last executing test programs:

14.94019868s ago: executing program 1 (id=6846):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000002c80)=@gcm_128={{0x304}, '\x00', "362574ad5924c0c5aedd72261081b10f", "0700d871", "d97ab19fbd9a8e17"}, 0x28)
sendto$inet6(r3, &(0x7f0000000100), 0x0, 0x8000, 0x0, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000880)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6000000000403a01fe8000000000000000000000000000bbff02000000000000000000000000000104009078008000066cf6e45302002cfffe80000000000000000000000000003bfe8000000000000000000000000000aa2f0000010000000013d86558da0a7f6b"], 0x0)
r4 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r4, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x80000, 0x9, 0xfffffff8}, 0x0)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(r4, 0x40026f34, &(0x7f0000000040)=0x1)
syz_emit_ethernet(0x36, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x20000, 0x0}, 0x0, 0x0, 0x0, 0x10024, 0x0, 0x0})

13.444049337s ago: executing program 1 (id=6850):
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20040055)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x402, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@struct={0x3, 0x0, 0x0, 0x4, 0x1, 0x8000}]}, {0x0, [0x30, 0x61, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1}, 0x28)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}, {@version_9p2000}]}})
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f00000000c0)=""/15)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x10, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x43}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfeff}, {0x85, 0x0, 0x0, 0x86}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x80000000}}, [@jmp={0x5, 0x0, 0xc, 0x0, 0x0, 0x2, 0x1}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x500}}}, &(0x7f0000000080)='GPL\x00', 0x3, 0xff8, &(0x7f0000000780)=""/4088, 0x41000, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000d}, 0x94)
preadv(r0, &(0x7f0000002500)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1, 0x2e, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0)
socket$inet(0x2, 0x1, 0x6)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
recvmsg(r7, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x10043)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)

10.480543984s ago: executing program 4 (id=6856):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
close_range(r0, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000001c0)={0x5, 0x8, 0x4fd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)

10.231534414s ago: executing program 1 (id=6858):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
close_range(r0, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000400), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102392, 0x18ff8)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3, <r4=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000001c0)={0x5, 0x8, 0x4fd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5}, 0x48)

8.194376991s ago: executing program 3 (id=6860):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20000)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001e00066787ed39c751557bb22757e9d6210000000000000000000700000005000000000000aa95478a82e7a6c96eaeefbc8ef12c2dd36fc2833bea8610f6f64f626806a8064741df6676b4b5d3dc0dac85762d00a0532f4e9d7b51fb719a65ce4c7eaab9ca4f01f579866728c7fa9a4eada6c7cbaae225d0a7923eb308e3adf2f08a507fed1d2f7b71a0aaf66a4a427dfa2736079da45be8e1c4fdf23d1e8918d553877584b9eeee21d669b44091c9852db0e2aa7b615c074e603a321172c7c8eddd5b714ca8e8df5dd6dc1fb82864b2d791e00ba768d7f5799a19bb528dd60b557839839f3dd1ad7fbc5128364d00"/254], 0x44}}, 0x80)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40002}, [@call={0x85, 0x0, 0x0, 0x4f}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xb}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x5, 0x0, 0x0, {0x1}}], {0x14}}, 0xa4}}, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r5, &(0x7f0000000c40)={0x2000000b})
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f00000000c0)=0x4, 0x4)
setsockopt$inet6_int(r4, 0x29, 0x4b, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r4, &(0x7f0000000440)={0xa, 0x4e26, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x11}, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000100)={0x9, 0xbce6, 0xdb8c, {0x2a2, 0x8001}, 0x7, 0x4})

6.771381677s ago: executing program 3 (id=6865):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
socket$kcm(0x2, 0xa, 0x2)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00', <r3=>0x0})
bind$packet(r1, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @broadcast}, 0x14)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r0, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001340)="0e9849f1332c3a4f7cd80c990e6bb6b5979749a4fbaef24bc5bcc03ac73ad01da6441277f5ac3b4d0ab075522859b01dff8f24e16cd420439da93470adbb7411843f018e01848aec434d0395f241ae92"})

5.690834339s ago: executing program 1 (id=6867):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000300)={0xb0, 0x0, 0x0, [{{0x6, 0x3, 0x0, 0x100000000, 0x7, 0x21b, {0x6, 0x8f, 0x9, 0x7, 0xa5d, 0x10000, 0x9, 0x7f, 0x3, 0x1000, 0xa, 0xee01, 0x0, 0xffff25c4, 0x5}}, {0x3, 0xd, 0x1, 0xb0, '\x00'}}]}, 0xb0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RMKDIR(r0, &(0x7f0000000240)={0x14, 0x49, 0x2, {0x8, 0x3, 0x1}}, 0x14)
write$char_usb(r0, &(0x7f0000000600)="b56511e72c6cba780ce701ed0b2db27a336692892a6491e2488652ff00c468d353d809d5b20d8ee0f9fefa6cd7bd1036ed25f0e37053d291887c707a892884c2b4aa2ebac156ef8288264449eea05c4f51c3bb4355eb108744fe34e5d0e851d51a855854135f04dd5d854459226f090b6f0d6135e8f2824eed7469236cad2251116a381d8cd30bae59c1fe71e028a667cb910d523aa5d7208286755075ee8be937304cca20e234303df72ad4e2bdc71219456229460a7c6a2df61e8b21b4a4941dcba5c257b90bbf0a976a73973319258ad7f738c04dfbdee4ea0e1b77a909a154fd934f791ebea03db6f06c8f14bc40924e46cbb9b343f25d63f332f9b3f176601f842a4e40401cbc62ee7803c3a2d71f3878f61d8fb8cb5ee90a696b22fb97bbdfd36af05c2e34dfb3d36cf7333ea9dc98af537780ae7bc701053b9009d654d84f04c851b311341efcec16ef3d5c8a7e8af494068dbad55bfa7b7bf4475ceb03a6f4ef11ce14652dc36f279671b7184586c7aab57d50ca23deaeeeaebc2ed024d91f399c84834e7802ad28b6ffec7ed089e8af35d15f2713e70ce55b3f60b9c002496e110c3a68e4c01faf901df4e39d007bf99f3a2d2e33c58b92b961937060a92ab6347995c09eb6a363092e3a45b68bd5e734d43b0bc98070d66c8d03490897a7d05e894da6d92c46cb1d961d11a7d1cd9d3c437c07e9f090690d2b344a93fdc5d7276b74231f1ad050024359e7a73ee913e9a7eba72f23482de94c572d07491328ca363762c44ddcdb1623ec6d639b368d407ffafbb265de19bd5e52ec86c12167dfe2a3de629af1d66612c3f313e07a301d8378fc6eb551196b51680d1194d682ff6cdbb0f811608d6321b41664108ef6dd1dfcc7df602901b0c0d549fb8d0c1aa9b542b99d76b6b8c360c9bcb01ed819a57441948465279d0b2652be1058065929bffae3e9c8923ba01c954f3c49298db8ffad96b73684daf2e608046be2ffb0de70237e044d4be3e6ccc1984ebd2f6e0f57e99fcb0ec30598f121bd93a4003e0ba0815e5ddbeba9f3f8600ef86258a5423fb1f30da5be531e573bf5322a5842eeb23107f02021dc332e0e687bd1f4f0ac09293c3638603279484dd552d534089e0b5b903c4ceeedef410662ec12e17e9b616950874e24d313d770e84b488544a8b829039d06637269367c108dc37712d46ef6601ef4e937a120c607e570446d6216366a72ced5d543ba92a929cef7c4fb03307e88174ad88381b16de1c3f9985f483ff75e9b40fc0e001d037dda41df9a583009baa3b246c19ab5a20cb4e62accb7a86090717c17db68b0d14905ed0ce6e49555de65448782fc0899f631393b5ccd65da59265d1b4ba9ff4d8a328cb42d2e3a465db23cfa9f159ce5716df7ccf393a561a1783679048570f2467c5336106bc8954569c047e854b2211141d169b27ca796b42c544f70123bd9f6ae23f87d1be164cd7bb2da3dc79e6f12a687296942c9c8f2d99b6961b48e046028bd69dcda162510ad235b7bf28a0ff994e23f08e80743", 0x448)
write$UHID_INPUT(r0, &(0x7f00000014c0)={0x8, {"1774d10ed679a3761698425e02229859f202c5d54bb9aaa84c470671ed39e31fcd1987c3fab368535c1d72f471356277d68201ce587582e0b61c74107f26d9b357fed4393b6676c62cb12bb5104bc87b40120258613657f462d98097b32565f3c6a065c0ecf81581c270d0adccfdd40199844781374e1cee0129091296af79ff67a1f52be0c73043a7bb6860312b9b2d3514d05233defb9e2e9ae218a0731aa015e7f042114d434f4209218e37f80b240526d575cb63f1ca89512cd50e27c21a827328cbae0874b155506fd933a2e59978eaad1c78dbed757e9e0047f5ebd5e9faefad831e5c55100f289794dc5b2116838edc1caef786cead375259a7768ddfd6cf5ed870b7abdcef90350a64c1eb5d6e54de748d6349f7e5bcb0377df4744678e7700911426a8b8540996d54716ecd8cd3a9f8175f23d45f9a1497654d5f2e4dad96b4b34cce3a39eb084bb829e05c82249951f91b432999c302bbe8ae5f79bb8954ed23ad98f87b5c30d079b1b2186db53a3849f9dce0e4d49c04f3025d4b25bc0728ab25ea5d050dc2586bad7ac437d7a5881c06e8b9f3eae66dc2aa48d0edf763daa7c6aa90df3c61fd69cf301090790b608324f4cfcc23acdcbbf9bd7e224c5c33d817cddcd10e86cbbda0de36f52d2389fa84dad6ed1819ee056b9a80d0b81f2a6b4ac50192f87cabf46f5fc88abcfbeb4301632d353aaf091b7828d941cb1c0e1477e5761032a63dadc3c7f51de8429c63b4ad65e975e38f244c6fe40e8fc6c33c4a16deffbe1b0423e584f45023e196d92b5bbc7d1854c3f33e8b0b7c5d3d87f0119380e2d14d6630219dc0e31469c2af0db2d624cab5c276c396f7d1543370ca9d925ac2dc2204de8008517c815e9fa7cd56e53f82ce1d095cd08032f57835ecb14c39fd57c90e39557934cd278a609e2e05a07a791d417f4460d2c30c10e1ef92cc146b1f9ff6b98b2688e2f050c510feba0d6960d31522cec3f6b0f539f85898a6b6409dd179d990fb57026acd9382f505ce06db211d7a369f46d8ea5804502bc7829155794b19a098d095a00b520966e9f49c74111d1f0f0f75b07aff0d388650a63656c9e601269d2eff1740e87206416ec73c08b56570dd496846b4f1a5d76602b6594e173209e5e7cebbab3f9f29bf957d000510eff9ce7ee3fea7fff32f3b6ae414ac311e14550e9a597aec7e76df40b7352bf4ddbd00739041edda795aeaa2665ad51a836120054bb0c8c1d3149477167214a0f952c78039ec8a70e21158db26d8f0238f782a5d54dced90951085abd412ef2e5b9984c7e263dc3eac6c683e8b82c5d56b5fa1e2f65d5d0afd32bc66d76ddb87a41805e11137de7373a9f6366a9a314cc6d5e731abeb2e83f135798a8bdda1c47b36db21140a9278b86c520bdbc8338ccaf5fbd61d7e73750b38e4bb6c77c33bf5617086c8f97ab219b4f6c930fd717aed4f1fa0eebcda82322c561dcae23284e0bfa4bf7a5b4b19ff3fe3137c4e07c55543a7d3778ccfaf757fae541bcf475382cc8ab6a0ede61789652b528efaacfa804fc1583bdfeaea00565c70a5941dc7a947ed97d9b6688f6363edf0735e72d9b8a4b21e5cd2de518e27bfd41749eafa66f3452e941273050ceaf39435327737857d4718a31b83649b3dced6f37a9ce3621a83a7ba9163dea12990677d21781f4ff95a68dc4b268b4c5e428c0941443c98025773362acd28a88f8d7e42fa72b908ac6a816270d78541c98e36b838b83ba99656192624211a343e6e76e154ebdb1af56aa8489f6a30a6be0dcd84f80ab2d02ac7bee22e5f6207d74c4fda0c6d7cc71bea537718bf8bb1d3c2602903139449b046d09528b4331bd8e396bb9b5c0b15db16a72947eecd0f050de9ee9e6b82fcf48a7fbecf911fda3d013fa9941a60f41b9d1f56ac40f07e7259c7c79f17cb0a90c472d33aed227151fc93c76e7a1fee4675edae1a9fda95a5d2b42c7b13d84995ee1b6411c48329f529752d65601c034cdb13ea4051132ecb7f71953b43663053fc2a174b1a7694d6a8b3eb9facbaf8b7281e00357ee255816a489ca91656dc506deaa9c925a0e53600a9e7df5bc89db907a323ffeba03d3c06a4f0569a6c0cd02ca46eede0b9979aa5b40fa85b47b3d4f4aaf614b5b72ab9ea4289d08346759fbc4c0c25dd179d0efc994f4ace7612720dbd1b40395c95c43e24bdb5941295ccfdfb8b558b3234a80a2cfb5a50d96a31e2f1bcc4aba66994626f735d5fd742f0fc2ab2bcc0a73a6210e9b2222a3577f7cba7fd31459c58bef86eb76dd00fc165a16519d05f5aa5753b89c5391a051b2930b22eadbd1f4fc76fc675faf35bde9306ef48fa349f1978b84e033340681bf06966a833c03902d749444574b9e3e88e027b01d057db785a1e0d6b4135c3b6f2ac370a01351bcdf0474d4708675502e64e02d468c4e1454271dda60f82cefb8f6ec9bd871bb4c7a50a17f3d1d9c1bce2e79cb59704f78a31d13cd6678e20ea53e8d0bff1527bf76670982fab8cbe62377baf3c59f256e0bb21686402efd240cf07989832b02975e09b06da9486667869e543e7e868e1eb2242811f306f9cbeff4e606c62dbccfcc3dec265b396fa70c04b0816dddedfe5d70b44c35e387accad9945c91ced6665482f95e1bcd4fb603eb5add65c934d74a40dd37a24ea972babb9197dd85b102e67d5658dd8cd64b661fac6dae2e1d8f7325e2a62d1060836f53a2f3737c843a42662a7ed6eb63c5ca670273539529a760417f3d95fd4adfe86ae582742c1d54dd121e5ac820d3f547a647f72f723a66dc9830fbcc228559c77d3fd1d7443598717f69d58b9e7cc64e9aad2da810b45aaf01b377d54eddc0e97f6d1dc07aa33c30aa2667719cebf73e67d001bd967e6529f195b38dc6684758b557ce4ba3b47d84a03be117b58cc22adbab162bed3965f768982e5355d241f7f0c0943d389a61ef2c633d8b99c7b6deba3bc4e4c1b7366a178ed6bc1fb49ce646b411ccb940998d01a941546a5ad1988faa66ba6338a7562e17ee0af33e76d6dfcd0ed0fb92911b2c9cb880f367f6429a7446f090b90b83893d1c0ddb138959853b68a85894a6d5aa1d287c2a949f9331fedecf7de02a5b51014c917a42e33274e6d597bd6ab586f73ce61a96f9512a0ebc729869c664a895be61ec7882869852c922d3016726edc90f909af1d07e8a3671bf751135cd24066fad1992103bdcd5052059abb0e1df33560ab3637d66b1013f8a234e3238de1170da7addd84b21f1e870151f534d799ed6164a031686bc48d2ae5a89c81894a28a9cd944a535b907777397e739a3b6a8e7d54bef71907071bc2a047ca14d7ef2e9d9b66da86ce56bc62ada0c813d9d63aa899f77f5d804a13a79b0e2275c4ba387e970519e67d212193d91bd0a96a1068bc136616ab5153b1e4b956f1a44b5334e8fbf8abf57fb28a13a64ad6085497faf88556d721f8e0a0699469646f22789e6530c03c75f69279e809d95d444bd44af1d19d12046de9d524caedc84a506642edf34b409b41ccb9689f8597cacd20eee8beec2b3e89644c06750e080da5cc06f3cb10b854fc23d39e52bf95b88335e7536888d67ea92df5868c5835321234e70ebf80e4365c19693a3a640a30f5aec7c490b4ed32ff169e907e25f862fe5aa8a9238cf5cee03ec2ab9e2801239980e78162b560ae3d066351f944c31d8b57a20cd2419b05b0fdd9f8ca4b7a8e1e7955a6b66a264d6d4c56d83c15871ab3f3327284ff7cf5e8d6c7f762d755fac0c7784af9efd13c9337d38451acb23020f4934ef1708b362b5d5cf4b743fc0f9712860ca2977319e1226ed860c2be3caacc8465ba80a0a6856322bc352972fd3f3c0db3acd66d56fef139e48f3d63d3a62c532aa10485807269bac3348316d9fd1931cbfd2acaa5c4e9102872ab16500260f2aec57025c0d6dc1bd68bff597667469e8eb57459b1881c10bf9531c23a6d9349b06b0db60aa6f89a4e0162038ea1850348b72e16f7d647e092c1d7ca55ba5095e58b18dd56b72ba9cbc09598663e8f54b2594194de72475abafdb285d464007ab91a83b91e7c8d5968ecb452e011c0b74e4309180615c3f67c2cad6e086f3686fd5394efd86d8bd45829314a5eb4a0549613b668e7b97600ac9ffe59df44e87046de44432dcd0aaf0c02c446ee9aaf72e80ce989923d4720fd3b8257d3fec5af22737c1e426f9d851c7929d69713e4751d5d39de20f0990bbdcb579f36b778bba4b8c5bdeb78208412005fe7cee40fe86691b8b0d6d3234e74192528622c31022cc3a81f4a574efdb67348b36ae7fd5977059d911da17746b040f06e7bef06accf4ef1ea4f4402041a98f3760d0fb8851b4e7d1124f37b1c653cc9ac53f4e373f694f8c957c390b0801859a19776a83854d2b65766bb03321fdac9a23d3345821fc21195910245e5ad79926a08094b54e242f002634b7213e5c122e76514f9ce76ce2740741f7ffe30e036de63b737fb16b240c6eeef0c1c537d219449b95d497723088548267c229fd5a122f25f2c6ad2fc3ff28133305ca850c5e2d1453dbb4429a8ee3a8f173feb49b611764c536c668c9aca8b8ec575c2310044898a4657fa1dda2ec6f7b8906d9521525ffd30c2b5948a0250224ba4d6beb39008c3785ddad71ceedb34301706b71634bf74b33ea4c436c2006cc5275d7931855d376c6314f8a5431781c3347bd9b3edadb8fcb959a6bb48e9407de69458fcc61c3a62e32720d3fd838dad3f50e852a2aa6d26af70205f9d8e40d3b9232c2ea9a4f86857fec4f7772e43d6dabd1e34400a84d1d338941bc31ead12047bde3ccdd89c53fcbfeff9fba85be6c11447c4b088eb184186a5e41e17bc0011c008aa8b98b44c1c862f8f977d1998d8dce81688d3d80d0fa2b9b7e7f78f80361f525a7586f3d9e68456b55d6f0e8c99495da3a5f392fc8bfe4e42af04fe85936c99b7be80acd351bffa7b723717621d9ff37b5ef829dfdc6ab085c2e83df864306cee0096486e77a1f9d7b7cf5bd157a69a05a12bb735606ac360af2c23542e52880fe9328524d5b121e378319ef2e1a0874fc99842ac8ac04dd6c634b08d81ffd379e9a52573a1721f63a6c009c590e7f43fcbaa2c23c975dfd1a9d1a6dc21587511b4cfdb6f53721940a9f4dd3d8a2c6bdf9890a152e05c9b561518a58a861aae8cb02f1031a121297f6b0820b22d9d6e544adc91216f4a3c011dee24774bfddef418a56c5f0ed57e6f3ce2a76d812a19a9420141eca0ef3d86f552814cb8b2a68b53bb195b2dd2b44f49e93c742db0b2bd637fd247bc28755819a9e122725a6b4409baec607359268eb6cf83fcb674a3771b75b8a7ea0300c16a624333b69bc188c417557356ff7336cde8645f973ad18ee15fc3b34074e1ec58eb00b779a86c7dd7e76872798a12b29b3f446240770999853686f18a624beb6f07f614b413a0cbd954de99a6a79b7c9dbdec41fa172025d9e7d6e82935fc21b4c90bae9b4e9a84478e2289fda091ceacdd02bee2d96fa9d02982191418a9db4115ba049b045ef03dcffc0566d802df6d97dcd90660cd9c3a682bca8a48dd7168ab86074685993571843f74498f1d3a85ab9c63c83450809e86cb1bcf2f341cfd7db56090ad58c34e3a6a98ea65e7b5b439295b0ad6e6e695d88dec93c2ed776df7fc41ef0cec809500d2ce06ac217001748fa337b91f1bccf4d22ee7183e44a573cf95bdbe1e2e10d0c2d52e1992983f84fa1b109eb1495c9d25651510b75a2d5c689b7fe9", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0xfff], 0x0, 0x0, 0x1}}, 0x40)

