last executing test programs:

9m39.051896466s ago: executing program 4 (id=486):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2}}]}, 0x1c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000180)={0x0, 0x0, 0xf47488e})
mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020)
lstat(&(0x7f0000000b80)='./file0\x00', 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x7, 0x0, @void}}}}}}}, 0x0)

9m36.076126655s ago: executing program 4 (id=495):
syz_usb_connect(0x0, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003834a6b2099040d10a2840102030109025200010c2440070904b800018cac02010a24010400000201020924030203030201a60d2408010700bc5affd3dc187508240806050005f9072408020600030924030605030303070905032b3b"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x1000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x41, 0x6000, @fd=r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}})
io_uring_enter(r1, 0x58a6, 0x7227, 0x23, 0x0, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, 0x0)
syz_open_dev$vbi(0x0, 0x3, 0x2)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r6 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0xe264, 0x0, 0x2, 0xbfdffff8}, &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r9)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r13, @ANYRES32=r12, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r13}, &(0x7f0000000000), &(0x7f0000000080)=r9}, 0x20)
sendmsg$inet(r11, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
recvfrom(r10, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0)
r14 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r14}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}})
io_uring_enter(r6, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

9m31.487838015s ago: executing program 4 (id=507):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000003e000701feffffff00000000047c0000040042800c0009000200e8ffffffffff03000280bbbfe8d6d99a3b82decd182479b541030ac2e5b8739484d415feb7fac116c2b55e47a942bd419590a2832240192b6212771dd3fa93e243a03d6e5ee81d367be3157d5279fdf8a4f9b965ba1adafc39ad7cff62c606ed47f9226c35cb31c03c3e00ed57927f4af43b3a7acb720e3d54a3fef2193c322046874c7f49a12dd4f9668023bfabd27bda301a8f72e2960a2a63ffdeafb61ef7375e6c3cc781"], 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x1000, &(0x7f0000000080)={0x0, 0x80000}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x118)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r3, 0x0, 0x0)
listen(r3, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
r5 = syz_open_procfs(0x0, &(0x7f0000000ec0)='net/vlan/config\x00')
pread64(r5, &(0x7f0000000080)=""/220, 0xdc, 0x47)
ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000000)=0x2)
syz_usb_connect(0x2, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022d00010000000009040000035883b200090589000000000000090585"], 0x0)

9m28.690937581s ago: executing program 4 (id=514):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000400)=""/197, 0xc5}], 0x1, 0x6, 0x7)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000140)={[0x20000000007, 0x80, 0x2, 0x800002, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x40000, 0x8, 0x7f, 0x9, 0x1000000000400001, 0xfffffffffffffffd, 0x1002], 0x1, 0x3e0602})
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0xed, 0xb, 0x44, '\x00', 0x1})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x1127057, 0x0)
mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x129c51, 0x0)

9m28.211730773s ago: executing program 4 (id=516):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f00000001c0)=ANY=[])
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x63, 0xc6, 0xfa, 0x10, 0xeb1a, 0x2750, 0xe282, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x4, 0x9, 0x0, 0x27, 0x6d, 0x26, 0x6}}, {{0x9, 0x4, 0x4, 0x4, 0x0, 0x58, 0x39, 0x7c, 0x51}}]}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x63, 0xc6, 0xfa, 0x10, 0xeb1a, 0x2750, 0xe282, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x4, 0x9, 0x0, 0x27, 0x6d, 0x26, 0x6}}, {{0x9, 0x4, 0x4, 0x4, 0x0, 0x58, 0x39, 0x7c, 0x51}}]}}]}}, 0x0)

9m27.852590953s ago: executing program 4 (id=519):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x2, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x920421, 0x0)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
fsetxattr$trusted_overlay_upper(r5, &(0x7f00000002c0), &(0x7f0000000480)={0x0, 0xfb, 0x10e, 0x6, 0x36, "466b9da060cb02cb57a1903b5fd2adb3", "b7ba845b06582a01d8b0cc75cd15358e3c5035a1b68d8c269d8dd85f000de22c31eafefc811ab59a68163d8c0765d05a85737ce7073bef80e8ce8fb98a6f9182c4d93297735cb61b48b553785a59627ea91fa888d94f848c9710d588de23bde0de50ec5ab47c30d40e400869a425aae8e6c0b2d7659bfe6fcf3cb264fefa21af8898e1ab718daf87363b6836b18820fcf6a50740b30c12a8cfbc1a84eea07bf061cce9ffabe27203ea418be3b9ff85610213c9541c7d3a3ca38c21361cb7287ab5a9ee2bb45c11ae7b716badf76ff44143def7ad0dd83f180331f450b45ef40e0b4ab505976d8891bed1560808fb8fa115311f6ba3ebc688bf"}, 0x10e, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "7988575801915db29080407e348bd865ca94564bb317d44acb1676d2abc229dc", "a5857bc37aa7c1095d077b38512303291a95b5b09a636eef1a9f90cebd547f9e", "db2c2dc5ea4ad56c028ce741339656e6103d6d812fbae8c104e3835184c6138c", "828c66f67aba6ed78dcd61f7bd7570d458ce4a318928273faf5cdfafc0497ee8", "8cbbcb8943da47021c48642dd5d88ce097557bee945473d41ff5ce8ec9874658", "6f8887adedf20abcbc58386c", 0xfff, 0x651, 0xe, 0x1, 0x2}})
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000001240))
r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000240)={0x312bf234138af3d7, 0x2, 0x17, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x4)
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000afe000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0)

9m26.483873182s ago: executing program 32 (id=519):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x10, 0x2, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x920421, 0x0)
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80000)
fsetxattr$trusted_overlay_upper(r5, &(0x7f00000002c0), &(0x7f0000000480)={0x0, 0xfb, 0x10e, 0x6, 0x36, "466b9da060cb02cb57a1903b5fd2adb3", "b7ba845b06582a01d8b0cc75cd15358e3c5035a1b68d8c269d8dd85f000de22c31eafefc811ab59a68163d8c0765d05a85737ce7073bef80e8ce8fb98a6f9182c4d93297735cb61b48b553785a59627ea91fa888d94f848c9710d588de23bde0de50ec5ab47c30d40e400869a425aae8e6c0b2d7659bfe6fcf3cb264fefa21af8898e1ab718daf87363b6836b18820fcf6a50740b30c12a8cfbc1a84eea07bf061cce9ffabe27203ea418be3b9ff85610213c9541c7d3a3ca38c21361cb7287ab5a9ee2bb45c11ae7b716badf76ff44143def7ad0dd83f180331f450b45ef40e0b4ab505976d8891bed1560808fb8fa115311f6ba3ebc688bf"}, 0x10e, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "7988575801915db29080407e348bd865ca94564bb317d44acb1676d2abc229dc", "a5857bc37aa7c1095d077b38512303291a95b5b09a636eef1a9f90cebd547f9e", "db2c2dc5ea4ad56c028ce741339656e6103d6d812fbae8c104e3835184c6138c", "828c66f67aba6ed78dcd61f7bd7570d458ce4a318928273faf5cdfafc0497ee8", "8cbbcb8943da47021c48642dd5d88ce097557bee945473d41ff5ce8ec9874658", "6f8887adedf20abcbc58386c", 0xfff, 0x651, 0xe, 0x1, 0x2}})
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}})
ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000001240))
r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000240)={0x312bf234138af3d7, 0x2, 0x17, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x4)
syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000afe000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0)

2m35.941725586s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

2m33.736983421s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1m59.286898184s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

1m58.01285341s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1m26.215404183s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1m23.730540291s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

57.23848699s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

55.839107379s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

49.646311876s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

29.644770381s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

28.127390197s ago: executing program 1 (id=523):
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, <r0=>0x0})
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r6 = dup3(r4, r5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb)
ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0))
r8 = fanotify_init(0x8, 0x8000)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
read$FUSE(r10, 0x0, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0)

15.283234672s ago: executing program 3 (id=1670):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r3=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10)

10.831746655s ago: executing program 5 (id=1678):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
close(0xffffffffffffffff)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xfffe, 0x101}})
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201400203010902120001000c00000004000000dfb98bc0f6287cfbb1bc"], 0x0)
r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x1abe, 0x210000)
ioctl$BLKROGET(r5, 0x125e, &(0x7f0000000180))
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e24, @empty}, 0x10)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x3, 0x0, 0x4, 0x0, {0xa, 0x4e24, 0xa, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x100}}}, 0x3a)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r1, &(0x7f00000000c0), 0x0, 0x20040014)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, 0x0)

9.395506134s ago: executing program 3 (id=1680):
r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x0, r2})
readv(r0, &(0x7f0000001440)=[{&(0x7f0000000240)=""/4084, 0xff4}, {&(0x7f0000000040)=""/45, 0x2d}], 0x2)
r3 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_LINK_CREATE(0x8, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2b, 0x0, @val=@tracing={0x0, 0x2}}, 0x20)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810388"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
r5 = creat(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
getsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f00000014c0)={@local, <r8=>0x0}, &(0x7f0000001500)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000001640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001600)={&(0x7f0000001540)=@newtclass={0x48, 0x28, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xa, 0x4}, {0x1, 0x3}, {0x5, 0x8}}, [@tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}, @tclass_kind_options=@c_mqprio={0xb}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000180)
writev(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000100))
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r10 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r11=>0x0, &(0x7f0000000080)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r9, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x8000})
io_uring_enter(r10, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
fcntl$addseals(r5, 0x409, 0x8)
syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00221c1304000000b3f96086e00bf4f1ffff8b6e259261"], 0x0}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_PORT={0x6, 0x5, 0x4e21}]}}}]}, 0x44}}, 0x4000)

7.720096732s ago: executing program 5 (id=1681):
r0 = syz_open_procfs(0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000240), 0x1ff, 0x20c103)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x181040, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000)
r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r4, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x22, 0x0, 0x0)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x2, @empty}, 0x27)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
readv(r5, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}], 0x1)
ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xfffd, 0xa, 0x1ff, 0x1})
move_mount(r4, 0x0, r0, &(0x7f0000000180)='./mnt\x00', 0x214)
r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000000000000800090000001000080008"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r8, 0x0, 0x15, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r6, 0x800c5011, &(0x7f0000000100))

6.898733472s ago: executing program 5 (id=1683):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (fail_nth: 7)

6.758955013s ago: executing program 5 (id=1684):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000017c0), 0x0)
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000002c0)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000240)}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(0xffffffffffffffff, &(0x7f0000000740)=' ', 0x1, 0x20008801, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = gettid()
sched_setaffinity(r2, 0x8, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r5=>0x0})
socket$kcm(0x29, 0x5, 0x0)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000200)={0x1000001, "56600e1e324551c423170000000099faec52328074c1000000000000ebff0100", <r7=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r8=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000000c0)={"3c2486910284ed923431d4c5d5fbf514fd00", r8})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"766cace9c303653f121a2d892000", 0x0, 0x0, {0x81, 0x50000a}, {0x7, 0x8}, 0x5, [0x3, 0x3, 0x4, 0x6, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x7, 0x80000000, 0x81, 0x10, 0x522586f, 0xfffffffffffffffb, 0x7]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
setreuid(0x0, 0xee00)

5.664227957s ago: executing program 2 (id=1686):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$FITRIM(r2, 0x40106e8c, 0x0)
r3 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r3, 0x84, 0x1e, &(0x7f0000000000), 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)="d80000001000810468f70082db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94000534cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000004) (fail_nth: 6)

5.533781244s ago: executing program 3 (id=1687):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x2, 0x0)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = dup(r2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x5}}, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='contention_end\x00', r4, 0x0, 0x8001}, 0x18)
socket$inet(0x2, 0x6, 0x2)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000e601"], 0x20}}, 0x4000040)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0)
ptrace(0x10, r7)
ptrace$setregs(0xd, r7, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r7, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r3)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xf4, r8, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xcbc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}]}, 0xf4}, 0x1, 0x0, 0x0, 0x8804}, 0x1)
r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
ioctl$KVM_SET_CPUID2(r9, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r6])
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

4.771471211s ago: executing program 2 (id=1688):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x48840)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000080))
r9 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02bb27dd4e7d5775a40a9cdf411c82212aa163f23c0c6e9da730df09b21815a35418b0dac6419d47c90fb04a5909504f8b90be90eb3afe851e1f50dbec0255dc21dcdec7554c23539f6445da05c8810bed395f5196bb5b5fc2f7c37b61bcf34fba0adaa12bc2461edc7aaf76922c66cd1d2e1424c3bac6b5f9ea787dbca0d0a46a3ce35e0f7caa9c1b78a380672662cb5c0d7571a95d82a3866494d1c914c92c466ccd2163e1fdbf96993f1cba639cce6ec50186ab22f0dcd939a715afd4bf37da8f5c7a5158c0134ee9ed7dcf0330fdedc5f9fc3958110944ccaa68612ed5d7865ecfddeda455196fb77d449ec6736d87dce620bfb14464ef80ce9c", @ANYRES16=r9, @ANYBLOB="010300000000000000000100ee7d817a1686d242f9492d06e706577115e96e668c3cdf82eab3a8acf11abdfbf872fa1af9b4c21f5d38ac7c62dadf612029fb866a9bbff21c83c8296dd1a4572035bfd0d598b16dc2fcf04ee8ab948d297a859372f90f07d4318ba8d609b2757f0a0d541d5622ad3191be45cff07e595cc0cd6f2081195e141cc95468d6498128005c39b29e28bba089681b9a08712f35ecafd4f73b28f34b1e25afe476598eadf82d1677fb72", @ANYRES32=r3, @ANYRESDEC=r4], 0x20}, 0x1, 0x0, 0x0, 0x64}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x2, 0x0, 0x1ffe, 0x2000, &(0x7f0000ff2000/0x2000)=nil})
r10 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r10, 0x3292e291)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r10, 0x40505412, &(0x7f00000000c0)={0x1, 0x4, 0xa, 0x0, 0x5})
ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x90})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r12, 0xae60)
ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
munmap(&(0x7f0000456000/0x2000)=nil, 0x2000)
close_range(r0, 0xffffffffffffffff, 0x0)

4.355944722s ago: executing program 2 (id=1689):
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x2}, 0x0)
add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="a5", 0x1, 0xfffffffffffffffe)
add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="a5", 0x1, 0xfffffffffffffffe)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x34, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0xffffffff, 0x0]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x34}}, 0x0)

4.277256745s ago: executing program 5 (id=1690):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r3=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10)

4.030267093s ago: executing program 2 (id=1691):
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001380)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f139046a23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8bf3145144f8df253f85eb6f1c853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e012533719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c024ed6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df00415312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c556059efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e3e4cd129d5f0cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9ff90400000000000000d64285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f151421ffff57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd113b1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be29010000bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6136497a622d2ca7e72e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000000000009546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f637d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65e000000002a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
io_setup(0x4, &(0x7f0000000340))
flock(r1, 0x5)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
flock(r3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rseq_update\x00', r0}, 0x10)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)

