last executing test programs:

1m30.836335627s ago: executing program 2 (id=3):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, 0x0)
fremovexattr(0xffffffffffffffff, &(0x7f0000000080)=@random={'os2.', '/dev/loop#\x00'})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) (fail_nth: 2)

1m29.453685144s ago: executing program 2 (id=16):
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x7)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x25)
syz_usb_ep_write$ath9k_ep2(r3, 0x83, 0x0, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)

1m24.388150651s ago: executing program 2 (id=26):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
openat$kvm(0xffffffffffffff9c, &(0x7f0000001180), 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0xffffffffffffff2d, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r4, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='projid_map\x00')
pwritev(0xffffffffffffffff, &(0x7f0000001b40)=[{&(0x7f0000000040)}], 0x1, 0x4, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002300)={0x18, 0xf, &(0x7f0000001200)=ANY=[@ANYRES64=r1, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b702000000660000008500000051"], 0x0, 0x9, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r9, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
preadv2(r7, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x4, 0x2, 0x0)

1m9.0191329s ago: executing program 32 (id=26):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
openat$kvm(0xffffffffffffff9c, &(0x7f0000001180), 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0xffffffffffffff2d, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r4, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='projid_map\x00')
pwritev(0xffffffffffffffff, &(0x7f0000001b40)=[{&(0x7f0000000040)}], 0x1, 0x4, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002300)={0x18, 0xf, &(0x7f0000001200)=ANY=[@ANYRES64=r1, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b702000000660000008500000051"], 0x0, 0x9, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r9, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
preadv2(r7, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1, 0x4, 0x2, 0x0)

11.928160913s ago: executing program 3 (id=141):
symlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000340), &(0x7f00000002c0)}, 0x20)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100008}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e21, @loopback}, {0x2, 0x0, @local}, {0x2, 0x4e23, @local}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x6})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x24018807)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)
r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000000300)=[<r4=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r3, 0xc04064aa, &(0x7f00000003c0)={0x0, 0x0, r4})
mount(&(0x7f0000000300)=@sr0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='9p\x00', 0x903412, &(0x7f00000003c0)='\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0xb4)
socket$inet_sctp(0x2, 0x5, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)

11.254165221s ago: executing program 3 (id=143):
r0 = socket(0x10, 0x3, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x3c1, 0x56595559, 0x500, 0x1003c0, 0x0, @stepwise={{0x9}, {0x6, 0x1b37}, {0xa, 0x7}}})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
copy_file_range(r2, 0xfffffffffffffffc, r3, 0x0, 0x100000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, r7)
getsockname$packet(r7, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r8, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@ipv4_newnexthop={0x24, 0x5e, 0xa25, 0x400, 0x25dfdbfe, {0x2, 0x0, 0x4}, [@NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_IDLE_TIMER={0x8, 0x2, 0xffffff7f}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r9, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x951, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=[@rthdr_2292={{0x28, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x200}}], 0x40}, 0x0)
r10 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r10, &(0x7f0000000240)=ANY=[@ANYBLOB="110000005200338f65277b9b108b4ab51c"], 0xfe33)

10.945603803s ago: executing program 4 (id=145):
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r0, 0x0}])

10.084893159s ago: executing program 3 (id=146):
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x4d, 0x0, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000240), 0xc43, 0x501200)
ioctl$HIDIOCSFEATURE(r1, 0xc0404806, &(0x7f0000000180)="fb39bef4d5ab124250d67dca70c3c6b40b248843a3d96ac6f022406f2eebf466248e3a6f268304f4ec03b25b43771e0a070ed42a789ec88f4aae3258bc2defb37cb68cb88a88788d84c1886106248ed1818e3cdc4ef645c2a5d80cc822b3568362dce0aed10608808a15a4b9014accc4cd13a5c9bed4fe09cb51af2290a9173223d27ad721386d86be8e8ac3699153d6b0366d98b02dcd0a19d2e2c91e255e52c3bf1f")
write$UHID_CREATE2(r0, &(0x7f0000000000)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x67, 0x11, 0x3c0dd165, 0xd, 0x1a400000, 0x8, "6b738dafec47218575957faafca68c17e239302c11884d86cffba5c8071c8378d0d01580de7775f00bd1655c0ca00d8db0b8a3dfae46bbc501474fc3cd6e62f51f501fa944f492d8f9cbf00318a10470354dd9a38eb5a87a01d246aa0df53160609cddb7a0166c"}}, 0x17f)
write$UHID_SET_REPORT_REPLY(r0, 0x0, 0xc)
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x200000c)
syz_usb_connect$cdc_ncm(0x2, 0xa8, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x2, 0x1, 0x8, 0x40, 0x40, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "1f94d219e0"}, {0x5, 0x24, 0x0, 0x800}, {0xd, 0x24, 0xf, 0x1, 0x1000, 0x3, 0x5}, {0x6, 0x24, 0x1a, 0x3, 0x27}, [@acm={0x4, 0x24, 0x2, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x3}, @dmm={0x7, 0x24, 0x14, 0x400, 0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x9, 0x4, 0xec}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0xfa, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x80, 0x2, 0xe}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000340)={0xa, 0x6, 0x310, 0x3, 0x40, 0xbb, 0x8, 0x5}, 0x140, &(0x7f0000000440)={0x5, 0xf, 0x140, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x3, 0x5, 0x8}, @ssp_cap={0x1c, 0x10, 0xa, 0xb, 0x4, 0x6, 0x11f0f, 0x0, [0xc00f, 0xffff60, 0xff3fff, 0x3f30]}, @wireless={0xb, 0x10, 0x1, 0x4, 0x2, 0x8, 0x69, 0x8, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x40, 0x40, 0x9}, @ptm_cap={0x3}, @generic={0xfd, 0x10, 0xa, "a9606671853ccc2390ad64f24ed908fe240802bbe55cc6039f9cbed71ddc71079fcc30dc78fbfa8dabdf775cfa60652a86a444dbba096641a0b92ba32d61d5edca0bffbac6da6541ad8e92a75bda3bf264d292697d86bd58c532804d7ede2694ab308f7f0e3d32ea5092fd8c02cb853acf6a4d1d77c33c599486f85c36adb992b638e94e5b7a86b26b1a1c75c6e306add855366abb71c0bcedee6b7c1a024a69378c5cbf8910fd604a32cc20f1526875a960c562fc10e3d91cd7e96951071c5fe31fda538f2f89689eaf0edaf962f0025a24257d27a1af88e0fa1c12e3719a8633dde3961cea8b9d8b15291001dea2b8d00204adfed68a9e2478"}]}, 0x4, [{0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x807}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x280a}}, {0xec, &(0x7f0000000600)=@string={0xec, 0x3, "219caa7144c06b91a8092a25e1efbe3045a910233a542e932a9f93c43c1b644785a0e81d05b19cc066ce5ece0d69dee351b8927e7832d2bca59e1d39e03caa6cfe1a9c0769462a18f7b0fbec239be87faba6a3007d01ade720acfbe179d5c0110f5426369798f50fc2103987d934ffd931a4f1235a1c52d5f57c87a78ef1f0b45817afa2de197b62d8bd79433e0af46d5b148ed7f5740fef156e6e35673c647e51ff8bea4fa068761ff8896e256aaed917a15e69317301d869e80bb8a4ab027e5001f43623d328911a2234aaed302bddc1b842391ea5a9c2bfd5ec541bd6c52f5dccb07ddb569502e3e0"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x449}}]})

9.556678421s ago: executing program 4 (id=147):
r0 = socket$phonet(0x23, 0x2, 0x1)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000140)='wg1\x00', 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1fe, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r4=>0x0], &(0x7f0000000cc0), 0x0, 0x1, 0x0, <r5=>0x0, r3})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000380)={0x5, r4, r3})
ioctl$DRM_IOCTL_MODE_GETENCODER(r2, 0xc01464a6, &(0x7f0000000100)={r5})

9.008852301s ago: executing program 4 (id=150):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000004140)=""/4096, 0xfffffd76}, {0x0, 0x12}], 0x2}, 0x5}], 0x1, 0x102, 0x0)

8.761955816s ago: executing program 4 (id=151):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
process_vm_writev(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0500000004004d00080000000e00000019000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000000c0), 0xc)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000ab3000/0x400000)=nil)
r2 = syz_open_procfs(0x0, 0x0)
preadv(r2, &(0x7f0000000100), 0x0, 0x5b, 0x100)

7.837727388s ago: executing program 1 (id=152):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x12, 0xcb23c9c9931e99e9, 0x70bd2b, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x50, 0x87, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x800000}, 0x4, 0x6e6bb8}}, 0xb8}}, 0x8004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(0xffffffffffffffff, 0x0, 0x2404c054)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x37)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x60, 0x30, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4}}}, 0xb8}}, 0x0)

7.172152207s ago: executing program 3 (id=154):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x44e02, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])
r4 = getpgrp(0x0)
syz_open_procfs(r4, &(0x7f00000000c0)='fd/3\x00')
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c006d57c974ad5f1f62223400001e00010027bd700004000000fe00"], 0x1c}}, 0x10)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e"], 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, &(0x7f00000003c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000040)=0x3ff, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000001840), 0x4)
unshare(0x22020400)
r7 = userfaultfd(0x0)
cachestat(r7, &(0x7f0000000040)={0x100000001, 0x3}, 0x0, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r8, 0x3b88, &(0x7f0000000000)={0xc})
socket(0x1d, 0x2, 0x6)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, 0x0, 0x0)

6.766888328s ago: executing program 1 (id=155):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a3000000000bc000000030a01020000000000000000010000000900010073797a3000000000090003"], 0xf0}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)

6.630598246s ago: executing program 4 (id=157):
socket$kcm(0x10, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc020)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r2 = socket$inet6(0xa, 0x2, 0x401)
setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000000)=0x4, 0x4)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x40002c1, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
ioctl$sock_inet_SIOCGIFADDR(r4, 0x8915, &(0x7f0000000040)={'virt_wifi0\x00'})
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
ptrace(0xffffffffffffffff, r7)
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x40)

6.089614965s ago: executing program 1 (id=158):
writev(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a8000081"], 0x0)

5.681468054s ago: executing program 1 (id=160):
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x7)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x3}, 0x6)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x25)
syz_usb_ep_write$ath9k_ep2(r3, 0x83, 0x0, 0x0)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)

5.100731616s ago: executing program 0 (id=162):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0})
alarm(0x5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={0x0}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x2)
readv(r3, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/132, 0x84}], 0x1)
r6 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r6, 0xc2604110, &(0x7f0000000600)={0x0, [[0x9, 0x0, 0x0, 0x9], [0x1000], [0x2, 0x9, 0x0, 0x0, 0x4ec]], '\x00', [{}, {}, {}, {}, {}, {0x3}, {}, {0x0, 0xfffffffc}], '\x00', 0x0, 0x0, 0x0, 0x2})
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x28, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x96, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40081}, 0x2000)

