last executing test programs:

8m3.662989528s ago: executing program 3 (id=284):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x2c)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[])
syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/4\x00')
r3 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x2713, 0x0, &(0x7f0000000040))
sendto$inet(r2, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)

7m52.880028969s ago: executing program 3 (id=296):
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0)

7m51.539845647s ago: executing program 3 (id=297):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="d2666f890840c9f216b7151febbdbab9ec73ff841ec70e07ad88216c07c4029048830c567982c0dfca21bf08f23b3fa0552787e7008c36fa4f0a7a8408e2e6b32ec1dcad5ff8835f1bacab088cd1483e0eb4b6c28f27f985058ac8fd7ce8e56e16c2f1ae46223718937400cc9d9221bd41b9f17d6dda334178f46f6f56ed41c056a77698efd426faad55aedbc6186a0c06171d58abb00814dfeee1ef25b9f776836d560d766384bb05f7800ef31e70747c38b160bd890b96eababc7d49b835857d257f1d7779e6b74ca91af425", 0xcd}], 0x1, &(0x7f0000000d80)=ANY=[@ANYBLOB="14000000000000000000000001000000010100000000000014000000000000000000000001000000fcffffff00000000110000000000000000000000010000000800000000000000a80000000000000000000000070000004410eb40000080000000000300000f008608ffffffff0502892b690000000000000000ffffffff0a010101ac1414aa00000000ffffffffe0000002e0000002e0000001864200000002020d7d49b649ccd9e95576c168020db90b48dc0ace0ae9f959fe05075a6712e3130504cfe50203a60202070b0e7c827af84bdec6eb010799c341b94d004411045b1b3ad45880494b05a08f172347001400000000000000000000000100000001000000000000001401000000000000000000000500000000000000141417e00000026401010100000000ac1414aa071332ac1414bbac14140c0a0101000a010102071fb5640101000a0101017f000001ac1414aaac1e0101e0000001ac14140a4444ec330000000400000008e000f50000000007ac1414bb000000090a010100000000090a010100000000deac1414350000010064010101000000070a0101000000000c4434af73ac14141e00000002e000000200000a606401010200120000ac1e010100000200ac1414aa00000000ffffffff000009f9892b36e00000010a010100ffffffffac14143aac141414ac1414aae0000001ac1e0001ac1414aa640101024408428000000008860fcf81cef532cd94a37662374c3c010000000014000000000000000000000001000000040000000000000014"], 0x250}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000003c0)="b7d47958ee3215ec365e027fdafbed4cba838c44051eecf761647e348236a9048d4282dfae316c8230a50dfdc98b4264d443a528bea068", 0x37}, {&(0x7f0000000900)="38d740de59108433f945e27348d5e81867975554f11e5c501d9c447c03929d87da966ca257f01d3a17e31fea6c825d6b3cfdefcd26cd3a1f2f8db54b93374f751cb9dc7050a1ff3ec4e885703fc659bac9f8efd2ba6d971a86d1e5fc0a129a30f9a1965ca3d0ee08dd0caa0d5af70e7a907b23319f53fc41733d75b6cc1ad5951c1a8e6962b15f18f7d9b913bdd90896ca", 0x91}, {&(0x7f0000000a40)="a44cf94128b2740f69a54b157f3b00a8f86b5587eb6de827f9fc5978179c521d00c7b29c1934930e933a974e7981f56f18b36e995c43d99c106c46a74f60e87886ea362f22b9bd13c5c89fb1c0dd8a38360ee6f5c4e54e9425d6fc395e3f5be7aa26a51b93863a606984e699689e1b796891de", 0x73}], 0x3}}], 0x2, 0x4000000)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1c", 0x18}, {&(0x7f0000000640)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e9465", 0xf4}], 0x2}}], 0x1, 0x40408e0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

7m49.994313398s ago: executing program 3 (id=300):
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa8f94000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r4=>0x0], &(0x7f0000000180)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r4, r5], 0x2})

7m48.303254873s ago: executing program 3 (id=304):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
syz_80211_inject_frame(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="50000000080211000000000000000000000000640001000006020202020252190182b1fd396d09d6291e5b5bd1d7dadd4533b56736dca927fc4cf337460800000000000000e7469b285f429f897fea47e848b0f257d0061d77fd36410b7b3f6495a93378a8b16b081998f848b3d6acd4"], 0x2f)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x30, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xefffffff]}]}]}, 0x30}}, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='hfs\x00', 0x28880, 0x0)

7m45.008221028s ago: executing program 3 (id=309):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x300)
write(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000000000000000002000000010102fe80"], 0x0)

7m28.159869342s ago: executing program 32 (id=309):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x300)
write(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6c2d01000019840100000000000000000002000000010102fe80"], 0x0)

6m45.181006455s ago: executing program 2 (id=409):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000280)={0x2, 0x4, 0xca, 0x6})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f00000001c0), 0x80081, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030400000000008500000083000000bf09000000000000550901", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m44.051455178s ago: executing program 2 (id=412):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000003c0)}, {&(0x7f0000000900)="38d740de59108433f945e27348d5e81867975554f11e5c501d9c447c03929d87da966ca257f01d3a17e31fea6c825d6b3cfdefcd26cd3a1f2f8db54b93374f751cb9dc7050a1ff3ec4e885703fc659bac9f8efd2ba6d971a86d1e5fc0a129a30f9a1965ca3d0ee08dd0caa0d5af70e7a907b23319f53fc41733d75b6cc1ad5951c1a8e6962b15f18f7", 0x89}, {&(0x7f0000000a40)="a44cf94128b2740f69a54b157f3b00a8f86b5587eb6de827f9fc5978179c521d00c7b29c1934930e933a974e7981f56f18b36e995c43d99c106c46a74f60e87886ea362f22b9bd13c5c89fb1c0dd8a38360ee6f5c4e54e9425d6fc395e3f5be7aa26a51b", 0x64}], 0x3}}], 0x1, 0x4000000)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1c", 0x18}, {&(0x7f0000000640)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e349359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb0491121eec3e05eacbe7835e79e74881d1179013622a2a6421d51c974e6abd48a9882c8fcadbcee369346a9ad948fd5dd8f87496a30a9d888cdbcee8f3592dd69165358c4cd474639fc13300317b7fed115fb9818b20d177a39157101dbd8e23bc9ed32efed96c410a103d35336fb4ee4000bfb3d32b0181ff3d726a7dc6432a336a42b50b2c6877cb63b410d746b35fc721e5992ba47c3a2bc2d3679abe0794d226b7b0c333c3000fee7adaafb6efd57382eb2a86d71acaae52a154477a5b66757a886f4ad5446607520c17fb81ede0473cd897a34c7c9f41b66026", 0x248}, {&(0x7f0000000300)="2e0fd87d8d84b93c7803a87df5acd511ee50b0a0d0d9e3fc8345", 0x1a}], 0x3}}], 0x1, 0x40408e0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

6m43.746631137s ago: executing program 2 (id=413):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f00000001c0), 0x80081, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x1e, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030400000000008500000083000000bf09000000000000550901", @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m42.258199683s ago: executing program 2 (id=417):
syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r0, 0x0, 0x4000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0})

6m40.5474269s ago: executing program 2 (id=418):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = msgget$private(0x0, 0x3ac)
msgrcv(r1, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000)
msgsnd(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0200"], 0x95, 0x800)

6m40.054733115s ago: executing program 2 (id=421):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b40)=@delchain={0x10c, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xc8, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xa8, 0x1, [@m_skbmod={0xa4, 0xa, 0x0, 0x0, {{0xb}, {0x78, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x80}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x3, 0x1, 0x1, 0x7}, 0x6}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x0, 0x0, 0x4, 0x5}, 0x4}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0x10000, 0x7, 0x8, 0x16}, 0xd}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x5, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}]}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r1, 0xc01864ba, &(0x7f0000000300)={0x9, 0x0, r2})
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x1d, 0x2, 0x6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0x800, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000000101010000000000000000000a0000020c00198008000200c10400002c00028014000180060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8010}, 0x20008040)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec77a000)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r7, &(0x7f0000000480)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB="911023000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)

6m24.975522248s ago: executing program 33 (id=421):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b40)=@delchain={0x10c, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x1}, {0x0, 0x1}, {0x0, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0xc8, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0xa8, 0x1, [@m_skbmod={0xa4, 0xa, 0x0, 0x0, {{0xb}, {0x78, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0x80}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x3, 0x1, 0x1, 0x7}, 0x6}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x0, 0x0, 0x4, 0x5}, 0x4}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0x10000, 0x7, 0x8, 0x16}, 0xd}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x5, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}]}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r1, 0xc01864ba, &(0x7f0000000300)={0x9, 0x0, r2})
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x1d, 0x2, 0x6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0x800, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000000101010000000000000000000a0000020c00198008000200c10400002c00028014000180060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8010}, 0x20008040)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec77a000)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r7, &(0x7f0000000480)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB="911023000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)

5m42.351083301s ago: executing program 1 (id=571):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000002c0)={&(0x7f0000000700)="86", 0x1, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r0, 0xc00464be, &(0x7f0000000300)={r1})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081)
setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000440)=[{0x1, 0x3, {0x0, 0x1, 0x4}, {0x1, 0x0, 0x4}, 0x0, 0xff}, {0x1, 0x6, {0x0, 0x0, 0x3}, {0x0, 0xff, 0x3}, 0xff, 0x2}], 0x40)
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newtfilter={0x24, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x74, r5, {0xb, 0xfff2}, {0xfff1, 0x9}, {0x2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x20000050)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x6c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = socket$inet6(0xa, 0x80803, 0x84)
getsockopt$inet6_int(r9, 0x29, 0x50, 0x0, 0x0)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'bridge_slave_0\x00'})
r10 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r10, 0x50009405, &(0x7f0000000180))

5m40.156721404s ago: executing program 1 (id=579):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/if_inet6\x00')
read$FUSE(r1, &(0x7f0000003940)={0x2020}, 0x2020)
preadv(r1, &(0x7f0000000840)=[{&(0x7f00000008c0)=""/93, 0x5d}], 0x1, 0x8, 0x5)
read$FUSE(r1, &(0x7f0000000940)={0x2020}, 0x2020)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="7235ab62"]}, @typed={0x8, 0x7, 0x0, 0x0, @fd=r2}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)

5m38.730562301s ago: executing program 1 (id=582):
r0 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, 0x0)

5m37.266153765s ago: executing program 1 (id=586):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="d2666f890840c9f216b7151febbdbab9ec73ff841ec70e07ad88216c07c4029048830c567982c0dfca21bf08f23b3fa0552787e7008c36fa4f0a7a8408e2e6b32ec1dcad5ff8835f1bacab088cd1483e0eb4b6c28f27f985058ac8fd7ce8e56e16c2f1ae462237", 0x67}], 0x1, &(0x7f0000000d80)=ANY=[@ANYBLOB="14000000000000000000000001000000010100000000000014000000000000000000000001000000fcffffff00000000110000000000000000000000010000000800000000000000a80000000000000000000000070000004410eb40000080000000000300000f008608ffffffff0502892b690000000000000000ffffffff0a010101ac1414aa00000000ffffffffe0000002e0000002e0000001864200000002020d7d49b649ccd9e95576c168020db90b48dc0ace0ae9f959fe05075a6712e3130504cfe50203a60202070b0e7c827af84bdec6eb010799c341b94d004411045b1b3ad45880494b05a08f172347001400000000000000000000000100000001000000000000001401000000000000000000000500000000000000141417e00000026401010100000000ac1414aa071332ac1414bbac14140c0a0101000a010102071fb5640101000a0101017f000001ac1414aaac1e0101e0000001ac14140a4444ec330000000400000008e000f50000000007ac1414bb000000090a010100000000090a010100000000deac1414350000010064010101000000070a0101000000000c4434af73ac14141e00000002e000000200000a606401010200120000ac1e010100000200ac1414aa00000000ffffffff000009f9892b36e00000010a010100ffffffffac14143aac141414ac1414aae0000001ac1e0001ac1414aa640101024408428000000008860fcf81cef532cd94a37662374c3c010000000014000000000000000000000001000000040000000000000014"], 0x250}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x2, 0x4000000)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

5m36.240088529s ago: executing program 1 (id=592):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0xfba}]}, 0x10)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000140), 0x0, 0x20000000)
sendmmsg$inet(r1, &(0x7f0000000100)=[{{&(0x7f00000004c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r1, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x4, 0x1fd, 0x2, 0x1c, 0x100, &(0x7f0000000440)="387ed7626d850509a2d6c1aa38f15cd0c234cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a750ecb3421143c5c4ded0f06affc524dcf3418272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284a3e90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def9122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a7e58b4f8c6a1c6b9b5ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78dd85b82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2b046c6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd600000013139929cefec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829ed0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1aa1ab704782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c413923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29a814bd8fed1ab6d2846c73345962895d289ac718aacac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})

5m35.782542858s ago: executing program 1 (id=596):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x8840, 0x0)
r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000500), &(0x7f0000000400), &(0x7f0000000280))
syz_io_uring_setup(0x1de5, &(0x7f0000000340)={0x0, 0xfffffffe, 0x10100, 0x0, 0x245, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000100))
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x500000a, 0x40010, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x10c, &(0x7f0000000000), 0x0, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f00000031c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f00000032c0)=ANY=[@ANYBLOB="020000000100030000000000040001000000000020"], 0x1c, 0x0)
pread64(r0, 0x0, 0x0, 0x7fffffff)
r3 = socket$inet(0x2, 0x3, 0x30)
setsockopt$inet_mreqn(r3, 0x0, 0x24, 0x0, 0x0)

5m20.398946741s ago: executing program 34 (id=596):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x8840, 0x0)
r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000500), &(0x7f0000000400), &(0x7f0000000280))
syz_io_uring_setup(0x1de5, &(0x7f0000000340)={0x0, 0xfffffffe, 0x10100, 0x0, 0x245, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000100))
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x500000a, 0x40010, r0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x10c, &(0x7f0000000000), 0x0, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f00000031c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f00000032c0)=ANY=[@ANYBLOB="020000000100030000000000040001000000000020"], 0x1c, 0x0)
pread64(r0, 0x0, 0x0, 0x7fffffff)
r3 = socket$inet(0x2, 0x3, 0x30)
setsockopt$inet_mreqn(r3, 0x0, 0x24, 0x0, 0x0)

1m33.835165506s ago: executing program 4 (id=1892):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24008094)
sendto$inet6(r1, &(0x7f00000018c0)='K', 0x1, 0x840, 0x0, 0x0)
write$tun(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001000000000000000000000000000033"], 0xfdef)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4000004, 0x20010, r2, 0x186dd000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="28010000100007000000000200000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bb24000900b40000"], 0x128}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=ANY=[@ANYBLOB="0c0100001a0007000000000000000000fe80000000000000000000000000001be0000002000000000000000000000000ffff2000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000300000000000003000000000000000200000000000000000000007ffffffe0000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a000200700000000000000014000e00ac1e000100000000000000000000000008001f0003000000"], 0x10c}}, 0x0)

1m33.49573095s ago: executing program 4 (id=1894):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e0000008500000005"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
msgrcv(0x0, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000)
msgsnd(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200"], 0x95, 0x800)

1m33.115327012s ago: executing program 4 (id=1896):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010000104000000000000c90000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008000300", @ANYRES32=0x0, @ANYBLOB="200012800800010067747000140002800800", @ANYRES32=r1], 0x48}}, 0x0) (fail_nth: 2)

1m32.279515539s ago: executing program 4 (id=1900):
syz_open_dev$sg(0x0, 0x0, 0x401)
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r2 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
ioctl$CEC_S_MODE(r2, 0x40046109, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$sg(&(0x7f0000000280), 0x5dc, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
syz_open_dev$vim2m(0x0, 0x8, 0x2)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x300, 0x0, 0xff, 0x9, 0x0, 0x6}, 0x20)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x2008c804)
sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40887}, 0x80)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1300, 0x2, 0x1, 0x6, 0x6, 0xb72f}, 0x20)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x2f}, 0x40})

1m32.055138262s ago: executing program 4 (id=1901):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r1, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)

1m31.093376778s ago: executing program 4 (id=1902):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/stat\x00')
getdents64(r0, 0xffffffffffffffff, 0x43)

1m16.016708184s ago: executing program 7 (id=1940):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe8000e8a200000000000000000000bbfc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff070000002abd7000043500000a0001002000000000000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$unix(r7, &(0x7f0000002d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002cc0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}], 0x20, 0x40}, 0x20000800)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r8, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r8, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(r0, 0x0, 0x1)
userfaultfd(0x801)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)

1m14.361381816s ago: executing program 7 (id=1943):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
setreuid(0x0, 0xee00)
request_key(&(0x7f0000000440)='rxrpc_s\x00', &(0x7f0000000480)={'syz', 0x3}, 0x0, 0xffffffffffffffff)

