last executing test programs:

1m56.889607908s ago: executing program 4 (id=1256):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d0400", 0xc)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140), 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0xfffffffffffffe63, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})

1m56.72988968s ago: executing program 4 (id=1258):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
r3 = socket(0x1, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000240), &(0x7f0000000240)=@tcp6=r3, 0x2}, 0x20)
r4 = socket$inet6(0xa, 0x3, 0x3c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r9, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000003c0)={0x24, r8, 0x1, 0x70bd29, 0x4000, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_TDLS_ACTION={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r7, 0x800, 0x9, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x0, 0x6d}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r11 = syz_open_dev$usbfs(&(0x7f0000000180), 0x203, 0x1051c3)
fcntl$dupfd(r11, 0x0, r11)

1m54.142718471s ago: executing program 4 (id=1266):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
chdir(&(0x7f00000001c0)='./file0/../file0/file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="e8000000000000000b210000ff3f7c081e0f315b91fcaec7bf495d5c618332756cbb1bb9ce6d12b9d976d1f33aca41e50a3342bcd67c311f7885a05c3fcf2ae21f1498ec481e7ca2c3ca4c7b3bf94448f62e111e5a79929b9182cc977ba6ae766ce37bdaac6da997fbc15f0c79f42155b99a280667b51fdc7902d7be5ef41f953fedb32aceeada13250626957eff13d5b12cc916541ccbeb0d4060a4dd89664eaba2f6b4ede0c9e3dc1c9446d9284ebe0e46eee7bc145ff0a2779c025553298812978ea53a8c60f254f23344a80a0aac7b141787bad6b0ba090000005f2f3158f0d200000000000070000000000000000701000040000000afbb30c2946e41ef3167d1f6ed47aa1f52bad114a89dbed741f74a23cd8d915e2dcc74a4932646b90f90a9d3956d5cadb642ac79fcb0aae3654482188263abd27e9d57cc28032453dc75f333e1f367ab38b7e7719805a454e79802d07ec60c00b0000000000000000100000001"], 0x208}, 0x0)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x208}, 0x0) (fail_nth: 5)
recvmmsg(0xffffffffffffffff, &(0x7f0000007600)=[{{0x0, 0x0, &(0x7f0000003440)=[{0x0}, {0x0}, {&(0x7f0000004540)=""/240, 0xf0}], 0x3}}], 0x1, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000001dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=""/188, 0xbc, 0xdf0e}}], 0x1800, 0x2002, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x101091, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="000008008e9e00000000140000004500801600660000000190780a010100ac1414aa05009078e000"], 0xfdef)

1m52.834933734s ago: executing program 4 (id=1272):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
ioctl$SIOCRSSCAUSE(r0, 0x89e1, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x81b}}, './file0\x00'})
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008c"])
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r7 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
r8 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r8, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r8, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x6, 0xffff, 0x6, 0x3, 0x27ff, 0x87, 0x42, 0xbb6, 0x19, 0x8, {0x8, 0x802}, 0xd0, 0x7}})
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)

1m51.586479191s ago: executing program 4 (id=1277):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
r3 = socket(0x1, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000240), &(0x7f0000000240)=@tcp6=r3, 0x2}, 0x20)
r4 = socket$inet6(0xa, 0x3, 0x3c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r9, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000003c0)={0x24, r8, 0x1, 0x70bd29, 0x4000, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_TDLS_ACTION={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r6, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r7, 0x800, 0x9, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x0, 0x6d}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x80)
r11 = syz_open_dev$usbfs(&(0x7f0000000180), 0x203, 0x1051c3)
fcntl$dupfd(r11, 0x0, r11)

1m50.75913831s ago: executing program 4 (id=1280):
r0 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x1, 0x4, 0x3})
mq_timedreceive(r0, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="a4e60600000000000000000500000d"], 0x50)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000000400))
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000200)=0x368, 0x4)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
capset(&(0x7f0000000180)={0x19980330}, &(0x7f0000000380)={0x240000, 0x4, 0x8})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0)
close(r6)
socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r1, @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00a200000000000007020000f8d836112c4681a024ffffffb703000008000000b70400000000000085000000c300000095c20e5bc17950de00000000645605eb90c1384d1a823e45c9028476e3f848f4ec01f40db5bf1e1c8924588c508aa8daa9b0f399306559411f5f58172ae03e58499d543e4318b989e9259afe11e4df32bf9763d96566a2291a783e00952d39160cce43da"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
ioctl$VIDIOC_LOG_STATUS(r5, 0x5646, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x400003ed4, 0x0)

1m50.393192098s ago: executing program 32 (id=1280):
r0 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x1, 0x4, 0x3})
mq_timedreceive(r0, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="a4e60600000000000000000500000d"], 0x50)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000000400))
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000200)=0x368, 0x4)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
capset(&(0x7f0000000180)={0x19980330}, &(0x7f0000000380)={0x240000, 0x4, 0x8})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0)
close(r6)
socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r1, @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00a200000000000007020000f8d836112c4681a024ffffffb703000008000000b70400000000000085000000c300000095c20e5bc17950de00000000645605eb90c1384d1a823e45c9028476e3f848f4ec01f40db5bf1e1c8924588c508aa8daa9b0f399306559411f5f58172ae03e58499d543e4318b989e9259afe11e4df32bf9763d96566a2291a783e00952d39160cce43da"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
ioctl$VIDIOC_LOG_STATUS(r5, 0x5646, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x400003ed4, 0x0)

1m0.218525893s ago: executing program 2 (id=1420):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
syz_genetlink_get_family_id$tipc(0x0, r3)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, 0x0, 0xf1387ae10c1c58b7)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x5c, r5, 0x800, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x72}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20024004}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

57.590402922s ago: executing program 2 (id=1429):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$getflags(r0, 0xb)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902"], 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000bd"], 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000404c056802bbcb652e000109022400010000000009100400000103000000092100000001210500090581030000000000"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x8, 0x31, 0xffffffffffffffff, 0x9927000)
setfsgid(0xffffffffffffffff)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x20086}], 0x1}}], 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x20, 0x3, 0x8, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x748790d5862d61a2}]}, 0x20}, 0x1, 0x0, 0x0, 0x24008804}, 0x20004040)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)

57.087761369s ago: executing program 3 (id=1433):
socket(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000040)='./bus\x00', 0x49)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x4040, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "0002002000", "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
sendto$inet6(r2, &(0x7f0000000080), 0x0, 0x8000, 0x0, 0x0)
set_robust_list(&(0x7f0000000200)={0x0, 0xffffffffffffffff}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x22, 0x2, 0x24)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

55.965991271s ago: executing program 3 (id=1436):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = syz_genetlink_get_family_id$tipc(0x0, r3)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r5, 0x200, 0x70bd2d, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0xf1387ae10c1c58b7)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x5c, r6, 0x800, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x72}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20024004}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

54.553027683s ago: executing program 0 (id=1440):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syzkaller1\x00', <r1=>0x0})
sendfile(r0, r0, &(0x7f0000000040)=0x8, 0x5) (async)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000080)={0x0, 0x6, 0x40}) (async)
syz_io_uring_setup(0x25d4, &(0x7f0000000480)={0x0, 0xa2e, 0x80, 0x0, 0xfe}, &(0x7f0000000500)=<r2=>0x0, &(0x7f0000000540))
syz_io_uring_setup(0x755b, &(0x7f0000000580)={0x0, 0xdd25, 0x100, 0x1, 0x288}, &(0x7f0000000600), &(0x7f0000000640)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000680)=@IORING_OP_NOP={0x0, 0x4}) (async)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000700)=@security={'security\x00', 0xe, 0x4, 0x440, 0xffffffff, 0x268, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x370, 0x370, 0x370, 0xffffffff, 0x4, &(0x7f00000006c0), {[{{@uncond, 0x0, 0x138, 0x180, 0x0, {}, [@common=@srh1={{0x90}, {0x4, 0x4, 0x6, 0x9c, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @broadcast}, [0xffffffff, 0xff000000, 0x0, 0xffffffff], [0xff000000, 0xffffffff, 0xff, 0xff], [0xffffff00, 0xffffff00, 0xffffff00, 0xff000000], 0x400, 0x240}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x1, 0x4, {0x800}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x4, 0x8001, 0x4, 0x7fffffff, 0x7, 0x6, 0xa2, 0x82]}}}, {{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @empty, [0xff0000ff, 0x0, 0x0, 0xffffffff], [0xffffffff, 0xffffff00, 0x0, 0xff000000], 'gre0\x00', 'dummy0\x00', {0x101}, {}, 0x1, 0x2, 0x4, 0x3}, 0x0, 0xd8, 0x108, 0x0, {}, [@common=@srh={{0x30}, {0x67, 0x3, 0x8, 0x0, 0x8, 0x0, 0x200}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x5, 0x1, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0) (async)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000e80)={0x6, 0x23, &(0x7f0000000bc0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5b}, {}, {}, [@jmp={0x5, 0x1, 0xa, 0x5, 0x6, 0x30, 0xfffffffffffffff0}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xffffffffffffffff}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @map_fd={0x18, 0xd84825e84ec5a722, 0x1, 0x0, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7f0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000d00)='GPL\x00', 0x7, 0x24, &(0x7f0000000d40)=""/36, 0x41000, 0x28, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000d80)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000dc0)={0x4, 0x10, 0x8, 0x800}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000e00)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000e40)=[{0x3, 0x2, 0x5, 0x3}], 0x10, 0x2}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000f40)={r5, r1, 0x25, 0x19, @void}, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000f80), 0x0, 0x0) (async)
ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000fc0)={0x8000, 0x7, 0x4, 0x9, 0x6, 0x0, [{0x2, 0xffffffffffffffff, 0xffff, '\x00', 0x509}, {0x5, 0x80000000, 0x3, '\x00', 0x2705}, {0x5c0000000000000, 0x2, 0x3292, '\x00', 0x1a01}, {0x9, 0x9, 0x81, '\x00', 0x1a04}, {0x90, 0x6, 0x5, '\x00', 0x1292}, {0x100000001, 0x6, 0xfffffffffffffffd, '\x00', 0x82}]}) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000001140), 0x101080, 0x0)
syz_init_net_socket$llc(0x1a, 0x0, 0x0)
r6 = inotify_init()
inotify_add_watch(r6, &(0x7f0000001180)='./file0\x00', 0x40000018)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000011c0)={{{@in=@multicast2, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@broadcast}, 0x0, @in6=@ipv4={""/10, ""/2, @multicast2}}}, &(0x7f00000012c0)=0xe8)
quotactl_fd$Q_GETFMT(r6, 0xffffffff80000401, r7, &(0x7f0000001300)) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001340), 0x0, 0x0) (async)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001380), 0x802, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r8, 0xc00c55ca, &(0x7f00000013c0)={0xa, 0x24d, 0xf})
ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4008ae52, &(0x7f0000001400)=0xc181)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001440), 0xc800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000001480)={0xc})
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r10, 0x6, 0x22, &(0x7f00000014c0)=0x80000000, 0x4)
r11 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001500)='/proc/zoneinfo\x00', 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r11, 0x4068aea3, &(0x7f0000001580)={0xa3, 0x0, &(0x7f0000001540)})

54.417585973s ago: executing program 3 (id=1441):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x26e1, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@bridge_delneigh={0x28, 0x1c, 0x325, 0x70bd27, 0x25dfdbff, {0x7, 0x0, 0x0, r2, 0x80, 0x8e, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x240448c1}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r4 = syz_open_dev$media(&(0x7f0000000080), 0x10001, 0x0)
mq_notify(r0, &(0x7f0000000040)={0x0, 0x3b, 0x0, @thr={&(0x7f00000003c0)="095ecd353f6c3c783bc437e8be8f34f88d228e39acf0de14bfd9c6ad2a97b2dc2a7603c56fa89a2ef43e915bfff3a41f58be70a9f5105fd46b95222ca0a1043b437892518db3ed017c2a6a0508bed67efec62470bcf036c16e7c8ecff4b92f4ec63d73cf43051c363b9b9306ad5109535244ca28067e22501abd164e6d96afd11d24512f62d7f93fd8d1ab1c1a23f308ca7d3ec7f7c91c8c03b97d8d0eb8cfeb7d8d6c53da3576eaf65872bb2a8d23009a7020405c210e0080466f8d30ceec4c589fec3574ffb92a820cf0561fd5e6e2f61efc2ddc8c5b3f1b5f7cb76370fb9ccb90ff472d91dcd85c43233e72a46fea34f51b3d6264872db5c57d", &(0x7f0000000200)="eb95ea33d507460a41e48fa85170b705d4401f3f68d3659b0ae6646eccea1abc22f536c84063f9d75710399ef12f268960b4678d3db8f1fd07535c32552b621dde2fe28da8e58377ed18bd7edf41336d"}})
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc, 0x40000000000}, 0x0, 0x0)
close(r0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x125000, 0x1ee)
sendmmsg$alg(r0, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000300)="ebe3a0e9796cfd1647e299f4e376fd9a128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3ad219e1e85550b8af8c6dbb7996069837304ee9b17ab0297628957a707b57a0553154405cc5567da2d4296872", 0x56}], 0x2, 0x0, 0x0, 0x800}], 0x1, 0x810)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})

54.411577526s ago: executing program 1 (id=1442):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000000101010200000708000340000004"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4) (fail_nth: 3)

54.244835016s ago: executing program 0 (id=1444):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$sock_int(r0, 0x1, 0x27, 0x0, &(0x7f0000002380))
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0xc000, 0xe, "0062ba7d8200000016001b000200f705096604"})
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000200))
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x6000, 0x1)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1})
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

53.228683264s ago: executing program 1 (id=1445):
io_setup(0x9, &(0x7f0000000100)=<r0=>0x0)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0x1, 0x8000}, 0xc)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
io_submit(r0, 0x1, &(0x7f0000000280)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x600046fa, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)

53.209356964s ago: executing program 2 (id=1446):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x5}, 0xe)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket$key(0xf, 0x3, 0x2)
openat$fb0(0xffffffffffffff9c, 0x0, 0x180300, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f37, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x6, 0x5, 0x10, 0xff, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff02, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0xd, 0x0, 0x7, 0x6}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv6={0x86dd, @generic={0xa, 0x6, "7abd6a", 0x0, 0x67, 0x1, @private0, @mcast2}}}}, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)

53.128413477s ago: executing program 3 (id=1447):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket(0x10, 0x80003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x40000)
sendmsg$nl_generic(r1, 0x0, 0x0)

52.792134922s ago: executing program 0 (id=1448):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b7000000000000000700000000000000950000000000000000020000c47a74cfb5af100fc4e95d123de5462d8f1b8850821b01feffffffffffff0d96ab7cc60e0e144f0f04bfffe66a22d132a161eea53a46a5316f6800"/100], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_XCRS(r5, 0x4188aea7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x105cc6, 0x1, 0x0, 0x207}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0xdc, r10, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0x54, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000}, 0x4c0d0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f00000000c0)=r1, 0x4)

52.750260012s ago: executing program 1 (id=1449):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r0, 0x8925, 0x200000020001016)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x5, 0x13b141)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = socket$inet(0x10, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
bind$netlink(r4, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
getsockopt$inet6_opts(r3, 0x29, 0x39, &(0x7f0000000340)=""/60, &(0x7f0000000400)=0x3c)
r5 = syz_open_dev$usbmon(&(0x7f0000000000), 0xfc, 0x20000)
ioctl$MON_IOCT_RING_SIZE(r5, 0x9204, 0x80879)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="1400000001222d31ea289b040500000000000000d6272fd1b4b4174909d66001d59ae7c225b3d4e63db52d0866de28cfdc4f3b64ab9d4b8cbbebb246d1b24311e405fd720e569242e945f7bdfd4ea4f1bed19471e7574fe7fb2d636fb6"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000080)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185)
epoll_create1(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)

52.464966737s ago: executing program 3 (id=1450):
r0 = mq_open(&(0x7f0000000a00)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xeeux\x00\xbf@\xf4\x1c\xbce\xca\x97\xd5pkv\x88L\xe8$\xef\xfeI\xdaW1\xfcg\xa1\xdb$,0y$\xcd{zl.\xae\x805\xa8\xd6\x85\x15\xd2\x0e~\xcc\x90\x97\xe8h\v\x1a9X\a\xca{\x11#\x95m{U\xe5-\xabRw\xcafy\xe6\aNhX4Ll[\x14\x15<z\xb2\x03d\xad\x925\xbfP\x1b\xea\vt\xe9C\xe9\xb4R\x85*\xdc\xc4@\xee\xd2\xae\x06\x1a\xe1\xd2s\x01\xb8\xf3\xf2\rr\x01mq\xd2\xaf\xe2{\xe4\x1a\xd3Z\x01C\xfbW', 0x6e93ebbbcc0884f2, 0x1c4, &(0x7f0000000040)={0x0, 0x1, 0x4, 0x3})
mq_timedreceive(r0, &(0x7f0000000280)=""/211, 0xd3, 0x800000000000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="a4e60600000000000000000500000d"], 0x50)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, 0x0)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, &(0x7f0000000200)=0x368, 0x4)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
capset(&(0x7f0000000180)={0x19980330, r6}, &(0x7f0000000380)={0x240000, 0x4, 0x8})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0)
close(r7)
socket$inet6_udplite(0xa, 0x2, 0x88)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x14, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r1, @ANYRES16=r3, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00a200000000000007020000f8d836112c4681a024ffffffb703000008000000b70400000000000085000000c300000095c20e5bc17950de00000000645605eb90c1384d1a823e45c9028476e3f848f4ec01f40db5bf1e1c8924588c508aa8daa9b0f399306559411f5f58172ae03e58499d543e4318b989e9259afe11e4df32bf9763d96566a2291a783e00952d39160cce43da"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10)
ioctl$VIDIOC_LOG_STATUS(r5, 0x5646, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x400003ed4, 0x0)