5.510461559s ago: executing program 3 (id=6869):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x0, 0x0, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x12}, 0x94)
r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f5})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

5.43329813s ago: executing program 4 (id=6871):
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB])
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000001980)={0x0, @in6={{0xa, 0x4e21, 0x49fd6a80, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}}}, &(0x7f0000001a40)=0x84)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={<r1=>0x0, 0x8000}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={r1, 0x7}, 0x8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000001680)=""/156, &(0x7f0000000300)=0x41)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001200)=ANY=[@ANYBLOB="480000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="7239050023080000280012800b00010069703667726500001800028014000100ff000000000000000000000000000001"], 0x48}, 0x1, 0x0, 0x0, 0x4000080}, 0xc010)

5.264517161s ago: executing program 3 (id=6873):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000004c0)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x20, 0x1, 0x1, 0xfa}, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000004c0)={r4, 0x0, 0x2, 0x0, 0x2, [<r5=>0x0], [0x0, 0xfffffffe, 0x0, 0x10000], [0x0, 0x0, 0xfffffffc], [0x1, 0x2]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
r6 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed}, &(0x7f0000000100)=0xe, 0x80000)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000180)=[{0x400, 0x5, 0x4, 0x4}]}, 0x10)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r7=>0xffffffffffffffff})
r8 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
writev(r8, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e", 0x1}], 0x1)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7})
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r9=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, r9}, 0x14)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x2000e8, 0x4)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000095c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="0201140080"], 0xdd12}], 0x1, 0x0, 0x0, 0x4040814}, 0x0)

5.172192163s ago: executing program 1 (id=6875):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
eventfd(0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4001af84, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000300))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_buf(r2, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = eventfd2(0x80, 0x80800)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r4})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000500)=@assoc_value={<r7=>0x0}, &(0x7f0000000140)=0x4)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000000)={r7, 0xfffa, 0x0, 0x9, 0x7fffffff, 0x6fea}, 0x14)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={r7, @in6={{0xa, 0x4e23, 0x2, @remote, 0x3}}, 0x9, 0x2, 0x7, 0x1, 0x8, 0x8, 0x6}, &(0x7f0000000580)=0x9c)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800001cd1487bd2b6642e00000000000000000005000400000000000900020073797a2102000000000000000000000005000100060000000d000300686173683a6d616300000000"], 0x48}}, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x44, 0x9, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @local}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000019340)={0x264, 0x0, [{0x3000, 0x0, 0x0}]})

5.156630776s ago: executing program 4 (id=6876):
r0 = openat$dsp1(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), r1)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4814}, 0x4000)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x40045017, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
close(r3)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_INNER_FLAGS={0x8}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x88040}, 0x24000000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r6, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_value, &(0x7f0000000240)=0x8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$sock_netdev_private(r4, 0x89f6, &(0x7f0000000280)="38021c96b5d81c9878fbdf218cfae3f6551a316f0a232750e883bd8a69b8d8c393775eb66189c4667dd2027823657888de97afdfa35ef43ff9172445edc0335f830dc56b593046832f8becde3b44b25687ea6c27cc9e7f65d39e30cd09764ac7fe53df9be02ec9d75ed9190c3d2f70ac89462dc89322f394abd53556f9974cc9286504e9a7b318f045bf85d5e47c31ead321db0f6ac8fdc4f937dfd0b32fdbce0d37ff2fbf7e39624662e3")
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x40)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
syz_clone3(&(0x7f0000001700)={0x231300080, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
process_madvise(0xffffffffffffffff, &(0x7f00000016c0), 0x9, 0xd, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

4.377689146s ago: executing program 0 (id=6878):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan0\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000002c80)=@gcm_128={{0x304}, '\x00', "362574ad5924c0c5aedd72261081b10f", "0700d871", "d97ab19fbd9a8e17"}, 0x28)
sendto$inet6(r3, &(0x7f0000000100), 0x0, 0x8000, 0x0, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000880)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6000000000403a01fe8000000000000000000000000000bbff02000000000000000000000000000104009078008000066cf6e45302002cfffe80000000000000000000000000003bfe8000000000000000000000000000aa2f0000010000000013d86558da0a7f6b"], 0x0)
r4 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r4, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x0, 0x4})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x80000, 0x9, 0xfffffff8}, 0x0)
ioctl$DVB_DEMUX_DMX_REMOVE_PID(r4, 0x40026f34, &(0x7f0000000040)=0x1)
syz_emit_ethernet(0x36, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r5, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x20000, 0x0}, 0x0, 0x0, 0x0, 0x10024, 0x0, 0x0})

4.365260918s ago: executing program 1 (id=6879):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e)
symlink(0x0, &(0x7f0000000000)='./file0\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
listen(r0, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r4, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r4, &(0x7f0000000080)=@file={0x1}, 0x6e) (fail_nth: 1)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r5, 0xffffffffffffffff, 0x0)

4.13975649s ago: executing program 2 (id=6880):
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x4, 0x3, 0x95, 0x1, 0xe0, 0x8, 0x0, 0x0, 0xd, 0x9, 0x6, 0x1, 0x6}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x4, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000008000000000000000100100091117f000000000095"], &(0x7f0000000c40)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)

4.113098627s ago: executing program 2 (id=6881):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="63429860415b7a", 0x7)
r1 = accept(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x18}], 0x1}], 0x1, 0x0)
recvmsg(r1, &(0x7f000000b680)={0x0, 0xffffffffffffffd4, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/43, 0x2b}, {&(0x7f0000000200)=""/174, 0xae}, {&(0x7f0000000340)=""/95, 0x5f}], 0x3, 0x0, 0x0, 0x1000000}, 0x0)

3.954123782s ago: executing program 4 (id=6882):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x8, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {}, {0xfff2, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x104}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x60081, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0x10)