1m13.383790226s ago: executing program 7 (id=1946):
r0 = io_uring_setup(0x529f, &(0x7f0000000000)={0x0, 0x8f67, 0x8a02, 0x0, 0x34b})
r1 = socket$can_raw(0x1d, 0x3, 0x1)
accept(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000100)=0x80)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x32)
r4 = syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x602)
r5 = syz_open_dev$mouse(&(0x7f0000000180), 0x10000, 0x400)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/tcp_recovery\x00', 0x1, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f0000000280)={0xbb, 0x0, &(0x7f0000000240)=[0xffffffffffffffff, r1, r2, r3, r4, r5, r6, r7, r8]}, 0x9)
ioprio_get$uid(0x0, 0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000002c0)={0x4, 0x0, [{0x955, 0x0, 0x10}, {0x999, 0x0, 0xe0}, {0x95e, 0x0, 0x9}, {0x342, 0x0, 0x1}]})
ioctl$VIDIOC_STREAMON(r5, 0x40045612, &(0x7f0000000340)=0x6)
ioctl$VT_RELDISP(r5, 0x5605)
sendmsg$AUDIT_SET(r2, &(0x7f0000000440)={&(0x7f0000000380), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, 0x3e9, 0x0, 0x70bd27, 0x25dfdbfd, {0x10, 0x1, 0x0, 0x0, 0x5, 0x5, 0xd54, 0x9, 0x0, 0x7fff, 0x9}, ["", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x4048000)
accept$unix(r2, &(0x7f0000000480)=@abs, &(0x7f0000000500)=0x6e)
r9 = accept$ax25(r2, &(0x7f0000000540)={{0x3, @bcast}, [@default, @bcast, @bcast, @bcast, @rose, @remote, @netrom, @netrom]}, &(0x7f00000005c0)=0x48)
ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000000600)=<r10=>0x0)
ioctl$SIOCAX25ADDUID(r9, 0x89e1, &(0x7f0000000640)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, r10})
r11 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0)
cachestat(r11, &(0x7f00000006c0)={0x6665, 0x6}, &(0x7f0000000700), 0x0)
clock_gettime(0x5, &(0x7f0000000740))
r12 = bpf$ITER_CREATE(0x21, &(0x7f0000000780)={r7}, 0x8)
sendto$x25(r12, &(0x7f00000007c0)="4b78af6da5147c0461b370c51660640da0bbf751c49c546bbcbd951334a00c4654d4de39a9521a68abf74f325439c41756ad6c50d59d75f19bdfcdf4162d1972ea6e1a00966d90bfa0325e6d559acb39e27a8fe109acd3debd8a8efa26923f5982892cb528a30e21fd0a18b5a9045cb1dc641cc045945b6bd674618c6497abcc3d67cef606cfcdb2710df2be8ddefd9d14d7f7d2677f0b6651525082031955d03842df9446c692cd30f83f2f6c0e154c06a4", 0xb2, 0x800, &(0x7f0000000880)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x12)
syz_genetlink_get_family_id$devlink(&(0x7f00000008c0), r2)
r13 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000900), 0x10000, 0x0)
setxattr$smack_xattr_label(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='security.SMACK64\x00', &(0x7f00000009c0)={'/dev/vcs\x00'}, 0xa, 0x3)
r14 = syz_init_net_socket$ax25(0x3, 0x2, 0x3)
ioctl$SIOCAX25OPTRT(r14, 0x89e7, &(0x7f0000000a00)={@null, @bcast, 0x2, 0x56})
fcntl$setsig(r13, 0xa, 0x8)

1m8.887118753s ago: executing program 7 (id=1949):
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r1, 0x104, 0x5, &(0x7f0000000000)=0x5cb5577c, 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000380)="ebe3a0e961837b796cfd1647e2080000000000000080b3720022205e81f4a7f71c197baae1efd7e8004a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000006c0)="e8710e444d50a969ff678371e3214aeee71dee3819271482a4975a52c18b9b8b4db3945d1032005eabe97b4dc33a47d3a158da98255ccdd4c15eb6c9857345444d8456d30026b433a2efdd5b00186f35cdcdb93a4722bf356a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e8927d2a8103ef2f4b93766b756b66f74f46cf801704d27a8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511ce678c0bb8e26d7b48241847bf9e343ef4e55d45e2a0000000000000000000", 0xfffffe7f}, {&(0x7f0000000400)="04c6a9c756754e10ed8d88c06d7a674db97cd0e21437530a3945ac896fa7f8e368f87de990e40a896805e49ce1e13103d82fffe82237f587e63d95e01ef451eaba2dd01c56e7f23c1fcccbea54dae8e295f2e533e4a34175026a9964eebc1aaae05e44a19a27bee2f591abe2f456448754670a7c3e2e4b47a71bc7"}, {&(0x7f0000000300)}], 0x3}], 0x1, 0x40800)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x0)

1m8.56016531s ago: executing program 7 (id=1952):
socket(0x2, 0x3, 0xff) (async)
r0 = socket(0x2, 0x3, 0xff)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='macvlan1\x00', 0x10) (async)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000)=0x3, &(0x7f0000000040)=0x1) (async)
syz_emit_ethernet(0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="a94fdfd02d25a73c8726298a0800452d0028006700000504000000000000001414bb0e00907a0005db760000000100d8cfb700000c00"], 0x0)

1m8.215148554s ago: executing program 7 (id=1953):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="350400e33f000511d25a80648c63940d0324fc60040035400c000200020000203715040180060410000204000000", 0x2e}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871bdc6598fd32edcba60c675a1e8f4e81e83f73414c179bfb7f329d71fe6e291fb2eaa59b9636cb6a74d0deb46a18c77f37abf0894a7083e0e4c237ff7c24872668ac40e307569a975b2765af8d3268d11b473d5d7544edd1ed0e507c319e128daf7e75c349c9b3de603580d52a6c118acf924216130364bfab8d59969e4dbee0a9208adb7bfa855556be06a666334a0612e4ff3fc6f4ddb9a0c209301081f34824496480d688ae9bd0c3c28ea8ecfe01a2b86dcb3750686a89891d9abf0d584c854b4bc6096293fbc8707312f424996361ef9261ef3ba7cd2ddffb0e3c81e6b962d680e02f7a672dc2643cc24ad64d86fb4780827ca784a8af3376c2567bfde74dc50e16c81b71450af026459e2c37d94b8461b56ff944edc1a8cd93d0258fcc2f094615c152be66884103af11ff46315cdc9f", 0x407}], 0x10f8}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000000000004000000000000000001000085000000000000000001"], 0x0, 0x3e, 0x0, 0x8}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000006000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000380)={0x0, 0xff23, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)

53.070575139s ago: executing program 35 (id=1953):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="350400e33f000511d25a80648c63940d0324fc60040035400c000200020000203715040180060410000204000000", 0x2e}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871bdc6598fd32edcba60c675a1e8f4e81e83f73414c179bfb7f329d71fe6e291fb2eaa59b9636cb6a74d0deb46a18c77f37abf0894a7083e0e4c237ff7c24872668ac40e307569a975b2765af8d3268d11b473d5d7544edd1ed0e507c319e128daf7e75c349c9b3de603580d52a6c118acf924216130364bfab8d59969e4dbee0a9208adb7bfa855556be06a666334a0612e4ff3fc6f4ddb9a0c209301081f34824496480d688ae9bd0c3c28ea8ecfe01a2b86dcb3750686a89891d9abf0d584c854b4bc6096293fbc8707312f424996361ef9261ef3ba7cd2ddffb0e3c81e6b962d680e02f7a672dc2643cc24ad64d86fb4780827ca784a8af3376c2567bfde74dc50e16c81b71450af026459e2c37d94b8461b56ff944edc1a8cd93d0258fcc2f094615c152be66884103af11ff46315cdc9f", 0x407}], 0x10f8}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000000000004000000000000000001000085000000000000000001"], 0x0, 0x3e, 0x0, 0x8}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x18, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000180100002020702500000000002020207b1af8ff00000000bfa10000000000000701000078ffffffb702000008000000b7030000000800008500000006000000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000380)={0x0, 0xff23, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)

19.339521711s ago: executing program 5 (id=2025):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

18.410009058s ago: executing program 5 (id=2027):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = msgget$private(0x0, 0x3ac)
msgrcv(r2, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000)
msgsnd(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="0200"], 0x95, 0x800)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={0x0, r0, 0x0, 0xfffffffffffffffc}, 0x18)
flock(0xffffffffffffffff, 0x5)

18.102785151s ago: executing program 5 (id=2030):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="d2666f890840c9f216b7151febbdbab9ec73ff841ec70e07ad88216c07c4029048830c567982c0dfca21bf08f23b3fa0552787e7008c36fa4f0a7a8408e2e6b32ec1dcad5ff8835f1bacab088cd1483e0eb4b6c28f27f985058ac8fd7ce8e56e16c2f1ae46223718937400cc9d9221bd41b9f17d6dda334178f46f6f56ed41c056a77698efd426faad55aedbc6186a0c06171d58abb00814dfeee1ef25b9f776836d560d766384bb05f7800ef31e70747c38b160bd890b96eababc7d49b835857d257f1d7779e6b74ca91af425", 0xcd}], 0x1, &(0x7f0000000d80)=ANY=[@ANYBLOB="14000000000000000000000001000000010100000000000014000000000000000000000001000000fcffffff00000000110000000000000000000000010000000800000000000000a80000000000000000000000070000004410eb40000080000000000300000f008608ffffffff0502892b690000000000000000ffffffff0a010101ac1414aa00000000ffffffffe0000002e0000002e0000001864200000002020d7d49b649ccd9e95576c168020db90b48dc0ace0ae9f959fe05075a6712e3130504cfe50203a60202070b0e7c827af84bdec6eb010799c341b94d004411045b1b3ad45880494b05a08f172347001400000000000000000000000100000001000000000000001401000000000000000000000500000000000000141417e00000026401010100000000ac1414aa071332ac1414bbac14140c0a0101000a010102071fb5640101000a0101017f000001ac1414aaac1e0101e0000001ac14140a4444ec330000000400000008e000f50000000007ac1414bb000000090a010100000000090a010100000000deac1414350000010064010101000000070a0101000000000c4434af73ac14141e00000002e000000200000a606401010200120000ac1e010100000200ac1414aa00000000ffffffff000009f9892b36e00000010a010100ffffffffac14143aac141414ac1414aae0000001ac1e0001ac1414aa640101024408428000000008860fcf81cef532cd94a37662374c3c010000000014000000000000000000000001000000040000000000000014"], 0x250}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000003c0)="b7d47958ee3215ec365e027fdafbed4cba838c44051eecf761647e34", 0x1c}, {&(0x7f0000000900)="38d740de59108433f945e27348d5e81867975554f11e5c501d9c447c03929d87da966ca257f01d3a17e31fea6c825d6b3cfdefcd26cd3a1f2f8db54b93374f751cb9dc7050a1ff3ec4e885703fc659bac9f8efd2ba6d971a86d1e5fc0a129a30f9a1965ca3d0ee08dd0caa0d5af70e7a907b23319f53fc41733d75b6cc1ad5951c1a8e6962b15f18f7d9b913bdd90896ca", 0x91}, {&(0x7f0000000a40)="a44cf94128b2740f69a54b157f3b00a8f86b5587eb6de827f9fc5978179c521d00c7b29c1934930e933a974e7981f56f18b36e995c43d99c106c46a74f60e87886ea362f22b9bd13c5c89fb1c0dd8a38360ee6f5c4e54e9425d6fc395e3f5be7aa26a51b93863a606984e699689e1b796891de", 0x73}], 0x3}}], 0x2, 0x4000000)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1c", 0x18}, {&(0x7f0000000640)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e349359fad715b3f5cef6e", 0x14e}], 0x2}}], 0x1, 0x40408e0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

17.356022404s ago: executing program 5 (id=2033):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, 0x0, 0x0)
r4 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000884000/0x1000)=nil)
shmctl$IPC_RMID(r4, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x10)
getpid()
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0xba74f8f2e54501b3)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000028c0)={0x0, 0x8, 0x3ff}, 0x8)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="63eced8e1d14000000ffffffec71", 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048000}, 0x44450)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a0001006d6174636800000040000280080002400000000124000300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d5324520e000100636f6e6e6c696d69740000000900010073797a30000000000900020073797a32"], 0xa8}}, 0x4048010)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getsockname$tipc(r5, 0x0, 0x0)

14.88785351s ago: executing program 5 (id=2035):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x54, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x208}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast1}]}}}]}, 0x54}}, 0x0)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x5)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000180)=0x7fffffff, 0x4)
r2 = timerfd_create(0x9, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x1000, @empty}, 0x1c)
pread64(0xffffffffffffffff, &(0x7f0000002ec0)=""/261, 0x105, 0x6)
timerfd_settime(r2, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
timerfd_settime(r2, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
io_setup(0x4, &(0x7f00000014c0))

9.465146011s ago: executing program 5 (id=2045):
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})

8.190657473s ago: executing program 0 (id=2050):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x54, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x208}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x30}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast1}]}}}]}, 0x54}}, 0x0)
fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000040)=0x5)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000180)=0x7fffffff, 0x4)
r2 = timerfd_create(0x9, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e23, 0x1000, @empty}, 0x1c)
pread64(0xffffffffffffffff, &(0x7f0000002ec0)=""/261, 0x105, 0x6)
timerfd_settime(r2, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1404200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
timerfd_settime(r2, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
io_setup(0x4, &(0x7f00000014c0)=<r5=>0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00')
io_submit(r5, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, r6, 0x0}])
mount$cgroup2(0x0, &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x1ac1026, 0x0)
read(r2, &(0x7f0000000100)=""/163, 0xa3)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0)

8.085991098s ago: executing program 6 (id=2051):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x800)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80200300}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c00000004060500000000c8ffffff00070000010900020073797a31000000000900020073797a3000000000157bd1257967f03323ecb6f2de1716fd15fca36ca7946aa3a69280"], 0x2c}}, 0x6080)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0xeffb, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000280), 0x101000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
gettid()
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req={0x44, 0xfffffffb, 0x1, 0x2e1}, 0x10)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x400)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x4000002, 0x2})
close(r2)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
getsockopt(r3, 0x3, 0x643, 0x0, 0x0)

5.202853344s ago: executing program 6 (id=2052):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0)

4.986528582s ago: executing program 0 (id=2053):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, 0x0, 0x0)
r4 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000884000/0x1000)=nil)
shmctl$IPC_RMID(r4, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x10)
getpid()
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0xba74f8f2e54501b3)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000028c0)={0x0, 0x8, 0x3ff}, 0x8)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="63eced8e1d14000000ffffffec71", 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a0001006d6174636800000040000280080002400000000124000300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d5324520e000100636f6e6e6c696d69740000000900010073797a30000000000900020073797a32"], 0xa8}}, 0x4048010)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getsockname$tipc(r6, 0x0, 0x0)

4.810556148s ago: executing program 6 (id=2054):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x1, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_sa={0x2, 0x1, 0x4d5, 0x0, 0x0, 0x8, 0x3, 0x40000001}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x60}, 0x1, 0x7}, 0x4000)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000021000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, 0x0}], 0x1, 0x4e, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0x18c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfffffff1, 0x4b}}}}, [@NL80211_ATTR_REKEY_DATA={0xb4, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xf2c}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="c8a665291ea001b688f0b37eff3da430ffae576170a66209"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="ed7b1ed418e88924b691667154ce675c85854d8f40481868"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "8258c978a8e98fb8"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="3f828486f9944ad5301240c8aa3d287bfe204b63574fea490a44db6e0e0bb429"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="7fc34baf6c233e3e649c127aa713c9a0"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="e314349d5529129429dd4997b9b6c1a23c0590f8a73e6a8f77ce904ac794ce07"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="77adabd149d8770b3886fd4daa517a8d"}]}, @NL80211_ATTR_REKEY_DATA={0x88, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="4d4d4db1af5f892dce67b89a76487b8ac5b0963a3162b937"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="ec845f07a1e90e50f2e86864bab7da82"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="9fe910a90a24de7c376540e278aeafea81a0542a4e5a35ca"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="daf9e4866f54dec2e3efcc4946409ee37472303bbd6d49408e37653220d10015"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="7039ea761110dbc83fd932d9fb654a9b"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="235b74989ab51f720297545c588b27bd"}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4080)
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)={0x34, 0x0, 0x201, 0x70bd29, 0x25dffbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x40)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.867291858s ago: executing program 6 (id=2055):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
sendto$inet6(r1, &(0x7f00000018c0)='K', 0x1, 0x840, 0x0, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0xfdef)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4000004, 0x20010, r2, 0x186dd000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="28010000100007000000000200000000ff020000000000000000000000000001e00000020000000000000000000000004e200000000000000000000002000000", @ANYRES32, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000000000000000000000000400fdffffffe80a000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bb24000900b40000"], 0x128}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=ANY=[@ANYBLOB="0c0100001a0007000000000000000000fe80000000000000000000000000001be0000002000000000000000000000000ffff2000000000000000000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc000000000000000000000000000000000300000000000003000000000000000200000000000000000000007ffffffe0000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a000200700000000000000014000e00ac1e000100000000000000000000000008001f0003000000"], 0x10c}}, 0x0)