4.351111224s ago: executing program 0 (id=163):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001400)=ANY=[@ANYBLOB="28000000e15a016cf48014f8dedd", @ANYRES16=r0, @ANYRES8=r1, @ANYRESOCT=r0, @ANYBLOB="050002001c000000"], 0x28}, 0x1, 0x0, 0x0, 0x20042080}, 0x4004054)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0x2)
shutdown(r2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter\x00')
clock_gettime(0x0, &(0x7f0000000240))
utimensat(r6, 0x0, 0x0, 0x0)
connect$unix(r2, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r7 = accept(r3, 0x0, 0x0)
sendto$inet6(r7, &(0x7f0000001240)="ee5ed8e6ae8104e5ca231797d79a4be676b089f6dd4db1fc255940ef339f014139cbd9f0aff1060f430579caca92f4f460bce8e9ac81e5645b87210f71f12a14ade4ac72d8e2c15b263e61523e638263303e31ec5debc12c21c087d823f8186f1e35c6d6e3e930dc1f0e8c709b1aa932eda3ae4cde6692bd41282f86187ce1ba6aea41ca3c3c9cbbfa5f2be4c42790bf34246419e63227bacf0dc984adbda4a5bc1e67e7ebce4e92e5854dff43940ce4f29575131b69a3db1844fd6de31003b3c5392934ca56ce30dd020d4fe7ee4753d40e8345a4aa99e61b162f0676b0bbeb81044e2df01080bcc362526481ece4c2113645ef21e81b36bb69477bad0ea237389dd284a392a0adb5b1c80b3c152a0dc366be3cfcfecac2ee0ebb11a2a4a1dfdded8aec2a8809d95a9e6a40a9549ab90350", 0x132, 0x4400c02c, 0x0, 0x0)

4.041972272s ago: executing program 0 (id=164):
syz_emit_ethernet(0xce, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x9, 0x4, 0x2, 0x6, 0xc0, 0x66, 0x0, 0xfa, 0x11, 0x0, @local, @multicast2, {[@cipso={0x86, 0xf, 0x0, [{0x1, 0x9, "8e043ed90b7ebc"}]}]}}, {0x4e22, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x3, "b4247e91ea1ebf0bdb9652bac01591386bf63a498eca5b24ae2fd16a08a229d8", "d9eb136e567295d7665d8a7a3036423ebad1405a41814472ce601f83d2ad48cfdcd5bf3f1963f6e9e99e5a9cd190ee26", "6f8b1f7756c734ec901f35709b4f8008cf83e906bf189a66b1ab822e", {"62ff3f75bd1ed3ec2f784894b9994a0a", "e1c79499699ff6d29604d2bbf636e92d"}}}}}}}, 0x0)
r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x800)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140)={<r1=>0x0, 0xfff, 0x30}, &(0x7f0000000180)=0xc)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r2)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r5=>0x0})
sendmsg$IEEE802154_LLSEC_SETPARAMS(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r4, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000001c0)={r1, 0x9, 0x91, "3cb350bdb406709f2a56833f3ef9802b2ebfe684e5db320d432262ba044ac8b8974606c83e8c6da75d90f78c985b39f177cd4c6fed7f132c39527db652f03b7deac8dccd1ae7a2a2f278b3fc43fa0f854d731561d04952f1fcad18d3f198e73c48dcfd26a513dcd4fbd52eadb03445956a441cf3a3013d6e5fee240c515d084c3cb82457bbe7c46d4202d629c685542f21"}, 0x99)

3.881526179s ago: executing program 3 (id=165):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x24, r0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xfa}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x2005c8e0)

3.528550686s ago: executing program 3 (id=166):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0xc4}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0xf}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000700000000040014001a80100004800c00058008"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0)

3.494707741s ago: executing program 0 (id=167):
close(0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, r1, 0x301, 0x0, 0x0, {0x17}}, 0x14}}, 0x0)
accept4(r0, &(0x7f0000000000), &(0x7f0000000080)=0x80, 0x800)

3.095175768s ago: executing program 1 (id=168):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r1, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x20000000)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000900), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x604, 0x0, 0xa, 0x3, 0xfffffffe, 0x1, 0x0, 0x7cce8c743ee810df, 0x2e})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x40505330, &(0x7f00000001c0)={0x800100, 0xfffffffd, 0x22, 0x6, 0x1101, 0x280})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0x4040534e, &(0x7f0000000000)={0x1, @time={0x5, 0xffffff5b}, 0x8, {0x68, 0xfd}, 0x81, 0x0, 0xb})

2.532469838s ago: executing program 0 (id=169):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x2)
shutdown(r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter\x00')
clock_gettime(0x0, &(0x7f0000000240))
utimensat(r4, 0x0, 0x0, 0x0)
connect$unix(r0, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc)
r5 = accept(r1, 0x0, 0x0)
sendto$inet6(r5, &(0x7f0000001240), 0x0, 0x4400c02c, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000280)=""/147, 0x93}, {&(0x7f0000000340)=""/4096, 0x1000}], 0x2)
socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000100)=0x730)

1.104397729s ago: executing program 4 (id=170):
r0 = socket$phonet(0x23, 0x2, 0x1)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000140)='wg1\x00', 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1fe, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETENCODER(r2, 0xc01464a6, &(0x7f0000000100))

1.103127583s ago: executing program 1 (id=171):
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080), 0x201, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000080)=""/15, &(0x7f0000000240)=0x13)