3.745480358s ago: executing program 2 (id=6883):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000005260000720a00fef8ffffff71a4f1ff0000000071302000000000001d400500000000004704000001ed000007030000022800001d44000000000000620a00ff040400007203020100200000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffff20}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000002480)=""/195, 0xc3}], 0x1}, 0x2040)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r0}, './file0\x00'})
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r3, r4, 0x20, 0x0, @void}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0xfffe}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x2c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x25, 0x1, "2130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c358099bf8cf3007d"}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe4}}, 0x0)
getsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f0000000b00)={@mcast1, <r6=>0x0}, &(0x7f0000000b40)=0x14)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000140)={'ip6tnl0\x00', <r7=>r6, 0x2f, 0x5, 0x1, 0x8, 0x20, @mcast1, @private1, 0x7, 0x8000, 0x29, 0x7fff}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000000ac0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000280)={0x7f8, 0x0, 0x10, 0x70bd2b, 0x5, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x288, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd1, 0x4, "e0f3e47bf0c42d8e1c19744bcc9c2a7c5ae9f9612fd721f83247a9587f475dd893dc7c4429f9c57e09b12276aca4f01c4b57139403449e45efef4b99fb3a8b296664c39dc8a4cabbc370b536bf422356f766ee40bf15339bb5a19c48f52b7755189ecc06a48b8d682d623c739fb1ff126ba7facd160e5903172d2d7de1687fbb8585b55fe900a75c89e12c3913cc17507ed0b975df0f4c5a60cc54d6374ed056d19f27dd64140ea4e9bb3ec796289b652c9747c655e268464c2c5dc3bf003a61e1be3ecf1a3cfed82720b0f9b9"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x10001}, @ETHTOOL_A_BITSET_VALUE={0xaf, 0x4, "23f4dc0d0bf8857c11c4cfbc5c32f613498bcdc6deb7076f649010227a0332ac42ac8c07a2b0207e687fa5cb7492630253bd70ba9960f62642eb119cf8723ba5dcfbdd2ff262eb9c4468a8253fd49a5a32b8702c03725cd493dbfb6627fe2ccf8392b45f44d33b847a63fa6fad7d071f18c89ce5539def78d317cee6b3a8de60f3b895ab062e06f82cd1c83de214633da1953e1e31ef14bb5e21e3052681e8346cde926e1b53e556f1589c"}, @ETHTOOL_A_BITSET_BITS={0xf4, 0x3, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9e}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0x12, 0x2, './cgroup/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '@\\]\',\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^-^\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '}\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '+\'%\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x12, 0x2, './cgroup/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '}+)%@]]\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '.$\\}\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_DEBUG_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x308, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0xa3, 0x5, "b7fe2d5997a55176699f06e18f04a247c24a43e38194c6630ba62d8ef74aace97c435393546cb01fd9e76dbcbc34d28df0a6f50a913c80741672431a5c3f2cbdde6199b1706ecbeabb0b1c804f5b29a6c1fb7d7903ea9b077a7d7af10bd5b580d4df077aa9be300a1c4222f52b47c74238cdb11162163c613c3f15d9fce4072f14b9716cdf555619bb0b5bc512729ad69dbbb795d88689639ffbf1260c74dc"}, @ETHTOOL_A_BITSET_VALUE={0x8, 0x4, "0f8e6010"}, @ETHTOOL_A_BITSET_BITS={0xf0, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40000}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, '-*\\){#*(+\x15\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '$@!/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x40}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'GPL\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '\x06\\\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0xe, 0x5, "bb817b191078a3bbe8cf"}, @ETHTOOL_A_BITSET_BITS={0x3c, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xd8, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10}, @ETHTOOL_A_BITSET_BIT_NAME={0x12, 0x2, './cgroup/syz0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x400}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '+$-\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ']\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_BITSET_MASK={0x35, 0x5, "528ccccc6192501967a4ac29dc5e4cb57e19340ffb2e37ccbe72ad443922c1110f3f0d3d6efaa0d2f1a20ef5050728fe82"}]}, @ETHTOOL_A_DEBUG_HEADER={0x4}, @ETHTOOL_A_DEBUG_MSGMASK={0x1f4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xc1, 0x5, "321a1753ba12c1de85fc6e4c27299ca78693e0ebe7a16be16647707dc0469d17b624f0cfc8538325ac27d4521f72a50ad85e9f4e79a87d1802ec5198a046f6a5e84bf97171cf6dd0903937fe36a68a0cd33f82d17d169c1836c497a39c7ec058826f6fbb6a5cf43c7b25b9956809878ff29a800a7844caf36a48dd3a44c57de5d8355649aeb5e88677260fa9cf75c04d5e7cccc16916b3f17d4dae1075a6a0d37e04ab8d31db3061fb42953e592e1a60dbf8e92d1a54b5a6586d09af6b"}, @ETHTOOL_A_BITSET_MASK={0xbf, 0x5, "2f9cf07adf8fa24e5da519cbecd408e5ddda350c0237e91a7f7a345e99491616577097817ca6816e0fd7fa35430ba9debef1bd6acf5c12898231fbbfbc75fc196c57108f5d207b6ddc4eccb315ee551b17c25fa53f514d0975e2f070d0373110f84ea06ccf2186ddd95d82308be92013aacc52c8b1316930a03bd1639a7aa765ffe577b0f6c7a07871b7f4836e074c26fe8cb157ef46c9d225b39af35e1d63fbe0f58c4f541c089a96a0f78f19ae3f10117dea63131da9c9396451"}, @ETHTOOL_A_BITSET_BITS={0x6c, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ')-\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '%\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^]\'\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ']\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x66f2}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '[(^\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, ':%/.\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x41c4aba7}]}]}]}]}, 0x7f8}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