3.780076508s ago: executing program 0 (id=2056):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

3.749003819s ago: executing program 6 (id=2057):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000002d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002cc0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}], 0x20, 0x40}, 0x20000800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r6, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

3.341552539s ago: executing program 0 (id=2058):
io_setup(0x4, &(0x7f00000014c0))

1.873074379s ago: executing program 6 (id=2059):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x8000000)
semget$private(0x0, 0x1, 0x0)
semtimedop(0x0, &(0x7f0000000280)=[{0x0, 0x1000, 0x1000}], 0x1, 0x0)
unshare(0x2c040000)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x2000000000000048)
r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x4, 0x88401)
ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000180)={0x52, 0x5, 0x80, {0x3, 0x400}, {0xff, 0x800}, @period={0x2, 0x40e, 0x7, 0x5, 0x8001, {0xc6, 0xd, 0x9, 0x9}, 0x6, &(0x7f0000000140)=[0x8, 0xbf1, 0x7, 0x6, 0x5, 0x7e]}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYRESOCT=r2], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000001340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd71)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_GET_MAP(r5, 0xc0186404, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c00000038000100fdfff9ffffffffff02000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r7 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x1, 0x78)
fchdir(r8)
lsetxattr$trusted_overlay_origin(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000100), 0x0, 0x0, 0x1)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000000)='wg0\x00', 0x4)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000300)=""/2, &(0x7f0000001840)=0x2)
memfd_create(&(0x7f00000001c0)=':\x00', 0x2)

1.733473732s ago: executing program 0 (id=2060):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe8000e8a200000000000000000000bbfc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff070000002abd7000043500000a0001002000000000000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000002d80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002cc0)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}], 0x20, 0x40}, 0x20000800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg$inet(r6, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

0s ago: executing program 0 (id=2061):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, 0x0, 0x0)
r4 = shmget$private(0x0, 0x1000, 0x40, &(0x7f0000884000/0x1000)=nil)
shmctl$IPC_RMID(r4, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x10)
getpid()
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0xba74f8f2e54501b3)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000028c0)={0x0, 0x8, 0x3ff}, 0x8)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="63eced8e1d14000000ffffffec71", 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048000}, 0x44450)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))

kernel console output (not intermixed with test programs):