51.936945428s ago: executing program 0 (id=1452):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, 0x0, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
syz_genetlink_get_family_id$tipc(0x0, r3)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0xf1387ae10c1c58b7)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3)
sendmsg$NL80211_CMD_DEL_MPATH(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x5c, r5, 0x800, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x5, 0x72}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20024004}, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

51.935483746s ago: executing program 2 (id=1453):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0a000000040000000200000041"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r2, 0x28, 0x0, &(0x7f0000000380)=0x4, 0x8) (fail_nth: 7)

51.555124992s ago: executing program 2 (id=1454):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d000000000000000000000000000000000000000000000000fd000000000000000000000000000000000000000000000000000000000000000000000c00000000000000000000000900000000000000000000000900000000000000000000000a02"], 0x0, 0x96, 0x0, 0x3}, 0x28)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000009000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r1, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xd, 0x0}}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000b40)={{0x12, 0x1, 0x0, 0x57, 0xeb, 0x0, 0x20, 0x7fd, 0x4, 0x8efa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4a, 0x0, 0x0, 0xff, 0x48, 0x68}}]}}]}}, 0x0)

51.552763018s ago: executing program 3 (id=1455):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122)
connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x1}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x4)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
recvmmsg$unix(r4, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)
shutdown(r0, 0x1)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)

50.896531326s ago: executing program 5 (id=1456):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27"})
r1 = socket(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f00000000c0)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400", 0x22)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1, 0x100}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
write(r1, &(0x7f0000000000)='\"', 0xfdef)

50.815797169s ago: executing program 1 (id=1457):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000000101010200000708000340000004"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4)

50.660623304s ago: executing program 5 (id=1458):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48)
r4 = socket(0x1, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r3, &(0x7f0000000240), &(0x7f0000000240)=@tcp6=r4, 0x2}, 0x20)
r5 = socket$inet6(0xa, 0x3, 0x3c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r10, 0x8933, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000a40)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_TDLS_MGMT(r9, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000003c0)={0x24, r7, 0x1, 0x70bd29, 0x4000, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_TDLS_ACTION={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
r12 = syz_open_dev$usbfs(&(0x7f0000000180), 0x203, 0x1051c3)
fcntl$dupfd(r12, 0x0, r12)

50.485222603s ago: executing program 1 (id=1459):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000200000000050005"], 0x80}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x30000091)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82881, 0x0)
ioctl$TCSETSW2(r4, 0x5433, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x1, 0x0, 0x4, 0x0, &(0x7f0000000240), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

49.892865616s ago: executing program 5 (id=1460):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02000100000000000040000200"], 0x80}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x30000091)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82881, 0x0)
ioctl$TCSETSW2(r4, 0x5433, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc)=0x1, 0x0, 0x4, 0x0, &(0x7f0000000240), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

48.750525055s ago: executing program 1 (id=1461):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe2$9p(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
futex(&(0x7f000000cffc)=0x1, 0x6, 0xffffffff, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0xf0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
r3 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x66}, @l2cap_cid_signaling={{0x62}, [@l2cap_conf_rsp={{0x5, 0x5, 0x19}, {0x6, 0x4, 0x7, [@l2cap_conf_flushto={0x2, 0x2, 0xb}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x5, 0x3, 0x6, 0x800, 0xe}}, @l2cap_conf_ews={0x7, 0x2, 0x6}]}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x6, 0x27d9}}, @l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x0, 0x7f}}, @l2cap_conf_rsp={{0x5, 0x8f, 0x31}, {0x42, 0x1, 0x8, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x1, 0x1ff, 0x7f, 0x7, 0x8892}}, @l2cap_conf_ews={0x7, 0x2, 0x12}, @l2cap_conf_efs={0x6, 0x10, {0x2, 0x0, 0x800, 0x10000, 0x2, 0xfffffc96}}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x6b)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="c8240000400f0159000f01cbc423791541000f0f01f866baf80cb8ae7a628bef66bafc0c66b8030066ef430f01c80f01cbc4e12e58eec4817b10bd00000000", 0x3f}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

48.504139919s ago: executing program 0 (id=1462):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b7000000000000000700000000000000950000000000000000020000c47a74cfb5af100fc4e95d123de5462d8f1b8850821b01feffffffffffff0d96ab7cc60e0e144f0f04bfffe66a22d132a161eea53a46a5316f6800"/100], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_XCRS(r5, 0x4188aea7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x105cc6, 0x1, 0x0, 0x207}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0xdc, r10, 0x1, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0x54, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000}, 0x4c0d0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f00000000c0)=r1, 0x4)

48.489935802s ago: executing program 5 (id=1463):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd2d, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x301f}, 0x3})
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x400c0b0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x1c, 0x8, 0x40, 0x42}, 0x50)
add_key(0x0, 0x0, &(0x7f00000001c0)="0000000000000004ff6943b80000000800003fecf20000000086070000", 0x1d, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='.dead\x00', &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2003041, 0x0)
mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)

48.417041788s ago: executing program 2 (id=1464):
rt_sigqueueinfo(0x0, 0x1d, &(0x7f0000000500)={0x0, 0x1, 0xfffffffa})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x8000)
read$alg(r1, &(0x7f0000000000)=""/35, 0x23)
sendmsg$alg(r1, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/vmallocinfo\x00', 0x0, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f00000017c0)=""/4066, 0xfe2}], 0x1, 0xf0, 0x6)

45.485156407s ago: executing program 5 (id=1465):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0a000000040000000200000041"], 0x50)
r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
write$binfmt_elf32(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46057d9b04050000000000000003000300194fef2e5d02000038005f0c0b030000070000000300200001", @ANYRES64=r2], 0x58)
close(r1)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f0000000380)=0x5, 0x8)

37.239398424s ago: executing program 5 (id=1466):
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket(0x11, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0))
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='sessionid\x00')
read$FUSE(r1, 0x0, 0x0)
getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e000000040000000000000008000000001404000fc64147cc31ca55704f07686e9e5566eaf0b89c30c755e957dd8fc65c63a7d8cf2ebb58a1a3953b776f314baf059c0397758a4031b672b19715d10a56ab7602", @ANYRES32=r1, @ANYBLOB="0400"/20, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0500000004000000010000000100"/28], 0x50)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x5)
pipe2(&(0x7f0000000080), 0x80800)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
r4 = syz_io_uring_setup(0x7e01, &(0x7f00000002c0)={0x0, 0x7ac9, 0x2, 0x2, 0x25d}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x22, 0x2000, @fd_index, 0x0, 0x7fffffff, 0x9, 0xa, 0x1, {0x2}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x7330, 0x0, 0x0, 0x0, 0x0)

34.61689477s ago: executing program 0 (id=1467):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800058004000500080000003e"], 0x44}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000200)="ea0d00b0000f229464670fc79c8100800000ba6100ecbaf80c66b8ecb1048566efbafc0c66b8106d7dd166eff0867dc5decb66b9800000c00f326635000100000f30ea0000e50066b8010000000f01d9", 0x50}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='bond_slave_1\x00', 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0x9}, 0x10)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c"], 0x30}}, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x3c, 0x0, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
io_setup(0xfffffffe, 0x0)
r9 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c})
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r10, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
setsockopt$inet_mreqsrc(r10, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @rand_addr=0x64010100, @empty}, 0xc)
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
sendmsg$netlink(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)={0x38, 0x2e, 0x400, 0x70bd29, 0x25dfdbfe, "", [@typed={0x14, 0xe7, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @typed={0x14, 0x10a, 0x0, 0x0, @ipv6=@empty}]}, 0x38}, {&(0x7f0000000380)=ANY=[@ANYBLOB="080200001b0020002dbd7000fbdbdf25de5f0b601f736fe475e4bdd47ab966c7bacd42ccdb6d9d4402758efbbc7a4ded22c1b1e7ee30dc0d7f6dd4e342426619f9a95f7d2e73dd85cba53a412dbe7dd8a5eab3e561cc48d7d23ffd76c497cb67cba84afc0d23c1facd752432331f3e3b7323d32c7ecc2183e65776cba1fd3557ecf2233589d3cae685fe34a57b7cbf6f1f5e0328555915481589994de1b8433747054acc0239674e17fb086503f25db02b49aa78ffb93e4eb66639a900c209ffcda1408a2ebea7051fc883799c424c56204b891f0731170164c224fe1b3c436b836247f1c661ff99a05c336fe300cac1cdc2ccdff3e7c89494475774c804e7c1b883c27e1dfcc2ff9a0569d9a85ea30886005a9fc7daae8187a905bb8a739436f959129ae59660d013e76305d5002c802d0037007ca792020c66b49de79bfca76bb9d912324b3c376377566e1b310b9742ff24a39a468c8d5e72675342000000040026800400898041d1c5d735d80534b5ef3236608b094c66a64477ed3d8aad758c6690336538f23fd0f4a36c2acb6fd931fdde9f33c10739201978cf9e06bbf6100a551de5da6b903b8ed677e7ea4081c80f971aed85bd13785837d00cbc3d5630872583582c0c68815f0b6ce57a5757fb30f252480e916e180a527f068629dc8f076ceed3b006b46f0ba8511f42f521e05fbed9187d56e5e28ef0f7040008000000000400af80"], 0x208}, {&(0x7f00000005c0)=ANY=[@ANYBLOB="d00000001f00010028bd7000fddbdf2508000c8004005300700351b23bcefc67ce762bf79ac88de6c13163b3bdf5a196747eae63df667530a2c13e9abb781a6b4eaf9991b372cf3ba4dd3f64388ffee6d2324c7eb91bfc08861bf606f9ac727fe1300462761a75943206001210f21930c296d6a5d947dbac56820207953daa02be45f66a33dd829cb1fcee769205a219e51f986ebb33cda3c150a499778ddc4c887cad758f8a4dd8b141547dea719ef57fc839aa7855df4b279530be6eb81dd1e411103a683a5893da93a88058697a6ead5a5eb759ebf600000000000000000000009e4d704cbc0809d804ded4a89b07631344233102f77206191fb98d55fc0f697ce8b9ed48cdca37d8df86f9783d0876dc815674c2d70788abc4ffcc36494988bb99ea270400000019b4bb20c0df3c7964351a367ef58b72c767242a857027c8cd64f38a1a32a862ab22d631f3cdb44ec8dda84d9b0fcaa41cbed6f027f6e81065ca67"], 0xd0}], 0x3, 0x0, 0x0, 0x48000}, 0x0)
writev(r8, &(0x7f0000000780)=[{&(0x7f00000001c0)="36240b9e73a30e639445254148f7dbb4057c034c12386d81dddb5ba0ccfcf754c4932df54eb67028c9000baf9cdabb24b80104f386e64d6431e7afc5f5e2fa60ec7eeda29f6e7ae2dbe4f5fd815959c58c3cc2737373df8f0070d84eaf03a0dd21ecc7d30e89bd22a96300b4c9ba42bafbfdfc705e3f09d9c0d5c0fda52342360494aa12b195e131c737b614591d674a6608d10f0dda7c966d72d3e9288800872408af4ac01997c73d602d252a1bbc08ed90c4dcc27291c4226cb532318105f521830d8ff40aebb6d4db85c30589ff98e00b41119706d4b50c4e0941f8139c4aa85c58abbcbcc2594367c980c76f80197f2d7b5622079403233b3a86", 0xfc}, {&(0x7f00000002c0)="fed47eca8bf27e62d390eaca52b5b42c703014a7a7506f9285f69ae73e2668904a703849a70d62dd06f86ab8a72948a96de34ee106a7900bed12", 0x3a}, {&(0x7f0000000300)}, {&(0x7f0000000740)="cb63213c5c87617af5e4895029d4e10ec84da416", 0x14}], 0x4)

34.237568042s ago: executing program 33 (id=1455):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmsg(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x122)
connect$packet(r0, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x1}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x4)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
recvmmsg$unix(r4, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)
shutdown(r0, 0x1)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3)

29.62975728s ago: executing program 34 (id=1461):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe2$9p(0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
futex(&(0x7f000000cffc)=0x1, 0x6, 0xffffffff, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0xf0, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
r3 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x0, 0x66}, @l2cap_cid_signaling={{0x62}, [@l2cap_conf_rsp={{0x5, 0x5, 0x19}, {0x6, 0x4, 0x7, [@l2cap_conf_flushto={0x2, 0x2, 0xb}, @l2cap_conf_rfc={0x4, 0x9, {0x1, 0x5, 0x3, 0x6, 0x800, 0xe}}, @l2cap_conf_ews={0x7, 0x2, 0x6}]}}, @l2cap_disconn_rsp={{0x7, 0x6, 0x4}, {0x6, 0x27d9}}, @l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x0, 0x7f}}, @l2cap_conf_rsp={{0x5, 0x8f, 0x31}, {0x42, 0x1, 0x8, [@l2cap_conf_efs={0x6, 0x10, {0x40, 0x1, 0x1ff, 0x7f, 0x7, 0x8892}}, @l2cap_conf_ews={0x7, 0x2, 0x12}, @l2cap_conf_efs={0x6, 0x10, {0x2, 0x0, 0x800, 0x10000, 0x2, 0xfffffc96}}, @l2cap_conf_fcs={0x5, 0x1, 0x1}]}}]}}, 0x6b)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="c8240000400f0159000f01cbc423791541000f0f01f866baf80cb8ae7a628bef66bafc0c66b8030066ef430f01c80f01cbc4e12e58eec4817b10bd00000000", 0x3f}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

28.642948056s ago: executing program 35 (id=1464):
rt_sigqueueinfo(0x0, 0x1d, &(0x7f0000000500)={0x0, 0x1, 0xfffffffa})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x8000)
read$alg(r1, &(0x7f0000000000)=""/35, 0x23)
sendmsg$alg(r1, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/vmallocinfo\x00', 0x0, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f00000017c0)=""/4066, 0xfe2}], 0x1, 0xf0, 0x6)

8.655823449s ago: executing program 36 (id=1466):
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket(0x11, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0))
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='sessionid\x00')
read$FUSE(r1, 0x0, 0x0)
getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e000000040000000000000008000000001404000fc64147cc31ca55704f07686e9e5566eaf0b89c30c755e957dd8fc65c63a7d8cf2ebb58a1a3953b776f314baf059c0397758a4031b672b19715d10a56ab7602", @ANYRES32=r1, @ANYBLOB="0400"/20, @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0500000004000000010000000100"/28], 0x50)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x5)
pipe2(&(0x7f0000000080), 0x80800)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
r4 = syz_io_uring_setup(0x7e01, &(0x7f00000002c0)={0x0, 0x7ac9, 0x2, 0x2, 0x25d}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x22, 0x2000, @fd_index, 0x0, 0x7fffffff, 0x9, 0xa, 0x1, {0x2}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x7330, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 37 (id=1467):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800058004000500080000003e"], 0x44}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000200)="ea0d00b0000f229464670fc79c8100800000ba6100ecbaf80c66b8ecb1048566efbafc0c66b8106d7dd166eff0867dc5decb66b9800000c00f326635000100000f30ea0000e50066b8010000000f01d9", 0x50}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='bond_slave_1\x00', 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0x9}, 0x10)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c"], 0x30}}, 0x0)
r8 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x3c, 0x0, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
io_setup(0xfffffffe, 0x0)
r9 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c})
r10 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r10, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
setsockopt$inet_mreqsrc(r10, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @rand_addr=0x64010100, @empty}, 0xc)
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
sendmsg$netlink(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)={0x38, 0x2e, 0x400, 0x70bd29, 0x25dfdbfe, "", [@typed={0x14, 0xe7, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @typed={0x14, 0x10a, 0x0, 0x0, @ipv6=@empty}]}, 0x38}, {&(0x7f0000000380)=ANY=[@ANYBLOB="080200001b0020002dbd7000fbdbdf25de5f0b601f736fe475e4bdd47ab966c7bacd42ccdb6d9d4402758efbbc7a4ded22c1b1e7ee30dc0d7f6dd4e342426619f9a95f7d2e73dd85cba53a412dbe7dd8a5eab3e561cc48d7d23ffd76c497cb67cba84afc0d23c1facd752432331f3e3b7323d32c7ecc2183e65776cba1fd3557ecf2233589d3cae685fe34a57b7cbf6f1f5e0328555915481589994de1b8433747054acc0239674e17fb086503f25db02b49aa78ffb93e4eb66639a900c209ffcda1408a2ebea7051fc883799c424c56204b891f0731170164c224fe1b3c436b836247f1c661ff99a05c336fe300cac1cdc2ccdff3e7c89494475774c804e7c1b883c27e1dfcc2ff9a0569d9a85ea30886005a9fc7daae8187a905bb8a739436f959129ae59660d013e76305d5002c802d0037007ca792020c66b49de79bfca76bb9d912324b3c376377566e1b310b9742ff24a39a468c8d5e72675342000000040026800400898041d1c5d735d80534b5ef3236608b094c66a64477ed3d8aad758c6690336538f23fd0f4a36c2acb6fd931fdde9f33c10739201978cf9e06bbf6100a551de5da6b903b8ed677e7ea4081c80f971aed85bd13785837d00cbc3d5630872583582c0c68815f0b6ce57a5757fb30f252480e916e180a527f068629dc8f076ceed3b006b46f0ba8511f42f521e05fbed9187d56e5e28ef0f7040008000000000400af80"], 0x208}, {&(0x7f00000005c0)=ANY=[@ANYBLOB="d00000001f00010028bd7000fddbdf2508000c8004005300700351b23bcefc67ce762bf79ac88de6c13163b3bdf5a196747eae63df667530a2c13e9abb781a6b4eaf9991b372cf3ba4dd3f64388ffee6d2324c7eb91bfc08861bf606f9ac727fe1300462761a75943206001210f21930c296d6a5d947dbac56820207953daa02be45f66a33dd829cb1fcee769205a219e51f986ebb33cda3c150a499778ddc4c887cad758f8a4dd8b141547dea719ef57fc839aa7855df4b279530be6eb81dd1e411103a683a5893da93a88058697a6ead5a5eb759ebf600000000000000000000009e4d704cbc0809d804ded4a89b07631344233102f77206191fb98d55fc0f697ce8b9ed48cdca37d8df86f9783d0876dc815674c2d70788abc4ffcc36494988bb99ea270400000019b4bb20c0df3c7964351a367ef58b72c767242a857027c8cd64f38a1a32a862ab22d631f3cdb44ec8dda84d9b0fcaa41cbed6f027f6e81065ca67"], 0xd0}], 0x3, 0x0, 0x0, 0x48000}, 0x0)
writev(r8, &(0x7f0000000780)=[{&(0x7f00000001c0)="36240b9e73a30e639445254148f7dbb4057c034c12386d81dddb5ba0ccfcf754c4932df54eb67028c9000baf9cdabb24b80104f386e64d6431e7afc5f5e2fa60ec7eeda29f6e7ae2dbe4f5fd815959c58c3cc2737373df8f0070d84eaf03a0dd21ecc7d30e89bd22a96300b4c9ba42bafbfdfc705e3f09d9c0d5c0fda52342360494aa12b195e131c737b614591d674a6608d10f0dda7c966d72d3e9288800872408af4ac01997c73d602d252a1bbc08ed90c4dcc27291c4226cb532318105f521830d8ff40aebb6d4db85c30589ff98e00b41119706d4b50c4e0941f8139c4aa85c58abbcbcc2594367c980c76f80197f2d7b5622079403233b3a86", 0xfc}, {&(0x7f00000002c0)="fed47eca8bf27e62d390eaca52b5b42c703014a7a7506f9285f69ae73e2668904a703849a70d62dd06f86ab8a72948a96de34ee106a7900bed12", 0x3a}, {&(0x7f0000000300)}, {&(0x7f0000000740)="cb63213c5c87617af5e4895029d4e10ec84da416", 0x14}], 0x4)

