last executing test programs:

22m27.080971621s ago: executing program 2 (id=3):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
fchdir(r3)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r4, 0x2007ffb)
close(r4)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)

22m22.889174188s ago: executing program 2 (id=18):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)

22m7.769846717s ago: executing program 32 (id=18):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)

21m32.162146899s ago: executing program 4 (id=135):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
read$FUSE(r0, &(0x7f00000030c0)={0x2020}, 0x2020)
bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r0}, 0x8)

21m31.480296417s ago: executing program 4 (id=136):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_io_uring_setup(0x4a3d, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x52, 0x4007, @fd=r5, 0x6, 0x0, 0x0, 0x2, 0x1})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8000}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x101}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0xd4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x8, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0xfffffffc, 0x0, 0xcd7e], [], 0x0, [0x1]}, 0x0, 0x2000}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "06010000"}]}, 0x54}}, 0x20000080)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x41, 0x3, 0x380, 0x0, 0x19, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0x1f8, 0x218, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@hashlimit2={{0x150}, {'veth1\x00', {0x0, 0x8, 0x0, 0x0, 0x0, 0x687c, 0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@empty, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'netpci0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3e0)

21m29.712566599s ago: executing program 4 (id=141):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x1000000000000, 0x4000})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000200)={0x0, r1}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r3, 0xc018aa3f, 0x0)
r4 = socket$inet6(0xa, 0x802, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x80c03, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000280)=0x1)
setsockopt$inet6_buf(r4, 0x29, 0xcc, &(0x7f0000000700)="f95e138c47a134435ba6a7d8c7d7952181fdd77f5b7eceffca389e016ef6e36ace0091f41e0211468de48351cbd64a5115f209226a43b8847d520120480d6fa19ac9852caeb6e0c0b483c6cf44e24e43bfa0e8000000005b9c3807c5786ffc4169293c81d80da09db8b03f0e8177982a00227b57cd9771f7d2ec0e1e4328fbffc361531d025cf949cb3c754e89a138ae788d39d95898af7048694b10d5ad25ef4372340bf5d021c4002a8cec0a2b92c40d5a0f6141e7a29c866763c016b3e2bda0a7c20a2c78d24cf429452aa928a0b5d811654c7cb17dbfa06a5ae9ac6cf384a2d7e82aaf13a1ee50df02b7928ab263b5d5978400765f8459d636e5e419038138b12e06006195e001d89b636c0cd4e133d6ce6fd2d667c8dda7c1b1fb7cec39788bc49c1e25146c9f3b5461ab81b902086d5521fe42bbf259578e134c3d2d985b0dc8d8683219c1af151747cfe26156ef8529f1f89581f6fe99deefeea15df618f714528e923c31dd680d8c6febd0b2ab411b8a57c6c2f6fa59d18a973490c8c5cb1ee7e81e0c1454d1ab4a29a8b990cca24fa57ed30088b49cbc14e9ac2c1fb98e87b7c16c283bd9fb319abe1c", 0x1ae)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0xffff, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000001840), 0x3b, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x90, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f0000006300)={0x2020}, 0x2020)

21m26.934781869s ago: executing program 4 (id=148):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)

21m23.462549642s ago: executing program 4 (id=158):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000), 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r6 = open(&(0x7f0000000000)='.\x00', 0x80, 0x0)
unshare(0x24020400)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r6, 0x40049366, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xd0}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x41}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9, 0x20}, {}, {}, {0x18, 0x6, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

21m21.675614913s ago: executing program 4 (id=163):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r1=>0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x1, 0x60bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x4f24c}, [@IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x28}, 0x1, 0x0, 0x0, 0x48051}, 0xc0)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
pipe2(0x0, 0x800)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000001440)=ANY=[], 0xffffff6a)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x0, 0x0})
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000040)={0x4, r7})
read$FUSE(r6, &(0x7f00000030c0)={0x2020}, 0x2020)

21m5.995844652s ago: executing program 33 (id=163):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r1=>0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x1, 0x60bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x4f24c}, [@IFLA_NET_NS_PID={0x8, 0x13, r1}]}, 0x28}, 0x1, 0x0, 0x0, 0x48051}, 0xc0)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
pipe2(0x0, 0x800)
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000001440)=ANY=[], 0xffffff6a)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r4, @ANYBLOB], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x0, 0x0})
r8 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r8, 0xc0184800, &(0x7f0000000040)={0x4, r7})
read$FUSE(r6, &(0x7f00000030c0)={0x2020}, 0x2020)

7m41.816118196s ago: executing program 6 (id=2083):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
pipe2(0x0, 0x4080)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, 0x0, 0xcccccccc})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[0x0], &(0x7f0000000200), &(0x7f00000000c0)=[r4], &(0x7f0000000040), 0x0, 0x300})

7m40.644973578s ago: executing program 6 (id=2085):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fanotify_init(0x8, 0x80000)
fanotify_mark(r4, 0x105, 0xdd0f76e88c10240e, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00', 0xa}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, r1, 0x0, 0x0, 'syz0\x00', 0x0})

7m32.696738829s ago: executing program 6 (id=2103):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_io_uring_setup(0x4a3d, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8000}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x101}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0xd4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0)
r6 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x8, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0xfffffffc, 0x0, 0xcd7e], [], 0x0, [0x1]}, 0x0, 0x2000}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "06010000"}]}, 0x54}}, 0x20000080)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
socket$inet6(0xa, 0x2, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x41, 0x3, 0x380, 0x0, 0x19, 0x0, 0x0, 0x0, 0x2e8, 0x1f0, 0x1f0, 0x2e8, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @dev, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0x1f8, 0x218, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@hashlimit2={{0x150}, {'veth1\x00', {0x0, 0x8, 0x0, 0x0, 0x0, 0x687c, 0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@empty, @empty, 0x0, 0x0, 'veth0_vlan\x00', 'netpci0\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3e0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
io_uring_enter(0xffffffffffffffff, 0x0, 0xcb, 0xf, &(0x7f0000000000), 0x18)

7m30.010682142s ago: executing program 6 (id=2107):
syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_tables_matches\x00')
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x8000001f)
close_range(r5, 0xffffffffffffffff, 0x0)

7m25.26991493s ago: executing program 6 (id=2119):
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
ioctl$EVIOCGLED(r0, 0x40284504, &(0x7f0000000000)=""/56)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)=0x2)
setrlimit(0x6, &(0x7f0000000180)={0x1000, 0x10000})
connect$unix(0xffffffffffffffff, &(0x7f0000000340)=@file={0x1, './file1\x00'}, 0x6e)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c910"], 0x15)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000080)={0xa, @sliced={0x8, [0x9, 0x7, 0x33db, 0x3, 0x2c1, 0x2, 0xf092, 0x25, 0x5, 0x8, 0x8000, 0x9, 0x8, 0xf, 0xd, 0x5, 0x0, 0xc3, 0x4, 0x80, 0x10, 0x2, 0x2, 0x2, 0x7, 0x8, 0x7, 0x8, 0x8000, 0x8, 0x200, 0x2, 0x6, 0x1, 0x9, 0x0, 0x8, 0x8, 0x0, 0x77d5, 0x3, 0x1, 0x100, 0x7, 0x3, 0x7, 0x2, 0xe7], 0x7}})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='projid_map\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6}]})

7m22.835247783s ago: executing program 6 (id=2123):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000740)="1cde94a0c669a3936f0b346530806b33fd9c37f34f204dbe19", 0x19}], 0x2)

7m6.870102234s ago: executing program 34 (id=2123):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0xe}, {&(0x7f0000000740)="1cde94a0c669a3936f0b346530806b33fd9c37f34f204dbe19", 0x19}], 0x2)

24.789721053s ago: executing program 0 (id=2986):
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @empty, 0x7fffffff}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0xf3c00000, 0xbf2, {<r0=>0xffffffffffffffff}, {}, 0x5, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x3, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x5, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r7 = accept$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0x14)
getsockname$packet(r7, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000440)=0x14)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0x2, 0x3, 0x6})
syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})

23.989821851s ago: executing program 0 (id=2987):
socket$nl_generic(0x10, 0x3, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x840, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffc, 0x4, &(0x7f0000006680))
r2 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="36400000260091"], 0xfe33)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
socket$unix(0x1, 0x5, 0x0)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffd, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x0, 0xc2c5}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x80000000, 0xc, 0x2, 0x5e51, 0x9, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x4, 0x0, 0x5, 0x5}, 0x0, 0x0)

21.830606828s ago: executing program 0 (id=2993):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000001340)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000003740)=ANY=[@ANYBLOB="b800000000000000", @ANYRES64=r5, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB], 0xb8)

20.813519706s ago: executing program 0 (id=2995):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x1000000000000, 0x4000})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000200)={0x0, r1}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x80c03, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000280)=0x1)

20.593382352s ago: executing program 0 (id=2998):
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1)
socket$vsock_stream(0x28, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans', @ANYRESHEX, @ANYRESHEX])
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80882, 0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x4000032f}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

18.290375321s ago: executing program 0 (id=3001):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000000)=ANY=[@ANYBLOB='fil'], 0x0)
sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

17.400935252s ago: executing program 7 (id=3002):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc})
ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, &(0x7f0000000480)={{0x1, 0x1}, 0x100, './file0\x00'})

12.15124251s ago: executing program 7 (id=3010):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffffffffffe68, &(0x7f00000002c0)=0x1000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$uid(0x3, 0x0, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @remote}, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
symlinkat(&(0x7f0000000100)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00')
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40400)
ioctl$SG_IO(r4, 0x2285, &(0x7f00000033c0)={0x53, 0xfffffffffffffffd, 0x6, 0x68, @buffer={0xfb, 0x0, 0x0}, &(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00', 0x0, 0x0, 0x10010, 0x4, 0x0})
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200000000020090780000000369c46dea0006ff0800000000000000000000000000000001ff0200000000000000000000000000011d000000000000000502040100000000625d0000000000000502200010d492385c3783d3afa4087aac07f72281b3b12267af7a3550aa1c3df47e5193806438916ec2e867d21394d0ececf9700962d3e17e4bb578aafd31a3f1955010879ee9079424526f222aa9e6477366d11ceda8cc0a4a1008153a04ddaa531db1dc129d6fb8f95c13d752d80f25ce2b253934d9a86bdf503653d3730ada1509d9536c165576ddde5926db915dd86eb3e2a03a7e56c01f4067638d6b7a6b4e9712c66ed550b77c6e655dc71d08ae40755d11b56963a28dce50181d34e7c4b0caae8cf4b947526eecd89735717604aec2730381ca1b51ab01ed0a4c78a4ba64a733fec74ad4071ffb454d5a4e2e167705cc70cb4551a1892279fbf20f41698d06c87d4928fab8c35581c02c8b06d25f4cfab68bc929dad45297768657d0f9e3a28e4f385d3ab4f4ebc9a48469fcc680b11ae610a658ca37f442cb8abda0ca080fbfd107f702b3f57f6c29b827a6c9cd6c1a9d010a3eacb011178887d654d395a63fb718e6da50ad25840efb4801a6182f56836a03a91927cf013f3742d1491545656fddd952bbe35611dd164de5a822333d106f767e2b1fbbda7fd780c2ba8ba487e69e259bb1b9bfe90974aea4e9496999180776a13796b9c394f54ae1f6371556443be28b730502000c05028805040116050200040be4bb69246c6dd959322a3c6381cd5ecbbb7131ac5b4c10756fddad9452625b1f85dcb2db18d954111331928b8202efd022be464387d6ab7358c74e997342ee7eb1c46a817d6708b603963384c4499ef4dbf57fb3a40f974a32c25f0f9ae3953b921ea771007c951a3ed9237fc4a068fc39022aa39e70b1af46265c180eab098a06f6fd55b9ec6890f78ea1a3d5a17cac3a3887f13eeb3d163de914bcfbaf40a4a52a94901be888d6845fd4eb61ed9eebcfafb7588f7f92a12711672e4050f36e6a8695ef98eeb35f9f8f631207ba50c041580262f52bdfc87946bc87efba2e7eba9ea2f4a7072a8d83a045895d9642a081ddef313f45aa94fc70c117653ab8ddf92747a49c5c20a771233573e692d1caa10000000000003ec7000000000000c30013ea3bcc03cbfea3899367b93bc9545a9abe3e513929efb617a5c70410c64c077ec9040cc413710e4fbcf7d971af86cdf8d5f8f04948fcbf318c7894000412d280cc4b98548f990cb11035a6d48299cd"], 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff02000000000000000000000000000102000003"], 0x0)
r5 = gettid()
timer_create(0x6, &(0x7f0000533fa0)={0x0, 0x25, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000000}, 0x4008000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500ffffffff000000002100000008000300", @ANYRES32=r2, @ANYBLOB="38002d800a00000002020202020202020200000a0000000101010000000000000004000a0000000202020202020000"], 0x54}}, 0x0)

11.511100693s ago: executing program 5 (id=3011):
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1)
socket$vsock_stream(0x28, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans', @ANYRESHEX, @ANYRESHEX])
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80882, 0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x4000032f}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

11.313013677s ago: executing program 5 (id=3012):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r4 = openat$incfs(0xffffffffffffff9c, &(0x7f00000001c0)='.pending_reads\x00', 0x400001, 0x120)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x4)
socket(0xb, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @flow_dissector}, 0x94)
bpf$ITER_CREATE(0xb, &(0x7f0000000400), 0x42)
ioctl$TIOCSRS485(r0, 0x542f, 0x0)
ioctl$KDGKBMETA(r0, 0x4b62, 0x0)

10.327701471s ago: executing program 5 (id=3014):
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newspdinfo={0x2c, 0x24, 0x1, 0x70bd2c, 0x25dfdbfc, 0x3ff, [@XFRMA_SPD_IPV4_HTHRESH={0x6}, @XFRMA_SPD_IPV6_HTHRESH={0x6}, @XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24008040}, 0x800)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

9.894544824s ago: executing program 1 (id=3015):
socket$inet6(0xa, 0x80002, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x2, 0x0, &(0x7f0000000200)='syzkaller\x00'}, 0x94)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x84a42, 0x99)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB, @ANYBLOB=',acc', @ANYBLOB="2c63c41167cffb4d346ccab8ce2a2c951343e675849f657527ffb91b873109439a534cc507c61a10dc86682c3435e30b7a544426a0e98ac31803e076d0d6cbe39f7d8a8b1240d2cf013e"])
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}, {0x7}, {}, {0x0, 0x9}, {0x0, 0x1}, {}, {0x0, 0x7}], 0x20})
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019080)=ANY=[@ANYBLOB="54000000120001030000000000dcdf250040ff004e244e2000", @ANYRESDEC=r4], 0x54}, 0x1, 0x0, 0x0, 0x44800}, 0x0)

9.88410824s ago: executing program 7 (id=3016):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000001340)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000003740)=ANY=[@ANYBLOB="b800000000000000", @ANYRES64=r5, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB], 0xb8)

8.718171619s ago: executing program 7 (id=3017):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100002c464708c2153b003e66010203010902220001000000000904000001e3fe11000905000000000000000705936b90"], 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))

8.427388389s ago: executing program 1 (id=3018):
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @empty, 0x7fffffff}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0xf3c00000, 0xbf2, {<r0=>0xffffffffffffffff}, {}, 0x5, 0x2})
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x3, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x5, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r7 = accept$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0x14)
getsockname$packet(r7, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000440)=0x14)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0x2, 0x3, 0x6})
syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})

7.131668183s ago: executing program 1 (id=3020):
socket$nl_generic(0x10, 0x3, 0x10)
gettid()
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYBLOB="070000000000000007000000ff"])

6.962184796s ago: executing program 3 (id=3021):
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)}], 0x1)
socket$vsock_stream(0x28, 0x1, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans', @ANYRESHEX, @ANYRESHEX])
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x80882, 0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x4000032f}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd_index=0x4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