0s ago: executing program 0 (id=172):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8c0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r4, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c)
listen(r4, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
listen(0xffffffffffffffff, 0x8)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffeff}, {0x0, 0xa00, 0x40800000000000, 0xefe}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x8000, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000007c0)=@migrate={0x1d0, 0x21, 0x1, 0x0, 0x25dfdbfb, {{@in6=@mcast1, @in6=@private2, 0x0, 0x5, 0x0, 0x0, 0xa}}, [@migrate={0x180, 0x11, [{@in6=@remote, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00', @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2b, 0x2, 0x0, 0x3501, 0x2, 0x2}, {@in=@multicast1, @in=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x33, 0x4, 0x0, 0x34ff, 0x2, 0x2}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x35}, @in=@local, @in=@multicast2, 0x3c, 0x0, 0x0, 0x0, 0xa, 0x8}, {@in=@private=0xa010102, @in6=@empty, @in=@local, @in6=@dev={0xfe, 0x80, '\x00', 0x3f}, 0x3c, 0x0, 0x0, 0x3505, 0x2, 0xa}, {@in=@remote, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x33, 0x4, 0x0, 0x3503, 0xa, 0x2}]}]}, 0x1d0}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts.
[   91.980384][    T9] cfg80211: failed to load regulatory.db
[   93.087432][ T5582] cgroup: Unknown subsys name 'net'
[   93.329844][ T5582] cgroup: Unknown subsys name 'cpuset'
[   93.404458][ T5582] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   95.310381][ T5582] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   98.015249][ T4912] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   98.047791][ T5605] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   98.051636][ T5605] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   98.066191][ T5605] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   98.069882][ T5605] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   98.093128][ T5611] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   98.117350][ T5608] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   98.163543][   T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   98.164296][ T5605] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   98.190060][ T5605] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   98.190518][   T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   98.200163][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   98.221520][ T5608] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   98.227095][ T5608] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   98.232779][ T5608] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   98.238156][ T5608] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   98.266135][ T5608] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   98.266420][ T5616] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   98.268854][ T5616] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   98.271093][ T5608] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   98.275258][ T5610] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   98.314001][ T5615] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   98.355459][ T5618] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   98.382435][ T4912] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   98.435559][ T4912] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  100.296171][ T5605] Bluetooth: hci2: command tx timeout
[  100.373808][ T5605] Bluetooth: hci4: command tx timeout
[  100.534150][ T5605] Bluetooth: hci1: command tx timeout
[  100.534250][ T5605] Bluetooth: hci3: command tx timeout
[  100.534323][ T5605] Bluetooth: hci0: command tx timeout
[  100.751368][ T5601] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.752412][ T5601] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.752824][ T5601] bridge_slave_0: entered allmulticast mode
[  100.758310][ T5601] bridge_slave_0: entered promiscuous mode
[  100.801043][ T5601] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.801152][ T5601] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.801427][ T5601] bridge_slave_1: entered allmulticast mode
[  100.803254][ T5601] bridge_slave_1: entered promiscuous mode
[  101.005279][ T5601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.030178][ T5600] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.030282][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.030401][ T5600] bridge_slave_0: entered allmulticast mode
[  101.032271][ T5600] bridge_slave_0: entered promiscuous mode
[  101.072006][ T5601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.100338][ T5600] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.100423][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.100543][ T5600] bridge_slave_1: entered allmulticast mode
[  101.102429][ T5600] bridge_slave_1: entered promiscuous mode
[  101.305073][ T5601] team0: Port device team_slave_0 added
[  101.305327][ T5602] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.305526][ T5602] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.305712][ T5602] bridge_slave_0: entered allmulticast mode
[  101.309445][ T5602] bridge_slave_0: entered promiscuous mode
[  101.360929][ T5600] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.378996][ T5601] team0: Port device team_slave_1 added
[  101.379263][ T5602] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.379390][ T5602] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.379776][ T5602] bridge_slave_1: entered allmulticast mode
[  101.381548][ T5602] bridge_slave_1: entered promiscuous mode
[  101.382544][ T5604] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.382656][ T5604] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.382769][ T5604] bridge_slave_0: entered allmulticast mode
[  101.410945][ T5604] bridge_slave_0: entered promiscuous mode
[  101.445003][ T5600] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.500889][ T5604] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.501050][ T5604] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.501590][ T5604] bridge_slave_1: entered allmulticast mode
[  101.526087][ T5604] bridge_slave_1: entered promiscuous mode
[  101.623350][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.623480][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.626012][ T5599] bridge_slave_0: entered allmulticast mode
[  101.635871][ T5599] bridge_slave_0: entered promiscuous mode
[  101.646711][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_0
[  101.646754][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.646852][ T5601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  101.689394][ T5602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.718565][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.718769][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.719160][ T5599] bridge_slave_1: entered allmulticast mode
[  101.721165][ T5599] bridge_slave_1: entered promiscuous mode
[  101.729680][ T5600] team0: Port device team_slave_0 added
[  101.734406][ T5601] batman_adv: batadv0: Adding interface: batadv_slave_1
[  101.734438][ T5601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  101.734499][ T5601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.751683][ T5602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.808760][ T5604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.838305][ T5600] team0: Port device team_slave_1 added
[  101.872446][ T5604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  101.942982][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  101.967409][ T5602] team0: Port device team_slave_0 added
[  101.991839][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.013312][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.013323][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.013343][ T5600] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.034315][ T5602] team0: Port device team_slave_1 added
[  102.042125][ T5604] team0: Port device team_slave_0 added
[  102.101636][ T5600] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.101654][ T5600] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.101682][ T5600] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.154020][ T5604] team0: Port device team_slave_1 added
[  102.178757][ T5601] hsr_slave_0: entered promiscuous mode
[  102.179969][ T5601] hsr_slave_1: entered promiscuous mode
[  102.232803][ T5599] team0: Port device team_slave_0 added
[  102.241089][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.241107][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.241135][ T5602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.373847][ T5618] Bluetooth: hci2: command tx timeout
[  102.453913][ T5618] Bluetooth: hci4: command tx timeout
[  102.614032][ T5605] Bluetooth: hci3: command tx timeout
[  102.614087][ T5605] Bluetooth: hci1: command tx timeout
[  102.614233][ T5618] Bluetooth: hci0: command tx timeout
[  102.659272][ T5599] team0: Port device team_slave_1 added
[  102.661492][ T5602] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.661503][ T5602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.661521][ T5602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.663184][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.663194][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.663213][ T5604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.790518][ T5604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.790531][ T5604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.790550][ T5604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  102.874694][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.874710][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.874735][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.882843][ T5600] hsr_slave_0: entered promiscuous mode
[  102.904123][ T5600] hsr_slave_1: entered promiscuous mode
[  102.905395][ T5600] debugfs: 'hsr0' already exists in 'hsr'
[  102.905679][ T5600] Cannot create hsr debugfs directory
[  102.959638][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.959650][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.959669][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.104240][ T5602] hsr_slave_0: entered promiscuous mode
[  103.105751][ T5602] hsr_slave_1: entered promiscuous mode
[  103.106432][ T5602] debugfs: 'hsr0' already exists in 'hsr'
[  103.106449][ T5602] Cannot create hsr debugfs directory
[  103.166601][ T5604] hsr_slave_0: entered promiscuous mode
[  103.167571][ T5604] hsr_slave_1: entered promiscuous mode
[  103.168465][ T5604] debugfs: 'hsr0' already exists in 'hsr'
[  103.168483][ T5604] Cannot create hsr debugfs directory
[  103.411875][ T5599] hsr_slave_0: entered promiscuous mode
[  103.421308][ T5599] hsr_slave_1: entered promiscuous mode
[  103.422151][ T5599] debugfs: 'hsr0' already exists in 'hsr'
[  103.422168][ T5599] Cannot create hsr debugfs directory
[  104.120306][ T5601] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.167507][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.182212][ T5601] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.218842][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.232538][ T5601] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.261531][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.285480][ T5601] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.308781][ T5601] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.450436][ T5600] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  104.455626][ T5618] Bluetooth: hci2: command tx timeout
[  104.497486][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.503215][ T5600] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  104.532745][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.534747][ T5618] Bluetooth: hci4: command tx timeout
[  104.564776][ T5600] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  104.608977][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.641006][ T5600] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  104.668862][ T5600] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  104.694556][ T5618] Bluetooth: hci0: command tx timeout
[  104.694579][ T5615] Bluetooth: hci1: command tx timeout
[  104.694592][ T5618] Bluetooth: hci3: command tx timeout
