  276.884503][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  276.884531][    C1]  smpboot_thread_fn+0x542/0xa60
[  276.884558][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  276.884595][    C1]  kthread+0x711/0x8a0
[  276.884630][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  276.884656][    C1]  ? __pfx_kthread+0x10/0x10
[  276.884683][    C1]  ? rt_spin_unlock+0x150/0x200
[  276.884712][    C1]  ? rt_spin_unlock+0x161/0x200
[  276.884733][    C1]  ? __pfx_kthread+0x10/0x10
[  276.884764][    C1]  ret_from_fork+0x4bc/0x870
[  276.884794][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  276.884828][    C1]  ? __switch_to_asm+0x39/0x70
[  276.884849][    C1]  ? __switch_to_asm+0x33/0x70
[  276.884869][    C1]  ? __pfx_kthread+0x10/0x10
[  276.884895][    C1]  ret_from_fork_asm+0x1a/0x30
[  276.884937][    C1]  </TASK>
[  276.885298][    C1] Kernel Offset: disabled