3.976765347s ago: executing program 3 (id=1692):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000480)={r2, @in6={{0xa, 0x4e20, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0xaea}}, [0x9, 0x1, 0x4, 0xe347, 0x81, 0x4, 0x8, 0x2, 0xa, 0x7, 0x346ce683, 0x4, 0x401, 0x80000001, 0x40000008]}, &(0x7f0000000240)=0x100)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'vcan0\x00'}}, 0x1e)
sendmmsg(0xffffffffffffffff, &(0x7f0000003880)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003b80)="870b", 0x2}], 0x1}}], 0x1, 0x4080)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r4 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)

2.913485103s ago: executing program 0 (id=1348):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc})
write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10)
socket$inet(0x2, 0x3, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1.356137553s ago: executing program 2 (id=1693):
sendto$unix(0xffffffffffffffff, &(0x7f00000001c0)="8287783e623ea00a1e6474d9e40d42144f837f145aadc7a4ba5c329a925be7218ebd204080ccfba4630b4a8decb822cd13b196538c33c1cf394d707a1eda4238055032f6ba47f68e53a17f6871e1ffb8fb33f49a76", 0x55, 0x4082, 0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b40)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b00)={<r1=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[], 0x0, 0x66}, 0x28)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB=',\x00'], 0x2c}}, 0x800)
recvmmsg(r5, &(0x7f0000007700), 0x318, 0xfc0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f00000003c0)=0x6, r1, 0x0, 0x0, 0x1}}, 0x20)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="08000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)

1.355353962s ago: executing program 3 (id=1694):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000)
r2 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818)
sendmsg$sock(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='k', 0x1}, {0x0}, {&(0x7f0000000040)="fe07e4ad9a397dadc913c79649675cd17df8bf86309a", 0x16}, {&(0x7f00000001c0)}], 0x4, &(0x7f0000000080)=[@timestamping={{0x14, 0x1, 0x25, 0x303}}], 0x18}, 0x4000081)
fadvise64(r1, 0x2, 0x106, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x1000)

1.069380157s ago: executing program 3 (id=1695):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000003c0)={'das16m1\x00', [0x7ff, 0x20, 0x1, 0xd, 0x0, 0x6, 0x1, 0xaa9, 0x1000, 0x1, 0x8, 0x5, 0x407, 0x2, 0x80000003, 0x6, 0x80000004, 0x9, 0xfffffffd, 0x67c, 0x10003ff, 0x3, 0x800, 0xe2df, 0x2, 0x1, 0x6, 0x4000, 0x7, 0x6091, 0x5]})

65.316306ms ago: executing program 2 (id=1696):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000600)={0x2, @pix={0x80000000, 0xbb46, 0x34324142, 0x0, 0x0, 0x2c9, 0x0, 0xfffffffd}})
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2})
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000080)={0x2, @sliced={0x8, [0x1, 0x7, 0x5, 0x3ff, 0x0, 0x2, 0x6, 0x9, 0x1ff, 0xdd, 0x494, 0x139, 0x7, 0x5, 0x5, 0x7, 0x6, 0x9, 0x2, 0x5, 0x1, 0x1, 0xd, 0x6, 0x9, 0x8, 0xf6, 0x5, 0x7, 0x9, 0x4, 0x5, 0x9, 0xe, 0x5, 0x258d, 0x2, 0x9, 0x6, 0x4, 0xe, 0x40, 0x7ff, 0x7, 0x0, 0xdea, 0x5, 0xbb], 0x80000000}})
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10)
getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f0000000000), &(0x7f00000000c0)=0x30)
socket(0x29, 0x400000000080803, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000100)={0x1, 0x4}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x3b0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

0s ago: executing program 5 (id=1697):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket(0x2, 0x80805, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, 0x0, &(0x7f0000000040))
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x8831}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0x3}]}}}, @IFLA_LINK={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

kernel console output (not intermixed with test programs):