10651] bridge_slave_1: entered allmulticast mode
[  584.352081][T10651] bridge_slave_1: entered promiscuous mode
[  584.358653][T10583] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.358812][T10583] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.359059][T10583] bridge_slave_1: entered allmulticast mode
[  584.368915][T10583] bridge_slave_1: entered promiscuous mode
[  584.373710][T10571] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.373889][T10571] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.374204][T10571] bridge_slave_1: entered allmulticast mode
[  584.383749][T10571] bridge_slave_1: entered promiscuous mode
[  584.532040][    C1] vkms_vblank_simulate: vblank timer overrun
[  584.532197][ T5877] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  584.549515][ T5877] usb 5-1: device descriptor read/8, error -71
[  584.727862][T10833] FAULT_INJECTION: forcing a failure.
[  584.727862][T10833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  584.727899][T10833] CPU: 1 UID: 0 PID: 10833 Comm: syz.0.1746 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  584.727922][T10833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  584.727935][T10833] Call Trace:
[  584.727948][T10833]  <TASK>
[  584.727957][T10833]  dump_stack_lvl+0x189/0x250
[  584.727995][T10833]  ? __pfx____ratelimit+0x10/0x10
[  584.728022][T10833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  584.728055][T10833]  ? __pfx__printk+0x10/0x10
[  584.728082][T10833]  ? __might_fault+0xb0/0x130
[  584.728132][T10833]  should_fail_ex+0x46c/0x600
[  584.728168][T10833]  _copy_from_user+0x2d/0xb0
[  584.728199][T10833]  kstrtouint_from_user+0xc4/0x170
[  584.728235][T10833]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  584.728287][T10833]  proc_fail_nth_write+0x88/0x200
[  584.728311][T10833]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  584.728340][T10833]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  584.728366][T10833]  vfs_write+0x287/0xb40
[  584.728404][T10833]  ? __pfx_vfs_write+0x10/0x10
[  584.728426][T10833]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  584.728460][T10833]  ? mutex_lock_nested+0x154/0x1d0
[  584.728480][T10833]  ? fdget_pos+0x253/0x320
[  584.728520][T10833]  ksys_write+0x14b/0x260
[  584.728550][T10833]  ? __pfx_ksys_write+0x10/0x10
[  584.728581][T10833]  ? do_syscall_64+0xbe/0xfa0
[  584.728614][T10833]  do_syscall_64+0xfa/0xfa0
[  584.728640][T10833]  ? lockdep_hardirqs_on+0x9c/0x150
[  584.728667][T10833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.728688][T10833]  ? clear_bhb_loop+0x60/0xb0
[  584.728715][T10833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  584.728737][T10833] RIP: 0033:0x7f7a5b26da7f
[  584.728757][T10833] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  584.728776][T10833] RSP: 002b:00007f7a59494030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  584.728800][T10833] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7a5b26da7f
[  584.728815][T10833] RDX: 0000000000000001 RSI: 00007f7a594940a0 RDI: 0000000000000005
[  584.728829][T10833] RBP: 00007f7a59494090 R08: 0000000000000000 R09: 0000000000000000
[  584.728843][T10833] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  584.728856][T10833] R13: 00007f7a5b4c6218 R14: 00007f7a5b4c6180 R15: 00007ffd686a5a08
[  584.728894][T10833]  </TASK>
[  584.733737][   T58] hsr_slave_0: left promiscuous mode
[  584.783648][ T5877] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  584.951868][   T58] hsr_slave_1: left promiscuous mode
[  584.953907][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  584.985798][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  584.993678][ T5877] usb 5-1: device descriptor read/8, error -71
[  585.104357][ T5877] usb usb5-port1: unable to enumerate USB device
[  585.203656][   T58] hsr_slave_0: left promiscuous mode
[  585.248427][   T58] hsr_slave_1: left promiscuous mode
[  585.249421][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  585.284667][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  585.994325][   T58] team0 (unregistering): Port device team_slave_1 removed
[  586.064155][    C1] vkms_vblank_simulate: vblank timer overrun
[  586.124276][   T58] team0 (unregistering): Port device team_slave_0 removed
[  586.161526][   T38] kauditd_printk_skb: 6665 callbacks suppressed
[  586.161546][   T38] audit: type=1400 audit(1761391314.289:627956): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=5807 comm="syz-executor" opid=10810 ocomm="syz.4.1745"
[  586.162839][   T38] audit: type=1400 audit(1761391314.289:627957): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=5807 comm="syz-executor" opid=10810 ocomm="syz.4.1745"
[  586.261035][   T38] audit: type=1400 audit(1761391314.389:627958): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  586.261091][   T38] audit: type=1400 audit(1761391314.389:627959): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  586.261136][   T38] audit: type=1400 audit(1761391314.389:627960): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  586.261302][   T38] audit: type=1400 audit(1761391314.389:627961): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="platform" dev="sysfs" ino=36
[  586.261452][   T38] audit: type=1400 audit(1761391314.389:627962): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="dummy_udc.4" dev="sysfs" ino=30835
[  586.261590][   T38] audit: type=1400 audit(1761391314.389:627963): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="udc" dev="sysfs" ino=30849
[  586.261997][   T38] audit: type=1400 audit(1761391314.389:627964): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="dummy_udc.4" dev="sysfs" ino=30850
[  586.262317][   T38] audit: type=1400 audit(1761391314.389:627965): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" name="uevent" dev="sysfs" ino=30851
[  587.162737][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.217243][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.281838][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.448609][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.561740][   T58] team0 (unregistering): Port device team_slave_1 removed
[  587.719027][   T58] team0 (unregistering): Port device team_slave_0 removed
[  587.864733][    C1] vkms_vblank_simulate: vblank timer overrun
[  588.895632][    C1] vkms_vblank_simulate: vblank timer overrun
[  588.978432][T10651] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.277436][T10583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.287527][T10571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  589.297866][T10651] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.304681][T10583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.316420][T10571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  589.753643][ T1908] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  589.903627][ T1908] usb 1-1: Using ep0 maxpacket: 32
[  589.910808][ T1908] usb 1-1: config 0 has an invalid interface number: 114 but max is 0
[  589.910835][ T1908] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  589.910856][ T1908] usb 1-1: config 0 has no interface number 1
[  589.967983][ T1908] usb 1-1: config 0 interface 114 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  589.968020][ T1908] usb 1-1: too many endpoints for config 0 interface 0 altsetting 15: 49, using maximum allowed: 30
[  589.968063][ T1908] usb 1-1: config 0 interface 0 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 49
[  589.968091][ T1908] usb 1-1: config 0 interface 114 has no altsetting 0
[  589.968110][ T1908] usb 1-1: config 0 interface 0 has no altsetting 0
[  589.973067][ T1908] usb 1-1: New USB device found, idVendor=0421, idProduct=00fc, bcdDevice=7f.8a
[  589.973098][ T1908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.973119][ T1908] usb 1-1: Product: syz
[  589.973135][ T1908] usb 1-1: Manufacturer: syz
[  589.973150][ T1908] usb 1-1: SerialNumber: syz
[  590.114384][ T1908] usb 1-1: config 0 descriptor??
[  590.507884][T10651] team0: Port device team_slave_0 added
[  590.529849][T10583] team0: Port device team_slave_0 added
[  590.538492][T10571] team0: Port device team_slave_0 added
[  590.542584][T10651] team0: Port device team_slave_1 added
[  590.559391][T10583] team0: Port device team_slave_1 added
[  590.562156][T10571] team0: Port device team_slave_1 added
[  590.790999][T10956] FAULT_INJECTION: forcing a failure.
[  590.790999][T10956] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.791034][T10956] CPU: 1 UID: 0 PID: 10956 Comm: syz.4.1794 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  590.791063][T10956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  590.791076][T10956] Call Trace:
[  590.791085][T10956]  <TASK>
[  590.791095][T10956]  dump_stack_lvl+0x189/0x250
[  590.791144][T10956]  ? __pfx____ratelimit+0x10/0x10
[  590.791170][T10956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  590.791200][T10956]  ? __pfx__printk+0x10/0x10
[  590.791225][T10956]  ? __might_fault+0xb0/0x130
[  590.791266][T10956]  should_fail_ex+0x46c/0x600
[  590.791299][T10956]  _copy_from_iter+0x1de/0x1790
[  590.791332][T10956]  ? __lock_acquire+0xab9/0xd20
[  590.791360][T10956]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  590.791399][T10956]  ? __pfx__copy_from_iter+0x10/0x10
[  590.791436][T10956]  ? packet_cached_dev_get+0x1c/0x2b0
[  590.791459][T10956]  ? packet_cached_dev_get+0x1c/0x2b0
[  590.791489][T10956]  packet_sendmsg+0x3072/0x5080
[  590.791513][T10956]  ? __switch_to+0xdc8/0x1690
[  590.791563][T10956]  ? smack_socket_sendmsg+0x1a7/0x520
[  590.791591][T10956]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  590.791621][T10956]  ? __pfx_packet_sendmsg+0x10/0x10
[  590.791650][T10956]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  590.791687][T10956]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  590.791716][T10956]  ? __pfx_packet_sendmsg+0x10/0x10
[  590.791736][T10956]  __sock_sendmsg+0x21c/0x270
[  590.791768][T10956]  ____sys_sendmsg+0x508/0x820
[  590.791799][T10956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  590.791832][T10956]  ? import_iovec+0x74/0xa0
[  590.791859][T10956]  ___sys_sendmsg+0x21f/0x2a0
[  590.791891][T10956]  ? __pfx____sys_sendmsg+0x10/0x10
[  590.791952][T10956]  ? __fget_files+0x2a/0x420
[  590.791980][T10956]  ? __fget_files+0x3a6/0x420
[  590.792020][T10956]  __x64_sys_sendmsg+0x1a1/0x260
[  590.792048][T10956]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  590.792082][T10956]  ? __pfx_ksys_write+0x10/0x10
[  590.792112][T10956]  ? do_syscall_64+0xbe/0xfa0
[  590.792141][T10956]  do_syscall_64+0xfa/0xfa0
[  590.792168][T10956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.792188][T10956]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  590.792208][T10956]  ? clear_bhb_loop+0x60/0xb0
[  590.792233][T10956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.792253][T10956] RIP: 0033:0x7fdd2900efc9
[  590.792272][T10956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.792290][T10956] RSP: 002b:00007fdd27276038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  590.792311][T10956] RAX: ffffffffffffffda RBX: 00007fdd29265fa0 RCX: 00007fdd2900efc9
[  590.792326][T10956] RDX: 0000000000000000 RSI: 0000200000002ac0 RDI: 0000000000000003
[  590.792339][T10956] RBP: 00007fdd27276090 R08: 0000000000000000 R09: 0000000000000000
[  590.792352][T10956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.792364][T10956] R13: 00007fdd29266038 R14: 00007fdd29265fa0 R15: 00007fffa3901568
[  590.792397][T10956]  </TASK>
[  591.185210][   T38] kauditd_printk_skb: 9125 callbacks suppressed
[  591.185230][   T38] audit: type=1400 audit(1761391319.309:635885): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185279][   T38] audit: type=1400 audit(1761391319.309:635886): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="etc" dev="sda1" ino=116
[  591.185327][   T38] audit: type=1400 audit(1761391319.309:635887): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185373][   T38] audit: type=1400 audit(1761391319.309:635888): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="etc" dev="sda1" ino=116
[  591.185419][   T38] audit: type=1400 audit(1761391319.309:635889): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185465][   T38] audit: type=1400 audit(1761391319.309:635890): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185511][   T38] audit: type=1400 audit(1761391319.309:635891): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="lib" dev="sda1" ino=264
[  591.185558][   T38] audit: type=1400 audit(1761391319.309:635892): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185603][   T38] audit: type=1400 audit(1761391319.309:635893): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="/" dev="sda1" ino=2
[  591.185655][   T38] audit: type=1400 audit(1761391319.309:635894): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10960 comm="sed" name="lib" dev="sda1" ino=264
[  591.586649][T10571] batman_adv: batadv0: Adding interface: batadv_slave_0
[  591.586664][T10571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.586688][T10571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  591.656593][T10651] batman_adv: batadv0: Adding interface: batadv_slave_0
[  591.656612][T10651] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.656644][T10651] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  591.658110][T10583] batman_adv: batadv0: Adding interface: batadv_slave_0
[  591.658125][T10583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.658153][T10583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  591.660835][T10571] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.660850][T10571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.660886][T10571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  591.662493][T10583] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.662506][T10583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.662536][T10583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  591.727874][T10651] batman_adv: batadv0: Adding interface: batadv_slave_1
[  591.727894][T10651] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  591.727928][T10651] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  592.425066][T10583] hsr_slave_0: entered promiscuous mode
[  592.426601][T10583] hsr_slave_1: entered promiscuous mode
[  592.427714][T10583] debugfs: 'hsr0' already exists in 'hsr'
[  592.427740][T10583] Cannot create hsr debugfs directory
[  592.524171][ T1908] usb 1-1: bad CDC descriptors
[  592.555720][ T1908] usb 1-1: USB disconnect, device number 29
[  592.638061][T10571] hsr_slave_0: entered promiscuous mode
[  592.643393][T10571] hsr_slave_1: entered promiscuous mode
[  592.664041][T10571] debugfs: 'hsr0' already exists in 'hsr'
[  592.664073][T10571] Cannot create hsr debugfs directory
[  593.001874][    C1] vkms_vblank_simulate: vblank timer overrun
[  593.767504][    C1] vkms_vblank_simulate: vblank timer overrun
[  593.983928][T10651] hsr_slave_0: entered promiscuous mode
[  593.989397][T10651] hsr_slave_1: entered promiscuous mode
[  593.993141][T10651] debugfs: 'hsr0' already exists in 'hsr'
[  593.993169][T10651] Cannot create hsr debugfs directory
[  594.544379][T11011] FAULT_INJECTION: forcing a failure.
[  594.544379][T11011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  594.544415][T11011] CPU: 1 UID: 0 PID: 11011 Comm: syz.4.1810 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  594.544439][T11011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  594.544453][T11011] Call Trace:
[  594.544462][T11011]  <TASK>
[  594.544471][T11011]  dump_stack_lvl+0x189/0x250
[  594.544535][T11011]  ? __pfx____ratelimit+0x10/0x10
[  594.544562][T11011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  594.544595][T11011]  ? __pfx__printk+0x10/0x10
[  594.544623][T11011]  ? __might_fault+0xb0/0x130
[  594.544664][T11011]  should_fail_ex+0x46c/0x600
[  594.544700][T11011]  _copy_from_user+0x2d/0xb0
[  594.544725][T11011]  input_event_from_user+0xb2/0x280
[  594.544757][T11011]  ? __pfx_input_event_from_user+0x10/0x10
[  594.544786][T11011]  ? rt_spin_unlock+0x150/0x200
[  594.544813][T11011]  ? rt_spin_unlock+0x161/0x200
[  594.544839][T11011]  evdev_write+0x2a9/0x480
[  594.544875][T11011]  ? __pfx_evdev_write+0x10/0x10
[  594.544901][T11011]  ? do_raw_spin_lock+0x121/0x290
[  594.544935][T11011]  ? rw_verify_area+0x25b/0x4e0
[  594.544960][T11011]  ? __lock_acquire+0xab9/0xd20
[  594.544986][T11011]  ? __pfx_evdev_write+0x10/0x10
[  594.545016][T11011]  vfs_write+0x287/0xb40
[  594.545053][T11011]  ? __pfx_vfs_write+0x10/0x10
[  594.545083][T11011]  ? __fget_files+0x2a/0x420
[  594.545116][T11011]  ? __fget_files+0x2a/0x420
[  594.545144][T11011]  ? __fget_files+0x3a6/0x420
[  594.545173][T11011]  ? __fget_files+0x2a/0x420
[  594.545213][T11011]  ksys_write+0x14b/0x260
[  594.545243][T11011]  ? __pfx_ksys_write+0x10/0x10
[  594.545274][T11011]  ? do_syscall_64+0xbe/0xfa0
[  594.545307][T11011]  do_syscall_64+0xfa/0xfa0
[  594.545333][T11011]  ? lockdep_hardirqs_on+0x9c/0x150
[  594.545360][T11011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.545383][T11011]  ? clear_bhb_loop+0x60/0xb0
[  594.545410][T11011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.545431][T11011] RIP: 0033:0x7fdd2900efc9
[  594.545450][T11011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  594.545468][T11011] RSP: 002b:00007fdd27276038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  594.545492][T11011] RAX: ffffffffffffffda RBX: 00007fdd29265fa0 RCX: 00007fdd2900efc9
[  594.545516][T11011] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000005
[  594.545530][T11011] RBP: 00007fdd27276090 R08: 0000000000000000 R09: 0000000000000000
[  594.545543][T11011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  594.545556][T11011] R13: 00007fdd29266038 R14: 00007fdd29265fa0 R15: 00007fffa3901568
[  594.545594][T11011]  </TASK>
[  595.828120][    C1] vkms_vblank_simulate: vblank timer overrun
[  596.194853][   T38] kauditd_printk_skb: 11571 callbacks suppressed
[  596.194873][   T38] audit: type=1400 audit(1761391324.329:643701): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=6712 comm="udevd" name="data" dev="tmpfs" ino=14
[  596.194920][   T38] audit: type=1400 audit(1761391324.329:643703): lsm=SMACK fn=smack_inode_rename action=granted subject="_" object="_" requested=rw pid=6712 comm="udevd" name="b7:0.tmp" dev="tmpfs" ino=5848
[  596.194965][   T38] audit: type=1400 audit(1761391324.329:643702): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=r pid=11042 comm="syz.0.1820" path="/dev/raw-gadget" dev="devtmpfs" ino=815
[  596.195012][   T38] audit: type=1400 audit(1761391324.329:643704): lsm=SMACK fn=smack_inode_rename action=granted subject="_" object="_" requested=rw pid=6712 comm="udevd" name="b7:0" dev="tmpfs" ino=5843
[  596.195301][   T38] audit: type=1400 audit(1761391324.329:643705): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=6712 comm="udevd" name="/" dev="sda1" ino=2
[  596.195460][   T38] audit: type=1400 audit(1761391324.329:643706): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=6712 comm="udevd" name="/" dev="devtmpfs" ino=1
[  596.195610][   T38] audit: type=1400 audit(1761391324.329:643707): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=6712 comm="udevd" name="loop0" dev="devtmpfs" ino=647
[  596.197499][   T38] audit: type=1400 audit(1761391324.329:643708): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11048 comm="cmp" name="/" dev="sda1" ino=2
[  596.197550][   T38] audit: type=1400 audit(1761391324.329:643709): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=6712 comm="udevd" name="/" dev="sda1" ino=2
[  596.197610][   T38] audit: type=1400 audit(1761391324.329:643710): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11047 comm="syz-executor" name="/" dev="proc" ino=1
[  596.258431][ T1908] usb 1-1: new low-speed USB device number 30 using dummy_hcd
[  596.468632][ T1908] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  596.468689][ T1908] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  596.468714][ T1908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.734837][T11044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.738722][T11044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.562779][T10583] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  597.595848][T10583] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  597.651407][T10583] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  597.741433][T10583] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  598.295482][   T58] bridge_slave_1: left allmulticast mode
[  598.295511][   T58] bridge_slave_1: left promiscuous mode
[  598.295767][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.396110][   T58] bridge_slave_0: left allmulticast mode
[  598.396142][   T58] bridge_slave_0: left promiscuous mode
[  598.396418][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.984700][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  599.117586][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  599.290032][   T58] bond0 (unregistering): Released all slaves
[  599.730601][ T1908] usb 1-1: string descriptor 0 read error: -71
[  599.731521][ T1908] hub 1-1:32.0: bad descriptor, ignoring hub
[  599.731562][ T1908] hub 1-1:32.0: probe with driver hub failed with error -5
[  599.878241][    C1] vkms_vblank_simulate: vblank timer overrun
[  599.982505][ T1908] usb 1-1: USB disconnect, device number 30
[  600.045198][    C1] vkms_vblank_simulate: vblank timer overrun
[  600.062910][   T58] hsr_slave_0: left promiscuous mode
[  600.168349][T11105] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1836'.
[  600.169001][T11105] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  600.171828][T11105] IPv6: NLM_F_CREATE should be set when creating new route
[  600.186724][    C1] vkms_vblank_simulate: vblank timer overrun
[  600.573913][   T58] hsr_slave_1: left promiscuous mode
[  600.922708][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.021775][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  601.152415][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.176360][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  601.211952][   T38] kauditd_printk_skb: 7683 callbacks suppressed
