last executing test programs:

2m1.013991209s ago: executing program 1 (id=14):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000000)=@fragment={0x5c, 0x0, 0x1, 0x0, 0x0, 0xd, 0x65}, 0x8) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) (async)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf9", 0x0, 0x6}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000280)) (async)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000080))
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0xa13ca8e5839881ac, 0x4}) (async)
r6 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi1\x00', 0x24c101, 0x0) (async)
socket(0x10, 0x803, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r9, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r8]) (async)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0xc048aeca, &(0x7f0000000380)) (async)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x0, 0xa, 0x9, 0x5, 0x2f, 0x7, 0x7, 0x5, 0xffe, 0x1, 0x0, 0x8500, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0xf64, 0x1ff, 0x901, 0x10, 0x100, 0x8, 0xe2df, 0x746f, 0x2, 0x5, 0x3, 0x0, 0xf336, 0x201]})
sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x2, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c)

1m59.829968746s ago: executing program 1 (id=16):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_TTY(r1, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000001080)={&(0x7f0000000040)={0x1010, 0x464, 0x100, 0x70bd26, 0x25dfdbfe, "09d610ed022106570783c9f7bc9eb8087beb4f5f766078ba76580f560a52f91345cc8fddb8c6848ca163991ae5bc6a57448a1df7a6df629de749e233fc0bdf5c5b3d86acf024fe164d1756c18ef3cb1b1a5d2a72e79923d472769a20ed963ddb5011892efc53d9261d46f2e095d1468d4505760dcb917dd587fded7067d5a3a8d890bafe1dc7495111acd13d8131c526caa2ffb3423b69c7fb6cb2e9cafb1018c89274c3237c920dacb9d529195064480bf4f67b7a9f7ab1489d3ba6444c34ac1a00cfd77dae5d7a2cfe8388ba8a4349be670faf9cb85a9cae94a5b02da3cf05027e62e9126e813397f7ae11698812a8c8899aec5d50537968a67c4963ef56d0cb83d7e76bb3ebffad0130bef5d20f5b7448e1c6ad876ddc60d01c06eccf27c35066d370393c4654c77503dec49415ed86a837e573f839d3998af353a3da510af181d3b62749ef436ea1b708f07899cba92ac71e6f2a258d06b4b44b88d98754055334aaafed2dbe93d26009a52c2bc6d23214f4a6a43dc65df95fee94a452f7761f5f4c4ee0ede9fbbe7a940021cfe1bf2dbf5df928ee8b4048700e7ea7c8479a337295dd55e14128f830351aa77e2afcfd9d625cc3ef5857d13a60935d4b5e6ce1c35fd41ccc97ef4e4739f5dabc4cb080100abfa6cd321dd45af310ddcbf898669250720cebfa9131a99df28c00fa3217903f8231b3e6bb906b273e7f2381a21280e37d41f19dc7199fe8c4f74e7c6f19ae9cda1dea3db6c7c39cbec50af46a3b8f88a16ac4b8f7465bb39851d8b1c196b3c51c7a5ae60fef873f21789144ef423b06e56bb7796986ae965425c43bb27620d5980c3413f240a74853cbf0a3a2b917c93f75822d10cfab70ea40e2024054b2aa0b27a7a317a3286a5c9f407093610fccbb2a31de2af61344aafefb97819316052cb07ed532ddf1769fdf7e2b1e45dab082f73e3ca3960afe0149c3e3a5c5a5592e002953b8c3191ecb5782cf3b852b99b636ea0d9f49b2d031daea9164e3ef8ff052f15394ddbeae0f998395dc6b7e2ed108f8dfdfef11db25d604959b9819d58cdbd4e667441a739903a4c88ca7dbb3bb153e60a091b98578a3c82f76988dfa83f7f3393b03bfe334f9a4687d3ff02b4b3897173b39507e26010fc85b7aea2b40fc06724d9cf688566857da2f2380c5339daef1ddbe01f1c733215ace892e995638e41f20e6d01186abf58fbe8a5d8c88830ce11422fe9c1a632765ec837fc451ad52e2fe2dd698401104336913c5ece7527b6e181a81edff718cc619ca4783c5f5fdca691d4ab61ffc09ed1855493e4e1cf3ed76eae6e1ee39ab2755e66449daa88545f058e292d8889ec836d97054475bbebd2618cdbf4af61e55014f7ad13ef4fc4707fe38467484d161b0c3303d70de3bed110e71bfcfdf7b42c29cc87856c09338274ffd8f83ed1d9fc80d2df72a6d1cfddf9779351b182da0c62a0a3877ab6e9632dbf14de2c30235113af862174f8fe288823db5bef14554e88d49afd1196ab5eb962d615bf1faa82eeecb5c372cf698a4f73ae914566289f2bf6302f7e783698148e63f71eab5c36c4e6dabda47d6ac39bfce9509d52864a96c2738a973c0c3a9d8bfbc62255791a07b0c212f1566492859e06ee918c3c6c91dd9e16641388b5ea059a26690b67b0954d12cee7c6e665117b49edbe337bc63392ae24a832fe62d1e3339addfdc4de06cb0a4bf5cd695149bc9ccd3ba8bde1de9837c7ceeffd5604e83295e8a67b1b7101c36fc70d2273e1a43e345701b53f5c7c85deeeeb36eca0384109e4e0a99889c4c4b7095fc37cf314effd947d1c2646e675cf754c1d4c1f9b5458c9ee76926f2c4c06e61b90de0e4ac2327cc55661900c9e9b408a323c046314c4e428621bf67bc1bb8c9f84aa4fc7253376086964048c357380c125ddcbe6bd3ecb91fef30cd731f18354823fa3bce5ee23a192b5cfa49f0a3ce8112b0f8a3028ead3da5a399987370418afcfdf956e6be71edb20c8ba64d1d3588b4e61fe236d740f3f2ea4ae20c7e1532164a5f9221d687ea840537ed2764d39c8e4c21293a4ad173f646c0c5b365576544092bbb4e9dd545c8d160310151123fd4c2ea3309ded7edf5f2e3d66acef85d17f0e23b829beb51807cfe94e12bf93b3c4489d162df4e5d33a83f05177ae2dc2a59b0e5734a49756080ede627f4f5daed8fb1c326877710089bd4c2aeb7b611e7ed8eb8003caaf4e9b9a1c403b46ba9c00b182b21a7f82e0629493e39c7eff5b5313106012bc98548be88df13db4c021f9aa18cf64054ff4fa36e3fedc5540af2f556f386eb1a5ae5193a05eacb86cc7affec88b022e4702a65555c604032b10995edae62f3d3022633ed496a8cdaf676922a5ab2d7b91a1ca0d7e7de7914ce2cab2008f78d39cae5b24d4dd9f4027eb45f309e040b8b4b57d372e3c86f3b7fd54e1bb7320f72361c636ef86f27261a0e1dc8e81d73f466e644dd816017b85b672ea2591d22a19eb712cbc43dac0784bbb84985a11351675ad54d2a825e99608c53f927ad46170ac16dd321509aa9c809488cea9253269756cd3091a684ca8aef88587d96e013562ef21f503f9db78c723670b8178aa45cabfad6d7c0738792e8db4efb7091c24b23cdf2a72c287a5dc0b9b642a44f36630ee50ad44fa8d883d151e8a1653d121764bd0bca37418629cbebab9b8025d38381d8defb734c8493ac5fab0faf7d774a892b2e3e1169e455714fc639fda579f5c18eef09023384259a72057d92125e4f5b64642e1feb8c72aaeb16f4f5b1ad29fab3266c650f3c2679ef2d8f803e25b7a7511c628696f04d2fcef11d45e04d17dab6fbe168b0b122170873afa78f61a77371ea2b9f96a06c428611d9305e16948801f5d84352de1dcf1a4a6a5c29fed66c91c2758f55fa28adae7d33727eb90d5182328686a8ffeed13503db886798ef68b6fe32e3b8c39e4cdabc625b6ece084911c88a1f37face7c5472f35302db24d8a98eb802baaec3d671acb1dabfeff6f463d309210f04a5b7719e2a8ceec596e4fbcc31c84583c51283150e29dd4e1bb33880ba82ed536d175aa4abd82b19bc3d229ce1afdff5459fc48accb6a8ab7d73d26a6806015f9987a255c865c72bc2b34a6d02e44e36a4bf3cfffbbee612adf3c9a351f374f57e6701df9de00f0b934235b91138ecdbb7256678ddb165ae501cfdae7ca3b947f9e21c7d531119e2744ac800656d43a628b54263268660a97d484a59c9a4b364cc17638f08666a28fb47d54fcfcc45d1937dffb94e76e77455aade758ae4cad4d076c865af43e4b5d671bf7aa1aeadc20e0b9a1e214e7cce7e3446385f4a9c142acdef34da84fc0c851a14d6053626bbb687c5da1306a56936f926d410169b1b3b17d09959f7f1c9b063c78424a4cad70eed435c317db3851b63148d72b692cf734e6a00acef3c347c0dd389bf573979c5a38812bb357c87c4b613f95c553671de20edbffa5e78f3cf4b667a9790815f1f523ee4fa189b2a39a8be1fbdabbdd208f6a8de6439d1fe766bfe94db93799ec06a129d5fc2b3938d6b21302d5dbc7f8716d075275b28af387c4b3cbfe5870fb849a9567af88a0fa4023ad10299f269419abbc0f538e5af04e2ac7879b431260fb72e5785b9139323af6d42b4df096c4b82aa8f3a8d9c9f1ca7c641fb21d517049f67e6ab9091fb8f8d6ca1e35260d0da167f49c5b1b02441ef1f71d7f6ea0856b1dec965389a9194870fed195815448bd1d130363d047cd6c7bc9b636511c3c8ea94040bd8b0ff1b32964e0bcca3b9a944f11fe49815a3eed16247712a79311c4d0bcd5c1bbd447d8ed65da8f75208f51a157b65bd11a1606e44cbfb1603fa484fcc9f9ab94d6fe8321f6f9ba695261691f06871e9de310f3574f0e7032e83e48b0bb6074287ecb1afebb817c8e7e7b61a0ebe758bdc70d1af0702e00c52011e4ca09c2bcf06a6230be6b342c04420965b9f71bb41234dc2ee703db551d096287e99b67fdc4b93a2ce86fe6ceea9af8d1197cb3894c5a6d659687e7aa0bac091b1fa88409f3cedbc195543e4b468cef9211cbbf7c4720546578dd20e27f988861c7aa5d0255b2e6c8c49e8168b5bb720b941e730cf6096d86ad6dfb95f29a8c18b8a20a71eb15a26b43c47802d3ae13991504447ef8d8770dbad37fcb98fb1c54462126e616793d7340ac1910d3ea4fe0c82e5515928425f9264db94cfb3088fbbf429820b27479b864254e297323f1118e926968c83fed2b0b74313667da3135aed21e5246ef99523c3e7a679d2a1d14f8cb8a6437604fa8538ab105141ac8b3e2cc9f3f212a126e4a96357177d31210c0b9bfba4c3d6f189857d44c41f6473d4409a8a576c5df6810d2ee87323d88cd05cfeef51dac2fea1636192e58d6a19a0aef68eeb285312f78995db372042d7622622e3694e7469075515286bc32118a27896b482d316088128906c01903b2341dd6fdeb6d55f101904c29c47b16b6f4f11c6a14363834645ad8abec3cb752b6c1ac4ad44bdcd01edf6386855443e81a177fbd4d9eb1c14dd7c918a5c8969c8448e27c41e85a983f6a6e2b87c159555ddd5e71eeceabdc96f7f7e34a9133ed961ec2a668787fd0f5722a5baf35bfa2aa51cf4ff478c9f3168fec310b71f26e80579d2bafac75ccbf76b34121fabefefdd1ce8d36388f492d0e2e0a2625937c7a0ba92860593730f6bb0a47a5b11c580eeaca6554813ab0910f92023d9ea36f6643db18368897b936a71f53116f6086398876340773d8c71ea5a7b2979cd4384275e23816a5bf90219f96aa12e383f8f78ff52f1ea0f727f50bb98d66d8c5a7db71434d7d8cf960579bedee13c97b9b9bdf85c4b2949782e961770b045f73f7c061a495b66ea3adcaec4272b79835d2626f45a63ea3179e75730daedd1243e609d5c6ebf46df3274a1b08bb983e50f8642ea5e4d1f4cf235ccdebc6d1333364e97c405b77e83c227a04e39de5e52d5c96381934918e1aeb24c9fa2d3f4d5958b7ae964e48ccefd7adfa0fb7ca069e46b4a18e733228e9e91d5b9fd4151c3a9fc71c36e41fba6e786f7ac76af556ae9f3bbca3c9dae4c2efa51bf933cac9b22dd69154232d947e65bc1540d86a17dfe90e38622d5f1621e9f5652176e04b8c857ef502da7b77b3711aa956acc6b265882b1f15216940b82deab7d51811e5f5a4c9b13faf7b5c000fb05cd005cf6d2ff2fbd519f8b4335c51713a7a6510414248a16bbe7ad26ec481992f7a9563daf10e02afda93484bafd3166439f5f4bbb5abf4d48d8c3b25e9b813d6d5946b1f33ce0d83310f1935de7b39c321c8c4abe085163b2c815227f5d0b3a8e7b031f7fa285605d65491b02c908d42a0cfca9d37e41e3282fd706e6e39ba98508f7183356360375be3dcfa9e3daf6712a5806093129f972dc05b9cc129537b7717957e61987d159e15b2cb870560675e020c393444adfe631c425ab5c861cf77a8697a7c5c8fa5e1489be78784e5a8465c4a6c8650309b6411d9c4e2d160a8a64361af3a8a574d823912fab0e07f48a38cc26a3edf93c447857a9081bed8f50f8ac93e4e049f84169420b60ca11f525f1d9472cc8646c6ed40715bec9308808d8bd470c77bc127afc5febb25e32740d2123248034383e4e7f14907dbc162bd1e5ce978a4bd2bea03ac2d324deeb3dd643c6d30c70f3f50c0be9c0296260717b1358230378c549c0fdf25e9aadf323ab3fc1fa5ffba9a0a9b8cc3455df77ccfc56858007faa4363e8b190980ce3bcb", ["", "", ""]}, 0x1010}, 0x1, 0x0, 0x0, 0x8090}, 0x44095)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_CALL(r2, 0x4008af21, &(0x7f0000000780)={0x1})
r3 = syz_open_dev$vcsa(&(0x7f0000001100), 0x5, 0x40000)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000001180)=<r4=>0x0)
sendmsg$nl_generic(r3, &(0x7f0000002240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000002200)={&(0x7f00000011c0)={0x1020, 0x12, 0x2, 0x70bd2d, 0x25dfdbfd, {0x11}, [@typed={0xc, 0x1a, 0x0, 0x0, @u64=0x80000000}, @typed={0x8, 0x103, 0x0, 0x0, @pid=r4}, @generic="1f839f77dd760f64670d4021b3da23c408c8ded98c497c03e62a90641320135c68937c52042ef2d7e6e6b897ef82d320e4b93d333999d33b2d4594984f1e8641750817cc186d488d8f80306d24dea7b440ebcd017c710b3f26a649de3d86318646bb6c5ba141dbc647ed0e023e78a5020ba824ca24cd58376c27a462c86104b5bab7a70d746c4566f326db6de37aafb83b6eeff745045013950db1202b62a7f7b53bb13cfd12f1da40d0fb4a3630896e072e2db7e3a2b26336b5709b124b3b96e8c91aaf070f5eb42c23f8f6a32fbdd118bb4181239c134bc1734a3e46d8a86d387b948bfe217b5a758ff53d07d2015e1e6427a9254c0d7dbca873c433ba0340170fcac6525bbc4ac5622babe015974a68aae7d691d11eb5d83f31d1505ee82ab89300ab003036763f2aa2e80e1b3b01ecb98c29e6e80e3ccf274ffba3504ce4150aab177a666137a89c1a9cad0de7b7c97ee1d51424e504a0097d9058d73cda284d0cf126fda5447d74255e6fbb4347b217a13bf32c8cad84e828d0d56257903fe1ebeb9d303e4b2d79338d23f2c4642635ca003178e50aafb324cecc7e28a3dbe6adb0f2a400f9b33ec67e5480421fc3b29137bc040c96107e5c1454b6fec4398ba107d23a35a6f7a8ea75b81469c0216af3c8ec1c9fd3c885e3f4484f319c450ce0c62eb1d1c3979884aa1c35b9b81277ced3ff967e2326e8bf3fe3da31aa84de309605527f4d301aea151cefad5b2f6d11d0f4de8e6c66b54c8e571cf59b196f769dd055c1381ebc5950096790eede23ce8ee210c6df39b90cc88ce61ea8af0e4631729baa589b0a9b9185940dd84a18b63e6dc1220e2137e0e106e16b073a69f5be4b24894c11e02b306a7c9b44a20727993aa3018c6e0ed9397e8217acdb2f6aa569e60472943d801753a8823b4a7d152584706c6b91c11282acaa333a6d3e02e36d7906748be02148ac7332698fa9e82a21fee4269ffd1d0304860788da300d337997ca53831e809a8df9b8096c5e56c5d52b72a2ce9b0ab3d7bcc92377c9776835328393f9a4f2c66ff8076c0a340426cb7fc466d148b8b00cc32c6ef4c4b3cce5f171bff32233f56f6d4938d8b1951338b8b5b602a0b6fc6057859525491c18df5293bb905fabefbe15ed0d565bf19939e4a182ac68fa9f29b2d4c96973afccaf5d6a3c6f2ff7139b8e453d0dd6b86c7d7f1967000ececf4c89d424e815de09992a0be8704de3c0f69e2bd3b1223f878f6ad9628c42b17c8f53a754d8a3b228c9711941b610f7e755ba8304666858508e7822d39ae3392368a08d9845f594908be6a71408ac5ebf909461fdb84e131608527ea67e08707a1fe94e5bb79c9a0f28c742629ac55c8cbe48ceb9a07b6b016005454f3cacef56fce48af7eb5849f3f513779f1c01282ea59b21ef5942c9a9e01a3d33471d72be45979ce353b8e4f6cacb7878a598c60d314fe3f02085fc6fd0f187813d4f3788ab6e3183c47ab9684e6e5fad5eec156e10c918a700191209357f265b407353f43fefb2321a36221f4b0aa7381a301316d4e26ae7403746ae622e8191242e6edbeecc38c91b3d6dbdbefdcc4982eb24eabef9e40491f9e5d2e72896729dbcdc3addec39454327bf10dd50a2f81ee693bbe320418577a6319438905152fac3d984ce73633213ad99cbec39d0bddd3675beb77678d8b0fc340251adf4c94be88d64a1fb9b9c66ad0c5e3a919f9086a939dbf6ba2ef162de35d5b22953b07074feda0ed6f4aae80b21d4e86478d98dbcc342ff7f20d475017dcd64627f08612e84d4d9d9d58e2d5b253722e78fc91468651f3277012b8d3ce206f4aef11876c29ccb9438d7be202eb975079b450ba0beeac48163789ee11a3f8f93c0112d4869a0ec2adaed8f717781473bb8131f00333ac2ed475cbd671e5ded9e10717981d3e020da01505facf4032ba0d4ed75b35823dd483704117bb051a67574b3ceea38e88442448f094eae11c5257ae426d149ac9a50cbf98fa034c1f8f47ed34e611886bd6db8e9aaf92772e1f2a3ccc181f2d6741213b07109cb19174a06a0d1ccac05c2478c9a60ed8f06cd2c5c9565162ea88303cdcf4dbea6359cc814f32bd33826c82e9d0e06941407ff46cb6a0ac1685c539592db5b12415baf4c0a3812bdc6df2ce38d1866ca099109b40c7687b4bfee14683bd68ddc40712d89a18d0dd185e3850980d2b8c7274b0bcd37108cddd34f5b1462f278398c301a7b4ceb81b79014e6a90c5b63f62b0d35a30a602d2f719746884bc946d23a20626279ec5a3c72f17f5a892bb0754b1527b81789171148e1116fbdf171e5a864d41d27552ac4ebe0cf4b7abbc98b3518a014d42112bb00a6f94e5aec8f2260b746444bd6259a243eec8a02fe14c6c2540d039cb7ee7f742f5b9fd89f2ae23fd6d50f7435f0eff0cdc5404adcccae7788d714175022bcf097c4bc2c912c59d262edf6c3ce3322f269866f3c1313747eb712ec6b0c121267f309e9702386acc6a93f90981d65cd9aec2ac6f8c5ee08ab0c48e81dc71549338597a25c65c963fe0ce2b6a8d5c26f4124901004d73d3be99fabbe293113b70a60d93f37713596fdfcfd3421e88100dbad5e32090cdb835b60187ef325783d7bd21466cae0d06474f872972213c15bb445711f5dd9f7a1f7724349f14201c2a29224f75bb4b8ec58520ad6aa2fffdaae14754a477b129f9e1e6b6f6233f6e9afaf6232c3199ce3cac4ac612602697b5becd0d33bea5d07a4a8f2ff586bd658d5e72b33e6c0653223b0f31d741638c15f940a5cf0374b1ee56b76a9fce9e94913ce16fd455c587c001dfe4bc8e53a5aa575d9084b36dfda6a988768dbea9f7dce8db95169ccb4473677ab90c0ba6d2b982461c1d21a1cad1ea79ce35c599f57a40efe3e7769cfb921c2574e88ef94c24ff5cd233dbc525869cc393f4c0decf018c5275de05196e4708668c0b255054bddd38f774e3e06499efc43c89f2ba9e95c2e43f00d641e1cdf0aad22b706e33e1ca8b6a17e31abdaf67dad7e0eaac7814ac8aeacf6ebb6381324fce4d6ff1386a5279ba4ca137bdf38641f41e7360dd2290928d83dbfb59ecfb899b85ae4eb86fe95596e8e270fc7f10067b6c15331da13a1751c9d81bc9827060a6becb2a7494a5541b45e9636b1484b690aa68c2881a37104c74e611cf483ba889dff27aed429e21a91b80ee78d95a132d26ddaa13a019ec334f4db594091b1ddd33e0084c4bcba17bb507d93779c437a4847ae39e15af3c33961fdfc5c83f4b710184d499025694f491a43184741f9d76e9eabac855913b1f9b5691625ba56c3fc0e802fde599f356470f3c6149b8373d4ccc4676c3fe7bcff9ad4eaccf3dd8cdbe604f844d687f53bb6fb6cca2927f2cbeacc5016c3b34b12064894aae7d8345553d01a09a5dad9b3833427a0d8bfe32516eab71ee77f67d316ffaa78dc3599412a6937e880873b31e4184310ffe7378dded321675912fc234f5f8c84c063978ac983afe62084c1d3f69423b30a6b50fcaeed754adb6e4c9c6917838e035222133aa666d69519bc4b436000bb12ef29ebd1f5115d848c14ddaa55f1b251410258d5d656fd27d271ff1e52e2fee883b0353e15585aabe7eefd7bb5b0b7278f61ef5f80709976644fb370ad1ce2c8f99db3fa01965c5e3c6694a572c019644045a054d90651fa321bfd30944381bd42bf9ee6aefefe6b12f19e31243bfd8b4713338e39f0ff91a0a88f1ab78209748fc1e935865c9c53d5c56ca586b48e8d80767bba7e8f9f0c90d788cf58a0fd76201781633fc032cfcc37b9041a189826407f967a1c3595f277f6b5111c48487520fe386cd3529417c47848950335221bad0aee94c1113e0f0fb47b55fa3a82016de1a6359104f9aecf30b8beadcc36d8064f26fcc1731b71771316b0e4f7bbf32394094a477990e0bdf1f90bf9ffd074aca784d0bc7b10f3ddfaa305ba1ce2b2b9f8c4ac07b1699f9cee0f80dbea0a04f3ef9ce7e65ea3afed9c4d94b267f803909a077b8701130a7a2c9d148da19f9c51979cdba8d5c03e78cd1fa28d0055ba9713b27bf51307efbe6710d98ad5d4329a16fe9e6b72bab983ce411cc59bd740068f5be1c81b4af254d90a8c161306fd2ba0d9367e168206a21ee0b0bdcdf68865ef14266604e8b2bd8a8df1e57e5b543a1c2501931e1ad20431a8adcb2fb31b9a154b5be188757caf77908afce93c2602fbe53d6518281b0c002f4302ce5f490d78f4bbe4d7d5f25a22bac3e9a5215b35c335764f9baad38782b4ede64ea4f5bc2c6611b4e05b9ad94a29155a5dd3f08c64be728130fa171beed6114e09feb8ac398557f223d522ef014a02923edd464a44c1485bedd2ee616fe5a3a48ff57555f09e8a5d303911fc89056417416b4b25a3d4ade15d962dc6c66ffe1549b48ec53c6991ec05594c53567874943f5297bdf0e889d2f33ad961bd8662bc88bd58e3cf5513f7c61ea2a7814af7cd7cc367a2f5eedc516192ae41084ab7a8f9dbff9bdf9adbcdda75be6d37c45370d73236cd0643ee2cb7fe1acebbbb2134673b9e13d803d400918a2dc3a362cce8c8bbfb2fcda3854be01915253e91480d055ecce7eb316c9a026bfee179a5b5f8915ce0c08832734a84e366cae3f11364e61c4173b6277536826a770b4187ce057e75e57452a6824649d2d3918e5b465ea3d3f3efc4d192c51647be906484da477025abc29bcd46683133e4d76b56453d15404b27f079534d559ba11e192e9270da67fbc57cec60fe78a2b024123aea5bd2348fdf2fee1c27723d541ec0d168fee6bd60364a0d260dfcf93747f65b339177f20c8f819cef3a3b92d7c8713e614dc68db14880b73b719a750b3ff515fc5ec57f5301a97076dd656b0cdbdf1dd85948952c9737ba43b08d19ed8c8cda5153c692c9497f82390134a7bd82df9445f70999d5b412776f46bb4b0dfc04c02768c009c18b8bae6ba095d36eee30cba85b1303896dc122af821c080e1cc1296382ef19c1cfd5af98783236a1f157d4d791bf3b565e99b8ba9351546ea8b3ee53fdb9990ffabfae880bbcc6814a221957309ac9d5efd40237aaee3154bebfa887a8a6ba3224b756b21e3e238e07912e3fea5e71750f5c66c9eef7282324d20714e015d024272c8da04059137bfa4e2894472fc3c0f39da16f4c21895943f5d21f72fc9e6a9abba1ff49e31fe93991f9ee716fbd3d5051caf7dc0c2af346ae14e3f0423ce2a1e60a146cabac719544592d3dc910a5f7d65752d4749232d24ade33210ed65b6900c9a7490ada6c4304016e91a55d4fb93108542c3c0e097b084150cdb5617da509256f36655ef38e46fb8da42b28abb6796700cc3244157739e774a137139f69089cef8af7db7645e114993ab525e7c713c3dc50774d055dac79093ecc5d4f2e626db94c1e7e18120a80d71cb8b4c9dc9e44f96925d1ebc0db6a265d8e67b1c121419c3915ec13cd6374a01804867abb562ba13602a4ee71f8a5922606a0e42c36d29d4b586e3465aca10c9355fa4477ceafd4e9132ca40a569587381a22b385c52f678694df19bdc8cf198f97a8600568020a307dc7f6548fd63604b1bbe42dcaa4174c78ae480d754084bd583d025e8d46098c0f5cd184cf2fb4007158f0d4e5f27ec411c8b1f3a3b3dc19df6f0ca57626d7a4424221639f3892e583b2ecd15521438fbf13d67aba698f175a66aafe5d459709ab709de8a4435a53247e295527f04565383f1ff4951141bc3664aad7244b4d7da3"]}, 0x1020}, 0x1, 0x0, 0x0, 0x4004002}, 0x10044050)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000003400)={{{@in6=@mcast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in6=@private2}, 0x0, @in6=@local}}, &(0x7f0000003500)=0xe8)
ioprio_set$uid(0x0, r5, 0x2000)
setreuid(0xee00, r5)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000180)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a"], 0xfdef)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000002280)={0x2, 'veth1_to_team\x00', {0x2}, 0xffff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