netdevsim0: renamed from eth0
[  741.323644][T11972] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  742.007386][T11972] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  742.017797][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1461'.
[  742.161281][ T5835] usb 4-1: Using ep0 maxpacket: 16
[  742.189026][T11972] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  742.249843][ T5835] usb 4-1: unable to read config index 0 descriptor/start: -71
[  742.281648][ T5835] usb 4-1: can't read configurations, error -71
[  742.460284][T11982] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  742.636422][T11982] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  742.651633][T11982] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  742.665518][T11982] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  742.932087][ T5835] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  743.105884][ T5835] usb 4-1: Using ep0 maxpacket: 16
[  743.127842][ T5835] usb 4-1: config 0 has an invalid interface number: 4 but max is 1
[  743.144418][ T5835] usb 4-1: config 0 has an invalid interface number: 4 but max is 1
[  743.161868][ T5835] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  743.186271][ T5835] usb 4-1: config 0 has no interface number 0
[  743.189937][T11972] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.201530][ T5835] usb 4-1: config 0 interface 4 altsetting 9 endpoint 0xF has an invalid bInterval 255, changing to 11
[  743.217592][T11982] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.231614][ T5835] usb 4-1: config 0 interface 4 altsetting 4 endpoint 0xE has invalid wMaxPacketSize 0
[  743.261404][ T5835] usb 4-1: config 0 interface 4 altsetting 4 bulk endpoint 0xE has invalid maxpacket 0
[  743.281880][ T5835] usb 4-1: config 0 interface 4 has no altsetting 0
[  743.285917][T11972] 8021q: adding VLAN 0 to HW filter on device team0
[  743.297819][ T5835] usb 4-1: config 0 interface 4 has no altsetting 1
[  743.306794][ T5835] usb 4-1: New USB device found, idVendor=eb1a, idProduct=2750, bcdDevice=e2.82
[  743.308736][T11982] 8021q: adding VLAN 0 to HW filter on device team0
[  743.326606][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  743.342656][ T5835] usb 4-1: config 0 descriptor??
[  743.354039][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.361303][ T5986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.406289][ T6848] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.413555][ T6848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  743.461535][ T6848] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.468771][ T6848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  743.487464][ T6848] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.494777][ T6848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  743.647157][T12188] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1463'.
[  743.679685][T12188] geneve1: entered promiscuous mode
[  743.749171][ T5835] usb 4-1: string descriptor 0 read error: -71
[  744.512684][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1466'.
[  744.535522][ T5835] usb 4-1: USB disconnect, device number 27
[  744.921277][ T5835] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  745.229346][T12220] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000'
[  745.471302][ T5835] usb 4-1: Using ep0 maxpacket: 8
[  745.492357][ T5835] usb 4-1: config 0 has no interfaces?
[  745.520336][ T5835] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  745.594553][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.700453][ T5835] usb 4-1: config 0 descriptor??
[  745.753733][T11972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.900001][T11972] veth0_vlan: entered promiscuous mode
[  745.938285][T11982] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.948086][T12207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  745.957176][T12207] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  745.966999][T12224] syzkaller1: entered promiscuous mode
[  745.974113][T12224] syzkaller1: entered allmulticast mode
[  745.979024][ T5835] usb 4-1: USB disconnect, device number 28
[  746.017618][T11972] veth1_vlan: entered promiscuous mode
[  746.024564][T12226] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1471'.
[  746.054820][T12226] SET target dimension over the limit!
[  746.133601][T11982] veth0_vlan: entered promiscuous mode
[  746.154518][T11972] veth0_macvtap: entered promiscuous mode
[  746.194324][T11972] veth1_macvtap: entered promiscuous mode
[  746.239187][T11982] veth1_vlan: entered promiscuous mode
[  746.496783][T11972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.187483][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1472'.
[  747.212822][T11972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.230990][T11982] veth0_macvtap: entered promiscuous mode
[  747.263659][T11972] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.311001][T11972] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.340829][T11972] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.351323][T11972] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.389457][T11982] veth1_macvtap: entered promiscuous mode
[  747.474367][T11982] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.506077][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.512624][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.706256][T12241] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  748.066381][T11982] batman_adv: batadv0: Interface activated: batadv_slave_1
[  748.103433][T11982] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  748.147170][T11982] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  748.176301][T11982] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  748.210272][T11982] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.177461][T12247] sit0: entered promiscuous mode
[  749.185630][T12247] netlink: 'syz.5.1477': attribute type 1 has an invalid length.
[  749.193443][T12247] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1477'.
[  749.439285][ T6848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.467531][ T6848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.513656][ T7540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.536566][ T7540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.589860][ T5986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.618530][ T5986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.681411][ T6910] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  749.770233][   T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.793835][   T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.864829][ T6910] usb 6-1: Using ep0 maxpacket: 32
[  749.886916][ T6910] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  749.898997][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  749.922993][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  749.933633][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  749.945644][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  749.962528][ T6910] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  749.973324][ T6910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.016988][ T6910] usb 6-1: Product: syz
[  750.021670][ T6910] usb 6-1: Manufacturer: syz
[  750.026559][ T6910] usb 6-1: SerialNumber: syz
[  750.203384][T12261] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000'
[  750.579569][ T6910] usb 6-1: config 0 descriptor??
[  750.854086][   T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  751.045842][   T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  751.086700][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -32
[  751.093671][ T6910] input input32: Device does not respond to id packet M
[  751.106448][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -32
[  751.118032][ T6910] input input32: Device does not respond to id packet P
[  751.131635][ T6910] input input32: Device does not respond to id packet B
[  751.336683][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71
[  751.371435][ T6910] input input32: Device does not respond to id packet N
[  751.381398][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71
[  751.389865][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71
[  751.405475][   T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  751.417884][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71
[  751.425950][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71
[  751.453627][ T6910] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input32
[  751.505578][ T6910] usb 6-1: USB disconnect, device number 23
[  751.676683][   T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  753.133637][T12275] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1484'.
[  753.370488][   T65] bridge_slave_1: left allmulticast mode
[  753.377237][   T65] bridge_slave_1: left promiscuous mode
[  753.386651][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.302786][   T65] bridge_slave_0: left allmulticast mode
[  754.308657][   T65] bridge_slave_0: left promiscuous mode
[  754.319419][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.389170][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  754.400020][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  754.408994][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  754.418968][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  754.427427][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  754.462851][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  754.473320][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  754.482649][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  754.492079][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  754.500817][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  754.630905][T12290] Bluetooth: MGMT ver 1.23
[  754.891293][T11216] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  754.896486][ T5835] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  754.997291][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  755.008838][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  755.019674][   T65] bond0 (unregistering): Released all slaves
[  755.052933][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  755.063765][T11216] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  755.070005][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  755.085973][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  755.089975][T11216] usb 3-1: config 0 interface 0 has no altsetting 0
[  755.110161][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  755.127076][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  755.137468][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.146501][T11216] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  755.163937][T11216] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  755.172455][T11216] usb 3-1: Product: syz
[  755.177667][T11216] usb 3-1: Manufacturer: syz
[  755.193502][T11216] usb 3-1: SerialNumber: syz
[  755.193881][ T5835] usb 4-1: config 0 descriptor??
[  755.201891][T11216] usb 3-1: config 0 descriptor??
[  755.214528][T11216] usb 3-1: selecting invalid altsetting 0
[  755.429444][T12292] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1489'.
[  755.437533][ T6910] usb 4-1: USB disconnect, device number 29
[  755.446074][T11216] usb 3-1: USB disconnect, device number 46
[  755.536244][   T65] hsr_slave_0: left promiscuous mode
[  755.546741][   T65] hsr_slave_1: left promiscuous mode
[  755.552867][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  755.560376][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  755.569859][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  755.577620][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  755.602564][   T65] veth1_macvtap: left promiscuous mode
[  755.608237][   T65] veth0_macvtap: left promiscuous mode
[  755.614089][   T65] veth1_vlan: left promiscuous mode
[  755.619691][   T65] veth0_vlan: left promiscuous mode
[  756.238516][T12302] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000'
[  756.487016][ T9644] Bluetooth: hci0: command tx timeout
[  756.551736][ T9644] Bluetooth: hci4: command tx timeout
[  756.925893][T12307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1493'.
[  757.129131][   T65] team0 (unregistering): Port device team_slave_1 removed
[  757.267044][T12308] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  757.371864][   T65] team0 (unregistering): Port device team_slave_0 removed
[  758.552385][ T9644] Bluetooth: hci0: command tx timeout
[  758.633114][ T9644] Bluetooth: hci4: command tx timeout
[  760.008164][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1496'.
[  760.481108][T12285] chnl_net:caif_netlink_parms(): no params data found
[  760.631398][ T9644] Bluetooth: hci0: command tx timeout
[  760.648557][T12283] chnl_net:caif_netlink_parms(): no params data found
[  760.711276][ T9644] Bluetooth: hci4: command tx timeout
[  761.081221][T11216] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  761.123680][T12285] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.134331][T12285] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.142289][T12285] bridge_slave_0: entered allmulticast mode
[  761.150610][T12285] bridge_slave_0: entered promiscuous mode
[  761.600230][T11216] usb 3-1: Using ep0 maxpacket: 16
[  761.613725][T11216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  761.625355][T11216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  761.636536][T11216] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  761.638293][T12283] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.653134][T11216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.659252][T12283] bridge0: port 1(bridge_slave_0) entered disabled state
[  761.670703][T12283] bridge_slave_0: entered allmulticast mode
[  761.678779][T11216] usb 3-1: config 0 descriptor??
[  761.680271][T12283] bridge_slave_0: entered promiscuous mode
[  761.693777][T11216] usbhid 3-1:0.0: can't add hid device: -22
[  761.699857][T11216] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  761.711416][T12285] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.721536][T12285] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.730246][T12285] bridge_slave_1: entered allmulticast mode
[  761.737990][T12285] bridge_slave_1: entered promiscuous mode
[  761.760605][T12283] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.786018][T12283] bridge0: port 2(bridge_slave_1) entered disabled state
[  761.798514][T12283] bridge_slave_1: entered allmulticast mode
[  761.807650][T12283] bridge_slave_1: entered promiscuous mode
[  761.905527][   T24] usb 3-1: USB disconnect, device number 47
[  761.907647][   T65] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.955094][T12285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  761.989398][T12283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  762.017039][   T65] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.032632][ T6910] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  762.048061][T12285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.060141][T12283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  762.101601][ T5835] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  762.132874][T12283] team0: Port device team_slave_0 added
[  762.159198][T12283] team0: Port device team_slave_1 added
[  762.186090][   T65] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.196519][ T6910] usb 6-1: Using ep0 maxpacket: 16
[  762.212606][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  762.228313][T12285] team0: Port device team_slave_0 added
[  762.236390][ T6910] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  762.246421][ T6910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.255501][T12285] team0: Port device team_slave_1 added
[  762.261328][ T6910] usb 6-1: Product: syz
[  762.261352][ T6910] usb 6-1: Manufacturer: syz
[  762.261369][ T6910] usb 6-1: SerialNumber: syz
[  762.264623][ T6910] usb 6-1: config 0 descriptor??
[  762.283043][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  762.295027][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  762.308525][ T6910] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  762.321573][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  762.331776][ T6910] em28xx 6-1:0.0: DVB interface 0 found: bulk
[  762.338085][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  762.352372][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  762.361920][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.380634][ T5835] usb 4-1: config 0 descriptor??
[  762.383793][T12283] batman_adv: batadv0: Adding interface: batadv_slave_0
[  762.394714][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  762.421611][T12283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  762.467240][   T65] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.526902][T12283] batman_adv: batadv0: Adding interface: batadv_slave_1
[  762.534056][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  762.559962][    C1] vkms_vblank_simulate: vblank timer overrun
[  762.567356][T12283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  762.578286][ T6910] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  762.692051][T12355] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000'
[  762.702404][ T5835] usb 4-1: USB disconnect, device number 30
[  762.703215][ T9644] Bluetooth: hci0: command tx timeout
[  762.781269][ T9644] Bluetooth: hci4: command tx timeout
[  763.022482][ T6910] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  763.110022][ T6910] em28xx 6-1:0.0: board has no eeprom
[  763.111972][T12285] batman_adv: batadv0: Adding interface: batadv_slave_0
[  763.136535][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.187067][ T6910] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  763.195265][ T6910] em28xx 6-1:0.0: dvb set to bulk mode.
[  763.205239][T12285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  763.223426][ T6244] em28xx 6-1:0.0: Binding DVB extension
[  763.238599][T12285] batman_adv: batadv0: Adding interface: batadv_slave_1
[  763.239438][ T6910] usb 6-1: USB disconnect, device number 24
[  763.271211][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  763.278755][ T6910] em28xx 6-1:0.0: Disconnecting em28xx
[  763.339011][T12285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  763.380694][ T6244] em28xx 6-1:0.0: Registering input extension
[  763.388072][ T6910] em28xx 6-1:0.0: Closing input extension
[  763.434966][ T6910] em28xx 6-1:0.0: Freeing device
[  763.501174][T12361] ieee802154 phy0 wpan0: encryption failed: -22
[  763.698722][T12285] hsr_slave_0: entered promiscuous mode
[  763.906200][T12285] hsr_slave_1: entered promiscuous mode
[  763.912954][T12285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  763.921437][T12285] Cannot create hsr debugfs directory
[  763.953194][T12369] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  763.962048][ T6244] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  764.720850][T12283] hsr_slave_0: entered promiscuous mode
[  764.732981][T12283] hsr_slave_1: entered promiscuous mode
[  764.739631][T12283] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  764.748061][T12283] Cannot create hsr debugfs directory
[  764.754099][ T6244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  764.771499][ T6244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  764.791494][ T6244] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.4d