[  601.211972][   T38] audit: type=1400 audit(1761391329.339:650368): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  601.212021][   T38] audit: type=1400 audit(1761391329.339:650369): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  601.212068][   T38] audit: type=1400 audit(1761391329.339:650370): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  601.212114][   T38] audit: type=1400 audit(1761391329.339:650371): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  601.212161][   T38] audit: type=1400 audit(1761391329.339:650372): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  601.212207][   T38] audit: type=1400 audit(1761391329.339:650373): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop0" dev="sysfs" ino=14686
[  601.212253][   T38] audit: type=1400 audit(1761391329.339:650374): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" name="queue" dev="sysfs" ino=14732
[  601.212299][   T38] audit: type=1400 audit(1761391329.339:650375): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" path="/sys/devices/virtual/block/loop0/queue" dev="sysfs" ino=14732
[  601.212347][   T38] audit: type=1400 audit(1761391329.339:650376): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" path="/sys/devices/virtual/block/loop0/queue" dev="sysfs" ino=14732
[  601.215873][   T38] audit: type=1400 audit(1761391329.339:650377): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  601.947578][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.016128][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.082276][    C1] vkms_vblank_simulate: vblank timer overrun
[  602.345739][   T58] team0 (unregistering): Port device team_slave_1 removed
[  602.817783][   T58] team0 (unregistering): Port device team_slave_0 removed
[  603.115786][    C1] vkms_vblank_simulate: vblank timer overrun
[  603.323632][ T5892] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  603.486587][ T5892] usb 5-1: Using ep0 maxpacket: 8
[  603.525286][ T5892] usb 5-1: unable to get BOS descriptor or descriptor too short
[  603.531795][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  603.531832][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  603.531860][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  603.531882][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  603.531906][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  603.531922][ T5892] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0
[  603.531939][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  603.531954][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  603.701726][ T5892] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  603.701749][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.701763][ T5892] usb 5-1: Product: syz
[  603.701774][ T5892] usb 5-1: Manufacturer: syz
[  603.701784][ T5892] usb 5-1: SerialNumber: syz
[  603.724974][ T5892] usb 5-1: config 0 descriptor??
[  603.790985][ T5892] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  603.956728][T11133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.957366][T11133] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  603.959752][T11133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  603.960420][T11133] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.588080][ T5892] usb 5-1: USB disconnect, device number 20
[  605.181111][ T6220] udevd[6220]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  605.895185][T11150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1855'.
[  606.056018][T10583] 8021q: adding VLAN 0 to HW filter on device bond0
[  606.217993][   T38] kauditd_printk_skb: 9593 callbacks suppressed
[  606.218013][   T38] audit: type=1400 audit(1761391334.349:657994): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=11155 comm="dhcpcd-run-hook" name="libselinux.so.1" dev="sda1" ino=1731
[  606.218068][   T38] audit: type=1400 audit(1761391334.349:657995): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=11155 comm="dhcpcd-run-hook" path="/usr/lib/libselinux.so.1" dev="sda1" ino=1731
[  606.218116][   T38] audit: type=1400 audit(1761391334.349:657996): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=11155 comm="dhcpcd-run-hook" path="/usr/lib/libselinux.so.1" dev="sda1" ino=1731
[  606.254347][ T5984] audit: audit_backlog=65 > audit_backlog_limit=64
[  606.254369][ T5984] audit: audit_lost=165523 audit_rate_limit=0 audit_backlog_limit=64
[  606.254388][ T5984] audit: backlog limit exceeded
[  606.254422][ T5984] audit: audit_backlog=65 > audit_backlog_limit=64
[  606.254436][ T5984] audit: audit_lost=165524 audit_rate_limit=0 audit_backlog_limit=64
[  606.254452][ T5984] audit: backlog limit exceeded
[  606.254600][ T5984] audit: audit_backlog=65 > audit_backlog_limit=64
[  606.287071][T10583] 8021q: adding VLAN 0 to HW filter on device team0
[  606.340890][ T3568] bridge0: port 1(bridge_slave_0) entered blocking state
[  606.341241][ T3568] bridge0: port 1(bridge_slave_0) entered forwarding state
[  606.381551][ T3568] bridge0: port 2(bridge_slave_1) entered blocking state
[  606.419397][ T3568] bridge0: port 2(bridge_slave_1) entered forwarding state
[  606.945445][    C1] vkms_vblank_simulate: vblank timer overrun
[  607.208434][T10571] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  607.306158][T10571] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  607.352179][T10571] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  607.477190][T10571] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  607.804324][T10651] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  607.899679][T10651] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  607.973440][T10651] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  608.175262][T10651] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  609.569815][T10571] 8021q: adding VLAN 0 to HW filter on device bond0
[  609.830208][T10571] 8021q: adding VLAN 0 to HW filter on device team0
[  609.891056][T10651] 8021q: adding VLAN 0 to HW filter on device bond0
[  609.893845][ T5980] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.894799][ T5980] bridge0: port 1(bridge_slave_0) entered forwarding state
[  609.996245][ T3541] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.007005][ T3541] bridge0: port 2(bridge_slave_1) entered forwarding state
[  610.083399][T10583] 8021q: adding VLAN 0 to HW filter on device batadv0
[  610.145643][T10651] 8021q: adding VLAN 0 to HW filter on device team0
[  610.223922][ T3516] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.224076][ T3516] bridge0: port 1(bridge_slave_0) entered forwarding state
[  610.350228][ T3516] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.350611][ T3516] bridge0: port 2(bridge_slave_1) entered forwarding state
[  610.709645][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.080965][    C1] vkms_vblank_simulate: vblank timer overrun
[  611.232429][   T38] kauditd_printk_skb: 11354 callbacks suppressed
[  611.232449][   T38] audit: type=1400 audit(1761391339.339:665852): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232498][   T38] audit: type=1400 audit(1761391339.339:665853): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="etc" dev="sda1" ino=116
[  611.232542][   T38] audit: type=1400 audit(1761391339.339:665854): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232586][   T38] audit: type=1400 audit(1761391339.339:665855): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="etc" dev="sda1" ino=116
[  611.232631][   T38] audit: type=1400 audit(1761391339.339:665856): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232676][   T38] audit: type=1400 audit(1761391339.339:665857): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232730][   T38] audit: type=1400 audit(1761391339.339:665858): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="lib" dev="sda1" ino=264
[  611.232776][   T38] audit: type=1400 audit(1761391339.339:665859): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232821][   T38] audit: type=1400 audit(1761391339.339:665860): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="/" dev="sda1" ino=2
[  611.232866][   T38] audit: type=1400 audit(1761391339.339:665861): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11235 comm="modprobe" name="lib" dev="sda1" ino=264
[  612.063792][T10571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  612.704609][T10583] veth0_vlan: entered promiscuous mode
[  612.753750][T10583] veth1_vlan: entered promiscuous mode
[  612.995824][T10651] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.093173][T10583] veth0_macvtap: entered promiscuous mode
[  613.126648][T10583] veth1_macvtap: entered promiscuous mode
[  613.180372][T10583] batman_adv: batadv0: Interface activated: batadv_slave_0
[  613.206733][T10583] batman_adv: batadv0: Interface activated: batadv_slave_1
[  613.272503][ T3587] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  613.289460][ T3587] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  613.299607][ T3587] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  613.299950][ T3587] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  613.954044][  T981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  613.954066][  T981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.049481][T10571] veth0_vlan: entered promiscuous mode
[  614.323393][T10571] veth1_vlan: entered promiscuous mode
[  614.383321][ T3541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.383337][ T3541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.559252][T11276] binder: 11274:11276 ioctl c0306201 2000000001c0 returned -14
[  614.761178][T10571] veth0_macvtap: entered promiscuous mode
[  614.816243][T10571] veth1_macvtap: entered promiscuous mode
[  614.873395][T10571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  614.896691][T10571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.917516][  T981] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.917788][  T981] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.917846][  T981] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.917885][  T981] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.477554][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.477578][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.731248][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.731270][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.737210][T10651] veth0_vlan: entered promiscuous mode
[  615.906804][T10651] veth1_vlan: entered promiscuous mode
[  616.107563][T10651] veth0_macvtap: entered promiscuous mode
[  616.299336][T11309] netlink: 'syz.5.1888': attribute type 1 has an invalid length.
[  616.310904][T10651] veth1_macvtap: entered promiscuous mode
[  616.322413][T11309] hub 9-0:1.0: USB hub found
[  616.324098][T11309] hub 9-0:1.0: 1 port detected
[  616.444052][T10583] audit_log_start: 12764 callbacks suppressed
[  616.444069][T10583] audit: audit_backlog=65 > audit_backlog_limit=64
[  616.444083][T10583] audit: audit_lost=168026 audit_rate_limit=0 audit_backlog_limit=64
[  616.444097][T10583] audit: backlog limit exceeded
[  616.444213][T10583] audit: audit_backlog=65 > audit_backlog_limit=64
[  616.444227][T10583] audit: audit_lost=168027 audit_rate_limit=0 audit_backlog_limit=64
[  616.444241][T10583] audit: backlog limit exceeded
[  616.444403][T10583] audit: audit_backlog=65 > audit_backlog_limit=64
[  616.444417][T10583] audit: audit_lost=168028 audit_rate_limit=0 audit_backlog_limit=64
[  616.444432][T10583] audit: backlog limit exceeded
[  616.444447][T10583] audit: audit_backlog=65 > audit_backlog_limit=64
[  616.569106][T10651] batman_adv: batadv0: Interface activated: batadv_slave_0
[  616.665899][T10651] batman_adv: batadv0: Interface activated: batadv_slave_1
[  616.763304][ T3568] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  616.770572][ T3568] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  616.770637][ T3568] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  616.770684][ T3568] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  617.522733][ T3568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.522752][ T3568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.682240][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  617.682263][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.860256][T11335] FAULT_INJECTION: forcing a failure.
[  617.860256][T11335] name failslab, interval 1, probability 0, space 0, times 0
[  617.860292][T11335] CPU: 0 UID: 0 PID: 11335 Comm: syz.4.1896 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  617.860316][T11335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  617.860330][T11335] Call Trace:
[  617.860338][T11335]  <TASK>
[  617.860354][T11335]  dump_stack_lvl+0x189/0x250
[  617.860392][T11335]  ? __pfx____ratelimit+0x10/0x10
[  617.860418][T11335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.860451][T11335]  ? __pfx__printk+0x10/0x10
[  617.860484][T11335]  ? __pfx___might_resched+0x10/0x10
[  617.860508][T11335]  ? fs_reclaim_acquire+0x7d/0x100
[  617.860543][T11335]  should_fail_ex+0x46c/0x600
[  617.860575][T11335]  ? __alloc_skb+0x112/0x2d0
[  617.860595][T11335]  should_failslab+0xa8/0x100
[  617.860627][T11335]  ? __alloc_skb+0x112/0x2d0
[  617.860645][T11335]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  617.860674][T11335]  ? netlink_autobind+0xdb/0x300
[  617.860703][T11335]  __alloc_skb+0x112/0x2d0
[  617.860728][T11335]  netlink_sendmsg+0x5c6/0xb30
[  617.860748][T11335]  ? is_bpf_text_address+0x26/0x2b0
[  617.860789][T11335]  ? __pfx_netlink_sendmsg+0x10/0x10
[  617.860820][T11335]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  617.860849][T11335]  ? __pfx_netlink_sendmsg+0x10/0x10
[  617.860872][T11335]  __sock_sendmsg+0x21c/0x270
[  617.860906][T11335]  ____sys_sendmsg+0x508/0x820
[  617.860936][T11335]  ? __pfx_____sys_sendmsg+0x10/0x10
[  617.860969][T11335]  ? import_iovec+0x74/0xa0
[  617.860995][T11335]  ___sys_sendmsg+0x21f/0x2a0
[  617.861022][T11335]  ? __pfx____sys_sendmsg+0x10/0x10
[  617.861086][T11335]  ? __fget_files+0x2a/0x420
[  617.861115][T11335]  ? __fget_files+0x3a6/0x420
[  617.861156][T11335]  __x64_sys_sendmsg+0x1a1/0x260
[  617.861185][T11335]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  617.861222][T11335]  ? __pfx_ksys_write+0x10/0x10
[  617.861255][T11335]  ? do_syscall_64+0xbe/0xfa0
[  617.861288][T11335]  do_syscall_64+0xfa/0xfa0
[  617.861314][T11335]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.861342][T11335]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.861372][T11335]  ? clear_bhb_loop+0x60/0xb0
[  617.861399][T11335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.861421][T11335] RIP: 0033:0x7fdd2900efc9
[  617.861440][T11335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.861459][T11335] RSP: 002b:00007fdd27276038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  617.861482][T11335] RAX: ffffffffffffffda RBX: 00007fdd29265fa0 RCX: 00007fdd2900efc9
[  617.861499][T11335] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004
[  617.861513][T11335] RBP: 00007fdd27276090 R08: 0000000000000000 R09: 0000000000000000
[  617.861527][T11335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.861540][T11335] R13: 00007fdd29266038 R14: 00007fdd29265fa0 R15: 00007fffa3901568
[  617.861577][T11335]  </TASK>
[  618.579632][    C1] vkms_vblank_simulate: vblank timer overrun
[  618.918265][    C1] vkms_vblank_simulate: vblank timer overrun
[  618.982863][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.280365][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.602144][    C1] vkms_vblank_simulate: vblank timer overrun
[  620.108848][    C1] vkms_vblank_simulate: vblank timer overrun
[  620.125442][T11359] overlayfs: failed to resolve './file1': -2
[  620.857154][    C1] vkms_vblank_simulate: vblank timer overrun
[  620.980663][T11371] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  620.980786][T11371] overlayfs: failed to set xattr on upper
[  620.980793][T11371] overlayfs: ...falling back to redirect_dir=nofollow.
[  620.980798][T11371] overlayfs: ...falling back to index=off.
[  620.980803][T11371] overlayfs: ...falling back to uuid=null.
[  621.453638][   T38] kauditd_printk_skb: 12130 callbacks suppressed
[  621.453657][   T38] audit: type=1400 audit(1761391349.579:682968): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  621.453705][   T38] audit: type=1400 audit(1761391349.579:682969): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  621.453751][   T38] audit: type=1400 audit(1761391349.579:682970): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="0" dev="tmpfs" ino=13
[  621.453796][   T38] audit: type=1400 audit(1761391349.579:682971): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11377 comm="syz-executor" name="4" dev="tmpfs" ino=34
[  621.453842][   T38] audit: type=1400 audit(1761391349.579:682973): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11377 comm="syz-executor" name="4" dev="tmpfs" ino=34
[  621.453888][   T38] audit: type=1400 audit(1761391349.579:682972): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=10651 comm="syz-executor" path="/0/cgroup.cpu" dev="tmpfs" ino=15
[  621.453933][   T38] audit: type=1400 audit(1761391349.579:682974): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  621.453980][   T38] audit: type=1400 audit(1761391349.579:682975): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=11377 comm="syz-executor" name="4" dev="tmpfs" ino=34
[  621.454025][   T38] audit: type=1400 audit(1761391349.579:682976): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  621.454080][   T38] audit: type=1400 audit(1761391349.579:682977): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10651 comm="syz-executor" name="0" dev="tmpfs" ino=13
[  621.882317][    C1] vkms_vblank_simulate: vblank timer overrun
[  621.897014][T11379] FAT-fs (loop11): unable to read boot sector
[  622.006934][    C1] vkms_vblank_simulate: vblank timer overrun
[  622.397081][    C1] vkms_vblank_simulate: vblank timer overrun
[  622.923626][ T5893] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  623.081362][ T5893] usb 6-1: config index 0 descriptor too short (expected 2489, got 441)
[  623.081395][ T5893] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[  623.081417][ T5893] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  623.081437][ T5893] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[  623.121620][ T5893] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  623.121652][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=8
[  623.121674][ T5893] usb 6-1: SerialNumber: syz
[  623.178912][ T5893] usb 6-1: config 0 descriptor??
[  623.204261][ T5893] pwc: Askey VC010 type 2 USB webcam detected.
[  623.313568][ T1244] usb 7-1: new low-speed USB device number 2 using dummy_hcd
[  623.404695][T10572] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  623.422310][T10572] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  623.435831][T10572] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  623.442198][T10572] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  623.461644][T10572] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  623.464442][ T1244] usb 7-1: device descriptor read/64, error -71
[  623.733749][ T1244] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  623.883597][ T1244] usb 7-1: device descriptor read/64, error -71
[  623.996451][ T1244] usb usb7-port1: attempt power cycle
[  624.145588][    C1] vkms_vblank_simulate: vblank timer overrun
[  624.152495][ T5893] pwc: recv_control_msg error -32 req 02 val 2b00
[  624.167668][ T5893] pwc: recv_control_msg error -32 req 02 val 2700
[  624.169201][ T5893] pwc: recv_control_msg error -32 req 02 val 2c00
[  624.169576][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  624.169722][ T5893] pwc: recv_control_msg error -32 req 04 val 1000
[  624.170093][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  624.170238][ T5893] pwc: recv_control_msg error -32 req 04 val 1300
[  624.170599][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  624.170743][ T5893] pwc: recv_control_msg error -32 req 04 val 1400
[  624.171120][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  624.171373][ T5893] pwc: recv_control_msg error -32 req 02 val 2000
[  624.259180][ T5893] pwc: recv_control_msg error -71 req 02 val 2100
[  624.259702][ T5893] pwc: recv_control_msg error -71 req 04 val 1500
[  624.261653][ T5893] pwc: recv_control_msg error -71 req 02 val 2500
[  624.262206][ T5893] pwc: recv_control_msg error -71 req 02 val 2400
[  624.266324][ T5893] pwc: recv_control_msg error -71 req 02 val 2600
[  624.273594][ T5893] pwc: recv_control_msg error -71 req 02 val 2900
[  624.286653][ T5893] pwc: recv_control_msg error -71 req 02 val 2800
[  624.313136][ T5893] pwc: recv_control_msg error -71 req 04 val 1100
[  624.322328][ T5893] pwc: recv_control_msg error -71 req 04 val 1200
[  624.393604][ T1244] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  624.418742][ T1244] usb 7-1: device descriptor read/8, error -71
[  624.419228][ T5893] pwc: Registered as video103.
[  624.423189][ T5893] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input16
[  624.461030][ T5893] usb 6-1: USB disconnect, device number 2
[  624.587485][    C1] vkms_vblank_simulate: vblank timer overrun
[  624.743953][ T1244] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[  624.774657][ T1244] usb 7-1: device descriptor read/8, error -71
[  624.884456][ T1244] usb usb7-port1: unable to enumerate USB device
[  624.886442][    C1] vkms_vblank_simulate: vblank timer overrun
[  625.028065][T11422] overlayfs: failed to resolve './file1': -2
[  625.172895][T11422] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  625.173003][T11422] overlayfs: failed to set xattr on upper
[  625.173009][T11422] overlayfs: ...falling back to redirect_dir=nofollow.
[  625.173015][T11422] overlayfs: ...falling back to index=off.
[  625.173021][T11422] overlayfs: ...falling back to uuid=null.
[  625.626877][T10572] Bluetooth: hci1: command tx timeout
[  626.465856][   T38] kauditd_printk_skb: 17878 callbacks suppressed
[  626.465878][   T38] audit: type=1400 audit(1761391354.599:691772): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=rw pid=11437 comm="syz.7.1923" name="swradio5" dev="devtmpfs" ino=1021
[  626.465929][   T38] audit: type=1400 audit(1761391354.599:691773): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=11437 comm="syz.7.1923" path="/dev/swradio5" dev="devtmpfs" ino=1021