[  104.840846][ T5602] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.868128][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  104.885827][ T5602] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.928907][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  104.932648][ T5602] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.959884][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  104.992257][ T5602] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.021249][ T5602] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.229560][ T5604] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  105.260664][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  105.275479][ T5604] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  105.317733][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  105.338005][ T5604] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  105.369852][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  105.399554][ T5604] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.428321][ T5604] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.529176][ T5601] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.625162][ T5599] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  105.667723][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  105.683732][ T5599] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  105.727401][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  105.732959][ T5599] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  105.757408][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  105.781485][ T5599] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  105.832528][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  105.862839][ T5601] 8021q: adding VLAN 0 to HW filter on device team0
[  105.944100][ T2299] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.944242][ T2299] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.989229][ T5600] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.021112][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.021359][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.128843][ T5600] 8021q: adding VLAN 0 to HW filter on device team0
[  106.180248][ T5602] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.196997][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.197155][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.245752][ T2299] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.245850][ T2299] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.336316][ T5602] 8021q: adding VLAN 0 to HW filter on device team0
[  106.372753][ T5604] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.393421][ T1474] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.393565][ T1474] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.478262][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.478443][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.536444][ T5618] Bluetooth: hci2: command tx timeout
[  106.595917][ T5604] 8021q: adding VLAN 0 to HW filter on device team0
[  106.613838][ T5618] Bluetooth: hci4: command tx timeout
[  106.680935][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.681172][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.751598][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.773964][ T5618] Bluetooth: hci1: command tx timeout
[  106.778390][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.778531][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.785254][ T5618] Bluetooth: hci3: command tx timeout
[  106.785280][ T5605] Bluetooth: hci0: command tx timeout
[  106.972103][ T5599] 8021q: adding VLAN 0 to HW filter on device team0
[  107.094720][ T1474] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.105318][ T1474] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.216161][ T1390] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.216292][ T1390] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.820937][ T5601] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.306164][ T5601] veth0_vlan: entered promiscuous mode
[  108.321349][ T5600] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.346933][ T5602] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.407283][ T5601] veth1_vlan: entered promiscuous mode
[  108.688081][ T5601] veth0_macvtap: entered promiscuous mode
[  108.706086][ T5600] veth0_vlan: entered promiscuous mode
[  108.730580][ T5602] veth0_vlan: entered promiscuous mode
[  108.760874][ T5601] veth1_macvtap: entered promiscuous mode
[  108.782771][ T5604] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.822793][ T5600] veth1_vlan: entered promiscuous mode
[  108.847667][ T5602] veth1_vlan: entered promiscuous mode
[  108.908829][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.955509][ T5601] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.023502][ T1474] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.055556][ T1474] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.079178][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0
[  109.082928][ T1474] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.122256][ T1474] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.224357][ T5600] veth0_macvtap: entered promiscuous mode
[  109.287113][ T5602] veth0_macvtap: entered promiscuous mode
[  109.290666][ T5600] veth1_macvtap: entered promiscuous mode
[  109.351864][ T5604] veth0_vlan: entered promiscuous mode
[  109.383808][ T5602] veth1_macvtap: entered promiscuous mode
[  109.575483][ T5604] veth1_vlan: entered promiscuous mode
[  109.615428][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.677531][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.707424][ T5600] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.736024][ T5602] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.740608][ T1390] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.740628][ T1390] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.798197][  T146] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.802386][  T146] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.845413][  T146] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.850738][  T146] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.895291][  T146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.908924][  T146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.942992][  T146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  110.002276][  T146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  110.011701][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.011754][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.136830][ T5604] veth0_macvtap: entered promiscuous mode
[  110.313338][ T5599] veth0_vlan: entered promiscuous mode
[  110.336653][ T5604] veth1_macvtap: entered promiscuous mode
[  110.722954][ T5599] veth1_vlan: entered promiscuous mode
[  110.798433][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_0
[  110.842759][ T5604] batman_adv: batadv0: Interface activated: batadv_slave_1
[  110.845295][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.845328][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.061612][ T1474] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.076381][ T1474] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.098618][ T1216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.098640][ T1216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.100296][ T1474] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.189378][ T1474] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.280804][ T5788] FAULT_INJECTION: forcing a failure.
[  111.280804][ T5788] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  111.280856][ T5788] CPU: 0 UID: 0 PID: 5788 Comm: syz.1.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  111.280878][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  111.280897][ T5788] Call Trace:
[  111.280904][ T5788]  <TASK>
[  111.280913][ T5788]  dump_stack_lvl+0xe8/0x150
[  111.280946][ T5788]  should_fail_ex+0x46b/0x600
[  111.280979][ T5788]  prepare_alloc_pages+0x22a/0x6b0
[  111.281009][ T5788]  __alloc_frozen_pages_noprof+0x12f/0x380
[  111.281048][ T5788]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  111.281079][ T5788]  ? __pfx_policy_nodemask+0x10/0x10
[  111.281116][ T5788]  alloc_pages_mpol+0xd1/0x380
[  111.281141][ T5788]  alloc_pages_noprof+0xd2/0x2f0
[  111.281164][ T5788]  get_free_pages_noprof+0xf/0x80
[  111.281185][ T5788]  vcs_write+0xf6/0x11c0
[  111.281215][ T5788]  ? __asan_memset+0x22/0x50
[  111.281242][ T5788]  ? __import_iovec+0x40e/0x7e0
[  111.281265][ T5788]  ? __pfx_vcs_write+0x10/0x10
[  111.281284][ T5788]  ? rw_verify_area+0x25b/0x4e0
[  111.281309][ T5788]  vfs_writev+0x4c6/0x9a0
[  111.281337][ T5788]  ? __pfx_vcs_write+0x10/0x10
[  111.281361][ T5788]  ? __pfx_vfs_writev+0x10/0x10
[  111.281402][ T5788]  ? __fget_files+0x2a/0x420
[  111.281423][ T5788]  ? __fget_files+0x3a6/0x420
[  111.281436][ T5788]  ? __fget_files+0x2a/0x420
[  111.281458][ T5788]  do_writev+0x15a/0x2e0
[  111.281484][ T5788]  ? __pfx_do_writev+0x10/0x10
[  111.281519][ T5788]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.281541][ T5788]  do_syscall_64+0x15f/0xf80
[  111.281565][ T5788]  ? trace_irq_disable+0x3b/0x140
[  111.281590][ T5788]  ? clear_bhb_loop+0x40/0x90
[  111.281617][ T5788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.281638][ T5788] RIP: 0033:0x7f0069c9cdd9
[  111.281667][ T5788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  111.281685][ T5788] RSP: 002b:00007f0067eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  111.281711][ T5788] RAX: ffffffffffffffda RBX: 00007f0069f15fa0 RCX: 00007f0069c9cdd9
[  111.281727][ T5788] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003
[  111.281740][ T5788] RBP: 00007f0067eee090 R08: 0000000000000000 R09: 0000000000000000
[  111.281753][ T5788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.281766][ T5788] R13: 00007f0069f16038 R14: 00007f0069f15fa0 R15: 00007fff855dcac8
[  111.281798][ T5788]  </TASK>
[  111.718635][ T5599] veth0_macvtap: entered promiscuous mode
[  111.732901][ T1474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.732922][ T1474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.932931][ T5599] veth1_macvtap: entered promiscuous mode
[  111.982900][ T5794] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  112.108235][ T5795] FAULT_INJECTION: forcing a failure.
[  112.108235][ T5795] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  112.108269][ T5795] CPU: 0 UID: 0 PID: 5795 Comm: syz.1.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.108290][ T5795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  112.108302][ T5795] Call Trace:
[  112.108310][ T5795]  <TASK>
[  112.108318][ T5795]  dump_stack_lvl+0xe8/0x150
[  112.108343][ T5795]  should_fail_ex+0x46b/0x600
[  112.108375][ T5795]  _copy_from_user+0x2d/0xb0
[  112.108395][ T5795]  kstrtouint_from_user+0xd6/0x180
[  112.108425][ T5795]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  112.108466][ T5795]  proc_fail_nth_write+0x8e/0x210
[  112.108497][ T5795]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  112.108533][ T5795]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  112.108566][ T5795]  vfs_write+0x2a3/0xba0
[  112.108597][ T5795]  ? __pfx_vfs_write+0x10/0x10
[  112.108617][ T5795]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  112.108638][ T5795]  ? lockdep_hardirqs_on+0x7a/0x110
[  112.108657][ T5795]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  112.108677][ T5795]  ? mutex_lock_nested+0x152/0x1d0
[  112.108704][ T5795]  ? fdget_pos+0x252/0x320
[  112.108731][ T5795]  ksys_write+0x156/0x270
[  112.108759][ T5795]  ? __pfx_ksys_write+0x10/0x10
[  112.108790][ T5795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.108808][ T5795]  do_syscall_64+0x15f/0xf80
[  112.108827][ T5795]  ? trace_irq_disable+0x3b/0x140
[  112.108847][ T5795]  ? clear_bhb_loop+0x40/0x90
[  112.108867][ T5795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.108885][ T5795] RIP: 0033:0x7f0069c5d60e
[  112.108903][ T5795] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  112.108918][ T5795] RSP: 002b:00007f0067eccfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  112.108937][ T5795] RAX: ffffffffffffffda RBX: 00007f0067ecd6c0 RCX: 00007f0069c5d60e
[  112.108950][ T5795] RDX: 0000000000000001 RSI: 00007f0067ecd0a0 RDI: 0000000000000005
[  112.108960][ T5795] RBP: 00007f0067ecd090 R08: 0000000000000000 R09: 0000000000000000
[  112.108970][ T5795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.108991][ T5795] R13: 00007f0069f16128 R14: 00007f0069f16090 R15: 00007fff855dcac8
[  112.109021][ T5795]  </TASK>