6.622955856s ago: executing program 1 (id=3022):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
fsetxattr$security_ima(r0, &(0x7f0000000340), &(0x7f0000000380)=@ng={0x4, 0x11}, 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setfsuid(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003100)=[{{&(0x7f0000000240), 0x6e, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4085, 0xff5}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f00000003c0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x1c}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_usbip_server_init(0x3)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
pipe(&(0x7f0000000440))
openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

6.570171258s ago: executing program 3 (id=3023):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
pipe(&(0x7f00000000c0))
ioprio_set$uid(0x3, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000780)=ANY=[], 0x0, 0x34}, 0x28)
socket$inet6(0xa, 0x1, 0x8010000000000084)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, 0x0)
read$FUSE(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000080)={{0x6, @default}, [@null, @bcast, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48)

4.894464283s ago: executing program 7 (id=3024):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="18", 0x1, 0x2, &(0x7f0000000340)={0x11, 0xc, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}]}, 0x3c}}, 0x40880)

4.894058615s ago: executing program 3 (id=3025):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0xdd0f76e88c10240e, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xfffffff7, 0x0, 0x0, 0x0, 'syz0\x00', 0xa}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0xc015, 0x3}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f0000000240)={0x3, 0x3}, 0x0)

4.814443055s ago: executing program 1 (id=3026):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000001340)={0x2020, 0x0, <r5=>0x0, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f0000003740)=ANY=[@ANYBLOB="b800000000000000", @ANYRES64=r5, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB], 0xb8)

3.717815087s ago: executing program 5 (id=3027):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.20022271s ago: executing program 1 (id=3028):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x1000000000000, 0x4000})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x80c03, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)=0x1)

3.110607852s ago: executing program 3 (id=3029):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)
fsopen(0x0, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x48)
socket$nl_generic(0x10, 0x3, 0x10)
ioprio_get$uid(0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000ec0))
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, 0x0, &(0x7f0000000880)}, 0x20)
close(0xffffffffffffffff)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)

2.252474055s ago: executing program 5 (id=3030):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
bind$qrtr(r2, &(0x7f0000000200), 0xc)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
r3 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3})
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x2})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000340)={0x5, 0x90, 0x1, 'queue0\x00', 0x3})
close(0xffffffffffffffff)
mq_timedreceive(r3, &(0x7f0000000880)=""/202, 0x8f, 0x200000000004, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x800000, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1800}, 0x48)
ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040))
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40041)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r4, 0x0, 0x0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@delqdisc={0x24, 0x25, 0x2, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x5, 0x8}, {0x3, 0xd}, {0x8, 0x1}}}, 0x24}}, 0x40004)
ioctl$DRM_IOCTL_MODE_ADDFB(r2, 0xc01c64ae, &(0x7f0000000240)={0x0, 0x8, 0x101, 0xfffff000, 0x10001, 0x4, 0x8000})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)

887.764099ms ago: executing program 5 (id=3031):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/fscreate\x00')
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf)
setsockopt$ax25_int(r0, 0x101, 0x4, &(0x7f0000000040)=0x318da19d, 0x4)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x689c1, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$TCFLSH(r5, 0x400455c8, 0x20000000009)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f0000000240), 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

426.537686ms ago: executing program 3 (id=3032):
socket$nl_generic(0x10, 0x3, 0x10)
gettid()
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYBLOB="070000000000000007000000ff"])

261.009535ms ago: executing program 3 (id=3033):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100002c464708c2153b003e66010203010902220001000000000904000001e3fe11000905000000000000000705936b90"], 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))

0s ago: executing program 7 (id=3034):
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0x80000000, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6})

kernel console output (not intermixed with test programs):