[  626.525330][   T38] audit: type=1400 audit(1761391354.659:691774): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  626.525625][   T38] audit: type=1400 audit(1761391354.659:691775): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="var" dev="sda1" ino=2001
[  626.526186][   T38] audit: type=1400 audit(1761391354.659:691776): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="var" dev="sda1" ino=2001
[  626.526440][   T38] audit: type=1400 audit(1761391354.659:691777): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  626.531660][   T38] audit: type=1400 audit(1761391354.659:691778): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1
[  626.531715][   T38] audit: type=1400 audit(1761391354.659:691779): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1832
[  626.531762][   T38] audit: type=1400 audit(1761391354.659:691780): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836
[  626.531810][   T38] audit: type=1400 audit(1761391354.659:691781): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11441 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1837
[  626.742883][    C1] vkms_vblank_simulate: vblank timer overrun
[  626.752789][T11438] netlink: 'syz.6.1922': attribute type 1 has an invalid length.
[  626.763349][T11438] hub 9-0:1.0: USB hub found
[  626.763833][T11438] hub 9-0:1.0: 1 port detected
[  626.922317][    C1] vkms_vblank_simulate: vblank timer overrun
[  627.395188][    C1] vkms_vblank_simulate: vblank timer overrun
[  627.453678][   T31] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  627.480179][  T981] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.994270][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.014255][   T31] usb 8-1: Using ep0 maxpacket: 16
[  628.517199][T10572] Bluetooth: hci1: command tx timeout
[  628.518809][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.552490][   T31] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  628.552526][   T31] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  628.662357][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.712001][   T31] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  628.712033][   T31] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.712055][   T31] usb 8-1: Product: syz
[  628.712069][   T31] usb 8-1: Manufacturer: syz
[  628.712083][   T31] usb 8-1: SerialNumber: syz
[  629.032213][    C1] vkms_vblank_simulate: vblank timer overrun
[  629.649477][  T981] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.790297][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  629.790367][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  630.456469][    C1] vkms_vblank_simulate: vblank timer overrun
[  630.964863][    C1] vkms_vblank_simulate: vblank timer overrun
[  631.076754][    C1] vkms_vblank_simulate: vblank timer overrun
[  631.506092][    C1] vkms_vblank_simulate: vblank timer overrun
[  631.530141][   T38] kauditd_printk_skb: 4697 callbacks suppressed
[  631.530160][   T38] audit: type=1400 audit(1761391359.659:695129): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  631.530207][   T38] audit: type=1400 audit(1761391359.659:695130): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  631.530249][   T38] audit: type=1400 audit(1761391359.659:695131): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  631.530291][   T38] audit: type=1400 audit(1761391359.659:695132): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop5" dev="sysfs" ino=15296
[  631.530333][   T38] audit: type=1400 audit(1761391359.659:695133): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="slaves" dev="sysfs" ino=15341
[  631.530375][   T38] audit: type=1400 audit(1761391359.659:695134): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  631.530417][   T38] audit: type=1400 audit(1761391359.659:695135): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  631.530457][   T38] audit: type=1400 audit(1761391359.659:695136): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  631.530499][   T38] audit: type=1400 audit(1761391359.659:695137): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  631.530541][   T38] audit: type=1400 audit(1761391359.659:695138): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  631.607212][T10572] Bluetooth: hci1: command tx timeout
[  631.696699][    C1] vkms_vblank_simulate: vblank timer overrun
[  632.000408][  T981] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.286650][T11476] overlayfs: failed to resolve './file1': -2
[  632.469360][T11476] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  632.469502][T11476] overlayfs: failed to set xattr on upper
[  632.469511][T11476] overlayfs: ...falling back to redirect_dir=nofollow.
[  632.469520][T11476] overlayfs: ...falling back to index=off.
[  632.469527][T11476] overlayfs: ...falling back to uuid=null.
[  633.256905][  T981] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  633.383620][   T31] usb 8-1: USB disconnect, device number 2
[  633.659432][T11496] FAULT_INJECTION: forcing a failure.
[  633.659432][T11496] name failslab, interval 1, probability 0, space 0, times 0
[  633.659467][T11496] CPU: 1 UID: 0 PID: 11496 Comm: syz.0.1934 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  633.659492][T11496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  633.659506][T11496] Call Trace:
[  633.659514][T11496]  <TASK>
[  633.659524][T11496]  dump_stack_lvl+0x189/0x250
[  633.659562][T11496]  ? __pfx____ratelimit+0x10/0x10
[  633.659590][T11496]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.659623][T11496]  ? __pfx__printk+0x10/0x10
[  633.659665][T11496]  ? __pfx___might_resched+0x10/0x10
[  633.659688][T11496]  ? fs_reclaim_acquire+0x7d/0x100
[  633.659726][T11496]  should_fail_ex+0x46c/0x600
[  633.659762][T11496]  should_failslab+0xa8/0x100
[  633.659796][T11496]  __kmalloc_noprof+0xcc/0x7d0
[  633.659824][T11496]  ? bpf_test_init+0x9f/0x150
[  633.659865][T11496]  bpf_test_init+0x9f/0x150
[  633.659903][T11496]  bpf_prog_test_run_skb+0x206/0x1550
[  633.659939][T11496]  ? __fget_files+0x2a/0x420
[  633.659978][T11496]  ? __fget_files+0x2a/0x420
[  633.660013][T11496]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  633.660048][T11496]  bpf_prog_test_run+0x2cd/0x340
[  633.660086][T11496]  __sys_bpf+0x562/0x860
[  633.660118][T11496]  ? __pfx___sys_bpf+0x10/0x10
[  633.660146][T11496]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  633.660187][T11496]  ? ksys_write+0x230/0x260
[  633.660217][T11496]  ? __pfx_ksys_write+0x10/0x10
[  633.660250][T11496]  __x64_sys_bpf+0x7c/0x90
[  633.660276][T11496]  do_syscall_64+0xfa/0xfa0
[  633.660301][T11496]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.660328][T11496]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.660351][T11496]  ? clear_bhb_loop+0x60/0xb0
[  633.660378][T11496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.660400][T11496] RIP: 0033:0x7f7a5b26efc9
[  633.660420][T11496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.660440][T11496] RSP: 002b:00007f7a594d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  633.660463][T11496] RAX: ffffffffffffffda RBX: 00007f7a5b4c5fa0 RCX: 00007f7a5b26efc9
[  633.660480][T11496] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  633.660494][T11496] RBP: 00007f7a594d6090 R08: 0000000000000000 R09: 0000000000000000
[  633.660507][T11496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  633.660521][T11496] R13: 00007f7a5b4c6038 R14: 00007f7a5b4c5fa0 R15: 00007ffd686a5a08
[  633.660557][T11496]  </TASK>
[  633.683642][T10572] Bluetooth: hci1: command tx timeout
[  634.649524][    C1] vkms_vblank_simulate: vblank timer overrun
[  634.782878][  T981] bridge_slave_1: left allmulticast mode
[  634.782908][  T981] bridge_slave_1: left promiscuous mode
[  634.783175][  T981] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.820524][T11509] program syz.0.1936 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  635.056086][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.130377][  T981] bridge_slave_0: left allmulticast mode
[  636.130407][  T981] bridge_slave_0: left promiscuous mode
[  636.130684][  T981] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.357095][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.610630][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.674376][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.783368][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.871153][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.891342][   T38] kauditd_printk_skb: 8311 callbacks suppressed
[  636.891364][   T38] audit: type=1400 audit(1761391364.589:699997): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  636.891417][   T38] audit: type=1400 audit(1761391364.589:699998): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  636.891448][   T38] audit: type=1400 audit(1761391364.589:699999): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  636.891478][   T38] audit: type=1400 audit(1761391364.589:700000): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  636.891509][   T38] audit: type=1400 audit(1761391364.589:700001): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  636.891540][   T38] audit: type=1400 audit(1761391364.589:700002): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop6" dev="sysfs" ino=15418
[  636.891571][   T38] audit: type=1400 audit(1761391364.589:700003): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" path="/sys/devices/virtual/block/loop6/uevent" dev="sysfs" ino=15419
[  636.891605][   T38] audit: type=1400 audit(1761391364.589:700004): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  636.891637][   T38] audit: type=1400 audit(1761391364.589:700005): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  636.891668][   T38] audit: type=1400 audit(1761391364.589:700006): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  638.058329][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.178490][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.577211][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.663820][T11538] netlink: 88 bytes leftover after parsing attributes in process `syz.6.1947'.
[  639.198983][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.695447][T11543] netlink: 'syz.0.1948': attribute type 5 has an invalid length.
[  639.695471][T11543] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1948'.
[  639.746693][T11544] netlink: 'syz.0.1948': attribute type 5 has an invalid length.
[  639.746716][T11544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1948'.
[  639.891382][    C1] vkms_vblank_simulate: vblank timer overrun
[  640.943337][    C1] vkms_vblank_simulate: vblank timer overrun
[  641.193660][    C1] vkms_vblank_simulate: vblank timer overrun
[  641.594420][  T981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  641.665849][  T981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  641.687442][  T981] bond0 (unregistering): Released all slaves
[  641.724260][T11389] chnl_net:caif_netlink_parms(): no params data found
[  641.757734][T11540] netlink: 164 bytes leftover after parsing attributes in process `syz.6.1947'.
[  641.898596][   T38] kauditd_printk_skb: 21124 callbacks suppressed
[  641.898617][   T38] audit: type=1400 audit(1761391370.019:708297): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  641.898669][   T38] audit: type=1400 audit(1761391370.019:708298): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  641.898716][   T38] audit: type=1400 audit(1761391370.019:708299): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop7" dev="sysfs" ino=15540
[  641.898764][   T38] audit: type=1400 audit(1761391370.019:708300): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  641.898811][   T38] audit: type=1400 audit(1761391370.019:708301): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  641.898858][   T38] audit: type=1400 audit(1761391370.019:708302): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  641.898904][   T38] audit: type=1400 audit(1761391370.019:708303): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  641.898949][   T38] audit: type=1400 audit(1761391370.019:708304): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  641.898995][   T38] audit: type=1400 audit(1761391370.019:708305): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  641.899041][   T38] audit: type=1400 audit(1761391370.019:708306): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  642.057745][    C1] vkms_vblank_simulate: vblank timer overrun
[  642.493812][  T981] tipc: Left network mode
[  642.533216][    C1] vkms_vblank_simulate: vblank timer overrun
[  642.712011][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.460049][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.514972][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.754426][ T5885] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  643.861084][T11571] overlayfs: failed to resolve './file1': -2
[  643.910476][ T5885] usb 6-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  643.910509][ T5885] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.942476][ T5885] usb 6-1: config 0 descriptor??
[  643.958324][ T5885] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  643.987958][ T5885] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  644.101676][T11572] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  644.103067][T11572] overlayfs: failed to set xattr on upper
[  644.103080][T11572] overlayfs: ...falling back to redirect_dir=nofollow.
[  644.103091][T11572] overlayfs: ...falling back to index=off.
[  644.103100][T11572] overlayfs: ...falling back to uuid=null.
[  644.208118][T11218] usb 6-1: USB disconnect, device number 3
[  645.313897][T11577] ip6erspan0: entered allmulticast mode
[  645.441958][    C1] vkms_vblank_simulate: vblank timer overrun
[  645.498904][T11582] overlayfs: failed to resolve './file1': -2
[  645.703032][T11389] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.703130][T11389] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.703320][T11389] bridge_slave_0: entered allmulticast mode
[  645.755263][T11583] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  645.755356][T11583] overlayfs: failed to set xattr on upper
[  645.755384][T11583] overlayfs: ...falling back to redirect_dir=nofollow.
[  645.755394][T11583] overlayfs: ...falling back to index=off.
[  645.755418][T11583] overlayfs: ...falling back to uuid=null.
[  645.810529][T11389] bridge_slave_0: entered promiscuous mode
[  645.869623][T11389] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.869719][T11389] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.869906][T11389] bridge_slave_1: entered allmulticast mode
[  645.879143][T11389] bridge_slave_1: entered promiscuous mode
[  646.077260][  T981] hsr_slave_0: left promiscuous mode
[  646.113759][  T981] hsr_slave_1: left promiscuous mode
[  646.114835][  T981] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  646.114864][  T981] batman_adv: batadv0: Removing interface: batadv_slave_0
[  646.186561][  T981] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  646.242684][  T981] batman_adv: batadv0: Removing interface: batadv_slave_1
[  647.198053][   T38] kauditd_printk_skb: 15006 callbacks suppressed
[  647.198074][   T38] audit: type=1400 audit(1761391374.739:714067): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1182 comm="irq/31-virtio1-" saddr=10.128.0.169 src=30008 daddr=10.128.0.223 dest=48406 netif=eth0
[  647.198115][   T38] audit: type=1400 audit(1761391375.299:714068): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=5805 comm="syz-executor" opid=11569 ocomm="syz.0.1958"
[  647.198147][   T38] audit: type=1400 audit(1761391375.299:714069): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=5805 comm="syz-executor" opid=11569 ocomm="syz.0.1958"
[  650.272293][   T38] audit: type=1400 audit(1761391375.329:714070): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11585 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  650.272418][   T38] audit: type=1400 audit(1761391375.329:714071): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11585 comm="dhcpcd-run-hook" name="etc" dev="sda1" ino=116
[  650.272545][   T38] audit: type=1400 audit(1761391376.739:714072): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1182 comm="irq/31-virtio1-" saddr=10.128.0.169 src=30008 daddr=10.128.0.223 dest=48406 netif=eth0
[  650.272673][   T38] audit: type=1400 audit(1761391376.859:714073): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=10583 comm="syz-executor" opid=11581 ocomm="syz.5.1960"
[  650.272805][   T38] audit: type=1400 audit(1761391377.239:714074): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1182 comm="irq/31-virtio1-" saddr=10.128.0.169 src=30008 daddr=10.128.0.223 dest=48406 netif=eth0
[  650.272910][   T38] audit: type=1400 audit(1761391377.739:714075): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=10583 comm="syz-executor" opid=11581 ocomm="syz.5.1960"
[  650.273224][   T38] audit: type=1400 audit(1761391378.359:714076): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="tmpfs" ino=1
[  651.054587][  T981] veth1_macvtap: left promiscuous mode
[  651.054704][  T981] veth0_macvtap: left promiscuous mode
[  651.054982][  T981] veth1_vlan: left promiscuous mode
[  651.056956][  T981] veth0_vlan: left promiscuous mode
[  651.583671][ T5877] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  651.748976][ T5877] usb 7-1: Using ep0 maxpacket: 32
[  651.774128][ T5877] usb 7-1: config 0 has an invalid interface number: 114 but max is 0
[  651.774159][ T5877] usb 7-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  651.774181][ T5877] usb 7-1: config 0 has no interface number 1
[  651.774249][ T5877] usb 7-1: config 0 interface 114 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  651.774277][ T5877] usb 7-1: too many endpoints for config 0 interface 0 altsetting 15: 49, using maximum allowed: 30
[  651.774363][ T5877] usb 7-1: config 0 interface 0 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 49
[  651.774391][ T5877] usb 7-1: config 0 interface 114 has no altsetting 0
[  651.774412][ T5877] usb 7-1: config 0 interface 0 has no altsetting 0
[  651.870937][ T5877] usb 7-1: New USB device found, idVendor=0421, idProduct=00fc, bcdDevice=7f.8a
[  651.870968][ T5877] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.870989][ T5877] usb 7-1: Product: syz
[  651.871004][ T5877] usb 7-1: Manufacturer: syz
[  651.871019][ T5877] usb 7-1: SerialNumber: syz
[  651.926032][ T5877] usb 7-1: config 0 descriptor??
[  652.203482][   T38] kauditd_printk_skb: 4886 callbacks suppressed
[  652.203504][   T38] audit: type=1400 audit(1761391380.329:716248): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop0" dev="sysfs" ino=14686
[  652.203610][   T38] audit: type=1400 audit(1761391380.329:716249): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  652.203658][   T38] audit: type=1400 audit(1761391380.329:716250): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  652.203763][   T38] audit: type=1400 audit(1761391380.329:716251): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  652.203811][   T38] audit: type=1400 audit(1761391380.329:716252): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  652.203916][   T38] audit: type=1400 audit(1761391380.329:716253): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  652.203966][   T38] audit: type=1400 audit(1761391380.329:716254): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop0" dev="sysfs" ino=14686
[  652.204230][   T38] audit: type=1400 audit(1761391380.329:716255): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="slaves" dev="sysfs" ino=14731
[  652.204291][   T38] audit: type=1400 audit(1761391380.329:716256): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  652.204432][   T38] audit: type=1400 audit(1761391380.329:716257): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  652.564737][ T5877] usb 7-1: bad CDC descriptors
[  652.586801][ T5877] usb 7-1: USB disconnect, device number 6
[  652.957558][    C1] vkms_vblank_simulate: vblank timer overrun
[  653.156360][    C1] vkms_vblank_simulate: vblank timer overrun
[  653.375064][    C1] vkms_vblank_simulate: vblank timer overrun
[  653.917997][    C1] vkms_vblank_simulate: vblank timer overrun
[  654.153308][T11619] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1967'.
[  654.153392][T11619] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1967'.
[  654.660106][    C1] vkms_vblank_simulate: vblank timer overrun
[  654.753596][ T5885] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  654.903591][ T5885] usb 7-1: Using ep0 maxpacket: 32
[  654.908313][ T5885] usb 7-1: config 0 has too many interfaces: 248, using maximum allowed: 32
[  654.908342][ T5885] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 248
[  654.908364][ T5885] usb 7-1: config 0 has no interface number 0
[  654.911682][ T5885] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  654.911713][ T5885] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.911734][ T5885] usb 7-1: Product: syz
[  654.911750][ T5885] usb 7-1: Manufacturer: syz
[  654.911765][ T5885] usb 7-1: SerialNumber: syz
[  655.000637][ T5885] usb 7-1: config 0 descriptor??
[  655.011858][ T5885] smsc95xx v2.0.0
[  655.407228][    C1] vkms_vblank_simulate: vblank timer overrun
[  655.490793][    C1] vkms_vblank_simulate: vblank timer overrun
[  655.600749][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.097479][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.177493][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.412419][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.457606][ T5885] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  656.559836][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.826671][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.957926][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.976283][T11629] netlink: 268 bytes leftover after parsing attributes in process `syz.6.1969'.
[  657.027952][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.184608][  T981] team0 (unregistering): Port device team_slave_1 removed
[  657.307167][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.374279][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.458796][    C1] vkms_vblank_simulate: vblank timer overrun
[  657.517279][   T38] kauditd_printk_skb: 7860 callbacks suppressed