2.643591172s ago: executing program 0 (id=6884):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
r1 = dup(r0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x1b, "0062ba7d820700000000000000000000096304"})
syz_open_pts(r0, 0x80)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ffad53010000000000840400000000000005000000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa7664012d42961e1445ce83def332233b081df18961d6822d133bf72a4de1cc0800004537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5bb6f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767030090a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0xffcf}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r2, 0xffffffffffffffff, 0x5, 0x0, @val=@tracing={0x0, 0x8000000000000000}}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000580), 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x60}], 0x1}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2.24068191s ago: executing program 0 (id=6885):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000300)={0xb0, 0x0, 0x0, [{{0x6, 0x3, 0x0, 0x100000000, 0x7, 0x21b, {0x6, 0x8f, 0x9, 0x7, 0xa5d, 0x10000, 0x9, 0x7f, 0x3, 0x1000, 0xa, 0xee01, 0x0, 0xffff25c4, 0x5}}, {0x3, 0xd, 0x1, 0xb0, '\x00'}}]}, 0xb0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RMKDIR(r0, &(0x7f0000000240)={0x14, 0x49, 0x2, {0x8, 0x3, 0x1}}, 0x14)
write$char_usb(r0, &(0x7f0000000600)="b56511e72c6cba780ce701ed0b2db27a336692892a6491e2488652ff00c468d353d809d5b20d8ee0f9fefa6cd7bd1036ed25f0e37053d291887c707a892884c2b4aa2ebac156ef8288264449eea05c4f51c3bb4355eb108744fe34e5d0e851d51a855854135f04dd5d854459226f090b6f0d6135e8f2824eed7469236cad2251116a381d8cd30bae59c1fe71e028a667cb910d523aa5d7208286755075ee8be937304cca20e234303df72ad4e2bdc71219456229460a7c6a2df61e8b21b4a4941dcba5c257b90bbf0a976a73973319258ad7f738c04dfbdee4ea0e1b77a909a154fd934f791ebea03db6f06c8f14bc40924e46cbb9b343f25d63f332f9b3f176601f842a4e40401cbc62ee7803c3a2d71f3878f61d8fb8cb5ee90a696b22fb97bbdfd36af05c2e34dfb3d36cf7333ea9dc98af537780ae7bc701053b9009d654d84f04c851b311341efcec16ef3d5c8a7e8af494068dbad55bfa7b7bf4475ceb03a6f4ef11ce14652dc36f279671b7184586c7aab57d50ca23deaeeeaebc2ed024d91f399c84834e7802ad28b6ffec7ed089e8af35d15f2713e70ce55b3f60b9c002496e110c3a68e4c01faf901df4e39d007bf99f3a2d2e33c58b92b961937060a92ab6347995c09eb6a363092e3a45b68bd5e734d43b0bc98070d66c8d03490897a7d05e894da6d92c46cb1d961d11a7d1cd9d3c437c07e9f090690d2b344a93fdc5d7276b74231f1ad050024359e7a73ee913e9a7eba72f23482de94c572d07491328ca363762c44ddcdb1623ec6d639b368d407ffafbb265de19bd5e52ec86c12167dfe2a3de629af1d66612c3f313e07a301d8378fc6eb551196b51680d1194d682ff6cdbb0f811608d6321b41664108ef6dd1dfcc7df602901b0c0d549fb8d0c1aa9b542b99d76b6b8c360c9bcb01ed819a57441948465279d0b2652be1058065929bffae3e9c8923ba01c954f3c49298db8ffad96b73684daf2e608046be2ffb0de70237e044d4be3e6ccc1984ebd2f6e0f57e99fcb0ec30598f121bd93a4003e0ba0815e5ddbeba9f3f8600ef86258a5423fb1f30da5be531e573bf5322a5842eeb23107f02021dc332e0e687bd1f4f0ac09293c3638603279484dd552d534089e0b5b903c4ceeedef410662ec12e17e9b616950874e24d313d770e84b488544a8b829039d06637269367c108dc37712d46ef6601ef4e937a120c607e570446d6216366a72ced5d543ba92a929cef7c4fb03307e88174ad88381b16de1c3f9985f483ff75e9b40fc0e001d037dda41df9a583009baa3b246c19ab5a20cb4e62accb7a86090717c17db68b0d14905ed0ce6e49555de65448782fc0899f631393b5ccd65da59265d1b4ba9ff4d8a328cb42d2e3a465db23cfa9f159ce5716df7ccf393a561a1783679048570f2467c5336106bc8954569c047e854b2211141d169b27ca796b42c544f70123bd9f6ae23f87d1be164cd7bb2da3dc79e6f12a687296942c9c8f2d99b6961b48e046028bd69dcda162510ad235b7bf28a0ff994e23f08e80743", 0x448)
write$UHID_INPUT(r0, &(0x7f00000014c0)={0x8, {"1774d10ed679a3761698425e02229859f202c5d54bb9aaa84c470671ed39e31fcd1987c3fab368535c1d72f471356277d68201ce587582e0b61c74107f26d9b357fed4393b6676c62cb12bb5104bc87b40120258613657f462d98097b32565f3c6a065c0ecf81581c270d0adccfdd40199844781374e1cee0129091296af79ff67a1f52be0c73043a7bb6860312b9b2d3514d05233defb9e2e9ae218a0731aa015e7f042114d434f4209218e37f80b240526d575cb63f1ca89512cd50e27c21a827328cbae0874b155506fd933a2e59978eaad1c78dbed757e9e0047f5ebd5e9faefad831e5c55100f289794dc5b2116838edc1caef786cead375259a7768ddfd6cf5ed870b7abdcef90350a64c1eb5d6e54de748d6349f7e5bcb0377df4744678e7700911426a8b8540996d54716ecd8cd3a9f8175f23d45f9a1497654d5f2e4dad96b4b34cce3a39eb084bb829e05c82249951f91b432999c302bbe8ae5f79bb8954ed23ad98f87b5c30d079b1b2186db53a3849f9dce0e4d49c04f3025d4b25bc0728ab25ea5d050dc2586bad7ac437d7a5881c06e8b9f3eae66dc2aa48d0edf763daa7c6aa90df3c61fd69cf301090790b608324f4cfcc23acdcbbf9bd7e224c5c33d817cddcd10e86cbbda0de36f52d2389fa84dad6ed1819ee056b9a80d0b81f2a6b4ac50192f87cabf46f5fc88abcfbeb4301632d353aaf091b7828d941cb1c0e1477e5761032a63dadc3c7f51de8429c63b4ad65e975e38f244c6fe40e8fc6c33c4a16deffbe1b0423e584f45023e196d92b5bbc7d1854c3f33e8b0b7c5d3d87f0119380e2d14d6630219dc0e31469c2af0db2d624cab5c276c396f7d1543370ca9d925ac2dc2204de8008517c815e9fa7cd56e53f82ce1d095cd08032f57835ecb14c39fd57c90e39557934cd278a609e2e05a07a791d417f4460d2c30c10e1ef92cc146b1f9ff6b98b2688e2f050c510feba0d6960d31522cec3f6b0f539f85898a6b6409dd179d990fb57026acd9382f505ce06db211d7a369f46d8ea5804502bc7829155794b19a098d095a00b520966e9f49c74111d1f0f0f75b07aff0d388650a63656c9e601269d2eff1740e87206416ec73c08b56570dd496846b4f1a5d76602b6594e173209e5e7cebbab3f9f29bf957d000510eff9ce7ee3fea7fff32f3b6ae414ac311e14550e9a597aec7e76df40b7352bf4ddbd00739041edda795aeaa2665ad51a836120054bb0c8c1d3149477167214a0f952c78039ec8a70e21158db26d8f0238f782a5d54dced90951085abd412ef2e5b9984c7e263dc3eac6c683e8b82c5d56b5fa1e2f65d5d0afd32bc66d76ddb87a41805e11137de7373a9f6366a9a314cc6d5e731abeb2e83f135798a8bdda1c47b36db21140a9278b86c520bdbc8338ccaf5fbd61d7e73750b38e4bb6c77c33bf5617086c8f97ab219b4f6c930fd717aed4f1fa0eebcda82322c561dcae23284e0bfa4bf7a5b4b19ff3fe3137c4e07c55543a7d3778ccfaf757fae541bcf475382cc8ab6a0ede61789652b528efaacfa804fc1583bdfeaea00565c70a5941dc7a947ed97d9b6688f6363edf0735e72d9b8a4b21e5cd2de518e27bfd41749eafa66f3452e941273050ceaf39435327737857d4718a31b83649b3dced6f37a9ce3621a83a7ba9163dea12990677d21781f4ff95a68dc4b268b4c5e428c0941443c98025773362acd28a88f8d7e42fa72b908ac6a816270d78541c98e36b838b83ba99656192624211a343e6e76e154ebdb1af56aa8489f6a30a6be0dcd84f80ab2d02ac7bee22e5f6207d74c4fda0c6d7cc71bea537718bf8bb1d3c2602903139449b046d09528b4331bd8e396bb9b5c0b15db16a72947eecd0f050de9ee9e6b82fcf48a7fbecf911fda3d013fa9941a60f41b9d1f56ac40f07e7259c7c79f17cb0a90c472d33aed227151fc93c76e7a1fee4675edae1a9fda95a5d2b42c7b13d84995ee1b6411c48329f529752d65601c034cdb13ea4051132ecb7f71953b43663053fc2a174b1a7694d6a8b3eb9facbaf8b7281e00357ee255816a489ca91656dc506deaa9c925a0e53600a9e7df5bc89db907a323ffeba03d3c06a4f0569a6c0cd02ca46eede0b9979aa5b40fa85b47b3d4f4aaf614b5b72ab9ea4289d08346759fbc4c0c25dd179d0efc994f4ace7612720dbd1b40395c95c43e24bdb5941295ccfdfb8b558b3234a80a2cfb5a50d96a31e2f1bcc4aba66994626f735d5fd742f0fc2ab2bcc0a73a6210e9b2222a3577f7cba7fd31459c58bef86eb76dd00fc165a16519d05f5aa5753b89c5391a051b2930b22eadbd1f4fc76fc675faf35bde9306ef48fa349f1978b84e033340681bf06966a833c03902d749444574b9e3e88e027b01d057db785a1e0d6b4135c3b6f2ac370a01351bcdf0474d4708675502e64e02d468c4e1454271dda60f82cefb8f6ec9bd871bb4c7a50a17f3d1d9c1bce2e79cb59704f78a31d13cd6678e20ea53e8d0bff1527bf76670982fab8cbe62377baf3c59f256e0bb21686402efd240cf07989832b02975e09b06da9486667869e543e7e868e1eb2242811f306f9cbeff4e606c62dbccfcc3dec265b396fa70c04b0816dddedfe5d70b44c35e387accad9945c91ced6665482f95e1bcd4fb603eb5add65c934d74a40dd37a24ea972babb9197dd85b102e67d5658dd8cd64b661fac6dae2e1d8f7325e2a62d1060836f53a2f3737c843a42662a7ed6eb63c5ca670273539529a760417f3d95fd4adfe86ae582742c1d54dd121e5ac820d3f547a647f72f723a66dc9830fbcc228559c77d3fd1d7443598717f69d58b9e7cc64e9aad2da810b45aaf01b377d54eddc0e97f6d1dc07aa33c30aa2667719cebf73e67d001bd967e6529f195b38dc6684758b557ce4ba3b47d84a03be117b58cc22adbab162bed3965f768982e5355d241f7f0c0943d389a61ef2c633d8b99c7b6deba3bc4e4c1b7366a178ed6bc1fb49ce646b411ccb940998d01a941546a5ad1988faa66ba6338a7562e17ee0af33e76d6dfcd0ed0fb92911b2c9cb880f367f6429a7446f090b90b83893d1c0ddb138959853b68a85894a6d5aa1d287c2a949f9331fedecf7de02a5b51014c917a42e33274e6d597bd6ab586f73ce61a96f9512a0ebc729869c664a895be61ec7882869852c922d3016726edc90f909af1d07e8a3671bf751135cd24066fad1992103bdcd5052059abb0e1df33560ab3637d66b1013f8a234e3238de1170da7addd84b21f1e870151f534d799ed6164a031686bc48d2ae5a89c81894a28a9cd944a535b907777397e739a3b6a8e7d54bef71907071bc2a047ca14d7ef2e9d9b66da86ce56bc62ada0c813d9d63aa899f77f5d804a13a79b0e2275c4ba387e970519e67d212193d91bd0a96a1068bc136616ab5153b1e4b956f1a44b5334e8fbf8abf57fb28a13a64ad6085497faf88556d721f8e0a0699469646f22789e6530c03c75f69279e809d95d444bd44af1d19d12046de9d524caedc84a506642edf34b409b41ccb9689f8597cacd20eee8beec2b3e89644c06750e080da5cc06f3cb10b854fc23d39e52bf95b88335e7536888d67ea92df5868c5835321234e70ebf80e4365c19693a3a640a30f5aec7c490b4ed32ff169e907e25f862fe5aa8a9238cf5cee03ec2ab9e2801239980e78162b560ae3d066351f944c31d8b57a20cd2419b05b0fdd9f8ca4b7a8e1e7955a6b66a264d6d4c56d83c15871ab3f3327284ff7cf5e8d6c7f762d755fac0c7784af9efd13c9337d38451acb23020f4934ef1708b362b5d5cf4b743fc0f9712860ca2977319e1226ed860c2be3caacc8465ba80a0a6856322bc352972fd3f3c0db3acd66d56fef139e48f3d63d3a62c532aa10485807269bac3348316d9fd1931cbfd2acaa5c4e9102872ab16500260f2aec57025c0d6dc1bd68bff597667469e8eb57459b1881c10bf9531c23a6d9349b06b0db60aa6f89a4e0162038ea1850348b72e16f7d647e092c1d7ca55ba5095e58b18dd56b72ba9cbc09598663e8f54b2594194de72475abafdb285d464007ab91a83b91e7c8d5968ecb452e011c0b74e4309180615c3f67c2cad6e086f3686fd5394efd86d8bd45829314a5eb4a0549613b668e7b97600ac9ffe59df44e87046de44432dcd0aaf0c02c446ee9aaf72e80ce989923d4720fd3b8257d3fec5af22737c1e426f9d851c7929d69713e4751d5d39de20f0990bbdcb579f36b778bba4b8c5bdeb78208412005fe7cee40fe86691b8b0d6d3234e74192528622c31022cc3a81f4a574efdb67348b36ae7fd5977059d911da17746b040f06e7bef06accf4ef1ea4f4402041a98f3760d0fb8851b4e7d1124f37b1c653cc9ac53f4e373f694f8c957c390b0801859a19776a83854d2b65766bb03321fdac9a23d3345821fc21195910245e5ad79926a08094b54e242f002634b7213e5c122e76514f9ce76ce2740741f7ffe30e036de63b737fb16b240c6eeef0c1c537d219449b95d497723088548267c229fd5a122f25f2c6ad2fc3ff28133305ca850c5e2d1453dbb4429a8ee3a8f173feb49b611764c536c668c9aca8b8ec575c2310044898a4657fa1dda2ec6f7b8906d9521525ffd30c2b5948a0250224ba4d6beb39008c3785ddad71ceedb34301706b71634bf74b33ea4c436c2006cc5275d7931855d376c6314f8a5431781c3347bd9b3edadb8fcb959a6bb48e9407de69458fcc61c3a62e32720d3fd838dad3f50e852a2aa6d26af70205f9d8e40d3b9232c2ea9a4f86857fec4f7772e43d6dabd1e34400a84d1d338941bc31ead12047bde3ccdd89c53fcbfeff9fba85be6c11447c4b088eb184186a5e41e17bc0011c008aa8b98b44c1c862f8f977d1998d8dce81688d3d80d0fa2b9b7e7f78f80361f525a7586f3d9e68456b55d6f0e8c99495da3a5f392fc8bfe4e42af04fe85936c99b7be80acd351bffa7b723717621d9ff37b5ef829dfdc6ab085c2e83df864306cee0096486e77a1f9d7b7cf5bd157a69a05a12bb735606ac360af2c23542e52880fe9328524d5b121e378319ef2e1a0874fc99842ac8ac04dd6c634b08d81ffd379e9a52573a1721f63a6c009c590e7f43fcbaa2c23c975dfd1a9d1a6dc21587511b4cfdb6f53721940a9f4dd3d8a2c6bdf9890a152e05c9b561518a58a861aae8cb02f1031a121297f6b0820b22d9d6e544adc91216f4a3c011dee24774bfddef418a56c5f0ed57e6f3ce2a76d812a19a9420141eca0ef3d86f552814cb8b2a68b53bb195b2dd2b44f49e93c742db0b2bd637fd247bc28755819a9e122725a6b4409baec607359268eb6cf83fcb674a3771b75b8a7ea0300c16a624333b69bc188c417557356ff7336cde8645f973ad18ee15fc3b34074e1ec58eb00b779a86c7dd7e76872798a12b29b3f446240770999853686f18a624beb6f07f614b413a0cbd954de99a6a79b7c9dbdec41fa172025d9e7d6e82935fc21b4c90bae9b4e9a84478e2289fda091ceacdd02bee2d96fa9d02982191418a9db4115ba049b045ef03dcffc0566d802df6d97dcd90660cd9c3a682bca8a48dd7168ab86074685993571843f74498f1d3a85ab9c63c83450809e86cb1bcf2f341cfd7db56090ad58c34e3a6a98ea65e7b5b439295b0ad6e6e695d88dec93c2ed776df7fc41ef0cec809500d2ce06ac217001748fa337b91f1bccf4d22ee7183e44a573cf95bdbe1e2e10d0c2d52e1992983f84fa1b109eb1495c9d25651510b75a2d5c689b7fe9", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0xfff], 0x0, 0x0, 0x1}}, 0x40)

2.131669852s ago: executing program 2 (id=6886):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xf, 0x0, &(0x7f00000004c0)='GPL\x00', 0x800, 0x0, 0x0, 0x41100, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x3, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580), &(0x7f00000005c0)=[{0x4, 0x5, 0x1, 0x1}]}, 0x94)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000b40)={0xffffffffffffffff, 0x80000001}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x10, 0x6, &(0x7f0000002100)=ANY=[@ANYBLOB="18570000040000000000000000000000185200000b000000000000000000000018250000", @ANYBLOB="0000000006000040a90b3045d3fca1cf08e3e5a28ec48571baecaaa518e649b57d657a0f79c375171c9b3af1789e0dfdf7a0899cf430f875fd300ddbff34a121cca19948ba740f26f715984ad8ea5c5a7cf473ae060e295404dd6e2d576a09953acdb26d03000000774e56a3a8a46cb3bdb9f328909d6cced50b51787cf902e179fffe0eda59e605014052d8191758d76061df6f5ae9eabc85b927d44d8c1b41492258c5135be257b6570925754b3e8f2f552dcf3d39a2f58587945012f70835164e8a9cb3f8862ff86fa3e7eaa3daf936d28e18b83fb57f379cb3f927479747086efcacc70e404911061e0b44a1ca7d1618826ecef829a165ad88cdade995429549ba863e569b81421405010a5125618a08ce96d7e8d18f9d8adadae8145e9d1589297ba75ad7d3924e56ec113b1442f69f8bb6295a07f30cdeee55fca907"], &(0x7f0000000040)='GPL\x00', 0x4, 0x67, &(0x7f00000000c0)=""/103, 0x41100, 0x0, '\x00', 0x0, @sk_msg=0x7, r2, 0x8, &(0x7f0000000200)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x1, 0x5, 0x2, 0xfff}, 0x10, 0xffffffffffffffff, r3, 0x4, &(0x7f0000000b80)=[r4, r5], &(0x7f0000000bc0)=[{0x4, 0x1, 0xa, 0xb}, {0x2, 0x5, 0x0, 0x7}, {0x4, 0x4, 0xd, 0x9}, {0x4, 0x5, 0x3, 0x2}], 0x10, 0x8}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x17b93}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5}]}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)
r7 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000020c0)="b444d5b5c0feed690000", 0xa, 0xffffffffffffffff)
keyctl$read(0x2, r7, &(0x7f00000000c0)=""/4096, 0x1000)
keyctl$read(0xb, r7, &(0x7f00000010c0)=""/4096, 0x1000)
keyctl$clear(0x7, r7)

2.025075291s ago: executing program 3 (id=6887):
r0 = openat$dsp1(0xffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), r1)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4814}, 0x4000)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x40045017, 0x0)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
close(r3)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x17}, @NFTA_INNER_FLAGS={0x8}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x8c}, 0x1, 0x0, 0x0, 0x88040}, 0x24000000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r6, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000000)=0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_value, &(0x7f0000000240)=0x8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x40)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
syz_clone3(&(0x7f0000001700)={0x231300080, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
process_madvise(0xffffffffffffffff, &(0x7f00000016c0), 0x9, 0xd, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

1.744550979s ago: executing program 4 (id=6888):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
socket$nl_route(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000080), 0x800)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x5, &(0x7f00000000c0), 0x111, 0x6}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r2, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) (fail_nth: 1)