9] fuse: Bad value for 'group_id'
[  652.567997][T11769] fuse: Bad value for 'group_id'
[  653.683925][T11766] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  654.229531][T11776] ubi: mtd0 is already attached to ubi31
[  654.899264][T11783] random: crng reseeded on system resumption
[  655.510521][T11792] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  656.412415][ T5907] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  656.466762][T11797] 9pnet_fd: p9_fd_create_unix (11797): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  656.562957][ T5907] usb 7-1: Using ep0 maxpacket: 32
[  656.779375][ T5907] usb 7-1: config 0 has an invalid descriptor of length 78, skipping remainder of the config
[  656.792714][ T5907] usb 7-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  656.820785][ T5907] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.841240][ T5907] usb 7-1: Product: syz
[  656.858730][ T5907] usb 7-1: Manufacturer: syz
[  656.881962][ T5907] usb 7-1: SerialNumber: syz
[  656.973118][ T5907] usb 7-1: config 0 descriptor??
[  657.011380][ T5907] usb 7-1: bad CDC descriptors
[  657.026195][ T5907] usb 7-1: unsupported MDLM descriptors
[  657.226175][ T5907] usb 7-1: USB disconnect, device number 13
[  658.429052][T11810] fuse: Bad value for 'group_id'
[  658.434366][T11810] fuse: Bad value for 'group_id'
[  662.406272][T11837] random: crng reseeded on system resumption
[  664.249006][T11858] fuse: Bad value for 'group_id'
[  664.254098][T11858] fuse: Bad value for 'group_id'
[  665.433868][T11867] ubi: mtd0 is already attached to ubi31
[  666.200475][T11869] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1339'.
[  667.273001][ T5906] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  667.467993][ T5906] usb 1-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice=9c.25
[  667.511585][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.684266][ T5906] usb 1-1: Product: syz
[  667.688492][ T5906] usb 1-1: Manufacturer: syz
[  667.720042][ T5906] usb 1-1: SerialNumber: syz
[  667.728428][ T5906] usb 1-1: config 0 descriptor??
[  667.745949][ T5906] gspca_main: spca501-2.14.0 probing 0000:0000
[  667.795566][T11882] random: crng reseeded on system resumption
[  668.839286][ T5906] gspca_spca501: reg write: error -110
[  668.854024][ T5906] spca501 1-1:0.0: Reg write failed for 0x02,0x0f,0x05
[  668.870362][ T5906] spca501 1-1:0.0: probe with driver spca501 failed with error -22
[  668.887394][ T5906] usb 1-1: Found UVC 0.00 device syz (0000:0000)
[  668.901286][ T5906] usb 1-1: No valid video chain found.
[  669.982823][ T5906] usb 1-1: USB disconnect, device number 12
[  670.110781][T11903] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1349'.
[  671.275404][T11921] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  672.240120][T11927] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  673.295870][ T7123] Bluetooth: hci1: unexpected event for opcode 0x201c
[  673.389021][T11943] netlink: 'syz.6.1360': attribute type 7 has an invalid length.
[  673.435558][T11943] : entered promiscuous mode
[  676.044039][T11959] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1365'.
[  677.856493][T11975] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  678.732861][T11981] autofs: Unknown parameter 'fd0x0000000000000000'
[  678.940815][T11983] netlink: 'syz.1.1372': attribute type 7 has an invalid length.
[  680.592093][T11997] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1376'.
[  680.605992][T11999] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1375'.
[  680.654787][T11997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1376'.
[  680.859565][T12002] tipc: Started in network mode
[  680.869258][T12002] tipc: Node identity 66a15c96e388, cluster identity 4711
[  680.887812][T12002] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  680.969763][T12001] tipc: Disabling bearer <eth:syzkaller0>
[  683.142530][T12033] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  685.668631][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  685.675205][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  686.093641][T12054] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1389'.
[  686.915173][T12061] netlink: 'syz.0.1393': attribute type 13 has an invalid length.
[  687.566777][T12061] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.574593][T12061] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.948721][T12061] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  687.965056][T12061] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  688.062275][T12083] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  689.204262][T12061] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.218009][T12061] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.227982][T12061] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.237177][T12061] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  689.355849][T12061] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  689.365011][T12061] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  689.374211][T12061] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  689.383148][T12061] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  689.456309][  T980] lo speed is unknown, defaulting to 1000
[  689.462257][  T980] syz0: Port: 1 Link DOWN
[  689.512984][T12100] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  689.743746][T12089] tipc: Disabling bearer <eth:syzkaller0>
[  690.377573][T12118] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1402'.
[  690.387416][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1402'.
[  691.340891][T12120] fuse: Unknown parameter 'group_i00000000000000000000'
[  691.898564][T12126] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1405'.
[  692.495423][T12131] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1407'.
[  694.071399][T12144] syzkaller0: entered promiscuous mode
[  694.081962][T12144] syzkaller0: entered allmulticast mode
[  694.256581][T12148] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1409'.
[  694.796644][T12150] fuse: Unknown parameter 'group_i00000000000000000000'
[  695.217167][T12161] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1416'.
[  698.584876][T12095] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  699.412426][T12095] usb 6-1: Using ep0 maxpacket: 32
[  699.419738][T12095] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  699.444663][T12095] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  699.453859][T12095] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.461946][T12095] usb 6-1: Product: syz
[  699.466207][T12095] usb 6-1: Manufacturer: syz
[  699.470876][T12095] usb 6-1: SerialNumber: syz
[  699.601483][T12095] usb 6-1: config 0 descriptor??
[  699.627298][T12095] cdc_ether 6-1:0.0: skipping garbage
[  699.657996][T12095] usb 6-1: bad CDC descriptors
[  699.668662][T12095] usb 6-1: unsupported MDLM descriptors
[  699.831097][T12068] usb 6-1: USB disconnect, device number 16
[  701.410930][T12202] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  701.886842][T12200] syz.6.1428 (12200) used greatest stack depth: 16496 bytes left
[  703.717007][   T30] audit: type=1326 audit(1753214430.077:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12213 comm="syz.6.1432" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a1638e9a9 code=0x0
[  703.905221][T12225] NILFS (nullb0): couldn't find nilfs on the device
[  711.970733][T12288] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1452'.
[  711.992392][T12288] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  712.532481][   T30] audit: type=1326 audit(1753214438.887:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12270 comm="syz.0.1446" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f222c58e9a9 code=0x0
[  712.727793][T12299] siw: device registration error -23
[  717.262899][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1459'.
[  717.422050][T12334] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1461'.
[  717.522457][T12068] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  717.953161][T12068] usb 4-1: Using ep0 maxpacket: 8
[  718.040541][T12068] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  718.060004][T12068] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.072950][T12068] usb 4-1: Product: syz
[  718.209322][T12068] usb 4-1: Manufacturer: syz
[  718.214267][T12068] usb 4-1: SerialNumber: syz
[  718.225665][T12068] usb 4-1: config 0 descriptor??
[  718.252022][   T30] audit: type=1800 audit(1753214444.607:18): pid=12343 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1464" name="/" dev="9p" ino=144678138029342722 res=0 errno=0
[  718.273955][T12344] ubi: mtd0 is already attached to ubi31
[  718.578643][T12068] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  719.727298][T12068] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  719.857883][T12361] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  721.878777][ T5934] usb 4-1: USB disconnect, device number 18
[  722.099416][T12381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1475'.
[  723.160041][T12387] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1477'.
[  723.564376][T12392] ubi: mtd0 is already attached to ubi31
[  723.628021][T12395] vlan2: entered promiscuous mode
[  723.648786][T12395] vlan2: entered allmulticast mode
[  724.922852][T12395] hsr_slave_1: entered allmulticast mode
[  724.943489][T12397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1479'.
[  725.255895][T12405] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  727.346040][T12069] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  727.412666][T12068] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  727.572427][T12068] usb 2-1: Using ep0 maxpacket: 8
[  727.662443][T12069] usb 6-1: Using ep0 maxpacket: 32
[  728.085006][T12069] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.096825][T12068] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  728.118461][T12068] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.142587][T12069] usb 6-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  728.151636][T12069] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.161710][T12068] usb 2-1: Product: syz
[  728.166307][T12068] usb 2-1: Manufacturer: syz
[  728.171166][T12068] usb 2-1: SerialNumber: syz
[  728.178965][T12068] usb 2-1: config 0 descriptor??
[  728.187066][T12069] usb 6-1: config 0 descriptor??
[  728.422593][T12068] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  728.655304][T12069] mcp2200 0003:04D8:00DF.0004: item fetching failed at offset 0/2
[  728.667998][T12069] mcp2200 0003:04D8:00DF.0004: can't parse reports
[  728.679090][T12069] mcp2200 0003:04D8:00DF.0004: probe with driver mcp2200 failed with error -22
[  728.858479][T12069] usb 6-1: USB disconnect, device number 17
[  729.020786][T12068] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  729.342475][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  729.742450][ T5934] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  729.916564][ T5934] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice=9c.25
[  729.941916][T12441] fuse: Bad value for 'user_id'
[  729.946165][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.950518][T12441] fuse: Bad value for 'user_id'
[  729.972250][ T5934] usb 4-1: Product: syz
[  729.992360][ T5934] usb 4-1: Manufacturer: syz
[  730.002501][ T5934] usb 4-1: SerialNumber: syz
[  730.028472][ T5934] usb 4-1: config 0 descriptor??
[  730.058391][T12069] usb 2-1: USB disconnect, device number 14
[  730.060666][ T5934] gspca_main: spca501-2.14.0 probing 0000:0000
[  730.367229][T12446] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1492'.
[  730.612718][ T5934] gspca_spca501: reg write: error -110
[  731.627886][ T5934] spca501 4-1:0.0: Reg write failed for 0x02,0x0f,0x05
[  731.636018][ T5934] spca501 4-1:0.0: probe with driver spca501 failed with error -22
[  731.664002][ T5934] usb 4-1: Found UVC 0.00 device syz (0000:0000)
[  731.676521][ T5934] usb 4-1: No valid video chain found.
[  731.964460][ T5934] usb 4-1: USB disconnect, device number 19
[  732.303132][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  733.455735][T12470] tmpfs: Unknown parameter 'quot'
[  734.988212][T12478] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  735.254037][T12484] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  735.268374][T12487] fuse: Bad value for 'user_id'
[  735.291670][T12487] fuse: Bad value for 'user_id'
[  735.453919][ T5907] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  735.999935][ T5907] usb 6-1: Using ep0 maxpacket: 8
[  736.316324][ T5907] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  736.325486][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.336265][ T5907] usb 6-1: Product: syz
[  736.340472][ T5907] usb 6-1: Manufacturer: syz
[  736.362365][ T5907] usb 6-1: SerialNumber: syz
[  736.383205][ T5907] usb 6-1: config 0 descriptor??
[  736.627470][ T5907] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  737.230971][ T5907] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  737.843245][T12511] tmpfs: Unknown parameter 'quot'
[  738.552873][ T5907] usb 6-1: USB disconnect, device number 18
[  738.627980][T12514] random: crng reseeded on system resumption
[  739.321301][T12524] 9pnet_fd: p9_fd_create_unix (12524): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  739.453409][T12526] fuse: Bad value for 'fd'
[  740.949052][T12544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1519'.
[  741.776398][T12549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  742.172476][T12556] tmpfs: Unknown parameter 'quot'
[  742.792483][T12068] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  742.983927][T12068] usb 2-1: Using ep0 maxpacket: 8
[  743.011793][T12068] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  743.055431][T12068] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.222632][T12068] usb 2-1: Product: syz
[  743.226864][T12068] usb 2-1: Manufacturer: syz
[  743.231498][T12068] usb 2-1: SerialNumber: syz
[  743.333696][T12564] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  744.243066][T12068] usb 2-1: config 0 descriptor??
[  744.493442][T12068] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  745.567630][T12068] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  745.630769][T12577] fuse: Bad value for 'fd'
[  745.750386][T12581] 9pnet_fd: Insufficient options for proto=fd
[  745.815099][T12586] fuse: Unknown parameter 'group_id00000000000000000000'
[  746.876118][ T5907] usb 2-1: USB disconnect, device number 15
[  747.338298][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.344691][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  749.542031][T12620] random: crng reseeded on system resumption
[  751.230480][T12633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  752.379258][T12641] fuse: Bad value for 'user_id'
[  752.384625][T12641] fuse: Bad value for 'user_id'
[  753.692393][T12069] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  754.131924][T12659] random: crng reseeded on system resumption
[  754.212719][T12069] usb 1-1: Using ep0 maxpacket: 8
[  754.228581][T12069] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  754.249888][T12069] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.684311][T12069] usb 1-1: Product: syz
[  754.742386][T12069] usb 1-1: Manufacturer: syz
[  754.756726][T12069] usb 1-1: SerialNumber: syz
[  754.776302][T12069] usb 1-1: config 0 descriptor??
[  755.292464][T12069] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  755.754751][T12667] ubi: mtd0 is already attached to ubi31
[  756.056660][T12069] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  756.236104][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  757.159664][T12069] usb 1-1: USB disconnect, device number 13
[  759.766187][T12739] fuse: Bad value for 'fd'
[  760.908883][T12752] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  760.915541][T12752] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  760.967662][T12758] netlink: 180 bytes leftover after parsing attributes in process `syz.6.1569'.
[  761.016353][T12752] vhci_hcd vhci_hcd.0: Device attached
[  761.022229][T12754] vhci_hcd: connection closed
[  761.042674][ T2950] vhci_hcd: stop threads
[  761.051749][ T2950] vhci_hcd: release socket
[  761.097064][ T2950] vhci_hcd: disconnect device
[  762.512864][   T30] audit: type=1326 audit(1753214488.817:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12767 comm="syz.6.1573" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a1638e9a9 code=0x0
[  763.366707][T12820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1577'.
[  764.594480][T12831] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  769.302359][ T5934] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  769.465613][ T5934] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  769.807864][ T5934] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  769.891327][ T5934] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  769.942313][ T5934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.257302][T12880] NILFS (nullb0): couldn't find nilfs on the device
[  770.598883][ T5934] usb 2-1: usb_control_msg returned -32
[  770.605910][ T5934] usbtmc 2-1:16.0: can't read capabilities
[  771.205024][T12890] usbtmc 2-1:16.0: usb_control_msg returned -32
[  771.226390][ T5934] usb 2-1: USB disconnect, device number 16
[  771.652148][T12898] siw: device registration error -23
[  772.395141][T12905] batadv_slave_1: entered promiscuous mode
[  772.402746][T12905] batman_adv: batadv0: Removing interface: batadv_slave_1
[  775.193355][T12935] fuse: Bad value for 'fd'
[  776.589706][T12947] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  778.980974][T12973] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1621'.
[  779.623512][T12980] netlink: 'syz.3.1622': attribute type 10 has an invalid length.
[  779.640458][T12980] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1622'.
[  780.143853][T12972] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  780.157588][T12972] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  780.458501][T12980] team0: Port device geneve0 added
[  780.571061][T12972] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  780.585497][T12972] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.155530][T13002] No control pipe specified
[  781.184417][T12972] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  781.244062][T12972] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.458105][T12972] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  781.473296][T12972] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.872249][T12972] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  781.881385][T12972] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  782.006477][T12972] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  782.016025][T12972] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  782.036484][T12972] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  782.044835][T12972] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  782.660969][T13012] ubi: mtd0 is already attached to ubi31
[  782.687930][T12972] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  782.712636][T12972] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  783.215609][T13018] siw: device registration error -23
[  787.894715][T13062] No control pipe specified
[  791.992721][T12067] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  792.492298][T13077] fuse: Bad value for 'rootmode'
[  792.708719][T12067] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  792.717704][T12067] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  792.733610][T12067] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  792.746005][T12067] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  792.757156][T12067] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.766573][T12067] usb 1-1: Product: syz
[  792.770762][T12067] usb 1-1: Manufacturer: syz
[  792.802483][T12067] usb 1-1: SerialNumber: syz
[  794.563847][T12067] usb 1-1: 0:2 : does not exist
[  794.910672][T12067] usb 1-1: USB disconnect, device number 14
[  795.268047][ T6241] udevd[6241]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  795.815559][T13108] No control pipe specified
[  797.553707][T13119] fuse: Bad value for 'rootmode'
[  803.264867][T13170] fuse: Unknown parameter 'use00000000000000000000'
[  803.681098][T13180] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1679'.
[  803.724575][T13180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1679'.
[  804.757450][T13190] tipc: Started in network mode
[  804.763403][T13191] netlink: 'syz.6.1684': attribute type 10 has an invalid length.