[  657.517299][   T38] audit: type=1400 audit(1761391385.649:721889): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.517611][   T38] audit: type=1400 audit(1761391385.649:721890): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.518249][   T38] audit: type=1400 audit(1761391385.649:721891): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.518462][   T38] audit: type=1400 audit(1761391385.649:721892): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.518931][   T38] audit: type=1400 audit(1761391385.649:721893): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=10583 comm="syz-executor" name="19" dev="tmpfs" ino=113
[  657.521471][   T38] audit: type=1400 audit(1761391385.649:721894): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=5792 comm="syz-executor" opid=10637 ocomm="syz-executor"
[  657.556165][   T38] audit: type=1400 audit(1761391385.649:721895): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=10583 comm="syz-executor" path="/19" dev="tmpfs" ino=113
[  657.556299][   T38] audit: type=1400 audit(1761391385.659:721896): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=10583 comm="syz-executor" path="/19" dev="tmpfs" ino=113
[  657.556351][   T38] audit: type=1400 audit(1761391385.659:721897): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.556456][   T38] audit: type=1400 audit(1761391385.659:721898): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10583 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  657.775250][  T981] team0 (unregistering): Port device team_slave_0 removed
[  657.807078][    C1] vkms_vblank_simulate: vblank timer overrun
[  658.188322][    C1] vkms_vblank_simulate: vblank timer overrun
[  658.297793][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.382205][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.423553][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.660081][    C1] vkms_vblank_simulate: vblank timer overrun
[  659.682563][ T5809] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  659.715266][ T5809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  659.716766][ T5809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  659.720184][ T5809] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  659.721625][ T5809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  659.934724][T11640] comedi comedi0: pcl730: I/O port conflict (0xffffffff80000000,4)
[  660.126280][    C1] vkms_vblank_simulate: vblank timer overrun
[  660.512522][    C1] vkms_vblank_simulate: vblank timer overrun
[  660.590014][    C1] vkms_vblank_simulate: vblank timer overrun
[  660.807980][    C1] vkms_vblank_simulate: vblank timer overrun
[  660.896293][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.193753][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.439892][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.508718][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.643321][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.764134][ T5885] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -110
[  661.764472][ T5885] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -110
[  661.873574][ T5809] Bluetooth: hci2: command tx timeout
[  661.895065][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.177106][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.260472][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.379988][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.523587][   T38] kauditd_printk_skb: 5274 callbacks suppressed
[  662.523610][   T38] audit: type=1400 audit(1761391390.649:726267): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" path="/sys/devices/virtual/block/loop5/uevent" dev="sysfs" ino=15297
[  662.523660][   T38] audit: type=1400 audit(1761391390.649:726268): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  662.523705][   T38] audit: type=1400 audit(1761391390.649:726269): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  662.523750][   T38] audit: type=1400 audit(1761391390.649:726270): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  662.523795][   T38] audit: type=1400 audit(1761391390.649:726271): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  662.523840][   T38] audit: type=1400 audit(1761391390.649:726272): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  662.523885][   T38] audit: type=1400 audit(1761391390.649:726273): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop5" dev="sysfs" ino=15296
[  662.523929][   T38] audit: type=1400 audit(1761391390.649:726274): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  662.523982][   T38] audit: type=1400 audit(1761391390.649:726275): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  662.524027][   T38] audit: type=1400 audit(1761391390.649:726276): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  662.617261][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.774214][    C1] vkms_vblank_simulate: vblank timer overrun
[  662.971439][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.094966][ T5809] Bluetooth: hci2: command tx timeout
[  664.204821][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.479255][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.711378][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.773924][    C1] vkms_vblank_simulate: vblank timer overrun
[  664.980798][T11606] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1963'.
[  665.064769][ T1908] usb 7-1: USB disconnect, device number 7
[  665.257952][    C1] vkms_vblank_simulate: vblank timer overrun
[  665.562996][T11389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  665.586545][T11389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  666.164500][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.483832][ T1908] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  666.661134][ T5809] Bluetooth: hci2: command tx timeout
[  666.740787][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.754840][ T1908] usb 1-1: Using ep0 maxpacket: 16
[  666.851172][ T1908] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  666.851205][ T1908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.851227][ T1908] usb 1-1: Product: syz
[  666.851242][ T1908] usb 1-1: Manufacturer: syz
[  666.851258][ T1908] usb 1-1: SerialNumber: syz
[  666.894972][T11688] FAULT_INJECTION: forcing a failure.
[  666.894972][T11688] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  666.895004][T11688] CPU: 0 UID: 0 PID: 11688 Comm: syz.5.1985 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  666.895050][T11688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  666.895061][T11688] Call Trace:
[  666.895069][T11688]  <TASK>
[  666.895077][T11688]  dump_stack_lvl+0x189/0x250
[  666.895110][T11688]  ? __pfx____ratelimit+0x10/0x10
[  666.895133][T11688]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.895159][T11688]  ? __pfx__printk+0x10/0x10
[  666.895195][T11688]  should_fail_ex+0x46c/0x600
[  666.895224][T11688]  _copy_to_user+0x31/0xb0
[  666.895245][T11688]  simple_read_from_buffer+0xe1/0x170
[  666.895275][T11688]  proc_fail_nth_read+0x1b6/0x220
[  666.895297][T11688]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  666.895319][T11688]  ? rw_verify_area+0x2ac/0x4e0
[  666.895340][T11688]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  666.895360][T11688]  vfs_read+0x206/0xa30
[  666.895389][T11688]  ? __pfx_vfs_read+0x10/0x10
[  666.895407][T11688]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  666.895434][T11688]  ? mutex_lock_nested+0x154/0x1d0
[  666.895451][T11688]  ? fdget_pos+0x253/0x320
[  666.895484][T11688]  ksys_read+0x14b/0x260
[  666.895507][T11688]  ? __pfx_ksys_read+0x10/0x10
[  666.895532][T11688]  ? do_syscall_64+0xbe/0xfa0
[  666.895558][T11688]  do_syscall_64+0xfa/0xfa0
[  666.895579][T11688]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.895603][T11688]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.895622][T11688]  ? clear_bhb_loop+0x60/0xb0
[  666.895644][T11688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.895661][T11688] RIP: 0033:0x7f3d9c88d9dc
[  666.895678][T11688] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  666.895693][T11688] RSP: 002b:00007f3d9aaf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  666.895712][T11688] RAX: ffffffffffffffda RBX: 00007f3d9cae5fa0 RCX: 00007f3d9c88d9dc
[  666.895726][T11688] RDX: 000000000000000f RSI: 00007f3d9aaf60a0 RDI: 0000000000000003
[  666.895736][T11688] RBP: 00007f3d9aaf6090 R08: 0000000000000000 R09: 0000000000000000
[  666.895747][T11688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  666.895758][T11688] R13: 00007f3d9cae6038 R14: 00007f3d9cae5fa0 R15: 00007ffdbb457768
[  666.895788][T11688]  </TASK>
[  666.913366][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.956545][ T1908] r8152-cfgselector 1-1: Unknown version 0x0000
[  666.956577][ T1908] r8152-cfgselector 1-1: config 0 descriptor??
[  667.150398][    C1] vkms_vblank_simulate: vblank timer overrun
[  667.339873][T11389] team0: Port device team_slave_0 added
[  667.510249][    C1] vkms_vblank_simulate: vblank timer overrun
[  667.519562][ T5892] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  667.536904][   T38] kauditd_printk_skb: 10343 callbacks suppressed
[  667.536921][   T38] audit: type=1400 audit(1761391395.659:732820): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  667.536965][   T38] audit: type=1400 audit(1761391395.609:732655): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=6712 comm="udevd" name="usb1" dev="sysfs" ino=25704
[  667.537003][   T38] audit: type=1400 audit(1761391395.659:732821): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  667.537043][   T38] audit: type=1400 audit(1761391395.669:732822): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.537082][   T38] audit: type=1400 audit(1761391395.669:732823): lsm=SMACK fn=smack_task_setpgid action=granted subject="_" object="_" requested=w pid=11695 comm="syz-executor" opid=11695 ocomm="syz-executor"
[  667.537119][   T38] audit: type=1400 audit(1761391395.669:732824): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.537153][   T38] audit: type=1400 audit(1761391395.669:732825): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.537188][   T38] audit: type=1400 audit(1761391395.669:732826): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.537226][   T38] audit: type=1400 audit(1761391395.669:732827): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.537265][   T38] audit: type=1400 audit(1761391395.669:732828): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11695 comm="syz-executor" name="31" dev="tmpfs" ino=176
[  667.548403][ T5885] r8152-cfgselector 1-1: USB disconnect, device number 31
[  667.568733][T11389] team0: Port device team_slave_1 added
[  667.655810][T11696] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1988'.
[  667.673522][ T5892] usb 7-1: Using ep0 maxpacket: 16
[  667.763527][ T5892] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  667.763633][ T5892] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  667.803397][ T5892] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  667.803529][ T5892] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.803552][ T5892] usb 7-1: Product: syz
[  667.803567][ T5892] usb 7-1: Manufacturer: syz
[  667.803582][ T5892] usb 7-1: SerialNumber: syz
[  668.756898][ T5809] Bluetooth: hci2: command tx timeout
[  668.885597][T11389] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.885616][T11389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  668.885647][T11389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.983923][ T1908] usb 7-1: USB disconnect, device number 8
[  669.008683][T11389] batman_adv: batadv0: Adding interface: batadv_slave_1
[  669.008703][T11389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  669.008734][T11389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  669.373721][   T44] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  669.488209][T11712] ip6erspan0: entered allmulticast mode
[  669.535306][   T44] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  669.535330][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.132876][   T44] usb 1-1: config 0 descriptor??
[  670.352208][T11389] hsr_slave_0: entered promiscuous mode
[  670.374277][T11389] hsr_slave_1: entered promiscuous mode
[  670.435214][   T44] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  670.642786][   T44] [drm:udl_init] *ERROR* Selecting channel failed
[  670.775140][   T44] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  670.775168][   T44] [drm] Initialized udl on minor 2
[  670.804014][   T44] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  670.815915][   T44] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  670.844250][ T1908] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  670.878617][   T44] usb 1-1: USB disconnect, device number 32
[  670.914032][ T1908] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  670.914910][ T1908] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  671.926804][    C1] vkms_vblank_simulate: vblank timer overrun
[  672.368212][T11736] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  672.549274][   T38] kauditd_printk_skb: 12784 callbacks suppressed
[  672.549295][   T38] audit: type=1400 audit(1761391400.669:740462): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="usb1" dev="sysfs" ino=25704
[  672.549347][   T38] audit: type=1400 audit(1761391400.669:740463): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="/" dev="sda1" ino=2
[  672.549393][   T38] audit: type=1400 audit(1761391400.669:740464): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="/" dev="sysfs" ino=1
[  672.549440][   T38] audit: type=1400 audit(1761391400.669:740465): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="devices" dev="sysfs" ino=7
[  672.549487][   T38] audit: type=1400 audit(1761391400.669:740466): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="platform" dev="sysfs" ino=36
[  672.549533][   T38] audit: type=1400 audit(1761391400.669:740467): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="dummy_hcd.0" dev="sysfs" ino=25675
[  672.549580][   T38] audit: type=1400 audit(1761391400.669:740468): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="usb1" dev="sysfs" ino=25704
[  672.549627][   T38] audit: type=1400 audit(1761391400.669:740469): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="/" dev="sda1" ino=2
[  672.549673][   T38] audit: type=1400 audit(1761391400.669:740470): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="/" dev="sysfs" ino=1
[  672.549719][   T38] audit: type=1400 audit(1761391400.669:740471): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5984 comm="udevd" name="devices" dev="sysfs" ino=7
[  673.171479][    C1] vkms_vblank_simulate: vblank timer overrun
[  674.332477][    C1] vkms_vblank_simulate: vblank timer overrun
[  674.760065][    C1] vkms_vblank_simulate: vblank timer overrun
[  675.127343][    C1] vkms_vblank_simulate: vblank timer overrun
[  676.517382][    C1] vkms_vblank_simulate: vblank timer overrun
[  677.614556][    C1] vkms_vblank_simulate: vblank timer overrun
[  677.623046][   T38] kauditd_printk_skb: 10236 callbacks suppressed
[  677.623068][   T38] audit: type=1400 audit(1761391405.559:745317): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="newroot" dev="tmpfs" ino=2
[  677.623120][   T38] audit: type=1400 audit(1761391405.559:745318): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="/" dev="proc" ino=1
[  677.623167][   T38] audit: type=1400 audit(1761391405.559:745319): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="/" dev="proc" ino=1
[  677.623214][   T38] audit: type=1400 audit(1761391405.559:745320): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="1082" dev="proc" ino=36827
[  677.623264][   T38] audit: type=1400 audit(1761391405.559:745321): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="ns" dev="proc" ino=37929
[  677.623312][   T38] audit: type=1400 audit(1761391405.559:745322): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=11758 comm="syz.0.2001" dev="nsfs" ino=4026532813
[  677.623360][   T38] audit: type=1400 audit(1761391405.559:745323): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=11758 comm="syz.0.2001" path="net:[4026532813]" dev="nsfs" ino=4026532813
[  677.623409][   T38] audit: type=1400 audit(1761391405.739:745324): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="newroot" dev="tmpfs" ino=2
[  677.657918][   T38] audit: type=1400 audit(1761391405.739:745325): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11758 comm="syz.0.2001" name="/" dev="devtmpfs" ino=1
[  677.657971][   T38] audit: type=1400 audit(1761391405.739:745326): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=11758 comm="syz.0.2001" name="kvm" dev="devtmpfs" ino=84
[  677.668682][    C1] vkms_vblank_simulate: vblank timer overrun
[  678.610085][    C1] vkms_vblank_simulate: vblank timer overrun
[  678.817161][    C1] vkms_vblank_simulate: vblank timer overrun
[  679.322074][    C1] vkms_vblank_simulate: vblank timer overrun
[  679.946792][ T5885] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  680.099890][ T5885] usb 7-1: config index 0 descriptor too short (expected 2489, got 441)
[  680.099922][ T5885] usb 7-1: config 0 has an invalid interface number: 0 but max is -1
[  680.099944][ T5885] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  680.099963][ T5885] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 0
[  680.152602][ T5885] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  680.152637][ T5885] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=8
[  680.152660][ T5885] usb 7-1: SerialNumber: syz
[  680.211062][ T5885] usb 7-1: config 0 descriptor??
[  680.243986][    C1] vkms_vblank_simulate: vblank timer overrun
[  680.268845][ T5885] pwc: Askey VC010 type 2 USB webcam detected.
[  680.369592][T11637] chnl_net:caif_netlink_parms(): no params data found
[  680.756353][    C1] vkms_vblank_simulate: vblank timer overrun
[  680.836110][ T5980] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.891262][ T5885] pwc: recv_control_msg error -32 req 02 val 2b00
[  680.892425][ T5885] pwc: recv_control_msg error -32 req 02 val 2700
[  680.893128][ T5885] pwc: recv_control_msg error -32 req 02 val 2c00
[  680.893568][    C0] raw-gadget.0 gadget.6: ignoring, device is not running
[  680.903760][ T5885] pwc: recv_control_msg error -32 req 04 val 1000
[  680.904302][ T5885] pwc: recv_control_msg error -71 req 04 val 1300
[  680.913646][ T5885] pwc: recv_control_msg error -71 req 04 val 1400
[  680.923683][ T5885] pwc: recv_control_msg error -71 req 02 val 2000
[  680.943558][ T5885] pwc: recv_control_msg error -71 req 02 val 2100
[  680.954073][ T5885] pwc: recv_control_msg error -71 req 04 val 1500
[  680.956716][ T5885] pwc: recv_control_msg error -71 req 02 val 2500
[  680.958065][ T5885] pwc: recv_control_msg error -71 req 02 val 2400
[  680.959482][ T5885] pwc: recv_control_msg error -71 req 02 val 2600
[  680.959985][ T5885] pwc: recv_control_msg error -71 req 02 val 2900
[  680.960463][ T5885] pwc: recv_control_msg error -71 req 02 val 2800
[  681.012358][ T5885] pwc: recv_control_msg error -71 req 04 val 1100
[  681.012876][ T5885] pwc: recv_control_msg error -71 req 04 val 1200
[  681.034678][ T5885] pwc: Registered as video103.
[  681.038306][ T5885] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input19
[  681.081642][ T5885] usb 7-1: USB disconnect, device number 9
[  682.132958][ T5980] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.623689][   T38] kauditd_printk_skb: 8630 callbacks suppressed
[  682.623708][   T38] audit: type=1400 audit(1761391410.759:752385): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  682.624277][   T38] audit: type=1400 audit(1761391410.759:752386): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop5" dev="sysfs" ino=15296
[  682.624689][   T38] audit: type=1400 audit(1761391410.759:752387): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" path="/sys/devices/virtual/block/loop5/uevent" dev="sysfs" ino=15297
[  682.625419][   T38] audit: type=1400 audit(1761391410.759:752388): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  682.625735][   T38] audit: type=1400 audit(1761391410.759:752389): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  682.626548][   T38] audit: type=1400 audit(1761391410.759:752390): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="devices" dev="sysfs" ino=7
[  682.626799][   T38] audit: type=1400 audit(1761391410.759:752391): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="virtual" dev="sysfs" ino=1375
[  682.627047][   T38] audit: type=1400 audit(1761391410.759:752392): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="block" dev="sysfs" ino=12896
[  682.627286][   T38] audit: type=1400 audit(1761391410.759:752393): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="loop5" dev="sysfs" ino=15296
[  682.627683][   T38] audit: type=1400 audit(1761391410.759:752394): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=5174 comm="udevd" name="uevent" dev="sysfs" ino=15297
[  682.637950][    C1] vkms_vblank_simulate: vblank timer overrun
[  683.725060][T10572] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  683.812639][    C1] vkms_vblank_simulate: vblank timer overrun
[  683.834168][T10572] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  683.941452][T10572] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  683.952459][T10572] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  683.956147][T10572] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  685.549272][    C1] vkms_vblank_simulate: vblank timer overrun
[  686.962488][    C1] vkms_vblank_simulate: vblank timer overrun
[  686.968892][T10572] Bluetooth: hci3: command tx timeout
[  686.983238][T11832] ip6erspan0: entered allmulticast mode
[  687.274822][    C1] vkms_vblank_simulate: vblank timer overrun
[  687.434558][ T5980] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  687.634584][   T38] kauditd_printk_skb: 6677 callbacks suppressed
[  687.634607][   T38] audit: type=1400 audit(1761391415.669:757722): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  687.636736][   T38] audit: type=1400 audit(1761391415.669:757723): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="39" dev="tmpfs" ino=216
[  687.636813][   T38] audit: type=1400 audit(1761391415.669:757724): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  687.637375][   T38] audit: type=1400 audit(1761391415.669:757725): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  688.439399][    C1] vkms_vblank_simulate: vblank timer overrun