1.677322956s ago: executing program 0 (id=6889):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
eventfd(0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4001af84, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000300))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_buf(r2, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = eventfd2(0x80, 0x80800)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r4})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000500)=@assoc_value={<r7=>0x0}, &(0x7f0000000140)=0x4)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000000)={r7, 0xfffa, 0x0, 0x9, 0x7fffffff, 0x6fea}, 0x14)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={r7, @in6={{0xa, 0x4e23, 0x2, @remote, 0x3}}, 0x9, 0x2, 0x7, 0x1, 0x8, 0x8, 0x6}, &(0x7f0000000580)=0x9c)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800001cd1487bd2b6642e00000000000000000005000400000000000900020073797a2102000000000000000000000005000100060000000d000300686173683a6d616300000000"], 0x48}}, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x44, 0x9, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @local}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000019340)={0x264, 0x0, [{0x3000, 0x0, 0x0}]})

1.474890535s ago: executing program 2 (id=6890):
add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r0 = syz_clone(0x1288000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ff81000000000000000000be"], 0x1c}}, 0x40000)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0400000000000000000000000000000d000000000000000000000010040000000000000000000009030000000000000061"], 0x0, 0x52}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x0, '\x00', 0x0, r1, 0x1, 0x3}, 0x5f)
syz_open_procfs(r0, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2f, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x103, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.415650131s ago: executing program 4 (id=6891):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121403, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000280)=0x2000)
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="04220180"], 0x4)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0xe0, @multicast2=0xe0000001}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10002}}}}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0x11e, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x63, 0x10, &(0x7f0000002e00), &(0x7f0000001000), 0x8, 0xa0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r3, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222000100000000090400000103e900000905a1e7"], 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000c00)={'tunl0\x00', <r4=>0x0, 0x8000, 0x797, 0x5, 0x7f, {{0xf, 0x4, 0x3, 0x5, 0x3c, 0x66, 0x0, 0x10, 0x2f, 0x0, @rand_addr=0x64010102, @local, {[@timestamp_addr={0x44, 0x24, 0x25, 0x1, 0x5, [{@rand_addr=0x64010100, 0x1}, {@multicast2, 0x58}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@dev={0xac, 0x14, 0x14, 0x3f}, 0x9}]}, @noop]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=@bloom_filter={0x1e, 0x7, 0x4, 0x0, 0x8, 0x1, 0x9, '\x00', r4, 0xffffffffffffffff, 0x0, 0x5, 0x1, 0x3}, 0x50)
r5 = fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000340)='name', &(0x7f00000000c0)='\xf6gr\xe7lo_', 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/comedi2\x00', 0x40000, 0x0)
close_range(r5, r5, 0x0)
syz_usb_connect(0x0, 0x33b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201010283643308d107163c908a0102030109022903014401e00c09042a0810569fa906092402020700d62e0b09050c0140001805050905080c400008c406072501080102000905080cff0300060309050b00010c0f070009050200ff03c4065309050f01ff03ff000807250104030700190f84b46060473cc216448b0316ae380c3a03157dc1fd26f60905090c08008106010725010810050009050b0197260b06054b0eda9e9daad93c6b1177dcc589853da7d5d342400980114fee5214a7a4840cf29e4c9294fc12917a1139de8d3aa550690171a2a72ba0814b5f6f46b68507250108ff07000905000010009b08070725010c0207000905030100040506f92f225a8e73296694fe149df0e9f63e98c71f76e08a30b6b9033c8a6eeca38c3eea035c18aa9ef5f654602c2c1a2e8f0725010806001009050310080006017f0725010c0640fa09050b002000068100c50467a9157fe84a91f1b18ebb5661f1cfa76b686cd7c38418e2fe40153ef3997e6ece8f025cf67e1cbed4e0af6df627f78a5a0d816a72cc81371264464fd3f0f037f231018c63ccc8dcf39b5a4f366562d2c825ba9ac2d8b89c0f4d8fa005444427c562068c9ea6a97917ae6dcea0da564e492ebefd34a3d82a72f9c7b9f98471f1d57a6cba5b0442397df17674db6ad20bfad4664338b95c134a23941d9c0c25d2036b7d25efa8a5270b7c8dd2ae7dcbf64bc9e940040c4954f27e78c3b2090059fe664c09050e00400074a80d0725010c9c05000725010801070709050f00ff03040803d4016c61008ef89bc8f95ee45a9fccd4a166f34160b69112a7ec70c846ae3cfce55d2e9e57a601760ab78b41f8e4477ebf27817a6468f2c4e42f980c72e0e7ef6fc3483284c2dd3fb7ec377c2f9fbbe46bd0e0ec3397ef8b3281ead26504fc5f8aada2a2ff637add5f4b600c2644f7528e932466d402208ada840449b06bf74bcecaecba633fc0ed82f51d86bed7ae8c7f302190afb7439da152fc028877ca43ec5b55ee857795515d8fbb642cdab4b52b4cf0c0b2f806551d2814211f0f593c75044039727bbf8b398d20382d43eb336702205d090580101000800902050b03234607250104030300"/810], &(0x7f00000009c0)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x0, 0xb, 0x1, 0x5, 0x8, 0x92}, 0xf5, &(0x7f0000000a80)=ANY=[@ANYBLOB="050ff500031e10030016001081020003100be31004061e2e8d18a4fbcc597eb56bc6fc8e0748dd30d71b2a892769c5f5644b004d0650cf428ab63f4eeff2ec020f68e8927a4425cc534f3917fb208dcfaccfe91366d27b5725131d54db854d6cdfc0fe7f3e6f3976ab68ba77277b6d104fb0fecad381e4c30dcbb282b430c744e3912341f8d564220f98a2633b046b2fbd3a0993dc6fb67091115e6657f437b96ec2b3cc738d3259b500f8070c8e60b614c876eb268f37a3530bf5822e2b4493351ffbe823253aa68ec4f1cc7c5fab71a9b88903dda7125546a7a60ab389f1dcd65114aed4274afdddbb1c2500"/247], 0xa, [{0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x40a}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x80a}}, {0x1c, &(0x7f0000000580)=@string={0x1c, 0x3, "e40ce6441f40228cfbebee880037a11df611440e0bbfef8d7412"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x403}}, {0x4c, &(0x7f0000000600)=@string={0x4c, 0x3, "94d8cc5e9c5a36bfd63acca00e17d21677ca1f91a7e77b38c97faddc155886d024e960258a2f377c8bb66635f635855f7e6101ca45be6e5423e51272590085edbfc0d8e7655b1d7aea85"}}, {0xc0, &(0x7f0000000680)=@string={0xc0, 0x3, "c0d008720876d162c144d1a78ca836538f5774e5c19273aa955f8161e64cc2eea11aca83cfec6e990fa40e39ebaeb071dca448d45925b0033799ee7374c798c8edd74cf5bad759f639c34b0575d643da716118355a7a4eee5842037a8be164c7600eeb56d651860854d21d283cfb06b1bcac4923b3ad6831c39f1acf23d4d209f5ac51a2aab3374d264b20c90f6170d931a3c8bf3f5f538a865ec49fdf8d37765ad941ec2f9fa6072b3146efe2933ab2a21d58b2f1cb26a230fc92f41ec2"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x1001}}, {0xc1, &(0x7f0000000780)=@string={0xc1, 0x3, "76bbb09f9a52b95ccbd301e9f33b840900f7fa817871fea378187169366bc7b3a958a44828e017719852c82d373a41dcc635294b6ad1f40d2c2543e0e9275a4214a06efefb51463d7643ae61e925c3c8b60edccff0deb0c2f57518dfb9f53b89f774e0f7706a8b7801b56e615dbefc31fdb90c5fdf427ca018efaeac6d184e1348af96176be8041fb6e4a8d6aecd0a1bd33681924b4aa107133a9d687c373198b027846fe62fad66836517b4588135b1b9ea1cf3c32db8022310451321606a"}}, {0x5c, &(0x7f0000000880)=@string={0x5c, 0x3, "b134891dbd223dc83aeadb3b9487697c08049fa91f14b9bc936a490cb589093314ad325f7eff7c92be7798d4a791f2618c4cc4b580c56a083772ccade38684d1f51318b5d21da8e3a96076382f2f2d4e0e5c8fbacbd9d00388f6"}}, {0xae, &(0x7f0000000900)=@string={0xae, 0x3, "0767bd686903a46c8441502d6fdc5ed3d8794857292382823ec87ca3965bc4c935f14fd38f29129c129ee421c05f9068c525afe667a8cf549d5c93188374e8660ccc66c89554eb9d8ce4a5dee9746366f3ef92bf5da37e6a5dae1c0191fe6086a2af1b042aa9dc061c40c551995341dc78e711531b53140f8a0bff29c109d925585ed7ff3eb3922816d9c14ab703969806ac0b95ddf83bd10f7fde23de6514b07434008c3a20464f3b474317"}}]})
syz_emit_ethernet(0x42, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaa8aaaaaffffffffffff8100100008004528003000000000a30642899078ac1414bbac9414aa4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7002000090780000fe06e2d4c3d90100"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000040)=0x1c)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x4e21, 0x1, 'sed\x00', 0x0, 0x2, 0x5b}, 0x2c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)