kernel console output (not intermixed with test programs):

 j1939_xtp_rx_dat: no rx connection found
[  430.317499][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317513][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.317594][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317608][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.317688][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317702][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.317783][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317802][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.317883][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317897][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.317979][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.317993][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318088][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318102][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318184][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318198][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318279][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318293][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318374][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318388][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318468][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318482][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318563][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318577][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318658][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318672][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318755][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318769][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318855][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318869][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.318950][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.318964][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319045][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319058][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319140][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319154][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319248][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319262][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319344][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319358][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319439][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319453][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319550][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319563][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319643][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319657][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319738][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319752][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319840][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319853][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.319935][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.319949][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320030][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320044][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320125][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320139][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320221][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320234][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320315][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320329][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320425][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320438][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320519][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320533][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320612][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320626][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320707][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320721][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320825][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320838][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.320916][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.320928][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321005][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321019][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321099][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321111][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321182][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321195][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321277][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321290][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321371][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321385][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321467][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321480][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321575][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321589][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321671][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321684][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321765][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321779][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321865][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321879][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.321959][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.321972][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322054][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322066][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322147][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322160][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322242][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322255][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322336][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322349][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322430][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322444][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322525][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322538][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322618][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322632][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322727][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322741][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322827][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322841][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.322922][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.322935][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.323018][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.323031][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.336656][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.336676][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.336763][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.336777][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.336872][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.336886][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.336964][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.336979][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337061][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337075][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337157][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337171][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337253][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337267][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337348][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337362][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337465][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337480][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337562][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337576][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337658][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337672][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337754][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337767][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337853][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337867][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.337949][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.337963][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338044][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338058][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338139][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338154][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338236][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338250][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338331][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338346][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338428][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338442][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338522][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338536][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338623][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338638][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338719][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338734][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338822][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338836][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.338917][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.338932][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339013][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339027][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339108][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339122][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339203][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339216][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339297][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339311][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339393][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339407][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339488][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339503][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339593][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339607][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339690][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339703][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339854][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339873][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.339966][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.339980][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340064][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340098][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340181][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340195][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340277][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340291][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340373][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340388][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340470][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340484][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340574][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340589][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340669][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340684][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340791][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340804][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340882][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340896][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.340978][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.340992][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341099][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341114][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341196][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341210][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341300][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341313][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341395][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341409][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341491][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341506][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341619][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341632][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341714][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341728][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341808][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341823][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341904][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.341918][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.341999][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342013][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342095][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342109][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342190][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342204][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342301][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342315][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342396][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342410][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342492][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342506][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342594][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342608][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342690][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342705][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342785][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342798][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342879][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342893][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.342979][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  430.342993][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  430.789088][T10561] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1170'.
[  430.996756][    C0] net_ratelimit: 6 callbacks suppressed
[  430.996766][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.996870][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.996950][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997028][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997105][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997182][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997259][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997335][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997411][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.997487][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  433.340256][ T5925] usb usb40-port1: attempt power cycle
[  433.346434][ T5956] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130
[  433.360131][ T5956] usb 5-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  433.370515][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.461154][ T5956] usb 5-1: config 0 descriptor??
[  433.592244][ T5956] usb 5-1: can't set config #0, error -71
[  433.977269][ T5925] usb usb40-port1: unable to enumerate USB device
[  434.191129][ T5956] usb 5-1: USB disconnect, device number 28
[  434.343906][T10585] FAULT_INJECTION: forcing a failure.
[  434.343906][T10585] name failslab, interval 1, probability 0, space 0, times 0
[  434.356617][T10585] CPU: 1 UID: 0 PID: 10585 Comm: syz.4.1176 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  434.356643][T10585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  434.356654][T10585] Call Trace:
[  434.356660][T10585]  <TASK>
[  434.356667][T10585]  dump_stack_lvl+0x16c/0x1f0
[  434.356697][T10585]  should_fail_ex+0x512/0x640
[  434.356726][T10585]  should_failslab+0xc2/0x120
[  434.356753][T10585]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  434.356772][T10585]  ? skb_clone+0x190/0x3f0
[  434.356803][T10585]  skb_clone+0x190/0x3f0
[  434.356826][T10585]  netlink_deliver_tap+0xabd/0xd30
[  434.356856][T10585]  netlink_unicast+0x64c/0x870
[  434.356885][T10585]  ? __pfx_netlink_unicast+0x10/0x10
[  434.356909][T10585]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  434.356941][T10585]  netlink_sendmsg+0x8d1/0xdd0
[  434.356970][T10585]  ? __pfx_netlink_sendmsg+0x10/0x10
[  434.357004][T10585]  ____sys_sendmsg+0xa98/0xc70
[  434.357022][T10585]  ? copy_msghdr_from_user+0x10a/0x160
[  434.357048][T10585]  ? __pfx_____sys_sendmsg+0x10/0x10
[  434.357077][T10585]  ___sys_sendmsg+0x134/0x1d0
[  434.357103][T10585]  ? __pfx____sys_sendmsg+0x10/0x10
[  434.357147][T10585]  ? __mutex_unlock_slowpath+0x80/0x800
[  434.357180][T10585]  __sys_sendmsg+0x16d/0x220
[  434.357203][T10585]  ? __pfx___sys_sendmsg+0x10/0x10
[  434.357243][T10585]  do_syscall_64+0xcd/0x4c0
[  434.357269][T10585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.357286][T10585] RIP: 0033:0x7f4f3858eb69
[  434.357300][T10585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.357317][T10585] RSP: 002b:00007f4f39407038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  434.357334][T10585] RAX: ffffffffffffffda RBX: 00007f4f387b5fa0 RCX: 00007f4f3858eb69
[  434.357343][T10585] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  434.357352][T10585] RBP: 00007f4f39407090 R08: 0000000000000000 R09: 0000000000000000
[  434.357361][T10585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.357370][T10585] R13: 0000000000000000 R14: 00007f4f387b5fa0 R15: 00007ffced919088
[  434.357388][T10585]  </TASK>
[  434.629570][T10576] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1173'.
[  434.657525][T10587] vivid-004: disconnect
[  434.955026][T10593] : entered promiscuous mode
[  435.491923][ T6704] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  436.042175][ T6704] usb 1-1: device descriptor read/64, error -71
[  436.153477][T10597] vivid-004: reconnect
[  436.325059][ T6704] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  436.351178][ T6707] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  436.431496][   T48] net_ratelimit: 49 callbacks suppressed
[  436.431513][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  436.451167][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  436.460076][   T30] audit: type=1400 audit(1754140299.981:547): avc:  denied  { read write } for  pid=10610 comm="syz.3.1184" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  436.466293][T10613] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1184'.
[  436.483636][ T5918] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  436.703873][   T30] audit: type=1400 audit(1754140299.981:548): avc:  denied  { open } for  pid=10610 comm="syz.3.1184" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  436.745674][ T6704] usb 1-1: device descriptor read/64, error -71
[  436.880001][ T5918] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30
[  437.021473][ T6704] usb usb1-port1: attempt power cycle
[  437.032604][ T6707] usb 5-1: config 0 has no interfaces?
[  437.034101][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  437.038668][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.071694][ T6707] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  437.087038][ T6707] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  437.109415][ T6707] usb 5-1: Product: syz
[  437.113780][ T6707] usb 5-1: Manufacturer: syz
[  437.134986][ T6707] usb 5-1: config 0 descriptor??
[  437.154260][ T5918] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.190807][ T5918] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130
[  437.219283][ T5918] usb 3-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  437.238817][ T5918] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.410374][ T5918] usb 3-1: config 0 descriptor??
[  437.482011][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.497052][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.723100][T10623] overlayfs: failed to resolve './bus': -2
[  437.838620][T10604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.846488][T10625] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.849070][T10604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.856519][T10625] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.872232][T10625] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.882523][T10625] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.892236][T10625] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.285357][ T5848] Bluetooth: hci2: unknown advertising packet type: 0x2f