1m59.518081691s ago: executing program 3 (id=18):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x2, 0x0)
r2 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x2002})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000e00)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
unshare(0x26020480)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000240)={'vcan0\x00', <r4=>0x0})
connect$can_j1939(r3, &(0x7f0000000000)={0x1d, r4, 0x0, {0x1, 0x1}}, 0x18)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @empty, 0x18, 0x0, 'sed\x00', 0x1, 0x0, 0x72}, 0x2c)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$IP_VS_SO_SET_ZERO(r6, 0x0, 0x48f, &(0x7f0000000040)={0x0, @rand_addr, 0x0, 0x0, 'wrr\x00'}, 0x2c)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="7c010000400007012bbd700004000000017c00005801c28051010a80eb2cab93a79710ab4f2037e012983c79e31e5043bd83bdd224f1ad9532cd4674a312871b291c47dd88e9dfd223f65f9ab0a1039967f030ba2844a508001700ac1e0101060044005e000000a568e60f0f2047f58488b0663d6a7d0832424a028dd15f695ac635c4c6fba1c60fe4bf3429f7f57b890d1014a86b143f1f9de38091661054e07ca0535abb5c0c87d1136c345b2a742df79a8fcb31e21f55d3c0fb7fbe98c66c4615ec5d9a3b83c3dde1952e2e4126e844433fe5f7f3c476d9960132b413b20c8176947c40a37a266ce25d2aaf15a02563f5e71d2f5d02b8e7295b24270f66879927b0bc5a96a257cb32dc64a88fab01883e874e77b20a9a0e4156eece37a6aab202e3a3328fec9ed9fbe2800f223acccb3f0400fd482a396aa41f7ccaaa482b63fe7387c3bca70b99a639de97533322c09197aa543907ccc24803bf537e63c4f908008e00", @ANYRES32, @ANYBLOB="0000000c0001800600060000000000040002"], 0x17c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1m56.869952863s ago: executing program 1 (id=23):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r1, &(0x7f0000006ac0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003f40)=""/282, 0x11a}, {&(0x7f0000000440)=""/1, 0x1}, {&(0x7f0000000480)=""/52, 0x34}, {&(0x7f0000001080)=""/33, 0x21}, {&(0x7f0000000700)=""/184, 0xb8}, {&(0x7f00000007c0)=""/97, 0x61}, {&(0x7f0000000840)=""/41, 0x29}, {&(0x7f0000000880)=""/130, 0x82}, {&(0x7f0000003e00)=""/257, 0x101}], 0x9, &(0x7f0000000b00)=""/222, 0xde}, 0x6}, {{&(0x7f0000000c00)=@xdp, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000c80)=""/244, 0xf4}, {&(0x7f0000000d80)=""/171, 0xab}, {&(0x7f0000000e40)=""/172, 0xac}], 0x3, &(0x7f0000000f40)=""/28, 0x1c}, 0x3}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000f80)=""/83, 0x53}, {&(0x7f0000001000)=""/43, 0x2b}, {&(0x7f0000001040)=""/38, 0x26}, {&(0x7f0000000a40)=""/137, 0x89}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x5, &(0x7f00000011c0)=""/137, 0x89}, 0xfffffff7}, {{&(0x7f0000001280)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f00000014c0)=[{&(0x7f0000001300)=""/25, 0x19}, {&(0x7f0000001340)=""/97, 0x61}, {&(0x7f0000006440)=""/132, 0x84}, {&(0x7f0000001480)=""/18, 0x12}], 0x4, &(0x7f0000001500)=""/160, 0xa0}, 0x94}, {{&(0x7f00000015c0)=@nfc, 0x80, &(0x7f0000001a00)=[{&(0x7f0000000640)=""/64, 0x40}, {&(0x7f0000006e00)=""/4096, 0x1000}, {&(0x7f0000001680)}, {&(0x7f00000016c0)=""/3, 0x3}, {&(0x7f0000001700)=""/193, 0xc1}, {&(0x7f0000001800)=""/215, 0xd7}, {&(0x7f0000001900)=""/229, 0xe5}], 0x7, &(0x7f0000001a80)=""/188, 0xbc}, 0x3}, {{&(0x7f0000001b40)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001bc0)=""/151, 0x97}, {&(0x7f0000001c80)=""/17, 0x11}, {&(0x7f0000001cc0)=""/108, 0x6c}], 0x3, &(0x7f0000001d80)=""/109, 0x6d}, 0xa}, {{&(0x7f0000004e00)=@sco, 0x80, &(0x7f0000006280)=[{&(0x7f0000004e80)=""/162, 0xa2}, {&(0x7f0000004f40)=""/58, 0x3a}, {&(0x7f0000004f80)=""/95, 0x5f}, {&(0x7f0000005000)=""/170, 0xaa}, {&(0x7f00000050c0)=""/250, 0xfa}, {&(0x7f00000051c0)=""/190, 0xbe}, {&(0x7f0000005280)=""/4096, 0x1000}], 0x7, &(0x7f0000006300)=""/174, 0xae}, 0xc0000000}, {{&(0x7f00000063c0)=@isdn, 0x80, &(0x7f0000006a00), 0x0, &(0x7f0000006a80)=""/35, 0x23}, 0x1}], 0x8, 0x10020, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x4c4401, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="18000100000000000000000000000000180100002069ec2500000000002020207b1af8ff000000004fa100000000000007010000f8ffffffb702000008000000b7030000fcffffff85000000990000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0xa, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff87}, 0x94)
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_AUDOUT(r4, 0x40345632, &(0x7f00000003c0)={0x2, "9dade6c778300af0a6f516767cf907009d3973e95db85ddf0adedce24f941e95", 0x1, 0x1})
tkill(0x0, 0xf)
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000380))
syz_open_dev$video4linux(&(0x7f0000000400), 0x5, 0x80000)
read$dsp(r3, &(0x7f0000000300)=""/79, 0x4f)
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
recvfrom$phonet(r5, 0x0, 0x0, 0x40, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000010c0)=0x14)
sendmsg$nl_route_sched(r6, 0x0, 0x40004)
pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x1, 0x8}, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84010000090a010100000000000000000100000008000340000000084c001280140001800d00010073796e20e4fff9427f6e1100100001800b00010064796e73657400000c00018007000100637400001800018008000100647570000c000280080002400000000001010d4030397eb2c4cd7c1201009fd9926b57de6fd6dac1a55bb7866ab6868de241b3bad123b3139d4a4a21a34a6fb9a96c2a63800f6aa21a35305e883add45c917f4df077eec31f8921ffa15881396b85be955fd058880873bdedae677aafa3ba632b6cc95624ac4d9ac8ef6168f7328614ad07f65421475c59385803d70a550843b8901d39a86816e4fbbf3797252beea064f8a61fd6469df689b4d1118bb03de78263f65f12715b1533ba4618b0c58467ae79c3bf392a2ce6c55e94c1383caf2e8613c996b8c6bd609592b057c7976504e9161b95aa5992256f9dd8f0fba3919160d575b15b4f83f96a89ae782e3bc861c1af64763b1ba5fea0760a225d86400000f6e1bb1f062079600000000030900020073797a3000000000180000000c0a010100000000000000000700000504000380140000001000010000000000000000000e84000a"], 0x1c4}}, 0x0)
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x4)

1m56.554477124s ago: executing program 3 (id=25):
syz_usb_connect(0x2, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003834a6b2099040d10a2840102030109025200010c2440070904b800018c8c02010900000000000000020924030203030201a60d2408010700bc5affd3dc187508240806050005f9072408020600030924030605030303070905032b3b"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000400)={0xf0f01f})
setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000180), 0x4)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/uevent_seqnum', 0x2000, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0xffffff9e, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
ioctl$PTP_SYS_OFFSET_EXTENDED(r2, 0xc4c03d09, &(0x7f0000000a00)={0x12})
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r6}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3, <r7=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8, 0x0, 0x10000001}, 0x18)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
finit_module(r2, 0x0, 0x3)
ioprio_set$uid(0x3, 0x0, 0x0)
r9 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r9, &(0x7f00000008c0)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7000, 0x0, 0x3)
r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
fcntl$addseals(r5, 0x409, 0x8)
ioctl$SNDCTL_DSP_SETFRAGMENT(r10, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r10, 0xc0045006, &(0x7f0000000180)=0x9)
sendmsg$nl_crypto(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="080100001300000228bd7000fbdbdf257266633735333965737028637472286361737436292c7368613531322d636529000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000020000000240000000000000000000008000100020000000800010020070000080001000000000008000100900000000800010009000000"], 0x108}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1m54.771492212s ago: executing program 1 (id=28):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e00000000000000bfff000009"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001100)={r0, 0x0, &(0x7f00000000c0)=""/72}, 0x20)

1m54.34205569s ago: executing program 1 (id=30):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0xb0)
getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1)
setsockopt$MRT6_DONE(r1, 0x29, 0xc9, 0x0, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f00000000c0))
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000280)={0x1, 0x3, 0x1000, 0x7d, &(0x7f0000000180)="fee19f009aa66bb8472cce4d27a653a9aa1eff51126833c789b5ead44bd0345c4df570f9a7b0673c89271aa30a69393f2a59957de94ee391889f6c9f590d009cd7d7e3d19ee92c6e6c1bcbec1dc12011d111974c6777225eda40057bcd6bb73c2b859acf9e1204a930ab2eb7e95580e2cbc4503f921a5c6bdfbb98d878", 0x7b, 0x0, &(0x7f0000000200)="b27f2fb98e40b468c441be22750095917945ec17af13bdae5015082140828fd059a37342d3cf190977d23cbf2fcd055aaf687a38bac29a018700884d85e799e86cb8591eda56005e53ed655547514e3b82a432a577a2f6dafcdfa3fc111feed69bdb28c4dac11e31a714d2020c3f11d564b24eb38d14cf2a806639"})
r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000340), r1)
sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r2, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x28}}, 0x1)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000440)={<r3=>0x0, 0x8, 0x20}, &(0x7f0000000480)=0xc)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000004c0)={r3, 0x8, 0x7, 0x3, 0x5, 0x800}, 0x14)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000000500)={0x9, 0x2})
setsockopt$MRT6_TABLE(r1, 0x29, 0xcf, &(0x7f0000000540), 0x4)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
getsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000600), &(0x7f0000000640)=0x4)
mount(&(0x7f0000000680)=@md0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='ecryptfs\x00', 0x0, &(0x7f0000000740)='\x00')
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000780)={'team0\x00', <r4=>0x0})
connect$packet(r1, &(0x7f00000007c0)={0x11, 0xf5, r4, 0x1, 0x8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
write$P9_RLCREATE(r1, &(0x7f0000000800)={0x18, 0xf, 0x2, {{0x2, 0x3}, 0x4000000}}, 0x18)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000840)={r3, 0xfa55, 0x98, "3d4c3007ab580b7e8aa2f599d790a258865fde1e92385f36dfc66d2931b9db4ba869d47c7eab481abc2b5cd7529019a96b3df5621f9a880a99a020623bbedb27779fdb50ea4e2cd2989ae99941b9c3a934c0a43c228751a98ec74d7c3d1d57e9d185dff0a1f41669a02620ff957e627af0ed928cfacbc171b9b8403e80dc2136057cee24ccadf4c0110f2c56dc6b3dfc8d57c32795241bbd"}, 0xa0)
r5 = socket$key(0xf, 0x3, 0x2)
renameat(r1, &(0x7f0000000900)='./file0\x00', r1, &(0x7f0000000940)='./file0\x00')
sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000a80)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x70, 0x3, 0x3, 0x202, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x40}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x9}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xa}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x3}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x6}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x5}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x9}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x1000}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x9802}, 0x20000904)
ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xc)
name_to_handle_at(r1, &(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)=@ceph_nfs_confh={0x10, 0x2, {0x1000, 0x4}}, &(0x7f0000000b40), 0xecad0229333dc2b0)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000b80)=@assoc_value={r3, 0x8000}, 0x8)
shutdown(r5, 0x1)
sendto$inet6(r1, &(0x7f0000000bc0)="788e59faec50ddd5ac62f1a83b8a4caf6ac6c967810b390a9976592b73f5fa80d66d651ed3de603255d0602e1f7a0e07c9df7bd95d3b75b4b75524d8ada0bb3c8fe4f0d561820fb19c8d74ee4ed8fe4c6113f471ff50624ce9683de5681767c013d8ab5f0f76f98e5be1d92082df1b0695436c9b941c90bc4a598ee75756d5d8ca2c56bb325bad58ba095ab8d2913c49a725606763187786393f06e42cf9324c", 0xa0, 0x10, &(0x7f0000000c80)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}, 0xfff}, 0x1c)

1m54.037450483s ago: executing program 1 (id=31):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r2, &(0x7f00000006c0)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}}, 0x1c, 0x0}}, {{&(0x7f00000000c0)={0xa, 0x4e21, 0xfffffffc, @remote, 0x20004}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)'], 0x28}}], 0x2, 0xf7ffff7f00000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x400, 0x81)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

1m53.789793999s ago: executing program 3 (id=33):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
rseq(&(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x6, 0x200, 0x6, 0x7}, 0x3}, 0x20, 0x0, 0x0)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e34, 0x6, @loopback, 0x3}], 0x1c)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000004dc0), 0x41, 0x0)
writev(r2, &(0x7f0000000700)=[{0x0, 0xffffff09}, {&(0x7f0000000400)="be", 0x1}], 0x2)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e22, 0x8, @loopback, 0x4}, 0xfffffd88, &(0x7f0000000300)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
dup(r0)
socket$inet6(0xa, 0x1, 0x8010000000000084)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r3, 0x0, 0x23}, 0x18)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
r6 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
ioctl$MON_IOCT_RING_SIZE(r6, 0x9204, 0x402b008)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r5, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0xa13ca8e5839881a8, 0x4})
accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000480), 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

1m53.338657111s ago: executing program 3 (id=34):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000480)={0x0, r0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x20, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000007000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r3=>0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r4)
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = memfd_secret(0x80000)
mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480), 0x200084, &(0x7f0000000740)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="26004446b296190a9a17b3f0bb196b56abe49be028b93ca1ecaa60279ac73af0d1c917e34d7a9a286ac16202edf08c32d8b85b35851660afe4a6c14fd7cd8fa65da0b58e8d416590e5ae8c2f9d58162cf3f85ca91870f961470cffa566b344af3a9a2490da8ece3aa46337665438a7c07b47c95afc5562e4cf3d2431a6efb8fe058ad1a89a7bd47117ff2287c512868003c8339ad3e6fd3ff4cd37cde3e671f0b2a74ba04a47f1f46d875f0998b3ba2e1e96083f9ab71c91da1e6ed5ddac4dd7f0f266204836628bf9524e9ea5a077ee4a6af8fab02e025c64353a6e40dfe464eddba4ed4275"])
io_submit(r3, 0x2, &(0x7f0000000440)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r2, 0x0, 0x0, 0xfeffffffffffffff, 0x0, 0x1, r2}])
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="1408000000000000b89e08dc86dd", 0x0, 0xfe2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/anycast6\x00')
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003be8c5ee1768810003308030300ecff3f000000030000980000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0x11a)
accept4(r7, 0x0, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@ipv6_newnexthop={0x3c, 0x68, 0x100, 0x70bd29, 0x0, {0x2, 0x0, 0x3, 0x0, 0x4}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_OIF={0x8}, @NHA_GATEWAY={0x14, 0x6, @ip4=@broadcast}]}, 0x3c}}, 0x0)
capset(&(0x7f00000002c0)={0x20071026}, &(0x7f0000000280)={0x0, 0x6, 0x0, 0x81, 0xffffffff})
r10 = syz_open_dev$sg(&(0x7f0000000100), 0xf3c, 0x141000)
ioctl$SG_IO(r10, 0x2285, &(0x7f0000000180)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @buffer={0x20, 0x0, 0x0}, &(0x7f0000000080)="5b7ac0261f23", 0x0, 0x1ff, 0x0, 0x0, 0x0})

1m53.006330579s ago: executing program 3 (id=36):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x7f, 0x8, 0x4, 0x3}, {0x1000, 0x0, 0xf, 0xc2}, {0x1304, 0x0, 0x9, 0xc223}]})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a0000"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB, @ANYRES32], 0x5c}}, 0x0)

1m52.8058933s ago: executing program 3 (id=39):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f}) (async, rerun: 64)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b402210000000000611004000007000004000080006df6ee8100000000000000343deedc5d11fc08ce14e2fda74c3881950e6b4e6dfb70ec42a25d48d83eb22e94d451658a25061b4c4442f2187322c5508eb053319bcd"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)

1m37.919510374s ago: executing program 32 (id=31):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r2, &(0x7f00000006c0)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}}, 0x1c, 0x0}}, {{&(0x7f00000000c0)={0xa, 0x4e21, 0xfffffffc, @remote, 0x20004}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)'], 0x28}}], 0x2, 0xf7ffff7f00000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x400, 0x81)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

1m37.576439114s ago: executing program 33 (id=39):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x1)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f}) (async, rerun: 64)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b402210000000000611004000007000004000080006df6ee8100000000000000343deedc5d11fc08ce14e2fda74c3881950e6b4e6dfb70ec42a25d48d83eb22e94d451658a25061b4c4442f2187322c5508eb053319bcd"], &(0x7f0000000080)='GPL\x00', 0x4, 0x16, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x21)

8.557070012s ago: executing program 0 (id=264):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
epoll_create1(0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x20000253) (fail_nth: 1)

7.961939591s ago: executing program 0 (id=267):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x1, 0xffffffff, {}, {}, {}, 0x1, @can={{0x2, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "001bd300058edb7c"}}, 0x48}, 0x1, 0x0, 0x0, 0x881}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r5 = dup3(0xffffffffffffffff, r3, 0x80000)
ioctl$NBD_DO_IT(r5, 0xab03)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r6, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r6, 0x0, 0x82, &(0x7f0000000480)={'filter\x00', 0x0, 0x0, 0x0, [0x4, 0x80000001, 0x7, 0xfffffffffffffffc, 0x1, 0x6]}, &(0x7f0000000180)=0x78)
ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x874fd42a7836ef6e, 0x4})
write$smackfs_netlabel(r6, &(0x7f0000000280)=@l2={{0x2, 0x2e, 0x2259de84, 0x2e, 0xd61, 0x2e, 0x52f4}, 0x2f, 0x4, 0x20, '^%^+'}, 0x6f)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8004}, 0x0)

7.771133918s ago: executing program 0 (id=269):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = socket(0x2, 0x3, 0x100000001)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
socket$kcm(0x10, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
socket$inet_sctp(0x2, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
pipe(&(0x7f0000000140))
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x303a40, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, 0x0, 0x0)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)
setsockopt(r0, 0xff, 0x1, &(0x7f0000000100)='O', 0x1)

7.601835048s ago: executing program 4 (id=271):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001840)=@ipv6_newnexthop={0x7c0, 0x68, 0x400, 0x70bd29, 0x25dfdbff, {0xa, 0x0, 0x3, 0x0, 0x2c}, [@NHA_FDB={0x4}, @NHA_ENCAP={0x6f8, 0x8, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x6f4, 0x1, {{0x0, {0x1d, 0x4, 0x4, 0x2, 0x6, 0x10, 0x10, [@mcast2, @remote]}}, [@mcast1, @private0, @loopback, @loopback, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @ipv4={'\x00', '\xff\xff', @loopback}, @private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x43}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x44}}, @private1, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @private0, @dev={0xfe, 0x80, '\x00', 0x29}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @multicast2}, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, @loopback, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @mcast2, @remote, @mcast1, @rand_addr=' \x01\x00', @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @remote, @private0, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, @local, @mcast1, @dev={0xfe, 0x80, '\x00', 0x38}, @private1, @dev={0xfe, 0x80, '\x00', 0x34}, @remote, @local, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, @empty, @empty, @mcast1, @local, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @broadcast}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @private1, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @dev={0xfe, 0x80, '\x00', 0x35}, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @local, @private2, @dev={0xfe, 0x80, '\x00', 0x1b}, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @dev={0xfe, 0x80, '\x00', 0x16}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @mcast1, @rand_addr=' \x01\x00', @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, @local, @mcast1, @loopback, @private2={0xfc, 0x2, '\x00', 0x3}, @loopback, @dev={0xfe, 0x80, '\x00', 0xf}, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @private2, @remote, @loopback, @mcast1, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, @local, @loopback]}}}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_OIF={0x8, 0x7, 0xa}}, @NHA_ID={0x8, 0x1, 0x2}, @NHA_BLACKHOLE={0x4}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x3}, @NHA_GROUP={0x44, 0x2, [{0x1, 0x14}, {0x1, 0xf4}, {0x2, 0x4}, {0x0, 0x2}, {0x1, 0xa9}, {0x0, 0x8}, {0x0, 0x70}, {0x0, 0xff}]}, @NHA_GROUP={0x3c, 0x2, [{0x1, 0x70}, {0x1, 0xeb}, {0x1, 0x7}, {0x1, 0x10}, {0x2, 0x4}, {0x0, 0x6}, {0x1, 0x62}]}, @NHA_FDB={0x4}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x7c0}}, 0x800)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000840)=""/4085, 0xff5}, {&(0x7f0000004700)=""/4076, 0xfea}, {&(0x7f0000002500)=""/4121, 0x1019}, {&(0x7f0000000500)=""/181, 0xb5}, {&(0x7f0000000040)=""/146, 0x9e}], 0x5}, 0x0)