[  688.441570][   T38] audit: type=1400 audit(1761391415.669:757726): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="39" dev="tmpfs" ino=216
[  688.441627][   T38] audit: type=1400 audit(1761391415.669:757727): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=10571 comm="syz-executor" path="/39/cgroup.net" dev="tmpfs" ino=219
[  688.441673][   T38] audit: type=1400 audit(1761391415.679:757728): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  688.441719][   T38] audit: type=1400 audit(1761391415.679:757729): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="newroot" dev="tmpfs" ino=2
[  688.441764][   T38] audit: type=1400 audit(1761391415.679:757730): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=10571 comm="syz-executor" name="39" dev="tmpfs" ino=216
[  688.441809][   T38] audit: type=1400 audit(1761391415.679:757731): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=10571 comm="syz-executor" name="39" dev="tmpfs" ino=216
[  688.863826][T11637] bridge0: port 1(bridge_slave_0) entered blocking state
[  688.865980][T11637] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.866243][T11637] bridge_slave_0: entered allmulticast mode
[  688.872701][T11637] bridge_slave_0: entered promiscuous mode
[  688.925717][T11637] bridge0: port 2(bridge_slave_1) entered blocking state
[  688.925863][T11637] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.926116][T11637] bridge_slave_1: entered allmulticast mode
[  688.931214][T11637] bridge_slave_1: entered promiscuous mode
[  689.044602][T10572] Bluetooth: hci3: command tx timeout
[  689.107361][    C1] vkms_vblank_simulate: vblank timer overrun
[  689.300494][ T5980] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.995697][T11637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  690.022714][T11637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  690.240131][    C1] vkms_vblank_simulate: vblank timer overrun
[  691.068232][T11637] team0: Port device team_slave_0 added
[  691.126755][T10572] Bluetooth: hci3: command tx timeout
[  691.172709][T11637] team0: Port device team_slave_1 added
[  691.236890][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  691.236968][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  692.173188][T11894] fuse: Unknown parameter '0x0000000000000003'
[  692.616396][T11637] batman_adv: batadv0: Adding interface: batadv_slave_0
[  692.616415][T11637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  692.616446][T11637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  692.643513][   T38] kauditd_printk_skb: 10563 callbacks suppressed
[  692.643534][   T38] audit: type=1400 audit(1761391420.769:763147): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="etc" dev="sda1" ino=116
[  692.643583][   T38] audit: type=1400 audit(1761391420.769:763148): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.643630][   T38] audit: type=1400 audit(1761391420.769:763149): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="etc" dev="sda1" ino=116
[  692.643675][   T38] audit: type=1400 audit(1761391420.769:763150): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.643719][   T38] audit: type=1400 audit(1761391420.769:763151): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.643765][   T38] audit: type=1400 audit(1761391420.769:763152): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="lib" dev="sda1" ino=264
[  692.643809][   T38] audit: type=1400 audit(1761391420.769:763153): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.643851][   T38] audit: type=1400 audit(1761391420.769:763154): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.643895][   T38] audit: type=1400 audit(1761391420.769:763155): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="lib" dev="sda1" ino=264
[  692.643939][   T38] audit: type=1400 audit(1761391420.769:763156): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11903 comm="rm" name="/" dev="sda1" ino=2
[  692.666614][T11906] FAULT_INJECTION: forcing a failure.
[  692.666614][T11906] name failslab, interval 1, probability 0, space 0, times 0
[  692.666656][T11906] CPU: 1 UID: 0 PID: 11906 Comm: syz.6.2028 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  692.666687][T11906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  692.666702][T11906] Call Trace:
[  692.666714][T11906]  <TASK>
[  692.666725][T11906]  dump_stack_lvl+0x189/0x250
[  692.666771][T11906]  ? __pfx____ratelimit+0x10/0x10
[  692.666802][T11906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  692.666840][T11906]  ? __pfx__printk+0x10/0x10
[  692.666878][T11906]  ? __pfx___might_resched+0x10/0x10
[  692.666907][T11906]  ? fs_reclaim_acquire+0x7d/0x100
[  692.666948][T11906]  should_fail_ex+0x46c/0x600
[  692.666987][T11906]  ? __alloc_skb+0x112/0x2d0
[  692.667010][T11906]  should_failslab+0xa8/0x100
[  692.667047][T11906]  ? __alloc_skb+0x112/0x2d0
[  692.667070][T11906]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  692.667102][T11906]  ? smack_socket_sendmsg+0x1a7/0x520
[  692.667138][T11906]  __alloc_skb+0x112/0x2d0
[  692.667165][T11906]  netlink_sendmsg+0x5c6/0xb30
[  692.667186][T11906]  ? is_bpf_text_address+0x26/0x2b0
[  692.667268][T11906]  ? __pfx_netlink_sendmsg+0x10/0x10
[  692.667306][T11906]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  692.667341][T11906]  ? __pfx_netlink_sendmsg+0x10/0x10
[  692.667369][T11906]  __sock_sendmsg+0x21c/0x270
[  692.667408][T11906]  ____sys_sendmsg+0x508/0x820
[  692.667445][T11906]  ? __pfx_____sys_sendmsg+0x10/0x10
[  692.667484][T11906]  ? import_iovec+0x74/0xa0
[  692.667516][T11906]  ___sys_sendmsg+0x21f/0x2a0
[  692.667549][T11906]  ? __pfx____sys_sendmsg+0x10/0x10
[  692.667622][T11906]  ? __fget_files+0x2a/0x420
[  692.667655][T11906]  ? __fget_files+0x3a6/0x420
[  692.667703][T11906]  __x64_sys_sendmsg+0x1a1/0x260
[  692.667735][T11906]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  692.667776][T11906]  ? __pfx_ksys_write+0x10/0x10
[  692.667811][T11906]  ? do_syscall_64+0xbe/0xfa0
[  692.667848][T11906]  do_syscall_64+0xfa/0xfa0
[  692.667878][T11906]  ? lockdep_hardirqs_on+0x9c/0x150
[  692.667908][T11906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.667934][T11906]  ? clear_bhb_loop+0x60/0xb0
[  692.667963][T11906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.667988][T11906] RIP: 0033:0x7fef7946efc9
[  692.668010][T11906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.668033][T11906] RSP: 002b:00007fef776ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.668060][T11906] RAX: ffffffffffffffda RBX: 00007fef796c6090 RCX: 00007fef7946efc9
[  692.668080][T11906] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  692.668097][T11906] RBP: 00007fef776ad090 R08: 0000000000000000 R09: 0000000000000000
[  692.668112][T11906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.668128][T11906] R13: 00007fef796c6128 R14: 00007fef796c6090 R15: 00007ffc157d92b8
[  692.668170][T11906]  </TASK>
[  692.715427][T11637] batman_adv: batadv0: Adding interface: batadv_slave_1
[  692.715449][T11637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  692.715486][T11637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  693.025480][    C1] vkms_vblank_simulate: vblank timer overrun
[  693.203952][ T5809] Bluetooth: hci3: command tx timeout
[  693.294835][ T5809] Bluetooth: hci4: command 0x0406 tx timeout
[  693.294876][ T5809] Bluetooth: hci6: command 0x0406 tx timeout
[  693.559649][    C1] vkms_vblank_simulate: vblank timer overrun
[  694.414848][    C1] vkms_vblank_simulate: vblank timer overrun
[  695.530675][ T5980] bridge_slave_1: left allmulticast mode
[  695.530708][ T5980] bridge_slave_1: left promiscuous mode
[  695.530990][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  695.599251][ T5980] bridge_slave_0: left allmulticast mode
[  695.599282][ T5980] bridge_slave_0: left promiscuous mode
[  695.599561][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  696.138410][T11218] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  696.367407][    C1] vkms_vblank_simulate: vblank timer overrun
[  696.819160][T11218] usb 1-1: unable to get BOS descriptor or descriptor too short
[  696.821582][T11218] usb 1-1: not running at top speed; connect to a high speed hub
[  696.864411][T11218] usb 1-1: config 2 has an invalid interface number: 254 but max is 0
[  696.864441][T11218] usb 1-1: config 2 has no interface number 0
[  696.864477][T11218] usb 1-1: config 2 interface 254 has no altsetting 0
[  696.914738][T11218] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=20.52
[  696.914771][T11218] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.914793][T11218] usb 1-1: Product: syz
[  696.914808][T11218] usb 1-1: Manufacturer: syz
[  696.914824][T11218] usb 1-1: SerialNumber: syz
[  697.059318][    C1] vkms_vblank_simulate: vblank timer overrun
[  697.105079][T11940] fuse: Unknown parameter '0x0000000000000003'
[  697.161564][T11218] ims_pcu 1-1:2.254: probe with driver ims_pcu failed with error -22
[  697.176039][T11218] usb 1-1: USB disconnect, device number 33
[  697.524652][    C1] vkms_vblank_simulate: vblank timer overrun
[  697.594177][    C1] vkms_vblank_simulate: vblank timer overrun
[  697.653657][   T38] kauditd_printk_skb: 10479 callbacks suppressed
[  697.653679][   T38] audit: type=1400 audit(1761391425.759:769136): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836
[  697.653728][   T38] audit: type=1400 audit(1761391425.759:769137): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=11928 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836
[  697.653777][   T38] audit: type=1400 audit(1761391425.769:769138): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=11928 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth3.ipv4ll" dev="tmpfs" ino=6412
[  697.653830][   T38] audit: type=1400 audit(1761391425.769:769139): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  697.653876][   T38] audit: type=1400 audit(1761391425.769:769140): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="etc" dev="sda1" ino=116
[  697.653924][   T38] audit: type=1400 audit(1761391425.769:769141): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  697.653970][   T38] audit: type=1400 audit(1761391425.769:769142): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="var" dev="sda1" ino=2001
[  697.654027][   T38] audit: type=1400 audit(1761391425.769:769143): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="var" dev="sda1" ino=2001
[  697.654074][   T38] audit: type=1400 audit(1761391425.769:769144): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="/" dev="sda1" ino=2
[  697.654119][   T38] audit: type=1400 audit(1761391425.769:769145): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=11928 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1
[  697.674487][    C1] vkms_vblank_simulate: vblank timer overrun
[  697.954850][    C1] vkms_vblank_simulate: vblank timer overrun
[  698.115093][ T1244] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  698.151462][T11959] Bluetooth: MGMT ver 1.23
[  698.151506][T11959] Bluetooth: hci0: invalid len left 7, exp >= 112
[  698.154583][T11226] IPVS: starting estimator thread 0...
[  698.294083][T11960] IPVS: using max 7 ests per chain, 16800 per kthread
[  698.317680][ T1244] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  698.317708][ T1244] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  698.326790][ T1244] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  698.326826][ T1244] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.326852][ T1244] usb 1-1: Product: syz
[  698.326871][ T1244] usb 1-1: Manufacturer: syz
[  698.326889][ T1244] usb 1-1: SerialNumber: syz
[  699.275149][    C1] vkms_vblank_simulate: vblank timer overrun
[  699.506933][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.454570][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.524487][ T5980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  700.625215][ T5980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  700.680113][ T5980] bond0 (unregistering): Released all slaves
[  700.904055][   T31] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  700.945341][T11637] hsr_slave_0: entered promiscuous mode
[  700.946817][T11637] hsr_slave_1: entered promiscuous mode
[  700.947817][T11637] debugfs: 'hsr0' already exists in 'hsr'
[  700.947844][T11637] Cannot create hsr debugfs directory
[  701.058592][   T31] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  701.058625][   T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.083058][   T31] usb 7-1: config 0 descriptor??
[  701.354841][ T1244] usb 1-1: cannot find UAC_HEADER
[  701.424975][   T31] udl 7-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  701.710876][   T31] [drm:udl_init] *ERROR* Selecting channel failed
[  701.727063][ T1244] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  701.760558][ T1244] usb 1-1: USB disconnect, device number 34
[  701.874266][   T31] [drm] Initialized udl 0.0.1 for 7-1:0.0 on minor 2
[  701.874292][   T31] [drm] Initialized udl on minor 2
[  701.896908][   T31] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  701.897266][   T31] udl 7-1:0.0: [drm] Cannot find any crtc or sizes
[  701.903062][ T1908] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  701.930168][ T1908] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  701.930372][ T1908] udl 7-1:0.0: [drm] Cannot find any crtc or sizes
[  701.951414][   T31] usb 7-1: USB disconnect, device number 10
[  702.037215][    C1] vkms_vblank_simulate: vblank timer overrun
[  702.552977][ T5984] udevd[5984]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  702.663626][ T6123] audit_log_start: 9477 callbacks suppressed
[  702.663647][ T6123] audit: audit_backlog=65 > audit_backlog_limit=64
[  702.663660][ T6123] audit: audit_lost=193336 audit_rate_limit=0 audit_backlog_limit=64
[  702.663676][ T6123] audit: backlog limit exceeded
[  702.663716][ T6123] audit: audit_backlog=65 > audit_backlog_limit=64
[  702.663729][ T6123] audit: audit_lost=193337 audit_rate_limit=0 audit_backlog_limit=64
[  702.663745][ T6123] audit: backlog limit exceeded
[  702.663777][ T6123] audit: audit_backlog=65 > audit_backlog_limit=64
[  702.663791][ T6123] audit: audit_lost=193338 audit_rate_limit=0 audit_backlog_limit=64
[  702.663807][ T6123] audit: backlog limit exceeded
[  702.663837][ T6123] audit: audit_backlog=65 > audit_backlog_limit=64
[  705.950065][ T5980] hsr_slave_0: left promiscuous mode
[  705.984219][ T5980] hsr_slave_1: left promiscuous mode
[  705.985315][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  705.985342][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  706.187939][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  706.187995][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  706.684554][ T5980] veth1_macvtap: left promiscuous mode
[  706.684671][ T5980] veth0_macvtap: left promiscuous mode
[  706.684939][ T5980] veth1_vlan: left promiscuous mode
[  706.685134][ T5980] veth0_vlan: left promiscuous mode
[  707.044372][T12026] fuse: Unknown parameter 'fd0x0000000000000003'
[  707.342285][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.379171][   T38] kauditd_printk_skb: 7446 callbacks suppressed
[  708.379195][   T38] audit: type=1400 audit(1761391435.899:779812): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=12027 comm="syz.6.2057" name="newroot" dev="tmpfs" ino=2
[  708.379249][   T38] audit: type=1400 audit(1761391435.899:779813): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=12027 comm="syz.6.2057" name="/" dev="proc" ino=1
[  708.379289][   T38] audit: type=1400 audit(1761391435.899:779814): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=12027 comm="syz.6.2057" name="/" dev="proc" ino=1
[  708.379330][   T38] audit: type=1400 audit(1761391435.899:779815): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=12027 comm="syz.6.2057" name="181" dev="proc" ino=39547
[  708.379369][   T38] audit: type=1400 audit(1761391435.909:779816): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=12027 comm="syz.6.2057" name="ns" dev="proc" ino=38569
[  708.379409][   T38] audit: type=1400 audit(1761391435.909:779817): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=12027 comm="syz.6.2057" dev="nsfs" ino=4026532915
[  708.379450][   T38] audit: type=1400 audit(1761391435.909:779818): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=12027 comm="syz.6.2057" path="net:[4026532915]" dev="nsfs" ino=4026532915
[  708.379490][   T38] audit: type=1400 audit(1761391436.369:779819): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1182 comm="irq/31-virtio1-" saddr=10.128.0.169 src=30008 daddr=10.128.0.223 dest=48406 netif=eth0
[  708.393505][   T38] audit: type=1400 audit(1761391436.519:779820): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sda1" ino=2
[  708.393559][   T38] audit: type=1400 audit(1761391436.519:779821): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=5174 comm="udevd" name="/" dev="sysfs" ino=1
[  708.668255][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.892361][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.022865][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.094888][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.356061][    C1] vkms_vblank_simulate: vblank timer overrun
[  710.733670][    C1] vkms_vblank_simulate: vblank timer overrun
[  710.733922][   T26] ==================================================================
[  710.733936][   T26] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190
[  710.733974][   T26] Read of size 8 at addr ffffc90005cb9090 by task irq_work/1/26
[  710.733992][   T26] 
[  710.734003][   T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  710.734027][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  710.734042][   T26] Call Trace:
[  710.734050][   T26]  <TASK>
[  710.734060][   T26]  dump_stack_lvl+0x189/0x250
[  710.734114][   T26]  ? run_irq_workd+0x116/0x190
[  710.734146][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.734179][   T26]  ? __pfx__printk+0x10/0x10
[  710.734209][   T26]  ? __virt_addr_valid+0xdc/0x5c0
[  710.734241][   T26]  ? __virt_addr_valid+0xdc/0x5c0
[  710.734275][   T26]  print_report+0xca/0x240
[  710.734305][   T26]  ? run_irq_workd+0x116/0x190
[  710.734334][   T26]  kasan_report+0x118/0x150
[  710.734367][   T26]  ? run_irq_workd+0x116/0x190
[  710.734402][   T26]  run_irq_workd+0x116/0x190
[  710.734432][   T26]  ? __pfx_run_irq_workd+0x10/0x10
[  710.734463][   T26]  ? schedule+0x91/0x360
[  710.734490][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.734520][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.734547][   T26]  smpboot_thread_fn+0x542/0xa60
[  710.734576][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.734609][   T26]  kthread+0x711/0x8a0
[  710.734643][   T26]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  710.734671][   T26]  ? __pfx_kthread+0x10/0x10
[  710.734702][   T26]  ? rt_spin_unlock+0x150/0x200
[  710.734737][   T26]  ? rt_spin_unlock+0x161/0x200
[  710.734758][   T26]  ? __pfx_kthread+0x10/0x10
[  710.734791][   T26]  ret_from_fork+0x4bc/0x870
[  710.734819][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[  710.734849][   T26]  ? __switch_to_asm+0x39/0x70
[  710.734871][   T26]  ? __switch_to_asm+0x33/0x70
[  710.734892][   T26]  ? __pfx_kthread+0x10/0x10
[  710.734924][   T26]  ret_from_fork_asm+0x1a/0x30
[  710.734956][   T26]  </TASK>
[  710.734965][   T26] 
[  710.734971][   T26] The buggy address belongs to a vmalloc virtual mapping
[  710.734993][   T26] Memory state around the buggy address:
[  710.735006][   T26]  ffffc90005cb8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  710.735022][   T26]  ffffc90005cb9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  710.735037][   T26] >ffffc90005cb9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  710.735057][   T26]                          ^
[  710.735069][   T26]  ffffc90005cb9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  710.735085][   T26]  ffffc90005cb9180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  710.735097][   T26] ==================================================================
[  710.735123][   T26] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  710.735139][   T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  710.735164][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  710.735177][   T26] Call Trace:
[  710.735187][   T26]  <TASK>
[  710.735196][   T26]  dump_stack_lvl+0x99/0x250
[  710.735229][   T26]  ? __asan_memcpy+0x40/0x70
[  710.735253][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.735285][   T26]  ? __pfx__printk+0x10/0x10
[  710.735318][   T26]  vpanic+0x237/0x6d0
[  710.735339][   T26]  ? __pfx_vpanic+0x10/0x10
[  710.735366][   T26]  panic+0xb9/0xc0
[  710.735386][   T26]  ? __pfx_panic+0x10/0x10
[  710.735405][   T26]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  710.735437][   T26]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  710.735470][   T26]  ? run_irq_workd+0x116/0x190
[  710.735500][   T26]  check_panic_on_warn+0x89/0xb0
[  710.735522][   T26]  ? run_irq_workd+0x116/0x190
[  710.735552][   T26]  end_report+0x78/0x160
[  710.735581][   T26]  kasan_report+0x129/0x150
[  710.735614][   T26]  ? run_irq_workd+0x116/0x190
[  710.735648][   T26]  run_irq_workd+0x116/0x190
[  710.735679][   T26]  ? __pfx_run_irq_workd+0x10/0x10
[  710.735709][   T26]  ? schedule+0x91/0x360
[  710.735742][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.735770][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.735797][   T26]  smpboot_thread_fn+0x542/0xa60
[  710.735826][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[  710.735858][   T26]  kthread+0x711/0x8a0
[  710.735891][   T26]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  710.735919][   T26]  ? __pfx_kthread+0x10/0x10
[  710.735949][   T26]  ? rt_spin_unlock+0x150/0x200
[  710.735973][   T26]  ? rt_spin_unlock+0x161/0x200
[  710.735994][   T26]  ? __pfx_kthread+0x10/0x10
[  710.736024][   T26]  ret_from_fork+0x4bc/0x870
[  710.736053][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[  710.736083][   T26]  ? __switch_to_asm+0x39/0x70
[  710.736104][   T26]  ? __switch_to_asm+0x33/0x70
[  710.736125][   T26]  ? __pfx_kthread+0x10/0x10
[  710.736157][   T26]  ret_from_fork_asm+0x1a/0x30
[  710.736190][   T26]  </TASK>
[  710.736528][   T26] Kernel Offset: disabled