[  438.285391][ T5848] Bluetooth: hci2: unknown advertising packet type: 0x40
[  438.286404][T10604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.292537][ T5848] Bluetooth: hci2: Malformed LE Event: 0x02
[  438.669618][T10604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.838852][   T30] audit: type=1400 audit(1754140302.241:549): avc:  denied  { bind } for  pid=10628 comm="syz.3.1189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  439.224219][   T30] audit: type=1400 audit(1754140302.751:550): avc:  denied  { read } for  pid=10628 comm="syz.3.1189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  439.278548][   T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  439.418283][T10637] Context (ID=0x0) not attached to queue pair (handle=0x4d9:0x0)
[  439.509925][   T10] usb 1-1: config 0 has no interfaces?
[  439.527186][   T10] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  439.547498][   T10] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  439.560002][   T10] usb 1-1: Product: syz
[  439.560267][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  439.564564][   T10] usb 1-1: Manufacturer: syz
[  439.585628][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  439.592573][ T5918] usbhid 3-1:0.0: can't add hid device: -71
[  439.598545][ T5918] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  439.608149][   T10] usb 1-1: config 0 descriptor??
[  439.665410][ T5918] usb 3-1: USB disconnect, device number 28
[  439.817578][T10631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.836065][T10631] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.846448][ T5848] Bluetooth: hci4: unknown advertising packet type: 0x2f
[  439.846477][ T5848] Bluetooth: hci4: unknown advertising packet type: 0x40
[  439.854094][ T5848] Bluetooth: hci4: Malformed LE Event: 0x02
[  439.868429][T10631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.880603][T10631] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  440.325043][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1193'.
[  440.510445][ T5918] usb 5-1: USB disconnect, device number 29
[  441.259614][   T30] audit: type=1400 audit(1754140304.681:551): avc:  denied  { ioctl } for  pid=10654 comm="syz.2.1196" path="socket:[31392]" dev="sockfs" ino=31392 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  441.392714][   T30] audit: type=1400 audit(1754140304.711:552): avc:  denied  { write } for  pid=10654 comm="syz.2.1196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  442.070327][ T6704] net_ratelimit: 50 callbacks suppressed
[  442.070348][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.084460][ T6707] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.114252][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.114273][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.141056][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.149791][ T5956] usb 1-1: USB disconnect, device number 30
[  442.443747][T10677] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1198'.
[  442.970884][ T5956] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  443.985330][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.993692][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  444.756760][ T5956] usb 1-1: device descriptor read/64, error -71
[  444.991390][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.051098][ T5956] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  445.080935][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.090150][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.341004][ T5956] usb 1-1: device descriptor read/64, error -71
[  445.421759][T10700] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  445.451169][ T5956] usb usb1-port1: attempt power cycle
[  445.620846][ T5925] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  446.144619][ T5925] usb 2-1: config 0 has an invalid interface number: 156 but max is 0
[  446.161302][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.172336][ T5925] usb 2-1: config 0 has no interface number 0
[  446.180526][ T5925] usb 2-1: config 0 interface 156 has no altsetting 0
[  446.188806][ T5925] usb 2-1: New USB device found, idVendor=257a, idProduct=2609, bcdDevice=7e.22
[  446.198601][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.213654][ T5925] usb 2-1: config 0 descriptor??
[  446.267952][ T5925] hub 2-1:0.156: bad descriptor, ignoring hub
[  446.290966][ T5925] hub 2-1:0.156: probe with driver hub failed with error -5
[  446.306526][ T5925] option 2-1:0.156: GSM modem (1-port) converter detected
[  446.722177][ T5956] usb 2-1: USB disconnect, device number 32
[  446.797927][ T5956] option 2-1:0.156: device disconnected
[  447.198311][ T5918] net_ratelimit: 4 callbacks suppressed
[  447.198330][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.212837][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.134512][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.273903][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.284889][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.441827][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.481432][T10736] FAULT_INJECTION: forcing a failure.
[  448.481432][T10736] name failslab, interval 1, probability 0, space 0, times 0
[  448.510258][T10736] CPU: 0 UID: 0 PID: 10736 Comm: syz.1.1215 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  448.510277][T10736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  448.510283][T10736] Call Trace:
[  448.510287][T10736]  <TASK>
[  448.510292][T10736]  dump_stack_lvl+0x16c/0x1f0
[  448.510312][T10736]  should_fail_ex+0x512/0x640
[  448.510330][T10736]  ? __kvmalloc_node_noprof+0x124/0x620
[  448.510350][T10736]  should_failslab+0xc2/0x120
[  448.510363][T10736]  __kvmalloc_node_noprof+0x137/0x620
[  448.510380][T10736]  ? alloc_pages_bulk_noprof+0xa67/0x1410
[  448.510393][T10736]  ? seq_read_iter+0x826/0x12c0
[  448.510413][T10736]  ? seq_read_iter+0x826/0x12c0
[  448.510423][T10736]  seq_read_iter+0x826/0x12c0
[  448.510440][T10736]  proc_reg_read_iter+0x220/0x310
[  448.510457][T10736]  copy_splice_read+0x618/0xba0
[  448.510471][T10736]  ? __pfx_copy_splice_read+0x10/0x10
[  448.510483][T10736]  ? look_up_lock_class+0x59/0x150
[  448.510502][T10736]  ? lockdep_init_map_type+0x5c/0x280
[  448.510521][T10736]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  448.510535][T10736]  ? __pfx_copy_splice_read+0x10/0x10
[  448.510545][T10736]  do_splice_read+0x282/0x370
[  448.510558][T10736]  splice_direct_to_actor+0x2a1/0xa30
[  448.510570][T10736]  ? __pfx_direct_splice_actor+0x10/0x10
[  448.510584][T10736]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  448.510596][T10736]  ? __pfx_file_has_perm+0x10/0x10
[  448.510617][T10736]  do_splice_direct+0x174/0x240
[  448.510628][T10736]  ? __pfx_do_splice_direct+0x10/0x10
[  448.510640][T10736]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  448.510652][T10736]  ? bpf_lsm_file_permission+0x9/0x10
[  448.510670][T10736]  ? security_file_permission+0x71/0x210
[  448.510685][T10736]  ? rw_verify_area+0xcf/0x6c0
[  448.510704][T10736]  do_sendfile+0xb06/0xe50
[  448.510716][T10736]  ? __pfx_do_sendfile+0x10/0x10
[  448.510727][T10736]  ? __fget_files+0x20e/0x3c0
[  448.510747][T10736]  __x64_sys_sendfile64+0x1d8/0x220
[  448.510768][T10736]  ? ksys_write+0x1ac/0x250
[  448.510785][T10736]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  448.510813][T10736]  do_syscall_64+0xcd/0x4c0
[  448.510839][T10736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.510857][T10736] RIP: 0033:0x7f186758eb69
[  448.510872][T10736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.510888][T10736] RSP: 002b:00007f18683f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  448.510907][T10736] RAX: ffffffffffffffda RBX: 00007f18677b5fa0 RCX: 00007f186758eb69
[  448.510918][T10736] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  448.510928][T10736] RBP: 00007f18683f6090 R08: 0000000000000000 R09: 0000000000000000
[  448.510938][T10736] R10: 0000020000023893 R11: 0000000000000246 R12: 0000000000000001
[  448.510948][T10736] R13: 0000000000000000 R14: 00007f18677b5fa0 R15: 00007ffdba75ad38
[  448.510972][T10736]  </TASK>
[  448.792312][    C0] vkms_vblank_simulate: vblank timer overrun
[  448.998711][T10740] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  449.218782][T10737] delete_channel: no stack
[  449.313925][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.325119][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.414937][T10747] create_pit_timer: 1 callbacks suppressed
[  449.414947][T10747] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  449.870954][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  450.066324][T10763] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1219'.
[  450.138907][   T30] audit: type=1400 audit(1754140313.651:553): avc:  denied  { map } for  pid=10745 comm="syz.0.1219" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  450.353380][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  450.508533][T10766] loop6: detected capacity change from 0 to 524287999
[  451.541293][ T5956] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  451.692773][ T5956] usb 4-1: device descriptor read/64, error -71
[  452.121511][ T5956] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  452.280955][ T5956] usb 4-1: device descriptor read/64, error -71
[  452.506595][ T5956] usb usb4-port1: attempt power cycle
[  452.528288][ T5918] net_ratelimit: 73 callbacks suppressed
[  452.528307][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  452.553142][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.560911][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  453.585618][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.646555][T10792] team0 (unregistering): Port device team_slave_0 removed
[  453.661417][T10792] team0 (unregistering): Port device team_slave_1 removed
[  453.692547][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.894509][ T5956] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  453.923332][ T5956] usb 4-1: device descriptor read/8, error -71
[  453.979813][   T30] audit: type=1400 audit(1754140317.451:554): avc:  denied  { create } for  pid=10794 comm="syz.4.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  454.191037][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.301035][ T6708] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  454.384563][T10807] netlink: 'syz.4.1232': attribute type 1 has an invalid length.
[  454.521128][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.587838][ T6708] usb 2-1: Using ep0 maxpacket: 32
[  454.595948][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.692995][T10807] 8021q: adding VLAN 0 to HW filter on device bond2
[  454.699587][   T30] audit: type=1400 audit(1754140318.221:555): avc:  denied  { append } for  pid=10803 comm="syz.3.1231" name="sg0" dev="devtmpfs" ino=770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  454.840351][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.964908][ T6708] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  454.973027][ T6708] usb 2-1: config 0 has no interface number 0
[  454.981714][ T6708] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  454.992771][ T6708] usb 2-1: config 0 interface 1 has no altsetting 0
[  455.171804][ T6708] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  455.228713][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.237270][ T6708] usb 2-1: Product: syz
[  455.241844][ T6708] usb 2-1: Manufacturer: syz
[  455.247857][ T6708] usb 2-1: SerialNumber: syz
[  455.256383][ T6708] usb 2-1: config 0 descriptor??
[  455.467486][ T6708] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  455.479296][ T6708] cx231xx 2-1:0.1: Failed to read PCB config
[  455.486017][ T6708] cx231xx 2-1:0.1: probe with driver cx231xx failed with error -71
[  455.502197][ T6708] usb 2-1: USB disconnect, device number 33
[  455.631231][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.878715][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.090703][ T6708] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  456.251886][ T6708] usb 2-1: Using ep0 maxpacket: 32
[  456.383225][ T6708] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  456.392960][ T6708] usb 2-1: config 0 has no interface number 0
[  456.399236][ T6708] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  456.410321][ T6708] usb 2-1: config 0 interface 1 has no altsetting 0
[  456.424901][ T6708] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  456.451585][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.459672][ T6708] usb 2-1: Product: syz
[  456.859583][ T6708] usb 2-1: Manufacturer: syz
[  456.910936][ T6708] usb 2-1: SerialNumber: syz
[  456.922597][ T6708] usb 2-1: config 0 descriptor??
[  456.930307][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  456.940286][ T6708] usb 2-1: can't set config #0, error -32
[  456.951085][ T6708] usb 2-1: USB disconnect, device number 34
[  457.207314][T10833] FAULT_INJECTION: forcing a failure.
[  457.207314][T10833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  457.220527][T10833] CPU: 1 UID: 0 PID: 10833 Comm: syz.1.1237 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  457.220553][T10833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  457.220564][T10833] Call Trace:
[  457.220571][T10833]  <TASK>
[  457.220578][T10833]  dump_stack_lvl+0x16c/0x1f0
[  457.220610][T10833]  should_fail_ex+0x512/0x640
[  457.220642][T10833]  _copy_from_user+0x2e/0xd0
[  457.220663][T10833]  __do_sys_add_key+0x229/0x470
[  457.220692][T10833]  ? __pfx___do_sys_add_key+0x10/0x10
[  457.220729][T10833]  do_syscall_64+0xcd/0x4c0
[  457.220759][T10833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.220777][T10833] RIP: 0033:0x7f186758eb69
[  457.220792][T10833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.220810][T10833] RSP: 002b:00007f18683b4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  457.220830][T10833] RAX: ffffffffffffffda RBX: 00007f18677b6160 RCX: 00007f186758eb69
[  457.220842][T10833] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140
[  457.220854][T10833] RBP: 00007f18683b4090 R08: fffffffffffffffe R09: 0000000000000000
[  457.220866][T10833] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001
[  457.220877][T10833] R13: 0000000000000000 R14: 00007f18677b6160 R15: 00007ffdba75ad38
[  457.220901][T10833]  </TASK>
[  457.478779][   T30] audit: type=1400 audit(1754140321.001:556): avc:  denied  { map } for  pid=10835 comm="syz.2.1239" path="socket:[31913]" dev="sockfs" ino=31913 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  457.551427][ T6708] net_ratelimit: 4 callbacks suppressed
[  457.551445][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.569463][   T30] audit: type=1400 audit(1754140321.001:557): avc:  denied  { read } for  pid=10835 comm="syz.2.1239" path="socket:[31913]" dev="sockfs" ino=31913 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  457.922068][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.950954][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.011595][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.035238][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.061612][T10851] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1242'.
[  459.335932][T10860] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1243'.
[  459.470905][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.479222][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.487522][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.495790][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.504054][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.566829][T10863] loop6: detected capacity change from 0 to 524287999
[  460.000985][ T6708] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  460.436680][ T6708] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30
[  460.447839][ T6708] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  460.458969][ T6708] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  460.469121][ T6708] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130
[  460.513194][ T6708] usb 4-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  460.533310][ T6708] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.633857][ T5850] Bluetooth: hci4: command 0x0405 tx timeout
[  461.658585][   T30] audit: type=1400 audit(1754140325.156:558): avc:  denied  { getopt } for  pid=10877 comm="syz.1.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  461.722724][ T6708] usb 4-1: config 0 descriptor??
[  462.197555][T10879] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  462.907080][ T5925] net_ratelimit: 69 callbacks suppressed
[  462.907106][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  462.921387][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  462.956239][ T6708] usbhid 4-1:0.0: can't add hid device: -71
[  462.986348][ T6708] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  463.059889][ T6708] usb 4-1: USB disconnect, device number 38
[  463.228952][T10902] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1255'.
[  463.471653][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.739867][ T6707] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.963175][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  463.971467][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.033788][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.044107][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  465.830330][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  466.113289][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  466.271125][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  466.280893][T10942] FAULT_INJECTION: forcing a failure.
[  466.280893][T10942] name failslab, interval 1, probability 0, space 0, times 0
[  466.293528][T10942] CPU: 0 UID: 0 PID: 10942 Comm: syz.4.1266 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  466.293544][T10942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  466.293551][T10942] Call Trace:
[  466.293555][T10942]  <TASK>
[  466.293559][T10942]  dump_stack_lvl+0x16c/0x1f0
[  466.293580][T10942]  should_fail_ex+0x512/0x640
[  466.293598][T10942]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  466.293613][T10942]  should_failslab+0xc2/0x120
[  466.293626][T10942]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  466.293637][T10942]  ? __alloc_skb+0x2b2/0x380
[  466.293655][T10942]  __alloc_skb+0x2b2/0x380
[  466.293669][T10942]  ? __pfx___alloc_skb+0x10/0x10
[  466.293689][T10942]  alloc_skb_with_frags+0xe0/0x860
[  466.293710][T10942]  sock_alloc_send_pskb+0x7fb/0x990
[  466.293724][T10942]  ? unix_get_socket+0x160/0x1b0
[  466.293739][T10942]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  466.293755][T10942]  ? __pfx___scm_send+0x10/0x10
[  466.293769][T10942]  ? __pfx_avc_has_perm+0x10/0x10
[  466.293789][T10942]  unix_dgram_sendmsg+0x3e9/0x17f0
[  466.293808][T10942]  ? __pfx_sock_has_perm+0x10/0x10
[  466.293821][T10942]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  466.293845][T10942]  unix_seqpacket_sendmsg+0x12a/0x1c0
[  466.293863][T10942]  ____sys_sendmsg+0xa98/0xc70
[  466.293876][T10942]  ? __pfx_____sys_sendmsg+0x10/0x10
[  466.293894][T10942]  ___sys_sendmsg+0x134/0x1d0
[  466.293911][T10942]  ? __pfx____sys_sendmsg+0x10/0x10
[  466.293937][T10942]  ? __mutex_unlock_slowpath+0x80/0x800
[  466.293959][T10942]  __sys_sendmsg+0x16d/0x220
[  466.293975][T10942]  ? __pfx___sys_sendmsg+0x10/0x10
[  466.293999][T10942]  do_syscall_64+0xcd/0x4c0
[  466.294017][T10942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.294029][T10942] RIP: 0033:0x7f4f3858eb69
[  466.294039][T10942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.294050][T10942] RSP: 002b:00007f4f39407038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  466.294061][T10942] RAX: ffffffffffffffda RBX: 00007f4f387b5fa0 RCX: 00007f4f3858eb69
[  466.294071][T10942] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000005
[  466.294078][T10942] RBP: 00007f4f39407090 R08: 0000000000000000 R09: 0000000000000000
[  466.294085][T10942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.294091][T10942] R13: 0000000000000000 R14: 00007f4f387b5fa0 R15: 00007ffced919088
[  466.294104][T10942]  </TASK>
[  466.781305][T10949] syzkaller1: entered promiscuous mode
[  466.810246][T10949] syzkaller1: entered allmulticast mode
[  467.508332][   T30] audit: type=1400 audit(1754140331.037:559): avc:  denied  { mounton } for  pid=10957 comm="syz.4.1272" path="/239/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  467.537405][   T30] audit: type=1400 audit(1754140331.037:560): avc:  denied  { mount } for  pid=10957 comm="syz.4.1272" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  467.821026][ T6708] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  468.011899][T10967] delete_channel: no stack
[  468.025115][ T6708] usb 3-1: config 0 has no interfaces?
[  468.055977][ T6708] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  468.481113][ T5925] net_ratelimit: 5 callbacks suppressed
[  468.481137][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.495418][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  468.543691][ T6708] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  468.564168][ T6708] usb 3-1: Product: syz
[  468.577612][ T6708] usb 3-1: Manufacturer: syz