7.263909955s ago: executing program 2 (id=272):
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019600)=""/102400, 0x19000)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xb}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000040000000c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={r3, 0x20, &(0x7f0000000300)={&(0x7f0000000200)=""/108, 0x6c, 0x0, &(0x7f00000007c0)=""/209, 0xd1}}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
getsockname$tipc(r6, &(0x7f0000000080), &(0x7f00000000c0)=0x10)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}}, 0x40)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="6000000002060502000000000000000000000000140007800800114000000000050015000600000005000100060000e0050005000200000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0x4, 0x8, 0x8, 0x7fffffff, 0x4})

6.616663363s ago: executing program 2 (id=273):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ptrace(0x10, 0x1)
preadv(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}], 0x1, 0xfff, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r1)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000fbdbdf", @ANYRES32=r6, @ANYBLOB="10002b0000050000020000000000000053b29af7d3459f4cdb8f16960ffee9141af6916ab1251649ce9888c56a151073733a1d79c34c8e0a3997b36273e9e16068760fa7273c114c06dcaa202c27"], 0x2c}, 0x1, 0x0, 0x0, 0x2400089c}, 0x4000080)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_io_uring_setup(0x10d2, &(0x7f0000000280)={0x0, 0x7735, 0x400, 0x2, 0x34f}, &(0x7f00000000c0), &(0x7f0000000080))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x6c, 0x30, 0x400, 0x0, 0x3, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x3, 0x2, 0x1, 0xfffffff8, 0x4}, 0x4}}, @TCA_MPLS_TTL={0x5, 0x7, 0x7b}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000300)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)

6.549918826s ago: executing program 0 (id=274):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}}, 0x24}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r4 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f00000000c0)=0xffff)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6.531136879s ago: executing program 4 (id=275):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000000)={'vlan0\x00', {0x2, 0x4e22, @empty}})
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="03b4363f4a000000000000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000020000000300"/28], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000005cb0000090000", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRESOCT=r2], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffea, 0x0, 0x0, 0x0, 0xffc}, 0xfffffd7e)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0x20000000000001cd, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r5, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r6 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r6, 0x5522)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
close_range(r1, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
userfaultfd(0x80001)
io_setup(0x2ae1, &(0x7f0000000180)=<r7=>0x0)
eventfd2(0x10000, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_MOVE(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000240)={&(0x7f0000638000/0x2000)=nil, &(0x7f0000fd4000/0x2000)=nil, 0x2000, 0x1})
io_submit(r7, 0x0, &(0x7f0000004200))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)

6.381094778s ago: executing program 4 (id=276):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000000c0)={0x3, &(0x7f0000000040)=[{0x7f, 0x8, 0x4, 0x3}, {0x1000, 0x0, 0xf, 0xc2}, {0x1304, 0x0, 0x9, 0xc223}]})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a0000"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r1}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f0000010800", @ANYRES32], 0x5c}}, 0x0)

5.339300861s ago: executing program 2 (id=277):
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x2, 0x4)
r1 = syz_io_uring_setup(0x22f, &(0x7f0000019140)={0x0, 0x200a, 0x10000, 0x0, 0x100802cf}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
r4 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT=0x0], 0x0)
syz_usb_control_io$cdc_ncm(r4, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x20, 0x5, 0x2f, {0x2f, 0x11, "76637e83c7a51de573b1e364795a503822ac3a96add73706c56bac970337d1ec04c75e8679043589cc16e165b0"}}, 0x0}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000780)={0x24, &(0x7f00000005c0)={0x20, 0x30, 0x5b, {0x5b, 0x21, "8fd61d481db410b99522eb812d35299549f03a13b844f57b752a39596fc6b836aa53623feacc3040ee92be395f3ec5ccd50ff7bc13c51eed102499c0652761169b91f24e7b1a98fc7efc27a7838961a31268b0d9ec496a3212"}}, &(0x7f0000000640)={0x0, 0x3, 0x92, @string={0x92, 0x3, "f02c653c568144a45ec4ed170a5f7f9dbc971e40fb89b6dfedaab31f0078f5b8b4f6e52169d8ddc57f8491c573fbea96e34e6e35fbf77b6f956e270e7dfc8a42a1765c412c9ea1ea3c5af5fa10952b1ec597884d7cccaee599b976736985af89f42459bde8dcf7ba70e5f7296b0e65dd94a1e98c1ad71ff87ebf61a15ae882f32ecd726dd2561f0a93e0f7d9b9098933"}}, &(0x7f0000000700)={0x0, 0x22, 0x8, {[@global=@item_012={0x0, 0x1, 0x7}, @global=@item_4={0x3, 0x1, 0x2, "4aa8e5a0"}, @main=@item_012={0x1, 0x0, 0x8, "c1"}]}}, &(0x7f0000000740)={0x0, 0x21, 0x9, {0x9, 0x21, 0xa, 0x0, 0x1, {0x22, 0x94b}}}}, &(0x7f0000001a40)={0x2c, &(0x7f00000007c0)={0x0, 0x9, 0xa1, "93d5ca06671afe77eb5d83ae6684741420ffc057743a06f5bf90b20d227c543d4f9028f5d34f4d0cc974a0d0b779590820f5d06b1ce7ce4ff50d347f1ccecc5d422ecbb062d8dfad1265a067c3d963457e758a534947f554d1a58a2b681672cee62125654cc9235ccf597093bd05fb54dcb384e23e3019f09d0e7810b592644525e471266aef1e90104e4734a12dee24a5cf1940fb1e1a4566d6872cd8fba0431e"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x8a}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000900)={0x20, 0x1, 0x7d, "d07aa87be8c243aaafdede1a6efb76519e63dd0d433ebbacac0d70a0fb41b6ade8a4aff1733a15115ed1cdb3b022533ac1a7625f43acc9677da3bcfe35b9542d78748529cc0c100b4e187f79de240c66f06e6f4f1a8ad95a9aef11e08cf860e3387834412e6be27ecaa98bc6710653a66cd6297524cdafa81c485f460a"}, &(0x7f0000001a00)={0x20, 0x3, 0x1, 0x80}})
recvmsg(r0, &(0x7f0000000580)={&(0x7f0000000100)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000000180)=""/123, 0x7b}, {&(0x7f0000000080)=""/34, 0x22}, {&(0x7f0000000200)=""/185, 0xb9}, {&(0x7f00000002c0)=""/214, 0xd6}, {&(0x7f00000003c0)=""/88, 0x58}, {&(0x7f0000000440)=""/75, 0x4b}], 0x7, &(0x7f0000000540)=""/27, 0x1b}, 0x40000000)

2.182165811s ago: executing program 2 (id=278):
unshare(0x22020600)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4)

2.067661482s ago: executing program 2 (id=279):
r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b\x06%\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80{\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6h)\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3', 0x1)
r1 = dup(r0)
r2 = fanotify_init(0x0, 0x40000)
fanotify_mark(r2, 0x1, 0x40000010, r1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
write$binfmt_elf64(r1, &(0x7f00000006c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x78, 0xa3, 0x23e, 0x2, 0x3e, 0xcd, 0x3c9, 0x40, 0x286, 0x8, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0xff, 0xff5, 0x5, 0x1b8, 0x7}], "", ['\x00']}, 0x178)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = dup(r4)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000004380), 0x20801a, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@posixacl}, {@cache_loose}], [], 0x6b}})
ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f00000000c0)={0x3, 0x4, 0x4, 0x1, 0x2, 0xffff})
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.792024746s ago: executing program 2 (id=280):
syz_usb_connect(0x0, 0x34, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xa9, 0x62, 0xda, 0x20, 0x2040, 0x4901, 0x4777, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x30, 0x8e, 0x72, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "db224370bf"}]}}]}}]}}]}}, 0x0)
r0 = syz_usb_connect$cdc_ecm(0x0, 0x52, &(0x7f0000000300)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x5, 0xd0, 0x6, [{{0x9, 0x4, 0x0, 0x4, 0x3, 0x2, 0x6, 0x0, 0x8, {{0xa, 0x24, 0x6, 0x0, 0x0, "8ab3b4dfd0"}, {0x5, 0x24, 0x0, 0x80}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x1, 0x7, 0xf}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x8, 0x8, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x2, 0x7, 0x2}}}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x0, 0x3, 0x0, 0xb, 0x40}, 0x11, &(0x7f00000003c0)={0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc, 0x10, 0xa, 0x3, 0x0, 0x3, 0x0, 0x5}]}, 0x6, [{0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x408}}, {0x3e, &(0x7f0000000800)=@string={0x3e, 0x3, "116916a1ddf972c0e85d32fbbdf80ad25d7329529638a9351f341d8084aa22c44e236f718a46e25f78d02bb632a15c9452303c4cd2db1410b0edd44a"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x44b}}, {0xc9, &(0x7f00000004c0)=@string={0xc9, 0x3, "5e736128571ef65db67a9b421488aaef20184f5c8e78f1c1a1465c3174c825d41e2528ef054943045ea66b7c51d5c7de098b1f8b5e97b509d5f0e2bdfa71261fb724a2f22d2641fded3d4b0ebdffc6c59d3313bbcdc1a9bfc27f31ef8f031668e30c245160775c23485745f012f217091deffe8cc56039dfe2d351ef933d29dc39daab4b0c5d3ade246584350422b70b6015e19d9b9edfad30a3ac2e67382b0fce33e0e5273fae1d610196a643ca6ed17c09974946a9f790837f4db829e846763d962a3b4b5488"}}, {0xb9, &(0x7f00000005c0)=@string={0xb9, 0x3, "b02605dfd14bb3b5cb2b66e3d21b310d567f936eb133117a5055b2e251b84053a68c3c994af3b0a08ad3da291f68ee98c8888448f3654d4f30877f82daf2bd12d710b00309baeaec99723216024422cac2d61e7975112c473ff3c9801ebe72d4334ae01838e31aa8ee5577c6650572c923b47e9ec5254ae1c0d6058c7ffcd307f493fad7be20170b4a2f4e51cce1d96fcf3599a012d576460973c3a350522c08ad5c2b14bca7ac3ab10f499e0917b71a46e64f42024247"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x3009}}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r1, &(0x7f0000002f00)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4008800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x2404c000)
r2 = io_uring_setup(0x1b7f, &(0x7f0000000040)={0x0, 0xc8a1, 0x200, 0x0, 0xbd})
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x8000, &(0x7f0000001dc0)={0x9, 0x72}, 0x49)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='/', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x7a, &(0x7f0000000740)=ANY=[@ANYBLOB="12015002020000102505a1a440000102030109026800010106000c0904000202020600050724060000c57505240006000d240f010002000005000900020724147f0007000724140040000208241c0e0509001524120002a317a88b045e4f01a607c0ffcb7e392a09058202580077f70309050302000400051000", @ANYRESDEC=r6, @ANYRES8=r0], &(0x7f00000002c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0xff, 0x77, 0x1, 0xff, 0x1}, 0x102, &(0x7f0000000100)={0x5, 0xf, 0x102, 0x3, [@ptm_cap={0x3}, @generic={0xf0, 0x10, 0xb, "58e040cda0fa9f05a94c518625cb7bc6c5efcbd0996589e2505443d886bbdc4d6c25343ff926eae18b3ff28cddf1645e933063e45605cea97489cfd226fb75b9d6edf8910b5268204c985b66a3a103fa6f378a5b6e026e55123ba2d04bc9eb3b9df7ad41f5c4ff4afeceba4d6ff23f23c5b699959f7a8fe001477a84e8c028eaa7257eceec96560016f53cacb90788cf0df8165dc2d0e566e4b80c835c778a701b141fa58ea72e7fc295cf86f013f7e364508e5d1c2c7801d517f364c4f57fff4f2d8260a7cc5ea662a8d7e61bbfc135776ed77526e325369889b09f69f36858012810cff49c23c07899d94c37"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x5, 0x3b, 0x9}]}, 0x2, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x42b}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xc07}}]})

1.583815351s ago: executing program 0 (id=281):
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019600)=""/102400, 0x19000)
pipe(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xb}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000040000000c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000700)={r3, 0x20, &(0x7f0000000300)={&(0x7f0000000200)=""/108, 0x6c, 0x0, &(0x7f00000007c0)=""/209, 0xd1}}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
getsockname$tipc(r6, &(0x7f0000000080), &(0x7f00000000c0)=0x10)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x14, r5, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}}, 0x40)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="6000000002060502000000000000000000000000140007800800114000000000050015000600000005000100060000e0050005000200000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000008c0)={0x4, 0x8, 0x8, 0x7fffffff, 0x4})

1.536307741s ago: executing program 4 (id=282):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000006780), 0x1, 0x0)
writev(r1, &(0x7f0000008f80)=[{&(0x7f0000006c40)="4f63b26b6afddd520aa0f8faa0f6fdedd768fcff9303d0e6ed04164df7dda9079404e6975b7bb162e37fc211ac0886dc31b371580513d4c41cbd9bc29d8b8263a855b8d67b54e4d25ad0572b14824f06374b992f66bc7512706685bb9d4dbd10c538c754e4d708fc88427900cdcf0dfe5bca5e97b8f370568da2ae2ace3bdf0cf8847dd7f5a306d1e521e1ad134a0991aa433896d76bd5a525f37a29ec5d295a5982d2973bbcb0f4d82fff593eb64661216e5087758eb7f4fe7ff37afaf2c6b03d2f50c3c6c60a24273396673129644e42fc555277611e4e8e97829e693bc2de42400b94a98b876c47437580aef7408e67d85d1dbc7a62a14d259111186e4b902b9ba8610263f350a6b4dcf03738538c40b0c184b4b0a7cae55bc6dd43e1e78c224e71b293d23773987c11677230b88c8f5ef06027093ca3fdbe4f7321fc4dc8aea94c447c7a6af147d746701f03e82cbd6204781f6f7ec23b32534e10502a4c78116dece7d711af6be3566f4d5c21455213cd64de8e2899fd799115d8dda364442efc2078e94c18d2e5d5f3b33fa05332805dd4ed3034f5b155b75c7a0eb59128fa03ddc688adc85d97b6d6e212ab80a0a2557cee19b72482c9335137b0e7e7954238e856aa51b572d0c7636c2ddcf76dbed2135a5ab88430439eac6c45fb1e61713e1d9a386bb0fed133d6ab11053b434aa80068acce958b12dcf164ca747f215f9b5f29fa6af7bb30d0b16145c903bc8226d67936372bd35f666cb2bcef05534d93542cbf05870b9e6b561e431e331780dd6c62365c96351489b7a6959d769c85df9767d5b7699d3318a66dcb21f9f48dd467c4b6db040d142d67010d25378f6fce6f75fcc18862332cf3450d3d02b5751101efb7beffb481304d4cf763b54939aa29df90f10b19c08b3e1d5eb9d517b58602344cad69d66ea8727f36a249a9eb56d928d1028fc50981ccdfc915ecddc229699a3b9a1e2ee35253249f2271b867f63954f7154066fbc9002044ae43b2f4d9f1dcc600de5721fa969e4c3ad47ceb96c7b6612b9ea612f0b1f776d6a6629a08168970dd91a478fa2034d46c5fbd15e2e4bc18a0a7c48b6c1aa8ab2b96ee72e611eee0ee6876aeaacba328f606320c46ec9d845b5e5f69c69796160b3101a8a00ab54a0d941e8d3dd592e0216074221486f7e9a3a4daaa9438afe723054ffaa39b11c977048f2f453114b95c4d949ceed6cab70781b9ea04649f559966e850f482201dc7a6e329116fd52d995f512628a5d4272b567cc5e9a27d0483f314399ad2331b33eeca6934ad3a6a27677e64fa037c9e3ef5401ddfc776676260abae637648a7943ec11958911c0a168dfe4aae1141abeb05018452a0af45e4758486cbd4c87c9113b9f811a1ddc4a8f371ae1452da28dfd2c42d14aed53fa06d54dac083f8ea56ddf35d6e6bc0ac07ffa06577ce9e36383b285a4fdd33df550c011392d1fe743c2371f8dca3cb8f92c0d9275a3cbb3f9661383e1117f87f2064c4051fa14755098ca2fd1633dc91356da340c63b4221fa0b655264e8e7981c64aa1c227c33c67f2fb6b69cf90323674564ea5acd967bc133345fe0a776ddbd18d0bb73680c02e3dae11f57b7218e5aecb47ba4214225a4d2454e802fb2f360b0e02e938adb30be616b057d90381b7b2078f3d001a8ea84d122e30fa1785c641bf553cbbeba57a24c096d84e0d49c9ff2d0791dd9720a2ff771ee0d9e9f5a0ccb02104c9ec8ffab9f8731d29f9713fb2daf2fb0ab64b988aad444362e00979ac0a9f8b1489f8892b5416c9f94e478884958abb3e955fa7a1ce7742a4e35d599e5c1c9ce120a3854671e7bad747c56510e73f84de6c814b4a31f3af9fde77ad345b4b3183603bb1eee8233d5b06432549c4f5acdd50373f4af9e92af0da9b2379708ac564fab1fb39e84607299bd53f7d97a8d01df94d36d43bb22d044a42eba55b74afb48ae85e438e2df2a84d06ce3ef2517a810ec67614244a8b6edcd2dc05c9555855a6b4fb9c26082231210d353d4d3f4b58a737fd4980b003e2c785c20cb1a1b8fe2ca20ef14006814235bd4a9f9b8e3299676c1d95c370ed224356e038743c5fc3df639b11220835de2cb39ba5ef22ab520c5f356276570d450a41b060f674901e3c798a7531308f1719927fe1824a3fc2ee7dd7dd2d3203416fb47d934f7bb21fc90ea383c35400546584b6397306fda10bef53e56ec711b5dba61ccd5943fcd156359286d9c30dcd7c1906d44f3c905f25fe28ee21b97e2abef059fa8760fdec5c05a50e70c0dfd6fbab1b2d7fc807af586e45bdbf8d33da679125ff8ed0c5eff53d1f6de3c97c69cd437ef937c1187b78844e61d77f4f72304f0d0a8f444b8ef66f5f403405bdb937f029a649c5b90c77c655b1f15c46b0aaa2c38fef1f571e850f2af8b4ea8fa4150dfa184b575e8255e8c532373e10f8a0118ed79b42b4c36985a9bba7b8ec5f3b3905bb703e7e63e639b0bf661a0b310d52be99a8c85b591518354c22de2010c6b203b7f03384aaace4c6aca3622aa69cdfd43f46bf061b6858a2a8740570109b29b39a9ae15959307bfe1aa2a43dea5a1641765a87c0da3106995c587be10b370b58e7b0444eb32ceec04fcb2d25edd6e5b51163da512a47af198cf4fbb2bc624784ff8532af934bf3b76385c365b3245539673a1cb92842eda4b7a57a648bafdca21d3f13af32613087516193695ad17a77ca44794488a72a63268504ca45c56588d2003c11abc625ba49296ef688546b699a310f3aa3be72f04e080885e285ea106b28bf2d506bbbe366aae1fed9f6f0b3458cfb1bd97aa42c435039e66dff7e40812905c3c389efa9de062327c932073edf00c8842518e1d5e6b7984b3c3e42900bd8f41102811261b60c36b0f79688beb569a921a15cabd606b324b46053e77f6fbd79586d8775fe66195127b3777b5237c6faa538bcdb8d1022e8825aade5bc20a905d9cd3976791fb365b0eb5ce77c5f6c40628b2ca763f1704a344f7056d7476b93ad3fa82f8c46bf083d1270efdac47b37427891ef877ac78627db37ea8eac7e37bdb507a6c3037ec7203021bc99fb513be4f56803b761146f60d563e84ec706e4c87a86d01884eff32f89461f6010430e286db16b342b1a0945f2236f88d96238be9311f420bfcb4be2ed73bbe9af3bfe9f129d7b29c730274bbc2d65f9eb16a576946db915f3b29fbc16ad0c78dfc57494ca32e92fddd3b3ec6fb96bbd88a4c9d4fbfb7ea3d7330e48f5ef01c27f1b30029611bc0b16a09bdac5f590910a1cb83b779a11ee1d34c41d5471e2bf1ab2724cb1f33131962ef5b062ec7d26d266455e9b627d9af33a3e198fbd5c8f64f9045efee57ec29bedd376879d50af6c92e0eb0f6fe3540763aae0d12f54861e0661bf05984ac7f05c3f18d84c248a75a5c48082f4800a3a1ef56071e18960e9243f11febb91032b8f5fd2674b8aa44a4fafef11d42843828e4a5d37bb28f9b2a1580f1029a05d0d8092bf91c0cb0ee542f291746168deb9fe8fbc7a476cd6b2e61b50f170b6bbc62a3fc782ba15c918c2eb21005314dc9b5a99722d26a5304e645b2e1dbec0efab088ce5718c35de890be7205aefed32594cda3c30cb2305ee87ef6d936eebbcabdfb8e0ded00f6cfb3e38806e51f522a5f89f65c1c6a8e62e053891a62bb6654e472b221cc2c263d8207645d6919d0f37c956cee27a2b5c37aaea7a777d3854529b856a47d24d5858591a06e0014734cec2aedb0d005c061915b49247bb35ea072c180b44c89eb443975ecf468b86b0e15183f280539e5c41605afd4d6e81a02d12a1500e57adba09ef0e0c4b6524b0b681404b2f4ec7ea009aa23b0bb93829c3ccc289dd9e926055564e97b73fa5e71c15bdb520719b9f7a2c956b2353f8d39630165af454c60944eaa3c058a843ca3a9d4a7fe94f54012a44b7d099041a75e0fabb6ee605756c47232cd5b4fdc755dfae28062b80ec4611873454d1c624185c5282dc6fa043fc682736728f979f9b87e7b2a6549ab9bea8e9cd5b1de98bcc52cd345b8337b093fcc37bccff6f41ba17edf341df294b92294cb54088bfc17ae2ebb5b6784e27b3f0f17fe665e6211f9750e47b4959a4cc73886bb028ac0c5dd55aad64c0ada16612c1513c2c59a9432ecb496c7d2777b966c5d410b277cd2cefe711e6ef0d7a70c296cee66fcaf974da5b3c310d6ad702a31e4dfce1ca27c0ae9a07c7e87ffe247ce185b19aff1d3f8d6ebda3a92224a076c715542ff207a6434b2e95f154fc01353ead285fb36e32f29ba0884c7dc5af3d840c928bf9bb7f598a6fa1cb63e3ae40da33c9a4c1579d042b57f32a0f0f381daf323cff555ad4d6625dc9c6f69fc1890428a8c64a94de06dc0efd23dc8706e2737837f3364365b5b7bf45507a63d271841addbe32b61716ec3f51722867fef857f1997bc04eecb2a4c374ce04f7c4ae107d103065f21ab7cd27f671ab44163bd06f13555192ccef4041b35b48b69ffabc08ca022dcea25674c06f2b7983cf6b4b62f757d2bee79a49fd663f4f8b5fd9ed1baab24f86f4f636a5f4510a59a21bad013663a81f4c005fc584035ac32f5bcd253dfe38fee6834d6514d83486074a2173cd7cd0d9146b956a026c47d66847d5865befb6a2e8f7c73daee99fa14d71803bfa86d1539b5593fbbeefea27cf9e4b904807b0ba61f099d58ef0834de438f3054f82eceb2b69d6b52581cc7f648e5c36e97c954c66ea94278e4b628609ee2e7f4c0ccf1e2b1e2d36f351f9d5dbf19633c0e037007df30037a884a47b9e272954a3e1c8b8a711d25b1566f794bf22252da68743161e8aeaaaff05ba4b195bd2754ed6548e4e6d4a9997a6c5a7bc3d7252eeaaf4fd2ab4a1e6a65e14f76f89c80726b38dea216f9ac043a6ec1d7082e7086266999cd6c59d9bcc8f8ae1b4ac9f2d946a73ba69e0abfd2e4288ce4aa39b93771c84b7a6acf4db0edda81736a7c77d4dda0a96d44130a235b2799a98d89b5da027162407dfa501e729e3f14d3e1be648c3acd392c009ae1cac641073e430769bb570563df681d4f929b6fcdaedec3882122f7158fc0851bdfeeeb7bad5ceb4a03e902c688a277a6e57a67ce62b93b066db743b8fb2192a28d34773cb489b46deff6af210c6ceb583712799136ffe38cfca9ba65a0852b1f30c7852cc685af309753955ccd269d58524662fb25e54621d0bd227fc80e8b471e5958bd41d747b3b896b22952a7c47cd642dcc8a2fb5ba4624ee5ab2e273f74710c1e778f39495c5697995011daefc427c0eeb15d884808422b5865f7b990259c1775f8fd519af5e0a5c8e723708a27ec996af0a2b02aee8c8bf41a6f6eeb82657944811e2b0817f6ba8acfd49119fddbf364905e43b92b572e60dbe51dd0b3136b533cb2a49c698884aa1d9c9760e0f2706162c10e576da33d4bc668dbc05d853ece658a8032a36bb11160496611d29f284f5f1ec598c218117a4880df429e6a63e1eb4bba1ff901d8e6d3346ffc813c88484e55b8495ddb052f657b4b27d956da8f7375ef046307074fda6f3ede1b2765a5c8bcf7d9a75f65054cf93979f574193daae1e854ddeb248490290b866ffd46baf79f29cc077faa79640b2617f99b749f9ce2063869a8d256c5db31a1c7bfb9c501e925848778e1210b6d368c4533a10ce0d4af62b07d748d4114a268808041c80ab624a6885b288aaebbcc0a049346142ec7c7de149ddb5ea0648ed95064b5ef3c1e9f9e7450d45ca1c88196536b9ccb6dbfcf", 0x1000}], 0x1)
sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}, 0x1, 0x0, 0x0, 0x4c000}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r0)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6)
ioctl$SIOCPNDELRESOURCE(0xffffffffffffffff, 0x89ef, &(0x7f0000000000)=0x7c3)
sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)={0x2c, r2, 0xf03, 0x0, 0x9000000, {}, [@NLBL_MGMT_A_DOMAIN={0x15, 0x1, '\x00\x00\x00\t\x00\x00\x00\xc1\x04\x00\x00\x00\x00\x00\x00\x00\x00'}]}, 0x2c}}, 0x0)