271.755686ms ago: executing program 0 (id=6893):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RMKDIR(r0, &(0x7f0000000240)={0x14, 0x49, 0x2, {0x8, 0x3, 0x1}}, 0x14)
write$char_usb(r0, &(0x7f0000000600)="b56511e72c6cba780ce701ed0b2db27a336692892a6491e2488652ff00c468d353d809d5b20d8ee0f9fefa6cd7bd1036ed25f0e37053d291887c707a892884c2b4aa2ebac156ef8288264449eea05c4f51c3bb4355eb108744fe34e5d0e851d51a855854135f04dd5d854459226f090b6f0d6135e8f2824eed7469236cad2251116a381d8cd30bae59c1fe71e028a667cb910d523aa5d7208286755075ee8be937304cca20e234303df72ad4e2bdc71219456229460a7c6a2df61e8b21b4a4941dcba5c257b90bbf0a976a73973319258ad7f738c04dfbdee4ea0e1b77a909a154fd934f791ebea03db6f06c8f14bc40924e46cbb9b343f25d63f332f9b3f176601f842a4e40401cbc62ee7803c3a2d71f3878f61d8fb8cb5ee90a696b22fb97bbdfd36af05c2e34dfb3d36cf7333ea9dc98af537780ae7bc701053b9009d654d84f04c851b311341efcec16ef3d5c8a7e8af494068dbad55bfa7b7bf4475ceb03a6f4ef11ce14652dc36f279671b7184586c7aab57d50ca23deaeeeaebc2ed024d91f399c84834e7802ad28b6ffec7ed089e8af35d15f2713e70ce55b3f60b9c002496e110c3a68e4c01faf901df4e39d007bf99f3a2d2e33c58b92b961937060a92ab6347995c09eb6a363092e3a45b68bd5e734d43b0bc98070d66c8d03490897a7d05e894da6d92c46cb1d961d11a7d1cd9d3c437c07e9f090690d2b344a93fdc5d7276b74231f1ad050024359e7a73ee913e9a7eba72f23482de94c572d07491328ca363762c44ddcdb1623ec6d639b368d407ffafbb265de19bd5e52ec86c12167dfe2a3de629af1d66612c3f313e07a301d8378fc6eb551196b51680d1194d682ff6cdbb0f811608d6321b41664108ef6dd1dfcc7df602901b0c0d549fb8d0c1aa9b542b99d76b6b8c360c9bcb01ed819a57441948465279d0b2652be1058065929bffae3e9c8923ba01c954f3c49298db8ffad96b73684daf2e608046be2ffb0de70237e044d4be3e6ccc1984ebd2f6e0f57e99fcb0ec30598f121bd93a4003e0ba0815e5ddbeba9f3f8600ef86258a5423fb1f30da5be531e573bf5322a5842eeb23107f02021dc332e0e687bd1f4f0ac09293c3638603279484dd552d534089e0b5b903c4ceeedef410662ec12e17e9b616950874e24d313d770e84b488544a8b829039d06637269367c108dc37712d46ef6601ef4e937a120c607e570446d6216366a72ced5d543ba92a929cef7c4fb03307e88174ad88381b16de1c3f9985f483ff75e9b40fc0e001d037dda41df9a583009baa3b246c19ab5a20cb4e62accb7a86090717c17db68b0d14905ed0ce6e49555de65448782fc0899f631393b5ccd65da59265d1b4ba9ff4d8a328cb42d2e3a465db23cfa9f159ce5716df7ccf393a561a1783679048570f2467c5336106bc8954569c047e854b2211141d169b27ca796b42c544f70123bd9f6ae23f87d1be164cd7bb2da3dc79e6f12a687296942c9c8f2d99b6961b48e046028bd69dcda162510ad235b7bf28a0ff994e23f08e807437dcd1a426a31e818b918e5c28725bf12f42d6f719d9d81100e529b9f7e4891167aef44ec7afa086e46cf832d144ebe668dbafcbf229be799f33df6c1fb3365f4cb64f360fb70ee140818503a185a44f15d3db5fd5abe8ea3c59f4120c23d3792a4ac791959858dc88286e403ad45b31716e28be7684375c2651f88ed78c2948d673ef2a8a937136ca9842717585894453a83280edc21f3fadb974c36696fe7d8bd136a005a69d14d034a869c4035282ac7c91642a05743814b4cd57df50a4eb15dd7a561637ea4ef6b3bcf89695f125fcd390746357917a6bcf55e0268a09ae5b1195f99a7fe5fec2d4115978052e195d7b5df345b827121a86166c9095e387301fc561654db0183715239247eb9dc15e83c20389aa6271b42125bd475b82db032150aa39fab06fde1034347a8a884c74edb21be34c8cf5b437ad7223970defbb27ca8eb0029fdd4acd4bc92236584ed42f03706376c583a5c8e5cf9f2415ee1f8c1b01f34d7cf1b673db2158eb99d55878ee41b391f8d7339c6f3471ae4af25e5ecb8cea2fbed9f915ce483f1a9411ca5b21776295aa4f52fa31d875f9850f3e07b8093b0f92570d41d77e68e9a79a27b6f5a2c9a100cde02ea745353e996b99b43e0f1aa51288d863859bc618a602c17a15e285e6c189a21a4762b57ce396c852a5453f035c7a2d849a98c30a2e7f797ed13ffae44e4d15a240d092a25b4820e0d2fe3b9cb74b89efc977634d1f37eddc1433f6b06fd13c543bceca1254f91413d8b914bd67f1dca660ad8ef561dfb2ce5f0486b3e1a19a3682dad8a727177a1ea448273c3cd308300e3b4fc4f96efa8d6d723de8b38f7688e13c47b2aa801ba5c33a138208412524250e41eb253520f68324dbdb5e7de6e02dc315e20cf1844cc7a5f15428dd342bcf40895d94b3de0e1acdb698a94e0dd881edfb7569d0c81981213e7186eac0d80dd35e1a48aa5319678db523e9cea10163e3924c52d1d4ff589b3b228d98e64e6ee22990600ac9b272b483520148dac0e26d27ef618c86b0a49075f71d8c21e49bbcf83eb1374f0ad393074e32fa33a257f13fb187ba40b02ee6e688092e81ce0c04e3e53507b4b244fcf3afd4dbf05747a8c81828351558223a7bd0ff6684e94cd264ab3841cca4983c10b627c3c13286872798a3bce148b7f9847cb2b485bb900ad006b08482c801e9f05e5e57591e9c9ed1235c397ebffec2bffdf0eaa4aa2b3927e583f913edb95ce47603bc725ad16c59c4b638668190bd1f9c4b2c9e1b14a85d9e3e81ef3668baf27e59dd14d1ade2d7873d4feb989cdac04675f40b59a1a41453b44e0fdb89f4a7f3f52cb3a6a79d0763f85826fe1b5acb3215a0328c32ccdf2c21bb4ab3310c2d33f9b1255582e0807492ce59953f6cd4422bfa5ea9192177bbf13bd7a83807362036708653bd01b67d3def4ef7041ea29995404c0b10b0eae74bbf614652f887f755e94d390341437d50cecbf2c16fa21638ad3f85f30db17e1af9bf2b4aa8113d6a9170dc4c024f484200a471e9c73f6d2055585bdb499156081d3bc288a2ddd2b9d856c69c22ad3b4ee16555c64d86b7a9d83722860fdbf06b3a1592f3e5832fdf2d3ee078e54b7cee981cec96de0a4c77e052d2f86061cba468f6c5861771014dd56320f5fd4f84b5a890838e9fe72f41620d131cfdb7d0e627dd490acab383d5fc8cfc95e966ced3dfe3d315ad76a0452a50e8b4e9882ca9294eaa12f73629affc9050df48aedc1da6081259226056012decf4a60c3e252860cc7452e6058d8029d2d0971496e19cc94558c96678bd1b074894271b2bff2810f8a", 0x959)
write$UHID_INPUT(r0, &(0x7f00000014c0)={0x8, {"1774d10ed679a3761698425e02229859f202c5d54bb9aaa84c470671ed39e31fcd1987c3fab368535c1d72f471356277d68201ce587582e0b61c74107f26d9b357fed4393b6676c62cb12bb5104bc87b40120258613657f462d98097b32565f3c6a065c0ecf81581c270d0adccfdd40199844781374e1cee0129091296af79ff67a1f52be0c73043a7bb6860312b9b2d3514d05233defb9e2e9ae218a0731aa015e7f042114d434f4209218e37f80b240526d575cb63f1ca89512cd50e27c21a827328cbae0874b155506fd933a2e59978eaad1c78dbed757e9e0047f5ebd5e9faefad831e5c55100f289794dc5b2116838edc1caef786cead375259a7768ddfd6cf5ed870b7abdcef90350a64c1eb5d6e54de748d6349f7e5bcb0377df4744678e7700911426a8b8540996d54716ecd8cd3a9f8175f23d45f9a1497654d5f2e4dad96b4b34cce3a39eb084bb829e05c82249951f91b432999c302bbe8ae5f79bb8954ed23ad98f87b5c30d079b1b2186db53a3849f9dce0e4d49c04f3025d4b25bc0728ab25ea5d050dc2586bad7ac437d7a5881c06e8b9f3eae66dc2aa48d0edf763daa7c6aa90df3c61fd69cf301090790b608324f4cfcc23acdcbbf9bd7e224c5c33d817cddcd10e86cbbda0de36f52d2389fa84dad6ed1819ee056b9a80d0b81f2a6b4ac50192f87cabf46f5fc88abcfbeb4301632d353aaf091b7828d941cb1c0e1477e5761032a63dadc3c7f51de8429c63b4ad65e975e38f244c6fe40e8fc6c33c4a16deffbe1b0423e584f45023e196d92b5bbc7d1854c3f33e8b0b7c5d3d87f0119380e2d14d6630219dc0e31469c2af0db2d624cab5c276c396f7d1543370ca9d925ac2dc2204de8008517c815e9fa7cd56e53f82ce1d095cd08032f57835ecb14c39fd57c90e39557934cd278a609e2e05a07a791d417f4460d2c30c10e1ef92cc146b1f9ff6b98b2688e2f050c510feba0d6960d31522cec3f6b0f539f85898a6b6409dd179d990fb57026acd9382f505ce06db211d7a369f46d8ea5804502bc7829155794b19a098d095a00b520966e9f49c74111d1f0f0f75b07aff0d388650a63656c9e601269d2eff1740e87206416ec73c08b56570dd496846b4f1a5d76602b6594e173209e5e7cebbab3f9f29bf957d000510eff9ce7ee3fea7fff32f3b6ae414ac311e14550e9a597aec7e76df40b7352bf4ddbd00739041edda795aeaa2665ad51a836120054bb0c8c1d3149477167214a0f952c78039ec8a70e21158db26d8f0238f782a5d54dced90951085abd412ef2e5b9984c7e263dc3eac6c683e8b82c5d56b5fa1e2f65d5d0afd32bc66d76ddb87a41805e11137de7373a9f6366a9a314cc6d5e731abeb2e83f135798a8bdda1c47b36db21140a9278b86c520bdbc8338ccaf5fbd61d7e73750b38e4bb6c77c33bf5617086c8f97ab219b4f6c930fd717aed4f1fa0eebcda82322c561dcae23284e0bfa4bf7a5b4b19ff3fe3137c4e07c55543a7d3778ccfaf757fae541bcf475382cc8ab6a0ede61789652b528efaacfa804fc1583bdfeaea00565c70a5941dc7a947ed97d9b6688f6363edf0735e72d9b8a4b21e5cd2de518e27bfd41749eafa66f3452e941273050ceaf39435327737857d4718a31b83649b3dced6f37a9ce3621a83a7ba9163dea12990677d21781f4ff95a68dc4b268b4c5e428c0941443c98025773362acd28a88f8d7e42fa72b908ac6a816270d78541c98e36b838b83ba99656192624211a343e6e76e154ebdb1af56aa8489f6a30a6be0dcd84f80ab2d02ac7bee22e5f6207d74c4fda0c6d7cc71bea537718bf8bb1d3c2602903139449b046d09528b4331bd8e396bb9b5c0b15db16a72947eecd0f050de9ee9e6b82fcf48a7fbecf911fda3d013fa9941a60f41b9d1f56ac40f07e7259c7c79f17cb0a90c472d33aed227151fc93c76e7a1fee4675edae1a9fda95a5d2b42c7b13d84995ee1b6411c48329f529752d65601c034cdb13ea4051132ecb7f71953b43663053fc2a174b1a7694d6a8b3eb9facbaf8b7281e00357ee255816a489ca91656dc506deaa9c925a0e53600a9e7df5bc89db907a323ffeba03d3c06a4f0569a6c0cd02ca46eede0b9979aa5b40fa85b47b3d4f4aaf614b5b72ab9ea4289d08346759fbc4c0c25dd179d0efc994f4ace7612720dbd1b40395c95c43e24bdb5941295ccfdfb8b558b3234a80a2cfb5a50d96a31e2f1bcc4aba66994626f735d5fd742f0fc2ab2bcc0a73a6210e9b2222a3577f7cba7fd31459c58bef86eb76dd00fc165a16519d05f5aa5753b89c5391a051b2930b22eadbd1f4fc76fc675faf35bde9306ef48fa349f1978b84e033340681bf06966a833c03902d749444574b9e3e88e027b01d057db785a1e0d6b4135c3b6f2ac370a01351bcdf0474d4708675502e64e02d468c4e1454271dda60f82cefb8f6ec9bd871bb4c7a50a17f3d1d9c1bce2e79cb59704f78a31d13cd6678e20ea53e8d0bff1527bf76670982fab8cbe62377baf3c59f256e0bb21686402efd240cf07989832b02975e09b06da9486667869e543e7e868e1eb2242811f306f9cbeff4e606c62dbccfcc3dec265b396fa70c04b0816dddedfe5d70b44c35e387accad9945c91ced6665482f95e1bcd4fb603eb5add65c934d74a40dd37a24ea972babb9197dd85b102e67d5658dd8cd64b661fac6dae2e1d8f7325e2a62d1060836f53a2f3737c843a42662a7ed6eb63c5ca670273539529a760417f3d95fd4adfe86ae582742c1d54dd121e5ac820d3f547a647f72f723a66dc9830fbcc228559c77d3fd1d7443598717f69d58b9e7cc64e9aad2da810b45aaf01b377d54eddc0e97f6d1dc07aa33c30aa2667719cebf73e67d001bd967e6529f195b38dc6684758b557ce4ba3b47d84a03be117b58cc22adbab162bed3965f768982e5355d241f7f0c0943d389a61ef2c633d8b99c7b6deba3bc4e4c1b7366a178ed6bc1fb49ce646b411ccb940998d01a941546a5ad1988faa66ba6338a7562e17ee0af33e76d6dfcd0ed0fb92911b2c9cb880f367f6429a7446f090b90b83893d1c0ddb138959853b68a85894a6d5aa1d287c2a949f9331fedecf7de02a5b51014c917a42e33274e6d597bd6ab586f73ce61a96f9512a0ebc729869c664a895be61ec7882869852c922d3016726edc90f909af1d07e8a3671bf751135cd24066fad1992103bdcd5052059abb0e1df33560ab3637d66b1013f8a234e3238de1170da7addd84b21f1e870151f534d799ed6164a031686bc48d2ae5a89c81894a28a9cd944a535b907777397e739a3b6a8e7d54bef71907071bc2a047ca14d7ef2e9d9b66da86ce56bc62ada0c813d9d63aa899f77f5d804a13a79b0e2275c4ba387e970519e67d212193d91bd0a96a1068bc136616ab5153b1e4b956f1a44b5334e8fbf8abf57fb28a13a64ad6085497faf88556d721f8e0a0699469646f22789e6530c03c75f69279e809d95d444bd44af1d19d12046de9d524caedc84a506642edf34b409b41ccb9689f8597cacd20eee8beec2b3e89644c06750e080da5cc06f3cb10b854fc23d39e52bf95b88335e7536888d67ea92df5868c5835321234e70ebf80e4365c19693a3a640a30f5aec7c490b4ed32ff169e907e25f862fe5aa8a9238cf5cee03ec2ab9e2801239980e78162b560ae3d066351f944c31d8b57a20cd2419b05b0fdd9f8ca4b7a8e1e7955a6b66a264d6d4c56d83c15871ab3f3327284ff7cf5e8d6c7f762d755fac0c7784af9efd13c9337d38451acb23020f4934ef1708b362b5d5cf4b743fc0f9712860ca2977319e1226ed860c2be3caacc8465ba80a0a6856322bc352972fd3f3c0db3acd66d56fef139e48f3d63d3a62c532aa10485807269bac3348316d9fd1931cbfd2acaa5c4e9102872ab16500260f2aec57025c0d6dc1bd68bff597667469e8eb57459b1881c10bf9531c23a6d9349b06b0db60aa6f89a4e0162038ea1850348b72e16f7d647e092c1d7ca55ba5095e58b18dd56b72ba9cbc09598663e8f54b2594194de72475abafdb285d464007ab91a83b91e7c8d5968ecb452e011c0b74e4309180615c3f67c2cad6e086f3686fd5394efd86d8bd45829314a5eb4a0549613b668e7b97600ac9ffe59df44e87046de44432dcd0aaf0c02c446ee9aaf72e80ce989923d4720fd3b8257d3fec5af22737c1e426f9d851c7929d69713e4751d5d39de20f0990bbdcb579f36b778bba4b8c5bdeb78208412005fe7cee40fe86691b8b0d6d3234e74192528622c31022cc3a81f4a574efdb67348b36ae7fd5977059d911da17746b040f06e7bef06accf4ef1ea4f4402041a98f3760d0fb8851b4e7d1124f37b1c653cc9ac53f4e373f694f8c957c390b0801859a19776a83854d2b65766bb03321fdac9a23d3345821fc21195910245e5ad79926a08094b54e242f002634b7213e5c122e76514f9ce76ce2740741f7ffe30e036de63b737fb16b240c6eeef0c1c537d219449b95d497723088548267c229fd5a122f25f2c6ad2fc3ff28133305ca850c5e2d1453dbb4429a8ee3a8f173feb49b611764c536c668c9aca8b8ec575c2310044898a4657fa1dda2ec6f7b8906d9521525ffd30c2b5948a0250224ba4d6beb39008c3785ddad71ceedb34301706b71634bf74b33ea4c436c2006cc5275d7931855d376c6314f8a5431781c3347bd9b3edadb8fcb959a6bb48e9407de69458fcc61c3a62e32720d3fd838dad3f50e852a2aa6d26af70205f9d8e40d3b9232c2ea9a4f86857fec4f7772e43d6dabd1e34400a84d1d338941bc31ead12047bde3ccdd89c53fcbfeff9fba85be6c11447c4b088eb184186a5e41e17bc0011c008aa8b98b44c1c862f8f977d1998d8dce81688d3d80d0fa2b9b7e7f78f80361f525a7586f3d9e68456b55d6f0e8c99495da3a5f392fc8bfe4e42af04fe85936c99b7be80acd351bffa7b723717621d9ff37b5ef829dfdc6ab085c2e83df864306cee0096486e77a1f9d7b7cf5bd157a69a05a12bb735606ac360af2c23542e52880fe9328524d5b121e378319ef2e1a0874fc99842ac8ac04dd6c634b08d81ffd379e9a52573a1721f63a6c009c590e7f43fcbaa2c23c975dfd1a9d1a6dc21587511b4cfdb6f53721940a9f4dd3d8a2c6bdf9890a152e05c9b561518a58a861aae8cb02f1031a121297f6b0820b22d9d6e544adc91216f4a3c011dee24774bfddef418a56c5f0ed57e6f3ce2a76d812a19a9420141eca0ef3d86f552814cb8b2a68b53bb195b2dd2b44f49e93c742db0b2bd637fd247bc28755819a9e122725a6b4409baec607359268eb6cf83fcb674a3771b75b8a7ea0300c16a624333b69bc188c417557356ff7336cde8645f973ad18ee15fc3b34074e1ec58eb00b779a86c7dd7e76872798a12b29b3f446240770999853686f18a624beb6f07f614b413a0cbd954de99a6a79b7c9dbdec41fa172025d9e7d6e82935fc21b4c90bae9b4e9a84478e2289fda091ceacdd02bee2d96fa9d02982191418a9db4115ba049b045ef03dcffc0566d802df6d97dcd90660cd9c3a682bca8a48dd7168ab86074685993571843f74498f1d3a85ab9c63c83450809e86cb1bcf2f341cfd7db56090ad58c34e3a6a98ea65e7b5b439295b0ad6e6e695d88dec93c2ed776df7fc41ef0cec809500d2ce06ac217001748fa337b91f1bccf4d22ee7183e44a573cf95bdbe1e2e10d0c2d52e1992983f84fa1b109eb1495c9d25651510b75a2d5c689b7fe9", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0xfff], 0x0, 0x0, 0x1}}, 0x40)