[  804.791887][T13190] tipc: Node identity 12965ae208f1, cluster identity 4711
[  804.799664][T13190] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  804.828496][T13191] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  804.886645][T13189] tipc: Disabling bearer <eth:syzkaller0>
[  808.547793][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  808.554264][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  813.570511][T13271] fuse: Invalid rootmode
[  817.318118][T13300] netlink: 168 bytes leftover after parsing attributes in process `syz.6.1710'.
[  820.150282][T13346] atomic_op ffff888054c65998 conn xmit_atomic 0000000000000000
[  821.454385][T13355] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1716'.
[  821.543964][   T30] audit: type=1326 audit(1753214547.647:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13342 comm="syz.3.1714" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe305f8e9a9 code=0x0
[  821.566764][   T51] Bluetooth: Unexpected continuation frame (len 16)
[  821.678532][T13356] fuse: Invalid rootmode
[  826.834176][T13406] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  828.039654][T13419] fuse: Invalid rootmode
[  829.760139][T13414] fuse: Unknown parameter 'group_id00000000000000000000'
[  832.022436][T12095] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  832.228902][ T8483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  832.242337][ T8483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  832.548219][T12095] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  833.071022][T12095] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  833.125581][T12095] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  833.285393][T12095] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  833.441398][T12095] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.474042][T12095] usb 2-1: Product: syz
[  833.973389][T12095] usb 2-1: Manufacturer: syz
[  834.091498][T12095] usb 2-1: SerialNumber: syz
[  834.334189][T13472] fuse: Unknown parameter '00000000000000000000'
[  835.379223][T12095] usb 2-1: 0:2 : does not exist
[  836.143789][T12095] usb 2-1: USB disconnect, device number 17
[  836.596979][ T8995] udevd[8995]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  836.825688][T13484] netlink: 'syz.5.1749': attribute type 7 has an invalid length.
[  836.840567][T13484] : entered promiscuous mode
[  841.344333][T13523] fuse: Unknown parameter '00000000000000000000'
[  842.281198][T13529] trusted_key: encrypted_key: insufficient parameters specified
[  845.883259][T13547] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  846.238852][T13564] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  846.245484][T13564] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  846.290789][T13564] vhci_hcd vhci_hcd.0: Device attached
[  846.370537][T13566] vhci_hcd: connection closed
[  846.371008][ T8489] vhci_hcd: stop threads
[  846.463041][ T8489] vhci_hcd: release socket
[  846.468035][ T8489] vhci_hcd: disconnect device
[  848.177182][T13583] capability: warning: `syz.0.1772' uses deprecated v2 capabilities in a way that may be insecure
[  849.458920][T13583] fuse: Bad value for 'user_id'
[  849.464105][T13583] fuse: Bad value for 'user_id'
[  851.914860][T13619] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1780'.
[  852.954454][T13627] fuse: Unknown parameter 'user00000000000000000000'
[  853.334316][T13621] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  853.340981][T13621] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  853.757057][T13621] vhci_hcd vhci_hcd.0: Device attached
[  853.918509][T13626] vhci_hcd: connection closed
[  853.919771][ T7903] vhci_hcd: stop threads
[  853.929135][T12095] usb 35-1: new low-speed USB device number 5 using vhci_hcd
[  854.042928][T13636] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1784'.
[  854.301062][ T7903] vhci_hcd: release socket
[  854.336460][ T7903] vhci_hcd: disconnect device
[  856.592307][T13661] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  857.274589][T13674] fuse: Unknown parameter 'user00000000000000000000'
[  859.412416][T12095] vhci_hcd: vhci_device speed not set
[  859.877446][T13670] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1794'.
[  860.008728][T13707] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(13)
[  860.015388][T13707] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  860.292751][T13707] vhci_hcd vhci_hcd.0: Device attached
[  860.538080][T12067] usb 43-1: new low-speed USB device number 6 using vhci_hcd
[  860.565505][T13712] vhci_hcd: connection closed
[  860.566803][ T6161] vhci_hcd: stop threads
[  860.606616][ T6161] vhci_hcd: release socket
[  860.625885][ T6161] vhci_hcd: disconnect device
[  861.482911][T13721] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  861.980259][T13729] NILFS (nullb0): couldn't find nilfs on the device
[  865.882541][T12067] vhci_hcd: vhci_device speed not set
[  869.089573][T13799] fuse: Unknown parameter 'user_i00000000000000000000'
[  869.986951][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  869.993912][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  871.014629][T13804] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1829'.
[  871.029076][T13808] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  871.054424][T13804] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1829'.
[  877.477551][T13878] netlink: 'syz.6.1846': attribute type 20 has an invalid length.
[  878.145200][T13878] dvmrp17: entered allmulticast mode
[  878.252608][T13883] dvmrp17: left allmulticast mode
[  878.664965][T13878] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1846'.
[  880.102987][T13901] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1843'.
[  883.200568][T13925] block device autoloading is deprecated and will be removed.
[  883.209165][T13925] syz.6.1855: attempt to access beyond end of device
[  883.209165][T13925] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  885.279835][T13939] openvswitch: netlink: IP tunnel dst address not specified
[  886.564420][T13965] netlink: 'syz.0.1866': attribute type 10 has an invalid length.
[  886.846646][T13967] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  891.146093][T13973] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1867'.
[  892.987274][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  892.997152][   T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  892.997176][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  892.997189][   T51] Workqueue: hci4 hci_rx_work
[  892.997227][   T51] Call Trace:
[  892.997238][   T51]  <TASK>
[  892.997248][   T51]  dump_stack_lvl+0x189/0x250
[  892.997271][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  892.997297][   T51]  ? __pfx_dump_stack_lvl+0x10/0x10
[  892.997319][   T51]  ? __pfx__printk+0x10/0x10
[  892.997345][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  892.997366][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  892.997390][   T51]  ? kernfs_path_from_node+0x22c/0x260
[  892.997412][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  892.997438][   T51]  sysfs_create_dir_ns+0x259/0x280
[  892.997462][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  892.997487][   T51]  ? do_raw_spin_unlock+0x122/0x240
[  892.997516][   T51]  kobject_add_internal+0x59f/0xb40
[  892.997549][   T51]  kobject_add+0x155/0x220
[  892.997576][   T51]  ? __pfx_kobject_add+0x10/0x10
[  892.997599][   T51]  ? _raw_spin_unlock+0x28/0x50
[  892.997631][   T51]  ? get_device_parent+0x366/0x3a0
[  892.997663][   T51]  device_add+0x408/0xb50
[  892.997695][   T51]  hci_conn_add_sysfs+0xd5/0x1e0
[  892.997726][   T51]  le_conn_complete_evt+0xc3a/0x1220
[  892.997763][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  892.997788][   T51]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  892.997808][   T51]  ? __asan_memcpy+0x40/0x70
[  892.997835][   T51]  ? __pfx___mutex_lock+0x10/0x10
[  892.997856][   T51]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  892.997877][   T51]  ? skb_pull_data+0xfb/0x200
[  892.997902][   T51]  hci_le_conn_complete_evt+0x187/0x450
[  892.997933][   T51]  hci_event_packet+0x78f/0x1200
[  892.997955][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  892.997981][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  892.998001][   T51]  ? kcov_remote_start+0x4d3/0x7f0
[  892.998027][   T51]  ? lockdep_hardirqs_on+0x90/0x150
[  892.998060][   T51]  ? hci_send_to_monitor+0xe2/0x570
[  892.998088][   T51]  hci_rx_work+0x46a/0xe80
[  892.998116][   T51]  ? process_scheduled_works+0x9ef/0x17b0
[  892.998138][   T51]  process_scheduled_works+0xade/0x17b0
[  892.998187][   T51]  ? __pfx_process_scheduled_works+0x10/0x10
[  892.998224][   T51]  worker_thread+0x8a0/0xda0
[  892.998270][   T51]  kthread+0x711/0x8a0
[  892.998300][   T51]  ? __pfx_worker_thread+0x10/0x10
[  892.998320][   T51]  ? __pfx_kthread+0x10/0x10
[  892.998345][   T51]  ? _raw_spin_unlock_irq+0x23/0x50
[  892.998374][   T51]  ? lockdep_hardirqs_on+0x9c/0x150
[  892.998391][   T51]  ? __pfx_kthread+0x10/0x10
[  892.998416][   T51]  ret_from_fork+0x3fc/0x770
[  892.998437][   T51]  ? __pfx_ret_from_fork+0x10/0x10
[  892.998462][   T51]  ? __switch_to_asm+0x39/0x70
[  892.998483][   T51]  ? __switch_to_asm+0x33/0x70
[  892.998505][   T51]  ? __pfx_kthread+0x10/0x10
[  892.998531][   T51]  ret_from_fork_asm+0x1a/0x30
[  892.998570][   T51]  </TASK>
[  892.998597][   T51] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  893.297259][   T51] Bluetooth: hci4: failed to register connection device
[  898.392313][ T5934] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  899.083217][ T5934] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  899.092108][ T5934] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  899.149635][ T5934] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  899.189470][ T5934] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  899.425685][   T51] Bluetooth: hci4: unexpected event for opcode 0x201c
[  899.503423][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  899.512283][ T5934] usb 4-1: Product: syz
[  899.516657][ T5934] usb 4-1: Manufacturer: syz
[  899.521367][ T5934] usb 4-1: SerialNumber: syz
[  900.729095][T14090] netlink: 'syz.0.1903': attribute type 1 has an invalid length.
[  901.215808][ T5934] usb 4-1: 0:2 : does not exist
[  901.392573][T12067] usb 4-1: USB disconnect, device number 20
[  902.175904][T13935] udevd[13935]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  904.320806][T14119] 9pnet_fd: Insufficient options for proto=fd
[  905.345855][T14126] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  905.736848][T14133] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1913'.
[  908.129087][T14159] openvswitch: netlink: Geneve opt len 235 is not a multiple of 4.
[  908.422459][T14164] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1923'.
[  910.773424][T14184] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1928'.
[  911.689531][   T51] Bluetooth: Unexpected continuation frame (len 16)
[  911.709537][   T30] audit: type=1326 audit(1753214638.057:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14192 comm="syz.6.1931" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a1638e9a9 code=0x0
[  912.828451][T14207] openvswitch: netlink: Geneve opt len 235 is not a multiple of 4.
[  913.901791][   T30] audit: type=1326 audit(1753214640.207:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14199 comm="syz.1.1934" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b8738e9a9 code=0x0
[  915.564720][T14265] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  917.316251][T14285] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1945'.
[  917.939924][T14294] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  920.276323][T14315] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1953'.
[  920.300565][T14314] netlink: 'syz.0.1954': attribute type 20 has an invalid length.
[  921.010759][T14317] dvmrp17: entered allmulticast mode
[  921.025294][T14318] dvmrp17: left allmulticast mode
[  921.663027][T14313] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1954'.
[  922.327706][   T51] Bluetooth: hci1: unexpected event for opcode 0x201c
[  925.582585][ T5934] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  925.927757][ T5934] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  925.992710][ T5934] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  926.055772][ T5934] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  926.227283][ T5934] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  926.352975][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.361183][ T5934] usb 7-1: Product: syz
[  926.366012][ T5934] usb 7-1: Manufacturer: syz
[  926.370649][ T5934] usb 7-1: SerialNumber: syz
[  927.021768][ T5934] usb 7-1: 0:2 : does not exist
[  927.226307][ T5934] usb 7-1: USB disconnect, device number 14
[  927.357169][T14374] 9pnet_fd: Insufficient options for proto=fd
[  931.473123][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.479658][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  932.052283][T14408] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1977'.
[  938.127005][T14456] netlink: 'syz.1.1988': attribute type 10 has an invalid length.
[  938.135512][T14456] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1988'.
[  938.145432][T14456] dummy0: entered promiscuous mode
[  938.163975][T14456] bridge0: port 3(dummy0) entered blocking state
[  938.171058][T14456] bridge0: port 3(dummy0) entered disabled state
[  938.178193][T14456] dummy0: entered allmulticast mode
[  938.640166][T14454] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1987'.
[  942.311263][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  942.321206][   T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  942.321232][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  942.321247][   T51] Workqueue: hci1 hci_rx_work
[  942.321273][   T51] Call Trace:
[  942.321283][   T51]  <TASK>
[  942.321292][   T51]  dump_stack_lvl+0x189/0x250
[  942.321318][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  942.321351][   T51]  ? __pfx_dump_stack_lvl+0x10/0x10
[  942.321375][   T51]  ? __pfx__printk+0x10/0x10
[  942.321403][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  942.321427][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  942.321452][   T51]  ? kernfs_path_from_node+0x22c/0x260
[  942.321476][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  942.321504][   T51]  sysfs_create_dir_ns+0x259/0x280
[  942.321530][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  942.321556][   T51]  ? do_raw_spin_unlock+0x122/0x240
[  942.321588][   T51]  kobject_add_internal+0x59f/0xb40
[  942.321634][   T51]  kobject_add+0x155/0x220
[  942.321661][   T51]  ? __pfx_kobject_add+0x10/0x10
[  942.321685][   T51]  ? _raw_spin_unlock+0x28/0x50
[  942.321718][   T51]  ? get_device_parent+0x366/0x3a0
[  942.321751][   T51]  device_add+0x408/0xb50
[  942.321783][   T51]  hci_conn_add_sysfs+0xd5/0x1e0
[  942.321815][   T51]  le_conn_complete_evt+0xc3a/0x1220
[  942.321853][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  942.321879][   T51]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  942.321899][   T51]  ? __asan_memcpy+0x40/0x70
[  942.321927][   T51]  ? __pfx___mutex_lock+0x10/0x10
[  942.321948][   T51]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  942.321968][   T51]  ? skb_pull_data+0xfb/0x200
[  942.321993][   T51]  hci_le_conn_complete_evt+0x187/0x450
[  942.322028][   T51]  hci_event_packet+0x78f/0x1200
[  942.322051][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  942.322077][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  942.322099][   T51]  ? kcov_remote_start+0x4d3/0x7f0
[  942.322126][   T51]  ? lockdep_hardirqs_on+0x90/0x150
[  942.322148][   T51]  ? hci_send_to_monitor+0xe2/0x570
[  942.322177][   T51]  hci_rx_work+0x46a/0xe80
[  942.322205][   T51]  ? process_scheduled_works+0x9ef/0x17b0
[  942.322228][   T51]  process_scheduled_works+0xade/0x17b0
[  942.322274][   T51]  ? __pfx_process_scheduled_works+0x10/0x10
[  942.322312][   T51]  worker_thread+0x8a0/0xda0
[  942.322383][   T51]  kthread+0x711/0x8a0
[  942.322415][   T51]  ? __pfx_worker_thread+0x10/0x10
[  942.322450][   T51]  ? __pfx_kthread+0x10/0x10
[  942.322475][   T51]  ? _raw_spin_unlock_irq+0x23/0x50
[  942.322501][   T51]  ? lockdep_hardirqs_on+0x9c/0x150
[  942.322515][   T51]  ? __pfx_kthread+0x10/0x10
[  942.322542][   T51]  ret_from_fork+0x3fc/0x770
[  942.322564][   T51]  ? __pfx_ret_from_fork+0x10/0x10
[  942.322588][   T51]  ? __switch_to_asm+0x39/0x70
[  942.322610][   T51]  ? __switch_to_asm+0x33/0x70
[  942.322632][   T51]  ? __pfx_kthread+0x10/0x10
[  942.322658][   T51]  ret_from_fork_asm+0x1a/0x30
[  942.322695][   T51]  </TASK>
[  942.604850][    C1] vkms_vblank_simulate: vblank timer overrun
[  942.616774][   T51] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  942.630886][   T51] Bluetooth: hci1: failed to register connection device
[  942.755933][T14496] syzkaller0: entered promiscuous mode
[  942.784283][T14496] syzkaller0: entered allmulticast mode
[  943.520860][T14503] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2001'.
[  946.179783][T14530] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  947.443336][T12419] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  947.453946][T12419] CPU: 0 UID: 0 PID: 12419 Comm: kworker/u9:1 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  947.453971][T12419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  947.453983][T12419] Workqueue: hci3 hci_rx_work
[  947.454008][T12419] Call Trace:
[  947.454015][T12419]  <TASK>
[  947.454024][T12419]  dump_stack_lvl+0x189/0x250
[  947.454049][T12419]  ? kernfs_path_from_node+0x2c/0x260
[  947.454074][T12419]  ? __pfx_dump_stack_lvl+0x10/0x10
[  947.454096][T12419]  ? __pfx__printk+0x10/0x10
[  947.454122][T12419]  ? kernfs_path_from_node+0x2c/0x260
[  947.454143][T12419]  ? kernfs_path_from_node+0x2c/0x260
[  947.454167][T12419]  ? kernfs_path_from_node+0x22c/0x260
[  947.454189][T12419]  ? kernfs_path_from_node+0x2c/0x260
[  947.454232][T12419]  sysfs_create_dir_ns+0x259/0x280
[  947.454257][T12419]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  947.454282][T12419]  ? do_raw_spin_unlock+0x122/0x240
[  947.454314][T12419]  kobject_add_internal+0x59f/0xb40
[  947.454347][T12419]  kobject_add+0x155/0x220
[  947.454377][T12419]  ? __pfx_kobject_add+0x10/0x10
[  947.454402][T12419]  ? _raw_spin_unlock+0x28/0x50
[  947.454436][T12419]  ? get_device_parent+0x366/0x3a0
[  947.454470][T12419]  device_add+0x408/0xb50
[  947.454503][T12419]  hci_conn_add_sysfs+0xd5/0x1e0
[  947.454538][T12419]  le_conn_complete_evt+0xc3a/0x1220
[  947.454577][T12419]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  947.454610][T12419]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  947.454631][T12419]  ? __asan_memcpy+0x40/0x70
[  947.454662][T12419]  ? __pfx___mutex_lock+0x10/0x10
[  947.454684][T12419]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  947.454706][T12419]  ? skb_pull_data+0xfb/0x200
[  947.454733][T12419]  hci_le_conn_complete_evt+0x187/0x450
[  947.454776][T12419]  hci_event_packet+0x78f/0x1200
[  947.454799][T12419]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  947.454830][T12419]  ? __pfx_hci_event_packet+0x10/0x10
[  947.454852][T12419]  ? kcov_remote_start+0x4d3/0x7f0
[  947.454879][T12419]  ? lockdep_hardirqs_on+0x90/0x150
[  947.454900][T12419]  ? hci_send_to_monitor+0xe2/0x570
[  947.454929][T12419]  hci_rx_work+0x46a/0xe80
[  947.454957][T12419]  ? process_scheduled_works+0x9ef/0x17b0
[  947.454979][T12419]  process_scheduled_works+0xade/0x17b0
[  947.455027][T12419]  ? __pfx_process_scheduled_works+0x10/0x10
[  947.455064][T12419]  worker_thread+0x8a0/0xda0
[  947.455115][T12419]  ? __kthread_parkme+0x7b/0x200
[  947.455148][T12419]  kthread+0x711/0x8a0
[  947.455177][T12419]  ? __pfx_worker_thread+0x10/0x10
[  947.455198][T12419]  ? __pfx_kthread+0x10/0x10
[  947.455227][T12419]  ? _raw_spin_unlock_irq+0x23/0x50
[  947.455266][T12419]  ? lockdep_hardirqs_on+0x9c/0x150
[  947.455283][T12419]  ? __pfx_kthread+0x10/0x10
[  947.455309][T12419]  ret_from_fork+0x3fc/0x770
[  947.455329][T12419]  ? __pfx_ret_from_fork+0x10/0x10
[  947.455354][T12419]  ? __switch_to_asm+0x39/0x70
[  947.455375][T12419]  ? __switch_to_asm+0x33/0x70
[  947.455397][T12419]  ? __pfx_kthread+0x10/0x10
[  947.455423][T12419]  ret_from_fork_asm+0x1a/0x30
[  947.455461][T12419]  </TASK>
[  947.455486][T12419] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  947.574225][T12095] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  947.579399][T12419] Bluetooth: hci3: failed to register connection device