203.645799ms ago: executing program 4 (id=283):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r1 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f00000002c0))

78.236017ms ago: executing program 4 (id=284):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000100), 0x4)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x6600, 0x2)
r3 = openat(r2, &(0x7f0000000380)='./file0\x00', 0x200040, 0x1)
close_range(0xffffffffffffffff, r2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r3)

0s ago: executing program 0 (id=285):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0xd40, 0x0)
ioctl$FBIOBLANK(r0, 0x4611, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_tables_matches\x00')
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000000000000088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$MSR(&(0x7f0000000280), 0x3, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, 0x0, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r2, 0x0, 0x8080)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_int(r6, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
shutdown(r5, 0x1)
setsockopt$sock_int(r6, 0x1, 0x22, 0x0, 0x0)
recvmmsg(r6, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/26, 0x1a}, 0x3}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/152}, {&(0x7f0000000300)=""/217}, {&(0x7f00000000c0)=""/29}], 0x0, &(0x7f0000000400)=""/104}, 0x7fff}], 0x32, 0x0, 0x0)
ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0)

kernel console output (not intermixed with test programs):

S Google 10/02/2025
[   98.675641][ T5919] Call Trace:
[   98.675654][ T5919]  <TASK>
[   98.675663][ T5919]  dump_stack_lvl+0x189/0x250
[   98.675694][ T5919]  ? irqentry_exit+0x74/0x90
[   98.675717][ T5919]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.675758][ T5919]  should_fail_ex+0x46c/0x600
[   98.675786][ T5919]  get_futex_key+0x900/0x1660
[   98.675813][ T5919]  ? lockdep_hardirqs_on+0x9c/0x150
[   98.675835][ T5919]  ? __pfx_get_futex_key+0x10/0x10
[   98.675867][ T5919]  futex_wait_requeue_pi+0x21b/0x8d0
[   98.675896][ T5919]  ? __pfx_futex_wait_requeue_pi+0x10/0x10
[   98.675942][ T5919]  ? preempt_schedule_irq+0xde/0x150
[   98.675973][ T5919]  ? __pfx_futex_wake_mark+0x10/0x10
[   98.676006][ T5919]  ? do_futex+0x121/0x420
[   98.676032][ T5919]  do_futex+0x181/0x420
[   98.676051][ T5919]  ? __pfx_vfs_write+0x10/0x10
[   98.676075][ T5919]  ? __pfx_do_futex+0x10/0x10
[   98.676092][ T5919]  ? rt_mutex_slowunlock+0x1be/0x2e0
[   98.676110][ T5919]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[   98.676134][ T5919]  __se_sys_futex+0x36f/0x400
[   98.676155][ T5919]  ? fput+0xa0/0xd0
[   98.676172][ T5919]  ? ksys_write+0x230/0x260
[   98.676191][ T5919]  ? __pfx___se_sys_futex+0x10/0x10
[   98.676233][ T5919]  ? __x64_sys_futex+0x21/0xf0
[   98.676256][ T5919]  do_syscall_64+0xfa/0xfa0
[   98.676279][ T5919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.676295][ T5919]  ? asm_sysvec_call_function_single+0x1a/0x20
[   98.676312][ T5919]  ? clear_bhb_loop+0x60/0xb0
[   98.676332][ T5919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.676350][ T5919] RIP: 0033:0x7fd0f4e6efc9
[   98.676369][ T5919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.676383][ T5919] RSP: 002b:00007fd0f30ad038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   98.676403][ T5919] RAX: ffffffffffffffda RBX: 00007fd0f50c6090 RCX: 00007fd0f4e6efc9
[   98.676416][ T5919] RDX: 0000000000000004 RSI: 000080000000000b RDI: 000020000000cffc
[   98.676427][ T5919] RBP: 00007fd0f30ad090 R08: 0000200000048000 R09: 0000000000000000
[   98.676439][ T5919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.676450][ T5919] R13: 00007fd0f50c6128 R14: 00007fd0f50c6090 R15: 00007ffef11773f8
[   98.676476][ T5919]  </TASK>
[   99.079414][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.175184][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.255439][ T1367] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.255551][ T1367] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.255564][ T1367] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.264597][ T1367] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.266212][ T1367] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.270780][ T1367] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.282484][ T5821] veth0_macvtap: entered promiscuous mode
[   99.373374][ T5821] veth1_macvtap: entered promiscuous mode
[   99.389053][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.389073][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.644554][ T5924] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.814178][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.910313][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.929938][ T5930] Zero length message leads to an empty skb
[  100.033971][ T1367] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.036667][ T1367] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.044338][ T1367] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.056365][ T1367] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.057276][ T1367] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.057292][ T1367] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.337377][ T5947] netlink: 'syz.1.11': attribute type 1 has an invalid length.
[  102.411316][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.411333][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.418369][  T993] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  102.621368][  T993] usb 4-1: Using ep0 maxpacket: 8
[  102.636198][  T993] usb 4-1: config 0 has an invalid interface number: 37 but max is 0
[  102.636226][  T993] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  102.636245][  T993] usb 4-1: config 0 has no interface number 0
[  102.640092][  T993] usb 4-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3
[  102.640122][  T993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.640141][  T993] usb 4-1: Product: syz
[  102.640154][  T993] usb 4-1: Manufacturer: syz
[  102.640168][  T993] usb 4-1: SerialNumber: syz
[  102.677224][  T993] usb 4-1: config 0 descriptor??
[  102.712668][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.712687][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.769918][  T993] usb 4-1: bad CDC descriptors
[  103.463534][    C0] vkms_vblank_simulate: vblank timer overrun
[  103.500948][    C0] vkms_vblank_simulate: vblank timer overrun
[  103.776232][  T993] usb 4-1: USB disconnect, device number 2
[  104.045809][ T5962] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  104.186483][    C0] vkms_vblank_simulate: vblank timer overrun
[  104.205533][   T37] audit: type=1326 audit(1761801012.008:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205583][   T37] audit: type=1326 audit(1761801012.008:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205622][   T37] audit: type=1326 audit(1761801012.008:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205661][   T37] audit: type=1326 audit(1761801012.008:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205699][   T37] audit: type=1326 audit(1761801012.008:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205737][   T37] audit: type=1326 audit(1761801012.008:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205775][   T37] audit: type=1326 audit(1761801012.008:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205814][   T37] audit: type=1326 audit(1761801012.008:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205852][   T37] audit: type=1326 audit(1761801012.008:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.205891][   T37] audit: type=1326 audit(1761801012.018:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5954 comm="syz.0.13" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  104.297757][ T4859] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.297776][ T4859] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.366422][ T5960] FAULT_INJECTION: forcing a failure.
[  104.366422][ T5960] name failslab, interval 1, probability 0, space 0, times 1
[  104.366455][ T5960] CPU: 1 UID: 0 PID: 5960 Comm: syz.3.15 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  104.366476][ T5960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  104.366485][ T5960] Call Trace:
[  104.366492][ T5960]  <TASK>
[  104.366500][ T5960]  dump_stack_lvl+0x189/0x250
[  104.366528][ T5960]  ? __pfx____ratelimit+0x10/0x10
[  104.366549][ T5960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.366573][ T5960]  ? __pfx__printk+0x10/0x10
[  104.366598][ T5960]  ? __pfx___might_resched+0x10/0x10
[  104.366615][ T5960]  ? fs_reclaim_acquire+0x7d/0x100
[  104.366642][ T5960]  should_fail_ex+0x46c/0x600
[  104.366669][ T5960]  should_failslab+0xa8/0x100
[  104.366692][ T5960]  __kmalloc_cache_noprof+0x6f/0x6c0
[  104.366715][ T5960]  ? alloc_pipe_info+0xe9/0x4e0
[  104.366739][ T5960]  alloc_pipe_info+0xe9/0x4e0
[  104.366763][ T5960]  splice_direct_to_actor+0xa6e/0xcd0
[  104.366786][ T5960]  ? __lock_acquire+0xab9/0xd20
[  104.366818][ T5960]  ? __lock_acquire+0xab9/0xd20
[  104.366838][ T5960]  ? __pfx_direct_splice_actor+0x10/0x10
[  104.366859][ T5960]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  104.366889][ T5960]  do_splice_direct+0x187/0x270
[  104.366912][ T5960]  ? __pfx_do_splice_direct+0x10/0x10
[  104.366938][ T5960]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  104.366965][ T5960]  ? rw_verify_area+0x25b/0x4e0
[  104.366988][ T5960]  do_sendfile+0x4ec/0x7f0
[  104.367021][ T5960]  ? __pfx_do_sendfile+0x10/0x10
[  104.367056][ T5960]  __se_sys_sendfile64+0xd9/0x190
[  104.367083][ T5960]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  104.367110][ T5960]  ? do_syscall_64+0xbe/0xfa0
[  104.367134][ T5960]  do_syscall_64+0xfa/0xfa0
[  104.367152][ T5960]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.367172][ T5960]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.367189][ T5960]  ? clear_bhb_loop+0x60/0xb0
[  104.367209][ T5960]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.367225][ T5960] RIP: 0033:0x7f481fe7efc9
[  104.367240][ T5960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.367254][ T5960] RSP: 002b:00007f481e0de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  104.367272][ T5960] RAX: ffffffffffffffda RBX: 00007f48200d5fa0 RCX: 00007f481fe7efc9
[  104.367284][ T5960] RDX: 0000200000000080 RSI: 0000000000000005 RDI: 0000000000000005
[  104.367295][ T5960] RBP: 00007f481e0de090 R08: 0000000000000000 R09: 0000000000000000
[  104.367305][ T5960] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001
[  104.367316][ T5960] R13: 00007f48200d6038 R14: 00007f48200d5fa0 R15: 00007ffe2109d028
[  104.367344][ T5960]  </TASK>
[  104.931188][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  106.533662][    C0] vkms_vblank_simulate: vblank timer overrun
[  106.821613][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.007083][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.027308][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.429296][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.823984][    C0] vkms_vblank_simulate: vblank timer overrun
[  107.978427][ T5995] netlink: 'syz.0.20': attribute type 46 has an invalid length.
[  107.978616][ T5995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.20'.
[  108.018559][ T1810] IPVS: starting estimator thread 0...
[  108.081528][ T5996] netlink: 60 bytes leftover after parsing attributes in process `syz.2.22'.
[  108.123242][ T6000] IPVS: using max 8 ests per chain, 19200 per kthread
[  108.212254][ T6003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.23'.
[  108.421271][ T5941] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  108.577226][ T5941] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  108.577256][ T5941] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  108.580604][ T5941] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  108.580634][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  108.580655][ T5941] usb 1-1: SerialNumber: syz
[  108.604143][ T5915] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  108.721440][ T6012] netlink: 'syz.4.24': attribute type 1 has an invalid length.
[  109.191370][ T5915] usb 4-1: unable to get BOS descriptor or descriptor too short
[  109.194922][ T5915] usb 4-1: not running at top speed; connect to a high speed hub
[  109.203582][ T5915] usb 4-1: config 12 has an invalid interface number: 184 but max is 0
[  109.203660][ T5915] usb 4-1: config 12 has no interface number 0
[  109.203711][ T5915] usb 4-1: config 12 interface 184 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[  109.253496][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  109.280294][ T5915] usb 4-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2
[  109.280448][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.280469][ T5915] usb 4-1: Product: syz
[  109.280691][ T5915] usb 4-1: Manufacturer: syz
[  109.280707][ T5915] usb 4-1: SerialNumber: syz
[  109.432336][   T10] usb 3-1: Using ep0 maxpacket: 32
[  109.448706][   T10] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  109.515404][   T10] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  109.515563][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.515583][   T10] usb 3-1: Product: syz
[  109.515645][   T10] usb 3-1: Manufacturer: syz
[  109.515659][   T10] usb 3-1: SerialNumber: syz
[  109.564509][ T5941] usb 1-1: 0:2 : does not exist
[  109.566524][ T5941] usb 1-1: unit 5 not found!
[  109.894450][   T10] usb 3-1: config 0 descriptor??
[  110.283489][ T5941] usb 1-1: USB disconnect, device number 2
[  110.472438][ T5915] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  110.564542][ T5856] udevd[5856]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.569905][ T6027] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  110.582896][ T6027] Error validating options; rc = [-22]
[  110.658376][ T5915] usb 4-1: USB disconnect, device number 3
[  110.875557][ T6014] udevd[6014]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:12.184/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.991400][ T5941] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  111.007742][ T6035] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  111.081186][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  111.124924][ T6040] random: crng reseeded on system resumption
[  111.141287][ T5941] usb 1-1: Using ep0 maxpacket: 8
[  111.152516][ T5941] usb 1-1: unable to get BOS descriptor or descriptor too short
[  111.154108][ T5941] usb 1-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0
[  111.154133][ T5941] usb 1-1: config 8 interface 0 has no altsetting 0
[  111.195146][ T5941] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  111.195174][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.195192][ T5941] usb 1-1: Product: syz
[  111.195206][ T5941] usb 1-1: Manufacturer: syz
[  111.195219][ T5941] usb 1-1: SerialNumber: syz
[  111.466706][ T5915] usb 3-1: USB disconnect, device number 2
[  111.470887][ T5941] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  111.470956][ T5941] usb 1-1: selecting invalid altsetting 0
[  111.531453][ T6044] 9pnet_fd: Insufficient options for proto=fd
[  111.558496][ T6044] capability: warning: `syz.3.34' uses deprecated v2 capabilities in a way that may be insecure
[  111.654952][ T5941] usb 1-1: USB disconnect, device number 3
[  111.862586][ T6037] udevd[6037]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  111.920359][ T6050] netlink: 60 bytes leftover after parsing attributes in process `syz.3.36'.
[  112.086359][ T6056] netlink: 24 bytes leftover after parsing attributes in process `syz.4.38'.
[  112.401494][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  112.403255][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  112.586487][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.690968][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.724441][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.724653][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.732084][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.820969][    C1] vkms_vblank_simulate: vblank timer overrun
[  112.841306][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  112.961292][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  113.245137][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.442939][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.513952][ T6068] Process accounting resumed
[  113.577517][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.653413][ T6070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.41'.
[  119.472113][ T6063] slcan: can't register candev
[  119.961767][ T6080] ptrace attach of "./syz-executor exec"[5821] was attempted by ""[6080]
[  119.975830][ T6080] netlink: 12 bytes leftover after parsing attributes in process `syz.4.43'.
[  122.835607][ T6084] random: crng reseeded on system resumption
[  127.318212][ T6098] netlink: 4 bytes leftover after parsing attributes in process `syz.0.48'.
[  128.399896][   T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  128.409932][   T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  128.412067][   T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  128.419630][   T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  128.420705][   T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  128.786080][   T37] kauditd_printk_skb: 8 callbacks suppressed
[  128.786099][   T37] audit: type=1326 audit(1761801036.598:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.786142][   T37] audit: type=1326 audit(1761801036.598:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.811260][   T37] audit: type=1326 audit(1761801036.618:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.811312][   T37] audit: type=1326 audit(1761801036.618:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.811346][   T37] audit: type=1326 audit(1761801036.618:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.811379][   T37] audit: type=1326 audit(1761801036.618:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.856916][   T37] audit: type=1326 audit(1761801036.678:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.856970][   T37] audit: type=1326 audit(1761801036.678:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.857008][   T37] audit: type=1326 audit(1761801036.678:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  128.857045][   T37] audit: type=1326 audit(1761801036.678:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6118 comm="syz.0.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  129.323896][ T6128] =======================================================
[  129.323896][ T6128] WARNING: The mand mount option has been deprecated and
[  129.323896][ T6128]          and is ignored by this kernel. Remove the mand
[  129.323896][ T6128]          option from the mount to silence this warning.
[  129.323896][ T6128] =======================================================
[  130.102209][   T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  130.115744][   T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  130.141584][   T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  130.143022][   T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  130.144412][   T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  130.552778][   T61] Bluetooth: hci5: command tx timeout
[  131.900394][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  131.902264][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.199416][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.233136][   T61] Bluetooth: hci6: command tx timeout
[  132.266129][   T10] usb 1-1: Using ep0 maxpacket: 32
[  132.631311][   T61] Bluetooth: hci5: command tx timeout
[  132.666423][   T10] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.666446][   T10] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.666457][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  132.666476][   T10] usb 1-1: New USB device found, idVendor=056a, idProduct=0004, bcdDevice= 0.00
[  132.666487][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.922191][   T10] usb 1-1: config 0 descriptor??
[  132.970025][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.982341][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  132.982431][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  133.133860][ T6015] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  133.331373][ T6015] usb 3-1: Using ep0 maxpacket: 8
[  133.384780][    C1] vkms_vblank_simulate: vblank timer overrun
[  133.437148][ T6015] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  133.437234][ T6015] usb 3-1: config 0 interface 0 has no altsetting 0
[  133.437271][ T6015] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  133.437293][ T6015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.083101][ T6015] usb 3-1: config 0 descriptor??
[  134.140615][   T10] wacom 0003:056A:0004.0001: unknown main item tag 0x0
[  134.141313][   T10] wacom 0003:056A:0004.0001: unknown main item tag 0x0
[  134.311309][   T61] Bluetooth: hci6: command tx timeout
[  134.557474][ T6015] hid-u2fzero 0003:20A0:4287.0002: item fetching failed at offset 3/5
[  134.557970][ T6015] hid-u2fzero 0003:20A0:4287.0002: probe with driver hid-u2fzero failed with error -22
[  134.713362][   T61] Bluetooth: hci5: command tx timeout
[  134.791657][   T31] usb 3-1: USB disconnect, device number 3
[  134.920173][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.000060][ T6015] usb 1-1: USB disconnect, device number 4
[  135.149583][ T6190] FAULT_INJECTION: forcing a failure.
[  135.149583][ T6190] name failslab, interval 1, probability 0, space 0, times 0
[  135.149627][ T6190] CPU: 1 UID: 0 PID: 6190 Comm: syz.0.65 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  135.149647][ T6190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  135.149658][ T6190] Call Trace:
[  135.149665][ T6190]  <TASK>
[  135.149672][ T6190]  dump_stack_lvl+0x189/0x250
[  135.149701][ T6190]  ? __pfx____ratelimit+0x10/0x10
[  135.149723][ T6190]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.149746][ T6190]  ? __pfx__printk+0x10/0x10
[  135.149772][ T6190]  ? __pfx___might_resched+0x10/0x10
[  135.149791][ T6190]  ? fs_reclaim_acquire+0x7d/0x100
[  135.149817][ T6190]  should_fail_ex+0x46c/0x600
[  135.149844][ T6190]  ? __alloc_skb+0x112/0x2d0
[  135.149860][ T6190]  should_failslab+0xa8/0x100
[  135.149883][ T6190]  ? __alloc_skb+0x112/0x2d0
[  135.149897][ T6190]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  135.149921][ T6190]  ? netlink_autobind+0xdb/0x300
[  135.149944][ T6190]  __alloc_skb+0x112/0x2d0
[  135.149964][ T6190]  netlink_sendmsg+0x5c6/0xb30
[  135.149980][ T6190]  ? is_bpf_text_address+0x26/0x2b0
[  135.150013][ T6190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.150039][ T6190]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  135.150061][ T6190]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.150079][ T6190]  __sock_sendmsg+0x21c/0x270
[  135.150105][ T6190]  ____sys_sendmsg+0x508/0x820
[  135.150131][ T6190]  ? __pfx_____sys_sendmsg+0x10/0x10
[  135.150164][ T6190]  ? import_iovec+0x74/0xa0
[  135.150187][ T6190]  ___sys_sendmsg+0x21f/0x2a0
[  135.150214][ T6190]  ? __pfx____sys_sendmsg+0x10/0x10
[  135.150270][ T6190]  ? __fget_files+0x2a/0x420
[  135.150291][ T6190]  ? __fget_files+0x3a6/0x420
[  135.150323][ T6190]  __x64_sys_sendmsg+0x1a1/0x260
[  135.150345][ T6190]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  135.150372][ T6190]  ? __pfx_ksys_write+0x10/0x10
[  135.150397][ T6190]  ? do_syscall_64+0xbe/0xfa0
[  135.150421][ T6190]  do_syscall_64+0xfa/0xfa0
[  135.150440][ T6190]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.150460][ T6190]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.150477][ T6190]  ? clear_bhb_loop+0x60/0xb0
[  135.150497][ T6190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.150513][ T6190] RIP: 0033:0x7fc53850efc9
[  135.150528][ T6190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.150541][ T6190] RSP: 002b:00007fc53676e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.150570][ T6190] RAX: ffffffffffffffda RBX: 00007fc538765fa0 RCX: 00007fc53850efc9
[  135.150583][ T6190] RDX: 0000000020000004 RSI: 0000200000000580 RDI: 0000000000000003
[  135.150594][ T6190] RBP: 00007fc53676e090 R08: 0000000000000000 R09: 0000000000000000