[  112.616410][  T146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.616432][  T146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.756048][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.835825][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  112.835846][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.865228][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.238116][ T2299] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.242707][  T146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.271432][ T1390] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.273163][ T1390] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.442387][ T1018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.442403][ T1018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.483728][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.503709][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.513718][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.523711][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.533696][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.543701][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.553691][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.563689][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.573696][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.583690][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  114.298543][ T5806] =======================================================
[  114.298543][ T5806] WARNING: The mand mount option has been deprecated and
[  114.298543][ T5806]          and is ignored by this kernel. Remove the mand
[  114.298543][ T5806]          option from the mount to silence this warning.
[  114.298543][ T5806] =======================================================
[  116.171100][ T5612] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  116.218782][ T5809] capability: warning: `syz.3.11' uses deprecated v2 capabilities in a way that may be insecure
[  116.622874][ T5612] usb 2-1: device descriptor read/all, error -71
[  117.162942][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.162964][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.284762][ T5813] FAULT_INJECTION: forcing a failure.
[  117.284762][ T5813] name failslab, interval 1, probability 0, space 0, times 0
[  117.284793][ T5813] CPU: 1 UID: 0 PID: 5813 Comm: syz.1.13 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  117.284812][ T5813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  117.284821][ T5813] Call Trace:
[  117.284827][ T5813]  <TASK>
[  117.284833][ T5813]  dump_stack_lvl+0xe8/0x150
[  117.284856][ T5813]  should_fail_ex+0x46b/0x600
[  117.284885][ T5813]  should_failslab+0xa8/0x100
[  117.284905][ T5813]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  117.284923][ T5813]  ? __alloc_skb+0x1d0/0x7d0
[  117.284939][ T5813]  ? lockdep_hardirqs_on+0x7a/0x110
[  117.284959][ T5813]  __alloc_skb+0x1d0/0x7d0
[  117.284984][ T5813]  netlink_sendmsg+0x5d4/0xb40
[  117.285010][ T5813]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.285030][ T5813]  ? unwind_get_return_address+0x4d/0x90
[  117.285054][ T5813]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.285073][ T5813]  ____sys_sendmsg+0x94c/0x9c0
[  117.285098][ T5813]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.285124][ T5813]  ? import_iovec+0x73/0xa0
[  117.285144][ T5813]  ___sys_sendmsg+0x2a5/0x360
[  117.285163][ T5813]  ? __lock_acquire+0x6b5/0x2cf0
[  117.285187][ T5813]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.285232][ T5813]  ? __fget_files+0x2a/0x420
[  117.285245][ T5813]  ? __fget_files+0x3a6/0x420
[  117.285266][ T5813]  __x64_sys_sendmsg+0x1c3/0x2a0
[  117.285288][ T5813]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.285314][ T5813]  ? __pfx_ksys_write+0x10/0x10
[  117.285338][ T5813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.285355][ T5813]  do_syscall_64+0x15f/0xf80
[  117.285371][ T5813]  ? trace_irq_disable+0x3b/0x140
[  117.285389][ T5813]  ? clear_bhb_loop+0x40/0x90
[  117.285415][ T5813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.285430][ T5813] RIP: 0033:0x7f0069c9cdd9
[  117.285444][ T5813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  117.285457][ T5813] RSP: 002b:00007f0067eee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.285473][ T5813] RAX: ffffffffffffffda RBX: 00007f0069f15fa0 RCX: 00007f0069c9cdd9
[  117.285484][ T5813] RDX: 0000000020004890 RSI: 0000200000000080 RDI: 0000000000000003
[  117.285495][ T5813] RBP: 00007f0067eee090 R08: 0000000000000000 R09: 0000000000000000
[  117.285505][ T5813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.285539][ T5813] R13: 00007f0069f16038 R14: 00007f0069f15fa0 R15: 00007fff855dcac8
[  117.285575][ T5813]  </TASK>
[  117.804113][ T5816] FAULT_INJECTION: forcing a failure.
[  117.804113][ T5816] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  117.804149][ T5816] CPU: 0 UID: 0 PID: 5816 Comm: syz.2.3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  117.804173][ T5816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  117.804185][ T5816] Call Trace:
[  117.804193][ T5816]  <TASK>
[  117.804202][ T5816]  dump_stack_lvl+0xe8/0x150
[  117.804235][ T5816]  should_fail_ex+0x46b/0x600
[  117.804276][ T5816]  _copy_from_user+0x2d/0xb0
[  117.804302][ T5816]  kstrtouint_from_user+0xd6/0x180
[  117.804338][ T5816]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  117.804389][ T5816]  proc_fail_nth_write+0x8e/0x210
[  117.804425][ T5816]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  117.804468][ T5816]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  117.804506][ T5816]  vfs_write+0x2a3/0xba0
[  117.804542][ T5816]  ? __pfx_vfs_write+0x10/0x10
[  117.804571][ T5816]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  117.804607][ T5816]  ? lockdep_hardirqs_on+0x7a/0x110
[  117.804631][ T5816]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  117.804657][ T5816]  ? mutex_lock_nested+0x152/0x1d0
[  117.804687][ T5816]  ? fdget_pos+0x252/0x320
[  117.804716][ T5816]  ksys_write+0x156/0x270
[  117.804745][ T5816]  ? __pfx_ksys_write+0x10/0x10
[  117.804780][ T5816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.804805][ T5816]  do_syscall_64+0x15f/0xf80
[  117.804829][ T5816]  ? trace_irq_disable+0x3b/0x140
[  117.804855][ T5816]  ? clear_bhb_loop+0x40/0x90
[  117.804883][ T5816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.804906][ T5816] RIP: 0033:0x7f0e8e2dd60e
[  117.804926][ T5816] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  117.804944][ T5816] RSP: 002b:00007f0e8c54cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  117.804965][ T5816] RAX: ffffffffffffffda RBX: 00007f0e8c54d6c0 RCX: 00007f0e8e2dd60e
[  117.804981][ T5816] RDX: 0000000000000001 RSI: 00007f0e8c54d0a0 RDI: 0000000000000006
[  117.804994][ T5816] RBP: 00007f0e8c54d090 R08: 0000000000000000 R09: 0000000000000000
[  117.805007][ T5816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.805019][ T5816] R13: 00007f0e8e596128 R14: 00007f0e8e596090 R15: 00007fff5928dc88
[  117.805054][ T5816]  </TASK>
[  118.245982][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.246004][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.194606][  T819] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  119.601989][  T819] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  119.602022][  T819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.602043][  T819] usb 3-1: Product: syz
[  119.602058][  T819] usb 3-1: Manufacturer: syz
[  119.602073][  T819] usb 3-1: SerialNumber: syz
[  120.170883][ T5832] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  120.170908][ T5832] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  120.232111][ T5832] vhci_hcd vhci_hcd.0: Device attached
[  120.279326][  T819] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  120.450458][ T5700] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  120.547598][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20'.
[  120.553818][ T5700] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  120.625794][ T5841] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20'.
[  120.919393][   T31] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  121.134059][ T5836] vhci_hcd: connection reset by peer
[  121.188656][ T1114] vhci_hcd vhci_hcd.1: stop threads
[  121.191848][ T1114] vhci_hcd vhci_hcd.1: release socket
[  121.218978][ T1114] vhci_hcd vhci_hcd.1: disconnect device
[  121.393217][ T5834] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  121.565545][ T5834] usb 4-1: device descriptor read/64, error -71
[  122.248924][ T5834] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  122.473937][ T5834] usb 4-1: device descriptor read/64, error -71
[  122.498887][ T5860] FAULT_INJECTION: forcing a failure.
[  122.498887][ T5860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  122.498925][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: syz.1.24 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  122.498950][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  122.498963][ T5860] Call Trace:
[  122.498971][ T5860]  <TASK>
[  122.498980][ T5860]  dump_stack_lvl+0xe8/0x150
[  122.499012][ T5860]  should_fail_ex+0x46b/0x600
[  122.499063][ T5860]  _copy_from_user+0x2d/0xb0
[  122.499090][ T5860]  ucma_notify+0xa0/0x3f0
[  122.499121][ T5860]  ? __pfx_ucma_notify+0x10/0x10
[  122.499161][ T5860]  ucma_write+0x257/0x2f0
[  122.499189][ T5860]  ? __pfx_ucma_write+0x10/0x10
[  122.499216][ T5860]  ? rw_verify_area+0x25b/0x4e0
[  122.499245][ T5860]  vfs_writev+0x4c6/0x9a0
[  122.499277][ T5860]  ? __pfx_ucma_write+0x10/0x10
[  122.499307][ T5860]  ? __pfx_vfs_writev+0x10/0x10
[  122.499359][ T5860]  ? __fget_files+0x2a/0x420
[  122.499384][ T5860]  ? __fget_files+0x3a6/0x420
[  122.499402][ T5860]  ? __fget_files+0x2a/0x420
[  122.499431][ T5860]  do_writev+0x15a/0x2e0
[  122.499463][ T5860]  ? __pfx_do_writev+0x10/0x10
[  122.499503][ T5860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.499532][ T5860]  do_syscall_64+0x15f/0xf80
[  122.499555][ T5860]  ? trace_irq_disable+0x3b/0x140
[  122.499581][ T5860]  ? clear_bhb_loop+0x40/0x90
[  122.499606][ T5860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.499626][ T5860] RIP: 0033:0x7f0069c9cdd9
[  122.499648][ T5860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  122.499665][ T5860] RSP: 002b:00007f0067eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  122.499688][ T5860] RAX: ffffffffffffffda RBX: 00007f0069f15fa0 RCX: 00007f0069c9cdd9
[  122.499703][ T5860] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 000000000000000f
[  122.499734][ T5860] RBP: 00007f0067eee090 R08: 0000000000000000 R09: 0000000000000000
[  122.499747][ T5860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.499759][ T5860] R13: 00007f0069f16038 R14: 00007f0069f15fa0 R15: 00007fff855dcac8
[  122.499791][ T5860]  </TASK>
[  122.775813][ T5834] usb usb4-port1: attempt power cycle
[  123.063552][ T5864] FAULT_INJECTION: forcing a failure.
[  123.063552][ T5864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.063581][ T5864] CPU: 0 UID: 0 PID: 5864 Comm: syz.0.25 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  123.063601][ T5864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  123.063618][ T5864] Call Trace:
[  123.063625][ T5864]  <TASK>
[  123.063632][ T5864]  dump_stack_lvl+0xe8/0x150
[  123.063661][ T5864]  should_fail_ex+0x46b/0x600
[  123.063693][ T5864]  _copy_to_user+0x31/0xb0
[  123.063714][ T5864]  simple_read_from_buffer+0xe1/0x170
[  123.063758][ T5864]  proc_fail_nth_read+0x1be/0x230
[  123.063790][ T5864]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  123.063822][ T5864]  ? rw_verify_area+0x2ac/0x4e0
[  123.063842][ T5864]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  123.063872][ T5864]  vfs_read+0x212/0xa80
[  123.063900][ T5864]  ? __pfx_vfs_read+0x10/0x10
[  123.063923][ T5864]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  123.063945][ T5864]  ? lockdep_hardirqs_on+0x7a/0x110
[  123.063965][ T5864]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  123.063985][ T5864]  ? mutex_lock_nested+0x152/0x1d0
[  123.064013][ T5864]  ? fdget_pos+0x252/0x320
[  123.064040][ T5864]  ksys_read+0x156/0x270
[  123.064068][ T5864]  ? __pfx_ksys_read+0x10/0x10
[  123.064101][ T5864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.064124][ T5864]  do_syscall_64+0x15f/0xf80
[  123.064146][ T5864]  ? trace_irq_disable+0x3b/0x140
[  123.064171][ T5864]  ? clear_bhb_loop+0x40/0x90
[  123.064197][ T5864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.064218][ T5864] RIP: 0033:0x7efc2f39d60e
[  123.064238][ T5864] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  123.064264][ T5864] RSP: 002b:00007efc2d635fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  123.064287][ T5864] RAX: ffffffffffffffda RBX: 00007efc2d6366c0 RCX: 00007efc2f39d60e
[  123.064302][ T5864] RDX: 000000000000000f RSI: 00007efc2d6360a0 RDI: 0000000000000004
[  123.064315][ T5864] RBP: 00007efc2d636090 R08: 0000000000000000 R09: 0000000000000000
[  123.064327][ T5864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.064338][ T5864] R13: 00007efc2f656038 R14: 00007efc2f655fa0 R15: 00007ffc6a71d868
[  123.064370][ T5864]  </TASK>
[  123.236633][   T31] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  123.413432][   T31] ath9k_htc: Failed to initialize the device
[  123.534029][ T5854] syz.2.16 (5854) used greatest stack depth: 19032 bytes left
[  123.561300][   T10] usb 3-1: USB disconnect, device number 2
[  123.703930][ T5834] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  123.861725][ T5834] usb 4-1: device descriptor read/8, error -71