[  764.805567][ T6244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.816818][T12370] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1507'.
[  764.946187][ T6244] usb 3-1: config 0 descriptor??
[  765.234197][   T65] bridge_slave_1: left allmulticast mode
[  765.239936][   T65] bridge_slave_1: left promiscuous mode
[  765.259931][   T65] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.281048][   T65] bridge_slave_0: left allmulticast mode
[  765.289429][   T65] bridge_slave_0: left promiscuous mode
[  765.295634][   T65] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.346129][T12379] FAULT_INJECTION: forcing a failure.
[  765.346129][T12379] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  765.359365][T12379] CPU: 1 UID: 0 PID: 12379 Comm: syz.3.1511 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  765.359394][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  765.359408][T12379] Call Trace:
[  765.359422][T12379]  <TASK>
[  765.359432][T12379]  dump_stack_lvl+0x189/0x250
[  765.359462][T12379]  ? __pfx____ratelimit+0x10/0x10
[  765.359493][T12379]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.359515][T12379]  ? __pfx__printk+0x10/0x10
[  765.359556][T12379]  should_fail_ex+0x414/0x560
[  765.359592][T12379]  _copy_to_user+0x31/0xb0
[  765.359627][T12379]  simple_read_from_buffer+0xe1/0x170
[  765.359665][T12379]  proc_fail_nth_read+0x1df/0x250
[  765.359691][T12379]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  765.359716][T12379]  ? rw_verify_area+0x258/0x650
[  765.359744][T12379]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  765.359768][T12379]  vfs_read+0x200/0x980
[  765.359802][T12379]  ? __pfx___mutex_lock+0x10/0x10
[  765.359824][T12379]  ? __pfx_vfs_read+0x10/0x10
[  765.359853][T12379]  ? __fget_files+0x2a/0x420
[  765.359878][T12379]  ? __fget_files+0x3a0/0x420
[  765.359895][T12379]  ? __fget_files+0x2a/0x420
[  765.359925][T12379]  ksys_read+0x145/0x250
[  765.359956][T12379]  ? __pfx_ksys_read+0x10/0x10
[  765.359982][T12379]  ? rcu_is_watching+0x15/0xb0
[  765.360011][T12379]  ? do_syscall_64+0xbe/0x3b0
[  765.360037][T12379]  do_syscall_64+0xfa/0x3b0
[  765.360056][T12379]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.360088][T12379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.360110][T12379]  ? clear_bhb_loop+0x60/0xb0
[  765.360135][T12379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.360156][T12379] RIP: 0033:0x7fdf4958d33c
[  765.360175][T12379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  765.360194][T12379] RSP: 002b:00007fdf4a46a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  765.360218][T12379] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958d33c
[  765.360234][T12379] RDX: 000000000000000f RSI: 00007fdf4a46a0a0 RDI: 0000000000000003
[  765.360247][T12379] RBP: 00007fdf4a46a090 R08: 0000000000000000 R09: 0000000000000000
[  765.360260][T12379] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  765.360272][T12379] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88
[  765.360300][T12379]  </TASK>
[  765.592247][    C1] vkms_vblank_simulate: vblank timer overrun
[  766.098710][   T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  766.110422][   T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  766.121697][   T65] bond0 (unregistering): Released all slaves
[  766.335631][T12385] input: syz0 as /devices/virtual/input/input34
[  766.403281][ T6244] usb 3-1: string descriptor 0 read error: -71
[  766.423647][ T6244] hdpvr 3-1:0.0: Could not find bulk-in endpoint
[  766.430083][ T6244] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[  766.445300][ T6244] usb 3-1: USB disconnect, device number 48
[  766.638763][T12388] input: syz1 as /devices/virtual/input/input35
[  766.763164][   T65] hsr_slave_0: left promiscuous mode
[  766.770481][   T65] hsr_slave_1: left promiscuous mode
[  766.788834][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  766.830133][   T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[  766.859237][   T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  766.905728][   T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[  767.063609][   T65] veth1_macvtap: left promiscuous mode
[  767.069448][   T65] veth0_macvtap: left promiscuous mode
[  767.087470][   T65] veth1_vlan: left promiscuous mode
[  767.099951][   T65] veth0_vlan: left promiscuous mode
[  767.463466][T12392] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  767.611036][T12395] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1516'.
[  767.647470][T12395] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1516'.
[  769.531579][   T65] team0 (unregistering): Port device team_slave_1 removed
[  769.607532][   T65] team0 (unregistering): Port device team_slave_0 removed
[  770.849812][T12412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1519'.
[  771.013096][T12415] FAULT_INJECTION: forcing a failure.
[  771.013096][T12415] name failslab, interval 1, probability 0, space 0, times 0
[  771.094531][T12415] CPU: 0 UID: 0 PID: 12415 Comm: syz.3.1520 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  771.094563][T12415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  771.094584][T12415] Call Trace:
[  771.094593][T12415]  <TASK>
[  771.094603][T12415]  dump_stack_lvl+0x189/0x250
[  771.094633][T12415]  ? __pfx____ratelimit+0x10/0x10
[  771.094666][T12415]  ? __pfx_dump_stack_lvl+0x10/0x10
[  771.094689][T12415]  ? __pfx__printk+0x10/0x10
[  771.094724][T12415]  ? __pfx___might_resched+0x10/0x10
[  771.094746][T12415]  ? fs_reclaim_acquire+0x7d/0x100
[  771.094773][T12415]  should_fail_ex+0x414/0x560
[  771.094808][T12415]  should_failslab+0xa8/0x100
[  771.094842][T12415]  __kmalloc_noprof+0xcb/0x4f0
[  771.094870][T12415]  ? ovs_meter_cmd_set+0x218/0x1650
[  771.094907][T12415]  ovs_meter_cmd_set+0x218/0x1650
[  771.094953][T12415]  ? __pfx_ovs_meter_cmd_set+0x10/0x10
[  771.094984][T12415]  ? __nla_parse+0x40/0x60
[  771.095009][T12415]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  771.095059][T12415]  genl_family_rcv_msg_doit+0x212/0x300
[  771.095098][T12415]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  771.095145][T12415]  ? bpf_lsm_capable+0x9/0x20
[  771.095167][T12415]  ? security_capable+0x7e/0x2e0
[  771.095197][T12415]  genl_rcv_msg+0x60e/0x790
[  771.095236][T12415]  ? __pfx_genl_rcv_msg+0x10/0x10
[  771.095263][T12415]  ? ref_tracker_free+0x63a/0x7d0
[  771.095293][T12415]  ? __pfx_ovs_meter_cmd_set+0x10/0x10
[  771.095325][T12415]  ? __pfx_ref_tracker_free+0x10/0x10
[  771.095368][T12415]  netlink_rcv_skb+0x208/0x470
[  771.095395][T12415]  ? __pfx_genl_rcv_msg+0x10/0x10
[  771.095427][T12415]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  771.095472][T12415]  ? down_read+0x1ad/0x2e0
[  771.095498][T12415]  genl_rcv+0x28/0x40
[  771.095525][T12415]  netlink_unicast+0x759/0x8e0
[  771.095561][T12415]  netlink_sendmsg+0x805/0xb30
[  771.095598][T12415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  771.095632][T12415]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  771.095662][T12415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  771.095688][T12415]  __sock_sendmsg+0x219/0x270
[  771.095725][T12415]  ____sys_sendmsg+0x505/0x830
[  771.095758][T12415]  ? __pfx_____sys_sendmsg+0x10/0x10
[  771.095796][T12415]  ? import_iovec+0x74/0xa0
[  771.095826][T12415]  ___sys_sendmsg+0x21f/0x2a0
[  771.095855][T12415]  ? __pfx____sys_sendmsg+0x10/0x10
[  771.095925][T12415]  ? __fget_files+0x2a/0x420
[  771.095943][T12415]  ? __fget_files+0x3a0/0x420
[  771.095975][T12415]  __x64_sys_sendmsg+0x19b/0x260
[  771.096005][T12415]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  771.096044][T12415]  ? __pfx_ksys_write+0x10/0x10
[  771.096076][T12415]  ? rcu_is_watching+0x15/0xb0
[  771.096106][T12415]  ? do_syscall_64+0xbe/0x3b0
[  771.096130][T12415]  do_syscall_64+0xfa/0x3b0
[  771.096149][T12415]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.096179][T12415]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.096200][T12415]  ? clear_bhb_loop+0x60/0xb0
[  771.096226][T12415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.096246][T12415] RIP: 0033:0x7fdf4958e929
[  771.096265][T12415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  771.096283][T12415] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  771.096306][T12415] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929
[  771.096321][T12415] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  771.096335][T12415] RBP: 00007fdf4a46a090 R08: 0000000000000000 R09: 0000000000000000
[  771.096348][T12415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.096360][T12415] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88
[  771.096394][T12415]  </TASK>
[  771.502258][ T9644] Bluetooth: hci1: command 0x0c1a tx timeout
[  771.636051][T12418] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  772.620137][ T5846] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  773.000316][T12285] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  773.023367][T12285] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  773.039599][T12285] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  773.075291][T12285] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  773.251644][T12285] 8021q: adding VLAN 0 to HW filter on device bond0
[  773.272243][T11216] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  773.308274][T12285] 8021q: adding VLAN 0 to HW filter on device team0
[  773.362233][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[  773.369502][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[  773.411046][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.418364][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  773.434721][T11216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  773.454357][T11216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  773.466179][T11216] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.4d
[  773.476696][T11216] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.494381][T11216] usb 6-1: config 0 descriptor??
[  773.517644][T12283] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  773.534839][T12283] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  773.547906][T12283] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  773.564938][T12283] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  773.755369][T12283] 8021q: adding VLAN 0 to HW filter on device bond0
[  773.788477][T12283] 8021q: adding VLAN 0 to HW filter on device team0
[  773.814778][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  773.822127][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  773.862583][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  773.869864][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  774.075053][T12459] tmpfs: Unknown parameter '¥{2~
[  774.075053][T12459] ¯'
[  774.092237][T12460] tmpfs: Unknown parameter '¥{2~
[  774.092237][T12460] ¯'
[  774.096344][    C0] vcan0: j1939_tp_rxtimer: 0xffff888034fb8800: rx timeout, send abort
[  774.106494][T12285] 8021q: adding VLAN 0 to HW filter on device batadv0
[  774.108435][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888034fb8800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  774.413898][T12285] veth0_vlan: entered promiscuous mode
[  774.427694][T12285] veth1_vlan: entered promiscuous mode
[  774.479910][T12285] veth0_macvtap: entered promiscuous mode
[  775.494105][T12285] veth1_macvtap: entered promiscuous mode
[  775.518494][T12285] batman_adv: batadv0: Interface activated: batadv_slave_0
[  775.570554][T12285] batman_adv: batadv0: Interface activated: batadv_slave_1
[  775.628872][T12285] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  775.671502][T11216] usb 6-1: string descriptor 0 read error: -71
[  775.802401][T12285] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  775.811293][T12285] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  775.820051][T12285] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  775.832446][T11216] hdpvr 6-1:0.0: Could not find bulk-in endpoint
[  775.838920][T11216] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -12
[  776.481596][T11216] usb 6-1: USB disconnect, device number 25
[  776.827695][T12477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  777.206919][T12283] 8021q: adding VLAN 0 to HW filter on device batadv0
[  777.894793][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  777.920918][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.961097][T12283] veth0_vlan: entered promiscuous mode
[  778.040710][T12485] Bluetooth: hci0: service_discovery: too big uuid_count value 14336
[  778.978161][T12283] veth1_vlan: entered promiscuous mode
[  779.003397][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  779.023298][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  779.218725][T12283] veth0_macvtap: entered promiscuous mode
[  782.877383][T12283] veth1_macvtap: entered promiscuous mode
[  782.943942][T12283] batman_adv: batadv0: Interface activated: batadv_slave_0
[  782.958788][T12283] batman_adv: batadv0: Interface activated: batadv_slave_1
[  783.045102][T12283] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  783.095805][T12283] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  783.124623][T12505] input: syz1 as /devices/virtual/input/input36
[  783.127580][T12283] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  783.151280][T12283] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.198811][T12507] FAULT_INJECTION: forcing a failure.
[  783.198811][T12507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  783.221247][T12507] CPU: 1 UID: 0 PID: 12507 Comm: syz.3.1539 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  783.221279][T12507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  783.221293][T12507] Call Trace:
[  783.221302][T12507]  <TASK>
[  783.221312][T12507]  dump_stack_lvl+0x189/0x250
[  783.221343][T12507]  ? __pfx____ratelimit+0x10/0x10
[  783.221376][T12507]  ? __pfx_dump_stack_lvl+0x10/0x10
[  783.221401][T12507]  ? __pfx__printk+0x10/0x10
[  783.221428][T12507]  ? __might_fault+0xb0/0x130
[  783.221472][T12507]  should_fail_ex+0x414/0x560
[  783.221509][T12507]  _copy_from_user+0x2d/0xb0
[  783.221535][T12507]  input_event_from_user+0xb2/0x280
[  783.221568][T12507]  ? __pfx_input_event_from_user+0x10/0x10
[  783.221605][T12507]  ? input_event+0x8c/0xc0
[  783.221629][T12507]  uinput_write+0x279/0xfc0
[  783.221673][T12507]  ? __pfx_uinput_write+0x10/0x10
[  783.221705][T12507]  ? bpf_lsm_file_permission+0x9/0x20
[  783.221725][T12507]  ? security_file_permission+0x75/0x290
[  783.221758][T12507]  ? rw_verify_area+0x258/0x650
[  783.221786][T12507]  ? __pfx_uinput_write+0x10/0x10
[  783.221819][T12507]  vfs_write+0x27e/0xa90
[  783.221865][T12507]  ? __pfx_vfs_write+0x10/0x10
[  783.221896][T12507]  ? __fget_files+0x2a/0x420
[  783.221919][T12507]  ? __fget_files+0x2a/0x420
[  783.221937][T12507]  ? __fget_files+0x3a0/0x420
[  783.221955][T12507]  ? __fget_files+0x2a/0x420
[  783.221985][T12507]  ksys_write+0x145/0x250
[  783.222017][T12507]  ? __pfx_ksys_write+0x10/0x10
[  783.222052][T12507]  ? do_syscall_64+0xbe/0x3b0
[  783.222078][T12507]  do_syscall_64+0xfa/0x3b0
[  783.222097][T12507]  ? lockdep_hardirqs_on+0x9c/0x150
[  783.222128][T12507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  783.222149][T12507]  ? clear_bhb_loop+0x60/0xb0
[  783.222176][T12507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  783.222197][T12507] RIP: 0033:0x7fdf4958e929
[  783.222217][T12507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  783.222236][T12507] RSP: 002b:00007fdf4a449038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  783.222258][T12507] RAX: ffffffffffffffda RBX: 00007fdf497b6080 RCX: 00007fdf4958e929
[  783.222274][T12507] RDX: 0000000000006672 RSI: 0000200000000000 RDI: 0000000000000003
[  783.222288][T12507] RBP: 00007fdf4a449090 R08: 0000000000000000 R09: 0000000000000000
[  783.222302][T12507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  783.222314][T12507] R13: 0000000000000001 R14: 00007fdf497b6080 R15: 00007ffdda252b88
[  783.222348][T12507]  </TASK>
[  783.507895][T12509]  nullb0: AHDI p1
[  783.587111][T12510] sctp: [Deprecated]: syz.5.1540 (pid 12510) Use of struct sctp_assoc_value in delayed_ack socket option.
[  783.587111][T12510] Use struct sctp_sack_info instead
[  783.604058][   T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.607524][T12511] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1541'.
[  783.688884][   T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.745432][ T7540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.760585][ T7540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  783.797961][   T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  783.852825][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  783.867512][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  783.898633][   T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  785.023829][T12522] netlink: 'syz.3.1543': attribute type 4 has an invalid length.
[  785.660469][   T49] bridge_slave_1: left allmulticast mode
[  785.667530][   T49] bridge_slave_1: left promiscuous mode
[  785.705690][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  786.207249][   T49] bridge_slave_0: left allmulticast mode
[  786.227633][   T49] bridge_slave_0: left promiscuous mode
[  786.254628][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  786.572324][ T9644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  786.583274][ T9644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  786.591889][ T9644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  786.602836][ T9644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  786.610808][ T9644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  787.273026][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  787.284991][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  787.298224][   T49] bond0 (unregistering): Released all slaves
[  787.626044][   T49] hsr_slave_0: left promiscuous mode
[  787.632227][   T49] hsr_slave_1: left promiscuous mode
[  787.638413][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  787.648058][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  787.656761][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  787.668298][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  787.691021][   T49] veth1_macvtap: left promiscuous mode
[  787.696740][   T49] veth0_macvtap: left promiscuous mode
[  787.702657][   T49] veth1_vlan: left promiscuous mode
[  787.708030][   T49] veth0_vlan: left promiscuous mode
[  788.222424][   T49] team0 (unregistering): Port device team_slave_1 removed
[  788.277240][   T49] team0 (unregistering): Port device team_slave_0 removed
[  788.715365][ T9644] Bluetooth: hci0: command tx timeout
[  789.191737][ T9644] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  789.541272][   T24] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  789.840222][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  789.856269][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  789.866520][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  789.875334][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  789.887819][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  789.893829][   T24] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  789.914604][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.930502][   T24] usb 3-1: config 0 descriptor??
[  790.101397][ T5953] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  790.241380][ T5953] usb 6-1: device descriptor read/64, error -71