[  947.775418][T12095] usb 4-1: Using ep0 maxpacket: 8
[  947.944685][T12095] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  947.953271][T12095] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  947.961947][T12095] usb 4-1: config 0 has no interface number 0
[  947.972299][T12095] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  948.626359][T12095] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  948.652250][T12095] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  948.673566][T12095] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  948.692303][T12095] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  948.712255][T12095] usb 4-1: Product: syz
[  948.718989][T12095] usb 4-1: config 0 descriptor??
[  948.732929][T14540] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  949.247117][T12095] usb 4-1: USB disconnect, device number 21
[  951.483254][T14583] 9pnet_fd: Insufficient options for proto=fd
[  952.141023][   T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  952.158918][   T51] CPU: 0 UID: 0 PID: 51 Comm: kworker/u9:0 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  952.158935][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  952.158945][   T51] Workqueue: hci0 hci_rx_work
[  952.158961][   T51] Call Trace:
[  952.158967][   T51]  <TASK>
[  952.158973][   T51]  dump_stack_lvl+0x189/0x250
[  952.158990][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  952.159009][   T51]  ? __pfx_dump_stack_lvl+0x10/0x10
[  952.159023][   T51]  ? __pfx__printk+0x10/0x10
[  952.159042][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  952.159057][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  952.159073][   T51]  ? kernfs_path_from_node+0x22c/0x260
[  952.159088][   T51]  ? kernfs_path_from_node+0x2c/0x260
[  952.159111][   T51]  sysfs_create_dir_ns+0x259/0x280
[  952.159130][   T51]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  952.159147][   T51]  ? do_raw_spin_unlock+0x122/0x240
[  952.159168][   T51]  kobject_add_internal+0x59f/0xb40
[  952.159192][   T51]  kobject_add+0x155/0x220
[  952.159210][   T51]  ? __pfx_kobject_add+0x10/0x10
[  952.159226][   T51]  ? _raw_spin_unlock+0x28/0x50
[  952.159249][   T51]  ? get_device_parent+0x366/0x3a0
[  952.159272][   T51]  device_add+0x408/0xb50
[  952.159295][   T51]  hci_conn_add_sysfs+0xd5/0x1e0
[  952.159318][   T51]  le_conn_complete_evt+0xc3a/0x1220
[  952.159344][   T51]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  952.159362][   T51]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  952.159376][   T51]  ? __asan_memcpy+0x40/0x70
[  952.159395][   T51]  ? __pfx___mutex_lock+0x10/0x10
[  952.159410][   T51]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  952.159423][   T51]  ? skb_pull_data+0xfb/0x200
[  952.159441][   T51]  hci_le_conn_complete_evt+0x187/0x450
[  952.159462][   T51]  hci_event_packet+0x78f/0x1200
[  952.159477][   T51]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  952.159495][   T51]  ? __pfx_hci_event_packet+0x10/0x10
[  952.159509][   T51]  ? kcov_remote_start+0x4d3/0x7f0
[  952.159528][   T51]  ? lockdep_hardirqs_on+0x90/0x150
[  952.159544][   T51]  ? hci_send_to_monitor+0xe2/0x570
[  952.159563][   T51]  hci_rx_work+0x46a/0xe80
[  952.159582][   T51]  ? process_scheduled_works+0x9ef/0x17b0
[  952.159597][   T51]  process_scheduled_works+0xade/0x17b0
[  952.159630][   T51]  ? __pfx_process_scheduled_works+0x10/0x10
[  952.159655][   T51]  worker_thread+0x8a0/0xda0
[  952.159687][   T51]  kthread+0x711/0x8a0
[  952.159706][   T51]  ? __pfx_worker_thread+0x10/0x10
[  952.159719][   T51]  ? __pfx_kthread+0x10/0x10
[  952.159738][   T51]  ? _raw_spin_unlock_irq+0x23/0x50
[  952.159758][   T51]  ? lockdep_hardirqs_on+0x9c/0x150
[  952.159770][   T51]  ? __pfx_kthread+0x10/0x10
[  952.159788][   T51]  ret_from_fork+0x3fc/0x770
[  952.159802][   T51]  ? __pfx_ret_from_fork+0x10/0x10
[  952.159819][   T51]  ? __switch_to_asm+0x39/0x70
[  952.159834][   T51]  ? __switch_to_asm+0x33/0x70
[  952.159849][   T51]  ? __pfx_kthread+0x10/0x10
[  952.159867][   T51]  ret_from_fork_asm+0x1a/0x30
[  952.159894][   T51]  </TASK>
[  952.159911][   T51] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  952.461641][   T51] Bluetooth: hci0: failed to register connection device
[  954.025744][T14601] infiniband syz2: set down
[  954.030621][T14601] infiniband syz2: added bridge_slave_0
[  954.037377][T14601] syz2: rxe_create_cq: returned err = -12
[  954.043271][T14601] infiniband syz2: Couldn't create ib_mad CQ
[  954.049353][T14601] infiniband syz2: Couldn't open port 1
[  954.070664][T14601] RDS/IB: syz2: added
[  954.074993][T14601] smc: adding ib device syz2 with port count 1
[  954.081258][T14601] smc:    ib device syz2 port 1 has pnetid 
[  955.573643][T14613] syzkaller0: entered promiscuous mode
[  955.602893][T14613] syzkaller0: entered allmulticast mode
[  960.124741][T14667] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  961.573838][T14678] fuse: Unknown parameter '0x0000000000000006'
[  963.891669][   T30] audit: type=1326 audit(1753214690.247:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14690 comm="syz.6.2042" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a1638e9a9 code=0x0
[  963.912898][T12095] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  964.110204][T12095] usb 2-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice=9c.25
[  964.450724][T12095] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.488558][T12095] usb 2-1: Product: syz
[  964.545537][T12095] usb 2-1: Manufacturer: syz
[  964.561915][T12095] usb 2-1: SerialNumber: syz
[  964.617725][T12095] usb 2-1: config 0 descriptor??
[  964.734095][T12095] gspca_main: spca501-2.14.0 probing 0000:0000
[  964.847446][T12095] gspca_spca501: reg write: error -71
[  964.853279][T12095] spca501 2-1:0.0: Reg write failed for 0x02,0x0f,0x05
[  965.522823][T12095] spca501 2-1:0.0: probe with driver spca501 failed with error -22
[  966.038530][T12095] usb 2-1: Found UVC 0.00 device syz (0000:0000)
[  966.073634][T12095] usb 2-1: No valid video chain found.
[  966.138861][T12095] usb 2-1: USB disconnect, device number 18
[  966.377403][T14722] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2049'.
[  968.939796][T14726] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  969.506275][T14744] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2055'.
[  972.662061][T14766] openvswitch: netlink: Geneve opt len 255 is not a multiple of 4.
[  975.983039][T14788] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2067'.
[  979.100738][T14817] tmpfs: Bad value for 'huge'
[  980.221518][T14828] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  982.426169][T14846] ubi: mtd0 is already attached to ubi31
[  983.569920][T14855] rdma_rxe: rxe_newlink: failed to add bridge_slave_0
[  986.277913][T14878] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2089'.
[  986.287131][T14878] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2089'.
[  989.321745][T14907] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(14)
[  989.328499][T14907] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  989.342357][T14907] vhci_hcd vhci_hcd.0: Device attached
[  989.489214][T14909] vhci_hcd: connection closed
[  989.502324][ T1150] vhci_hcd: stop threads
[  989.588551][T12095] usb 35-1: new low-speed USB device number 6 using vhci_hcd
[  989.623649][ T1150] vhci_hcd: release socket
[  989.632531][ T1150] vhci_hcd: disconnect device
[  990.602442][T14920] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2100'.
[  990.618085][T14920] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2100'.
[  992.893556][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  992.900003][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  993.390631][T14952] netlink: 'syz.3.2105': attribute type 7 has an invalid length.
[  994.713847][T12095] vhci_hcd: vhci_device speed not set
[  997.015071][T14964] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.976091][T14986] ubi: mtd0 is already attached to ubi31
[  999.677366][T14998] trusted_key: encrypted_key: insufficient parameters specified
[ 1000.572556][   T30] audit: type=1326 audit(1753214726.377:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14997 comm="syz.6.2119" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a1638e9a9 code=0x0
[ 1000.573045][T12419] Bluetooth: Unexpected continuation frame (len 16)
[ 1003.579706][T15030] syzkaller0: entered promiscuous mode
[ 1003.585287][T15030] syzkaller0: entered allmulticast mode
[ 1004.693817][T15043] ubi: mtd0 is already attached to ubi31
[ 1008.754643][T12419] Bluetooth: Unexpected continuation frame (len 16)
[ 1008.853949][   T30] audit: type=1326 audit(1753214735.107:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15065 comm="syz.1.2134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b8738e9a9 code=0x0
[ 1011.578522][T15088] ubi: mtd0 is already attached to ubi31
[ 1016.772463][T12419] Bluetooth: Unexpected continuation frame (len 16)
[ 1016.889961][   T30] audit: type=1326 audit(1753214743.217:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b8738e9a9 code=0x0
[ 1018.995046][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1019.005479][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1019.026760][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1019.035815][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1019.045580][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1021.103193][   T51] Bluetooth: hci2: command tx timeout
[ 1022.055841][T15137] lo speed is unknown, defaulting to 1000
[ 1023.206844][   T51] Bluetooth: hci2: command tx timeout
[ 1025.262480][   T51] Bluetooth: hci2: command tx timeout
[ 1026.228868][T15192] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1026.964385][ T8483] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1027.222878][T15200] netlink: 'syz.1.2169': attribute type 1 has an invalid length.
[ 1027.373478][   T51] Bluetooth: hci2: command tx timeout
[ 1027.730893][ T8483] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1027.933939][ T8483] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1029.768398][ T8483] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1030.383546][T12068] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[ 1030.536134][T12068] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1030.582312][T12068] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1030.632226][T12068] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1030.699930][T12068] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1030.894957][T12068] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.970355][T15230] ubi: mtd0 is already attached to ubi31
[ 1031.668498][T15137] chnl_net:caif_netlink_parms(): no params data found
[ 1031.711726][T12068] usbtmc 6-1:16.0: bulk endpoints not found
[ 1031.893769][T15235] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2178'.
[ 1032.796354][ T8483] bridge_slave_1: left allmulticast mode
[ 1032.802050][ T8483] bridge_slave_1: left promiscuous mode
[ 1032.948782][ T8483] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1033.015152][ T8483] bridge_slave_0: left allmulticast mode
[ 1033.038713][ T8483] bridge_slave_0: left promiscuous mode
[ 1033.185898][T15249] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2180'.
[ 1033.523659][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1033.966225][T12067] usb 6-1: USB disconnect, device number 19
[ 1035.041800][ T8483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1035.097352][ T8483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1035.144156][ T8483] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1035.344747][ T8483] bond0 (unregistering): Released all slaves
[ 1035.476290][T15275] rdma_rxe: rxe_newlink: failed to add bridge_slave_0
[ 1036.029029][T15249] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2180'.
[ 1036.034729][ T8483] : left promiscuous mode
[ 1036.804938][T15137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1036.819501][T15137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1036.827915][T15137] bridge_slave_0: entered allmulticast mode
[ 1036.839379][T15137] bridge_slave_0: entered promiscuous mode
[ 1036.883780][T15137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1037.072742][T15137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1037.081003][T15137] bridge_slave_1: entered allmulticast mode
[ 1037.089373][T15137] bridge_slave_1: entered promiscuous mode
[ 1037.291874][T15297] siw: device registration error -23
[ 1038.549913][T15137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1038.607114][T15300] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1038.622105][T15137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1038.682252][T12068] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[ 1038.838316][T12068] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1038.856939][T12068] usb 4-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1038.886468][T12068] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1038.957109][T12068] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1038.972202][T12068] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1039.084893][T12068] usbtmc 4-1:16.0: bulk endpoints not found
[ 1039.236377][T15137] team0: Port device team_slave_0 added
[ 1039.289929][T15137] team0: Port device team_slave_1 added
[ 1039.405269][T15321] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2194'.
[ 1039.474442][ T8483] hsr_slave_0: left promiscuous mode
[ 1039.489692][ T8483] hsr_slave_1: left promiscuous mode
[ 1039.502733][ T8483] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1039.644798][T15326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2195'.
[ 1039.731847][T15329] netlink: 'syz.0.2193': attribute type 2 has an invalid length.
[ 1041.530456][T12068] usb 4-1: USB disconnect, device number 22
[ 1043.149143][ T8483] team0 (unregistering): Port device team_slave_1 removed
[ 1043.194115][ T8483] team0 (unregistering): Port device team_slave_0 removed
[ 1043.809566][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2205'.
[ 1043.876477][T15363] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1044.319891][T15375] syz2: rxe_newlink: already configured on bridge_slave_0
[ 1046.883190][T15137] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1046.939983][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.102534][T15137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1047.346125][T15137] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1047.407988][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.449900][T15137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1047.708349][T15397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1048.048467][T15406] ubi: mtd0 is already attached to ubi31
[ 1048.768782][T15137] hsr_slave_0: entered promiscuous mode
[ 1048.794961][T15137] hsr_slave_1: entered promiscuous mode
[ 1048.819077][T15410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2216'.
[ 1048.844508][T15137] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1048.877455][T15137] Cannot create hsr debugfs directory
[ 1050.704024][T15137] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1050.735976][T15137] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1051.097383][T15137] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1051.236269][T15137] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1052.220476][T15452] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1052.630591][T15137] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1053.582130][T15137] 8021q: adding VLAN 0 to HW filter on device team0
[ 1053.724445][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1053.731620][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1053.898874][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1053.906135][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1054.366811][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.376593][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.316586][T15482] netlink: 'syz.0.2232': attribute type 2 has an invalid length.
[ 1057.094910][   T30] audit: type=1326 audit(1753214783.457:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.1.2229" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b8738e9a9 code=0x0
[ 1058.924780][T15137] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1059.432784][T15515] 9pnet_fd: Insufficient options for proto=fd
[ 1061.863945][T15137] veth0_vlan: entered promiscuous mode
[ 1061.934687][T15542] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[ 1061.941334][T15542] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1061.980736][T15137] veth1_vlan: entered promiscuous mode
[ 1062.000274][T15542] vhci_hcd vhci_hcd.0: Device attached
[ 1062.065615][T15548] vhci_hcd: connection closed
[ 1062.065904][ T1138] vhci_hcd: stop threads
[ 1062.102821][T15543] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1062.155164][ T1138] vhci_hcd: release socket
[ 1062.176133][ T1138] vhci_hcd: disconnect device
[ 1062.182908][T12069] vhci_hcd: vhci_device speed not set
[ 1062.296246][T15137] veth0_macvtap: entered promiscuous mode
[ 1062.366506][T15137] veth1_macvtap: entered promiscuous mode
[ 1062.461500][T15137] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1062.514259][T15137] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1062.545630][T15137] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.573317][T15137] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.592353][T15137] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.661966][T15137] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.985661][ T8483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1064.585536][ T8483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1064.637555][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1064.648200][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1065.074863][   T30] audit: type=1326 audit(1753214791.437:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15563 comm="syz.0.2246" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f222c58e9a9 code=0x0
[ 1068.052040][T15607] io-wq is not configured for unbound workers
[ 1070.994423][T15635] netlink: 'syz.3.2259': attribute type 1 has an invalid length.
[ 1071.440311][T15624] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(14)
[ 1071.446932][T15624] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1071.532425][T15624] vhci_hcd vhci_hcd.0: Device attached
[ 1071.879385][T12068] usb 35-1: new low-speed USB device number 7 using vhci_hcd
[ 1072.242691][T15637] vhci_hcd: connection reset by peer
[ 1072.598098][ T8489] vhci_hcd: stop threads
[ 1072.602755][ T8489] vhci_hcd: release socket
[ 1072.608965][ T8489] vhci_hcd: disconnect device
[ 1077.422265][T12068] vhci_hcd: vhci_device speed not set
[ 1085.208568][T15779] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2287'.
[ 1086.621717][T15790] Cannot find add_set index 0 as target
[ 1087.290528][T15793] netlink: 'syz.0.2291': attribute type 2 has an invalid length.
[ 1087.359976][T15793] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2291'.
[ 1088.736340][T15807] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1090.410601][T15829] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1093.052091][T15846] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340
[ 1093.142703][T15849] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2305'.
[ 1093.183731][T15849] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2305'.
[ 1094.342293][T15858] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1097.185569][T15890] siw: device registration error -23
[ 1098.647893][T15908] Cannot find add_set index 0 as target
[ 1100.988503][T15938] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2321'.
[ 1106.987191][T15988] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1108.647392][T16015] syz.1.2338: attempt to access beyond end of device
[ 1108.647392][T16015] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0
[ 1108.857430][T16015] EXT4-fs (nbd1): unable to read superblock
[ 1109.530267][T16022] binder: 16013:16022 ioctl 4018620d 0 returned -22
[ 1110.284951][T16032] : entered promiscuous mode
[ 1114.601358][T16062] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1115.747393][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.753777][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.071087][T16090] syz.7.2352 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1117.513154][T16100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1120.917359][T16131] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1122.303225][T16155] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2362'.