[  123.891643][   T10] usb 3-1: ath9k_htc: USB layer deinitialized
[  124.343193][ T5876] FAULT_INJECTION: forcing a failure.
[  124.343193][ T5876] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.343228][ T5876] CPU: 1 UID: 0 PID: 5876 Comm: syz.4.27 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  124.343252][ T5876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  124.343264][ T5876] Call Trace:
[  124.343272][ T5876]  <TASK>
[  124.343281][ T5876]  dump_stack_lvl+0xe8/0x150
[  124.343330][ T5876]  should_fail_ex+0x46b/0x600
[  124.343373][ T5876]  _copy_from_user+0x2d/0xb0
[  124.343399][ T5876]  memdup_user+0x5e/0xd0
[  124.343435][ T5876]  strndup_user+0x68/0xd0
[  124.343470][ T5876]  __se_sys_mount+0x9d/0x420
[  124.343505][ T5876]  ? ksys_write+0x248/0x270
[  124.343534][ T5876]  ? __pfx___se_sys_mount+0x10/0x10
[  124.343575][ T5876]  ? __x64_sys_mount+0x20/0xc0
[  124.343609][ T5876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.343634][ T5876]  do_syscall_64+0x15f/0xf80
[  124.343661][ T5876]  ? trace_irq_disable+0x3b/0x140
[  124.343687][ T5876]  ? clear_bhb_loop+0x40/0x90
[  124.343715][ T5876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.343738][ T5876] RIP: 0033:0x7fb32cc2cdd9
[  124.343758][ T5876] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  124.343776][ T5876] RSP: 002b:00007fb32ae44028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  124.343799][ T5876] RAX: ffffffffffffffda RBX: 00007fb32cea6180 RCX: 00007fb32cc2cdd9
[  124.343816][ T5876] RDX: 00002000000002c0 RSI: 0000200000000040 RDI: 0000000000000000
[  124.343830][ T5876] RBP: 00007fb32ae44090 R08: 0000200000000580 R09: 0000000000000000
[  124.343845][ T5876] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.343858][ T5876] R13: 00007fb32cea6218 R14: 00007fb32cea6180 R15: 00007fff50fed1a8
[  124.343900][ T5876]  </TASK>
[  126.727741][ T5700] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  128.061040][ T5887] loop2: detected capacity change from 0 to 7
[  129.043740][ T5887] Dev loop2: unable to read RDB block 7
[  129.043772][ T5887]  loop2: AHDI p1 p2 p3
[  129.043802][ T5887] loop2: partition table partially beyond EOD, truncated
[  129.046082][ T5887] loop2: p1 start 1601398130 is beyond EOD, truncated
[  129.046107][ T5887] loop2: p2 start 1702059890 is beyond EOD, truncated
[  130.299635][ T5903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.34'.
[  130.382109][ T5907] netlink: 128 bytes leftover after parsing attributes in process `syz.4.35'.
[  130.583928][ T5911] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  130.583957][ T5911] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  130.584057][ T5911] vhci_hcd vhci_hcd.0: Device attached
[  130.805034][ T5881] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  130.956236][ T5881] usb 5-1: config index 0 descriptor too short (expected 64653, got 45)
[  130.985333][   T31] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  130.987350][ T5881] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  130.987379][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.987400][ T5881] usb 5-1: Product: syz
[  130.987414][ T5881] usb 5-1: Manufacturer: syz
[  130.987429][ T5881] usb 5-1: SerialNumber: syz
[  131.191004][ T5912] vhci_hcd: connection reset by peer
[  131.211231][   T66] vhci_hcd vhci_hcd.3: stop threads
[  131.211251][   T66] vhci_hcd vhci_hcd.3: release socket
[  131.211383][   T66] vhci_hcd vhci_hcd.3: disconnect device
[  131.633008][ T5881] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  131.633074][ T5881] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[  131.691863][ T5881] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  131.691920][ T5881] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  131.767590][ T5881] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  131.838462][ T5881] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  132.013880][ T5881] usb 5-1: USB disconnect, device number 2
[  133.530815][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  133.530922][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  137.756958][   T31] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  139.080915][ T5938] FAULT_INJECTION: forcing a failure.
[  139.080915][ T5938] name failslab, interval 1, probability 0, space 0, times 0
[  139.080951][ T5938] CPU: 1 UID: 0 PID: 5938 Comm: syz.4.44 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  139.080974][ T5938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  139.080986][ T5938] Call Trace:
[  139.080994][ T5938]  <TASK>
[  139.081002][ T5938]  dump_stack_lvl+0xe8/0x150
[  139.081033][ T5938]  should_fail_ex+0x46b/0x600
[  139.081073][ T5938]  should_failslab+0xa8/0x100
[  139.081100][ T5938]  kmem_cache_alloc_noprof+0x87/0x680
[  139.081125][ T5938]  ? io_submit_one+0x130/0x14c0
[  139.081165][ T5938]  io_submit_one+0x130/0x14c0
[  139.081195][ T5938]  ? irqentry_exit+0x218/0x730
[  139.081218][ T5938]  ? lockdep_hardirqs_on+0x7a/0x110
[  139.081241][ T5938]  ? irqentry_exit+0x218/0x730
[  139.081289][ T5938]  ? __pfx_io_submit_one+0x10/0x10
[  139.081317][ T5938]  ? __might_fault+0xaf/0x130
[  139.081355][ T5938]  ? __might_fault+0xaf/0x130
[  139.081385][ T5938]  __se_sys_io_submit+0x195/0x340
[  139.081413][ T5938]  ? __pfx___se_sys_io_submit+0x10/0x10
[  139.081435][ T5938]  ? ksys_write+0x248/0x270
[  139.081487][ T5938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.081511][ T5938]  do_syscall_64+0x15f/0xf80
[  139.081534][ T5938]  ? trace_irq_disable+0x3b/0x140
[  139.081559][ T5938]  ? clear_bhb_loop+0x40/0x90
[  139.081589][ T5938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.081611][ T5938] RIP: 0033:0x7fb32cc2cdd9
[  139.081630][ T5938] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  139.081647][ T5938] RSP: 002b:00007fb32ae86028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  139.081669][ T5938] RAX: ffffffffffffffda RBX: 00007fb32cea5fa0 RCX: 00007fb32cc2cdd9
[  139.081684][ T5938] RDX: 0000200000001d00 RSI: 0000000000000001 RDI: 00007fb32d9e0000
[  139.081698][ T5938] RBP: 00007fb32ae86090 R08: 0000000000000000 R09: 0000000000000000
[  139.081710][ T5938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.081722][ T5938] R13: 00007fb32cea6038 R14: 00007fb32cea5fa0 R15: 00007fff50fed1a8
[  139.081755][ T5938]  </TASK>
[  140.076483][ T5953] Bluetooth: MGMT ver 1.23
[  142.432197][ T5959] syz.0.51 uses obsolete (PF_INET,SOCK_PACKET)
[  142.569264][ T5618] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  142.613025][ T5618] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  142.631960][ T5618] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  142.672962][ T5618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  142.684087][ T5618] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  142.803754][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  142.933850][   T10] usb 5-1: device descriptor read/64, error -71
[  143.178813][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  143.213798][   T31] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  143.313860][   T10] usb 5-1: device descriptor read/64, error -71
[  143.399962][   T31] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  143.399996][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.400018][   T31] usb 4-1: Product: syz
[  143.400034][   T31] usb 4-1: Manufacturer: syz
[  143.400049][   T31] usb 4-1: SerialNumber: syz
[  143.442481][   T10] usb usb5-port1: attempt power cycle
[  144.386291][   T31] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  144.408288][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  144.426688][   T10] usb 5-1: device descriptor read/8, error -71
[  144.515741][ T5846] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  144.696145][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  144.824315][   T10] usb 5-1: device descriptor read/8, error -71
[  144.934324][   T10] usb usb5-port1: unable to enumerate USB device
[  144.946286][ T5618] Bluetooth: hci5: command tx timeout
[  145.654217][ T5846] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  145.672748][ T5846] ath9k_htc: Failed to initialize the device
[  146.179218][ T5846] usb 4-1: ath9k_htc: USB layer deinitialized
[  147.872005][ T5618] Bluetooth: hci5: command tx timeout
[  150.582122][ T5618] Bluetooth: hci5: command tx timeout
[  152.013068][    T9] usb 4-1: USB disconnect, device number 6
[  152.272123][   T56] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.880296][ T5618] Bluetooth: hci5: command tx timeout
[  154.404300][ T6019] FAULT_INJECTION: forcing a failure.
[  154.404300][ T6019] name failslab, interval 1, probability 0, space 0, times 0
[  154.404339][ T6019] CPU: 0 UID: 0 PID: 6019 Comm: syz.3.63 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  154.404363][ T6019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  154.404376][ T6019] Call Trace:
[  154.404384][ T6019]  <TASK>
[  154.404394][ T6019]  dump_stack_lvl+0xe8/0x150
[  154.404425][ T6019]  should_fail_ex+0x46b/0x600
[  154.404468][ T6019]  should_failslab+0xa8/0x100
[  154.404497][ T6019]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  154.404524][ T6019]  ? __alloc_skb+0x1d0/0x7d0
[  154.404547][ T6019]  ? lockdep_hardirqs_on+0x7a/0x110
[  154.404577][ T6019]  __alloc_skb+0x1d0/0x7d0
[  154.404607][ T6019]  netlink_sendmsg+0x5d4/0xb40
[  154.404644][ T6019]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.404674][ T6019]  ? unwind_get_return_address+0x4d/0x90
[  154.404708][ T6019]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  154.404736][ T6019]  ____sys_sendmsg+0x94c/0x9c0
[  154.404770][ T6019]  ? __pfx_____sys_sendmsg+0x10/0x10
[  154.404807][ T6019]  ? import_iovec+0x73/0xa0
[  154.404835][ T6019]  ___sys_sendmsg+0x2a5/0x360
[  154.404863][ T6019]  ? __lock_acquire+0x6b5/0x2cf0
[  154.404898][ T6019]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.404963][ T6019]  ? __fget_files+0x2a/0x420
[  154.404984][ T6019]  ? __fget_files+0x3a6/0x420
[  154.405015][ T6019]  __x64_sys_sendmsg+0x1c3/0x2a0
[  154.405047][ T6019]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  154.405097][ T6019]  ? __pfx_ksys_write+0x10/0x10
[  154.405132][ T6019]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.405157][ T6019]  do_syscall_64+0x15f/0xf80
[  154.405181][ T6019]  ? trace_irq_disable+0x3b/0x140
[  154.405207][ T6019]  ? clear_bhb_loop+0x40/0x90
[  154.405247][ T6019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.405269][ T6019] RIP: 0033:0x7f371771cdd9
[  154.405289][ T6019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  154.405306][ T6019] RSP: 002b:00007f371596e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.405328][ T6019] RAX: ffffffffffffffda RBX: 00007f3717995fa0 RCX: 00007f371771cdd9
[  154.405344][ T6019] RDX: 00000000200080c4 RSI: 0000200000000080 RDI: 0000000000000003
[  154.405357][ T6019] RBP: 00007f371596e090 R08: 0000000000000000 R09: 0000000000000000
[  154.405370][ T6019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.405382][ T6019] R13: 00007f3717996038 R14: 00007f3717995fa0 R15: 00007ffd38670ce8
[  154.405415][ T6019]  </TASK>
[  154.792938][   T56] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.905641][ T6021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.64'.
[  155.650408][   T56] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.693865][ T5846] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  155.836415][ T5607] hid (null): unknown global tag 0x50
[  155.906247][ T5846] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  155.906278][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.906298][ T5846] usb 4-1: Product: syz
[  155.906314][ T5846] usb 4-1: Manufacturer: syz
[  155.906329][ T5846] usb 4-1: SerialNumber: syz
[  156.038369][ T5846] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  156.062050][   T31] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  156.283955][ T5712] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  156.732113][ T5712] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  156.761453][ T5712] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.761485][ T5712] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.761506][ T5712] usb 1-1: Product: 鰡熪쁄酫ন┪ゾꥅ⌐吺錮鼪쒓ᬼ䝤ꂅᷨ넅삜칦칞植롑纒㉸볒麥㤝㳠沪᫾ޜ䙩ᠪ냷鬣翨ꚫ£Ž갠핹ᇀ吏㘦颗࿵Ⴢ蜹㓙ꐱ⏱ᱚ핒糵ꞇ듰᝘ꊯ᧞扻뷘䍹ਾ淴ᑛ힎瓵渕㕮㱧繤ｑꁏ癨溉樥ꄗ楞猱렋ꮤ縂Ő㛴팣鄨√ꨴロ룁㥂ꔞ슩햿哬혛⿅챝綰四ʕ
[  156.761626][ T5712] usb 1-1: Manufacturer: ⠊
[  156.761642][ T5712] usb 1-1: SerialNumber: щ
[  157.222203][   T31] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  157.222417][   T31] ath9k_htc: Failed to initialize the device
[  157.343268][ T5607] hid-generic 0011:3C0DD165:000D.0001: unknown main item tag 0x1
[  157.343362][ T5607] hid-generic 0011:3C0DD165:000D.0001: item 0 4 0 8 parsing failed
[  157.349456][ T5607] hid-generic 0011:3C0DD165:000D.0001: probe with driver hid-generic failed with error -22