[  468.591772][ T6708] usb 3-1: config 0 descriptor??
[  468.707405][   T30] audit: type=1400 audit(1754140332.237:561): avc:  denied  { unmount } for  pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  468.840140][T10956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.856216][T10956] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.879931][ T5848] Bluetooth: hci3: unknown advertising packet type: 0x2f
[  468.879961][ T5848] Bluetooth: hci3: unknown advertising packet type: 0x40
[  468.880249][T10956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.889855][ T5848] Bluetooth: hci3: Malformed LE Event: 0x02
[  468.952171][ T5925] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  468.991114][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.034009][T10956] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.140990][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  469.233021][ T5925] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  469.256547][ T5925] usb 4-1: config 0 has no interface number 0
[  469.263153][ T5925] usb 4-1: config 0 interface 184 has no altsetting 0
[  469.272341][ T5925] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  469.281510][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.292413][ T5925] usb 4-1: Product: syz
[  469.297850][ T5925] usb 4-1: Manufacturer: syz
[  469.302582][ T5925] usb 4-1: SerialNumber: syz
[  469.323189][ T5925] usb 4-1: config 0 descriptor??
[  469.540557][ T5925] smsc75xx v1.0.0
[  469.551342][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.559634][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.701471][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.796326][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  469.798396][ T6252] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  469.892545][ T6252] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.119416][ T6252] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.137546][ T5925] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  470.149914][ T5925] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  470.190931][ T5956] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  470.211399][ T6252] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.238361][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  470.247818][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  470.256428][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  470.266476][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  470.274958][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  470.302070][   T30] audit: type=1400 audit(1754140333.837:562): avc:  denied  { mounton } for  pid=11004 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  470.331177][ T5956] usb 2-1: device descriptor read/64, error -71
[  470.366013][ T5925] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  470.377391][ T5925] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  470.387634][ T5925] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  470.397740][ T5925] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  470.427445][ T6252] bridge_slave_1: left allmulticast mode
[  470.437159][ T6252] bridge_slave_1: left promiscuous mode
[  470.444729][ T6252] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.456414][ T6252] bridge_slave_0: left allmulticast mode
[  470.462175][ T6252] bridge_slave_0: left promiscuous mode
[  470.467960][ T6252] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.520909][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.529160][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.537371][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  470.620985][ T5956] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  470.764110][ T6252] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  470.774442][ T6252] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  470.781930][ T5956] usb 2-1: device descriptor read/64, error -71
[  470.791158][ T6252] bond0 (unregistering): Released all slaves
[  470.802530][ T6252] bond1 (unregistering): Released all slaves
[  470.893909][ T5956] usb usb2-port1: attempt power cycle
[  471.145188][ T5925] usb 3-1: USB disconnect, device number 29
[  471.230546][ T6252] bond2 (unregistering): Released all slaves
[  471.338792][ T6252] : left promiscuous mode
[  471.384087][ T5956] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  471.417395][ T5956] usb 2-1: device descriptor read/8, error -71
[  471.752255][ T5956] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  471.791104][ T5956] usb 2-1: device descriptor read/8, error -71
[  471.837884][ T5925] usb 4-1: USB disconnect, device number 39
[  471.903048][ T5956] usb usb2-port1: unable to enumerate USB device
[  471.986245][T11030] tipc: Enabling of bearer <eth:team0> rejected, failed to enable media
[  471.999305][T11004] chnl_net:caif_netlink_parms(): no params data found
[  472.357293][ T5848] Bluetooth: hci2: command tx timeout
[  472.381279][ T5925] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  472.796448][ T5925] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 130, using maximum allowed: 30
[  472.807553][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  472.819419][ T5925] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.301021][ T5925] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 130
[  473.314737][ T5925] usb 1-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00
[  473.325215][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.378394][ T5925] usb 1-1: config 0 descriptor??
[  473.685281][ T6252] hsr_slave_0: left promiscuous mode
[  473.720053][   T48] net_ratelimit: 75 callbacks suppressed
[  473.720072][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  473.742351][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  473.750595][ T6252] hsr_slave_1: left promiscuous mode
[  473.800794][ T6252] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.881137][ T6252] batman_adv: batadv0: Removing interface: batadv_slave_0
[  474.039668][ T6252] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  474.195230][ T6252] batman_adv: batadv0: Removing interface: batadv_slave_1
[  474.383236][T11064] overlayfs: failed to resolve './file1': -2
[  474.441148][ T5848] Bluetooth: hci2: command tx timeout
[  474.598106][ T6252] veth1_macvtap: left promiscuous mode
[  474.605990][ T6252] veth0_macvtap: left promiscuous mode
[  474.615267][ T6252] veth1_vlan: left promiscuous mode
[  474.629193][ T6252] veth0_vlan: left promiscuous mode
[  474.722523][   T30] audit: type=1400 audit(1754140338.247:563): avc:  denied  { bind } for  pid=11065 comm="syz.2.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  474.773593][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.847408][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  474.940341][T11059] delete_channel: no stack
[  475.481835][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.505528][T11076] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1297'.
[  475.793783][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.804593][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  475.871273][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  476.270887][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  476.357968][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  476.514909][ T5848] Bluetooth: hci2: command tx timeout
[  476.572559][T11004] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.583989][T11004] bridge0: port 1(bridge_slave_0) entered disabled state
[  476.593686][T11004] bridge_slave_0: entered allmulticast mode
[  476.601694][T11004] bridge_slave_0: entered promiscuous mode
[  476.610417][T11004] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.618116][T11004] bridge0: port 2(bridge_slave_1) entered disabled state
[  476.625525][T11004] bridge_slave_1: entered allmulticast mode
[  476.633035][T11004] bridge_slave_1: entered promiscuous mode
[  476.849535][T11004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.860827][   T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  476.923875][T11004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  477.055735][   T10] usb 4-1: Using ep0 maxpacket: 32
[  477.083359][   T10] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  477.101508][   T10] usb 4-1: config 0 has no interface number 0
[  477.133625][   T10] usb 4-1: config 0 interface 184 has no altsetting 0
[  477.162344][   T10] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  477.176416][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.193964][   T10] usb 4-1: Product: syz
[  477.203650][   T10] usb 4-1: Manufacturer: syz
[  477.208250][   T10] usb 4-1: SerialNumber: syz
[  477.347118][T11004] team0: Port device team_slave_0 added
[  477.459134][T11101] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1301'.
[  477.761289][   T10] usb 4-1: config 0 descriptor??
[  477.769820][   T10] smsc75xx v1.0.0
[  477.784082][T11004] team0: Port device team_slave_1 added
[  477.849811][T11004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.863150][T11004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.890321][T11004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.920287][T11004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.935178][T11004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.054101][T11004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.319687][T11004] hsr_slave_0: entered promiscuous mode
[  478.344193][T11004] hsr_slave_1: entered promiscuous mode
[  478.380222][ T5925] usbhid 1-1:0.0: can't add hid device: -71
[  478.406476][ T5925] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  478.450169][ T5925] usb 1-1: USB disconnect, device number 34
[  478.457757][   T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  478.480527][   T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  478.591015][ T5848] Bluetooth: hci2: command tx timeout
[  478.747681][   T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  478.812548][   T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  478.869833][ T5844] net_ratelimit: 4 callbacks suppressed
[  478.869851][ T5844] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.919573][   T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  479.136018][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.144931][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.145165][   T10] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  479.418782][T11136] random: crng reseeded on system resumption
[  479.456547][   T30] audit: type=1400 audit(1754140342.947:564): avc:  denied  { append } for  pid=11126 comm="syz.1.1305" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  479.617224][T11004] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  479.633078][   T30] audit: type=1400 audit(1754140342.947:565): avc:  denied  { append open } for  pid=11126 comm="syz.1.1305" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  479.690910][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.930888][   T30] audit: type=1400 audit(1754140342.987:566): avc:  denied  { ioctl } for  pid=11126 comm="syz.1.1305" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3312 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  479.942640][T11004] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  480.176555][T11004] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  480.193700][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.205502][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.207569][ T5844] usb 4-1: USB disconnect, device number 40
[  480.350919][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.683149][T11004] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  480.691519][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.887091][T11140] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1307'.
[  480.940023][T11004] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.222271][T11169] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  481.241036][ T5925] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  481.250356][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.261325][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  481.314050][ T5844] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  481.345582][T11004] 8021q: adding VLAN 0 to HW filter on device team0
[  481.470763][ T1151] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.470923][ T5844] usb 1-1: device descriptor read/64, error -71
[  481.478453][ T1151] bridge0: port 1(bridge_slave_0) entered forwarding state
[  481.505198][T11166] delete_channel: no stack
[  481.510835][ T5925] usb 3-1: Using ep0 maxpacket: 8
[  481.516396][ T5925] usb 3-1: no configurations
[  481.525038][T10436] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.532143][T10436] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.539949][ T5925] usb 3-1: can't read configurations, error -22
[  481.603668][T11004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  481.691995][ T5925] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  481.730862][ T5844] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  481.864890][ T5925] usb 3-1: Using ep0 maxpacket: 8
[  481.871213][ T5844] usb 1-1: device descriptor read/64, error -71
[  481.885679][ T5925] usb 3-1: no configurations
[  481.896816][ T5925] usb 3-1: can't read configurations, error -22
[  481.918646][ T5925] usb usb3-port1: attempt power cycle
[  481.988092][T11004] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.993380][ T5844] usb usb1-port1: attempt power cycle
[  482.126342][   T30] audit: type=1400 audit(1754140345.567:567): avc:  denied  { append } for  pid=11192 comm="syz.3.1314" name="001" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  482.720851][ T5925] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  482.737697][ T5844] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  482.802541][ T5844] usb 1-1: device descriptor read/8, error -71
[  482.938436][ T5925] usb 3-1: device not accepting address 32, error -71
[  483.050875][ T5844] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  483.138150][T11207] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1316'.
[  483.207032][ T5844] usb 1-1: device descriptor read/8, error -71
[  483.532463][ T5844] usb usb1-port1: unable to enumerate USB device
[  484.053921][ T5956] net_ratelimit: 4 callbacks suppressed
[  484.053939][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  484.068594][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  484.247592][T11004] veth0_vlan: entered promiscuous mode
[  484.317833][T11004] veth1_vlan: entered promiscuous mode
[  484.623027][ T6707] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  484.653090][T11230] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  484.693507][T11004] veth0_macvtap: entered promiscuous mode
[  484.714057][T11004] veth1_macvtap: entered promiscuous mode
[  484.821707][T11221] delete_channel: no stack
[  484.852459][T11004] batman_adv: batadv0: Interface activated: batadv_slave_0
[  484.875739][ T6707] usb 4-1: Using ep0 maxpacket: 32
[  485.324324][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.332625][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.342503][T11004] batman_adv: batadv0: Interface activated: batadv_slave_1
[  485.380957][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.395117][ T5844] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.418329][ T6707] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  485.431310][ T6707] usb 4-1: config 0 has no interface number 0
[  485.437423][ T6707] usb 4-1: config 0 interface 184 has no altsetting 0
[  485.440028][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  485.464034][ T6707] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  485.471157][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  485.492046][ T6707] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.500398][ T6707] usb 4-1: Product: syz
[  485.504889][ T6707] usb 4-1: Manufacturer: syz
[  485.517994][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  485.532726][ T6707] usb 4-1: SerialNumber: syz
[  485.538614][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  485.557426][ T6707] usb 4-1: config 0 descriptor??
[  485.582684][ T6707] smsc75xx v1.0.0
[  485.684179][ T6252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  485.822350][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.890827][ T6252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  485.983704][T10431] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.100906][T10431] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.171951][   T30] audit: type=1400 audit(1754140349.707:568): avc:  denied  { mounton } for  pid=11004 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  486.285229][ T6707] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  486.306084][ T6707] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  486.340882][ T5956] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  486.351606][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  486.359805][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  486.823313][ T6707] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61
[  486.974815][ T6707] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61
[  487.001577][ T6707] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  487.011885][ T6707] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61
[  487.027778][ T5956] usb 2-1: config 0 interface 0 altsetting 251 has an invalid descriptor for endpoint zero, skipping
[  487.040134][ T5956] usb 2-1: config 0 interface 0 has no altsetting 0
[  487.102064][ T5956] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  487.133878][ T5956] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  487.144222][ T5956] usb 2-1: Product: syz
[  487.148500][ T5956] usb 2-1: Manufacturer: syz
[  487.167928][ T5956] usb 2-1: SerialNumber: syz
[  487.191537][ T5956] usb 2-1: config 0 descriptor??
[  487.244515][T11266] FAULT_INJECTION: forcing a failure.
[  487.244515][T11266] name failslab, interval 1, probability 0, space 0, times 0
[  487.280243][T11266] CPU: 0 UID: 0 PID: 11266 Comm: syz.2.1325 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  487.280271][T11266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  487.280282][T11266] Call Trace:
[  487.280289][T11266]  <TASK>
[  487.280296][T11266]  dump_stack_lvl+0x16c/0x1f0
[  487.280326][T11266]  should_fail_ex+0x512/0x640
[  487.280352][T11266]  ? __kmalloc_noprof+0xbf/0x510
[  487.280372][T11266]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  487.280392][T11266]  should_failslab+0xc2/0x120
[  487.280412][T11266]  __kmalloc_noprof+0xd2/0x510
[  487.280435][T11266]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  487.280460][T11266]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  487.280480][T11266]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  487.280507][T11266]  ? bpf_lsm_capable+0x9/0x10
[  487.280532][T11266]  ? security_capable+0x7e/0x260
[  487.280552][T11266]  ? ns_capable+0xd7/0x110
[  487.280575][T11266]  genl_rcv_msg+0x55c/0x800
[  487.280597][T11266]  ? __pfx_genl_rcv_msg+0x10/0x10
[  487.280615][T11266]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  487.280636][T11266]  ? __pfx_nl80211_trigger_scan+0x10/0x10
[  487.280659][T11266]  ? __pfx_nl80211_post_doit+0x10/0x10
[  487.280688][T11266]  ? __lock_acquire+0x62e/0x1ce0
[  487.280722][T11266]  netlink_rcv_skb+0x155/0x420
[  487.280748][T11266]  ? __pfx_genl_rcv_msg+0x10/0x10
[  487.280767][T11266]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  487.280809][T11266]  ? netlink_deliver_tap+0x1ae/0xd30
[  487.280831][T11266]  ? selinux_netlink_send+0x578/0x830
[  487.280850][T11266]  ? is_vmalloc_addr+0x86/0xa0
[  487.280870][T11266]  genl_rcv+0x28/0x40
[  487.280886][T11266]  netlink_unicast+0x5aa/0x870
[  487.280915][T11266]  ? __pfx_netlink_unicast+0x10/0x10
[  487.280941][T11266]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  487.280975][T11266]  netlink_sendmsg+0x8d1/0xdd0
[  487.281005][T11266]  ? __pfx_netlink_sendmsg+0x10/0x10
[  487.281038][T11266]  ____sys_sendmsg+0xa98/0xc70
[  487.281055][T11266]  ? copy_msghdr_from_user+0x10a/0x160
[  487.281075][T11266]  ? __pfx_____sys_sendmsg+0x10/0x10
[  487.281100][T11266]  ___sys_sendmsg+0x134/0x1d0
[  487.281123][T11266]  ? __pfx____sys_sendmsg+0x10/0x10
[  487.281169][T11266]  ? __mutex_unlock_slowpath+0x80/0x800
[  487.281203][T11266]  __sys_sendmsg+0x16d/0x220
[  487.281227][T11266]  ? __pfx___sys_sendmsg+0x10/0x10
[  487.281269][T11266]  do_syscall_64+0xcd/0x4c0
[  487.281296][T11266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.281316][T11266] RIP: 0033:0x7fd66c58eb69
[  487.281331][T11266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  487.281349][T11266] RSP: 002b:00007fd66d405038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  487.281368][T11266] RAX: ffffffffffffffda RBX: 00007fd66c7b5fa0 RCX: 00007fd66c58eb69
[  487.281380][T11266] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  487.281391][T11266] RBP: 00007fd66d405090 R08: 0000000000000000 R09: 0000000000000000
[  487.281402][T11266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.281413][T11266] R13: 0000000000000000 R14: 00007fd66c7b5fa0 R15: 00007ffd18abd2a8
[  487.281438][T11266]  </TASK>