[  790.364294][T12528] chnl_net:caif_netlink_parms(): no params data found
[  790.481628][ T5953] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  790.616358][T12528] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.621534][ T5953] usb 6-1: device descriptor read/64, error -71
[  790.623953][T12528] bridge0: port 1(bridge_slave_0) entered disabled state
[  790.638060][T12528] bridge_slave_0: entered allmulticast mode
[  790.647157][T12528] bridge_slave_0: entered promiscuous mode
[  790.688383][T12528] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.699305][T12528] bridge0: port 2(bridge_slave_1) entered disabled state
[  790.709961][T12528] bridge_slave_1: entered allmulticast mode
[  790.725780][T12528] bridge_slave_1: entered promiscuous mode
[  790.747888][ T5953] usb usb6-port1: attempt power cycle
[  790.781744][ T9644] Bluetooth: hci0: command tx timeout
[  790.831018][T12528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  790.846204][T12528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  791.091323][ T5953] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  791.123810][ T5953] usb 6-1: device descriptor read/8, error -71
[  791.225486][T12563] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  791.272855][T12528] team0: Port device team_slave_0 added
[  791.391889][ T5953] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  791.476212][ T5953] usb 6-1: device descriptor read/8, error -71
[  791.547479][T12528] team0: Port device team_slave_1 added
[  791.595282][ T5953] usb usb6-port1: unable to enumerate USB device
[  791.664732][   T24] usb 3-1: Cannot set autoneg
[  791.679858][   T24] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  791.698022][   T24] usb 3-1: USB disconnect, device number 49
[  791.753231][T12528] batman_adv: batadv0: Adding interface: batadv_slave_0
[  791.760254][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  791.815467][T12528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  791.834659][T12528] batman_adv: batadv0: Adding interface: batadv_slave_1
[  791.847867][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  791.879929][T12528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  791.939578][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  791.969587][T12548] chnl_net:caif_netlink_parms(): no params data found
[  791.981472][ T9644] Bluetooth: hci4: command tx timeout
[  792.031822][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  792.109111][T12528] hsr_slave_0: entered promiscuous mode
[  792.117221][T12528] hsr_slave_1: entered promiscuous mode
[  792.125659][T12528] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  792.133667][T12528] Cannot create hsr debugfs directory
[  792.356440][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.193231][ T9644] Bluetooth: hci0: command tx timeout
[  793.954966][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  794.065915][ T9644] Bluetooth: hci4: command tx timeout
[  794.107092][T12548] bridge0: port 1(bridge_slave_0) entered blocking state
[  794.115835][T12548] bridge0: port 1(bridge_slave_0) entered disabled state
[  794.129867][T12548] bridge_slave_0: entered allmulticast mode
[  794.138020][T12596] netlink: 'syz.3.1561': attribute type 2 has an invalid length.
[  794.141882][T12548] bridge_slave_0: entered promiscuous mode
[  794.148504][T12596] netlink: 'syz.3.1561': attribute type 2 has an invalid length.
[  794.205099][T12548] bridge0: port 2(bridge_slave_1) entered blocking state
[  794.235699][T12548] bridge0: port 2(bridge_slave_1) entered disabled state
[  794.262669][T12548] bridge_slave_1: entered allmulticast mode
[  794.284317][T12548] bridge_slave_1: entered promiscuous mode
[  795.276818][ T9644] Bluetooth: hci0: command tx timeout
[  795.882769][T12548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  795.896372][T12548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  795.957945][T12605] tun0: tun_chr_ioctl cmd 1074025681
[  796.151388][ T9644] Bluetooth: hci4: command tx timeout
[  796.603077][T12548] team0: Port device team_slave_0 added
[  796.649849][T12548] team0: Port device team_slave_1 added
[  797.578473][T12548] batman_adv: batadv0: Adding interface: batadv_slave_0
[  797.686577][T12548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  797.713056][T12548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  797.726184][T12548] batman_adv: batadv0: Adding interface: batadv_slave_1
[  797.733374][T12548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  797.759818][T12548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  797.890581][T12548] hsr_slave_0: entered promiscuous mode
[  798.046399][T12548] hsr_slave_1: entered promiscuous mode
[  798.150937][T12548] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  798.221293][ T9644] Bluetooth: hci4: command tx timeout
[  798.233651][T12548] Cannot create hsr debugfs directory
[  798.353392][   T49] bridge_slave_1: left allmulticast mode
[  798.411259][   T49] bridge_slave_1: left promiscuous mode
[  798.417166][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  798.471651][T12634] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  799.215142][   T49] bridge_slave_0: left allmulticast mode
[  799.220865][   T49] bridge_slave_0: left promiscuous mode
[  799.231374][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  800.588639][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  800.600142][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  800.610851][   T49] bond0 (unregistering): Released all slaves
[  800.643572][T12637] FAULT_INJECTION: forcing a failure.
[  800.643572][T12637] name failslab, interval 1, probability 0, space 0, times 0
[  800.656569][T12637] CPU: 0 UID: 0 PID: 12637 Comm: syz.5.1574 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  800.656617][T12637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  800.656627][T12637] Call Trace:
[  800.656635][T12637]  <TASK>
[  800.656642][T12637]  dump_stack_lvl+0x189/0x250
[  800.656664][T12637]  ? __pfx____ratelimit+0x10/0x10
[  800.656688][T12637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  800.656704][T12637]  ? __pfx__printk+0x10/0x10
[  800.656729][T12637]  ? __pfx___might_resched+0x10/0x10
[  800.656744][T12637]  ? fs_reclaim_acquire+0x7d/0x100
[  800.656763][T12637]  should_fail_ex+0x414/0x560
[  800.656788][T12637]  ? alloc_netdev_mqs+0xa6/0x11e0
[  800.656808][T12637]  should_failslab+0xa8/0x100
[  800.656832][T12637]  __kvmalloc_node_noprof+0x161/0x5f0
[  800.656855][T12637]  ? alloc_netdev_mqs+0xa6/0x11e0
[  800.656874][T12637]  ? snprintf+0xda/0x120
[  800.656894][T12637]  ? __pfx_macvlan_setup+0x10/0x10
[  800.656915][T12637]  alloc_netdev_mqs+0xa6/0x11e0
[  800.656935][T12637]  ? __pfx_macvlan_setup+0x10/0x10
[  800.656956][T12637]  ? __pfx_snprintf+0x10/0x10
[  800.656978][T12637]  rtnl_create_link+0x31f/0xd10
[  800.657006][T12637]  rtnl_newlink_create+0x25c/0xb00
[  800.657028][T12637]  ? __mutex_lock+0x51b/0xe80
[  800.657047][T12637]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  800.657063][T12637]  ? rtnl_newlink+0x8db/0x1c70
[  800.657086][T12637]  ? __pfx___mutex_lock+0x10/0x10
[  800.657109][T12637]  ? ns_capable+0x8a/0xf0
[  800.657128][T12637]  rtnl_newlink+0x16d6/0x1c70
[  800.657145][T12637]  ? netlink_sendmsg+0x805/0xb30
[  800.657174][T12637]  ? __pfx_rtnl_newlink+0x10/0x10
[  800.657214][T12637]  ? kasan_quarantine_put+0xdd/0x220
[  800.657233][T12637]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.657261][T12637]  ? nlmon_xmit+0xb0/0x100
[  800.657274][T12637]  ? kmem_cache_free+0x18f/0x400
[  800.657302][T12637]  ? __local_bh_enable_ip+0x12d/0x1c0
[  800.657318][T12637]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.657341][T12637]  ? __local_bh_enable_ip+0x12d/0x1c0
[  800.657357][T12637]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  800.657375][T12637]  ? __dev_queue_xmit+0x27e/0x3a70
[  800.657396][T12637]  ? __dev_queue_xmit+0x27e/0x3a70
[  800.657415][T12637]  ? __dev_queue_xmit+0x27e/0x3a70
[  800.657442][T12637]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  800.657467][T12637]  ? __lock_acquire+0xab9/0xd20
[  800.657510][T12637]  ? __pfx_rtnl_newlink+0x10/0x10
[  800.657532][T12637]  rtnetlink_rcv_msg+0x7cf/0xb70
[  800.657559][T12637]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  800.657581][T12637]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  800.657600][T12637]  ? ref_tracker_free+0x63a/0x7d0
[  800.657631][T12637]  ? __copy_skb_header+0xa7/0x550
[  800.657653][T12637]  ? __pfx_ref_tracker_free+0x10/0x10
[  800.657675][T12637]  ? __skb_clone+0x63/0x7a0
[  800.657701][T12637]  netlink_rcv_skb+0x208/0x470
[  800.657720][T12637]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  800.657743][T12637]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  800.657772][T12637]  ? netlink_deliver_tap+0x2e/0x1b0
[  800.657789][T12637]  ? netlink_deliver_tap+0x2e/0x1b0
[  800.657811][T12637]  netlink_unicast+0x759/0x8e0
[  800.657836][T12637]  netlink_sendmsg+0x805/0xb30
[  800.657862][T12637]  ? __pfx_netlink_sendmsg+0x10/0x10
[  800.657888][T12637]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  800.657909][T12637]  ? __pfx_netlink_sendmsg+0x10/0x10
[  800.657927][T12637]  __sock_sendmsg+0x219/0x270
[  800.657956][T12637]  ____sys_sendmsg+0x505/0x830
[  800.657980][T12637]  ? __pfx_____sys_sendmsg+0x10/0x10
[  800.658007][T12637]  ? import_iovec+0x74/0xa0
[  800.658031][T12637]  ___sys_sendmsg+0x21f/0x2a0
[  800.658053][T12637]  ? __pfx____sys_sendmsg+0x10/0x10
[  800.658102][T12637]  ? __fget_files+0x2a/0x420
[  800.658115][T12637]  ? __fget_files+0x3a0/0x420
[  800.658138][T12637]  __x64_sys_sendmsg+0x19b/0x260
[  800.658160][T12637]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  800.658188][T12637]  ? __pfx_ksys_write+0x10/0x10
[  800.658211][T12637]  ? rcu_is_watching+0x15/0xb0
[  800.658233][T12637]  ? do_syscall_64+0xbe/0x3b0
[  800.658250][T12637]  do_syscall_64+0xfa/0x3b0
[  800.658263][T12637]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.658285][T12637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.658299][T12637]  ? clear_bhb_loop+0x60/0xb0
[  800.658318][T12637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.658332][T12637] RIP: 0033:0x7f537c38e929
[  800.658346][T12637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.658359][T12637] RSP: 002b:00007f537d1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  800.658375][T12637] RAX: ffffffffffffffda RBX: 00007f537c5b5fa0 RCX: 00007f537c38e929
[  800.658387][T12637] RDX: 0000000004000894 RSI: 0000200000000240 RDI: 0000000000000004
[  800.658396][T12637] RBP: 00007f537d1fe090 R08: 0000000000000000 R09: 0000000000000000
[  800.658405][T12637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  800.658414][T12637] R13: 0000000000000000 R14: 00007f537c5b5fa0 R15: 00007fff664a09b8
[  800.658438][T12637]  </TASK>
[  801.660475][   T49] hsr_slave_0: left promiscuous mode
[  801.677630][   T49] hsr_slave_1: left promiscuous mode
[  801.702291][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  801.709754][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  801.745587][T12657] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  801.749661][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  801.762680][T12657] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  801.772628][T12657] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  801.791904][T12657] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  801.794151][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  801.863669][   T49] veth1_macvtap: left promiscuous mode
[  801.869412][   T49] veth0_macvtap: left promiscuous mode
[  801.879048][   T49] veth1_vlan: left promiscuous mode
[  801.885975][   T49] veth0_vlan: left promiscuous mode
[  803.268513][   T49] team0 (unregistering): Port device team_slave_1 removed
[  803.435693][   T49] team0 (unregistering): Port device team_slave_0 removed
[  804.252312][T11215] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  804.415614][T11215] usb 4-1: Using ep0 maxpacket: 16
[  804.423844][T11215] usb 4-1: config 252 has an invalid interface number: 15 but max is 0
[  804.436196][T11215] usb 4-1: config 252 has no interface number 0
[  804.454474][T11215] usb 4-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  804.479590][T11215] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  804.488961][T11215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.497406][T11215] usb 4-1: Product: syz
[  804.514166][T11215] usb 4-1: Manufacturer: syz
[  804.521457][T11215] usb 4-1: SerialNumber: syz
[  804.631661][T11215] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  805.032666][T11214] usb 4-1: USB disconnect, device number 31
[  805.042064][   T13] usb 4-1: Failed to submit usb control message: -71
[  805.049242][   T13] usb 4-1: unable to send the bmi data to the device: -71
[  805.057617][   T13] usb 4-1: unable to get target info from device
[  805.065457][   T13] usb 4-1: could not get target info (-71)
[  805.082843][   T13] usb 4-1: could not probe fw (-71)
[  805.221273][T11215] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  805.394234][T11215] usb 6-1: Using ep0 maxpacket: 32
[  805.653722][T12528] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  806.448418][T12528] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  806.481555][T12528] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  806.649419][T12528] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  806.724696][T12692] FAULT_INJECTION: forcing a failure.
[  806.724696][T12692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  806.738178][T12692] CPU: 1 UID: 0 PID: 12692 Comm: syz.2.1587 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  806.738207][T12692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  806.738221][T12692] Call Trace:
[  806.738231][T12692]  <TASK>
[  806.738241][T12692]  dump_stack_lvl+0x189/0x250
[  806.738271][T12692]  ? __pfx____ratelimit+0x10/0x10
[  806.738313][T12692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  806.738337][T12692]  ? __pfx__printk+0x10/0x10
[  806.738365][T12692]  ? __might_fault+0xb0/0x130
[  806.738409][T12692]  should_fail_ex+0x414/0x560
[  806.738446][T12692]  _copy_from_user+0x2d/0xb0
[  806.738472][T12692]  ucma_query+0xe0/0x1280
[  806.738510][T12692]  ? __lock_acquire+0xab9/0xd20
[  806.738531][T12692]  ? __pfx_ucma_query+0x10/0x10
[  806.738576][T12692]  ? is_bpf_text_address+0x26/0x2b0
[  806.738611][T12692]  ? __lock_acquire+0xab9/0xd20
[  806.738652][T12692]  ? __lock_acquire+0xab9/0xd20
[  806.738686][T12692]  ? __might_fault+0xb0/0x130
[  806.738740][T12692]  ucma_write+0x246/0x2e0
[  806.738767][T12692]  ? __pfx_ucma_write+0x10/0x10
[  806.738790][T12692]  ? security_file_permission+0x75/0x290
[  806.738824][T12692]  ? rw_verify_area+0x258/0x650
[  806.738852][T12692]  ? __pfx_ucma_write+0x10/0x10
[  806.738877][T12692]  vfs_write+0x27e/0xa90
[  806.738915][T12692]  ? __pfx_vfs_write+0x10/0x10
[  806.738946][T12692]  ? __fget_files+0x2a/0x420
[  806.738968][T12692]  ? __fget_files+0x2a/0x420
[  806.738986][T12692]  ? __fget_files+0x3a0/0x420
[  806.739004][T12692]  ? __fget_files+0x2a/0x420
[  806.739034][T12692]  ksys_write+0x145/0x250
[  806.739065][T12692]  ? __pfx_ksys_write+0x10/0x10
[  806.739092][T12692]  ? rcu_is_watching+0x15/0xb0
[  806.739125][T12692]  ? do_syscall_64+0xbe/0x3b0
[  806.739151][T12692]  do_syscall_64+0xfa/0x3b0
[  806.739169][T12692]  ? lockdep_hardirqs_on+0x9c/0x150
[  806.739200][T12692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.739222][T12692]  ? clear_bhb_loop+0x60/0xb0
[  806.739248][T12692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.739267][T12692] RIP: 0033:0x7f752998e929
[  806.739286][T12692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  806.739311][T12692] RSP: 002b:00007f752a81c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  806.739339][T12692] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998e929
[  806.739356][T12692] RDX: 0000000000000018 RSI: 0000200000000000 RDI: 0000000000000003
[  806.739370][T12692] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000
[  806.739383][T12692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  806.739396][T12692] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918
[  806.739429][T12692]  </TASK>
[  807.028579][T12677] cgroup: fork rejected by pids controller in /syz5
[  807.215020][T12548] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  807.256942][T13316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  807.294379][T12548] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  807.353323][T13316] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1588'.
[  807.398297][T12548] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  807.425818][T12548] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  807.895722][T12528] 8021q: adding VLAN 0 to HW filter on device bond0
[  808.392101][T12528] 8021q: adding VLAN 0 to HW filter on device team0
[  808.446022][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  808.453225][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  808.476433][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  808.483734][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  808.545859][T11215] usb 6-1: unable to get BOS descriptor or descriptor too short
[  808.591250][T11215] usb 6-1: unable to read config index 0 descriptor/start: -71
[  808.629567][T11215] usb 6-1: can't read configurations, error -71
[  808.668656][T12548] 8021q: adding VLAN 0 to HW filter on device bond0
[  808.905594][T12548] 8021q: adding VLAN 0 to HW filter on device team0
[  808.968252][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.974718][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  808.991166][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state
[  808.998349][ T5986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  809.054271][ T5986] bridge0: port 2(bridge_slave_1) entered blocking state
[  809.061544][ T5986] bridge0: port 2(bridge_slave_1) entered forwarding state
[  810.399211][T12528] 8021q: adding VLAN 0 to HW filter on device batadv0
[  810.484785][T14243] Bluetooth: MGMT ver 1.23
[  810.537786][T12528] veth0_vlan: entered promiscuous mode
[  810.551939][T11215] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  810.568466][T12528] veth1_vlan: entered promiscuous mode
[  810.639716][T12528] veth0_macvtap: entered promiscuous mode
[  810.657138][T12528] veth1_macvtap: entered promiscuous mode
[  810.697339][T12528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  810.729239][T12528] batman_adv: batadv0: Interface activated: batadv_slave_1
[  810.753002][T12528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  810.766338][T12528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  810.778874][T12528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  810.793341][T12528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  810.824405][T12548] 8021q: adding VLAN 0 to HW filter on device batadv0
[  810.851805][T11215] usb 6-1: Using ep0 maxpacket: 32
[  811.393014][T11215] usb 6-1: unable to get BOS descriptor or descriptor too short
[  811.416163][T11215] usb 6-1: config 12 has an invalid interface number: 184 but max is 0
[  811.425738][T11215] usb 6-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config
[  811.436548][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  811.445736][T11215] usb 6-1: config 12 has no interface number 0