[  135.150605][ T6190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.150615][ T6190] R13: 00007fc538766038 R14: 00007fc538765fa0 R15: 00007fffb139beb8
[  135.150646][ T6190]  </TASK>
[  135.523619][ T6112] chnl_net:caif_netlink_parms(): no params data found
[  135.998387][ T1177] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.353715][ T1177] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.391275][   T61] Bluetooth: hci6: command tx timeout
[  136.461535][ T6204] Illegal XDP return value 253 on prog  (id 14) dev syz_tun, expect packet loss!
[  136.714257][ T1177] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.798476][   T61] Bluetooth: hci5: command tx timeout
[  137.776547][   T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  137.941341][   T10] usb 3-1: Using ep0 maxpacket: 32
[  137.947644][   T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.947676][   T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.947698][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  137.947731][   T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0004, bcdDevice= 0.00
[  137.947753][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.973493][   T10] usb 3-1: config 0 descriptor??
[  138.471331][   T61] Bluetooth: hci6: command tx timeout
[  138.612629][ T1177] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.649635][ T6112] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.658530][ T6112] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.658780][ T6112] bridge_slave_0: entered allmulticast mode
[  138.674973][ T6112] bridge_slave_0: entered promiscuous mode
[  138.687814][ T6112] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.688684][ T6112] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.689998][ T6112] bridge_slave_1: entered allmulticast mode
[  138.728470][ T6112] bridge_slave_1: entered promiscuous mode
[  138.779758][   T10] wacom 0003:056A:0004.0003: unknown main item tag 0x0
[  138.779794][   T10] wacom 0003:056A:0004.0003: unknown main item tag 0x0
[  139.114286][ T6236] netlink: 'syz.4.78': attribute type 1 has an invalid length.
[  139.121645][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.953863][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.207235][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.317602][ T6242] ptrace attach of "./syz-executor exec"[5810] was attempted by ""[6242]
[  140.343322][ T6242] nfs4: Unknown parameter 'iéntr'
[  141.259075][ T6112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.703492][   T31] usb 3-1: USB disconnect, device number 4
[  141.733180][ T6112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.717382][ T6112] team0: Port device team_slave_0 added
[  142.853424][ T6112] team0: Port device team_slave_1 added
[  143.304456][ T6267] netlink: 'syz.2.88': attribute type 1 has an invalid length.
[  143.781340][ T6015] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  143.931282][ T6015] usb 5-1: Using ep0 maxpacket: 32
[  143.941065][ T6015] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  143.941387][ T6015] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.941407][ T6015] usb 5-1: Product: syz
[  143.941421][ T6015] usb 5-1: Manufacturer: syz
[  143.941434][ T6015] usb 5-1: SerialNumber: syz
[  143.955073][ T6015] usb 5-1: config 0 descriptor??
[  143.975211][ T6015] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  144.521301][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  144.567562][ T6112] batman_adv: batadv0: Adding interface: batadv_slave_0
[  144.567578][ T6112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  144.567600][ T6112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  144.573653][ T6129] chnl_net:caif_netlink_parms(): no params data found
[  144.622184][ T6112] batman_adv: batadv0: Adding interface: batadv_slave_1
[  144.622200][ T6112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  144.622224][ T6112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  144.671317][   T10] usb 3-1: Using ep0 maxpacket: 32
[  144.677367][   T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.677453][   T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.677475][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  144.677509][   T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0004, bcdDevice= 0.00
[  144.677530][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.741627][   T10] usb 3-1: config 0 descriptor??
[  144.810927][ T6015] gspca_stk1135: reg_w 0x5 err -71
[  144.813020][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813034][ T6015] gspca_stk1135: Sensor write failed
[  144.813062][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813071][ T6015] gspca_stk1135: Sensor write failed
[  144.813098][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813107][ T6015] gspca_stk1135: Sensor read failed
[  144.813134][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813142][ T6015] gspca_stk1135: Sensor read failed
[  144.813148][ T6015] gspca_stk1135: Detected sensor type unknown (0x0)
[  144.813187][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813195][ T6015] gspca_stk1135: Sensor read failed
[  144.813223][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813231][ T6015] gspca_stk1135: Sensor read failed
[  144.813260][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813267][ T6015] gspca_stk1135: Sensor write failed
[  144.813295][ T6015] gspca_stk1135: serial bus timeout: status=0x00
[  144.813303][ T6015] gspca_stk1135: Sensor write failed
[  144.813400][ T6015] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  144.852419][ T6015] usb 5-1: USB disconnect, device number 2
[  145.528576][   T10] wacom 0003:056A:0004.0004: unknown main item tag 0x0
[  145.528611][   T10] wacom 0003:056A:0004.0004: unknown main item tag 0x0
[  145.681710][   T31] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  145.735901][ T6285] netlink: 48 bytes leftover after parsing attributes in process `syz.4.93'.
[  145.783105][ T1177] bridge_slave_1: left allmulticast mode
[  145.783213][ T1177] bridge_slave_1: left promiscuous mode
[  145.786959][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.837753][   T31] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  145.837778][   T31] usb 1-1: config 0 has no interface number 0
[  145.837822][   T31] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  145.837846][   T31] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  145.842032][   T31] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  145.842060][   T31] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  145.842079][   T31] usb 1-1: Product: syz
[  145.842092][   T31] usb 1-1: SerialNumber: syz
[  145.857562][   T31] usb 1-1: config 0 descriptor??
[  145.899647][   T31] usbhid 1-1:0.8: couldn't find an input interrupt endpoint
[  145.934836][ T1177] bridge_slave_0: left allmulticast mode
[  145.934856][ T1177] bridge_slave_0: left promiscuous mode
[  145.935046][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.309545][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.314362][   T31] usb 3-1: USB disconnect, device number 5
[  147.587268][ T6293] FAULT_INJECTION: forcing a failure.
[  147.587268][ T6293] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  147.587290][ T6293] CPU: 1 UID: 0 PID: 6293 Comm: syz.2.96 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  147.587302][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  147.587308][ T6293] Call Trace:
[  147.587312][ T6293]  <TASK>
[  147.587317][ T6293]  dump_stack_lvl+0x189/0x250
[  147.587337][ T6293]  ? __pfx____ratelimit+0x10/0x10
[  147.587350][ T6293]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.587364][ T6293]  ? __pfx__printk+0x10/0x10
[  147.587376][ T6293]  ? __might_fault+0xb0/0x130
[  147.587395][ T6293]  should_fail_ex+0x46c/0x600
[  147.587412][ T6293]  _copy_from_user+0x2d/0xb0
[  147.587423][ T6293]  core_sys_select+0x60b/0xa20
[  147.587442][ T6293]  ? __pfx_core_sys_select+0x10/0x10
[  147.587467][ T6293]  ? __pfx_set_user_sigmask+0x10/0x10
[  147.587478][ T6293]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  147.587488][ T6293]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  147.587502][ T6293]  __se_sys_pselect6+0x27a/0x300
[  147.587517][ T6293]  ? __pfx___se_sys_pselect6+0x10/0x10
[  147.587529][ T6293]  ? __pfx_ksys_write+0x10/0x10
[  147.587543][ T6293]  ? __x64_sys_pselect6+0x21/0xf0
[  147.587556][ T6293]  do_syscall_64+0xfa/0xfa0
[  147.587567][ T6293]  ? lockdep_hardirqs_on+0x9c/0x150
[  147.587579][ T6293]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.587589][ T6293]  ? clear_bhb_loop+0x60/0xb0
[  147.587600][ T6293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.587609][ T6293] RIP: 0033:0x7fc612cdefc9
[  147.587618][ T6293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.587626][ T6293] RSP: 002b:00007fc610f46038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  147.587637][ T6293] RAX: ffffffffffffffda RBX: 00007fc612f35fa0 RCX: 00007fc612cdefc9
[  147.587644][ T6293] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  147.587650][ T6293] RBP: 00007fc610f46090 R08: 0000000000000000 R09: 0000000000000000
[  147.587656][ T6293] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  147.587662][ T6293] R13: 00007fc612f36038 R14: 00007fc612f35fa0 R15: 00007ffeee805a38
[  147.587678][ T6293]  </TASK>
[  147.962017][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.631618][    C1] vkms_vblank_simulate: vblank timer overrun
[  148.813485][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  148.872215][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  148.915318][ T1177] bond0 (unregistering): Released all slaves
[  148.984520][ T6285] netlink: 20 bytes leftover after parsing attributes in process `syz.4.93'.
[  148.984547][ T6285] netlink: 20 bytes leftover after parsing attributes in process `syz.4.93'.
[  149.096048][ T6277] tipc: Started in network mode
[  149.096076][ T6277] tipc: Node identity 00000000000000000000007ade000001, cluster identity 4711
[  149.096205][ T6277] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  149.157191][ T6112] hsr_slave_0: entered promiscuous mode
[  149.158529][ T6112] hsr_slave_1: entered promiscuous mode
[  149.159484][ T6112] debugfs: 'hsr0' already exists in 'hsr'
[  149.159506][ T6112] Cannot create hsr debugfs directory
[  149.380371][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.501831][   T44] usb 1-1: USB disconnect, device number 5
[  149.691354][ T6015] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  149.871656][ T6015] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  149.871682][ T6015] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  149.881856][ T6015] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  149.881883][ T6015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  149.881901][ T6015] usb 3-1: SerialNumber: syz
[  149.940906][ T6015] usb 3-1: 0:2 : does not exist
[  150.072173][    C1] vkms_vblank_simulate: vblank timer overrun
[  150.524522][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.544077][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.544322][ T6129] bridge_slave_0: entered allmulticast mode
[  150.560219][ T6129] bridge_slave_0: entered promiscuous mode
[  150.727695][ T5882] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  150.982918][ T5882] usb 5-1: Using ep0 maxpacket: 32
[  151.233135][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.233274][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.233502][ T6129] bridge_slave_1: entered allmulticast mode
[  151.236789][ T6129] bridge_slave_1: entered promiscuous mode
[  151.242187][ T5882] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.242219][ T5882] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.242239][ T5882] usb 5-1: config 0 interface 0 has no altsetting 0
[  151.242273][ T5882] usb 5-1: New USB device found, idVendor=056a, idProduct=0004, bcdDevice= 0.00
[  151.242296][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.324985][ T5882] usb 5-1: config 0 descriptor??
[  151.699894][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.057196][ T5882] wacom 0003:056A:0004.0005: unknown main item tag 0x0
[  152.059411][ T5882] wacom 0003:056A:0004.0005: unknown main item tag 0x0
[  152.992863][ T5882] usb 3-1: USB disconnect, device number 6
[  153.529519][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.533737][ T5915] usb 5-1: USB disconnect, device number 3
[  154.023697][ T6327] random: crng reseeded on system resumption
[  154.104413][    C1] vkms_vblank_simulate: vblank timer overrun
[  155.172971][ T6336] ptrace attach of "./syz-executor exec"[5821] was attempted by ""[6336]
[  155.813097][ T6336] netlink: 12 bytes leftover after parsing attributes in process `syz.4.109'.
[  156.518930][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.801669][ T1177] hsr_slave_0: left promiscuous mode
[  156.851373][ T1177] hsr_slave_1: left promiscuous mode
[  156.854443][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.854570][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.904708][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  156.904735][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.203206][ T1177] veth1_macvtap: left promiscuous mode
[  157.203447][ T1177] veth0_macvtap: left promiscuous mode
[  157.203747][ T1177] veth1_vlan: left promiscuous mode
[  157.205493][ T1177] veth0_vlan: left promiscuous mode
[  157.338560][ T6352] syz.4.116 (6352) used greatest stack depth: 18664 bytes left
[  157.657629][ T6357] netlink: 'syz.4.117': attribute type 3 has an invalid length.
[  157.657651][ T6357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.117'.
[  157.901373][   T44] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  158.051639][   T44] usb 5-1: Using ep0 maxpacket: 16
[  158.054096][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.054129][   T44] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  158.054177][   T44] usb 5-1: New USB device found, idVendor=044f, idProduct=b654, bcdDevice= 0.00
[  158.054200][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.127901][   T44] usb 5-1: config 0 descriptor??
[  159.067431][ T5915] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  159.122482][   T44] thrustmaster 0003:044F:B654.0006: hidraw0: USB HID v0.00 Device [HID 044f:b654] on usb-dummy_hcd.4-1/input0
[  159.122528][   T44] thrustmaster 0003:044F:B654.0006: no inputs found
[  159.221281][ T5915] usb 3-1: Using ep0 maxpacket: 8
[  159.277414][ T5943] usb 5-1: USB disconnect, device number 4
[  159.380857][ T5915] usb 3-1: device descriptor read/all, error -71
[  160.601012][ T6391] ptrace attach of "./syz-executor exec"[5821] was attempted by ""[6391]
[  162.533136][ T1177] team0 (unregistering): Port device team_slave_1 removed
[  162.701828][ T1177] team0 (unregistering): Port device team_slave_0 removed
[  164.691852][ T6391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.125'.
[  164.800756][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.262603][ T6407] netlink: 'syz.2.129': attribute type 1 has an invalid length.
[  166.123226][ T6129] team0: Port device team_slave_0 added
[  166.150036][ T6129] team0: Port device team_slave_1 added
[  166.494218][  T993] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  166.542422][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  166.542438][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.542461][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  166.558856][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  166.558873][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  166.558904][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  166.852618][  T993] usb 3-1: Using ep0 maxpacket: 8
[  166.855126][  T993] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  166.855158][  T993] usb 3-1: config 0 interface 0 has no altsetting 0
[  166.855192][  T993] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  166.855214][  T993] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.866689][  T993] usb 3-1: config 0 descriptor??
[  167.853823][  T993] hid-u2fzero 0003:20A0:4287.0007: item fetching failed at offset 3/5
[  167.854776][  T993] hid-u2fzero 0003:20A0:4287.0007: probe with driver hid-u2fzero failed with error -22
[  168.060903][ T1810] usb 3-1: USB disconnect, device number 9
[  168.133687][ T6129] hsr_slave_0: entered promiscuous mode
[  168.141719][ T6129] hsr_slave_1: entered promiscuous mode
[  168.142731][ T6129] debugfs: 'hsr0' already exists in 'hsr'
[  168.142758][ T6129] Cannot create hsr debugfs directory
[  168.235940][ T6431] ptrace attach of "./syz-executor exec"[5810] was attempted by ""[6431]
[  168.636325][ T6431] netlink: 12 bytes leftover after parsing attributes in process `syz.0.137'.
[  169.909839][ T6440] netlink: 'syz.2.140': attribute type 1 has an invalid length.
[  170.389823][ T1177] IPVS: stop unused estimator thread 0...
[  170.494805][ T6112] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  170.621644][  T993] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  170.638895][ T6112] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  170.727286][ T6112] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  170.790778][  T993] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  170.790807][  T993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.790826][  T993] usb 5-1: Product: syz
[  170.790840][  T993] usb 5-1: Manufacturer: syz
[  170.790854][  T993] usb 5-1: SerialNumber: syz
[  171.092728][ T6112] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  171.277339][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  171.277403][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  171.580629][ T1177] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.829948][   T37] kauditd_printk_skb: 55 callbacks suppressed
[  172.829965][   T37] audit: type=1326 audit(1761801084.651:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.884137][   T37] audit: type=1326 audit(1761801084.711:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.887514][   T37] audit: type=1326 audit(1761801084.711:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc53850f003 code=0x7ffc0000
[  172.889243][   T37] audit: type=1326 audit(1761801084.711:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc53850f003 code=0x7ffc0000
[  172.900609][   T37] audit: type=1326 audit(1761801084.721:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.900896][   T37] audit: type=1326 audit(1761801084.721:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.910115][   T37] audit: type=1326 audit(1761801084.731:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.910164][   T37] audit: type=1326 audit(1761801084.731:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.910201][   T37] audit: type=1326 audit(1761801084.731:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  172.910239][   T37] audit: type=1326 audit(1761801084.731:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6477 comm="syz.0.146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc53850efc9 code=0x7ffc0000
[  173.331390][ T6484] ptrace attach of "./syz-executor exec"[5815] was attempted by ""[6484]
[  173.356198][ T6484] netlink: 16 bytes leftover after parsing attributes in process `syz.2.147'.
[  173.984225][ T1177] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.249283][ T6487] random: crng reseeded on system resumption
[  174.417915][ T1177] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.695009][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000040. ret = -EPROTO
[  174.696923][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  174.697519][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  174.697568][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  174.700762][  T993] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  174.759822][  T993] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  174.794145][  T993] usb 5-1: USB disconnect, device number 5
[  174.818992][ T1177] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  174.915276][ T6129] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  174.989953][ T6129] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  175.056194][ T6129] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  175.264049][ T6129] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  175.453049][ T6500] netlink: 'syz.0.150': attribute type 1 has an invalid length.
[  176.454331][ T6112] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.601921][ T6112] 8021q: adding VLAN 0 to HW filter on device team0
[  176.603661][ T1177] bridge_slave_1: left allmulticast mode
[  176.605513][ T1177] bridge_slave_1: left promiscuous mode
[  176.606094][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.607688][ T6514] netlink: 8 bytes leftover after parsing attributes in process `syz.4.151'.
[  176.797711][ T6518] FAULT_INJECTION: forcing a failure.
[  176.797711][ T6518] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.797769][ T6518] CPU: 1 UID: 0 PID: 6518 Comm: syz.0.152 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  176.797790][ T6518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  176.797800][ T6518] Call Trace:
[  176.797807][ T6518]  <TASK>
[  176.797816][ T6518]  dump_stack_lvl+0x189/0x250
[  176.797844][ T6518]  ? __pfx____ratelimit+0x10/0x10
[  176.797866][ T6518]  ? __pfx_dump_stack_lvl+0x10/0x10
[  176.797889][ T6518]  ? __pfx__printk+0x10/0x10
[  176.797910][ T6518]  ? __might_fault+0xb0/0x130
[  176.797944][ T6518]  should_fail_ex+0x46c/0x600
[  176.797971][ T6518]  _copy_from_user+0x2d/0xb0
[  176.797991][ T6518]  ___sys_sendmsg+0x158/0x2a0
[  176.798015][ T6518]  ? __pfx____sys_sendmsg+0x10/0x10
[  176.798032][ T6518]  ? irqentry_exit+0x74/0x90
[  176.798057][ T6518]  ? rcu_is_watching+0x15/0xb0
[  176.798103][ T6518]  ? __fget_files+0x2a/0x420
[  176.798124][ T6518]  ? __fget_files+0x3a6/0x420
[  176.798157][ T6518]  __x64_sys_sendmsg+0x1a1/0x260
[  176.798180][ T6518]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  176.798217][ T6518]  ? do_syscall_64+0xbe/0xfa0
[  176.798242][ T6518]  do_syscall_64+0xfa/0xfa0
[  176.798270][ T6518]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.798287][ T6518]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  176.798303][ T6518]  ? clear_bhb_loop+0x60/0xb0
[  176.798324][ T6518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.798341][ T6518] RIP: 0033:0x7fc53850efc9
[  176.798357][ T6518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.798371][ T6518] RSP: 002b:00007fc53672c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.798390][ T6518] RAX: ffffffffffffffda RBX: 00007fc538766180 RCX: 00007fc53850efc9
[  176.798403][ T6518] RDX: 0000000000000030 RSI: 0000200000000140 RDI: 0000000000000008
[  176.798414][ T6518] RBP: 00007fc53672c090 R08: 0000000000000000 R09: 0000000000000000
[  176.798425][ T6518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.798435][ T6518] R13: 00007fc538766218 R14: 00007fc538766180 R15: 00007fffb139beb8
[  176.798466][ T6518]  </TASK>
[  177.652203][ T1177] bridge_slave_0: left allmulticast mode
[  177.652230][ T1177] bridge_slave_0: left promiscuous mode
[  177.652483][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.944762][ T6553] netlink: 'syz.4.160': attribute type 1 has an invalid length.
[  181.595396][ T6557] random: crng reseeded on system resumption
[  181.803111][ T6563] process 'syz.4.163' launched './file0' with NULL argv: empty string added
[  181.828651][ T6563] capability: warning: `syz.4.163' uses 32-bit capabilities (legacy support in use)
[  181.964553][ T6567] netlink: 'syz.4.165': attribute type 3 has an invalid length.
[  181.964566][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.4.165'.
[  182.801357][ T6015] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  182.961224][ T6015] usb 5-1: Using ep0 maxpacket: 8
[  182.962998][ T6015] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  182.963025][ T6015] usb 5-1: config 0 interface 0 has no altsetting 0
[  182.963044][ T6015] usb 5-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  182.963055][ T6015] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.966270][ T6015] usb 5-1: config 0 descriptor??
[  183.302065][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  183.382281][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  183.384880][ T6015] hid-u2fzero 0003:20A0:4287.0008: item fetching failed at offset 3/5