[ 1122.312476][T16155] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2362'.
[ 1124.679536][T16176] 9pnet: Could not find request transport: ff
[ 1124.947127][   T51] Bluetooth: hci3: unexpected subevent 0x0a length: 55 > 30
[ 1124.954582][   T51] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[ 1129.925939][T16226] netlink: 'syz.7.2378': attribute type 1 has an invalid length.
[ 1130.105370][T16229] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1130.117309][T15594] kernel read not supported for file /vga_arbiter (pid: 15594 comm: kworker/1:0)
[ 1137.090955][T16304] fuse: Bad value for 'fd'
[ 1145.578449][T16398] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2414'.
[ 1150.181950][T16445] openvswitch: netlink: Geneve opt len 91 is not a multiple of 4.
[ 1152.170794][T16460] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2430'.
[ 1157.647527][ T1138] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1159.333731][T12069] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1159.524054][T12069] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[ 1159.533299][T12069] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.574527][T12069] usb 6-1: Product: syz
[ 1159.602184][T12069] usb 6-1: Manufacturer: syz
[ 1159.617073][T12069] usb 6-1: SerialNumber: syz
[ 1159.631290][T12069] usb 6-1: config 0 descriptor??
[ 1159.648286][T16530] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2444'.
[ 1159.662288][T16514] Bluetooth: hci4: command 0x1003 tx timeout
[ 1159.668413][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1160.631517][T12069] usb 6-1: ignoring: probably an ADSL modem
[ 1163.576575][T16566] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2451'.
[ 1165.684821][T16576] trusted_key: encrypted_key: insufficient parameters specified
[ 1166.410531][T12069] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[ 1167.864896][T12067] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1167.945334][T16594] bridge1: entered promiscuous mode
[ 1168.113370][T16594] bridge1: entered allmulticast mode
[ 1168.274142][T16599] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2459'.
[ 1168.289770][T16599] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[ 1168.423816][T12067] usb 4-1: Using ep0 maxpacket: 8
[ 1168.462233][T15594] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1168.489338][T15597] usb 6-1: USB disconnect, device number 20
[ 1168.491157][T12067] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1168.524628][T12067] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1168.607161][T12067] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1168.621850][T12067] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1168.645671][T12067] usb 4-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[ 1168.654947][T12067] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.662348][T15594] usb 2-1: Using ep0 maxpacket: 8
[ 1168.667110][T12067] usb 4-1: Product: syz
[ 1168.673854][T12067] usb 4-1: Manufacturer: syz
[ 1168.678595][T12067] usb 4-1: SerialNumber: syz
[ 1168.689280][T12067] usb 4-1: config 0 descriptor??
[ 1168.853575][T15594] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1168.895026][T15594] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1168.907218][T15594] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1169.682508][T12067] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input21
[ 1169.689198][T15594] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1169.802796][T12067] imon:send_packet: packet tx failed (-71)
[ 1169.821664][T15594] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1169.822564][T12067] imon 4-1:0.0: panel buttons/knobs setup failed
[ 1169.895451][T15594] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1169.997846][T15594] usb 2-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1170.028282][T15594] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1170.894002][T15594] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1170.912181][T12067] rc_core: IR keymap rc-imon-pad not found
[ 1170.918197][T12067] Registered IR keymap rc-empty
[ 1170.962401][T12067] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1171.013010][T12067] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1171.038682][T12067] imon:send_packet: packet tx failed (-71)
[ 1171.068731][T15594] usb 2-1: string descriptor 0 read error: -71
[ 1171.082417][T12067] imon 4-1:0.0: remote input dev register failed
[ 1171.095875][T12067] imon 4-1:0.0: imon_init_intf0: rc device setup failed
[ 1171.116601][T15594] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1171.696746][T15594] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1171.857678][T16633] trusted_key: encrypted_key: insufficient parameters specified
[ 1171.952687][T15594] usb 2-1: can't set config #168, error -71
[ 1171.978693][T12067] imon 4-1:0.0: unable to initialize intf0, err 0
[ 1171.987268][T12067] imon:imon_probe: failed to initialize context!
[ 1172.000682][T12067] imon 4-1:0.0: unable to register, err -19
[ 1172.118701][T15594] usb 2-1: USB disconnect, device number 19
[ 1172.195974][T12067] usb 4-1: USB disconnect, device number 23
[ 1172.402290][   T30] audit: type=1326 audit(1753214898.747:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16631 comm="syz.1.2468" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b8738e9a9 code=0x0
[ 1174.663758][T16670] atomic_op ffff888030766198 conn xmit_atomic 0000000000000000
[ 1175.753167][T16680] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1176.568569][T16690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2479'.
[ 1176.577669][T16690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2479'.
[ 1176.591028][T16690] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2479'.
[ 1176.600038][T16690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2479'.
[ 1177.197708][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.208616][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.454244][ T8489] sl0: compressed packet ignored
[ 1177.536682][T16695] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2481'.
[ 1177.550899][T16695] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2481'.
[ 1178.097633][T16697] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1178.663044][T16702] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2484'.
[ 1178.953433][T16709] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1179.262194][   T30] audit: type=1326 audit(1753214905.617:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16698 comm="syz.7.2483" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f43f3f8e9a9 code=0x0
[ 1182.304078][T16757] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1186.658450][   T30] audit: type=1326 audit(1753214913.017:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16776 comm="syz.0.2499" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f222c58e9a9 code=0x0
[ 1187.719515][T16806] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1190.754711][T16834] netlink: 'syz.3.2513': attribute type 10 has an invalid length.
[ 1190.896514][T16834] 8021q: adding VLAN 0 to HW filter on device team0
[ 1190.956376][T16834] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1192.219545][T16846] 9p: Unknown Cache mode or invalid value fsca
[ 1192.730916][T16840] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(14)
[ 1192.737576][T16840] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1192.893154][T16840] vhci_hcd vhci_hcd.0: Device attached
[ 1193.053592][T16852] vhci_hcd: connection closed
[ 1193.058401][   T36] vhci_hcd: stop threads
[ 1193.481473][   T36] vhci_hcd: release socket
[ 1193.511781][   T36] vhci_hcd: disconnect device
[ 1195.765015][T16878] openvswitch: netlink: Geneve opt len 174 is not a multiple of 4.
[ 1196.247777][   T51] Bluetooth: hci2: unexpected event for opcode 0x201c
[ 1197.090249][T16891] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2524'.
[ 1197.742137][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20330 ms
[ 1197.750529][    C0] sl0: transmit timed out, driver error?
[ 1198.494512][T16903] 9p: Unknown Cache mode or invalid value fsca
[ 1200.951390][T16929] openvswitch: netlink: Geneve opt len 215 is not a multiple of 4.
[ 1202.633811][T16943] nft_compat: unsupported protocol 1
[ 1203.017650][T16953] 9p: Unknown Cache mode or invalid value fsca
[ 1203.965726][T16967] openvswitch: netlink: Geneve opt len 215 is not a multiple of 4.
[ 1204.009806][   T51] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1204.272284][T12067] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[ 1204.305415][T16974] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(15)
[ 1204.312076][T16974] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1204.340013][T16974] vhci_hcd vhci_hcd.0: Device attached
[ 1204.394505][T16978] vhci_hcd: connection closed
[ 1204.399073][ T6373] vhci_hcd: stop threads
[ 1204.416270][ T6373] vhci_hcd: release socket
[ 1204.429771][ T6373] vhci_hcd: disconnect device
[ 1204.442355][T12067] usb 1-1: Using ep0 maxpacket: 8
[ 1204.454141][T12067] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1204.478295][T12067] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1204.519739][T12067] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1204.554135][T12067] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1204.802437][T12067] usb 1-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[ 1204.822213][T12067] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.837205][T12067] usb 1-1: Product: syz
[ 1204.843519][T12067] usb 1-1: Manufacturer: syz
[ 1204.848142][T12067] usb 1-1: SerialNumber: syz
[ 1204.883364][T12067] usb 1-1: config 0 descriptor??
[ 1204.911107][T12067] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input23
[ 1205.109184][T12067] imon:send_packet: packet tx failed (-71)
[ 1205.142305][T12067] imon 1-1:0.0: panel buttons/knobs setup failed
[ 1205.682206][T12067] rc_core: IR keymap rc-imon-pad not found
[ 1205.688171][T12067] Registered IR keymap rc-empty
[ 1205.712289][T12067] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1206.621345][T12067] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1206.642389][T12067] imon:send_packet: packet tx failed (-71)
[ 1206.749104][T12067] imon 1-1:0.0: remote input dev register failed
[ 1206.782554][T12067] imon 1-1:0.0: imon_init_intf0: rc device setup failed
[ 1206.874919][T12067] imon 1-1:0.0: unable to initialize intf0, err 0
[ 1206.890517][T12067] imon:imon_probe: failed to initialize context!
[ 1206.908915][T12067] imon 1-1:0.0: unable to register, err -19
[ 1206.958902][T12067] usb 1-1: USB disconnect, device number 15
[ 1207.203608][T17000] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1207.225148][T17000] syzkaller0: MTU too low for tipc bearer
[ 1207.230929][T17000] tipc: Disabling bearer <eth:syzkaller0>
[ 1207.870596][T17010] netlink: 'syz.5.2556': attribute type 10 has an invalid length.
[ 1207.884341][T17010] 8021q: adding VLAN 0 to HW filter on device team0
[ 1207.965695][T17010] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1208.167693][T17010] loop7: detected capacity change from 0 to 16384
[ 1208.359658][T17012] 9p: Unknown Cache mode or invalid value fscach
[ 1208.594084][T17015] openvswitch: netlink: Geneve opt len 215 is not a multiple of 4.
[ 1211.112950][T12067] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1211.375677][T17049] 9p: Unknown Cache mode or invalid value fscach
[ 1211.692213][T12067] usb 4-1: Using ep0 maxpacket: 8
[ 1211.694494][   T51] Bluetooth: hci3: unexpected event for opcode 0x201c
[ 1211.708189][T12067] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1211.861176][T12067] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1211.873153][T12067] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1211.885073][T12067] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1211.958405][   T30] audit: type=1326 audit(1753214938.287:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17043 comm="syz.0.2568" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f222c58e9a9 code=0x0
[ 1212.137559][T12067] usb 4-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[ 1212.192596][T12067] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.271890][T12067] usb 4-1: Product: syz
[ 1212.282020][T12067] usb 4-1: Manufacturer: syz
[ 1212.291953][T12067] usb 4-1: SerialNumber: syz
[ 1212.301781][T17056] openvswitch: netlink: IP tunnel dst address not specified
[ 1212.310554][T12067] usb 4-1: config 0 descriptor??
[ 1212.330548][T12067] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input25
[ 1212.542465][T12067] imon:send_packet: packet tx failed (-71)
[ 1212.762223][T12067] imon 4-1:0.0: panel buttons/knobs setup failed
[ 1213.007760][T12067] rc_core: IR keymap rc-imon-pad not found
[ 1213.041824][T12067] Registered IR keymap rc-empty
[ 1213.072276][T12067] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1213.105302][T12067] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1213.370941][T12067] imon:send_packet: packet tx failed (-71)
[ 1213.608927][T17069] bridge1: entered promiscuous mode
[ 1213.614294][T17069] bridge1: entered allmulticast mode
[ 1214.368476][T17071] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1214.388200][T12067] imon 4-1:0.0: remote input dev register failed
[ 1214.394933][T12067] imon 4-1:0.0: imon_init_intf0: rc device setup failed
[ 1214.912741][T12067] imon 4-1:0.0: unable to initialize intf0, err 0
[ 1214.920477][T12067] imon:imon_probe: failed to initialize context!
[ 1214.927455][T12067] imon 4-1:0.0: unable to register, err -19
[ 1215.167292][T17081] bridge1: entered promiscuous mode
[ 1215.172727][T17081] bridge1: entered allmulticast mode
[ 1215.451890][T12067] usb 4-1: USB disconnect, device number 24
[ 1215.929286][T17085] netlink: 'syz.3.2578': attribute type 1 has an invalid length.
[ 1216.541837][T17090] 9p: Unknown Cache mode or invalid value fscach
[ 1219.205270][   T30] audit: type=1326 audit(1753214945.567:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17102 comm="syz.1.2584" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b8738e9a9 code=0x0
[ 1220.573678][T17125] bridge2: entered promiscuous mode
[ 1220.579102][T17125] bridge2: entered allmulticast mode
[ 1221.773403][   T51] Bluetooth: hci1: unexpected event for opcode 0x201c
[ 1222.019986][T17133] 9pnet_fd: Insufficient options for proto=fd
[ 1223.606154][T17154] netlink: 'syz.0.2598': attribute type 1 has an invalid length.
[ 1224.277926][T17161] netlink: 'syz.7.2599': attribute type 8 has an invalid length.
[ 1224.974289][T17167] bridge2: entered promiscuous mode
[ 1224.979716][T17167] bridge2: entered allmulticast mode
[ 1226.166095][   T51] Bluetooth: hci2: unexpected event for opcode 0x201c
[ 1226.865774][   T30] audit: type=1326 audit(1753214953.227:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17178 comm="syz.5.2604" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd11338e9a9 code=0x0
[ 1227.190424][T17184] 9pnet_fd: Insufficient options for proto=fd
[ 1227.470254][T17192] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1228.385125][T12067] kernel read not supported for file /vga_arbiter (pid: 12067 comm: kworker/0:8)
[ 1229.428381][T17208] bridge3: entered promiscuous mode
[ 1229.433806][T17208] bridge3: entered allmulticast mode
[ 1230.308751][   T51] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1230.925185][T17221] netlink: 'syz.7.2617': attribute type 1 has an invalid length.
[ 1230.937126][T17227] 9pnet_fd: Insufficient options for proto=fd
[ 1231.971358][T17233] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1233.591689][T17254] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1234.233016][T17259] rdma_rxe: rxe_newlink: failed to add bridge_slave_0
[ 1235.843861][   T51] Bluetooth: hci1: unexpected event for opcode 0x201c
[ 1237.448237][T17283] netlink: 'syz.0.2632': attribute type 1 has an invalid length.
[ 1238.627313][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.633830][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.654463][ T7887] sl0: compressed packet ignored
[ 1241.199740][   T51] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1242.472240][T15594] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[ 1245.435233][T12069] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1245.638331][T12069] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a
[ 1245.662570][T12069] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.712328][T12069] usb 2-1: Product: syz
[ 1245.716549][T12069] usb 2-1: Manufacturer: syz
[ 1245.729336][T12069] usb 2-1: SerialNumber: syz
[ 1245.753143][T12069] usb 2-1: config 0 descriptor??
[ 1246.588541][T12069] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1246.595363][T12069] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[ 1246.612400][T12069] usb 2-1: USB disconnect, device number 21
[ 1248.093673][   T51] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1252.173594][T17409] bridge2: entered promiscuous mode
[ 1252.179005][T17409] bridge2: entered allmulticast mode
[ 1253.144843][T17415] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2667'.
[ 1253.848299][   T51] Bluetooth: hci1: unexpected event for opcode 0x201c
[ 1255.133237][T12069] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1255.597403][T12069] usb 2-1: Using ep0 maxpacket: 8
[ 1256.763689][T12069] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1256.805166][T12069] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1256.842146][T12069] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1256.872483][T12069] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1256.911609][T12069] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[ 1256.941074][T12069] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1256.971453][T12069] usb 2-1: Product: syz
[ 1256.981573][T12069] usb 2-1: Manufacturer: syz
[ 1256.991888][T12069] usb 2-1: SerialNumber: syz
[ 1257.023180][T12069] usb 2-1: config 0 descriptor??
[ 1257.032318][T12069] usb 2-1: can't set config #0, error -71
[ 1257.066943][T12069] usb 2-1: USB disconnect, device number 22
[ 1257.967756][T17452] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2678'.
[ 1258.343148][T17457] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1258.912130][T17461] bridge3: entered promiscuous mode
[ 1258.917582][T17461] bridge3: entered allmulticast mode
[ 1259.102137][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20450 ms
[ 1259.110254][    C0] sl0: transmit timed out, driver error?
[ 1259.260621][T12069] kernel read not supported for file /vga_arbiter (pid: 12069 comm: kworker/0:10)
[ 1259.802410][   T51] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1262.276871][T17489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1267.942106][T17543] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1273.830605][T17590] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1275.473186][T17607] netlink: 'syz.0.2717': attribute type 10 has an invalid length.
[ 1275.572682][T17607] loop7: detected capacity change from 0 to 16384
[ 1276.518165][T16514] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1276.529318][T16514] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1276.537787][T16514] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1276.573619][T16514] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1276.581615][T16514] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1277.225010][T17626] lo speed is unknown, defaulting to 1000
[ 1279.021631][T16514] Bluetooth: hci3: command tx timeout
[ 1279.962276][T17246] dummy0: left allmulticast mode
[ 1279.967939][T17246] bridge0: port 3(dummy0) entered disabled state
[ 1280.403003][T17246] bridge_slave_1: left allmulticast mode
[ 1280.502493][T17246] bridge_slave_1: left promiscuous mode
[ 1280.508303][T17246] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1280.676063][T17246] bridge_slave_0: left allmulticast mode
[ 1280.681852][T17246] bridge_slave_0: left promiscuous mode
[ 1280.688293][T17246] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1281.102212][T16514] Bluetooth: hci3: command tx timeout
[ 1282.230566][T17683] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[ 1282.237241][T17683] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1282.289348][T17683] vhci_hcd vhci_hcd.0: Device attached
[ 1282.440570][T17684] vhci_hcd: connection closed
[ 1282.441010][ T1150] vhci_hcd: stop threads
[ 1282.461217][ T1150] vhci_hcd: release socket
[ 1282.477097][ T1150] vhci_hcd: disconnect device
[ 1283.183095][T16514] Bluetooth: hci3: command tx timeout
[ 1283.479362][T17246] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1283.517726][T17246] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1283.529112][T17246] bond0 (unregistering): Released all slaves