[  811.453680][T11215] usb 6-1: config 12 interface 184 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  811.470026][T11215] usb 6-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2
[  811.471312][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  811.600026][T11215] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.608223][T11215] usb 6-1: Product: syz
[  811.608494][T14253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1599'.
[  811.631304][T11215] usb 6-1: Manufacturer: syz
[  811.636005][T11215] usb 6-1: SerialNumber: syz
[  811.665989][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  811.685146][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  811.780044][T12548] veth0_vlan: entered promiscuous mode
[  811.805416][T12548] veth1_vlan: entered promiscuous mode
[  811.873720][T12548] veth0_macvtap: entered promiscuous mode
[  811.900877][T12548] veth1_macvtap: entered promiscuous mode
[  811.938931][T12548] batman_adv: batadv0: Interface activated: batadv_slave_0
[  811.986787][T12548] batman_adv: batadv0: Interface activated: batadv_slave_1
[  812.096519][T12548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  812.113517][T12548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  812.126095][T12548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  812.140094][T12548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  812.217557][T11215] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  812.270833][T11215] snd-usb-audio 6-1:12.184: probe with driver snd-usb-audio failed with error -2
[  812.283031][T11215] usb 6-1: USB disconnect, device number 32
[  812.426225][T11969] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.663740][T11969] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.767004][T11969] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.791628][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  812.799906][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  812.835318][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  812.846511][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  813.061081][T11969] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.534549][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  813.546360][T14270] UDF-fs: Scanning with blocksize 512 failed
[  813.610310][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  813.618650][T14270] UDF-fs: Scanning with blocksize 1024 failed
[  813.661410][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  813.669474][T14270] UDF-fs: Scanning with blocksize 2048 failed
[  813.693752][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  813.701868][T14270] UDF-fs: Scanning with blocksize 4096 failed
[  814.269018][T11969] bridge_slave_1: left allmulticast mode
[  814.294369][T11969] bridge_slave_1: left promiscuous mode
[  814.300246][T11969] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.354864][T11969] bridge_slave_0: left allmulticast mode
[  814.360601][T11969] bridge_slave_0: left promiscuous mode
[  814.389485][T11969] bridge0: port 1(bridge_slave_0) entered disabled state
[  815.180715][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  815.201634][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  815.210472][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  815.218867][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  815.226740][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  815.600461][T11969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  815.611821][T11969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  815.622264][T11969] bond0 (unregistering): Released all slaves
[  815.905112][T14277] chnl_net:caif_netlink_parms(): no params data found
[  815.959556][T11969] hsr_slave_0: left promiscuous mode
[  815.965799][T11969] hsr_slave_1: left promiscuous mode
[  815.972295][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  815.979782][T11969] batman_adv: batadv0: Removing interface: batadv_slave_0
[  815.988657][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  815.997555][T11969] batman_adv: batadv0: Removing interface: batadv_slave_1
[  816.019994][T11969] veth1_macvtap: left promiscuous mode
[  816.025740][T11969] veth0_macvtap: left promiscuous mode
[  816.031545][T11969] veth1_vlan: left promiscuous mode
[  816.036934][T11969] veth0_vlan: left promiscuous mode
[  817.263191][ T5846] Bluetooth: hci0: command tx timeout
[  818.068217][T14295] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  818.629053][T14302] sctp: [Deprecated]: syz.5.1610 (pid 14302) Use of struct sctp_assoc_value in delayed_ack socket option.
[  818.629053][T14302] Use struct sctp_sack_info instead
[  819.381496][ T5846] Bluetooth: hci0: command tx timeout
[  819.614806][T11969] team0 (unregistering): Port device team_slave_1 removed
[  819.619903][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  819.637590][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  819.648003][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  819.656429][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  819.664341][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  819.677480][T14318] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  819.820193][T11969] team0 (unregistering): Port device team_slave_0 removed
[  820.670496][T14277] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.677960][T14277] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.687751][T14277] bridge_slave_0: entered allmulticast mode
[  820.695152][T14277] bridge_slave_0: entered promiscuous mode
[  820.707635][T14277] bridge0: port 2(bridge_slave_1) entered blocking state
[  820.716241][T14277] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.723712][T14277] bridge_slave_1: entered allmulticast mode
[  820.731576][T14277] bridge_slave_1: entered promiscuous mode
[  820.815063][T14277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  820.828445][T14277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  820.870100][T14277] team0: Port device team_slave_0 added
[  820.879655][T14277] team0: Port device team_slave_1 added
[  820.918619][T14277] batman_adv: batadv0: Adding interface: batadv_slave_0
[  820.925943][T14277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.953691][T14277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  820.969061][T14277] batman_adv: batadv0: Adding interface: batadv_slave_1
[  820.976185][T14277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  821.002167][T14277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  821.052803][T14277] hsr_slave_0: entered promiscuous mode
[  821.059282][T14277] hsr_slave_1: entered promiscuous mode
[  821.065619][T14277] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  821.074090][T14277] Cannot create hsr debugfs directory
[  821.115148][T11969] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  821.193125][T11969] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  821.270747][T11969] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  821.365913][T11969] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  821.421457][ T9644] Bluetooth: hci0: command tx timeout
[  821.509766][T11969] bridge_slave_1: left allmulticast mode
[  821.518398][T11969] bridge_slave_1: left promiscuous mode
[  821.528054][T11969] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.539051][T11969] bridge_slave_0: left allmulticast mode
[  821.545212][T11969] bridge_slave_0: left promiscuous mode
[  821.550977][T11969] bridge0: port 1(bridge_slave_0) entered disabled state
[  822.311172][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  822.324984][T14341] UDF-fs: Scanning with blocksize 512 failed
[  822.362717][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  822.370669][T14341] UDF-fs: Scanning with blocksize 1024 failed
[  822.396365][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  822.405887][T14341] UDF-fs: Scanning with blocksize 2048 failed
[  822.424486][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  822.432523][T14341] UDF-fs: Scanning with blocksize 4096 failed
[  822.681553][ T5843] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  822.871510][ T5843] usb 3-1: Using ep0 maxpacket: 8
[  822.894562][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  822.913192][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  822.945350][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  822.981389][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  823.011170][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  823.052780][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  823.064688][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  823.107430][T14347] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1619'.
[  823.121690][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  823.145761][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  823.948649][T11969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  823.960514][ T9644] Bluetooth: hci0: command tx timeout
[  823.970717][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  823.980367][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  823.998901][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  824.006687][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  824.007135][T11969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  824.015527][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  824.034164][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  824.046047][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  824.054182][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  824.067722][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  824.078614][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  824.087950][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  824.090411][T11969] bond0 (unregistering): Released all slaves
[  824.106247][ T5843] usb 3-1: string descriptor 0 read error: -22
[  824.123600][ T5843] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  824.135442][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.159661][ T5843] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  824.433444][ T5843] usb 3-1: USB disconnect, device number 50
[  824.466312][T14347] team0 (unregistering): Port device team_slave_0 removed
[  824.501629][T14347] team0 (unregistering): Port device team_slave_1 removed
[  824.961755][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  824.969464][T14359] UDF-fs: Scanning with blocksize 512 failed
[  824.991573][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  824.999332][T14359] UDF-fs: Scanning with blocksize 1024 failed
[  825.031412][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  825.039173][T14359] UDF-fs: Scanning with blocksize 2048 failed
[  825.059820][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  825.067765][T14359] UDF-fs: Scanning with blocksize 4096 failed
[  825.555060][T11969] hsr_slave_0: left promiscuous mode
[  825.563608][T11969] hsr_slave_1: left promiscuous mode
[  825.572598][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  825.580189][T11969] batman_adv: batadv0: Removing interface: batadv_slave_0
[  825.592144][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  825.599626][T11969] batman_adv: batadv0: Removing interface: batadv_slave_1
[  825.628544][T11969] veth1_macvtap: left promiscuous mode
[  825.638504][T11969] veth0_macvtap: left promiscuous mode
[  825.648044][T11969] veth1_vlan: left promiscuous mode
[  825.654716][T11969] veth0_vlan: left promiscuous mode
[  826.143392][ T5846] Bluetooth: hci4: command tx timeout
[  826.611440][ T5953] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  826.797209][ T5953] usb 6-1: Using ep0 maxpacket: 32
[  826.841731][ T5953] usb 6-1: config 8 has an invalid interface number: 203 but max is 0
[  826.849969][ T5953] usb 6-1: config 8 has no interface number 0
[  826.858144][ T5953] usb 6-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  826.879083][ T5953] usb 6-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  826.889415][ T5953] usb 6-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  826.912886][ T5953] usb 6-1: config 8 interface 203 has no altsetting 0
[  826.928691][ T5953] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  826.941076][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  826.949213][ T5953] usb 6-1: Product: syz
[  826.959664][ T5953] usb 6-1: Manufacturer: syz
[  826.964628][ T5953] usb 6-1: SerialNumber: syz
[  826.984205][T14373] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  826.991832][T14373] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  827.027508][T11969] team0 (unregistering): Port device team_slave_1 removed
[  827.084811][T11969] team0 (unregistering): Port device team_slave_0 removed
[  827.400307][T14374] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1623'.
[  828.227466][ T5846] Bluetooth: hci4: command tx timeout
[  828.366107][T14362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1621'.
[  828.560130][T14277] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  828.630567][T14277] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  828.763106][T14277] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  828.808679][T14277] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  829.026851][T14352] chnl_net:caif_netlink_parms(): no params data found
[  829.239398][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  829.247245][T14404] UDF-fs: Scanning with blocksize 512 failed
[  829.263564][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  829.271257][T14404] UDF-fs: Scanning with blocksize 1024 failed
[  829.282386][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  829.290174][T14404] UDF-fs: Scanning with blocksize 2048 failed
[  829.298513][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  829.306245][T14404] UDF-fs: Scanning with blocksize 4096 failed
[  829.818293][    C1] port100 6-1:8.203: NFC: Urb failure (status -71)
[  829.824951][    C1] port100 6-1:8.203: NFC: Urb failure (status -71)
[  829.848081][ T5953] port100 6-1:8.203: NFC: Could not get supported command types
[  829.866715][ T5953] usb 6-1: USB disconnect, device number 33
[  829.944169][T14352] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.125738][T14352] bridge0: port 1(bridge_slave_0) entered disabled state
[  830.206041][T14352] bridge_slave_0: entered allmulticast mode
[  830.315943][ T5846] Bluetooth: hci4: command tx timeout
[  830.339011][T14352] bridge_slave_0: entered promiscuous mode
[  830.934372][T14352] bridge0: port 2(bridge_slave_1) entered blocking state
[  830.974609][T14352] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.012286][T14352] bridge_slave_1: entered allmulticast mode
[  832.039623][T14352] bridge_slave_1: entered promiscuous mode
[  832.170001][T14414] fuse: Bad value for 'fd'
[  832.226210][T14277] 8021q: adding VLAN 0 to HW filter on device bond0
[  832.237584][T14352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  832.464074][T14352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  832.481318][ T5846] Bluetooth: hci4: command tx timeout
[  832.889526][ T6244] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  832.907548][T14277] 8021q: adding VLAN 0 to HW filter on device team0
[  832.937893][T14352] team0: Port device team_slave_0 added
[  832.957860][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  832.965100][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  832.978330][T14352] team0: Port device team_slave_1 added
[  833.038719][T14352] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.045968][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.077189][T14352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.124240][T14352] batman_adv: batadv0: Adding interface: batadv_slave_1
[  833.135612][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.177098][ T6244] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  833.185774][ T6244] usb 3-1: config 0 has no interface number 0
[  833.194347][ T6244] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  833.196910][T14352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  833.203688][ T6244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.203717][ T6244] usb 3-1: Product: syz
[  833.203733][ T6244] usb 3-1: Manufacturer: syz
[  833.203749][ T6244] usb 3-1: SerialNumber: syz
[  833.207099][ T6244] usb 3-1: config 0 descriptor??
[  833.248084][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  833.255375][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  833.347690][T14352] hsr_slave_0: entered promiscuous mode
[  833.357169][T14352] hsr_slave_1: entered promiscuous mode
[  833.363967][T14352] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  833.371932][T14352] Cannot create hsr debugfs directory
[  833.458695][T14431] sctp: [Deprecated]: syz.3.1634 (pid 14431) Use of struct sctp_assoc_value in delayed_ack socket option.
[  833.458695][T14431] Use struct sctp_sack_info instead
[  833.461950][T14412] 9pnet_virtio: no channels available for device syz
[  833.785350][T14277] 8021q: adding VLAN 0 to HW filter on device batadv0
[  833.878631][T14277] veth0_vlan: entered promiscuous mode
[  833.897323][T14277] veth1_vlan: entered promiscuous mode
[  833.945889][T14277] veth0_macvtap: entered promiscuous mode
[  833.963652][T14277] veth1_macvtap: entered promiscuous mode
[  834.041444][ T6244] usb 3-1: Firmware version (0.0) predates our first public release.
[  834.055587][ T6244] usb 3-1: Please update to version 0.2 or newer
[  834.069118][T14277] batman_adv: batadv0: Interface activated: batadv_slave_0
[  834.120266][T14277] batman_adv: batadv0: Interface activated: batadv_slave_1
[  834.135873][ T6244] usb 3-1: USB disconnect, device number 51
[  834.180398][T14352] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  834.226733][T14352] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  834.262093][T14352] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  834.273711][T14352] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  834.362609][T14277] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.377710][T14277] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  834.387188][T14277] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  834.400568][T14277] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  835.057033][ T5846] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  835.189299][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.367019][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.530960][ T5987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.564221][ T5987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.815980][T14352] 8021q: adding VLAN 0 to HW filter on device bond0
[  836.519552][T14352] 8021q: adding VLAN 0 to HW filter on device team0
[  836.908569][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  836.958123][T14462] UDF-fs: Scanning with blocksize 512 failed
[  836.979598][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  837.087416][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  837.094616][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  837.145617][T14462] UDF-fs: Scanning with blocksize 1024 failed
[  837.145946][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.159197][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state
[  837.200119][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  837.221291][T14462] UDF-fs: Scanning with blocksize 2048 failed
[  837.233576][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  837.248528][T14462] UDF-fs: Scanning with blocksize 4096 failed
[  837.608596][T14352] 8021q: adding VLAN 0 to HW filter on device batadv0