[  183.385392][ T6015] hid-u2fzero 0003:20A0:4287.0008: probe with driver hid-u2fzero failed with error -22
[  183.412005][ T1177] bond0 (unregistering): Released all slaves
[  183.519955][ T1353] bridge0: port 1(bridge_slave_0) entered blocking state
[  183.525154][ T1353] bridge0: port 1(bridge_slave_0) entered forwarding state
[  183.626381][ T1116] bridge0: port 2(bridge_slave_1) entered blocking state
[  183.629750][ T1116] bridge0: port 2(bridge_slave_1) entered forwarding state
[  183.630399][   T44] usb 5-1: USB disconnect, device number 6
[  183.873104][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.028228][ T6588] ptrace attach of "./syz-executor exec"[5810] was attempted by ""[6588]
[  184.813665][ T6129] 8021q: adding VLAN 0 to HW filter on device team0
[  184.884439][ T6594] netlink: 'syz.4.174': attribute type 3 has an invalid length.
[  184.884459][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.4.174'.
[  184.973870][ T6596] netlink: 8 bytes leftover after parsing attributes in process `syz.2.175'.
[  185.216430][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.216640][ T6245] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.232613][   T31] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  185.273720][ T1353] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.273869][ T1353] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.399634][   T31] usb 5-1: Using ep0 maxpacket: 32
[  185.406244][   T31] usb 5-1: config 0 has an invalid interface number: 182 but max is 0
[  185.406267][   T31] usb 5-1: config 0 has no interface number 0
[  185.406296][   T31] usb 5-1: config 0 interface 182 has no altsetting 0
[  185.409077][   T31] usb 5-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  185.409104][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.409122][   T31] usb 5-1: Product: syz
[  185.409135][   T31] usb 5-1: Manufacturer: syz
[  185.409148][   T31] usb 5-1: SerialNumber: syz
[  185.463232][   T31] usb 5-1: config 0 descriptor??
[  185.468486][   T31] hub 5-1:0.182: bad descriptor, ignoring hub
[  185.468522][   T31] hub 5-1:0.182: probe with driver hub failed with error -5
[  185.580493][ T6615] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  185.832106][ T6599] netlink: 'syz.4.176': attribute type 10 has an invalid length.
[  185.929021][ T6620] netlink: 'syz.2.178': attribute type 1 has an invalid length.
[  186.681888][ T6015] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  186.752390][ T6622] netlink: 'syz.4.176': attribute type 10 has an invalid length.
[  186.861452][ T6599] team0: Port device dummy0 added
[  186.899279][ T6015] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.899328][ T6015] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  186.899351][ T6015] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.914087][ T6015] usb 1-1: config 0 descriptor??
[  186.959743][   T31] kaweth 5-1:0.182: Firmware present in device.
[  186.985012][   T31] kaweth 5-1:0.182: Error reading configuration (-71), no net device created
[  186.985317][   T31] kaweth 5-1:0.182: probe with driver kaweth failed with error -5
[  187.035518][   T31] usb 5-1: USB disconnect, device number 7
[  187.142493][ T6622] team0: Port device dummy0 removed
[  187.185422][ T6015] holtek 0003:1241:5015.0009: invalid report_size 1454446681
[  187.185445][ T6015] holtek 0003:1241:5015.0009: item 0 4 1 7 parsing failed
[  187.212132][ T6015] holtek 0003:1241:5015.0009: parse failed
[  187.212210][ T6015] holtek 0003:1241:5015.0009: probe with driver holtek failed with error -22
[  187.240816][ T6622] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  187.313879][ T5943] usb 1-1: USB disconnect, device number 6
[  187.985152][ T6637] FAULT_INJECTION: forcing a failure.
[  187.985152][ T6637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.985186][ T6637] CPU: 0 UID: 0 PID: 6637 Comm: syz.0.182 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  187.985197][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  187.985203][ T6637] Call Trace:
[  187.985208][ T6637]  <TASK>
[  187.985212][ T6637]  dump_stack_lvl+0x189/0x250
[  187.985231][ T6637]  ? __pfx____ratelimit+0x10/0x10
[  187.985245][ T6637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.985258][ T6637]  ? __pfx__printk+0x10/0x10
[  187.985270][ T6637]  ? __might_fault+0xb0/0x130
[  187.985289][ T6637]  should_fail_ex+0x46c/0x600
[  187.985306][ T6637]  _copy_from_iter+0x1de/0x1790
[  187.985322][ T6637]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  187.985342][ T6637]  ? __pfx__copy_from_iter+0x10/0x10
[  187.985359][ T6637]  ? set_page_refcounted+0xa0/0x1e0
[  187.985374][ T6637]  ? page_copy_sane+0x4e/0x280
[  187.985389][ T6637]  copy_page_from_iter+0xdd/0x170
[  187.985401][ T6637]  tun_get_user+0x1d7b/0x3ec0
[  187.985417][ T6637]  ? tun_get_user+0x6f6/0x3ec0
[  187.985433][ T6637]  ? __might_fault+0xb0/0x130
[  187.985445][ T6637]  ? __pfx_tun_get_user+0x10/0x10
[  187.985456][ T6637]  ? _parse_integer_limit+0x1ae/0x1f0
[  187.985474][ T6637]  ? __lock_acquire+0xab9/0xd20
[  187.985490][ T6637]  ? ref_tracker_alloc+0x2fe/0x450
[  187.985502][ T6637]  ? __lock_acquire+0xab9/0xd20
[  187.985515][ T6637]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  187.985530][ T6637]  ? tun_get+0x1c/0x2f0
[  187.985544][ T6637]  ? tun_get+0x1c/0x2f0
[  187.985555][ T6637]  ? tun_get+0x1c/0x2f0
[  187.985569][ T6637]  tun_chr_write_iter+0x119/0x200
[  187.985582][ T6637]  vfs_write+0x5d5/0xb40
[  187.985596][ T6637]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  187.985608][ T6637]  ? __pfx_vfs_write+0x10/0x10
[  187.985624][ T6637]  ? __fget_files+0x2a/0x420
[  187.985642][ T6637]  ksys_write+0x14b/0x260
[  187.985655][ T6637]  ? __pfx_ksys_write+0x10/0x10
[  187.985668][ T6637]  ? do_syscall_64+0xbe/0xfa0
[  187.985682][ T6637]  do_syscall_64+0xfa/0xfa0
[  187.985692][ T6637]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.985704][ T6637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.985714][ T6637]  ? clear_bhb_loop+0x60/0xb0
[  187.985725][ T6637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.985734][ T6637] RIP: 0033:0x7fc53850da7f
[  187.985748][ T6637] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  187.985755][ T6637] RSP: 002b:00007fc53676e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  187.985766][ T6637] RAX: ffffffffffffffda RBX: 00007fc538765fa0 RCX: 00007fc53850da7f
[  187.985773][ T6637] RDX: 000000000000003a RSI: 00002000000001c0 RDI: 00000000000000c8
[  187.985779][ T6637] RBP: 00007fc53676e090 R08: 0000000000000000 R09: 0000000000000000
[  187.985785][ T6637] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[  187.985790][ T6637] R13: 00007fc538766038 R14: 00007fc538765fa0 R15: 00007fffb139beb8
[  187.985811][ T6637]  </TASK>
[  188.784109][ T1177] hsr_slave_0: left promiscuous mode
[  188.824745][ T1177] hsr_slave_1: left promiscuous mode
[  188.825787][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  188.825810][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.871428][ T5943] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  188.890029][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.890054][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_1
[  189.032153][ T5943] usb 5-1: Using ep0 maxpacket: 8
[  189.035073][ T5943] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  189.035103][ T5943] usb 5-1: config 0 interface 0 has no altsetting 0
[  189.035136][ T5943] usb 5-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  189.035157][ T5943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.057771][ T5943] usb 5-1: config 0 descriptor??
[  189.191834][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.186'.
[  189.216575][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  189.219899][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  189.225607][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  189.230606][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  189.244606][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  189.376447][ T1177] veth1_macvtap: left promiscuous mode
[  189.376546][ T1177] veth0_macvtap: left promiscuous mode
[  189.376798][ T1177] veth1_vlan: left promiscuous mode
[  189.376980][ T1177] veth0_vlan: left promiscuous mode
[  189.540805][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  189.550497][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  189.554389][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  189.572385][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  189.574285][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  189.626648][ T5943] hid-u2fzero 0003:20A0:4287.000A: item fetching failed at offset 3/5
[  189.627521][ T5943] hid-u2fzero 0003:20A0:4287.000A: probe with driver hid-u2fzero failed with error -22
[  189.819546][ T5882] usb 5-1: USB disconnect, device number 8
[  190.891475][    C1] vkms_vblank_simulate: vblank timer overrun
[  191.441390][   T61] Bluetooth: hci0: command tx timeout
[  191.671268][   T61] Bluetooth: hci3: command tx timeout
[  192.101811][ T1177] team0 (unregistering): Port device team_slave_1 removed
[  192.331983][ T1177] team0 (unregistering): Port device team_slave_0 removed
[  193.511340][   T61] Bluetooth: hci0: command tx timeout
[  193.761226][   T61] Bluetooth: hci3: command tx timeout
[  194.404061][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  194.404133][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  195.643153][   T61] Bluetooth: hci0: command tx timeout
[  195.842706][   T61] Bluetooth: hci3: command tx timeout
[  196.232064][ T6693] netlink: 'syz.2.197': attribute type 1 has an invalid length.
[  196.726317][ T6704] FAULT_INJECTION: forcing a failure.
[  196.726317][ T6704] name failslab, interval 1, probability 0, space 0, times 0
[  196.726350][ T6704] CPU: 0 UID: 0 PID: 6704 Comm: syz.4.200 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  196.726369][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  196.726379][ T6704] Call Trace:
[  196.726385][ T6704]  <TASK>
[  196.726393][ T6704]  dump_stack_lvl+0x189/0x250
[  196.726422][ T6704]  ? __pfx____ratelimit+0x10/0x10
[  196.726442][ T6704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  196.726465][ T6704]  ? __pfx__printk+0x10/0x10
[  196.726490][ T6704]  ? __pfx___might_resched+0x10/0x10
[  196.726508][ T6704]  ? fs_reclaim_acquire+0x7d/0x100
[  196.726535][ T6704]  should_fail_ex+0x46c/0x600
[  196.726563][ T6704]  should_failslab+0xa8/0x100
[  196.726586][ T6704]  __kmalloc_node_noprof+0xd4/0x7f0
[  196.726608][ T6704]  ? alloc_slab_obj_exts+0x3e/0x100
[  196.726633][ T6704]  alloc_slab_obj_exts+0x3e/0x100
[  196.726654][ T6704]  __memcg_slab_post_alloc_hook+0x33b/0x810
[  196.726684][ T6704]  ? kasan_unpoison+0x48/0x70
[  196.726706][ T6704]  __kvmalloc_node_noprof+0x6ee/0x920
[  196.726728][ T6704]  ? traverse+0xde/0x580
[  196.726752][ T6704]  traverse+0xde/0x580
[  196.726776][ T6704]  ? seq_read_iter+0xb8/0xe20
[  196.726799][ T6704]  seq_read_iter+0xd09/0xe20
[  196.726822][ T6704]  ? __lock_acquire+0xab9/0xd20
[  196.726845][ T6704]  ? __asan_memset+0x22/0x50
[  196.726869][ T6704]  seq_read+0x36c/0x480
[  196.726897][ T6704]  ? __pfx_seq_read+0x10/0x10
[  196.726928][ T6704]  ? rw_verify_area+0x2ac/0x4e0
[  196.726945][ T6704]  ? __lock_acquire+0xab9/0xd20
[  196.726963][ T6704]  ? __pfx_seq_read+0x10/0x10
[  196.726991][ T6704]  vfs_read+0x206/0xa30
[  196.727019][ T6704]  ? __pfx_vfs_read+0x10/0x10
[  196.727039][ T6704]  ? __fget_files+0x2a/0x420
[  196.727064][ T6704]  ? __fget_files+0x2a/0x420
[  196.727083][ T6704]  ? __fget_files+0x3a6/0x420
[  196.727102][ T6704]  ? __fget_files+0x2a/0x420
[  196.727131][ T6704]  __x64_sys_pread64+0x196/0x220
[  196.727155][ T6704]  ? __pfx___x64_sys_pread64+0x10/0x10
[  196.727180][ T6704]  ? do_syscall_64+0xbe/0xfa0
[  196.727203][ T6704]  do_syscall_64+0xfa/0xfa0
[  196.727221][ T6704]  ? lockdep_hardirqs_on+0x9c/0x150
[  196.727240][ T6704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.727258][ T6704]  ? clear_bhb_loop+0x60/0xb0
[  196.727278][ T6704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.727294][ T6704] RIP: 0033:0x7fbfc33eefc9
[  196.727310][ T6704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.727323][ T6704] RSP: 002b:00007fbfc1656038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  196.727341][ T6704] RAX: ffffffffffffffda RBX: 00007fbfc3645fa0 RCX: 00007fbfc33eefc9
[  196.727353][ T6704] RDX: 0000000000000016 RSI: 00002000000000c0 RDI: 0000000000000004
[  196.727364][ T6704] RBP: 00007fbfc1656090 R08: 0000000000000000 R09: 0000000000000000
[  196.727375][ T6704] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  196.727385][ T6704] R13: 00007fbfc3646038 R14: 00007fbfc3645fa0 R15: 00007ffdc2297608
[  196.727416][ T6704]  </TASK>
[  197.671462][   T61] Bluetooth: hci0: command tx timeout
[  197.882193][ T6714] tmpfs: Bad value for 'mpol'
[  197.911289][   T61] Bluetooth: hci3: command tx timeout
[  198.183906][ T6716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.203'.
[  199.438652][ T6652] chnl_net:caif_netlink_parms(): no params data found
[  199.467320][ T6648] chnl_net:caif_netlink_parms(): no params data found
[  199.991466][   T61] Bluetooth: hci3: command tx timeout
[  200.032420][ T6743] netlink: 'syz.0.209': attribute type 1 has an invalid length.
[  200.066513][ T6747] mmap: syz.4.207 (6747) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  200.321241][ T1810] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  200.471644][ T1810] usb 3-1: Using ep0 maxpacket: 8
[  200.474345][ T1810] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  200.474378][ T1810] usb 3-1: config 0 interface 0 has no altsetting 0
[  200.474411][ T1810] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  200.474433][ T1810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.503126][ T1810] usb 3-1: config 0 descriptor??
[  201.130678][ T1810] hid-u2fzero 0003:20A0:4287.000B: item fetching failed at offset 3/5
[  201.141938][ T1810] hid-u2fzero 0003:20A0:4287.000B: probe with driver hid-u2fzero failed with error -22
[  201.171197][ T5882] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  201.257824][ T6771] FAULT_INJECTION: forcing a failure.
[  201.257824][ T6771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.257857][ T6771] CPU: 0 UID: 0 PID: 6771 Comm: syz.4.214 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  201.257876][ T6771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  201.257887][ T6771] Call Trace:
[  201.257894][ T6771]  <TASK>
[  201.257901][ T6771]  dump_stack_lvl+0x189/0x250
[  201.257930][ T6771]  ? __pfx____ratelimit+0x10/0x10
[  201.257952][ T6771]  ? __pfx_dump_stack_lvl+0x10/0x10
[  201.257975][ T6771]  ? __pfx__printk+0x10/0x10
[  201.257994][ T6771]  ? __might_fault+0xb0/0x130
[  201.258027][ T6771]  should_fail_ex+0x46c/0x600
[  201.258055][ T6771]  _copy_from_user+0x2d/0xb0
[  201.258074][ T6771]  sctp_setsockopt+0x19f/0x1200
[  201.258097][ T6771]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  201.258122][ T6771]  do_sock_setsockopt+0x17c/0x1b0
[  201.258146][ T6771]  __x64_sys_setsockopt+0x145/0x1b0
[  201.258170][ T6771]  do_syscall_64+0xfa/0xfa0
[  201.258190][ T6771]  ? lockdep_hardirqs_on+0x9c/0x150
[  201.258210][ T6771]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.258227][ T6771]  ? clear_bhb_loop+0x60/0xb0
[  201.258247][ T6771]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.258264][ T6771] RIP: 0033:0x7fbfc33eefc9
[  201.258279][ T6771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.258293][ T6771] RSP: 002b:00007fbfc1635038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  201.258312][ T6771] RAX: ffffffffffffffda RBX: 00007fbfc3646090 RCX: 00007fbfc33eefc9
[  201.258324][ T6771] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003
[  201.258335][ T6771] RBP: 00007fbfc1635090 R08: 0000000000000008 R09: 0000000000000000
[  201.258346][ T6771] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  201.258357][ T6771] R13: 00007fbfc3646128 R14: 00007fbfc3646090 R15: 00007ffdc2297608
[  201.258388][ T6771]  </TASK>
[  201.330886][ T5943] usb 3-1: USB disconnect, device number 10
[  201.441283][ T5882] usb 1-1: device descriptor read/64, error -71
[  201.564947][ T6652] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.565259][ T6652] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.565463][ T6652] bridge_slave_0: entered allmulticast mode
[  201.568279][ T6652] bridge_slave_0: entered promiscuous mode
[  201.578850][ T6770] syz.4.214 (6770) used greatest stack depth: 16632 bytes left
[  201.691351][ T5882] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  201.821265][ T6648] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.822079][ T6648] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.827137][ T6648] bridge_slave_0: entered allmulticast mode
[  201.837312][ T5882] usb 1-1: device descriptor read/64, error -71
[  201.844954][ T6648] bridge_slave_0: entered promiscuous mode
[  201.898917][ T6652] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.899196][ T6652] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.907083][ T6652] bridge_slave_1: entered allmulticast mode
[  201.954748][ T6652] bridge_slave_1: entered promiscuous mode
[  202.077489][ T5882] usb usb1-port1: attempt power cycle
[  202.081731][ T6648] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.081854][ T6648] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.082108][ T6648] bridge_slave_1: entered allmulticast mode
[  202.110361][ T6648] bridge_slave_1: entered promiscuous mode
[  202.790773][ T6783] FAULT_INJECTION: forcing a failure.
[  202.790773][ T6783] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  202.790824][ T6783] CPU: 0 UID: 0 PID: 6783 Comm: syz.2.218 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  202.790846][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  202.790856][ T6783] Call Trace:
[  202.790863][ T6783]  <TASK>
[  202.790871][ T6783]  dump_stack_lvl+0x189/0x250
[  202.790900][ T6783]  ? __pfx____ratelimit+0x10/0x10
[  202.790922][ T6783]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.790945][ T6783]  ? __pfx__printk+0x10/0x10
[  202.790967][ T6783]  ? fs_reclaim_acquire+0x7d/0x100
[  202.790999][ T6783]  should_fail_ex+0x46c/0x600
[  202.791027][ T6783]  prepare_alloc_pages+0x213/0x670
[  202.791059][ T6783]  __alloc_frozen_pages_noprof+0x123/0x370
[  202.791088][ T6783]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  202.791121][ T6783]  ? policy_nodemask+0x27c/0x720
[  202.791150][ T6783]  alloc_pages_mpol+0xd1/0x380
[  202.791177][ T6783]  vma_alloc_folio_noprof+0xe4/0x280
[  202.791203][ T6783]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  202.791239][ T6783]  folio_prealloc+0x30/0x180
[  202.791266][ T6783]  handle_mm_fault+0x12ee/0x3400
[  202.791288][ T6783]  ? mt_find+0x15c/0x5e0
[  202.791309][ T6783]  ? __pfx_mt_find+0x10/0x10
[  202.791333][ T6783]  ? handle_mm_fault+0xdb/0x3400
[  202.791363][ T6783]  ? __pfx_handle_mm_fault+0x10/0x10
[  202.791407][ T6783]  ? lock_mm_and_find_vma+0x9c/0x300
[  202.791434][ T6783]  do_user_addr_fault+0x764/0x1380
[  202.791472][ T6783]  exc_page_fault+0x82/0x100
[  202.791496][ T6783]  asm_exc_page_fault+0x26/0x30
[  202.791513][ T6783] RIP: 0010:put_cmsg+0x1d8/0x5f0
[  202.791535][ T6783] Code: 63 f3 0f 84 9e 00 00 00 49 8d 6e f0 0f 1f 44 00 00 e8 8c d7 1c f9 48 b8 00 f0 ff ff ff 7f 00 00 49 39 c5 4c 0f 47 e8 0f 01 cb <4d> 89 75 00 8b 44 24 08 41 89 45 08 8b 44 24 0c 41 89 45 0c 49 83
[  202.791548][ T6783] RSP: 0000:ffffc900045c73c0 EFLAGS: 00050287
[  202.791564][ T6783] RAX: 00007ffffffff000 RBX: 0000000000000018 RCX: ffff88801c3b0000
[  202.791577][ T6783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  202.791587][ T6783] RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
[  202.791597][ T6783] R10: dffffc0000000000 R11: ffffed100b4cddb4 R12: dffffc0000000000
[  202.791610][ T6783] R13: 0000200000001800 R14: 0000000000000018 R15: ffff8880239e3780
[  202.791653][ T6783]  ip6_datagram_recv_specific_ctl+0x445/0x1540
[  202.791676][ T6783]  ? __might_fault+0xb0/0x130
[  202.791709][ T6783]  ? __pfx_ip6_datagram_recv_specific_ctl+0x10/0x10
[  202.791737][ T6783]  ? __skb_recv_udp+0x240/0x730
[  202.791760][ T6783]  ? ip6_datagram_recv_common_ctl+0x156/0x3c0
[  202.791786][ T6783]  ? __pfx__copy_to_iter+0x10/0x10
[  202.791811][ T6783]  ? __pfx_ip6_datagram_recv_common_ctl+0x10/0x10
[  202.791846][ T6783]  udpv6_recvmsg+0x10a7/0x1590
[  202.791890][ T6783]  ? __pfx_udpv6_recvmsg+0x10/0x10
[  202.791919][ T6783]  ? inet6_recvmsg+0x1d6/0x6b0
[  202.791946][ T6783]  ? __pfx_udpv6_recvmsg+0x10/0x10
[  202.791968][ T6783]  inet6_recvmsg+0x1ee/0x6b0
[  202.791993][ T6783]  ? __lock_acquire+0xab9/0xd20
[  202.792014][ T6783]  ? __pfx_inet6_recvmsg+0x10/0x10
[  202.792039][ T6783]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  202.792060][ T6783]  ? security_socket_recvmsg+0x7e/0x2e0
[  202.792087][ T6783]  sock_recvmsg+0x105/0x270
[  202.792114][ T6783]  ____sys_recvmsg+0x1ce/0x470
[  202.792144][ T6783]  ? __pfx_____sys_recvmsg+0x10/0x10
[  202.792181][ T6783]  ? import_iovec+0x74/0xa0
[  202.792203][ T6783]  ___sys_recvmsg+0x1b5/0x510
[  202.792229][ T6783]  ? __pfx____sys_recvmsg+0x10/0x10
[  202.792275][ T6783]  ? __fget_files+0x3a6/0x420
[  202.792310][ T6783]  do_recvmmsg+0x30d/0x770
[  202.792339][ T6783]  ? __pfx_do_recvmmsg+0x10/0x10
[  202.792357][ T6783]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  202.792378][ T6783]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  202.792411][ T6783]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  202.792447][ T6783]  __x64_sys_recvmmsg+0x190/0x240
[  202.792471][ T6783]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  202.792496][ T6783]  ? do_syscall_64+0xbe/0xfa0
[  202.792520][ T6783]  do_syscall_64+0xfa/0xfa0
[  202.792542][ T6783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.792558][ T6783]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  202.792574][ T6783]  ? clear_bhb_loop+0x60/0xb0
[  202.792596][ T6783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.792612][ T6783] RIP: 0033:0x7fc612cdefc9
[  202.792628][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.792642][ T6783] RSP: 002b:00007fc610f46038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  202.792659][ T6783] RAX: ffffffffffffffda RBX: 00007fc612f35fa0 RCX: 00007fc612cdefc9
[  202.792672][ T6783] RDX: 0000000000000001 RSI: 0000200000003340 RDI: 0000000000000003
[  202.792683][ T6783] RBP: 00007fc610f46090 R08: 0000000000000000 R09: 0000000000000000
[  202.792694][ T6783] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  202.792704][ T6783] R13: 00007fc612f36038 R14: 00007fc612f35fa0 R15: 00007ffeee805a38
[  202.792736][ T6783]  </TASK>
[  202.968191][ T6786] FAULT_INJECTION: forcing a failure.
[  202.968191][ T6786] name failslab, interval 1, probability 0, space 0, times 0
[  202.968234][ T6786] CPU: 0 UID: 0 PID: 6786 Comm: syz.2.219 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  202.968255][ T6786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  202.968265][ T6786] Call Trace:
[  202.968272][ T6786]  <TASK>
[  202.968279][ T6786]  dump_stack_lvl+0x189/0x250
[  202.968307][ T6786]  ? __pfx____ratelimit+0x10/0x10
[  202.968329][ T6786]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.968352][ T6786]  ? __pfx__printk+0x10/0x10
[  202.968379][ T6786]  ? __pfx___might_resched+0x10/0x10
[  202.968397][ T6786]  ? fs_reclaim_acquire+0x7d/0x100
[  202.968425][ T6786]  should_fail_ex+0x46c/0x600
[  202.968453][ T6786]  should_failslab+0xa8/0x100
[  202.968478][ T6786]  __kmalloc_noprof+0xcc/0x7d0
[  202.968500][ T6786]  ? tomoyo_encode+0x28b/0x550
[  202.968525][ T6786]  tomoyo_encode+0x28b/0x550
[  202.968550][ T6786]  tomoyo_realpath_from_path+0x58d/0x5d0
[  202.968581][ T6786]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  202.968606][ T6786]  tomoyo_path_number_perm+0x1e8/0x5a0
[  202.968633][ T6786]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  202.968662][ T6786]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  202.968684][ T6786]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.968736][ T6786]  ? __fget_files+0x2a/0x420
[  202.968763][ T6786]  ? __fget_files+0x3a6/0x420
[  202.968790][ T6786]  ? __fget_files+0x2a/0x420