[ 1283.779673][T17246] : left promiscuous mode
[ 1284.265939][T17246] tipc: Left network mode
[ 1285.262240][T16514] Bluetooth: hci3: command tx timeout
[ 1287.449538][T17626] chnl_net:caif_netlink_parms(): no params data found
[ 1287.551770][T17738] evm: overlay not supported
[ 1287.733888][T15597] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1287.922495][T15597] usb 4-1: device descriptor read/64, error -71
[ 1287.936052][T17744] fuseblk: Bad value for 'fd'
[ 1288.176228][T17246] hsr_slave_0: left promiscuous mode
[ 1288.199473][T17246] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1288.254679][T17246] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1288.351769][T15597] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1288.502154][T15597] usb 4-1: device descriptor read/64, error -71
[ 1288.616511][T15597] usb usb4-port1: attempt power cycle
[ 1288.962143][T15597] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1289.013133][T15597] usb 4-1: device descriptor read/8, error -71
[ 1289.262763][T15597] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1289.310074][T15597] usb 4-1: device descriptor read/8, error -71
[ 1289.541184][T15597] usb usb4-port1: unable to enumerate USB device
[ 1290.147890][T17768] rdma_rxe: rxe_newlink: failed to add bridge_slave_0
[ 1290.733010][T17246] team0 (unregistering): Port device team_slave_1 removed
[ 1290.956211][T17246] team0 (unregistering): Port device team_slave_0 removed
[ 1292.674750][T17783] ubi: mtd0 is already attached to ubi31
[ 1292.872303][T15594] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1293.044716][T15594] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1293.063722][T15594] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1293.082184][T15594] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1293.091769][T15594] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1293.191056][T15594] usb 4-1: config 0 descriptor??
[ 1293.850287][T17626] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1293.858932][T17626] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.866225][T17626] bridge_slave_0: entered allmulticast mode
[ 1293.875216][T17626] bridge_slave_0: entered promiscuous mode
[ 1293.885310][T17626] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1293.892524][T17626] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1293.899809][T17626] bridge_slave_1: entered allmulticast mode
[ 1293.998969][T15594] usb 4-1: language id specifier not provided by device, defaulting to English
[ 1294.023112][T17626] bridge_slave_1: entered promiscuous mode
[ 1294.598144][T15594] uclogic 0003:256C:006D.0005: failed retrieving Huion firmware version: -71
[ 1294.653188][T15594] uclogic 0003:256C:006D.0005: failed probing parameters: -71
[ 1294.661429][T15594] uclogic 0003:256C:006D.0005: probe with driver uclogic failed with error -71
[ 1294.734667][T15594] usb 4-1: USB disconnect, device number 29
[ 1294.865782][T17626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1294.904585][T17626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1295.761256][T17626] team0: Port device team_slave_0 added
[ 1295.786187][T17626] team0: Port device team_slave_1 added
[ 1296.385054][T17626] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1296.413826][T17626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1296.632876][T17626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1297.408943][T17626] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1297.437939][T17626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1297.578142][T17626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1297.650630][T17816] bridge2: entered promiscuous mode
[ 1297.656345][T17816] bridge2: entered allmulticast mode
[ 1299.357636][T17626] hsr_slave_0: entered promiscuous mode
[ 1299.921610][T17626] hsr_slave_1: entered promiscuous mode
[ 1299.927964][T17626] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1299.935739][T17626] Cannot create hsr debugfs directory
[ 1300.157058][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.169800][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.231220][ T1150] sl0: compressed packet ignored
[ 1304.448782][T17876] ubi: mtd0 is already attached to ubi31
[ 1306.314673][T17897] tmpfs: Bad value for 'mpol'
[ 1306.991934][T17626] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1307.058194][T17626] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1307.097634][T17626] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1307.188684][T17626] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1307.672646][   T51] Bluetooth: hci2: command 0x0405 tx timeout
[ 1307.729670][T17626] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1307.780742][T17626] 8021q: adding VLAN 0 to HW filter on device team0
[ 1307.827637][ T7887] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1307.834800][ T7887] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1307.869453][ T7887] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1307.876591][ T7887] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1308.726117][T17926] netlink: 161716 bytes leftover after parsing attributes in process `syz.5.2776'.
[ 1309.213872][T17626] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1310.549230][T17626] veth0_vlan: entered promiscuous mode
[ 1310.616952][T17626] veth1_vlan: entered promiscuous mode
[ 1311.052249][T17626] veth0_macvtap: entered promiscuous mode
[ 1311.139819][T17626] veth1_macvtap: entered promiscuous mode
[ 1311.296489][T17626] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1311.343783][T17626] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1311.940092][T17626] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1311.955478][T17626] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1311.965243][T17626] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1311.974077][T17626] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1313.052713][T16514] Bluetooth: hci1: unexpected event for opcode 0x201c
[ 1314.692792][ T7887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1314.896493][ T7887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1315.184956][ T7887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1315.362103][ T7887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1315.718064][T17980] ubi: mtd0 is already attached to ubi31
[ 1317.886041][T17992] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1318.034242][T18000] netlink: 'syz.5.2791': attribute type 10 has an invalid length.
[ 1318.043636][T18000] hsr0: entered promiscuous mode
[ 1318.052212][T18000] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[ 1318.069849][T18000] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 1318.082481][T18000] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[ 1319.455156][T16514] Bluetooth: hci5: unexpected event for opcode 0x201c
[ 1321.109672][T18024] usb usb8: usbfs: process 18024 (syz.0.2796) did not claim interface 0 before use
[ 1321.182088][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 21000 ms
[ 1321.190158][    C0] sl0: transmit timed out, driver error?
[ 1321.698789][T18035] atomic_op ffff888079a69198 conn xmit_atomic 0000000000000000
[ 1321.893814][T15597] IPVS: starting estimator thread 0...
[ 1321.981168][T12889] syz_tun (unregistering): left promiscuous mode
[ 1322.002135][T18036] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1323.322560][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1323.332099][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1323.343930][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1323.357469][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1323.367974][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1324.427413][T18046] lo speed is unknown, defaulting to 1000
[ 1325.452172][   T51] Bluetooth: hci1: command tx timeout
[ 1326.789852][   T59] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1327.085673][   T59] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1327.502905][   T51] Bluetooth: hci1: command tx timeout
[ 1327.567251][   T59] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1327.580894][   T59] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1328.143600][   T59] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1328.166485][   T59] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1328.440775][T15594] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1328.471218][T18046] chnl_net:caif_netlink_parms(): no params data found
[ 1328.632309][T15594] usb 6-1: Using ep0 maxpacket: 8
[ 1328.839426][T15594] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1329.045221][T15594] usb 6-1: config 0 has no interfaces?
[ 1329.097049][   T59] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1329.263740][   T59] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1329.282400][T15594] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1329.291502][T15594] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1329.332074][T15594] usb 6-1: Product: syz
[ 1329.336298][T15594] usb 6-1: Manufacturer: syz
[ 1329.340924][T15594] usb 6-1: SerialNumber: syz
[ 1329.375123][T15594] usb 6-1: config 0 descriptor??
[ 1329.683227][   T51] Bluetooth: hci1: command tx timeout
[ 1331.856783][   T51] Bluetooth: hci1: command tx timeout
[ 1332.216195][T18128] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1332.687212][T15594] usb 6-1: USB disconnect, device number 21
[ 1332.830518][T18046] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1333.075892][T18046] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1333.292495][T18046] bridge_slave_0: entered allmulticast mode
[ 1333.405455][T18046] bridge_slave_0: entered promiscuous mode
[ 1333.425782][T18144] bridge3: entered promiscuous mode
[ 1333.431065][T18144] bridge3: entered allmulticast mode
[ 1333.441529][T18046] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1333.552482][T18046] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1333.559779][T18046] bridge_slave_1: entered allmulticast mode
[ 1333.630170][T18046] bridge_slave_1: entered promiscuous mode
[ 1334.385272][T18046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1334.397630][T18046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1335.053878][T18046] team0: Port device team_slave_0 added
[ 1335.654459][T18046] team0: Port device team_slave_1 added
[ 1336.681982][   T59] bridge_slave_1: left allmulticast mode
[ 1336.702938][   T59] bridge_slave_1: left promiscuous mode
[ 1336.724084][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1336.749032][   T59] bridge_slave_0: left allmulticast mode
[ 1336.762207][   T59] bridge_slave_0: left promiscuous mode
[ 1336.778196][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1337.503051][T18187] fuse: Bad value for 'fd'
[ 1337.651818][   T59] team0: Port device geneve0 removed
[ 1340.061472][T18204] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2826'.
[ 1340.071569][T18204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2826'.
[ 1340.393193][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1340.555932][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1340.586684][   T59] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1340.598163][   T59] bond0 (unregistering): Released all slaves
[ 1340.652939][T18046] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1340.659909][T18046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1340.894013][T18046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1340.908589][T18046] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1340.919665][T18046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1340.952120][T18046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1341.589415][T18196] bridge3: entered promiscuous mode
[ 1341.594710][T18196] bridge3: entered allmulticast mode
[ 1341.929503][T18046] hsr_slave_0: entered promiscuous mode
[ 1341.938470][T18046] hsr_slave_1: entered promiscuous mode
[ 1341.944790][T18046] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1341.955898][T18046] Cannot create hsr debugfs directory
[ 1343.506796][   T59] : left promiscuous mode
[ 1343.660466][   T59] tipc: Left network mode
[ 1343.717233][T18240] atomic_op ffff888021f9c998 conn xmit_atomic 0000000000000000
[ 1343.725421][T15597] IPVS: starting estimator thread 0...
[ 1343.812156][T18241] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1345.418428][T18261] bridge4: entered promiscuous mode
[ 1345.423935][T18261] bridge4: entered allmulticast mode
[ 1348.182669][T18276] bridge4: entered promiscuous mode
[ 1348.188021][T18276] bridge4: entered allmulticast mode
[ 1348.313347][   T59] batadv_slave_0: left promiscuous mode
[ 1348.341728][   T59] hsr_slave_0: left promiscuous mode
[ 1348.364866][   T59] hsr_slave_1: left promiscuous mode
[ 1348.596376][   T59] batman_adv: batadv0: Interface deactivated: dummy0
[ 1348.603240][   T59] batman_adv: batadv0: Removing interface: dummy0
[ 1348.613358][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1348.626756][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1349.062903][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1349.075770][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1349.100655][   T59] 
: left promiscuous mode
[ 1349.105465][   T59] veth0_macvtap: left promiscuous mode
[ 1349.111409][   T59] veth1_vlan: left promiscuous mode
[ 1349.121504][   T59] veth0_vlan: left promiscuous mode
[ 1350.006626][T18294] atomic_op ffff8880314f7198 conn xmit_atomic 0000000000000000
[ 1350.031847][T12069] IPVS: starting estimator thread 0...
[ 1350.154906][T18296] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1351.725783][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1351.792235][   T59] team0 (unregistering): Port device team_slave_0 removed
[ 1352.497473][T18303] bridge4: entered promiscuous mode
[ 1352.502787][T18303] bridge4: entered allmulticast mode
[ 1352.654756][T18046] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1352.719800][T18046] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1352.762003][T18046] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1353.437702][T18327] siw: device registration error -23
[ 1353.812729][T18046] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1354.426775][T18046] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1355.296843][T18046] 8021q: adding VLAN 0 to HW filter on device team0
[ 1355.311194][ T6373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1355.318341][ T6373] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1355.574550][ T6373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1355.581725][ T6373] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1356.154278][T18352] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2856'.
[ 1356.254366][   T59] IPVS: stop unused estimator thread 0...
[ 1356.286176][T18046] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1358.153346][T18046] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1358.264963][T18046] veth0_vlan: entered promiscuous mode
[ 1358.292367][T18046] veth1_vlan: entered promiscuous mode
[ 1358.357186][T18046] veth0_macvtap: entered promiscuous mode
[ 1358.426433][T18046] veth1_macvtap: entered promiscuous mode
[ 1358.490033][T18046] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1358.508308][T18046] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1358.521410][T18046] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1358.540252][T18046] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1358.553728][T18046] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1358.566376][T18046] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1358.896293][T18382] bridge1: entered promiscuous mode
[ 1358.901778][T18382] bridge1: entered allmulticast mode
[ 1360.138165][ T6373] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1360.159426][ T6373] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1360.303942][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1360.311820][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1360.458580][T18397] netlink: 'syz.7.2865': attribute type 10 has an invalid length.
[ 1360.466747][T18397] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2865'.
[ 1360.988379][T18397] dummy0: entered promiscuous mode
[ 1360.996009][T18397] bridge0: port 3(dummy0) entered blocking state
[ 1361.002587][T18397] bridge0: port 3(dummy0) entered disabled state
[ 1361.009024][T18397] dummy0: entered allmulticast mode
[ 1361.015828][T18397] bridge0: port 3(dummy0) entered blocking state
[ 1361.022292][T18397] bridge0: port 3(dummy0) entered forwarding state
[ 1361.543068][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.549478][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.568364][   T12] sl0: compressed packet ignored
[ 1362.460661][T18414] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1363.607529][T18429] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1363.614102][T18429] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1363.622769][T18429] vhci_hcd vhci_hcd.0: Device attached
[ 1363.723789][T18430] vhci_hcd: connection closed
[ 1363.725943][ T6373] vhci_hcd: stop threads
[ 1363.861380][ T6373] vhci_hcd: release socket
[ 1363.948614][ T6373] vhci_hcd: disconnect device
[ 1364.689584][T18436] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1366.640632][T18447] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1367.503837][T18456] siw: device registration error -23
[ 1371.124052][T18491] ubi: mtd0 is already attached to ubi31
[ 1371.243695][T18496] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[ 1371.250362][T18496] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1371.258240][T18496] vhci_hcd vhci_hcd.0: Device attached
[ 1371.532324][T12069] usb 39-1: new high-speed USB device number 6 using vhci_hcd
[ 1371.941079][T18497] vhci_hcd: connection reset by peer
[ 1372.074600][T18502] netlink: 92 bytes leftover after parsing attributes in process `syz.7.2889'.
[ 1372.622282][ T8483] vhci_hcd: stop threads
[ 1372.627043][ T8483] vhci_hcd: release socket
[ 1372.659572][ T8483] vhci_hcd: disconnect device
[ 1372.696557][T18503] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2890'.
[ 1373.663954][T18387] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1373.900451][T18387] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1373.944834][T18387] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1374.177124][T18387] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1375.571317][T18387] usb 2-1: config 0 descriptor??
[ 1375.706819][T18539] atomic_op ffff888023665198 conn xmit_atomic 0000000000000000
[ 1375.739716][T18387] usb 2-1: can't set config #0, error -71
[ 1375.827885][T18472] IPVS: starting estimator thread 0...
[ 1375.854041][T18387] usb 2-1: USB disconnect, device number 23
[ 1375.952130][T18540] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1376.870856][T12069] vhci_hcd: vhci_device speed not set
[ 1379.639472][T18560] ubi: mtd0 is already attached to ubi31
[ 1379.713533][T18565] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[ 1379.720142][T18565] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1379.730212][T18565] vhci_hcd vhci_hcd.0: Device attached
[ 1379.817780][T18566] vhci_hcd: connection closed
[ 1379.849500][ T6161] vhci_hcd: stop threads
[ 1379.945888][ T6161] vhci_hcd: release socket
[ 1380.065938][ T6161] vhci_hcd: disconnect device
[ 1380.072654][T15308] usb 43-1: new high-speed USB device number 7 using vhci_hcd
[ 1380.335150][T15308] usb 43-1: enqueue for inactive port 0
[ 1380.422149][T15308] vhci_hcd: vhci_device speed not set
[ 1381.465911][T18580] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2905'.
[ 1381.982139][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20420 ms
[ 1381.990214][    C0] sl0: transmit timed out, driver error?
[ 1382.252137][T18583] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(14)
[ 1382.258793][T18583] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1382.283121][T18583] vhci_hcd vhci_hcd.0: Device attached
[ 1382.492262][T18587] vhci_hcd: connection closed
[ 1382.542101][T15308] usb 47-1: new low-speed USB device number 3 using vhci_hcd
[ 1382.615719][ T6161] vhci_hcd: stop threads
[ 1383.214843][ T6161] vhci_hcd: release socket
[ 1383.289756][T18472] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1383.342203][ T6161] vhci_hcd: disconnect device
[ 1383.484009][T18472] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1383.522604][T18472] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1383.552161][T18472] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1383.573913][T18472] usb 6-1: config 0 descriptor??