[  838.158389][T14352] veth0_vlan: entered promiscuous mode
[  838.274497][T14352] veth1_vlan: entered promiscuous mode
[  838.396953][T14352] veth0_macvtap: entered promiscuous mode
[  838.503891][T14352] veth1_macvtap: entered promiscuous mode
[  838.669797][T14352] batman_adv: batadv0: Interface activated: batadv_slave_0
[  838.682022][T14352] batman_adv: batadv0: Interface activated: batadv_slave_1
[  838.694574][T14352] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  838.703794][T14352] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  838.716261][T14352] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  838.734412][T14352] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  839.626744][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.639360][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.708486][ T8998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  839.726850][ T8998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  839.755880][T14495] sctp: [Deprecated]: syz.3.1645 (pid 14495) Use of struct sctp_assoc_value in delayed_ack socket option.
[  839.755880][T14495] Use struct sctp_sack_info instead
[  839.972534][ T5953] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  840.019878][ T7540] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.143840][ T5953] usb 3-1: Using ep0 maxpacket: 32
[  840.172047][ T5953] usb 3-1: config 8 has an invalid interface number: 203 but max is 0
[  840.193513][ T5953] usb 3-1: config 8 has no interface number 0
[  840.200307][ T5953] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  840.204077][ T7540] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.231238][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  840.242013][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  840.277824][ T5953] usb 3-1: config 8 interface 203 has no altsetting 0
[  840.305643][ T5953] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  840.314956][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.323813][ T5953] usb 3-1: Product: syz
[  840.328130][ T5953] usb 3-1: Manufacturer: syz
[  840.339492][ T5953] usb 3-1: SerialNumber: syz
[  840.377979][T14492] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  840.425890][ T7540] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.438765][T14492] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  840.575885][ T7540] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.863767][T14497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'.
[  841.442491][ T7540] bridge_slave_1: left allmulticast mode
[  841.468880][ T7540] bridge_slave_1: left promiscuous mode
[  841.496719][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.608289][T14502] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  842.093894][ T7540] bridge_slave_0: left allmulticast mode
[  842.121570][ T7540] bridge_slave_0: left promiscuous mode
[  842.142061][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state
[  842.695843][ T9644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  842.709332][ T9644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  842.731714][ T9644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  842.749291][ T9644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  842.766508][ T9644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  843.004960][ T7540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  843.016695][ T7540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  843.028521][ T7540] bond0 (unregistering): Released all slaves
[  843.075812][    C1] port100 3-1:8.203: NFC: Urb failure (status -71)
[  843.082430][    C1] port100 3-1:8.203: NFC: Urb failure (status -71)
[  843.089447][ T5953] port100 3-1:8.203: NFC: Could not get supported command types
[  843.111762][ T5953] usb 3-1: USB disconnect, device number 52
[  843.378230][T14503] chnl_net:caif_netlink_parms(): no params data found
[  843.427246][ T7540] hsr_slave_0: left promiscuous mode
[  843.435136][ T7540] hsr_slave_1: left promiscuous mode
[  843.441049][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  843.449646][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_0
[  843.458470][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  843.466686][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_1
[  843.490055][ T7540] veth1_macvtap: left promiscuous mode
[  843.495832][ T7540] veth0_macvtap: left promiscuous mode
[  843.502535][ T7540] veth1_vlan: left promiscuous mode
[  843.508748][ T7540] veth0_vlan: left promiscuous mode
[  844.026456][ T7540] team0 (unregistering): Port device team_slave_1 removed
[  844.079035][ T7540] team0 (unregistering): Port device team_slave_0 removed
[  844.982594][ T9644] Bluetooth: hci0: command tx timeout
[  845.986803][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  846.000723][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  846.015753][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  846.030129][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  846.042625][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  847.031424][ T5846] Bluetooth: hci0: command tx timeout
[  847.967275][T14503] bridge0: port 1(bridge_slave_0) entered blocking state
[  847.981412][T14503] bridge0: port 1(bridge_slave_0) entered disabled state
[  847.988813][T14503] bridge_slave_0: entered allmulticast mode
[  847.998624][T14542] FAULT_INJECTION: forcing a failure.
[  847.998624][T14542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  848.033142][T14503] bridge_slave_0: entered promiscuous mode
[  848.040649][T14542] CPU: 0 UID: 0 PID: 14542 Comm: syz.2.1655 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  848.040682][T14542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  848.040696][T14542] Call Trace:
[  848.040705][T14542]  <TASK>
[  848.040715][T14542]  dump_stack_lvl+0x189/0x250
[  848.040745][T14542]  ? __pfx____ratelimit+0x10/0x10
[  848.040779][T14542]  ? __pfx_dump_stack_lvl+0x10/0x10
[  848.040803][T14542]  ? __pfx__printk+0x10/0x10
[  848.040845][T14542]  should_fail_ex+0x414/0x560
[  848.040881][T14542]  _copy_to_user+0x31/0xb0
[  848.040909][T14542]  simple_read_from_buffer+0xe1/0x170
[  848.040948][T14542]  proc_fail_nth_read+0x1df/0x250
[  848.040974][T14542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  848.041000][T14542]  ? rw_verify_area+0x258/0x650
[  848.041027][T14542]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  848.041051][T14542]  vfs_read+0x200/0x980
[  848.041090][T14542]  ? __pfx___mutex_lock+0x10/0x10
[  848.041110][T14542]  ? __pfx_vfs_read+0x10/0x10
[  848.041154][T14542]  ? __fget_files+0x2a/0x420
[  848.041179][T14542]  ? __fget_files+0x3a0/0x420
[  848.041196][T14542]  ? __fget_files+0x2a/0x420
[  848.041225][T14542]  ksys_read+0x145/0x250
[  848.041255][T14542]  ? __pfx_ksys_read+0x10/0x10
[  848.041280][T14542]  ? rcu_is_watching+0x15/0xb0
[  848.041310][T14542]  ? do_syscall_64+0xbe/0x3b0
[  848.041334][T14542]  do_syscall_64+0xfa/0x3b0
[  848.041352][T14542]  ? lockdep_hardirqs_on+0x9c/0x150
[  848.041382][T14542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.041403][T14542]  ? clear_bhb_loop+0x60/0xb0
[  848.041428][T14542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.041448][T14542] RIP: 0033:0x7f752998d33c
[  848.041467][T14542] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  848.041485][T14542] RSP: 002b:00007f752a81c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  848.041508][T14542] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998d33c
[  848.041524][T14542] RDX: 000000000000000f RSI: 00007f752a81c0a0 RDI: 0000000000000006
[  848.041537][T14542] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000
[  848.041551][T14542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.041564][T14542] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918
[  848.041598][T14542]  </TASK>
[  848.359036][T14503] bridge0: port 2(bridge_slave_1) entered blocking state
[  848.366488][T14503] bridge0: port 2(bridge_slave_1) entered disabled state
[  848.373823][T14503] bridge_slave_1: entered allmulticast mode
[  848.381242][ T5846] Bluetooth: hci4: command tx timeout
[  848.388260][T14503] bridge_slave_1: entered promiscuous mode
[  848.433487][T14503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  848.529527][T14503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  848.947734][T14503] team0: Port device team_slave_0 added
[  849.013155][T14503] team0: Port device team_slave_1 added
[  849.105665][ T5846] Bluetooth: hci0: command tx timeout
[  849.160279][T14503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  849.177348][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  849.208618][T14503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  849.244776][T14503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  849.261937][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  849.289440][T14503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  849.635599][T14503] hsr_slave_0: entered promiscuous mode
[  849.642440][T14503] hsr_slave_1: entered promiscuous mode
[  849.658958][T14503] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  849.670202][T14503] Cannot create hsr debugfs directory
[  850.036576][ T7540] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.428889][ T7540] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  850.462362][ T5846] Bluetooth: hci4: command tx timeout
[  851.186289][ T5846] Bluetooth: hci0: command tx timeout
[  851.337146][T14528] chnl_net:caif_netlink_parms(): no params data found
[  851.368236][ T5953] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  851.439895][ T7540] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.551171][ T5953] usb 3-1: Using ep0 maxpacket: 16
[  851.568220][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  851.598051][ T5953] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  851.609371][ T7540] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.621676][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  851.629750][ T5953] usb 3-1: Product: syz
[  851.641351][ T5953] usb 3-1: Manufacturer: syz
[  851.646179][ T5953] usb 3-1: SerialNumber: syz
[  851.666905][ T5953] usb 3-1: config 0 descriptor??
[  851.675344][T14598] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  851.694483][ T5953] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  851.703922][ T5953] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  851.945026][ T5953] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  851.974443][T14528] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.987225][T14528] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.002140][T14528] bridge_slave_0: entered allmulticast mode
[  852.010134][T14528] bridge_slave_0: entered promiscuous mode
[  852.051375][ T5953] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  852.059473][ T5953] em28xx 3-1:0.0: board has no eeprom
[  852.096263][T14528] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.103772][T14528] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.121855][T14528] bridge_slave_1: entered allmulticast mode
[  852.129889][T14528] bridge_slave_1: entered promiscuous mode
[  852.151229][ T5953] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  852.159137][ T5953] em28xx 3-1:0.0: dvb set to bulk mode.
[  852.186478][ T5835] em28xx 3-1:0.0: Binding DVB extension
[  852.196377][ T5953] usb 3-1: USB disconnect, device number 53
[  852.213285][ T5953] em28xx 3-1:0.0: Disconnecting em28xx
[  852.330628][T14596] syz.5.1666: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  852.376271][T14596] CPU: 1 UID: 0 PID: 14596 Comm: syz.5.1666 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  852.376304][T14596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  852.376319][T14596] Call Trace:
[  852.376328][T14596]  <TASK>
[  852.376339][T14596]  dump_stack_lvl+0x189/0x250
[  852.376373][T14596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  852.376398][T14596]  ? __pfx__printk+0x10/0x10
[  852.376426][T14596]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  852.376455][T14596]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  852.376483][T14596]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  852.376514][T14596]  warn_alloc+0x214/0x310
[  852.376543][T14596]  ? __pfx_warn_alloc+0x10/0x10
[  852.376576][T14596]  ? __get_vm_area_node+0x28f/0x300
[  852.376610][T14596]  ? vb2_vmalloc_alloc+0xef/0x340
[  852.376641][T14596]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  852.376710][T14596]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  852.376748][T14596]  ? __kasan_kmalloc+0x93/0xb0
[  852.376782][T14596]  vmalloc_user_noprof+0xad/0xf0
[  852.376815][T14596]  ? vb2_vmalloc_alloc+0xef/0x340
[  852.376842][T14596]  vb2_vmalloc_alloc+0xef/0x340
[  852.376869][T14596]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  852.376896][T14596]  __vb2_queue_alloc+0x9bf/0x15a0
[  852.376949][T14596]  vb2_core_reqbufs+0xc31/0x1420
[  852.376993][T14596]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  852.377016][T14596]  ? vb2_verify_memory_type+0x1fc/0x570
[  852.377051][T14596]  ? vb2_reqbufs+0x3a9/0x630
[  852.377083][T14596]  v4l2_m2m_ioctl_reqbufs+0x10d/0x200
[  852.377118][T14596]  __video_do_ioctl+0xc9b/0xdb0
[  852.377157][T14596]  ? __pfx___video_do_ioctl+0x10/0x10
[  852.377200][T14596]  video_usercopy+0x86e/0x14f0
[  852.377240][T14596]  ? __pfx___video_do_ioctl+0x10/0x10
[  852.377267][T14596]  ? __pfx_video_usercopy+0x10/0x10
[  852.377291][T14596]  ? smack_file_ioctl+0x2a9/0x340
[  852.377339][T14596]  ? __fget_files+0x2a/0x420
[  852.377357][T14596]  ? __fget_files+0x3a0/0x420
[  852.377381][T14596]  v4l2_ioctl+0x18a/0x1e0
[  852.377408][T14596]  ? __pfx_v4l2_ioctl+0x10/0x10
[  852.377433][T14596]  __se_sys_ioctl+0xfc/0x170
[  852.377465][T14596]  do_syscall_64+0xfa/0x3b0
[  852.377486][T14596]  ? lockdep_hardirqs_on+0x9c/0x150
[  852.377516][T14596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.377539][T14596]  ? clear_bhb_loop+0x60/0xb0
[  852.377565][T14596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.377587][T14596] RIP: 0033:0x7f537c38e929
[  852.377606][T14596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  852.377624][T14596] RSP: 002b:00007f537d1fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  852.377645][T14596] RAX: ffffffffffffffda RBX: 00007f537c5b5fa0 RCX: 00007f537c38e929
[  852.377659][T14596] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000006
[  852.377672][T14596] RBP: 00007f537c410b39 R08: 0000000000000000 R09: 0000000000000000
[  852.377685][T14596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  852.377699][T14596] R13: 0000000000000000 R14: 00007f537c5b5fa0 R15: 00007fff664a09b8
[  852.377733][T14596]  </TASK>
[  852.378587][T14596] Mem-Info:
[  852.400167][ T5835] em28xx 3-1:0.0: Registering input extension
[  852.727316][ T5846] Bluetooth: hci4: command tx timeout
[  852.761420][T14596] active_anon:276 inactive_anon:6265 isolated_anon:0
[  852.761420][T14596]  active_file:6470 inactive_file:36047 isolated_file:0
[  852.761420][T14596]  unevictable:768 dirty:132 writeback:0
[  852.761420][T14596]  slab_reclaimable:10987 slab_unreclaimable:119335
[  852.761420][T14596]  mapped:32559 shmem:4152 pagetables:1069
[  852.761420][T14596]  sec_pagetables:0 bounce:0
[  852.761420][T14596]  kernel_misc_reclaimable:0
[  852.761420][T14596]  free:1287187 free_pcp:7272 free_cma:0
[  852.814541][T14596] Node 0 active_anon:1104kB inactive_anon:25360kB active_file:25680kB inactive_file:144188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130536kB dirty:524kB writeback:0kB shmem:15272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11636kB pagetables:4152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  852.852996][T14596] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  852.866823][ T5953] em28xx 3-1:0.0: Closing input extension
[  852.886243][T14596] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  852.924656][T14528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  852.928967][ T5953] em28xx 3-1:0.0: Freeing device
[  852.941363][T14596] lowmem_reserve[]: 0 2500 2502 2502 2502
[  852.947915][T14596] Node 0 DMA32 free:1213892kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1100kB inactive_anon:25416kB active_file:23908kB inactive_file:144128kB unevictable:1536kB writepending:420kB present:3129332kB managed:2560896kB mlocked:0kB bounce:0kB free_pcp:26740kB local_pcp:6208kB free_cma:0kB
[  852.964442][T14528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  853.011383][T14596] lowmem_reserve[]: 0 0 1 1 1
[  853.020691][T14596] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:60kB unevictable:0kB writepending:4kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  853.065662][T14596] lowmem_reserve[]: 0 0 0 0 0
[  853.081156][T14596] Node 1 Normal free:3919360kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2624kB local_pcp:2624kB free_cma:0kB
[  853.163697][T14596] lowmem_reserve[]: 0 0 0 0 0
[  853.169651][T14596] Node 0 DMA: 
[  853.170619][ T7540] bridge_slave_1: left allmulticast mode
[  853.178951][T14596] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  853.182209][ T7540] bridge_slave_1: left promiscuous mode
[  853.198525][T14596] Node 0 DMA32: 15*4kB (UE) 19*8kB (ME) 200*16kB (ME) 284*32kB (UME) 107*64kB (UME) 75*128kB (UM) 136*256kB (UM) 94*512kB (UME) 26*1024kB (UME) 11*2048kB (UM) 257*4096kB (UM) = 1213716kB
[  853.227398][T14596] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  853.245397][T14596] Node 1 Normal: 150*4kB (UM) 45*8kB (UME) 42*16kB (UME) 221*32kB (UME) 82*64kB (UME) 33*128kB (UME) 9*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 950*4096kB (M) = 3919360kB
[  853.269736][T14596] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  853.286943][T14596] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  853.296545][T14596] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  853.312137][T14596] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  853.322648][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state
[  853.325875][T14596] 46761 total pagecache pages
[  853.336971][ T7540] bridge_slave_0: left allmulticast mode
[  853.340046][T14596] 0 pages in swap cache
[  853.344635][ T7540] bridge_slave_0: left promiscuous mode
[  853.359410][T14596] Free swap  = 124996kB
[  853.361463][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state
[  853.367248][T14596] Total swap = 124996kB
[  853.378738][T14596] 2097051 pages RAM
[  853.385920][T14596] 0 pages HighMem/MovableOnly
[  853.390784][T14596] 424720 pages reserved
[  853.398021][T14596] 0 pages cma reserved
[  853.480467][ T5953] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  853.661278][ T5953] usb 3-1: Using ep0 maxpacket: 32
[  853.693519][ T5953] usb 3-1: config 8 has an invalid interface number: 203 but max is 0
[  853.702040][ T5953] usb 3-1: config 8 has no interface number 0
[  853.708196][ T5953] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83
[  853.741155][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024
[  853.771244][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023
[  853.801215][ T5953] usb 3-1: config 8 interface 203 has no altsetting 0
[  853.822800][ T5953] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  853.847581][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.866437][ T5953] usb 3-1: Product: syz
[  853.880400][ T5953] usb 3-1: Manufacturer: syz
[  853.892673][ T5953] usb 3-1: SerialNumber: syz