[  202.968817][ T6786]  security_file_ioctl+0xcb/0x2d0
[  202.968837][ T6786]  __se_sys_ioctl+0x47/0x170
[  202.968859][ T6786]  do_syscall_64+0xfa/0xfa0
[  202.968880][ T6786]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.968896][ T6786]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  202.968913][ T6786]  ? clear_bhb_loop+0x60/0xb0
[  202.968934][ T6786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.968951][ T6786] RIP: 0033:0x7fc612cdefc9
[  202.968967][ T6786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.968981][ T6786] RSP: 002b:00007fc610f46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.969000][ T6786] RAX: ffffffffffffffda RBX: 00007fc612f35fa0 RCX: 00007fc612cdefc9
[  202.969012][ T6786] RDX: 00002000000000c0 RSI: 000000004008af30 RDI: 0000000000000003
[  202.969024][ T6786] RBP: 00007fc610f46090 R08: 0000000000000000 R09: 0000000000000000
[  202.969034][ T6786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.969045][ T6786] R13: 00007fc612f36038 R14: 00007fc612f35fa0 R15: 00007ffeee805a38
[  202.969076][ T6786]  </TASK>
[  202.969132][ T6786] ERROR: Out of memory at tomoyo_realpath_from_path.
[  204.508393][ T6791] Bluetooth: MGMT ver 1.23
[  205.294540][ T6801] FAULT_INJECTION: forcing a failure.
[  205.294540][ T6801] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.294571][ T6801] CPU: 0 UID: 0 PID: 6801 Comm: syz.0.225 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  205.294588][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  205.294601][ T6801] Call Trace:
[  205.294609][ T6801]  <TASK>
[  205.294617][ T6801]  dump_stack_lvl+0x189/0x250
[  205.294644][ T6801]  ? __pfx____ratelimit+0x10/0x10
[  205.294665][ T6801]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.294686][ T6801]  ? __pfx__printk+0x10/0x10
[  205.294706][ T6801]  ? __might_fault+0xb0/0x130
[  205.294738][ T6801]  should_fail_ex+0x46c/0x600
[  205.294765][ T6801]  _copy_to_iter+0x404/0x1790
[  205.294787][ T6801]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  205.294820][ T6801]  ? rt_mutex_slowunlock+0x493/0x8a0
[  205.294837][ T6801]  ? __pfx__copy_to_iter+0x10/0x10
[  205.294861][ T6801]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  205.294889][ T6801]  __skb_datagram_iter+0xf8/0x990
[  205.294913][ T6801]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  205.294942][ T6801]  skb_copy_datagram_iter+0xc5/0x230
[  205.294967][ T6801]  netlink_recvmsg+0x2ab/0xa30
[  205.294995][ T6801]  ? __pfx_netlink_recvmsg+0x10/0x10
[  205.295022][ T6801]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  205.295042][ T6801]  ? security_socket_recvmsg+0x7e/0x2e0
[  205.295064][ T6801]  ? __pfx_netlink_recvmsg+0x10/0x10
[  205.295082][ T6801]  sock_recvmsg+0x22c/0x270
[  205.295109][ T6801]  ____sys_recvmsg+0x1ce/0x470
[  205.295138][ T6801]  ? __pfx_____sys_recvmsg+0x10/0x10
[  205.295171][ T6801]  ? import_iovec+0x74/0xa0
[  205.295192][ T6801]  ___sys_recvmsg+0x1b5/0x510
[  205.295218][ T6801]  ? __pfx____sys_recvmsg+0x10/0x10
[  205.295262][ T6801]  ? __fget_files+0x3a6/0x420
[  205.295296][ T6801]  __x64_sys_recvmsg+0x19e/0x260
[  205.295318][ T6801]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  205.295348][ T6801]  ? __pfx_ksys_write+0x10/0x10
[  205.295372][ T6801]  ? do_syscall_64+0xbe/0xfa0
[  205.295397][ T6801]  do_syscall_64+0xfa/0xfa0
[  205.295416][ T6801]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.295437][ T6801]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.295461][ T6801]  ? clear_bhb_loop+0x60/0xb0
[  205.295482][ T6801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.295499][ T6801] RIP: 0033:0x7fc53850efc9
[  205.295514][ T6801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.295527][ T6801] RSP: 002b:00007fc53674d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  205.295546][ T6801] RAX: ffffffffffffffda RBX: 00007fc538766090 RCX: 00007fc53850efc9
[  205.295558][ T6801] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  205.295568][ T6801] RBP: 00007fc53674d090 R08: 0000000000000000 R09: 0000000000000000
[  205.295579][ T6801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.295589][ T6801] R13: 00007fc538766128 R14: 00007fc538766090 R15: 00007fffb139beb8
[  205.295619][ T6801]  </TASK>
[  205.297753][ T6652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  205.471356][   T31] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  205.622898][   T31] usb 3-1: Using ep0 maxpacket: 8
[  205.629118][   T31] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  205.629230][   T31] usb 3-1: config 0 interface 0 has no altsetting 0
[  205.629280][   T31] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  205.629302][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.637933][   T31] usb 3-1: config 0 descriptor??
[  205.927712][ T6813] ptrace attach of "./syz-executor exec"[5821] was attempted by ""[6813]
[  205.988959][    C0] vkms_vblank_simulate: vblank timer overrun
[  206.526072][ T6648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.555769][ T6652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.704968][   T31] hid-u2fzero 0003:20A0:4287.000C: item fetching failed at offset 3/5
[  206.705892][   T31] hid-u2fzero 0003:20A0:4287.000C: probe with driver hid-u2fzero failed with error -22
[  206.814341][ T6648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.816924][ T6823] FAULT_INJECTION: forcing a failure.
[  206.816924][ T6823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  206.816954][ T6823] CPU: 0 UID: 0 PID: 6823 Comm: syz.4.231 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  206.816972][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  206.816982][ T6823] Call Trace:
[  206.816989][ T6823]  <TASK>
[  206.816997][ T6823]  dump_stack_lvl+0x189/0x250
[  206.817024][ T6823]  ? __pfx____ratelimit+0x10/0x10
[  206.817045][ T6823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.817066][ T6823]  ? __pfx__printk+0x10/0x10
[  206.817085][ T6823]  ? __might_fault+0xb0/0x130
[  206.817118][ T6823]  should_fail_ex+0x46c/0x600
[  206.817146][ T6823]  _copy_to_iter+0x404/0x1790
[  206.817169][ T6823]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  206.817201][ T6823]  ? rt_mutex_slowunlock+0x493/0x8a0
[  206.817218][ T6823]  ? __pfx__copy_to_iter+0x10/0x10
[  206.817244][ T6823]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  206.817271][ T6823]  __skb_datagram_iter+0xf8/0x990
[  206.817295][ T6823]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  206.817323][ T6823]  skb_copy_datagram_iter+0xc5/0x230
[  206.817347][ T6823]  netlink_recvmsg+0x2ab/0xa30
[  206.817385][ T6823]  ? __pfx_netlink_recvmsg+0x10/0x10
[  206.817412][ T6823]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  206.817432][ T6823]  ? security_socket_recvmsg+0x7e/0x2e0
[  206.817456][ T6823]  ? __pfx_netlink_recvmsg+0x10/0x10
[  206.817471][ T6823]  sock_recvmsg+0x22c/0x270
[  206.817494][ T6823]  ____sys_recvmsg+0x1ce/0x470
[  206.817520][ T6823]  ? __pfx_____sys_recvmsg+0x10/0x10
[  206.817556][ T6823]  ? import_iovec+0x74/0xa0
[  206.817577][ T6823]  ___sys_recvmsg+0x1b5/0x510
[  206.817602][ T6823]  ? __pfx____sys_recvmsg+0x10/0x10
[  206.817645][ T6823]  ? __fget_files+0x3a6/0x420
[  206.817674][ T6823]  __x64_sys_recvmsg+0x19e/0x260
[  206.817696][ T6823]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  206.817722][ T6823]  ? __pfx_ksys_write+0x10/0x10
[  206.817746][ T6823]  ? do_syscall_64+0xbe/0xfa0
[  206.817769][ T6823]  do_syscall_64+0xfa/0xfa0
[  206.817785][ T6823]  ? lockdep_hardirqs_on+0x9c/0x150
[  206.817804][ T6823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.817821][ T6823]  ? clear_bhb_loop+0x60/0xb0
[  206.817841][ T6823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.817857][ T6823] RIP: 0033:0x7fbfc33eefc9
[  206.817872][ T6823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.817885][ T6823] RSP: 002b:00007fbfc1635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  206.817904][ T6823] RAX: ffffffffffffffda RBX: 00007fbfc3646090 RCX: 00007fbfc33eefc9
[  206.817916][ T6823] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  206.817927][ T6823] RBP: 00007fbfc1635090 R08: 0000000000000000 R09: 0000000000000000
[  206.817938][ T6823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.817947][ T6823] R13: 00007fbfc3646128 R14: 00007fbfc3646090 R15: 00007ffdc2297608
[  206.817977][ T6823]  </TASK>
[  206.934057][   T31] usb 3-1: USB disconnect, device number 11
[  207.367012][ T6652] team0: Port device team_slave_0 added
[  207.466593][ T6652] team0: Port device team_slave_1 added
[  207.471893][ T6648] team0: Port device team_slave_0 added
[  207.704983][ T6648] team0: Port device team_slave_1 added
[  207.967260][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.967272][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  207.967291][ T6652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.089418][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.089434][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.089457][ T6652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.093832][ T6648] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.093846][ T6648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.093869][ T6648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.120508][ T6648] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.120529][ T6648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  208.120552][ T6648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.671292][ T6847] ptrace attach of "./syz-executor exec"[5821] was attempted by ""[6847]
[  208.732048][    C0] vkms_vblank_simulate: vblank timer overrun
[  209.514302][ T6652] hsr_slave_0: entered promiscuous mode
[  209.515801][ T6652] hsr_slave_1: entered promiscuous mode
[  209.655536][ T6852] netlink: 4 bytes leftover after parsing attributes in process `syz.2.241'.
[  209.738441][ T6648] hsr_slave_0: entered promiscuous mode
[  209.740225][ T6648] hsr_slave_1: entered promiscuous mode
[  209.755009][ T6648] debugfs: 'hsr0' already exists in 'hsr'
[  209.755035][ T6648] Cannot create hsr debugfs directory
[  209.821228][ T5943] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  209.877236][ T6864] FAULT_INJECTION: forcing a failure.
[  209.877236][ T6864] name failslab, interval 1, probability 0, space 0, times 0
[  209.877269][ T6864] CPU: 1 UID: 0 PID: 6864 Comm: syz.4.244 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  209.877290][ T6864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  209.877300][ T6864] Call Trace:
[  209.877307][ T6864]  <TASK>
[  209.877315][ T6864]  dump_stack_lvl+0x189/0x250
[  209.877344][ T6864]  ? __pfx____ratelimit+0x10/0x10
[  209.877373][ T6864]  ? __pfx_dump_stack_lvl+0x10/0x10
[  209.877397][ T6864]  ? __pfx__printk+0x10/0x10
[  209.877424][ T6864]  ? __pfx___might_resched+0x10/0x10
[  209.877447][ T6864]  should_fail_ex+0x46c/0x600
[  209.877476][ T6864]  should_failslab+0xa8/0x100
[  209.877501][ T6864]  __kmalloc_cache_noprof+0x6f/0x6c0
[  209.877525][ T6864]  ? tcp_sendmsg_fastopen+0x1de/0x5e0
[  209.877552][ T6864]  tcp_sendmsg_fastopen+0x1de/0x5e0
[  209.877582][ T6864]  tcp_sendmsg_locked+0x4ccf/0x5550
[  209.877609][ T6864]  ? tcp_sendmsg_locked+0x2b1/0x5550
[  209.877644][ T6864]  ? __local_bh_enable+0x27b/0x410
[  209.877669][ T6864]  ? __local_bh_enable+0x28c/0x410
[  209.877688][ T6864]  ? reacquire_held_locks+0x127/0x1d0
[  209.877714][ T6864]  ? __pfx___local_bh_enable+0x10/0x10
[  209.877742][ T6864]  ? __local_bh_enable_ip+0x1c0/0x2e0
[  209.877761][ T6864]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.877786][ T6864]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  209.877818][ T6864]  ? rt_spin_unlock+0x161/0x200
[  209.877836][ T6864]  ? lock_sock_nested+0x5f/0x130
[  209.877858][ T6864]  ? lock_sock_nested+0xdd/0x130
[  209.877883][ T6864]  tcp_sendmsg+0x2f/0x50
[  209.877905][ T6864]  __sock_sendmsg+0xe5/0x270
[  209.877931][ T6864]  __sys_sendto+0x3c7/0x520
[  209.877952][ T6864]  ? __pfx___sys_sendto+0x10/0x10
[  209.877995][ T6864]  ? ksys_write+0x230/0x260
[  209.878018][ T6864]  ? __pfx_ksys_write+0x10/0x10
[  209.878041][ T6864]  __x64_sys_sendto+0xde/0x100
[  209.878062][ T6864]  do_syscall_64+0xfa/0xfa0
[  209.878081][ T6864]  ? lockdep_hardirqs_on+0x9c/0x150
[  209.878099][ T6864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.878116][ T6864]  ? clear_bhb_loop+0x60/0xb0
[  209.878137][ T6864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.878154][ T6864] RIP: 0033:0x7fbfc33eefc9
[  209.878170][ T6864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.878184][ T6864] RSP: 002b:00007fbfc1656038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  209.878203][ T6864] RAX: ffffffffffffffda RBX: 00007fbfc3645fa0 RCX: 00007fbfc33eefc9
[  209.878216][ T6864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  209.878226][ T6864] RBP: 00007fbfc1656090 R08: 0000200000000000 R09: 000000000000001c
[  209.878237][ T6864] R10: 0000000024040014 R11: 0000000000000246 R12: 0000000000000001
[  209.878248][ T6864] R13: 00007fbfc3646038 R14: 00007fbfc3645fa0 R15: 00007ffdc2297608
[  209.878280][ T6864]  </TASK>
[  210.112353][ T5943] usb 1-1: Using ep0 maxpacket: 8
[  210.116689][ T5943] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  210.116720][ T5943] usb 1-1: config 0 interface 0 has no altsetting 0
[  210.116752][ T5943] usb 1-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00
[  210.116773][ T5943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.137617][ T5943] usb 1-1: config 0 descriptor??
[  211.087785][ T5943] hid-u2fzero 0003:20A0:4287.000D: item fetching failed at offset 3/5
[  211.101541][ T5943] hid-u2fzero 0003:20A0:4287.000D: probe with driver hid-u2fzero failed with error -22
[  211.271648][ T5943] usb 1-1: USB disconnect, device number 10
[  211.308436][ T6874] FAULT_INJECTION: forcing a failure.
[  211.308436][ T6874] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.308467][ T6874] CPU: 1 UID: 0 PID: 6874 Comm: syz.4.247 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  211.308487][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  211.308497][ T6874] Call Trace:
[  211.308504][ T6874]  <TASK>
[  211.308512][ T6874]  dump_stack_lvl+0x189/0x250
[  211.308540][ T6874]  ? __pfx____ratelimit+0x10/0x10
[  211.308560][ T6874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.308584][ T6874]  ? __pfx__printk+0x10/0x10
[  211.308603][ T6874]  ? __might_fault+0xb0/0x130
[  211.308634][ T6874]  should_fail_ex+0x46c/0x600
[  211.308662][ T6874]  _copy_from_iter+0x1de/0x1790
[  211.308689][ T6874]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  211.308723][ T6874]  ? __pfx__copy_from_iter+0x10/0x10
[  211.308752][ T6874]  ? set_page_refcounted+0xa0/0x1e0
[  211.308776][ T6874]  ? page_copy_sane+0x4e/0x280
[  211.308802][ T6874]  copy_page_from_iter+0xdd/0x170
[  211.308823][ T6874]  tun_get_user+0x1d7b/0x3ec0
[  211.308852][ T6874]  ? tun_get_user+0x6f6/0x3ec0
[  211.308881][ T6874]  ? __might_fault+0xb0/0x130
[  211.308902][ T6874]  ? __pfx_tun_get_user+0x10/0x10
[  211.308921][ T6874]  ? _parse_integer_limit+0x1ae/0x1f0
[  211.308952][ T6874]  ? __lock_acquire+0xab9/0xd20
[  211.308978][ T6874]  ? ref_tracker_alloc+0x2fe/0x450
[  211.308997][ T6874]  ? __lock_acquire+0xab9/0xd20
[  211.309019][ T6874]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  211.309047][ T6874]  ? tun_get+0x1c/0x2f0
[  211.309072][ T6874]  ? tun_get+0x1c/0x2f0
[  211.309091][ T6874]  ? tun_get+0x1c/0x2f0
[  211.309116][ T6874]  tun_chr_write_iter+0x119/0x200
[  211.309139][ T6874]  vfs_write+0x5d5/0xb40
[  211.309164][ T6874]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  211.309184][ T6874]  ? __pfx_vfs_write+0x10/0x10
[  211.309215][ T6874]  ? __fget_files+0x2a/0x420
[  211.309253][ T6874]  ksys_write+0x14b/0x260
[  211.309276][ T6874]  ? __pfx_ksys_write+0x10/0x10
[  211.309300][ T6874]  ? do_syscall_64+0xbe/0xfa0
[  211.309325][ T6874]  do_syscall_64+0xfa/0xfa0
[  211.309344][ T6874]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.309365][ T6874]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.309382][ T6874]  ? clear_bhb_loop+0x60/0xb0
[  211.309403][ T6874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.309420][ T6874] RIP: 0033:0x7fbfc33eda7f
[  211.309436][ T6874] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  211.309449][ T6874] RSP: 002b:00007fbfc1656000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  211.309468][ T6874] RAX: ffffffffffffffda RBX: 00007fbfc3645fa0 RCX: 00007fbfc33eda7f
[  211.309481][ T6874] RDX: 000000000000004a RSI: 00002000000001c0 RDI: 00000000000000c8
[  211.309492][ T6874] RBP: 00007fbfc1656090 R08: 0000000000000000 R09: 0000000000000000
[  211.309503][ T6874] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  211.309513][ T6874] R13: 00007fbfc3646038 R14: 00007fbfc3645fa0 R15: 00007ffdc2297608
[  211.309544][ T6874]  </TASK>
[  211.831346][ T5812] Bluetooth: hci2: command 0x0406 tx timeout
[  211.833276][ T5812] Bluetooth: hci4: command 0x0406 tx timeout
[  211.833471][ T5812] Bluetooth: hci1: command 0x0406 tx timeout
[  212.129019][ T6886] FAULT_INJECTION: forcing a failure.
[  212.129019][ T6886] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  212.129051][ T6886] CPU: 1 UID: 0 PID: 6886 Comm: syz.0.252 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  212.129070][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  212.129081][ T6886] Call Trace:
[  212.129087][ T6886]  <TASK>
[  212.129095][ T6886]  dump_stack_lvl+0x189/0x250
[  212.129123][ T6886]  ? __pfx____ratelimit+0x10/0x10
[  212.129145][ T6886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.129199][ T6886]  ? __pfx__printk+0x10/0x10
[  212.129219][ T6886]  ? fs_reclaim_acquire+0x7d/0x100
[  212.129247][ T6886]  should_fail_ex+0x46c/0x600
[  212.129275][ T6886]  prepare_alloc_pages+0x213/0x670
[  212.129304][ T6886]  __alloc_frozen_pages_noprof+0x123/0x370
[  212.129332][ T6886]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  212.129366][ T6886]  ? policy_nodemask+0x27c/0x720
[  212.129394][ T6886]  alloc_pages_mpol+0xd1/0x380
[  212.129421][ T6886]  alloc_pages_noprof+0xcf/0x1e0
[  212.129445][ T6886]  __pmd_alloc+0x3a/0x530
[  212.129471][ T6886]  handle_mm_fault+0x21bc/0x3400
[  212.129492][ T6886]  ? mt_find+0x15c/0x5e0
[  212.129514][ T6886]  ? __pfx_mt_find+0x10/0x10
[  212.129537][ T6886]  ? handle_mm_fault+0xdb/0x3400
[  212.129566][ T6886]  ? __pfx_handle_mm_fault+0x10/0x10
[  212.129609][ T6886]  ? lock_mm_and_find_vma+0x9c/0x300
[  212.129635][ T6886]  do_user_addr_fault+0x764/0x1380
[  212.129668][ T6886]  exc_page_fault+0x82/0x100
[  212.129688][ T6886]  asm_exc_page_fault+0x26/0x30
[  212.129700][ T6886] RIP: 0010:rep_stos_alternative+0x40/0x80
[  212.129718][ T6886] Code: c9 75 f6 e9 c2 1c 05 00 48 89 07 48 83 c7 08 83 e9 08 74 ef 83 f9 08 73 ef eb de 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <48> 89 07 48 89 47 08 48 89 47 10 48 89 47 18 48 89 47 20 48 89 47
[  212.129729][ T6886] RSP: 0018:ffffc90003affd98 EFLAGS: 00050206
[  212.129742][ T6886] RAX: 0000000000000000 RBX: 0000200000000088 RCX: 0000000000000ff8
[  212.129751][ T6886] RDX: 0000000000000000 RSI: ffffffff8cf63301 RDI: 0000200000000088
[  212.129760][ T6886] RBP: ffffc90003affed0 R08: 0000000000000000 R09: ffffffff82094f10
[  212.129769][ T6886] R10: dffffc0000000000 R11: fffffbfff1dac52f R12: 1ffff9200075ffc0
[  212.129778][ T6886] R13: 0000200000001080 R14: dffffc0000000000 R15: 00007ffffffff000
[  212.129793][ T6886]  ? __might_fault+0xb0/0x130
[  212.129818][ T6886]  __se_sys_get_mempolicy+0xd29/0x12d0
[  212.129845][ T6886]  ? __pfx___se_sys_get_mempolicy+0x10/0x10
[  212.129861][ T6886]  ? ksys_write+0x230/0x260
[  212.129881][ T6886]  ? __pfx_ksys_write+0x10/0x10
[  212.129900][ T6886]  ? do_syscall_64+0xbe/0xfa0
[  212.129916][ T6886]  ? __x64_sys_get_mempolicy+0x20/0xc0
[  212.129937][ T6886]  do_syscall_64+0xfa/0xfa0
[  212.129953][ T6886]  ? lockdep_hardirqs_on+0x9c/0x150
[  212.129971][ T6886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.129986][ T6886]  ? clear_bhb_loop+0x60/0xb0
[  212.130005][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.130021][ T6886] RIP: 0033:0x7fc53850efc9
[  212.130035][ T6886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.130046][ T6886] RSP: 002b:00007fc53676e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef
[  212.130060][ T6886] RAX: ffffffffffffffda RBX: 00007fc538765fa0 RCX: 00007fc53850efc9
[  212.130069][ T6886] RDX: 0000000000007fff RSI: 0000200000000080 RDI: 0000000000000000
[  212.130078][ T6886] RBP: 00007fc53676e090 R08: 0000000000000004 R09: 0000000000000000
[  212.130086][ T6886] R10: 0000200000ffb000 R11: 0000000000000246 R12: 0000000000000001
[  212.130095][ T6886] R13: 00007fc538766038 R14: 00007fc538765fa0 R15: 00007fffb139beb8
[  212.130121][ T6886]  </TASK>
[  213.155485][ T6890] netlink: 'syz.4.254': attribute type 1 has an invalid length.
[  213.155714][ T6890] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  213.155808][ T6890] IPv6: NLM_F_CREATE should be set when creating new route
[  213.155825][ T6890] IPv6: NLM_F_CREATE should be set when creating new route
[  213.603006][ T5882] usb 5-1: new low-speed USB device number 9 using dummy_hcd
[  213.604043][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  213.803228][ T5813] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  213.807649][ T5813] Bluetooth: hci2: Injecting HCI hardware error event
[  213.821703][ T5813] Bluetooth: hci2: hardware error 0x00
[  213.853469][ T5882] usb 5-1: device descriptor read/64, error -32
[  214.121319][ T5882] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  214.273360][ T5882] usb 5-1: config 0 has an invalid interface number: 245 but max is 0
[  214.273386][ T5882] usb 5-1: config 0 has no interface number 0
[  214.273430][ T5882] usb 5-1: New USB device found, idVendor=699b, idProduct=9cbd, bcdDevice=76.2a
[  214.273442][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.276645][ T5882] usb 5-1: config 0 descriptor??
[  214.430653][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.479887][ T5882] usb 5-1: string descriptor 0 read error: -71
[  214.488022][ T5882] usb-storage 5-1:0.245: USB Mass Storage device detected
[  214.608634][ T5882] usb 5-1: USB disconnect, device number 10
[  214.896739][ T6914] FAULT_INJECTION: forcing a failure.
[  214.896739][ T6914] name failslab, interval 1, probability 0, space 0, times 0
[  214.896771][ T6914] CPU: 1 UID: 0 PID: 6914 Comm: syz.0.261 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  214.896791][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  214.896802][ T6914] Call Trace:
[  214.896810][ T6914]  <TASK>
[  214.896817][ T6914]  dump_stack_lvl+0x189/0x250
[  214.896854][ T6914]  ? __pfx____ratelimit+0x10/0x10
[  214.896876][ T6914]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.896899][ T6914]  ? __pfx__printk+0x10/0x10
[  214.896925][ T6914]  ? __pfx___might_resched+0x10/0x10
[  214.896945][ T6914]  ? fs_reclaim_acquire+0x7d/0x100
[  214.896972][ T6914]  should_fail_ex+0x46c/0x600
[  214.896998][ T6914]  ? __alloc_skb+0x112/0x2d0
[  214.897015][ T6914]  should_failslab+0xa8/0x100
[  214.897038][ T6914]  ? __alloc_skb+0x112/0x2d0
[  214.897052][ T6914]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  214.897074][ T6914]  ? smack_socket_sendmsg+0x1a7/0x520
[  214.897098][ T6914]  __alloc_skb+0x112/0x2d0
[  214.897119][ T6914]  netlink_sendmsg+0x5c6/0xb30
[  214.897137][ T6914]  ? is_bpf_text_address+0x26/0x2b0
[  214.897169][ T6914]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.897195][ T6914]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  214.897217][ T6914]  ? __pfx_netlink_sendmsg+0x10/0x10
[  214.897236][ T6914]  __sock_sendmsg+0x21c/0x270
[  214.897263][ T6914]  ____sys_sendmsg+0x508/0x820
[  214.897288][ T6914]  ? __pfx_____sys_sendmsg+0x10/0x10
[  214.897316][ T6914]  ? import_iovec+0x74/0xa0
[  214.897339][ T6914]  ___sys_sendmsg+0x21f/0x2a0
[  214.897359][ T6914]  ? __pfx____sys_sendmsg+0x10/0x10
[  214.897412][ T6914]  ? __fget_files+0x2a/0x420
[  214.897432][ T6914]  ? __fget_files+0x3a6/0x420
[  214.897460][ T6914]  __x64_sys_sendmsg+0x1a1/0x260
[  214.897480][ T6914]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  214.897510][ T6914]  ? __pfx_ksys_write+0x10/0x10
[  214.897535][ T6914]  ? do_syscall_64+0xbe/0xfa0
[  214.897563][ T6914]  do_syscall_64+0xfa/0xfa0