[ 1384.342235][ T5934] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1384.641875][T12069] usb 6-1: USB disconnect, device number 22
[ 1384.744842][ T5934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1384.784924][ T5934] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1384.845315][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1385.332207][ T5934] usb 4-1: config 0 descriptor??
[ 1386.953890][T12069] usb 4-1: USB disconnect, device number 30
[ 1388.256129][T15308] vhci_hcd: vhci_device speed not set
[ 1388.443963][T18635] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2919'.
[ 1393.596665][T18677] xt_hashlimit: max too large, truncated to 1048576
[ 1395.826706][T18691] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[ 1395.833289][T18691] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1396.446781][T18691] vhci_hcd vhci_hcd.0: Device attached
[ 1396.732129][T12069] usb 43-1: new high-speed USB device number 8 using vhci_hcd
[ 1396.765892][T18693] vhci_hcd: connection reset by peer
[ 1396.873564][T18699] netlink: 80 bytes leftover after parsing attributes in process `syz.7.2935'.
[ 1397.617143][   T12] vhci_hcd: stop threads
[ 1397.621513][   T12] vhci_hcd: release socket
[ 1397.665034][   T12] vhci_hcd: disconnect device
[ 1400.535846][T18715] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(13)
[ 1400.542498][T18715] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1400.567672][T18715] vhci_hcd vhci_hcd.0: Device attached
[ 1401.154128][T18387] usb 47-1: new low-speed USB device number 4 using vhci_hcd
[ 1401.215331][T18734] vhci_hcd: connection reset by peer
[ 1401.254366][T17246] vhci_hcd: stop threads
[ 1401.280323][T17246] vhci_hcd: release socket
[ 1401.319527][T17246] vhci_hcd: disconnect device
[ 1402.132145][T12069] vhci_hcd: vhci_device speed not set
[ 1405.433274][T18769] afs: Unknown parameter 'dyn3áóg«8·çq˜¤Tç˜Ð~Æ'
[ 1405.447942][T18769] overlayfs: overlapping lowerdir path
[ 1406.292198][T18387] vhci_hcd: vhci_device speed not set
[ 1413.530435][T18856] binder: 18854:18856 ioctl c0306201 200000000080 returned -14
[ 1413.563446][T18856] binder: BINDER_SET_CONTEXT_MGR already set
[ 1413.569746][T18856] binder: 18854:18856 ioctl 4018620d 200000000040 returned -16
[ 1415.879209][T18472] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1416.223557][T18472] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1416.254862][T18472] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1416.265233][T18472] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1416.963130][T18472] usb 2-1: config 0 descriptor??
[ 1419.875702][T12068] usb 2-1: USB disconnect, device number 24
[ 1420.139968][T18921] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2987'.
[ 1420.588660][T18918] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2987'.
[ 1421.892719][T18932] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(14)
[ 1421.899371][T18932] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1421.954699][T18932] vhci_hcd vhci_hcd.0: Device attached
[ 1422.009450][T18934] vhci_hcd: connection closed
[ 1422.009884][T17246] vhci_hcd: stop threads
[ 1422.054142][T12068] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[ 1422.064456][T17246] vhci_hcd: release socket
[ 1422.083990][T17246] vhci_hcd: disconnect device
[ 1422.143140][T12068] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1422.292999][T18472] vhci_hcd: vhci_device speed not set
[ 1422.948189][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.955040][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.968718][ T7887] sl0: compressed packet ignored
[ 1423.473087][T18956] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[ 1423.480002][T18956] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1424.208496][T18956] vhci_hcd vhci_hcd.0: Device attached
[ 1424.326279][T18957] vhci_hcd: connection closed
[ 1424.359392][   T13] vhci_hcd: stop threads
[ 1424.531735][   T13] vhci_hcd: release socket
[ 1424.572345][T18472] usb 35-1: new high-speed USB device number 9 using vhci_hcd
[ 1424.625073][   T13] vhci_hcd: disconnect device
[ 1426.932180][T12069] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1427.156529][T12069] usb 2-1: Using ep0 maxpacket: 8
[ 1427.173449][T12069] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1427.203851][T12069] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[ 1427.222052][T12069] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1427.259781][T12069] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1427.303299][T12069] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[ 1427.322142][T12069] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.350639][T12069] usb 2-1: Product: syz
[ 1427.355329][T12069] usb 2-1: Manufacturer: syz
[ 1427.359972][T12069] usb 2-1: SerialNumber: syz
[ 1427.497515][T12069] usb 2-1: config 0 descriptor??
[ 1427.517651][T16514] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1427.528091][T16514] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1427.537123][T16514] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1427.547285][T18992] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1427.557700][T16514] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1428.187354][T18993] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1428.312244][T16514] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1428.341611][T12069] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input32
[ 1428.743903][T12069] imon:send_packet: packet tx failed (-71)
[ 1428.750452][T18986] lo speed is unknown, defaulting to 1000
[ 1428.775283][T12069] imon 2-1:0.0: panel buttons/knobs setup failed
[ 1429.188522][T15597] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1429.477554][T15597] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1429.502475][T12069] rc_core: IR keymap rc-imon-pad not found
[ 1429.508449][T12069] Registered IR keymap rc-empty
[ 1429.522208][T15597] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1429.531291][T15597] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1429.557584][T15597] usb 6-1: config 0 descriptor??
[ 1429.595520][T12069] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1429.656507][T12069] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1429.721614][T12069] imon:send_packet: packet tx failed (-71)
[ 1429.749618][T12069] imon 2-1:0.0: remote input dev register failed
[ 1429.812622][T18472] vhci_hcd: vhci_device speed not set
[ 1429.934333][T12069] imon 2-1:0.0: imon_init_intf0: rc device setup failed
[ 1430.383048][   T51] Bluetooth: hci0: command tx timeout
[ 1430.474388][T19004] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(14)
[ 1430.481033][T19004] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1430.684186][T12069] imon 2-1:0.0: unable to initialize intf0, err 0
[ 1430.801642][T19004] vhci_hcd vhci_hcd.0: Device attached
[ 1431.247999][T19016] bridge2: entered promiscuous mode
[ 1431.253324][T19016] bridge2: entered allmulticast mode
[ 1431.349669][T12069] imon:imon_probe: failed to initialize context!
[ 1431.356865][T19013] vhci_hcd: connection closed
[ 1431.358981][T17246] vhci_hcd: stop threads
[ 1431.369568][T12069] imon 2-1:0.0: unable to register, err -19
[ 1431.376186][T17246] vhci_hcd: release socket
[ 1431.380639][T17246] vhci_hcd: disconnect device
[ 1431.388604][T12069] usb 2-1: USB disconnect, device number 25
[ 1431.406438][T18472] usb 6-1: USB disconnect, device number 23
[ 1431.419341][ T1150] bridge_slave_1: left allmulticast mode
[ 1431.435526][ T1150] bridge_slave_1: left promiscuous mode
[ 1431.441817][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1431.566542][ T1150] bridge_slave_0: left allmulticast mode
[ 1431.575000][ T1150] bridge_slave_0: left promiscuous mode
[ 1431.591010][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1432.498053][   T51] Bluetooth: hci0: command tx timeout
[ 1433.699962][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1433.718246][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1433.730796][ T1150] bond0 (unregistering): Released all slaves
[ 1434.002722][ T1150] : left promiscuous mode
[ 1434.834051][   T51] Bluetooth: hci0: command tx timeout
[ 1435.134138][T19047] 9pnet: Could not find request transport: fd0xffffffffffffffff
[ 1435.495374][ T1150] tipc: Left network mode
[ 1436.860992][T18986] chnl_net:caif_netlink_parms(): no params data found
[ 1436.868282][T16514] Bluetooth: hci0: command tx timeout
[ 1438.024760][T19082] vhci_hcd vhci_hcd.0: failed to lookup sock
[ 1440.423366][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[ 1440.451853][ T1150] hsr_slave_0: left promiscuous mode
[ 1440.466416][ T1150] hsr_slave_1: left promiscuous mode
[ 1440.710577][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1440.810769][T19108] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1441.217959][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1443.171805][   T30] audit: type=1326 audit(1753215169.527:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19125 comm="syz.5.3031" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd11338e9a9 code=0x0
[ 1443.788259][T19102] bridge5: entered promiscuous mode
[ 1443.793719][T19102] bridge5: entered allmulticast mode
[ 1443.954530][T18986] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1444.062063][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 21100 ms
[ 1444.070132][    C0] sl0: transmit timed out, driver error?
[ 1548.951965][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1548.958965][    C0] rcu: 	1-...!: (1 GPs behind) idle=a744/1/0x4000000000000000 softirq=100085/100086 fqs=2
[ 1548.969935][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=81265, q=721 ncpus=2)
[ 1548.977686][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1548.977721][    C1] NMI backtrace for cpu 1
[ 1548.977737][    C1] CPU: 1 UID: 0 PID: 19133 Comm: syz.7.3034 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1548.977755][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1548.977766][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x11/0x90
[ 1548.977795][    C1] Code: 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 14 25 08 90 9c 92 <65> 8b 0d 28 66 dc 10 81 e1 00 01 ff 00 74 11 81 f9 00 01 00 00 75
[ 1548.977808][    C1] RSP: 0018:ffffc90000a08c68 EFLAGS: 00000046
[ 1548.977822][    C1] RAX: ffffffff89863f8d RBX: 0000000000000001 RCX: ffff888026d7da00
[ 1548.977833][    C1] RDX: ffff888026d7da00 RSI: 0000000000000001 RDI: 0000000000000000
[ 1548.977843][    C1] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004
[ 1548.977852][    C1] R10: dffffc0000000000 R11: fffff5200014117c R12: ffff88802a466340
[ 1548.977864][    C1] R13: ffff88802a466000 R14: dffffc0000000000 R15: ffff88805187a400
[ 1548.977876][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[ 1548.977888][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1548.977898][    C1] CR2: 0000001b2d41fffc CR3: 000000000df38000 CR4: 00000000003526f0
[ 1548.977911][    C1] Call Trace:
[ 1548.977918][    C1]  <IRQ>
[ 1548.977924][    C1]  advance_sched+0x14d/0xc90
[ 1548.977950][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1548.977975][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1548.978004][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1548.978026][    C1]  __hrtimer_run_queues+0x529/0xc60
[ 1548.978051][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1548.978067][    C1]  ? read_tsc+0x9/0x20
[ 1548.978093][    C1]  hrtimer_interrupt+0x45b/0xaa0
[ 1548.978121][    C1]  __sysvec_apic_timer_interrupt+0x108/0x410
[ 1548.978140][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1548.978156][    C1]  </IRQ>
[ 1548.978161][    C1]  <TASK>
[ 1548.978167][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1548.978183][    C1] RIP: 0010:unmap_page_range+0xcae/0x41c0
[ 1548.978203][    C1] Code: 18 48 89 de 48 83 e6 08 31 ff e8 1d bb b9 ff 48 83 e3 08 0f 85 3f 27 00 00 48 8b 5c 24 08 48 89 d8 48 c1 e8 03 42 80 3c 28 00 <74> 08 48 89 df e8 58 9d 19 00 4c 8b 3b 4c 89 7c 24 30 4d 29 f4 49
[ 1548.978216][    C1] RSP: 0018:ffffc9000e6d75e0 EFLAGS: 00000246
[ 1548.978228][    C1] RAX: 1ffff1100bd11129 RBX: ffff88805e888948 RCX: ffff888026d7da00
[ 1548.978240][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1548.978249][    C1] RBP: ffffc9000e6d7890 R08: ffffea0001d2b8f3 R09: 1ffffd40003a571e
[ 1548.978261][    C1] R10: dffffc0000000000 R11: fffff940003a571f R12: 000000110c400000
[ 1548.978272][    C1] R13: dffffc0000000000 R14: 000000110c329000 R15: ffffea0001d2b8f0
[ 1548.978314][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[ 1548.978333][    C1]  ? unmap_vmas+0x144/0x580
[ 1548.978354][    C1]  ? unmap_vmas+0x144/0x580
[ 1548.978374][    C1]  unmap_vmas+0x399/0x580
[ 1548.978396][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[ 1548.978431][    C1]  exit_mmap+0x248/0xb50
[ 1548.978446][    C1]  ? uprobe_clear_state+0x20f/0x290
[ 1548.978463][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1548.978477][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1548.978500][    C1]  ? __pfx_exit_aio+0x10/0x10
[ 1548.978520][    C1]  ? uprobe_clear_state+0x274/0x290
[ 1548.978534][    C1]  ? mm_update_next_owner+0xa7/0x870
[ 1548.978557][    C1]  __mmput+0x118/0x410
[ 1548.978574][    C1]  exit_mm+0x1da/0x2c0
[ 1548.978595][    C1]  ? __pfx_exit_mm+0x10/0x10
[ 1548.978616][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1548.978634][    C1]  do_exit+0x648/0x22e0
[ 1548.978657][    C1]  ? preempt_schedule_common+0x83/0xd0
[ 1548.978673][    C1]  ? preempt_schedule+0xae/0xc0
[ 1548.978687][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1548.978710][    C1]  ? preempt_schedule_thunk+0x16/0x30
[ 1548.978737][    C1]  do_group_exit+0x21c/0x2d0
[ 1548.978760][    C1]  __x64_sys_exit_group+0x3f/0x40
[ 1548.978781][    C1]  x64_sys_call+0x21ba/0x21c0
[ 1548.978799][    C1]  do_syscall_64+0xfa/0x3b0
[ 1548.978816][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1548.978831][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1548.978846][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1548.978863][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1548.978878][    C1] RIP: 0033:0x7f43f3f8e9a9
[ 1548.978890][    C1] Code: Unable to access opcode bytes at 0x7f43f3f8e97f.
[ 1548.978898][    C1] RSP: 002b:00007ffd42827738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1548.978913][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f43f3f8e9a9
[ 1548.978923][    C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
[ 1548.978932][    C1] RBP: 00007ffd4282779c R08: 000000024282782f R09: 00005555942ad590
[ 1548.978943][    C1] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000000000a9
[ 1548.978952][    C1] R13: 00005555942ad590 R14: 000000000015fa27 R15: 00007ffd428277f0
[ 1548.978970][    C1]  </TASK>
[ 1548.979710][    C0] rcu: rcu_preempt kthread starved for 10498 jiffies! g81265 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1549.462765][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1549.472744][    C0] rcu: RCU grace-period kthread stack dump:
[ 1549.478640][    C0] task:rcu_preempt     state:R  running task     stack:26888 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1549.492153][    C0] Call Trace:
[ 1549.495441][    C0]  <TASK>
[ 1549.498385][    C0]  __schedule+0x16aa/0x4c90
[ 1549.502918][    C0]  ? schedule+0x165/0x360
[ 1549.507266][    C0]  ? __pfx___schedule+0x10/0x10
[ 1549.512175][    C0]  ? schedule+0x91/0x360
[ 1549.516431][    C0]  schedule+0x165/0x360
[ 1549.520603][    C0]  schedule_timeout+0x12b/0x270
[ 1549.525495][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1549.530890][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1549.536813][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1549.542121][    C0]  ? prepare_to_swait_event+0x341/0x380
[ 1549.547689][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[ 1549.552564][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1549.558731][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1549.564024][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1549.569248][    C0]  ? finish_swait+0xcd/0x1f0
[ 1549.573857][    C0]  rcu_gp_kthread+0x99/0x390
[ 1549.578461][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1549.583668][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1549.588639][    C0]  ? __kthread_parkme+0x1a1/0x200
[ 1549.593705][    C0]  kthread+0x711/0x8a0
[ 1549.597793][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1549.602999][    C0]  ? __pfx_kthread+0x10/0x10
[ 1549.607614][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1549.612828][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1549.618037][    C0]  ? __pfx_kthread+0x10/0x10
[ 1549.622650][    C0]  ret_from_fork+0x3fc/0x770
[ 1549.627256][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1549.632389][    C0]  ? __switch_to_asm+0x39/0x70
[ 1549.637173][    C0]  ? __switch_to_asm+0x33/0x70
[ 1549.641947][    C0]  ? __pfx_kthread+0x10/0x10
[ 1549.646556][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1549.651440][    C0]  </TASK>
[ 1549.654516][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1549.660856][    C0] CPU: 0 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[ 1549.670771][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1549.680853][    C0] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0
[ 1549.687562][    C0] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 80 6e 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 2b 6a 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 10 6a 0b
[ 1549.707188][    C0] RSP: 0018:ffffc90003a6f580 EFLAGS: 00000293
[ 1549.713275][    C0] RAX: ffffffff81b4bba0 RBX: ffff8880b863b040 RCX: ffff88802fd29e00
[ 1549.721271][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1549.729263][    C0] RBP: ffffc90003a6f6e0 R08: ffffffff8fa0b2f7 R09: 1ffffffff1f4165e
[ 1549.737261][    C0] R10: dffffc0000000000 R11: fffffbfff1f4165f R12: 1ffff110170e7f2d
[ 1549.745248][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b873f968
[ 1549.753232][    C0] FS:  00007fe6b43ff740(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1549.762199][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1549.768791][    C0] CR2: 000000110c28d33e CR3: 000000007eff0000 CR4: 00000000003526f0
[ 1549.776776][    C0] Call Trace:
[ 1549.780068][    C0]  <TASK>
[ 1549.783022][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1549.789373][    C0]  ? ldt_dup_context+0x336/0x3e0
[ 1549.794328][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1549.799106][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1549.804318][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 1549.809441][    C0]  flush_tlb_mm_range+0x6b1/0x12c0
[ 1549.814579][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1549.820153][    C0]  ? up_write+0x1c4/0x420
[ 1549.824512][    C0]  dup_mmap+0x15a0/0x1ac0
[ 1549.828870][    C0]  ? __pfx_dup_mmap+0x10/0x10
[ 1549.833572][    C0]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1549.839486][    C0]  ? mm_init+0xc68/0xec0
[ 1549.843752][    C0]  copy_mm+0x13c/0x4b0
[ 1549.847837][    C0]  ? copy_process+0x978/0x3b80
[ 1549.852633][    C0]  copy_process+0x16d3/0x3b80
[ 1549.857342][    C0]  ? copy_process+0x978/0x3b80
[ 1549.862134][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1549.867197][    C0]  kernel_clone+0x224/0x7f0
[ 1549.871727][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1549.876776][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 1549.882353][    C0]  __x64_sys_clone+0x18b/0x1e0
[ 1549.887142][    C0]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1549.892459][    C0]  ? do_sock_setsockopt+0x185/0x1b0
[ 1549.897702][    C0]  ? do_syscall_64+0xbe/0x3b0
[ 1549.902399][    C0]  do_syscall_64+0xfa/0x3b0
[ 1549.906924][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1549.912152][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1549.918281][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1549.922982][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1549.928896][    C0] RIP: 0033:0x7fe6b44d3636
[ 1549.933333][    C0] Code: 89 df e8 6d e8 f6 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 52 89 c5 85 c0 75 31 64 48 8b 04 25 10 00 00
[ 1549.952949][    C0] RSP: 002b:00007ffeab6be800 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1549.961393][    C0] RAX: ffffffffffffffda RBX: 00007ffeab6be808 RCX: 00007fe6b44d3636
[ 1549.969385][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1549.977365][    C0] RBP: 00007ffeab6ded50 R08: 0000000000000000 R09: 0000000000000001
[ 1549.985348][    C0] R10: 00007fe6b43ffa10 R11: 0000000000000246 R12: 00007ffeab6be940
[ 1549.993339][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 000055bb40aafac0
[ 1550.001357][    C0]  </TASK>