[  487.282716][ T5956] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  487.611000][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  488.036090][T11282] IPv6: NLM_F_REPLACE set, but no existing node found!
[  488.597781][   T10] usb 4-1: USB disconnect, device number 41
[  489.711428][ T5925] net_ratelimit: 6 callbacks suppressed
[  489.711446][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.730864][ T5956] usb 2-1: USB disconnect, device number 39
[  489.820125][T11304] binder: BINDER_SET_CONTEXT_MGR already set
[  489.839692][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.856595][T11304] binder: 11303:11304 ioctl 4018620d 2000000002c0 returned -16
[  489.937209][T11304] binder: 11303:11304 ioctl c0306201 200000000240 returned -11
[  490.343252][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.353146][T10431] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.361647][ T6707] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.389439][ T5844] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.487212][T10565] udevd[10565]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  490.731557][T11322] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  490.846296][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  490.912773][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.279495][T11320] delete_channel: no stack
[  491.471020][ T6707] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.581090][ T5844] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  491.742454][ T5844] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  491.834164][ T5844] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  491.846408][ T5844] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  491.862180][ T5844] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  491.874811][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  491.893490][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.916293][ T5844] usb 3-1: Product: syz
[  491.939501][ T5844] usb 3-1: Manufacturer: syz
[  491.961738][T11345] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1336'.
[  491.981578][ T5844] usb 3-1: SerialNumber: syz
[  492.028578][ T5844] hub 3-1:1.0: bad descriptor, ignoring hub
[  492.058737][ T5844] hub 3-1:1.0: probe with driver hub failed with error -5
[  492.229931][ T5844] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 34 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  492.334361][T11345] loop6: detected capacity change from 0 to 524287999
[  492.834118][ T5844] usb 3-1: USB disconnect, device number 34
[  493.078058][ T5844] usblp0: removed
[  493.156087][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  494.058136][    C0] vcan0: j1939_tp_rxtimer: 0xffff888058b81800: rx timeout, send abort
[  494.068208][    C0] vcan0: j1939_tp_rxtimer: 0xffff88801eef9400: rx timeout, send abort
[  494.077008][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888058b81800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  494.091491][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801eef9400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  494.299602][   T30] audit: type=1400 audit(1754140357.800:569): avc:  denied  { read } for  pid=5199 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  494.351040][   T30] audit: type=1400 audit(1754140357.800:570): avc:  denied  { search } for  pid=5199 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  494.376977][   T30] audit: type=1400 audit(1754140357.800:571): avc:  denied  { search } for  pid=5199 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  494.399547][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.413251][   T30] audit: type=1400 audit(1754140357.800:572): avc:  denied  { add_name } for  pid=5199 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  494.433921][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.440313][   T30] audit: type=1400 audit(1754140357.800:573): avc:  denied  { create } for  pid=5199 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  494.496432][   T30] audit: type=1400 audit(1754140357.800:574): avc:  denied  { append open } for  pid=5199 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  494.519465][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.560594][   T30] audit: type=1400 audit(1754140357.800:575): avc:  denied  { getattr } for  pid=5199 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  494.954692][T11378] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  495.066453][ T6708] net_ratelimit: 75 callbacks suppressed
[  495.066468][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.208391][T11375] delete_channel: no stack
[  495.234215][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.242480][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.756132][   T30] audit: type=1400 audit(1754140359.290:576): avc:  denied  { execmem } for  pid=11385 comm="syz.5.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  495.877783][T10431] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.887757][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.896182][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.297370][T11393] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.304673][T11393] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.315211][T11393] bridge0: entered promiscuous mode
[  496.320518][T11393] bridge0: entered allmulticast mode
[  496.358462][T11393] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.365620][T11393] bridge0: port 2(bridge_slave_1) entered forwarding state
[  496.374099][T11393] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.381250][T11393] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.577274][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  496.585565][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.426622][T11425] FAULT_INJECTION: forcing a failure.
[  497.426622][T11425] name failslab, interval 1, probability 0, space 0, times 0
[  497.477082][T11425] CPU: 1 UID: 0 PID: 11425 Comm: syz.3.1351 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  497.477111][T11425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  497.477122][T11425] Call Trace:
[  497.477128][T11425]  <TASK>
[  497.477135][T11425]  dump_stack_lvl+0x16c/0x1f0
[  497.477166][T11425]  should_fail_ex+0x512/0x640
[  497.477196][T11425]  should_failslab+0xc2/0x120
[  497.477217][T11425]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  497.477238][T11425]  ? sidtab_sid2str_get+0x17a/0x680
[  497.477266][T11425]  kmemdup_noprof+0x29/0x60
[  497.477285][T11425]  sidtab_sid2str_get+0x17a/0x680
[  497.477311][T11425]  sidtab_entry_to_string+0x33/0x110
[  497.477336][T11425]  security_sid_to_context_core+0x35c/0x640
[  497.477362][T11425]  avc_audit_post_callback+0x1aa/0x8f0
[  497.477391][T11425]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  497.477414][T11425]  ? skb_put+0x138/0x1b0
[  497.477434][T11425]  ? audit_log_n_string+0x253/0x540
[  497.477461][T11425]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  497.477485][T11425]  common_lsm_audit+0x24e/0x300
[  497.477508][T11425]  ? __pfx_common_lsm_audit+0x10/0x10
[  497.477529][T11425]  ? avc_denied+0x14a/0x190
[  497.477560][T11425]  slow_avc_audit+0x186/0x210
[  497.477586][T11425]  ? __pfx_slow_avc_audit+0x10/0x10
[  497.477613][T11425]  ? find_held_lock+0x2b/0x80
[  497.477647][T11425]  avc_has_perm+0x1b5/0x1f0
[  497.477674][T11425]  ? __pfx_avc_has_perm+0x10/0x10
[  497.477703][T11425]  ? find_held_lock+0x2b/0x80
[  497.477728][T11425]  sock_has_perm+0x252/0x2f0
[  497.477747][T11425]  ? __pfx_sock_has_perm+0x10/0x10
[  497.477778][T11425]  ? ksys_write+0x190/0x250
[  497.477799][T11425]  security_socket_getsockopt+0x211/0x240
[  497.477820][T11425]  do_sock_getsockopt+0xf5/0x440
[  497.477840][T11425]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  497.477856][T11425]  ? __fget_files+0x204/0x3c0
[  497.477889][T11425]  __sys_getsockopt+0x12f/0x260
[  497.477919][T11425]  __x64_sys_getsockopt+0xbd/0x160
[  497.477946][T11425]  ? do_syscall_64+0x91/0x4c0
[  497.477972][T11425]  ? lockdep_hardirqs_on+0x7c/0x110
[  497.477997][T11425]  do_syscall_64+0xcd/0x4c0
[  497.478024][T11425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.478041][T11425] RIP: 0033:0x7fdb4df8eb69
[  497.478056][T11425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  497.478073][T11425] RSP: 002b:00007fdb4ee9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  497.478091][T11425] RAX: ffffffffffffffda RBX: 00007fdb4e1b5fa0 RCX: 00007fdb4df8eb69
[  497.478103][T11425] RDX: 0000000000000000 RSI: 0000000000000084 RDI: 0000000000000004
[  497.478118][T11425] RBP: 00007fdb4ee9c090 R08: 0000200000000280 R09: 0000000000000000
[  497.478129][T11425] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  497.478140][T11425] R13: 0000000000000000 R14: 00007fdb4e1b5fa0 R15: 00007ffe10010b78
[  497.478165][T11425]  </TASK>
[  497.555349][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.595240][   T30] audit: type=1400 audit(1754140360.960:577): avc:  denied  { getopt } for  pid=11423 comm="syz.3.1351" lport=41804 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tsid=0 tclass=sctp_socket permissive=1
[  497.795599][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.852120][   T10] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  497.949876][   T30] audit: type=1400 audit(1754140361.480:578): avc:  denied  { create } for  pid=11436 comm="syz.0.1353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  498.254383][   T10] usb 6-1: Using ep0 maxpacket: 32
[  498.284962][T11441] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  498.467690][   T10] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  498.479559][   T10] usb 6-1: config 0 has no interface number 0
[  498.490162][   T10] usb 6-1: config 0 interface 184 has no altsetting 0
[  498.503648][T11439] delete_channel: no stack
[  498.529885][   T10] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  498.567158][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.585239][   T10] usb 6-1: Product: syz
[  498.596231][   T10] usb 6-1: Manufacturer: syz
[  498.606158][   T10] usb 6-1: SerialNumber: syz
[  498.621034][   T10] usb 6-1: config 0 descriptor??
[  498.632082][   T10] smsc75xx v1.0.0
[  499.012700][T11451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1356'.
[  499.261197][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  499.281401][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  499.340803][ T5844] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  499.531373][ T5844] usb 1-1: Using ep0 maxpacket: 8
[  499.540640][ T5844] usb 1-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config
[  499.561462][ T5844] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1
[  499.577121][ T5844] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  499.646910][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.957598][ T5844] usb 1-1: USB disconnect, device number 39
[  499.963996][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[  499.983369][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[  499.994858][   T10] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  500.014887][   T10] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -32
[  500.190964][    C0] net_ratelimit: 6 callbacks suppressed
[  500.190984][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.204767][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.212938][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.221142][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.229314][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.237548][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.245718][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.253932][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.262098][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.270210][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  500.870646][   T30] audit: type=1400 audit(1754140364.400:579): avc:  denied  { ioctl } for  pid=11475 comm="syz.1.1360" path="socket:[35626]" dev="sockfs" ino=35626 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  500.895366][    C0] vkms_vblank_simulate: vblank timer overrun
[  500.993267][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  500.999669][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  501.265560][T11482] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1361'.
[  501.274611][T11481] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1361'.
[  501.315157][T11469] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1358'.
[  501.344390][ T5956] usb 6-1: USB disconnect, device number 2
[  501.880882][   T10] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  502.230901][   T10] usb 4-1: Using ep0 maxpacket: 8
[  502.239957][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  502.256080][   T10] usb 4-1: config 0 has no interfaces?
[  502.266920][   T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  502.283483][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.303957][T11509] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1367'.
[  502.586778][T11510] loop6: detected capacity change from 0 to 524287999
[  502.606099][   T10] usb 4-1: config 0 descriptor??
[  502.958247][T11519] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1371'.
[  503.264860][   T10] usb 4-1: string descriptor 0 read error: -71
[  503.305255][   T10] usb 4-1: USB disconnect, device number 42
[  503.353953][T11524] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1370'.
[  503.531626][ T5955] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  503.973161][ T5955] usb 1-1: Using ep0 maxpacket: 8
[  504.007414][ T5955] usb 1-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config
[  504.039868][ T5955] usb 1-1: config 252 has 0 interfaces, different from the descriptor's value: 1
[  504.068027][ T5955] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  504.078345][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.286671][T11536] FAULT_INJECTION: forcing a failure.
[  504.286671][T11536] name failslab, interval 1, probability 0, space 0, times 0
[  504.299333][T11536] CPU: 0 UID: 0 PID: 11536 Comm: syz.2.1372 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  504.299350][T11536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  504.299357][T11536] Call Trace:
[  504.299362][T11536]  <TASK>
[  504.299367][T11536]  dump_stack_lvl+0x16c/0x1f0
[  504.299388][T11536]  should_fail_ex+0x512/0x640
[  504.299407][T11536]  ? fs_reclaim_acquire+0xae/0x150
[  504.299424][T11536]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  504.299439][T11536]  should_failslab+0xc2/0x120
[  504.299453][T11536]  __kmalloc_noprof+0xd2/0x510
[  504.299467][T11536]  tomoyo_realpath_from_path+0xc2/0x6e0
[  504.299483][T11536]  ? tomoyo_profile+0x47/0x60
[  504.299500][T11536]  tomoyo_path_number_perm+0x245/0x580
[  504.299512][T11536]  ? tomoyo_path_number_perm+0x237/0x580
[  504.299525][T11536]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  504.299538][T11536]  ? find_held_lock+0x2b/0x80
[  504.299564][T11536]  ? find_held_lock+0x2b/0x80
[  504.299576][T11536]  ? hook_file_ioctl_common+0x145/0x410
[  504.299596][T11536]  ? __fget_files+0x20e/0x3c0
[  504.299616][T11536]  security_file_ioctl+0x9b/0x240
[  504.299631][T11536]  __x64_sys_ioctl+0xb7/0x210
[  504.299649][T11536]  do_syscall_64+0xcd/0x4c0
[  504.299667][T11536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.299678][T11536] RIP: 0033:0x7fd66c58eb69
[  504.299687][T11536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.299698][T11536] RSP: 002b:00007fd66d3e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  504.299709][T11536] RAX: ffffffffffffffda RBX: 00007fd66c7b6080 RCX: 00007fd66c58eb69
[  504.299716][T11536] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003
[  504.299723][T11536] RBP: 00007fd66d3e4090 R08: 0000000000000000 R09: 0000000000000000
[  504.299729][T11536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.299736][T11536] R13: 0000000000000001 R14: 00007fd66c7b6080 R15: 00007ffd18abd2a8
[  504.299750][T11536]  </TASK>
[  504.299755][T11536] ERROR: Out of memory at tomoyo_realpath_from_path.
[  504.544203][ T5956] usb 1-1: USB disconnect, device number 40
[  504.950775][ T5955] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  505.120786][ T5955] usb 4-1: Using ep0 maxpacket: 32
[  505.127358][ T5955] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  505.135780][ T5955] usb 4-1: config 0 has no interface number 0
[  505.145580][ T5955] usb 4-1: config 0 interface 184 has no altsetting 0
[  505.155046][ T5955] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  505.164260][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.226711][ T5955] usb 4-1: Product: syz
[  505.231824][ T5955] usb 4-1: Manufacturer: syz
[  505.236769][ T5955] usb 4-1: SerialNumber: syz
[  505.245000][ T5955] usb 4-1: config 0 descriptor??
[  505.355544][ T5844] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  505.382928][ T5955] smsc75xx v1.0.0
[  505.531769][ T5844] usb 2-1: Using ep0 maxpacket: 16
[  505.565710][ T5925] net_ratelimit: 74 callbacks suppressed
[  505.565728][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  505.566514][ T5844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  505.871432][ T5844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  505.882855][ T5844] usb 2-1: New USB device found, idVendor=044f, idProduct=b823, bcdDevice=83.47
[  505.892325][ T5844] usb 2-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0
[  505.901718][ T5844] usb 2-1: Manufacturer: syz
[  505.912531][ T5844] usb 2-1: config 0 descriptor??
[  505.946923][T11562] netlink: 'syz.0.1378': attribute type 39 has an invalid length.
[  506.059135][ T5955] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  506.072436][ T5955] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  506.304780][   T30] audit: type=1400 audit(1754140369.840:580): avc:  denied  { map } for  pid=11569 comm="syz.0.1379" path="socket:[36872]" dev="sockfs" ino=36872 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  506.541697][ T5844] usbhid 2-1:0.0: can't add hid device: -71
[  506.549008][ T5844] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  506.566185][ T5844] usb 2-1: USB disconnect, device number 40
[  506.592010][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  506.700262][ T5955] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[  506.711345][ T5955] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[  506.723243][ T5955] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  506.734329][ T5955] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[  506.751164][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  507.048609][T11575] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1380'.
[  507.243421][   T30] audit: type=1400 audit(1754140370.780:581): avc:  denied  { unmount } for  pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  507.651026][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  507.745270][   T30] audit: type=1400 audit(1754140371.280:582): avc:  denied  { ioctl } for  pid=11586 comm="syz.2.1384" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  507.800661][ T5925] usb 4-1: USB disconnect, device number 43
[  508.211684][ T5925] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  508.691136][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  508.711868][ T5925] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  508.851762][ T5925] usb 4-1: config 0 interface 0 has no altsetting 0
[  508.873255][ T5925] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  508.892201][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  508.911303][T11624] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1390'.
[  508.987734][ T5925] usb 4-1: Product: syz
[  508.997224][ T5925] usb 4-1: Manufacturer: syz
[  509.231933][T11625] loop6: detected capacity change from 0 to 524287999
[  509.362777][T11622] netlink: 'syz.2.1391': attribute type 3 has an invalid length.
[  509.720969][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.739263][ T5925] usb 4-1: SerialNumber: syz
[  509.759081][ T5925] usb 4-1: config 0 descriptor??
[  509.793263][ T6704] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.829491][ T5925] usb 4-1: selecting invalid altsetting 0
[  510.020864][ T5925] usb 4-1: USB disconnect, device number 44
[  510.030820][ T5848] Bluetooth: hci2: command tx timeout
[  510.110929][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  510.112904][T10564] udevd[10564]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  510.116949][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  510.153510][T11642] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  510.160127][T11642] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  510.190937][T11642] vhci_hcd vhci_hcd.0: Device attached
[  510.224757][T11642] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  510.255833][T11642] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(16)
[  510.262453][T11642] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  510.276027][T11642] vhci_hcd vhci_hcd.0: Device attached
[  510.301868][T11642] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(18)
[  510.308478][T11642] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  510.344537][T11642] vhci_hcd vhci_hcd.0: Device attached
[  510.355097][T11653] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(20)
[  510.361710][T11653] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  510.375440][T11653] vhci_hcd vhci_hcd.0: Device attached