[  159.685925][ T5712] usb 1-1: can't set config #1, error -71
[  159.758987][ T5712] usb 1-1: USB disconnect, device number 2
[  159.894550][   T56] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.729058][   T31] usb 4-1: ath9k_htc: USB layer deinitialized
[  160.806888][ T5846] usb 4-1: USB disconnect, device number 7
[  161.001283][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'.
[  161.001320][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'.
[  161.746294][ T6053] tc_dump_action: action bad kind
[  162.654121][ T6070] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  164.129009][ T6084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.77'.
[  164.451270][   T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  164.718876][   T31] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  164.718918][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.718974][   T31] usb 1-1: Product: syz
[  164.718990][   T31] usb 1-1: Manufacturer: syz
[  164.719050][   T31] usb 1-1: SerialNumber: syz
[  165.957583][   T31] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  166.000940][ T5863] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  167.257100][ T5863] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  167.257472][ T5863] ath9k_htc: Failed to initialize the device
[  168.073276][ T5863] usb 1-1: ath9k_htc: USB layer deinitialized
[  168.317906][ T5712] usb 1-1: USB disconnect, device number 3
[  169.041489][ T6119] netlink: 48 bytes leftover after parsing attributes in process `syz.3.87'.
[  171.045103][   T56] bridge_slave_1: left allmulticast mode
[  171.045244][   T56] bridge_slave_1: left promiscuous mode
[  171.047930][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.328847][   T56] bridge_slave_0: left allmulticast mode
[  171.328874][   T56] bridge_slave_0: left promiscuous mode
[  171.329062][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.144424][   T31] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  172.820527][   T31] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  172.820718][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.820790][   T31] usb 4-1: Product: syz
[  172.820857][   T31] usb 4-1: Manufacturer: syz
[  172.820898][   T31] usb 4-1: SerialNumber: syz
[  173.042901][   T31] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  173.080622][ T5863] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  174.225474][ T5863] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  174.225878][ T5863] ath9k_htc: Failed to initialize the device
[  174.273480][ T5863] usb 4-1: ath9k_htc: USB layer deinitialized
[  175.170211][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  175.215348][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  175.239737][   T56] bond0 (unregistering): Released all slaves
[  176.008186][   T10] usb 4-1: USB disconnect, device number 8
[  176.215632][ T6109] bridge1: the hash_elasticity option has been deprecated and is always 16
[  176.461998][ T6159] FAULT_INJECTION: forcing a failure.
[  176.461998][ T6159] name failslab, interval 1, probability 0, space 0, times 0
[  176.462034][ T6159] CPU: 1 UID: 0 PID: 6159 Comm: syz.1.101 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  176.462057][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  176.462070][ T6159] Call Trace:
[  176.462078][ T6159]  <TASK>
[  176.462086][ T6159]  dump_stack_lvl+0xe8/0x150
[  176.462115][ T6159]  should_fail_ex+0x46b/0x600
[  176.462154][ T6159]  should_failslab+0xa8/0x100
[  176.462182][ T6159]  __kmalloc_noprof+0xdf/0x7b0
[  176.462205][ T6159]  ? tomoyo_encode+0x28b/0x550
[  176.462254][ T6159]  tomoyo_encode+0x28b/0x550
[  176.462300][ T6159]  tomoyo_realpath_from_path+0x58d/0x5d0
[  176.462345][ T6159]  ? tomoyo_path_number_perm+0x219/0x630
[  176.462376][ T6159]  tomoyo_path_number_perm+0x246/0x630
[  176.462409][ T6159]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  176.462436][ T6159]  ? __lock_acquire+0x6b5/0x2cf0
[  176.462469][ T6159]  ? __schedule+0x1697/0x54c0
[  176.462501][ T6159]  ? ktime_get_update_offsets_now+0x5d/0x3e0
[  176.462556][ T6159]  ? __fget_files+0x2a/0x420
[  176.462581][ T6159]  ? __fget_files+0x2a/0x420
[  176.462599][ T6159]  ? __fget_files+0x3a6/0x420
[  176.462618][ T6159]  ? __fget_files+0x2a/0x420
[  176.462641][ T6159]  security_file_ioctl+0xc3/0x2a0
[  176.462674][ T6159]  __se_sys_ioctl+0x47/0x170
[  176.462700][ T6159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.462725][ T6159]  do_syscall_64+0x15f/0xf80
[  176.462750][ T6159]  ? clear_bhb_loop+0x40/0x90
[  176.462779][ T6159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.462801][ T6159] RIP: 0033:0x7f0069c9cdd9
[  176.462836][ T6159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  176.462853][ T6159] RSP: 002b:00007f0067eee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  176.462875][ T6159] RAX: ffffffffffffffda RBX: 00007f0069f15fa0 RCX: 00007f0069c9cdd9
[  176.462891][ T6159] RDX: 0000200000000200 RSI: 00000000c0a85352 RDI: 0000000000000006
[  176.462905][ T6159] RBP: 00007f0067eee090 R08: 0000000000000000 R09: 0000000000000000
[  176.462918][ T6159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.462931][ T6159] R13: 00007f0069f16038 R14: 00007f0069f15fa0 R15: 00007fff855dcac8
[  176.462966][ T6159]  </TASK>
[  176.463004][ T6159] ERROR: Out of memory at tomoyo_realpath_from_path.
[  177.103840][ T5962] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.104055][ T5962] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.104256][ T5962] bridge_slave_0: entered allmulticast mode
[  177.112158][ T5962] bridge_slave_0: entered promiscuous mode
[  178.208585][ T6167] netlink: 'syz.3.100': attribute type 21 has an invalid length.
[  179.575232][ T5962] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.575385][ T5962] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.575608][ T5962] bridge_slave_1: entered allmulticast mode
[  179.623849][ T5962] bridge_slave_1: entered promiscuous mode
[  179.626589][ T6167] netlink: 160 bytes leftover after parsing attributes in process `syz.3.100'.
[  179.655207][ T5257] 8021q: adding VLAN 0 to HW filter on device eth1
[  179.663578][ T6197] sg_write: data in/out 210250/3 bytes for SCSI command 0x14-- guessing data in;
[  179.663578][ T6197]    program syz.0.99 not setting count and/or reply_len properly
[  179.779052][ T5962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.829650][ T5962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.498935][ T5607] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  181.177172][ T5618] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  181.177344][ T5618] Bluetooth: hci2: Injecting HCI hardware error event
[  181.182776][ T5618] Bluetooth: hci2: hardware error 0x00
[  181.998758][ T5607] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  181.998789][ T5607] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.998809][ T5607] usb 2-1: Product: syz
[  181.998824][ T5607] usb 2-1: Manufacturer: syz
[  181.998838][ T5607] usb 2-1: SerialNumber: syz
[  182.077297][ T5607] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  182.102334][ T5728] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  183.479096][ T5728] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  183.481094][ T5728] ath9k_htc: Failed to initialize the device
[  183.593041][ T5962] team0: Port device team_slave_0 added
[  183.627430][ T5728] usb 2-1: ath9k_htc: USB layer deinitialized
[  184.166764][ T5962] team0: Port device team_slave_1 added
[  184.223781][ T5618] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  184.223936][ T5712] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  184.390197][ T5712] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.390380][ T5712] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  184.390428][ T5712] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  184.390473][ T5712] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  184.390496][ T5712] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.539078][ T5712] usb 5-1: config 0 descriptor??
[  184.790752][   T36] usb 2-1: USB disconnect, device number 4
[  184.920504][ T5712] usb 5-1: USB disconnect, device number 7
[  185.188345][ T6237] netlink: 'syz.1.117': attribute type 21 has an invalid length.
[  185.376745][ T6237] netlink: 160 bytes leftover after parsing attributes in process `syz.1.117'.
[  185.392790][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  185.392809][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  185.392838][ T5962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  185.437299][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  185.437354][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  185.437425][ T5962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  186.443038][ T6243] serio: Serial port ttyS3
[  187.087490][ T6262] sg_write: data in/out 210250/3 bytes for SCSI command 0x14-- guessing data in;
[  187.087490][ T6262]    program syz.4.119 not setting count and/or reply_len properly
[  187.126908][   T56] hsr_slave_0: left promiscuous mode
[  187.183845][   T56] hsr_slave_1: left promiscuous mode
[  187.188222][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  187.188309][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  187.236512][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.236542][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  187.289668][   T56] veth1_macvtap: left promiscuous mode
[  187.290530][   T56] veth0_macvtap: left promiscuous mode
[  187.290730][   T56] veth1_vlan: left promiscuous mode
[  187.290957][   T56] veth0_vlan: left promiscuous mode
[  189.173797][ T5618] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  189.173985][ T5618] Bluetooth: hci0: Injecting HCI hardware error event
[  189.175714][ T5605] Bluetooth: hci0: hardware error 0x00
[  189.179611][   T56] team0 (unregistering): Port device team_slave_1 removed
[  189.272711][   T56] team0 (unregistering): Port device team_slave_0 removed
[  189.585276][ T5257] 8021q: adding VLAN 0 to HW filter on device eth2
[  189.831549][ T5962] hsr_slave_0: entered promiscuous mode
[  189.840822][ T5962] hsr_slave_1: entered promiscuous mode
[  189.854943][ T5962] debugfs: 'hsr0' already exists in 'hsr'
[  189.854970][ T5962] Cannot create hsr debugfs directory
[  191.735030][ T5605] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  192.584645][   T36] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  192.627465][ T5863] hid (null): unknown global tag 0x50
[  192.779603][   T36] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.779660][   T36] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  192.779692][   T36] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  192.779735][   T36] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  192.779760][   T36] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.904710][  T819] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  192.992221][   T36] usb 1-1: config 0 descriptor??
[  193.031653][ T5863] hid-generic 0011:3C0DD165:000D.0002: unknown main item tag 0x1
[  193.031723][ T5863] hid-generic 0011:3C0DD165:000D.0002: item 0 4 0 8 parsing failed
[  193.032493][ T5863] hid-generic 0011:3C0DD165:000D.0002: probe with driver hid-generic failed with error -22
[  193.076829][  T819] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  193.079926][  T819] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  193.079958][  T819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.079980][  T819] usb 4-1: Product: 鰡熪쁄酫ন┪ゾꥅ⌐吺錮鼪쒓ᬼ䝤ꂅᷨ넅삜칦칞植롑纒㉸볒麥㤝㳠沪᫾ޜ䙩ᠪ냷鬣翨ꚫ£Ž갠핹ᇀ吏㘦颗࿵Ⴢ蜹㓙ꐱ⏱ᱚ핒糵ꞇ듰᝘ꊯ᧞扻뷘䍹ਾ淴ᑛ힎瓵渕㕮㱧繤ｑꁏ癨溉樥ꄗ楞猱렋ꮤ縂Ő㛴팣鄨√ꨴロ룁㥂ꔞ슩햿哬혛⿅챝綰四ʕ
[  193.080015][  T819] usb 4-1: Manufacturer: ⠊
[  193.080031][  T819] usb 4-1: SerialNumber: щ
[  193.520560][   T36] usb 1-1: USB disconnect, device number 4
[  193.731190][  T819] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  193.731245][  T819] cdc_ncm 4-1:1.0: bind() failure
[  193.912488][  T819] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  193.912537][  T819] cdc_ncm 4-1:1.1: bind() failure
[  194.053300][  T819] usb 4-1: USB disconnect, device number 9
[  194.216806][ T5257] 8021q: adding VLAN 0 to HW filter on device eth3
[  194.397893][ T5728] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  194.499095][ T1335] ieee802154 phy0 wpan0: encryption failed: -22
[  194.499185][ T1335] ieee802154 phy1 wpan1: encryption failed: -22
[  194.914923][ T6333] loop2: detected capacity change from 0 to 7
[  195.568787][ T5728] usb 5-1: Using ep0 maxpacket: 8
[  195.570645][ T6333] Dev loop2: unable to read RDB block 7
[  195.570675][ T6333]  loop2: AHDI p1 p2 p3
[  195.570706][ T6333] loop2: partition table partially beyond EOD, truncated
[  195.570996][ T6333] loop2: p1 start 1601398130 is beyond EOD, truncated
[  195.571017][ T6333] loop2: p2 start 1702059890 is beyond EOD, truncated