[  853.911227][T14607] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  853.925199][T14607] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  854.350963][T14612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1669'.
[  854.781723][ T5846] Bluetooth: hci4: command tx timeout
[  855.047704][ T7540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  855.249010][ T7540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  855.261780][ T7540] bond0 (unregistering): Released all slaves
[  855.336716][T14528] team0: Port device team_slave_0 added
[  855.426943][T14616] hsr0: entered promiscuous mode
[  855.453575][T14528] team0: Port device team_slave_1 added
[  855.464572][    C1] port100 3-1:8.203: NFC: Urb failure (status -71)
[  855.471236][    C1] port100 3-1:8.203: NFC: Urb failure (status -71)
[  855.483304][ T5953] port100 3-1:8.203: NFC: Could not get supported command types
[  855.526040][ T5953] usb 3-1: USB disconnect, device number 54
[  855.845798][T14528] batman_adv: batadv0: Adding interface: batadv_slave_0
[  855.856916][T14528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.884298][T14528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  855.985060][T14528] batman_adv: batadv0: Adding interface: batadv_slave_1
[  856.005824][T14528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  856.040077][T14528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  856.136659][ T7540] hsr_slave_0: left promiscuous mode
[  856.164346][ T7540] hsr_slave_1: left promiscuous mode
[  856.193580][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  856.203759][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_0
[  856.226432][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  856.248389][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_1
[  856.323875][ T7540] veth1_macvtap: left promiscuous mode
[  856.339003][ T7540] veth0_macvtap: left promiscuous mode
[  856.354985][ T7540] veth1_vlan: left promiscuous mode
[  856.444226][ T7540] veth0_vlan: left promiscuous mode
[  858.930516][ T7540] team0 (unregistering): Port device team_slave_1 removed
[  859.221217][T11216] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  859.289894][ T7540] team0 (unregistering): Port device team_slave_0 removed
[  859.351566][T11216] usb 6-1: device descriptor read/64, error -71
[  859.597585][T11216] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  859.731250][T11216] usb 6-1: device descriptor read/64, error -71
[  859.843537][T11216] usb usb6-port1: attempt power cycle
[  859.905389][T14528] hsr_slave_0: entered promiscuous mode
[  859.913947][T14528] hsr_slave_1: entered promiscuous mode
[  859.920124][T14528] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  859.928100][T14528] Cannot create hsr debugfs directory
[  859.937431][T14613] hsr0: left promiscuous mode
[  860.100796][T14503] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  860.128684][T14503] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  860.140979][T14503] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  860.182422][T11216] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  860.207390][T14503] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  860.219333][T11216] usb 6-1: device descriptor read/8, error -71
[  860.363459][ T6910] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  860.462130][T11216] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  860.503461][T11216] usb 6-1: device descriptor read/8, error -71
[  860.541480][ T6910] usb 4-1: Using ep0 maxpacket: 16
[  860.573926][ T6910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 41096, setting to 1024
[  860.585559][ T6910] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  860.601264][ T6910] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  860.611609][ T6910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.631943][T11216] usb usb6-port1: unable to enumerate USB device
[  860.642436][ T6910] usb 4-1: config 0 descriptor??
[  860.670511][T14503] 8021q: adding VLAN 0 to HW filter on device bond0
[  860.728239][T14503] 8021q: adding VLAN 0 to HW filter on device team0
[  860.759196][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[  860.766501][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state
[  860.786437][T11969] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.793771][T11969] bridge0: port 2(bridge_slave_1) entered forwarding state
[  860.990571][T14528] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  861.024453][T14528] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  861.057112][T14528] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  861.083517][T14528] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  861.529107][T14671] geneve3: entered allmulticast mode
[  861.569173][T14528] 8021q: adding VLAN 0 to HW filter on device bond0
[  861.668423][T14528] 8021q: adding VLAN 0 to HW filter on device team0
[  861.708201][T14503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  862.265729][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state
[  862.273018][ T5987] bridge0: port 1(bridge_slave_0) entered forwarding state
[  862.316048][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[  862.323353][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state
[  862.525834][T14682] overlay: ./bus is not a directory
[  862.660795][T14503] veth0_vlan: entered promiscuous mode
[  862.698215][T14503] veth1_vlan: entered promiscuous mode
[  863.002684][T14503] veth0_macvtap: entered promiscuous mode
[  863.691291][ T6910] usbhid 4-1:0.0: can't add hid device: -71
[  863.700541][ T6910] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  863.715974][T14503] veth1_macvtap: entered promiscuous mode
[  863.724024][ T6910] usb 4-1: USB disconnect, device number 32
[  863.816234][T14693] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  863.855656][T14503] batman_adv: batadv0: Interface activated: batadv_slave_0
[  864.003342][T14695] FAULT_INJECTION: forcing a failure.
[  864.003342][T14695] name failslab, interval 1, probability 0, space 0, times 0
[  864.016123][T14695] CPU: 1 UID: 0 PID: 14695 Comm: syz.2.1686 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  864.016152][T14695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  864.016165][T14695] Call Trace:
[  864.016173][T14695]  <TASK>
[  864.016182][T14695]  dump_stack_lvl+0x189/0x250
[  864.016209][T14695]  ? __pfx____ratelimit+0x10/0x10
[  864.016242][T14695]  ? __pfx_dump_stack_lvl+0x10/0x10
[  864.016264][T14695]  ? __pfx__printk+0x10/0x10
[  864.016297][T14695]  ? __pfx___might_resched+0x10/0x10
[  864.016319][T14695]  ? fs_reclaim_acquire+0x7d/0x100
[  864.016343][T14695]  should_fail_ex+0x414/0x560
[  864.016375][T14695]  should_failslab+0xa8/0x100
[  864.016404][T14695]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  864.016431][T14695]  ? rtnl_prop_list_size+0x1ba/0x1e0
[  864.016458][T14695]  ? __alloc_skb+0x112/0x2d0
[  864.016483][T14695]  __alloc_skb+0x112/0x2d0
[  864.016508][T14695]  rtmsg_ifinfo_build_skb+0x84/0x260
[  864.016544][T14695]  rtnetlink_event+0x1b7/0x270
[  864.016568][T14695]  notifier_call_chain+0x1b6/0x3e0
[  864.016597][T14695]  netif_set_mtu_ext+0x438/0x620
[  864.016627][T14695]  ? __pfx_netif_set_mtu_ext+0x10/0x10
[  864.016664][T14695]  ? validate_linkmsg+0x765/0x950
[  864.016697][T14695]  do_setlink+0x91a/0x41c0
[  864.016722][T14695]  ? __kernel_text_address+0xd/0x40
[  864.016752][T14695]  ? arch_stack_walk+0xfc/0x150
[  864.016779][T14695]  ? __pfx_do_setlink+0x10/0x10
[  864.016817][T14695]  ? __lock_acquire+0xab9/0xd20
[  864.016843][T14695]  ? __mutex_trylock_common+0x153/0x260
[  864.016868][T14695]  ? __pfx___mutex_trylock_common+0x10/0x10
[  864.016895][T14695]  ? rcu_is_watching+0x15/0xb0
[  864.016923][T14695]  ? trace_contention_end+0x39/0x120
[  864.016946][T14695]  ? __mutex_lock+0x330/0xe80
[  864.016974][T14695]  ? rtnl_newlink+0x8db/0x1c70
[  864.016991][T14695]  ? rcu_is_watching+0x15/0xb0
[  864.017012][T14695]  ? __pfx___mutex_lock+0x10/0x10
[  864.017039][T14695]  ? ns_capable+0x8a/0xf0
[  864.017060][T14695]  ? rtnl_link_get_net_capable+0x16a/0x350
[  864.017085][T14695]  rtnl_newlink+0x160b/0x1c70
[  864.017117][T14695]  ? __pfx_rtnl_newlink+0x10/0x10
[  864.017135][T14695]  ? is_bpf_text_address+0x26/0x2b0
[  864.017161][T14695]  ? __lock_acquire+0xab9/0xd20
[  864.017190][T14695]  ? __lock_acquire+0xab9/0xd20
[  864.017226][T14695]  ? is_bpf_text_address+0x26/0x2b0
[  864.017249][T14695]  ? is_bpf_text_address+0x292/0x2b0
[  864.017266][T14695]  ? is_bpf_text_address+0x26/0x2b0
[  864.017287][T14695]  ? kernel_text_address+0xa5/0xe0
[  864.017314][T14695]  ? __kernel_text_address+0xd/0x40
[  864.017340][T14695]  ? unwind_get_return_address+0x4d/0x90
[  864.017359][T14695]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  864.017383][T14695]  ? arch_stack_walk+0xfc/0x150
[  864.017408][T14695]  ? __lock_acquire+0xab9/0xd20
[  864.017449][T14695]  ? __pfx_rtnl_newlink+0x10/0x10
[  864.017468][T14695]  rtnetlink_rcv_msg+0x7cf/0xb70
[  864.017491][T14695]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  864.017509][T14695]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  864.017545][T14695]  netlink_rcv_skb+0x208/0x470
[  864.017568][T14695]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  864.017589][T14695]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  864.017624][T14695]  ? netlink_deliver_tap+0x2e/0x1b0
[  864.017645][T14695]  ? netlink_deliver_tap+0x2e/0x1b0
[  864.017673][T14695]  netlink_unicast+0x759/0x8e0
[  864.017703][T14695]  netlink_sendmsg+0x805/0xb30
[  864.017735][T14695]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.017765][T14695]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  864.017791][T14695]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.017814][T14695]  __sock_sendmsg+0x219/0x270
[  864.017846][T14695]  ____sys_sendmsg+0x505/0x830
[  864.017875][T14695]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.017913][T14695]  ? import_iovec+0x74/0xa0
[  864.017938][T14695]  ___sys_sendmsg+0x21f/0x2a0
[  864.017964][T14695]  ? __pfx____sys_sendmsg+0x10/0x10
[  864.018023][T14695]  ? __fget_files+0x2a/0x420
[  864.018039][T14695]  ? __fget_files+0x3a0/0x420
[  864.018067][T14695]  __x64_sys_sendmsg+0x19b/0x260
[  864.018094][T14695]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  864.018127][T14695]  ? __pfx_ksys_write+0x10/0x10
[  864.018158][T14695]  ? do_syscall_64+0xbe/0x3b0
[  864.018180][T14695]  do_syscall_64+0xfa/0x3b0
[  864.018196][T14695]  ? lockdep_hardirqs_on+0x9c/0x150
[  864.018223][T14695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.018242][T14695]  ? clear_bhb_loop+0x60/0xb0
[  864.018264][T14695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.018282][T14695] RIP: 0033:0x7f752998e929
[  864.018299][T14695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.018314][T14695] RSP: 002b:00007f752a81c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  864.018334][T14695] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998e929
[  864.018347][T14695] RDX: 0000000020000004 RSI: 0000200000000480 RDI: 0000000000000007
[  864.018359][T14695] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000
[  864.018371][T14695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  864.018382][T14695] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918
[  864.018411][T14695]  </TASK>
[  864.020157][T14695] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  864.667295][T14503] batman_adv: batadv0: Interface activated: batadv_slave_1
[  864.728590][T14503] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  864.782101][T14503] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  864.831209][T14503] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  864.887236][T14503] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  865.063052][T14703] netlink: 'syz.3.1687': attribute type 10 has an invalid length.
[  865.071444][T14703] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1687'.
[  865.105831][T14703] dummy0: entered promiscuous mode
[  865.134245][T14703] bridge0: port 3(dummy0) entered blocking state
[  865.171432][T14703] bridge0: port 3(dummy0) entered disabled state
[  865.178063][T14703] dummy0: entered allmulticast mode
[  865.227973][T14703] bridge0: port 3(dummy0) entered blocking state
[  865.234678][T14703] bridge0: port 3(dummy0) entered forwarding state
[  865.397849][T14712] hsr0: entered promiscuous mode
[  865.454944][T14528] 8021q: adding VLAN 0 to HW filter on device batadv0
[  865.474617][ T5987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  865.497390][ T5987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  865.625204][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  865.640797][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  865.804155][T14528] veth0_vlan: entered promiscuous mode
[  865.906914][T14528] veth1_vlan: entered promiscuous mode
[  866.072027][T14528] veth0_macvtap: entered promiscuous mode
[  866.516831][T14528] veth1_macvtap: entered promiscuous mode
[  866.736247][ T5987] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.952082][ T5987] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.065039][T14528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  867.170113][ T5987] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.245116][T14528] batman_adv: batadv0: Interface activated: batadv_slave_1
[  867.346044][ T5987] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.395067][T14528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  867.404396][T14528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  867.415071][T14528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  867.424152][T14528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  867.727644][T14709] hsr0: left promiscuous mode
[  867.748392][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  867.769158][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  867.780841][ T5987] bridge_slave_1: left allmulticast mode
[  867.786854][ T5987] bridge_slave_1: left promiscuous mode
[  867.794008][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state
[  867.803531][ T5987] bridge_slave_0: left allmulticast mode
[  867.809210][ T5987] bridge_slave_0: left promiscuous mode
[  867.816481][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.411442][T14727] ------------[ cut here ]------------
[  869.417404][T14727] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  869.461897][T14727] shift exponent 32 is too large for 32-bit type 'int'
[  869.492922][T14727] CPU: 1 UID: 0 PID: 14727 Comm: syz.3.1695 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  869.492964][T14727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  869.492981][T14727] Call Trace:
[  869.492993][T14727]  <TASK>
[  869.493006][T14727]  dump_stack_lvl+0x189/0x250
[  869.493044][T14727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  869.493072][T14727]  ? __pfx__printk+0x10/0x10
[  869.493120][T14727]  ubsan_epilogue+0xa/0x40
[  869.493152][T14727]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  869.493197][T14727]  ? __comedi_request_region+0x74/0x140
[  869.493239][T14727]  das16m1_attach+0x8ee/0xb20
[  869.493289][T14727]  comedi_device_attach+0x520/0x670
[  869.493323][T14727]  comedi_unlocked_ioctl+0x686/0xf40
[  869.493366][T14727]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  869.493416][T14727]  ? __pfx_smack_log+0x10/0x10
[  869.493444][T14727]  ? smk_access+0x14c/0x4e0
[  869.493479][T14727]  ? smk_tskacc+0x2fc/0x370
[  869.493512][T14727]  ? smack_file_ioctl+0x24a/0x340
[  869.493547][T14727]  ? __pfx_smack_file_ioctl+0x10/0x10
[  869.493598][T14727]  ? __fget_files+0x2a/0x420
[  869.493620][T14727]  ? __fget_files+0x3a0/0x420
[  869.493640][T14727]  ? __fget_files+0x2a/0x420
[  869.493667][T14727]  ? bpf_lsm_file_ioctl+0x9/0x20
[  869.493690][T14727]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  869.493721][T14727]  __se_sys_ioctl+0xfc/0x170
[  869.493755][T14727]  do_syscall_64+0xfa/0x3b0
[  869.493776][T14727]  ? lockdep_hardirqs_on+0x9c/0x150
[  869.493811][T14727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.493843][T14727]  ? clear_bhb_loop+0x60/0xb0
[  869.493872][T14727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.493895][T14727] RIP: 0033:0x7fdf4958e929
[  869.493917][T14727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.493938][T14727] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  869.493972][T14727] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929
[  869.493990][T14727] RDX: 00002000000003c0 RSI: 0000000040946400 RDI: 0000000000000003
[  869.494030][T14727] RBP: 00007fdf49610b39 R08: 0000000000000000 R09: 0000000000000000
[  869.494046][T14727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  869.494062][T14727] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88
[  869.494099][T14727]  </TASK>
[  869.494181][T14727] ---[ end trace ]---
[  869.747377][T14727] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  869.754664][T14727] CPU: 1 UID: 0 PID: 14727 Comm: syz.3.1695 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) 
[  869.766787][T14727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  869.776901][T14727] Call Trace:
[  869.780239][T14727]  <TASK>
[  869.783229][T14727]  dump_stack_lvl+0x99/0x250
[  869.787881][T14727]  ? __asan_memcpy+0x40/0x70
[  869.792528][T14727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  869.797765][T14727]  ? __pfx__printk+0x10/0x10
[  869.802410][T14727]  panic+0x2db/0x790
[  869.806339][T14727]  ? __pfx_panic+0x10/0x10
[  869.810778][T14727]  ? _printk+0xcf/0x120
[  869.814969][T14727]  ? __pfx__printk+0x10/0x10
[  869.819619][T14727]  check_panic_on_warn+0x89/0xb0
[  869.824596][T14727]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  869.831064][T14727]  ? __comedi_request_region+0x74/0x140
[  869.836672][T14727]  das16m1_attach+0x8ee/0xb20
[  869.841385][T14727]  comedi_device_attach+0x520/0x670
[  869.846619][T14727]  comedi_unlocked_ioctl+0x686/0xf40
[  869.851945][T14727]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  869.857790][T14727]  ? __pfx_smack_log+0x10/0x10
[  869.862580][T14727]  ? smk_access+0x14c/0x4e0
[  869.867118][T14727]  ? smk_tskacc+0x2fc/0x370
[  869.871650][T14727]  ? smack_file_ioctl+0x24a/0x340
[  869.876704][T14727]  ? __pfx_smack_file_ioctl+0x10/0x10
[  869.882122][T14727]  ? __fget_files+0x2a/0x420
[  869.886727][T14727]  ? __fget_files+0x3a0/0x420
[  869.891420][T14727]  ? __fget_files+0x2a/0x420
[  869.896066][T14727]  ? bpf_lsm_file_ioctl+0x9/0x20
[  869.901028][T14727]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  869.906871][T14727]  __se_sys_ioctl+0xfc/0x170
[  869.911494][T14727]  do_syscall_64+0xfa/0x3b0
[  869.916107][T14727]  ? lockdep_hardirqs_on+0x9c/0x150
[  869.921350][T14727]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.927439][T14727]  ? clear_bhb_loop+0x60/0xb0
[  869.932140][T14727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  869.938054][T14727] RIP: 0033:0x7fdf4958e929
[  869.942503][T14727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.962144][T14727] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  869.970606][T14727] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929
[  869.978607][T14727] RDX: 00002000000003c0 RSI: 0000000040946400 RDI: 0000000000000003
[  869.986603][T14727] RBP: 00007fdf49610b39 R08: 0000000000000000 R09: 0000000000000000
[  869.994597][T14727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  870.002588][T14727] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88
[  870.010596][T14727]  </TASK>
[  870.013806][T14727] Kernel Offset: disabled
[  870.018204][T14727] Rebooting in 86400 seconds..