[  510.385119][T11642] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  510.397080][T11642] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  510.401028][ T6704] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  510.415383][T11642] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  510.429720][T11642] vhci_hcd vhci_hcd.0: pdev(5) rhport(7) sockfd(30)
[  510.432567][   T10] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  510.436313][T11642] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  510.472882][T11642] vhci_hcd vhci_hcd.0: Device attached
[  510.480792][ T5844] usb 3-1: new low-speed USB device number 35 using dummy_hcd
[  510.537000][T11655] vhci_hcd: connection closed
[  510.537097][T10440] vhci_hcd: stop threads
[  510.546097][T10440] vhci_hcd: release socket
[  510.550566][T10440] vhci_hcd: disconnect device
[  510.558543][T11651] vhci_hcd: connection closed
[  510.558791][T10440] vhci_hcd: stop threads
[  510.568626][T11648] vhci_hcd: connection closed
[  510.569163][T11645] vhci_hcd: connection reset by peer
[  510.569778][T10440] vhci_hcd: release socket
[  510.587965][T10440] vhci_hcd: disconnect device
[  510.594435][T10440] vhci_hcd: stop threads
[  510.598724][T10440] vhci_hcd: release socket
[  510.605029][T10440] vhci_hcd: disconnect device
[  510.609905][T10440] vhci_hcd: stop threads
[  510.615679][T10440] vhci_hcd: release socket
[  510.620387][T10440] vhci_hcd: disconnect device
[  510.621242][ T5844] usb 3-1: device descriptor read/64, error -71
[  510.638586][ T6704] usb 1-1: config 0 has no interfaces?
[  510.644243][ T6704] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  510.661438][ T6704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.690387][ T6704] usb 1-1: config 0 descriptor??
[  510.774750][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  510.884253][ T5844] usb 3-1: new low-speed USB device number 36 using dummy_hcd
[  511.050893][ T5844] usb 3-1: device descriptor read/64, error -71
[  511.115597][T11657] vhci_hcd: connection closed
[  511.116404][T10440] vhci_hcd: stop threads
[  511.137984][T10440] vhci_hcd: release socket
[  511.160492][T10440] vhci_hcd: disconnect device
[  511.171104][ T5844] usb usb3-port1: attempt power cycle
[  511.317948][ T5956] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  511.470876][ T5956] usb 4-1: Using ep0 maxpacket: 32
[  511.470887][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  511.551156][ T5844] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  511.661478][ T5956] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  511.669857][ T5956] usb 4-1: config 0 has no interface number 0
[  511.676301][ T5956] usb 4-1: config 0 interface 184 has no altsetting 0
[  511.687577][ T5844] usb 3-1: device descriptor read/8, error -71
[  511.718282][ T5956] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  511.730514][ T5956] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.738739][ T5956] usb 4-1: Product: syz
[  511.743113][ T5956] usb 4-1: Manufacturer: syz
[  511.748731][ T5956] usb 4-1: SerialNumber: syz
[  511.775431][ T5956] usb 4-1: config 0 descriptor??
[  511.788068][ T5956] smsc75xx v1.0.0
[  511.792108][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  511.960893][ T5844] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  511.997123][ T5844] usb 3-1: device descriptor read/8, error -71
[  512.121205][ T5844] usb usb3-port1: unable to enumerate USB device
[  512.396504][ T5956] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  512.515202][ T5956] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  513.027414][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  513.052852][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  513.334089][ T5956] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[  513.359161][ T5956] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[  513.359966][ T6708] usb 1-1: USB disconnect, device number 41
[  513.387819][ T5956] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  513.636418][ T5956] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[  513.839522][ T6707] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.031510][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.392836][T11730] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  514.438587][T11732] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[  514.457890][   T24] usb 4-1: USB disconnect, device number 45
[  515.113806][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  515.396451][T11750] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  515.611235][T11748] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12)
[  515.617857][T11748] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  515.646427][T11745] delete_channel: no stack
[  515.652321][T11748] vhci_hcd vhci_hcd.0: Device attached
[  515.671419][T11754] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  515.690132][   T10] vhci_hcd: vhci_device speed not set
[  515.691641][T11748] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(14)
[  515.702092][T11748] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  515.752523][T11754] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(19)
[  515.759155][T11754] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  515.770247][T11754] vhci_hcd vhci_hcd.0: Device attached
[  515.783125][T11754] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(21)
[  515.789726][T11754] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  515.855951][T11748] vhci_hcd vhci_hcd.0: Device attached
[  515.856054][T11754] vhci_hcd vhci_hcd.0: Device attached
[  515.895933][   T24] usb 33-1: new low-speed USB device number 4 using vhci_hcd
[  515.943447][T11748] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  515.981299][T11763] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  516.036247][T11748] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  516.255238][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.760877][ T6708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.835653][   T30] audit: type=1400 audit(1754140379.880:583): avc:  denied  { connect } for  pid=11764 comm="syz.5.1409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  516.991234][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  517.004930][   T30] audit: type=1400 audit(1754140379.970:584): avc:  denied  { listen } for  pid=11764 comm="syz.5.1409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  517.147374][T11754] vhci_hcd vhci_hcd.0: pdev(0) rhport(7) sockfd(31)
[  517.154008][T11754] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  517.200058][T11784] tipc: Started in network mode
[  517.205726][T11784] tipc: Node identity fa7d18db856b, cluster identity 4711
[  517.210832][T11754] vhci_hcd vhci_hcd.0: Device attached
[  517.221753][T11755] vhci_hcd: connection closed
[  517.221757][T11760] vhci_hcd: connection closed
[  517.221931][T11757] vhci_hcd: connection closed
[  517.231709][T11752] vhci_hcd: connection reset by peer
[  517.246351][T11795] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1410'.
[  517.265808][T10436] vhci_hcd: stop threads
[  517.270069][T10436] vhci_hcd: release socket
[  517.297323][T11784] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  517.305135][T10436] vhci_hcd: disconnect device
[  517.313088][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  517.322328][T10436] vhci_hcd: stop threads
[  517.326585][T10436] vhci_hcd: release socket
[  517.332476][T10436] vhci_hcd: disconnect device
[  517.342192][T10436] vhci_hcd: stop threads
[  517.366148][T10436] vhci_hcd: release socket
[  517.376267][T10436] vhci_hcd: disconnect device
[  517.413751][T10436] vhci_hcd: stop threads
[  517.418021][T10436] vhci_hcd: release socket
[  517.432425][T10436] vhci_hcd: disconnect device
[  517.438556][T11796] syzkaller0: entered promiscuous mode
[  517.510823][T11796] syzkaller0: entered allmulticast mode
[  517.546823][T11801] tipc: Resetting bearer <eth:syzkaller0>
[  517.646914][ T5925] usb usb44-port1: attempt power cycle
[  517.675199][T11783] tipc: Resetting bearer <eth:syzkaller0>
[  518.252409][T11786] vhci_hcd: connection closed
[  518.293355][ T6252] vhci_hcd: stop threads
[  518.318953][ T5925] usb usb44-port1: unable to enumerate USB device
[  518.352888][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.364766][T11783] tipc: Disabling bearer <eth:syzkaller0>
[  518.392285][ T5918] tipc: Node number set to 2132154587
[  518.491676][ T6252] vhci_hcd: release socket
[  518.512366][ T6252] vhci_hcd: disconnect device
[  518.684012][T11798] loop6: detected capacity change from 0 to 524287999
[  518.971305][ T5918] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  519.425276][   T48] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.550777][ T5918] usb 1-1: Using ep0 maxpacket: 32
[  519.557288][ T5918] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  519.588490][ T5918] usb 1-1: config 0 has no interface number 0
[  519.639545][ T5918] usb 1-1: config 0 interface 184 has no altsetting 0
[  519.790939][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.855646][ T5918] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  519.874890][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.883662][ T5918] usb 1-1: Product: syz
[  519.887949][ T5918] usb 1-1: Manufacturer: syz
[  519.985444][   T30] audit: type=1400 audit(1754140383.520:585): avc:  denied  { ioctl } for  pid=11838 comm="syz.5.1419" path="socket:[38352]" dev="sockfs" ino=38352 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  519.986137][ T5918] usb 1-1: SerialNumber: syz
[  520.010127][    C1] vkms_vblank_simulate: vblank timer overrun
[  520.075313][ T5918] usb 1-1: config 0 descriptor??
[  520.145414][ T5918] smsc75xx v1.0.0
[  520.381613][T11852] overlayfs: failed to resolve './bus': -2
[  520.566115][ T5925] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  520.665642][T11857] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11857 comm=syz.2.1420
[  520.678955][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  520.820053][T11849] delete_channel: no stack
[  520.965031][T11859] FAULT_INJECTION: forcing a failure.
[  520.965031][T11859] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  520.990005][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  521.010878][   T24] vhci_hcd: vhci_device speed not set
[  521.016290][T11859] CPU: 0 UID: 0 PID: 11859 Comm: syz.3.1423 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  521.016313][T11859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  521.016323][T11859] Call Trace:
[  521.016329][T11859]  <TASK>
[  521.016335][T11859]  dump_stack_lvl+0x16c/0x1f0
[  521.016362][T11859]  should_fail_ex+0x512/0x640
[  521.016390][T11859]  __kvm_read_guest_page+0x186/0x250
[  521.016414][T11859]  kvm_fetch_guest_virt+0x128/0x1a0
[  521.016438][T11859]  __do_insn_fetch_bytes+0x41e/0x6d0
[  521.016465][T11859]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  521.016487][T11859]  ? irqentry_exit+0x3b/0x90
[  521.016510][T11859]  ? lockdep_hardirqs_on+0x7c/0x110
[  521.016537][T11859]  x86_decode_insn+0xb90/0x5540
[  521.016568][T11859]  ? vmx_segment_cache_test_set+0x14b/0x400
[  521.016586][T11859]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  521.016606][T11859]  ? __pfx_x86_decode_insn+0x10/0x10
[  521.016629][T11859]  ? vmx_cache_reg+0x333/0x5e0
[  521.016654][T11859]  ? kvm_register_read_raw+0xe9/0x240
[  521.016674][T11859]  ? init_decode_cache+0xd/0x210
[  521.016696][T11859]  ? init_emulate_ctxt+0x337/0x510
[  521.016717][T11859]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  521.016743][T11859]  ? kvm_multiple_exception+0x379/0x750
[  521.016766][T11859]  x86_emulate_instruction+0x9b2/0x1a90
[  521.016798][T11859]  handle_ud+0x103/0x280
[  521.016818][T11859]  ? __pfx_handle_ud+0x10/0x10
[  521.016839][T11859]  ? __lock_acquire+0xb97/0x1ce0
[  521.016868][T11859]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  521.016890][T11859]  handle_exception_nmi+0x856/0x1750
[  521.016915][T11859]  ? __pfx_handle_exception_nmi+0x10/0x10
[  521.016934][T11859]  vmx_handle_exit+0x124c/0x1bd0
[  521.016960][T11859]  vcpu_run+0x31f4/0x5580
[  521.016994][T11859]  ? __pfx_vcpu_run+0x10/0x10
[  521.017022][T11859]  ? fpu_swap_kvm_fpstate+0x1be/0x410
[  521.017043][T11859]  ? __local_bh_enable_ip+0xa4/0x120
[  521.017069][T11859]  ? kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  521.017091][T11859]  kvm_arch_vcpu_ioctl_run+0x1023/0x1980
[  521.017121][T11859]  kvm_vcpu_ioctl+0x5eb/0x1690
[  521.017146][T11859]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  521.017167][T11859]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  521.017188][T11859]  ? do_vfs_ioctl+0x128/0x14f0
[  521.017216][T11859]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  521.017241][T11859]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  521.017273][T11859]  ? hook_file_ioctl_common+0x145/0x410
[  521.017306][T11859]  ? selinux_file_ioctl+0x180/0x270
[  521.017325][T11859]  ? selinux_file_ioctl+0xb4/0x270
[  521.017348][T11859]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  521.017372][T11859]  __x64_sys_ioctl+0x18b/0x210
[  521.017400][T11859]  do_syscall_64+0xcd/0x4c0
[  521.017429][T11859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.017447][T11859] RIP: 0033:0x7fdb4df8eb69
[  521.017468][T11859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.017485][T11859] RSP: 002b:00007fdb4ee9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  521.017503][T11859] RAX: ffffffffffffffda RBX: 00007fdb4e1b5fa0 RCX: 00007fdb4df8eb69
[  521.017515][T11859] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  521.017526][T11859] RBP: 00007fdb4ee9c090 R08: 0000000000000000 R09: 0000000000000000
[  521.017537][T11859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.017547][T11859] R13: 0000000000000000 R14: 00007fdb4e1b5fa0 R15: 00007ffe10010b78
[  521.017573][T11859]  </TASK>
[  521.050803][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  521.710959][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.792728][T11873] FAULT_INJECTION: forcing a failure.
[  521.792728][T11873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.855956][T11873] CPU: 0 UID: 0 PID: 11873 Comm: syz.3.1426 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  521.855987][T11873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  521.855998][T11873] Call Trace:
[  521.856004][T11873]  <TASK>
[  521.856012][T11873]  dump_stack_lvl+0x16c/0x1f0
[  521.856044][T11873]  should_fail_ex+0x512/0x640
[  521.856077][T11873]  _copy_to_user+0x32/0xd0
[  521.856100][T11873]  bpf_test_finish.isra.0+0x4b4/0x6e0
[  521.856130][T11873]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  521.856161][T11873]  ? __asan_memset+0x23/0x50
[  521.856191][T11873]  bpf_prog_test_run_skb+0x1368/0x2280
[  521.856227][T11873]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  521.856256][T11873]  ? fput+0x9b/0xd0
[  521.856282][T11873]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  521.856308][T11873]  __sys_bpf+0x1050/0x4de0
[  521.856336][T11873]  ? __pfx___sys_bpf+0x10/0x10
[  521.856359][T11873]  ? ksys_write+0x190/0x250
[  521.856381][T11873]  ? __mutex_unlock_slowpath+0x163/0x800
[  521.856423][T11873]  ? fput+0x9b/0xd0
[  521.856446][T11873]  ? ksys_write+0x1ac/0x250
[  521.856464][T11873]  ? __pfx_ksys_write+0x10/0x10
[  521.856486][T11873]  __x64_sys_bpf+0x78/0xc0
[  521.856510][T11873]  ? lockdep_hardirqs_on+0x7c/0x110
[  521.856534][T11873]  do_syscall_64+0xcd/0x4c0
[  521.856561][T11873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.856580][T11873] RIP: 0033:0x7fdb4df8eb69
[  521.856596][T11873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.856612][T11873] RSP: 002b:00007fdb4ee9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  521.856631][T11873] RAX: ffffffffffffffda RBX: 00007fdb4e1b5fa0 RCX: 00007fdb4df8eb69
[  521.856648][T11873] RDX: 0000000000000050 RSI: 0000200000000380 RDI: 000000000000000a
[  521.856659][T11873] RBP: 00007fdb4ee9c090 R08: 0000000000000000 R09: 0000000000000000
[  521.856670][T11873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.856680][T11873] R13: 0000000000000000 R14: 00007fdb4e1b5fa0 R15: 00007ffe10010b78
[  521.856705][T11873]  </TASK>
[  522.419726][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  522.450917][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  522.476949][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  522.508129][ T5918] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  522.534098][ T5918] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  522.564578][ T5918] usb 1-1: USB disconnect, device number 42
[  522.752409][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.831004][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.891545][ T5955] usb usb34-port1: attempt power cycle
[  522.900845][ T5918] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  523.010996][   T48] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  523.062292][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  523.089534][ T5918] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  523.161349][ T5918] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  523.176673][   T48] usb 3-1: config 0 has no interfaces?
[  523.185379][   T48] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  523.208738][T11899] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11899 comm=syz.5.1431
[  523.221514][   T48] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  523.229509][   T48] usb 3-1: Product: syz
[  523.265908][ T5918] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  523.286352][   T48] usb 3-1: Manufacturer: syz
[  523.291059][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.335581][ T5918] usb 1-1: Product: syz
[  523.369084][   T48] usb 3-1: config 0 descriptor??
[  523.377274][ T5918] usb 1-1: Manufacturer: syz
[  523.382449][ T5918] usb 1-1: SerialNumber: syz
[  523.467081][ T5955] usb usb34-port1: unable to enumerate USB device
[  523.472198][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  523.580275][T11907] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  523.625044][T10433] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  523.681745][T11895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.698936][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  523.801350][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  524.038947][T11908] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1434'.
[  524.085966][T11895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.086770][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  524.238279][T11903] delete_channel: no stack
[  524.254321][ T5918] hub 1-1:1.0: bad descriptor, ignoring hub
[  524.274172][ T5918] hub 1-1:1.0: probe with driver hub failed with error -5
[  524.281613][ T5850] Bluetooth: hci3: unknown advertising packet type: 0x2f
[  524.281631][ T5850] Bluetooth: hci3: unknown advertising packet type: 0x40
[  524.306249][ T5850] Bluetooth: hci3: Malformed LE Event: 0x02
[  524.323478][T11895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.335213][T11895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.463810][ T5918] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 43 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  524.674106][T11924] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11924 comm=syz.3.1436
[  524.696705][   T30] audit: type=1400 audit(1754140388.210:586): avc:  denied  { read write } for  pid=11885 comm="syz.0.1428" name="lp0" dev="devtmpfs" ino=3331 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  524.781453][   T10] usb 1-1: USB disconnect, device number 43
[  524.808833][   T30] audit: type=1400 audit(1754140388.210:587): avc:  denied  { open } for  pid=11885 comm="syz.0.1428" path="/dev/usb/lp0" dev="devtmpfs" ino=3331 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  524.864790][ T5955] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  524.983449][T11885] usblp0: removed
[  525.551070][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  526.921022][ T5918] net_ratelimit: 4 callbacks suppressed
[  526.921040][ T5918] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  527.055026][   T10] usb 3-1: USB disconnect, device number 39
[  527.139292][   T30] audit: type=1400 audit(1754140390.670:588): avc:  denied  { open } for  pid=11948 comm="syz.0.1444" path="/dev/ptyq4" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  527.171536][   T30] audit: type=1400 audit(1754140390.670:589): avc:  denied  { ioctl } for  pid=11948 comm="syz.0.1444" path="/dev/ptyq4" dev="devtmpfs" ino=123 ioctlcmd=0x5439 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  528.180382][T11966] mkiss: ax0: crc mode is auto.
[  528.685648][T11981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11981 comm=syz.0.1452
[  529.518603][ T6708] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  529.562446][T11991] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11991 comm=syz.5.1456
[  529.580359][T11993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1457'.
[  529.690792][ T6708] usb 3-1: Using ep0 maxpacket: 32
[  529.697440][ T6708] usb 3-1: config 0 has an invalid interface number: 74 but max is 0
[  529.706960][ T6708] usb 3-1: config 0 has no interface number 0