[  195.594274][ T5728] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  195.594312][ T5728] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  195.594336][ T5728] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  195.594361][ T5728] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  195.594384][ T5728] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  195.594426][ T5728] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  195.594449][ T5728] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.854467][ T5728] usb 5-1: config 0 descriptor??
[  196.253730][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  196.405872][    T9] usb 2-1: Using ep0 maxpacket: 32
[  196.420527][    T9] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  196.420557][    T9] usb 2-1: config 0 has no interface number 0
[  196.420607][    T9] usb 2-1: config 0 interface 12 has no altsetting 0
[  196.425726][    T9] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  196.425754][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.425773][    T9] usb 2-1: Product: syz
[  196.425787][    T9] usb 2-1: Manufacturer: syz
[  196.425800][    T9] usb 2-1: SerialNumber: syz
[  196.537947][ T5605] Bluetooth: hci3: urb ffff888029b3d100 submission failed (90)
[  196.654055][    T9] usb 2-1: config 0 descriptor??
[  196.885613][  T819] usb 5-1: USB disconnect, device number 8
[  197.781104][ T5962] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  197.913370][ T6332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.978118][ T6332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.066158][    T9] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  198.066228][    T9] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  198.066246][    T9] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  198.066347][    T9] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  198.127668][    T9] usb 2-1: USB disconnect, device number 5
[  198.159356][ T5962] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  198.160526][ T5962] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  198.346351][  T819] hid (null): unknown global tag 0x50
[  198.434329][  T819] hid-generic 0011:3C0DD165:000D.0003: unknown main item tag 0x1
[  198.434399][  T819] hid-generic 0011:3C0DD165:000D.0003: item 0 4 0 8 parsing failed
[  198.435152][  T819] hid-generic 0011:3C0DD165:000D.0003: probe with driver hid-generic failed with error -22
[  198.489669][ T5962] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  198.519646][ T6353] syz.0.144 (6353) used greatest stack depth: 16224 bytes left
[  198.675998][ T5712] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  198.741391][ T5962] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  198.817045][ T5962] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  198.833443][ T5962] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  198.856007][ T5712] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  198.880807][ T5712] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  198.880839][ T5712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.880860][ T5712] usb 4-1: Product: 鰡熪쁄酫ন┪ゾꥅ⌐吺錮鼪쒓ᬼ䝤ꂅᷨ넅삜칦칞植롑纒㉸볒麥㤝㳠沪᫾ޜ䙩ᠪ냷鬣翨ꚫ£Ž갠핹ᇀ吏㘦颗࿵Ⴢ蜹㓙ꐱ⏱ᱚ핒糵ꞇ듰᝘ꊯ᧞扻뷘䍹ਾ淴ᑛ힎瓵渕㕮㱧繤ｑꁏ癨溉樥ꄗ楞猱렋ꮤ縂Ő㛴팣鄨√ꨴロ룁㥂ꔞ슩햿哬혛⿅챝綰四ʕ
[  198.880894][ T5712] usb 4-1: Manufacturer: ⠊
[  198.880909][ T5712] usb 4-1: SerialNumber: щ
[  199.365132][ T5962] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  200.244930][ T5712] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  200.244981][ T5712] cdc_ncm 4-1:1.0: bind() failure
[  200.288377][ T5712] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  200.288418][ T5712] cdc_ncm 4-1:1.1: bind() failure
[  200.608789][ T5712] usb 4-1: USB disconnect, device number 10
[  200.697182][ T5257] 8021q: adding VLAN 0 to HW filter on device eth4
[  200.700381][ T6388] netlink: 168 bytes leftover after parsing attributes in process `syz.1.152'.
[  201.326431][ T5618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  201.380049][ T5618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  201.382329][ T5618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  201.405329][ T5618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  201.408764][ T5618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  201.623333][ T6405] netlink: 144 bytes leftover after parsing attributes in process `syz.1.155'.
[  201.976154][  T819] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  202.185114][  T819] usb 4-1: Using ep0 maxpacket: 8
[  202.188195][  T819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  202.188231][  T819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  202.188255][  T819] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  202.188280][  T819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  202.188303][  T819] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  202.188349][  T819] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  202.188374][  T819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.287927][  T819] usb 4-1: config 0 descriptor??
[  202.461106][ T5618] Bluetooth: hci6: urb ffff88802b651100 submission failed (90)
[  202.993824][ T5712] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  203.362413][ T6426] serio: Serial port ttyS3
[  203.449081][ T5712] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  203.449115][ T5712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.449137][ T5712] usb 2-1: Product: syz
[  203.449153][ T5712] usb 2-1: Manufacturer: syz
[  203.449168][ T5712] usb 2-1: SerialNumber: syz
[  203.519470][ T5712] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  203.543895][   T31] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  203.610411][ T5618] Bluetooth: hci3: command tx timeout
[  204.056865][   T36] usb 4-1: USB disconnect, device number 11
[  205.183708][   T31] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  205.183897][   T31] ath9k_htc: Failed to initialize the device
[  206.626119][  T819] usb 2-1: USB disconnect, device number 6
[  206.652962][ T5618] Bluetooth: hci3: command tx timeout
[  206.684596][  T819] usb 2-1: ath9k_htc: USB layer deinitialized
[  206.692621][    C1] dummy_hcd dummy_hcd.1: timer fired with no URBs pending?
[  208.553140][ T5712] ------------[ cut here ]------------
[  208.553155][ T5712] faux_driver vkms: [drm] vblank wait timed out on crtc 0
[  208.553179][ T5712] WARNING: drivers/gpu/drm/drm_vblank.c:1320 at drm_crtc_wait_one_vblank+0x357/0x500, CPU#1: kworker/1:5/5712
[  208.553222][ T5712] Modules linked in:
[  208.553241][ T5712] CPU: 1 UID: 0 PID: 5712 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  208.553273][ T5712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  208.553287][ T5712] Workqueue: events drm_fb_helper_damage_work
[  208.553313][ T5712] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500
[  208.553338][ T5712] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a af d0 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff
[  208.553356][ T5712] RSP: 0000:ffffc900051d78c0 EFLAGS: 00010246
[  208.553373][ T5712] RAX: 1ffff11004b43e00 RBX: ffffffff8f93e460 RCX: 0000000000000000
[  208.553388][ T5712] RDX: ffffffff8bc048e0 RSI: ffffffff8bc21000 RDI: ffffffff8f93e460
[  208.553404][ T5712] RBP: ffffc900051d79a8 R08: 0000000000000000 R09: 0000000000000000
[  208.553417][ T5712] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffffffff8bc21000
[  208.553452][ T5712] R13: ffff888025a1f000 R14: 0000000000000000 R15: ffffffff8bc048e0
[  208.553467][ T5712] FS:  0000000000000000(0000) GS:ffff888126279000(0000) knlGS:0000000000000000
[  208.553484][ T5712] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  208.553499][ T5712] CR2: 000000110c2e61e8 CR3: 0000000062192000 CR4: 00000000003526f0
[  208.553517][ T5712] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  208.553543][ T5712] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  208.553557][ T5712] Call Trace:
[  208.553565][ T5712]  <TASK>
[  208.553579][ T5712]  ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10
[  208.553658][ T5712]  ? __pfx_autoremove_wake_function+0x10/0x10
[  208.553691][ T5712]  ? rt_spin_unlock+0x160/0x200
[  208.553726][ T5712]  ? drm_vblank_get+0x147/0x260
[  208.553752][ T5712]  drm_client_modeset_wait_for_vblank+0xc5/0xf0
[  208.553789][ T5712]  drm_fb_helper_damage_work+0x131/0x6f0
[  208.553817][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.553848][ T5712]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  208.553875][ T5712]  ? preempt_schedule_thunk+0x16/0x30
[  208.553909][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.553932][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.553958][ T5712]  process_scheduled_works+0xb5d/0x1860
[  208.554017][ T5712]  ? __pfx_process_scheduled_works+0x10/0x10
[  208.554051][ T5712]  ? assign_work+0x3d5/0x5e0
[  208.554080][ T5712]  worker_thread+0xa53/0xfc0
[  208.554136][ T5712]  kthread+0x388/0x470
[  208.554169][ T5712]  ? __pfx_worker_thread+0x10/0x10
[  208.554192][ T5712]  ? __pfx_kthread+0x10/0x10
[  208.554223][ T5712]  ret_from_fork+0x514/0xb70
[  208.554260][ T5712]  ? __pfx_ret_from_fork+0x10/0x10
[  208.554285][ T5712]  ? __switch_to+0xc79/0x1410
[  208.554322][ T5712]  ? __pfx_kthread+0x10/0x10
[  208.554372][ T5712]  ret_from_fork_asm+0x1a/0x30
[  208.554421][ T5712]  </TASK>
[  208.554433][ T5712] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  208.554448][ T5712] CPU: 1 UID: 0 PID: 5712 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  208.554472][ T5712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  208.554485][ T5712] Workqueue: events drm_fb_helper_damage_work
[  208.554511][ T5712] Call Trace:
[  208.554520][ T5712]  <TASK>
[  208.554528][ T5712]  vpanic+0x56c/0xa60
[  208.554558][ T5712]  ? __pfx__printk+0x10/0x10
[  208.554595][ T5712]  ? __pfx_vpanic+0x10/0x10
[  208.554621][ T5712]  ? is_bpf_text_address+0x292/0x2b0
[  208.554652][ T5712]  ? is_bpf_text_address+0x26/0x2b0
[  208.554693][ T5712]  panic+0xc5/0xd0
[  208.554721][ T5712]  ? __pfx_panic+0x10/0x10
[  208.554760][ T5712]  ? ret_from_fork_asm+0x1a/0x30
[  208.554795][ T5712]  __warn+0x315/0x4c0
[  208.554821][ T5712]  ? drm_crtc_wait_one_vblank+0x357/0x500
[  208.554849][ T5712]  ? drm_crtc_wait_one_vblank+0x357/0x500
[  208.554876][ T5712]  __report_bug+0x29a/0x540
[  208.554907][ T5712]  ? drm_crtc_wait_one_vblank+0x357/0x500
[  208.554933][ T5712]  ? __pfx___report_bug+0x10/0x10
[  208.554982][ T5712]  report_bug_entry+0x19a/0x290
[  208.555007][ T5712]  ? drm_crtc_wait_one_vblank+0x4b6/0x500
[  208.555030][ T5712]  ? drm_crtc_wait_one_vblank+0x4bb/0x500
[  208.555055][ T5712]  handle_bug+0xce/0x200
[  208.555086][ T5712]  exc_invalid_op+0x1a/0x50
[  208.555115][ T5712]  asm_exc_invalid_op+0x1a/0x20
[  208.555137][ T5712] RIP: 0010:drm_crtc_wait_one_vblank+0x4b6/0x500
[  208.555163][ T5712] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 2a af d0 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 e9 f4 ff ff b8 92 ff ff ff
[  208.555181][ T5712] RSP: 0000:ffffc900051d78c0 EFLAGS: 00010246
[  208.555199][ T5712] RAX: 1ffff11004b43e00 RBX: ffffffff8f93e460 RCX: 0000000000000000
[  208.555214][ T5712] RDX: ffffffff8bc048e0 RSI: ffffffff8bc21000 RDI: ffffffff8f93e460
[  208.555230][ T5712] RBP: ffffc900051d79a8 R08: 0000000000000000 R09: 0000000000000000
[  208.555244][ T5712] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffffffff8bc21000
[  208.555268][ T5712] R13: ffff888025a1f000 R14: 0000000000000000 R15: ffffffff8bc048e0
[  208.555310][ T5712]  ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10
[  208.555337][ T5712]  ? __pfx_autoremove_wake_function+0x10/0x10
[  208.555369][ T5712]  ? rt_spin_unlock+0x160/0x200
[  208.555405][ T5712]  ? drm_vblank_get+0x147/0x260
[  208.555433][ T5712]  drm_client_modeset_wait_for_vblank+0xc5/0xf0
[  208.555471][ T5712]  drm_fb_helper_damage_work+0x131/0x6f0
[  208.555501][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.555532][ T5712]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  208.555560][ T5712]  ? preempt_schedule_thunk+0x16/0x30
[  208.555596][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.555620][ T5712]  ? process_scheduled_works+0xa70/0x1860
[  208.555648][ T5712]  process_scheduled_works+0xb5d/0x1860
[  208.555710][ T5712]  ? __pfx_process_scheduled_works+0x10/0x10
[  208.555743][ T5712]  ? assign_work+0x3d5/0x5e0
[  208.555775][ T5712]  worker_thread+0xa53/0xfc0
[  208.555833][ T5712]  kthread+0x388/0x470
[  208.555865][ T5712]  ? __pfx_worker_thread+0x10/0x10
[  208.555888][ T5712]  ? __pfx_kthread+0x10/0x10
[  208.555920][ T5712]  ret_from_fork+0x514/0xb70
[  208.555950][ T5712]  ? __pfx_ret_from_fork+0x10/0x10
[  208.555976][ T5712]  ? __switch_to+0xc79/0x1410
[  208.556015][ T5712]  ? __pfx_kthread+0x10/0x10
[  208.556048][ T5712]  ret_from_fork_asm+0x1a/0x30
[  208.556097][ T5712]  </TASK>
[  208.556266][ T5712] Kernel Offset: disabled