259.708075ms ago: executing program 3 (id=6894):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f0000000140)=@ethtool_cmd={0x0, 0x80000000, 0x0, 0xd, 0xf, 0x3, 0x3, 0xfc, 0x0, 0xff, 0x0, 0x0, 0x6, 0xff, 0x0, 0x5}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000340)={'tunl0\x00', 0x0})
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)

119.410666ms ago: executing program 2 (id=6895):
pipe2(&(0x7f00000003c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_emit_ethernet(0x30, &(0x7f0000000480)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @void, {@llc={0x4, {@llc={0x7e, 0xd4, "40dd", "b524c0b7a06167cd07e337698e133c540bcfee827cf515334dfc843f53b2"}}}}}, &(0x7f0000000580)={0x1, 0x2, [0xc10, 0xa7e, 0xda, 0x9c7]})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
io_uring_setup(0x756e, &(0x7f0000000300)={0x0, 0x7b90, 0x40, 0x1, 0x3a, 0x0, r0})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x60000000003, 0x1000000000, 0x5, 0x41, 0x7, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x2, 0x3, 0x4, 0x4], 0x10000, 0x202})
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0))
r7 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000140)={{}, {0x7, 0xfd}, 0x8000008, 0x0, 0xfd})

0s ago: executing program 0 (id=6896):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r2], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x5}) (fail_nth: 1)

kernel console output (not intermixed with test programs):