[  529.714992][ T6708] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[  529.743671][ T6708] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.768565][ T6708] usb 3-1: Product: syz
[  529.785127][ T6708] usb 3-1: Manufacturer: syz
[  529.813471][ T6708] usb 3-1: SerialNumber: syz
[  529.891335][ T6708] usb 3-1: config 0 descriptor??
[  530.677453][ T6708] usb 3-1: USB disconnect, device number 40
[  530.827793][T10565] udevd[10565]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.74/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  531.840507][   T30] audit: type=1400 audit(1754140395.370:590): avc:  denied  { write } for  pid=12013 comm="syz.5.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  532.077168][ T5850] Bluetooth: Unexpected continuation frame (len 102)
[  532.114899][   T30] audit: type=1400 audit(1754140395.370:591): avc:  denied  { nlmsg_write } for  pid=12013 comm="syz.5.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  533.550857][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.680905][T12036] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(10)
[  548.687538][T12036] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  549.062353][T12036] vhci_hcd vhci_hcd.0: Device attached
[  549.665343][T12042] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(13)
[  549.671969][T12042] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  550.101460][T12036] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  551.065419][   T10] vhci_hcd: vhci_device speed not set
[  551.097998][T12042] vhci_hcd vhci_hcd.0: Device attached
[  551.688370][T12036] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(15)
[  551.694993][T12036] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  552.068909][   T10] usb 43-1: new full-speed USB device number 3 using vhci_hcd
[  561.541514][T12036] vhci_hcd vhci_hcd.0: Device attached
[  563.511237][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  563.517543][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  578.255947][T12050] vhci_hcd: connection closed
[  578.264670][T12039] vhci_hcd: connection reset by peer
[  578.275119][T12043] vhci_hcd: connection closed
[  578.295925][T10440] vhci_hcd: stop threads
[  578.304889][T10440] vhci_hcd: release socket
[  578.309710][T10440] vhci_hcd: disconnect device
[  579.315900][T10440] vhci_hcd: stop threads
[  579.320173][T10440] vhci_hcd: release socket
[  580.303953][T10440] vhci_hcd: disconnect device
[  580.321287][T10440] vhci_hcd: stop threads
[  580.325552][T10440] vhci_hcd: release socket
[  580.341008][T10440] vhci_hcd: disconnect device
[  583.227857][   T10] vhci_hcd: vhci_device speed not set
[  584.263078][T12066] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  585.225162][T12066] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  585.233768][T12066] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  585.241629][T12066] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  585.249097][T12066] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  595.117309][ T5850] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  625.371690][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  625.378002][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  701.160586][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  701.167548][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P12047/1:b..l P12062/1:b..l P6704/1:b..l
[  701.178300][    C1] rcu: 	(detected by 1, t=10503 jiffies, g=44109, q=857 ncpus=2)
[  701.186004][    C1] task:kworker/0:11    state:R  running task     stack:21464 pid:6704  tgid:6704  ppid:2      task_flags:0x4208060 flags:0x00004000
[  701.200224][    C1] Workqueue: events_power_efficient gc_worker
[  701.206299][    C1] Call Trace:
[  701.209563][    C1]  <TASK>
[  701.212485][    C1]  __schedule+0x1190/0x5de0
[  701.216986][    C1]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  701.223665][    C1]  ? __pfx___schedule+0x10/0x10
[  701.228512][    C1]  ? mark_held_locks+0x49/0x80
[  701.233270][    C1]  preempt_schedule_irq+0x51/0x90
[  701.238294][    C1]  irqentry_exit+0x36/0x90
[  701.242699][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  701.248666][    C1] RIP: 0010:lock_release+0x45/0x2f0
[  701.253862][    C1] Code: 79 bf 3d 12 48 89 44 24 10 31 c0 0f 1f 44 00 00 65 8b 05 92 bf 3d 12 83 f8 07 0f 87 38 02 00 00 89 c0 48 0f a3 05 db 10 13 0f <0f> 82 b1 01 00 00 8b 3d a3 42 13 0f 85 ff 0f 84 25 01 00 00 65 8b
[  701.273456][    C1] RSP: 0018:ffffc9001cfefb10 EFLAGS: 00000297
[  701.279511][    C1] RAX: 0000000000000000 RBX: ffffffff8e5c1120 RCX: ffffffff89b91088
[  701.287468][    C1] RDX: ffff88805294a440 RSI: ffffffff89b909e9 RDI: ffffffff8e5c1120
[  701.295436][    C1] RBP: ffffffff9b2c82ec R08: 0000000000000001 R09: 0000000000000000
[  701.303392][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff89b909e9
[  701.311347][    C1] R13: 00000000000705d1 R14: dffffc0000000000 R15: 0000000000002417
[  701.319322][    C1]  ? gc_worker+0x999/0x16e0
[  701.323831][    C1]  ? gc_worker+0x1038/0x16e0
[  701.328561][    C1]  ? gc_worker+0x999/0x16e0
[  701.333065][    C1]  gc_worker+0x99e/0x16e0
[  701.337397][    C1]  ? __pfx_gc_worker+0x10/0x10
[  701.342160][    C1]  ? rcu_is_watching+0x12/0xc0
[  701.346919][    C1]  process_one_work+0x9cc/0x1b70
[  701.351857][    C1]  ? __pfx_gc_worker+0x10/0x10
[  701.356613][    C1]  ? __pfx_process_one_work+0x10/0x10
[  701.361978][    C1]  ? assign_work+0x1a0/0x250
[  701.366557][    C1]  worker_thread+0x6c8/0xf10
[  701.371145][    C1]  ? __pfx_worker_thread+0x10/0x10
[  701.376244][    C1]  kthread+0x3c5/0x780
[  701.380316][    C1]  ? __pfx_kthread+0x10/0x10
[  701.384912][    C1]  ? rcu_is_watching+0x12/0xc0
[  701.389685][    C1]  ? __pfx_kthread+0x10/0x10
[  701.394277][    C1]  ret_from_fork+0x5d7/0x6f0
[  701.398860][    C1]  ? __pfx_kthread+0x10/0x10
[  701.403443][    C1]  ret_from_fork_asm+0x1a/0x30
[  701.408213][    C1]  </TASK>
[  701.411222][    C1] task:syz-executor    state:R  running task     stack:25512 pid:12062 tgid:12062 ppid:5830   task_flags:0x400000 flags:0x00004000
[  701.424691][    C1] Call Trace:
[  701.427945][    C1]  <TASK>
[  701.430849][    C1]  __schedule+0x1190/0x5de0
[  701.435333][    C1]  ? __pfx___schedule+0x10/0x10
[  701.440155][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  701.445071][    C1]  preempt_schedule_irq+0x51/0x90
[  701.450068][    C1]  irqentry_exit+0x36/0x90
[  701.454456][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  701.460406][    C1] RIP: 0010:debug_lockdep_rcu_enabled+0x28/0x40
[  701.466632][    C1] Code: 90 90 f3 0f 1e fa 8b 05 96 69 18 05 85 c0 74 20 8b 05 70 9a 18 05 85 c0 74 16 65 48 8b 05 18 17 43 08 8b 80 ec 0a 00 00 85 c0 <0f> 94 c0 0f b6 c0 e9 cd 02 03 00 66 2e 0f 1f 84 00 00 00 00 00 0f
[  701.486207][    C1] RSP: 0018:ffffc9000404f518 EFLAGS: 00000246
[  701.492244][    C1] RAX: 0000000000000000 RBX: ffffc9000404fe68 RCX: ffffc90004050001
[  701.500193][    C1] RDX: ffffc9000404fe70 RSI: ffffc9000404fe38 RDI: ffffc9000404f5a0
[  701.508153][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  701.516108][    C1] R10: 0000000000000000 R11: 0000000000011153 R12: ffffc9000404f5e0
[  701.524053][    C1] R13: ffffc9000404f590 R14: ffffc9000404fe68 R15: ffffc9000404f5c4
[  701.532017][    C1]  unwind_next_frame+0x3de/0x20a0
[  701.537091][    C1]  ? __vmalloc_node_range_noprof+0x72f/0x14b0
[  701.543151][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  701.549291][    C1]  arch_stack_walk+0x94/0x100
[  701.553949][    C1]  ? vmalloc_user_noprof+0x9e/0xe0
[  701.559039][    C1]  stack_trace_save+0x8e/0xc0
[  701.563693][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  701.569044][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  701.573956][    C1]  save_stack+0x160/0x1f0
[  701.578262][    C1]  ? __pfx_save_stack+0x10/0x10
[  701.583086][    C1]  ? post_alloc_hook+0x1c0/0x230
[  701.587995][    C1]  ? get_page_from_freelist+0x132b/0x38e0
[  701.593679][    C1]  ? __alloc_frozen_pages_noprof+0x261/0x23f0
[  701.599711][    C1]  ? alloc_pages_mpol+0x1fb/0x550
[  701.604708][    C1]  ? alloc_pages_noprof+0x131/0x390
[  701.609874][    C1]  ? __vmalloc_node_range_noprof+0x72f/0x14b0
[  701.615919][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  701.620841][    C1]  __set_page_owner+0x91/0x550
[  701.625576][    C1]  ? __pfx___set_page_owner+0x10/0x10
[  701.630914][    C1]  ? rcu_is_watching+0x12/0xc0
[  701.635648][    C1]  ? bad_range+0x261/0x4c0
[  701.640094][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  701.645279][    C1]  post_alloc_hook+0x1c0/0x230
[  701.650047][    C1]  get_page_from_freelist+0x132b/0x38e0
[  701.655580][    C1]  ? prepare_alloc_pages+0x3c2/0x610
[  701.660845][    C1]  ? rcu_is_watching+0x12/0xc0
[  701.665587][    C1]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  701.671453][    C1]  ? __pfx_vmap_small_pages_range_noflush+0x10/0x10
[  701.678020][    C1]  ? alloc_pages_bulk_noprof+0xa67/0x1410
[  701.683718][    C1]  ? __vmap_pages_range_noflush+0x1d0/0x230
[  701.689589][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  701.695885][    C1]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  701.701834][    C1]  ? __vmalloc_node_range_noprof+0xf8c/0x14b0
[  701.707873][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  701.713738][    C1]  ? policy_nodemask+0xea/0x4e0
[  701.718556][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  701.724417][    C1]  ? policy_nodemask+0xea/0x4e0
[  701.729235][    C1]  alloc_pages_mpol+0x1fb/0x550
[  701.734055][    C1]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  701.739399][    C1]  alloc_pages_noprof+0x131/0x390
[  701.744403][    C1]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  701.750270][    C1]  ? kcov_ioctl+0x4c/0x730
[  701.754655][    C1]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  701.760956][    C1]  ? hook_file_ioctl_common+0x145/0x410
[  701.766478][    C1]  ? kcov_ioctl+0x4c/0x730
[  701.770871][    C1]  vmalloc_user_noprof+0x9e/0xe0
[  701.775781][    C1]  ? kcov_ioctl+0x4c/0x730
[  701.780164][    C1]  kcov_ioctl+0x4c/0x730
[  701.784375][    C1]  ? __pfx_kcov_ioctl+0x10/0x10
[  701.789193][    C1]  __x64_sys_ioctl+0x18b/0x210
[  701.793929][    C1]  do_syscall_64+0xcd/0x4c0
[  701.798405][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.804267][    C1] RIP: 0033:0x7fe23258e76b
[  701.808650][    C1] RSP: 002b:00007ffe7bdb49a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  701.817034][    C1] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007fe23258e76b
[  701.824974][    C1] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000da
[  701.832913][    C1] RBP: 00007fe2327b61f8 R08: 00000000000000d9 R09: 0000000000000000
[  701.840855][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  701.848794][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  701.856739][    C1]  </TASK>
[  701.859738][    C1] task:syz-executor    state:R  running task     stack:25512 pid:12047 tgid:12047 ppid:5830   task_flags:0x400000 flags:0x00004002
[  701.873173][    C1] Call Trace:
[  701.876424][    C1]  <TASK>
[  701.879326][    C1]  __schedule+0x1190/0x5de0
[  701.883801][    C1]  ? kernel_text_address+0x8d/0x100
[  701.888977][    C1]  ? __pfx___schedule+0x10/0x10
[  701.893800][    C1]  ? __lock_acquire+0x62e/0x1ce0
[  701.898722][    C1]  preempt_schedule_irq+0x51/0x90
[  701.903718][    C1]  irqentry_exit+0x36/0x90
[  701.908105][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  701.914056][    C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20
[  701.920788][    C1] Code: bf 03 00 00 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00
[  701.940368][    C1] RSP: 0018:ffffc9000380f7d0 EFLAGS: 00000246
[  701.946424][    C1] RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffffffff822da0b6
[  701.954381][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  701.962350][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1003ba6eed
[  701.970307][    C1] R10: ffff88801dd3776f R11: 0000000000000000 R12: ffff88801dd37720
[  701.978263][    C1] R13: ffff88801dd3776c R14: 0000000000000000 R15: dffffc0000000000
[  701.986226][    C1]  ? __page_table_check_zero+0x2a6/0x5d0
[  701.991853][    C1]  __page_table_check_zero+0x2a6/0x5d0
[  701.997303][    C1]  ? __pfx___page_table_check_zero+0x10/0x10
[  702.003272][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  702.008468][    C1]  post_alloc_hook+0x1af/0x230
[  702.013233][    C1]  get_page_from_freelist+0x132b/0x38e0
[  702.018773][    C1]  ? prepare_alloc_pages+0x3c2/0x610
[  702.024047][    C1]  ? rcu_is_watching+0x12/0xc0
[  702.028802][    C1]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  702.034684][    C1]  ? __pfx_vmap_small_pages_range_noflush+0x10/0x10
[  702.041266][    C1]  ? alloc_pages_bulk_noprof+0xa67/0x1410
[  702.046972][    C1]  ? __vmap_pages_range_noflush+0x1d0/0x230
[  702.052858][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  702.059175][    C1]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  702.065137][    C1]  ? __vmalloc_node_range_noprof+0xf8c/0x14b0
[  702.071203][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  702.077089][    C1]  ? policy_nodemask+0xea/0x4e0
[  702.081939][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  702.087838][    C1]  ? policy_nodemask+0xea/0x4e0
[  702.092684][    C1]  alloc_pages_mpol+0x1fb/0x550
[  702.097529][    C1]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  702.102901][    C1]  alloc_pages_noprof+0x131/0x390
[  702.107919][    C1]  __vmalloc_node_range_noprof+0x72f/0x14b0
[  702.113823][    C1]  ? kcov_ioctl+0x4c/0x730
[  702.118241][    C1]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  702.124564][    C1]  ? hook_file_ioctl_common+0x145/0x410
[  702.130106][    C1]  ? kcov_ioctl+0x4c/0x730
[  702.134508][    C1]  vmalloc_user_noprof+0x9e/0xe0
[  702.139435][    C1]  ? kcov_ioctl+0x4c/0x730
[  702.143839][    C1]  kcov_ioctl+0x4c/0x730
[  702.148068][    C1]  ? __pfx_kcov_ioctl+0x10/0x10
[  702.152909][    C1]  __x64_sys_ioctl+0x18b/0x210
[  702.157683][    C1]  do_syscall_64+0xcd/0x4c0
[  702.162182][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.168062][    C1] RIP: 0033:0x7f7c1f98e76b
[  702.172464][    C1] RSP: 002b:00007ffe840af3a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  702.180867][    C1] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f7c1f98e76b
[  702.188825][    C1] RDX: 0000000000100000 RSI: ffffffff80086301 RDI: 00000000000000d7
[  702.196779][    C1] RBP: 00007f7c1fbb5f40 R08: 00000000000000da R09: 0000000000000000
[  702.204733][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  702.212687][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  702.220654][    C1]  </TASK>
[  702.223659][    C1] rcu: rcu_preempt kthread starved for 9635 jiffies! g44109 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  702.234745][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  702.244694][    C1] rcu: RCU grace-period kthread stack dump:
[  702.250561][    C1] task:rcu_preempt     state:R  running task     stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  702.264038][    C1] Call Trace:
[  702.267302][    C1]  <TASK>
[  702.270221][    C1]  __schedule+0x1190/0x5de0
[  702.274735][    C1]  ? __pfx___schedule+0x10/0x10
[  702.279582][    C1]  ? find_held_lock+0x2b/0x80
[  702.284248][    C1]  ? schedule+0x2d7/0x3a0
[  702.288572][    C1]  schedule+0xe7/0x3a0
[  702.292630][    C1]  schedule_timeout+0x123/0x290
[  702.297467][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  702.302829][    C1]  ? __pfx_process_timeout+0x10/0x10
[  702.308107][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  702.313904][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  702.319361][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  702.324124][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  702.329409][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  702.334607][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  702.339538][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  702.344386][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  702.350190][    C1]  rcu_gp_kthread+0x270/0x380
[  702.354859][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  702.360055][    C1]  ? rcu_is_watching+0x12/0xc0
[  702.364816][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  702.370017][    C1]  ? __kthread_parkme+0x19e/0x250
[  702.375052][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  702.380246][    C1]  kthread+0x3c5/0x780
[  702.384308][    C1]  ? __pfx_kthread+0x10/0x10
[  702.388889][    C1]  ? rcu_is_watching+0x12/0xc0
[  702.393648][    C1]  ? __pfx_kthread+0x10/0x10
[  702.398234][    C1]  ret_from_fork+0x5d7/0x6f0
[  702.402815][    C1]  ? __pfx_kthread+0x10/0x10
[  702.407390][    C1]  ret_from_fork_asm+0x1a/0x30
[  702.412154][    C1]  </TASK>
[  702.415157][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  702.421458][    C1] Sending NMI from CPU 1 to CPUs 0:
[  702.426644][    C0] NMI backtrace for cpu 0
[  702.426656][    C0] CPU: 0 UID: 0 PID: 12008 Comm: syz.1.1461 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full) 
[  702.426672][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  702.426680][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[  702.426696][    C0] Code: e9 0d 40 5b 00 be 03 00 00 00 5b e9 82 f1 26 03 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 <65> 48 8b 15 88 f7 19 12 65 8b 05 99 f7 19 12 a9 00 01 ff 00 74 1d
[  702.426708][    C0] RSP: 0018:ffffc90000007cd8 EFLAGS: 00000002
[  702.426720][    C0] RAX: 0000000000000001 RBX: ffff888079e30000 RCX: ffffffff817e75e2
[  702.426731][    C0] RDX: ffff888079e30000 RSI: ffffffff817e72e3 RDI: 0000000000000005
[  702.426740][    C0] RBP: ffff888079e30000 R08: 0000000000000005 R09: 0000000000000000
[  702.426748][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888079e30920
[  702.426756][    C0] R13: 0000000000000020 R14: 0000000000000021 R15: ffff888026b9f2c0
[  702.426765][    C0] FS:  00007f18683f66c0(0000) GS:ffff8881246c8000(0000) knlGS:0000000000000000
[  702.426779][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  702.426788][    C0] CR2: 00007fa6d752e856 CR3: 000000004edd5000 CR4: 00000000003526f0
[  702.426797][    C0] Call Trace:
[  702.426802][    C0]  <IRQ>
[  702.426806][    C0]  complete_signal+0x3d3/0xc50
[  702.426821][    C0]  ? posixtimer_queue_sigqueue+0x1f0/0x2f0
[  702.426836][    C0]  posixtimer_send_sigqueue+0x415/0x1060
[  702.426851][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  702.426865][    C0]  ? __pfx_posixtimer_send_sigqueue+0x10/0x10
[  702.426882][    C0]  ? __pfx_posix_timer_fn+0x10/0x10
[  702.426894][    C0]  posix_timer_queue_signal+0x106/0x170
[  702.426906][    C0]  posix_timer_fn+0x3a/0x80
[  702.426918][    C0]  __hrtimer_run_queues+0x1ff/0xad0
[  702.426936][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  702.426950][    C0]  ? read_tsc+0x9/0x20
[  702.426968][    C0]  hrtimer_interrupt+0x397/0x8e0
[  702.426992][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x3f0
[  702.427008][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  702.427026][    C0]  </IRQ>
[  702.427031][    C0]  <TASK>
[  702.427036][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  702.427050][    C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  702.427068][    C0] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 fa a1 02 f6 48 89 df e8 e2 f5 02 f6 e8 dd 47 2e f6 fb bf 01 00 00 00 <e8> f2 f2 f2 f5 65 8b 05 9b 61 40 08 85 c0 74 06 5b e9 41 4d 00 00
[  702.427079][    C0] RSP: 0018:ffffc9000409fcd8 EFLAGS: 00000206
[  702.427089][    C0] RAX: 0000000008f43b63 RBX: ffff888035a6ca00 RCX: ffffffff81c3655f
[  702.427098][    C0] RDX: 0000000000000000 RSI: ffffffff8de4c8a5 RDI: 0000000000000001
[  702.427106][    C0] RBP: ffff888035a6ce00 R08: 0000000000000001 R09: 0000000000000001
[  702.427115][    C0] R10: ffffffff90aad197 R11: 0000000000000000 R12: 0000000000000000
[  702.427123][    C0] R13: 0000000000000021 R14: 0000000000000400 R15: ffff888035a6ca00
[  702.427135][    C0]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  702.427154][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  702.427169][    C0]  get_signal+0x1e6c/0x26d0
[  702.427190][    C0]  ? __pfx_get_signal+0x10/0x10
[  702.427210][    C0]  arch_do_signal_or_restart+0x8f/0x7d0
[  702.427226][    C0]  ? __pfx_restore_altstack+0x10/0x10
[  702.427245][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  702.427261][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  702.427279][    C0]  ? __do_sys_rt_sigreturn+0x16b/0x230
[  702.427295][    C0]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  702.427315][    C0]  exit_to_user_mode_loop+0x84/0x110
[  702.427329][    C0]  do_syscall_64+0x3f6/0x4c0
[  702.427347][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.427361][    C0] RIP: 0033:0x7f186758eb67
[  702.427371][    C0] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  702.427383][    C0] RSP: 002b:00007f18683f6038 EFLAGS: 00000246
[  702.427393][    C0] RAX: 00000000000000ca RBX: 00007f18677b5fa0 RCX: 00007f186758eb69
[  702.427401][    C0] RDX: 00000000ffffffff RSI: 0000000000000006 RDI: 000020000000cffc
[  702.427410][    C0] RBP: 00007f1867611df1 R08: 0000000000000000 R09: 0000000000000000
[  702.427418][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  702.427426][    C0] R13: 0000000000000000 R14: 00007f18677b5fa0 R15: 00007ffdba75ad38
[  702.427440][    C0]  </TASK>