[  214.897582][ T6914]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.897603][ T6914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.897621][ T6914]  ? clear_bhb_loop+0x60/0xb0
[  214.897641][ T6914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.897658][ T6914] RIP: 0033:0x7fc53850efc9
[  214.897673][ T6914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.897688][ T6914] RSP: 002b:00007fc53676e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  214.897707][ T6914] RAX: ffffffffffffffda RBX: 00007fc538765fa0 RCX: 00007fc53850efc9
[  214.897721][ T6914] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  214.897732][ T6914] RBP: 00007fc53676e090 R08: 0000000000000000 R09: 0000000000000000
[  214.897743][ T6914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.897754][ T6914] R13: 00007fc538766038 R14: 00007fc538765fa0 R15: 00007fffb139beb8
[  214.897783][ T6914]  </TASK>
[  215.296508][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.410844][ T6921] ptrace attach of "./syz-executor exec"[5815] was attempted by ""[6921]
[  216.071295][ T5813] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  216.107281][    C0] vkms_vblank_simulate: vblank timer overrun
[  216.633117][ T6929] FAULT_INJECTION: forcing a failure.
[  216.633117][ T6929] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  216.633140][ T6929] CPU: 1 UID: 0 PID: 6929 Comm: syz.0.264 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  216.633151][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  216.633158][ T6929] Call Trace:
[  216.633162][ T6929]  <TASK>
[  216.633167][ T6929]  dump_stack_lvl+0x189/0x250
[  216.633185][ T6929]  ? __pfx____ratelimit+0x10/0x10
[  216.633198][ T6929]  ? __pfx_dump_stack_lvl+0x10/0x10
[  216.633216][ T6929]  ? __pfx__printk+0x10/0x10
[  216.633227][ T6929]  ? __might_fault+0xb0/0x130
[  216.633246][ T6929]  should_fail_ex+0x46c/0x600
[  216.633262][ T6929]  _copy_from_user+0x2d/0xb0
[  216.633274][ T6929]  ___sys_recvmsg+0x12e/0x510
[  216.633289][ T6929]  ? __pfx____sys_recvmsg+0x10/0x10
[  216.633313][ T6929]  ? __fget_files+0x3a6/0x420
[  216.633332][ T6929]  __x64_sys_recvmsg+0x19e/0x260
[  216.633345][ T6929]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  216.633361][ T6929]  ? __pfx_ksys_write+0x10/0x10
[  216.633376][ T6929]  ? do_syscall_64+0xbe/0xfa0
[  216.633390][ T6929]  do_syscall_64+0xfa/0xfa0
[  216.633401][ T6929]  ? lockdep_hardirqs_on+0x9c/0x150
[  216.633413][ T6929]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.633423][ T6929]  ? clear_bhb_loop+0x60/0xb0
[  216.633434][ T6929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.633443][ T6929] RIP: 0033:0x7fc53850efc9
[  216.633453][ T6929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  216.633462][ T6929] RSP: 002b:00007fc53674d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  216.633472][ T6929] RAX: ffffffffffffffda RBX: 00007fc538766090 RCX: 00007fc53850efc9
[  216.633482][ T6929] RDX: 0000000020000253 RSI: 00002000000005c0 RDI: 0000000000000008
[  216.633488][ T6929] RBP: 00007fc53674d090 R08: 0000000000000000 R09: 0000000000000000
[  216.633495][ T6929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  216.633520][ T6929] R13: 00007fc538766128 R14: 00007fc538766090 R15: 00007fffb139beb8
[  216.633537][ T6929]  </TASK>
[  217.086909][ T6948] FAULT_INJECTION: forcing a failure.
[  217.086909][ T6948] name failslab, interval 1, probability 0, space 0, times 0
[  217.086941][ T6948] CPU: 0 UID: 0 PID: 6948 Comm: syz.4.270 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  217.086962][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  217.086972][ T6948] Call Trace:
[  217.086979][ T6948]  <TASK>
[  217.086987][ T6948]  dump_stack_lvl+0x189/0x250
[  217.087016][ T6948]  ? __pfx____ratelimit+0x10/0x10
[  217.087038][ T6948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.087060][ T6948]  ? __pfx__printk+0x10/0x10
[  217.087087][ T6948]  ? __pfx___might_resched+0x10/0x10
[  217.087111][ T6948]  should_fail_ex+0x46c/0x600
[  217.087139][ T6948]  should_failslab+0xa8/0x100
[  217.087164][ T6948]  __kmalloc_cache_node_noprof+0x78/0x700
[  217.087186][ T6948]  ? __lock_acquire+0xab9/0xd20
[  217.087206][ T6948]  ? __get_vm_area_node+0x172/0x350
[  217.087232][ T6948]  __get_vm_area_node+0x172/0x350
[  217.087258][ T6948]  __vmalloc_node_range_noprof+0x30c/0x12d0
[  217.087281][ T6948]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  217.087306][ T6948]  ? is_bpf_text_address+0x26/0x2b0
[  217.087344][ T6948]  ? __lock_acquire+0xab9/0xd20
[  217.087372][ T6948]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  217.087395][ T6948]  ? __might_fault+0xb0/0x130
[  217.087426][ T6948]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  217.087446][ T6948]  __vmalloc_noprof+0xb1/0xf0
[  217.087467][ T6948]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  217.087492][ T6948]  bpf_prog_alloc_no_stats+0x4a/0x530
[  217.087520][ T6948]  bpf_prog_alloc+0x3c/0x1a0
[  217.087545][ T6948]  bpf_prog_load+0x735/0x19e0
[  217.087581][ T6948]  ? __pfx_bpf_prog_load+0x10/0x10
[  217.087634][ T6948]  ? bpf_lsm_bpf+0x9/0x20
[  217.087650][ T6948]  ? security_bpf+0x7e/0x300
[  217.087671][ T6948]  __sys_bpf+0x507/0x860
[  217.087695][ T6948]  ? __pfx___sys_bpf+0x10/0x10
[  217.087714][ T6948]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  217.087748][ T6948]  ? ksys_write+0x230/0x260
[  217.087771][ T6948]  ? __pfx_ksys_write+0x10/0x10
[  217.087798][ T6948]  __x64_sys_bpf+0x7c/0x90
[  217.087819][ T6948]  do_syscall_64+0xfa/0xfa0
[  217.087839][ T6948]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.087859][ T6948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.087876][ T6948]  ? clear_bhb_loop+0x60/0xb0
[  217.087897][ T6948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.087914][ T6948] RIP: 0033:0x7fbfc33eefc9
[  217.087929][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.087942][ T6948] RSP: 002b:00007fbfc1656038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  217.087962][ T6948] RAX: ffffffffffffffda RBX: 00007fbfc3645fa0 RCX: 00007fbfc33eefc9
[  217.087974][ T6948] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[  217.087985][ T6948] RBP: 00007fbfc1656090 R08: 0000000000000000 R09: 0000000000000000
[  217.087996][ T6948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.088006][ T6948] R13: 00007fbfc3646038 R14: 00007fbfc3645fa0 R15: 00007ffdc2297608
[  217.088037][ T6948]  </TASK>
[  217.088272][ T6948] syz.4.270: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  217.088588][ T6948] CPU: 0 UID: 0 PID: 6948 Comm: syz.4.270 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  217.088618][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  217.088628][ T6948] Call Trace:
[  217.088635][ T6948]  <TASK>
[  217.088642][ T6948]  dump_stack_lvl+0x189/0x250
[  217.088671][ T6948]  ? __pfx_dump_stack_lvl+0x10/0x10
[  217.088694][ T6948]  ? __pfx__printk+0x10/0x10
[  217.088715][ T6948]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  217.088735][ T6948]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  217.088757][ T6948]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  217.088780][ T6948]  warn_alloc+0x22e/0x3b0
[  217.088802][ T6948]  ? should_fail_ex+0x344/0x600
[  217.088830][ T6948]  ? __pfx_warn_alloc+0x10/0x10
[  217.088854][ T6948]  ? __get_vm_area_node+0x172/0x350
[  217.088880][ T6948]  ? __get_vm_area_node+0x2e2/0x350
[  217.088908][ T6948]  __vmalloc_node_range_noprof+0x331/0x12d0
[  217.088935][ T6948]  ? is_bpf_text_address+0x26/0x2b0
[  217.088974][ T6948]  ? __lock_acquire+0xab9/0xd20
[  217.089002][ T6948]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  217.089025][ T6948]  ? __might_fault+0xb0/0x130
[  217.089055][ T6948]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  217.089076][ T6948]  __vmalloc_noprof+0xb1/0xf0
[  217.089097][ T6948]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  217.089122][ T6948]  bpf_prog_alloc_no_stats+0x4a/0x530
[  217.089150][ T6948]  bpf_prog_alloc+0x3c/0x1a0
[  217.089174][ T6948]  bpf_prog_load+0x735/0x19e0
[  217.089210][ T6948]  ? __pfx_bpf_prog_load+0x10/0x10
[  217.089255][ T6948]  ? bpf_lsm_bpf+0x9/0x20
[  217.089271][ T6948]  ? security_bpf+0x7e/0x300
[  217.089291][ T6948]  __sys_bpf+0x507/0x860
[  217.089315][ T6948]  ? __pfx___sys_bpf+0x10/0x10
[  217.089333][ T6948]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  217.089368][ T6948]  ? ksys_write+0x230/0x260
[  217.089391][ T6948]  ? __pfx_ksys_write+0x10/0x10
[  217.089417][ T6948]  __x64_sys_bpf+0x7c/0x90
[  217.089439][ T6948]  do_syscall_64+0xfa/0xfa0
[  217.089458][ T6948]  ? lockdep_hardirqs_on+0x9c/0x150
[  217.089479][ T6948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.089497][ T6948]  ? clear_bhb_loop+0x60/0xb0
[  217.089518][ T6948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.089535][ T6948] RIP: 0033:0x7fbfc33eefc9
[  217.089550][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.089565][ T6948] RSP: 002b:00007fbfc1656038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  217.089582][ T6948] RAX: ffffffffffffffda RBX: 00007fbfc3645fa0 RCX: 00007fbfc33eefc9
[  217.089595][ T6948] RDX: 0000000000000094 RSI: 0000200000000400 RDI: 0000000000000005
[  217.089613][ T6948] RBP: 00007fbfc1656090 R08: 0000000000000000 R09: 0000000000000000
[  217.089625][ T6948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  217.089636][ T6948] R13: 00007fbfc3646038 R14: 00007fbfc3645fa0 R15: 00007ffdc2297608
[  217.089667][ T6948]  </TASK>
[  217.089850][ T6948] Mem-Info:
[  217.089860][ T6948] active_anon:262 inactive_anon:4718 isolated_anon:0
[  217.089860][ T6948]  active_file:9227 inactive_file:40995 isolated_file:0
[  217.089860][ T6948]  unevictable:768 dirty:99 writeback:0
[  217.089860][ T6948]  slab_reclaimable:11834 slab_unreclaimable:101799
[  217.089860][ T6948]  mapped:29715 shmem:1364 pagetables:1155
[  217.089860][ T6948]  sec_pagetables:0 bounce:0
[  217.089860][ T6948]  kernel_misc_reclaimable:0
[  217.089860][ T6948]  free:1330327 free_pcp:5418 free_cma:0
[  217.089913][ T6948] Node 0 active_anon:1048kB inactive_anon:18872kB active_file:36700kB inactive_file:163980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118860kB dirty:396kB writeback:0kB shmem:3920kB kernel_stack:13324kB pagetables:4468kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  217.089956][ T6948] Node 1 active_anon:0kB inactive_anon:0kB active_file:208kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  217.089996][ T6948] Node 0 DMA free:15344kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB
[  217.090050][ T6948] lowmem_reserve[]: 0 2515 2517 2517 2517
[  217.090081][ T6948] Node 0 DMA32 free:1410032kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1048kB inactive_anon:18872kB active_file:36700kB inactive_file:163980kB unevictable:1536kB writepending:396kB zspages:0kB present:3129332kB managed:2576096kB mlocked:0kB bounce:0kB free_pcp:21624kB local_pcp:13568kB free_cma:0kB
[  217.090144][ T6948] lowmem_reserve[]: 0 0 1 1 1
[  217.090172][ T6948] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  217.090225][ T6948] lowmem_reserve[]: 0 0 0 0 0
[  217.090253][ T6948] Node 1 Normal free:3895932kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:208kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:44kB local_pcp:44kB free_cma:0kB
[  217.090308][ T6948] lowmem_reserve[]: 0 0 0 0 0
[  217.090338][ T6948] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  217.090467][ T6948] Node 0 DMA32: 204*4kB (UME) 297*8kB (UME) 329*16kB (UME) 120*32kB (UME) 81*64kB (UM) 107*128kB (UME) 80*256kB (UM) 43*512kB (UM) 19*1024kB (UM) 11*2048kB (UME) 316*4096kB (M) = 1409992kB
[  217.090613][ T6948] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  217.090702][ T6948] Node 1 Normal: 209*4kB (UE) 57*8kB (UM) 31*16kB (UME) 232*32kB (UME) 102*64kB (UME) 22*128kB (UME) 10*256kB (UME) 6*512kB (UME) 3*1024kB (UME) 1*2048kB (U) 944*4096kB (M) = 3895932kB
[  217.090831][ T6948] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  217.090845][ T6948] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  217.090857][ T6948] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  217.090871][ T6948] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  217.090885][ T6948] 51582 total pagecache pages
[  217.090895][ T6948] 0 pages in swap cache
[  217.090901][ T6948] Free swap  = 124996kB
[  217.090907][ T6948] Total swap = 124996kB
[  217.090913][ T6948] 2097051 pages RAM
[  217.090919][ T6948] 0 pages HighMem/MovableOnly
[  217.090924][ T6948] 421001 pages reserved
[  217.090930][ T6948] 0 pages cma reserved
[  218.285120][ T1177] bridge_slave_1: left allmulticast mode
[  218.285150][ T1177] bridge_slave_1: left promiscuous mode
[  218.285429][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.383503][    C0] vkms_vblank_simulate: vblank timer overrun
[  218.659175][ T6980] ptrace attach of "./syz-executor exec"[5815] was attempted by ""[6980]
[  219.422342][    C0] vkms_vblank_simulate: vblank timer overrun
[  219.445869][ T1177] bridge_slave_0: left allmulticast mode
[  219.445899][ T1177] bridge_slave_0: left promiscuous mode
[  219.446149][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.543922][ T1177] bridge_slave_1: left allmulticast mode
[  219.543943][ T1177] bridge_slave_1: left promiscuous mode
[  219.544085][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.602138][ T1177] bridge_slave_0: left allmulticast mode
[  219.602158][ T1177] bridge_slave_0: left promiscuous mode
[  219.602315][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.761310][ T1810] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  219.934214][ T1810] usb 3-1: Using ep0 maxpacket: 8
[  219.936096][ T1810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  219.936130][ T1810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  219.936143][ T1810] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  219.936155][ T1810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  219.936168][ T1810] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  219.936190][ T1810] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  219.936202][ T1810] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.940703][ T1810] usb 3-1: config 0 descriptor??
[  219.943920][ T6988] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  220.147979][    C0] vkms_vblank_simulate: vblank timer overrun
[  220.615063][    C0] vkms_vblank_simulate: vblank timer overrun
[  220.881017][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.031562][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.392007][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  221.451979][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  221.496640][ T1177] bond0 (unregistering): Released all slaves
[  221.598200][    C0] vkms_vblank_simulate: vblank timer overrun
[  222.071234][ T5813] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  222.538625][ T1810] usb 3-1: USB disconnect, device number 12
[  222.580185][    C0] vkms_vblank_simulate: vblank timer overrun
[  223.001883][ T1177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  223.092085][ T1177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  223.114003][ T1177] bond0 (unregistering): Released all slaves
[  223.239041][ T5943] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  223.995730][ T5943] usb 3-1: Using ep0 maxpacket: 32
[  224.018421][ T5943] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  224.018450][ T5943] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  224.018475][ T5943] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  224.018502][ T5943] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  224.018526][ T5943] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  224.037156][ T5943] usb 3-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77
[  224.037183][ T5943] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.037194][ T5943] usb 3-1: Product: syz
[  224.037201][ T5943] usb 3-1: Manufacturer: syz
[  224.037208][ T5943] usb 3-1: SerialNumber: syz
[  224.053316][ T5943] usb 3-1: config 0 descriptor??
[  224.103865][ T7004] netlink: 'syz.4.282': attribute type 1 has an invalid length.
[  224.473126][ T6996] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  224.687225][ T6996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.687692][ T6996] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.730870][ T5943] hdpvr 3-1:0.0: unexpected answer of status request, len -71
[  224.730892][ T5943] hdpvr 3-1:0.0: device init failed
[  224.730977][ T5943] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[  224.757865][ T5943] usb 3-1: USB disconnect, device number 13
[  225.149135][    C0] vkms_vblank_simulate: vblank timer overrun
[  225.231996][    C0] vkms_vblank_simulate: vblank timer overrun
[  225.427901][ T7023] ------------[ cut here ]------------
[  225.427916][ T7023] faux_driver vkms: [drm] vblank wait timed out on crtc 0
[  225.428533][ T7023] WARNING: CPU: 1 PID: 7023 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x571/0x5b0
[  225.428580][ T7023] Modules linked in:
[  225.428600][ T7023] CPU: 1 UID: 0 PID: 7023 Comm: syz.0.285 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  225.428624][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  225.428636][ T7023] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[  225.428668][ T7023] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 e9 62 fb fc 4d 8b 2c 24 48 c7 c7 a0 49 51 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 60 f2 5d fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[  225.428686][ T7023] RSP: 0018:ffffc90004cafac0 EFLAGS: 00010246
[  225.428703][ T7023] RAX: 6d886a4c88811a00 RBX: 1ffff110047b1001 RCX: 0000000000080000
[  225.428719][ T7023] RDX: ffffc90011605000 RSI: 000000000000187d RDI: 000000000000187e
[  225.428733][ T7023] RBP: ffffc90004cafbc0 R08: 0000000000000000 R09: 0000000000000000
[  225.428771][ T7023] R10: dffffc0000000000 R11: ffffed101712487b R12: ffff888023d73000
[  225.428787][ T7023] R13: ffffffff8b54f9e0 R14: 0000000000000000 R15: ffffffff8b569700
[  225.428803][ T7023] FS:  00007fc53672c6c0(0000) GS:ffff888126efc000(0000) knlGS:0000000000000000
[  225.428821][ T7023] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  225.428836][ T7023] CR2: 0000001b2f816ff8 CR3: 0000000039640000 CR4: 00000000003526f0
[  225.428853][ T7023] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  225.428867][ T7023] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  225.428882][ T7023] Call Trace:
[  225.428892][ T7023]  <TASK>
[  225.428907][ T7023]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  225.428939][ T7023]  ? __pfx_autoremove_wake_function+0x10/0x10
[  225.428966][ T7023]  ? __rcu_read_unlock+0x84/0xe0
[  225.428993][ T7023]  ? rt_spin_unlock+0x161/0x200
[  225.429019][ T7023]  ? drm_vblank_get+0x148/0x260
[  225.429047][ T7023]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[  225.429078][ T7023]  drm_fb_helper_ioctl+0x116/0x140
[  225.429112][ T7023]  do_fb_ioctl+0x45c/0x750
[  225.429139][ T7023]  ? __pfx_do_fb_ioctl+0x10/0x10
[  225.429159][ T7023]  ? smack_log+0xef/0x3f0
[  225.429202][ T7023]  ? smk_tskacc+0x2fc/0x370
[  225.429238][ T7023]  ? __pfx_smack_file_ioctl+0x10/0x10
[  225.429284][ T7023]  ? __fget_files+0x3a6/0x420
[  225.429310][ T7023]  ? __fget_files+0x2a/0x420
[  225.429340][ T7023]  ? bpf_lsm_file_ioctl+0x9/0x20
[  225.429359][ T7023]  ? __pfx_fb_ioctl+0x10/0x10
[  225.429382][ T7023]  __se_sys_ioctl+0xff/0x170
[  225.429413][ T7023]  do_syscall_64+0xfa/0xfa0
[  225.429440][ T7023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.429460][ T7023]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  225.429479][ T7023]  ? clear_bhb_loop+0x60/0xb0
[  225.429504][ T7023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.429524][ T7023] RIP: 0033:0x7fc53850efc9
[  225.429542][ T7023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.429559][ T7023] RSP: 002b:00007fc53672c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  225.429579][ T7023] RAX: ffffffffffffffda RBX: 00007fc538766180 RCX: 00007fc53850efc9
[  225.429595][ T7023] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003
[  225.429608][ T7023] RBP: 00007fc538591f91 R08: 0000000000000000 R09: 0000000000000000
[  225.429621][ T7023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.429633][ T7023] R13: 00007fc538766218 R14: 00007fc538766180 R15: 00007fffb139beb8
[  225.429668][ T7023]  </TASK>
[  225.429684][ T7023] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  225.429699][ T7023] CPU: 1 UID: 0 PID: 7023 Comm: syz.0.285 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  225.429722][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  225.429734][ T7023] Call Trace:
[  225.429742][ T7023]  <TASK>
[  225.429750][ T7023]  dump_stack_lvl+0x99/0x250
[  225.429781][ T7023]  ? __asan_memcpy+0x40/0x70
[  225.429805][ T7023]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.429834][ T7023]  ? __pfx__printk+0x10/0x10
[  225.429873][ T7023]  vpanic+0x237/0x6d0
[  225.429892][ T7023]  ? __pfx_vpanic+0x10/0x10
[  225.429924][ T7023]  panic+0xb9/0xc0
[  225.429942][ T7023]  ? __pfx_panic+0x10/0x10
[  225.429979][ T7023]  __warn+0x31b/0x4b0
[  225.429997][ T7023]  ? drm_wait_one_vblank+0x571/0x5b0
[  225.430029][ T7023]  ? drm_wait_one_vblank+0x571/0x5b0
[  225.430058][ T7023]  report_bug+0x2be/0x4f0
[  225.430081][ T7023]  ? drm_wait_one_vblank+0x571/0x5b0
[  225.430111][ T7023]  ? drm_wait_one_vblank+0x571/0x5b0
[  225.430139][ T7023]  ? drm_wait_one_vblank+0x573/0x5b0
[  225.430168][ T7023]  handle_bug+0x84/0x160
[  225.430196][ T7023]  exc_invalid_op+0x1a/0x50
[  225.430223][ T7023]  asm_exc_invalid_op+0x1a/0x20
[  225.430242][ T7023] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[  225.430271][ T7023] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 e9 62 fb fc 4d 8b 2c 24 48 c7 c7 a0 49 51 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 60 f2 5d fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[  225.430288][ T7023] RSP: 0018:ffffc90004cafac0 EFLAGS: 00010246
[  225.430304][ T7023] RAX: 6d886a4c88811a00 RBX: 1ffff110047b1001 RCX: 0000000000080000
[  225.430319][ T7023] RDX: ffffc90011605000 RSI: 000000000000187d RDI: 000000000000187e
[  225.430333][ T7023] RBP: ffffc90004cafbc0 R08: 0000000000000000 R09: 0000000000000000
[  225.430346][ T7023] R10: dffffc0000000000 R11: ffffed101712487b R12: ffff888023d73000
[  225.430362][ T7023] R13: ffffffff8b54f9e0 R14: 0000000000000000 R15: ffffffff8b569700
[  225.430400][ T7023]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[  225.430436][ T7023]  ? __pfx_autoremove_wake_function+0x10/0x10
[  225.430460][ T7023]  ? __rcu_read_unlock+0x84/0xe0
[  225.430487][ T7023]  ? rt_spin_unlock+0x161/0x200
[  225.430511][ T7023]  ? drm_vblank_get+0x148/0x260
[  225.430539][ T7023]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[  225.430591][ T7023]  drm_fb_helper_ioctl+0x116/0x140
[  225.430623][ T7023]  do_fb_ioctl+0x45c/0x750
[  225.430648][ T7023]  ? __pfx_do_fb_ioctl+0x10/0x10
[  225.430668][ T7023]  ? smack_log+0xef/0x3f0
[  225.430711][ T7023]  ? smk_tskacc+0x2fc/0x370
[  225.430753][ T7023]  ? __pfx_smack_file_ioctl+0x10/0x10
[  225.430792][ T7023]  ? __fget_files+0x3a6/0x420
[  225.430818][ T7023]  ? __fget_files+0x2a/0x420
[  225.430848][ T7023]  ? bpf_lsm_file_ioctl+0x9/0x20
[  225.430867][ T7023]  ? __pfx_fb_ioctl+0x10/0x10
[  225.430889][ T7023]  __se_sys_ioctl+0xff/0x170
[  225.430914][ T7023]  do_syscall_64+0xfa/0xfa0
[  225.430940][ T7023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.430959][ T7023]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  225.430978][ T7023]  ? clear_bhb_loop+0x60/0xb0
[  225.431003][ T7023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.431022][ T7023] RIP: 0033:0x7fc53850efc9
[  225.431039][ T7023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.431059][ T7023] RSP: 002b:00007fc53672c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  225.431075][ T7023] RAX: ffffffffffffffda RBX: 00007fc538766180 RCX: 00007fc53850efc9
[  225.431087][ T7023] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003
[  225.431099][ T7023] RBP: 00007fc538591f91 R08: 0000000000000000 R09: 0000000000000000
[  225.431111][ T7023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.431123][ T7023] R13: 00007fc538766218 R14: 00007fc538766180 R15: 00007fffb139beb8
[  225.431158][ T7023]  </TASK>
[  225.431292][ T7023] Kernel Offset: disabled