not broadcast
[ 1263.961274][   T10] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1264.110470][T17548] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[ 1264.130052][   T10] usb 4-1: Using ep0 maxpacket: 16
[ 1264.132952][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1264.133006][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1264.133039][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1264.133067][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1264.137153][   T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1264.137183][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1264.137206][   T10] usb 4-1: Product: syz
[ 1264.137221][   T10] usb 4-1: Manufacturer: syz
[ 1264.137237][   T10] usb 4-1: SerialNumber: syz
[ 1264.227553][   T10] usb 4-1: config 0 descriptor??
[ 1264.241581][   T10] appledisplay 4-1:0.0: Submitting URB failed
[ 1264.241730][   T10] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -5
[ 1264.306203][T17548] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1264.306234][T17548] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1264.331277][T17548] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1264.331370][T17548] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1264.331394][T17548] usb 2-1: Product: syz
[ 1264.331410][T17548] usb 2-1: SerialNumber: syz
[ 1264.371139][T17548] usb 2-1: config 0 descriptor??
[ 1264.451755][T22795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1264.452428][T22795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1264.483289][T22814] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6221'.
[ 1264.528958][   T10] usb 4-1: USB disconnect, device number 68
[ 1264.677301][   T36] usb 2-1: USB disconnect, device number 107
[ 1265.365517][T22833] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1265.493869][T22840] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6233'.
[ 1265.590449][T15739] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1265.599865][ T5609] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1265.656746][T22847] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6234'.
[ 1265.696092][T22849] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1265.749160][T15739] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1265.749193][T15739] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1265.749216][T15739] usb 4-1: Product: syz
[ 1265.749232][T15739] usb 4-1: SerialNumber: syz
[ 1265.785997][T15739] usb 4-1: config 0 descriptor??
[ 1265.905793][T22854] netlink: 'syz.4.6238': attribute type 1 has an invalid length.
[ 1265.905819][T22854] netlink: 'syz.4.6238': attribute type 22 has an invalid length.
[ 1266.015310][T15739] hso 4-1:0.0: Failed to find INT IN ep
[ 1266.215596][   T10] usb 4-1: USB disconnect, device number 69
[ 1266.340435][   T36] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1266.480481][T15738] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1266.503850][   T36] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1266.503885][   T36] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1266.503908][   T36] usb 3-1: Product: syz
[ 1266.503924][   T36] usb 3-1: SerialNumber: syz
[ 1266.557439][   T36] usb 3-1: config 0 descriptor??
[ 1266.644439][T15738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1266.644540][T15738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1266.644566][T15738] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1266.644612][T15738] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1266.644698][T15738] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.720119][T15738] usb 5-1: config 0 descriptor??
[ 1266.765240][   T36] hso 3-1:0.0: Failed to find INT IN ep
[ 1266.869207][T22870] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6247'.
[ 1266.977268][T17548] usb 3-1: USB disconnect, device number 99
[ 1267.138517][T15738] usbhid 5-1:0.0: can't add hid device: -71
[ 1267.138661][T15738] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1267.162521][T15738] usb 5-1: USB disconnect, device number 88
[ 1267.371744][T22881] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6251'.
[ 1267.507133][T22883] netlink: 'syz.1.6252': attribute type 1 has an invalid length.
[ 1267.507159][T22883] netlink: 'syz.1.6252': attribute type 22 has an invalid length.
[ 1267.574267][T22883] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1267.591023][T22883] bridge0: port 1(
1¾x9ÿ) entered disabled state
[ 1267.875526][T22893] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6258'.
[ 1267.944925][T22895] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6257'.
[ 1268.056785][T22902] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6260'.
[ 1268.170953][T22908] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1268.455594][T22915] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6264'.
[ 1269.091281][   T31] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1269.553062][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1269.553141][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1269.553167][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1269.553213][   T31] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1269.553239][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1269.692850][T22928] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6270'.
[ 1269.729765][   T31] usb 4-1: config 0 descriptor??
[ 1269.980507][T22932] vcan0: tx address claim with dest, not broadcast
[ 1270.176825][   T31] usbhid 4-1:0.0: can't add hid device: -71
[ 1270.176956][   T31] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1270.219348][   T31] usb 4-1: USB disconnect, device number 70
[ 1270.404881][T22939] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6274'.
[ 1270.507141][T22943] vcan0: tx address claim with dest, not broadcast
[ 1270.972709][ T5609] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1271.064278][T22961] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6281'.
[ 1271.389175][T22963] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6282'.
[ 1272.371183][T22986] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.6292'.
[ 1272.454553][ T7049] hid-generic 0007:0001:FFFFFFFC.000F: item fetching failed at offset 5/6
[ 1272.455093][ T7049] hid-generic 0007:0001:FFFFFFFC.000F: probe with driver hid-generic failed with error -22
[ 1272.611261][T22992] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6295'.
[ 1274.687546][T23015] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.6304'.
[ 1275.056614][T23020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6306'.
[ 1275.297483][ T5609] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1275.711647][T15739] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[ 1276.709412][T15739] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1276.709446][T15739] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1276.709467][T15739] usb 2-1: Product: syz
[ 1276.709481][T15739] usb 2-1: SerialNumber: syz
[ 1276.763534][T15739] usb 2-1: config 0 descriptor??
[ 1276.980029][T15739] hso 2-1:0.0: Failed to find INT IN ep
[ 1277.184406][T15739] usb 2-1: USB disconnect, device number 108
[ 1277.859566][T23053] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.6315'.
[ 1278.058091][T23059] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6318'.
[ 1279.228418][T23068] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6319'.
[ 1279.455923][T23073] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6322'.
[ 1279.594453][T23067] sctp: [Deprecated]: syz.0.6320 (pid 23067) Use of int in max_burst socket option.
[ 1279.594453][T23067] Use struct sctp_assoc_value instead
[ 1280.719023][T23085] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1281.120994][T23090] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1282.513323][ T5609] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1283.367095][T18254] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1283.772405][T18254] usb 2-1: Using ep0 maxpacket: 16
[ 1283.787864][T18254] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1283.787924][T18254] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1283.787953][T18254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1283.787981][T18254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1283.860071][T18254] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1283.860103][T18254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1283.860124][T18254] usb 2-1: Product: syz
[ 1283.860140][T18254] usb 2-1: Manufacturer: syz
[ 1283.860154][T18254] usb 2-1: SerialNumber: syz
[ 1283.989073][T18254] usb 2-1: config 0 descriptor??
[ 1284.022634][T18254] appledisplay 2-1:0.0: Submitting URB failed
[ 1284.024235][T18254] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -5
[ 1284.243385][T23103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1284.245948][T23103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1284.510792][T18254] usb 2-1: USB disconnect, device number 109
[ 1285.332600][T23129] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1285.332866][T23129] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1285.333059][T23129] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1285.333253][T23129] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1285.333445][T23129] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1285.412162][T23135] sctp: [Deprecated]: syz.3.6338 (pid 23135) Use of int in max_burst socket option.
[ 1285.412162][T23135] Use struct sctp_assoc_value instead
[ 1285.641796][T23150] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6342'.
[ 1285.675392][   T10] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1285.824804][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1285.824840][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1285.824876][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1285.824923][   T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1285.824949][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1285.829318][   T10] usb 3-1: config 0 descriptor??
[ 1287.072694][ T5609] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1287.187868][   T10] usbhid 3-1:0.0: can't add hid device: -71
[ 1287.188974][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1287.337285][   T10] usb 3-1: USB disconnect, device number 100
[ 1287.472823][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1287.472867][ T5617] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1287.472898][ T5617] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1287.472970][ T5609] Bluetooth: hci2: command 0x0405 tx timeout
[ 1287.748431][T23177] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6351'.
[ 1287.841662][T23183] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6351'.
[ 1288.109690][T23186] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1288.379953][T23191] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6354'.
[ 1291.381516][T23223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6365'.
[ 1291.401296][T23223] netlink: 5 bytes leftover after parsing attributes in process `syz.0.6365'.
[ 1291.436769][T23221] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1294.534547][T23251] netlink: 212332 bytes leftover after parsing attributes in process `syz.4.6374'.
[ 1294.762243][T17548] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1295.759747][T17548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1295.759783][T17548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1295.759807][T17548] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1295.759853][T17548] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1295.759878][T17548] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1295.826509][T17548] usb 2-1: config 0 descriptor??
[ 1296.069173][T17548] usbhid 2-1:0.0: can't add hid device: -71
[ 1296.069309][T17548] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1296.104368][T17548] usb 2-1: USB disconnect, device number 110
[ 1296.608426][T23272] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6379'.
[ 1297.759055][T23293] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6383'.
[ 1298.800996][ T5609] Bluetooth: hci1: Malformed HCI Event: 0x22
[ 1300.455595][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.624014][   T31] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1300.864018][   T31] usb 3-1: Using ep0 maxpacket: 16
[ 1300.962901][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1300.962955][   T31] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1300.962983][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1300.963008][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1300.972135][   T31] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1300.972231][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1300.972290][   T31] usb 3-1: Product: syz
[ 1300.972334][   T31] usb 3-1: Manufacturer: syz
[ 1300.972371][   T31] usb 3-1: SerialNumber: syz
[ 1301.252536][   T31] usb 3-1: config 0 descriptor??
[ 1301.759427][   T31] usb 3-1: can't set config #0, error -71
[ 1301.810420][   T31] usb 3-1: USB disconnect, device number 101
[ 1301.951932][T23317] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6394'.
[ 1301.985142][T23317] netlink: 5 bytes leftover after parsing attributes in process `syz.2.6394'.
[ 1302.398434][T23335] sctp: [Deprecated]: syz.1.6397 (pid 23335) Use of int in max_burst socket option.
[ 1302.398434][T23335] Use struct sctp_assoc_value instead
[ 1302.570907][T23341] FAULT_INJECTION: forcing a failure.
[ 1302.570907][T23341] name failslab, interval 1, probability 0, space 0, times 0
[ 1302.570947][T23341] CPU: 0 UID: 0 PID: 23341 Comm: syz.1.6401 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1302.570979][T23341] Tainted: [L]=SOFTLOCKUP
[ 1302.570987][T23341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1302.571000][T23341] Call Trace:
[ 1302.571009][T23341]  <TASK>
[ 1302.571020][T23341]  dump_stack_lvl+0xe8/0x150
[ 1302.571054][T23341]  should_fail_ex+0x46b/0x600
[ 1302.571097][T23341]  should_failslab+0xa8/0x100
[ 1302.571127][T23341]  __kmalloc_noprof+0xdf/0x7b0
[ 1302.571153][T23341]  ? kfree+0x4d/0x6c0
[ 1302.571174][T23341]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1302.571217][T23341]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1302.571257][T23341]  ? tomoyo_domain+0xd8/0x130
[ 1302.571285][T23341]  ? tomoyo_path_number_perm+0x219/0x630
[ 1302.571317][T23341]  tomoyo_path_number_perm+0x246/0x630
[ 1302.571352][T23341]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1302.571383][T23341]  ? __lock_acquire+0x6b5/0x2cf0
[ 1302.571419][T23341]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1302.571490][T23341]  ? __fget_files+0x2a/0x420
[ 1302.571517][T23341]  ? __fget_files+0x2a/0x420
[ 1302.571536][T23341]  ? __fget_files+0x3a6/0x420
[ 1302.571556][T23341]  ? __fget_files+0x2a/0x420
[ 1302.571582][T23341]  security_file_ioctl+0xc3/0x2a0
[ 1302.571617][T23341]  __se_sys_ioctl+0x47/0x170
[ 1302.571645][T23341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.571671][T23341]  do_syscall_64+0x15f/0xf80
[ 1302.571696][T23341]  ? trace_irq_disable+0x3b/0x140
[ 1302.571723][T23341]  ? clear_bhb_loop+0x40/0x90
[ 1302.571751][T23341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.571775][T23341] RIP: 0033:0x7fb13bd5cdd9
[ 1302.571801][T23341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1302.571821][T23341] RSP: 002b:00007fb139fae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1302.571845][T23341] RAX: ffffffffffffffda RBX: 00007fb13bfd5fa0 RCX: 00007fb13bd5cdd9
[ 1302.571861][T23341] RDX: 0000200000000100 RSI: 0000000000000720 RDI: 0000000000000003
[ 1302.571875][T23341] RBP: 00007fb139fae090 R08: 0000000000000000 R09: 0000000000000000
[ 1302.571889][T23341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1302.571902][T23341] R13: 00007fb13bfd6038 R14: 00007fb13bfd5fa0 R15: 00007ffcc299fdf8
[ 1302.571937][T23341]  </TASK>
[ 1302.572523][T23341] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1303.115128][ T5609] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1303.297078][T23353] FAULT_INJECTION: forcing a failure.
[ 1303.297078][T23353] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1303.297119][T23353] CPU: 1 UID: 0 PID: 23353 Comm: syz.0.6407 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1303.297149][T23353] Tainted: [L]=SOFTLOCKUP
[ 1303.297157][T23353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1303.297170][T23353] Call Trace:
[ 1303.297179][T23353]  <TASK>
[ 1303.297189][T23353]  dump_stack_lvl+0xe8/0x150
[ 1303.297222][T23353]  should_fail_ex+0x46b/0x600
[ 1303.297265][T23353]  _copy_from_user+0x2d/0xb0
[ 1303.297292][T23353]  ___sys_sendmsg+0x1c6/0x360
[ 1303.297321][T23353]  ? __lock_acquire+0x6b5/0x2cf0
[ 1303.297358][T23353]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1303.297435][T23353]  ? __fget_files+0x2a/0x420
[ 1303.297455][T23353]  ? __fget_files+0x3a6/0x420
[ 1303.297488][T23353]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1303.297522][T23353]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1303.297567][T23353]  ? __pfx_ksys_write+0x10/0x10
[ 1303.297605][T23353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1303.297631][T23353]  do_syscall_64+0x15f/0xf80
[ 1303.297657][T23353]  ? trace_irq_disable+0x3b/0x140
[ 1303.297685][T23353]  ? clear_bhb_loop+0x40/0x90
[ 1303.297714][T23353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1303.297737][T23353] RIP: 0033:0x7fbac73fcdd9
[ 1303.297758][T23353] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1303.297779][T23353] RSP: 002b:00007fbac5656028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1303.297802][T23353] RAX: ffffffffffffffda RBX: 00007fbac7675fa0 RCX: 00007fbac73fcdd9
[ 1303.297818][T23353] RDX: 0000000004000000 RSI: 00002000000000c0 RDI: 0000000000000004
[ 1303.297832][T23353] RBP: 00007fbac5656090 R08: 0000000000000000 R09: 0000000000000000
[ 1303.297846][T23353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1303.297858][T23353] R13: 00007fbac7676038 R14: 00007fbac7675fa0 R15: 00007ffc2d7b2708
[ 1303.297894][T23353]  </TASK>
[ 1303.487837][T18254] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1303.597165][T23355] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6409'.
[ 1303.601897][T23355] netlink: 5 bytes leftover after parsing attributes in process `syz.0.6409'.
[ 1303.634717][T18254] usb 2-1: Using ep0 maxpacket: 16
[ 1303.636912][T18254] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1303.636968][T18254] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1303.636996][T18254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1303.637024][T18254] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1303.639791][T18254] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1303.639822][T18254] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1303.639844][T18254] usb 2-1: Product: syz
[ 1303.639860][T18254] usb 2-1: Manufacturer: syz
[ 1303.639874][T18254] usb 2-1: SerialNumber: syz
[ 1303.733990][T18254] usb 2-1: config 0 descriptor??
[ 1303.812939][T18254] appledisplay 2-1:0.0: Submitting URB failed
[ 1303.813105][T18254] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -5
[ 1304.021227][T23349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1304.044122][T23349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1304.079585][T18254] usb 2-1: USB disconnect, device number 111
[ 1304.224468][   T31] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1304.374459][   T31] usb 5-1: Using ep0 maxpacket: 32
[ 1304.376533][   T31] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1304.376563][   T31] usb 5-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[ 1304.376588][   T31] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1304.379109][   T31] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1304.379140][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1304.379162][   T31] usb 5-1: Product: syz
[ 1304.379177][   T31] usb 5-1: Manufacturer: syz
[ 1304.379192][   T31] usb 5-1: SerialNumber: syz
[ 1304.468514][   T31] usb 5-1: config 0 descriptor??
[ 1304.906029][T23362] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1304.906285][T23362] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1304.906495][T23362] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1304.906720][T23362] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1304.906920][T23362] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1304.908678][T23358] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1304.975196][T23358] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1304.997916][   T31] gs_usb 5-1:0.0: Couldn't send data format (err=-71)
[ 1304.997970][   T31] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -71
[ 1305.110084][   T31] usb 5-1: USB disconnect, device number 89
[ 1306.131853][T23387] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6420'.
[ 1306.187094][T23387] netlink: 5 bytes leftover after parsing attributes in process `syz.0.6420'.
[ 1306.230681][T23389] netlink: 'syz.2.6421': attribute type 1 has an invalid length.
[ 1306.230705][T23389] netlink: 'syz.2.6421': attribute type 22 has an invalid length.
[ 1306.275163][ T5609] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1306.278282][T23389] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1306.278527][T23389] bridge0: port 1(
1¾x9ÿ) entered disabled state
[ 1306.803984][ T5609] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1306.914804][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1306.914849][T18268] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1306.914879][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1306.915279][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1307.116842][T23408] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1308.321020][T23411] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1308.321236][T23426] comedi comedi0: Minor 2 could not be opened
[ 1308.605606][T23411] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1308.605833][T23411] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1308.606023][T23411] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1308.642932][T23411] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1308.655466][T23422] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1308.943790][T23433] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6436'.
[ 1308.982813][T23435] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6437'.
[ 1309.005215][T23435] netlink: 5 bytes leftover after parsing attributes in process `syz.1.6437'.
[ 1309.311821][T23440] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1309.407767][ T5617] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1310.419196][T23451] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1310.419987][T23451] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1310.420364][T23451] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1310.420601][T23451] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1310.423853][T23451] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1310.629546][T23471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1310.671375][T23474] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6449'.
[ 1310.692844][T23474] netlink: 5 bytes leftover after parsing attributes in process `syz.0.6449'.
[ 1310.751638][T23480] netlink: 181284 bytes leftover after parsing attributes in process `syz.2.6451'.
[ 1311.275392][T23498] vcan0: tx address claim with dest, not broadcast
[ 1311.374652][T23503] FAULT_INJECTION: forcing a failure.
[ 1311.374652][T23503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1311.374694][T23503] CPU: 1 UID: 0 PID: 23503 Comm: syz.3.6462 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1311.374725][T23503] Tainted: [L]=SOFTLOCKUP
[ 1311.374741][T23503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1311.374769][T23503] Call Trace:
[ 1311.374784][T23503]  <TASK>
[ 1311.374794][T23503]  dump_stack_lvl+0xe8/0x150
[ 1311.374834][T23503]  should_fail_ex+0x46b/0x600
[ 1311.374878][T23503]  _copy_from_user+0x2d/0xb0
[ 1311.374906][T23503]  ___sys_sendmsg+0x1c6/0x360
[ 1311.374937][T23503]  ? __lock_acquire+0x6b5/0x2cf0
[ 1311.374974][T23503]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1311.375040][T23503]  ? __fget_files+0x2a/0x420
[ 1311.375062][T23503]  ? __fget_files+0x3a6/0x420
[ 1311.375094][T23503]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1311.375128][T23503]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1311.375170][T23503]  ? __pfx_ksys_write+0x10/0x10
[ 1311.375207][T23503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1311.375233][T23503]  do_syscall_64+0x15f/0xf80
[ 1311.375259][T23503]  ? trace_irq_disable+0x3b/0x140
[ 1311.375287][T23503]  ? clear_bhb_loop+0x40/0x90
[ 1311.375317][T23503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1311.375342][T23503] RIP: 0033:0x7f576cd6cdd9
[ 1311.375363][T23503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1311.375383][T23503] RSP: 002b:00007f576afc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1311.375406][T23503] RAX: ffffffffffffffda RBX: 00007f576cfe5fa0 RCX: 00007f576cd6cdd9
[ 1311.375423][T23503] RDX: 000000000000c800 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1311.375438][T23503] RBP: 00007f576afc6090 R08: 0000000000000000 R09: 0000000000000000
[ 1311.375452][T23503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1311.375465][T23503] R13: 00007f576cfe6038 R14: 00007f576cfe5fa0 R15: 00007ffe816ce968
[ 1311.375500][T23503]  </TASK>
[ 1311.702444][T23507] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6464'.
[ 1311.716001][ T5617] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1311.748008][T23507] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6464'.
[ 1312.029023][T23516] FAULT_INJECTION: forcing a failure.
[ 1312.029023][T23516] name failslab, interval 1, probability 0, space 0, times 0
[ 1312.029062][T23516] CPU: 0 UID: 0 PID: 23516 Comm: syz.0.6467 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1312.029092][T23516] Tainted: [L]=SOFTLOCKUP
[ 1312.029100][T23516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1312.029114][T23516] Call Trace:
[ 1312.029122][T23516]  <TASK>
[ 1312.029133][T23516]  dump_stack_lvl+0xe8/0x150
[ 1312.029167][T23516]  should_fail_ex+0x46b/0x600
[ 1312.029212][T23516]  should_failslab+0xa8/0x100
[ 1312.029243][T23516]  __kmalloc_noprof+0xdf/0x7b0
[ 1312.029268][T23516]  ? kfree+0x4d/0x6c0
[ 1312.029288][T23516]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1312.029332][T23516]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1312.029401][T23516]  ? tomoyo_domain+0xd8/0x130
[ 1312.029431][T23516]  ? tomoyo_path_number_perm+0x219/0x630
[ 1312.029466][T23516]  tomoyo_path_number_perm+0x246/0x630
[ 1312.029500][T23516]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1312.029528][T23516]  ? __lock_acquire+0x6b5/0x2cf0
[ 1312.029564][T23516]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1312.029628][T23516]  ? __fget_files+0x2a/0x420
[ 1312.029653][T23516]  ? __fget_files+0x2a/0x420
[ 1312.029673][T23516]  ? __fget_files+0x3a6/0x420
[ 1312.029692][T23516]  ? __fget_files+0x2a/0x420
[ 1312.029717][T23516]  security_file_ioctl+0xc3/0x2a0
[ 1312.029750][T23516]  __se_sys_ioctl+0x47/0x170
[ 1312.029779][T23516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1312.029811][T23516]  do_syscall_64+0x15f/0xf80
[ 1312.029837][T23516]  ? trace_irq_disable+0x3b/0x140
[ 1312.029865][T23516]  ? clear_bhb_loop+0x40/0x90
[ 1312.029895][T23516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1312.029919][T23516] RIP: 0033:0x7fbac73fcdd9
[ 1312.029940][T23516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1312.029959][T23516] RSP: 002b:00007fbac5656028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1312.029982][T23516] RAX: ffffffffffffffda RBX: 00007fbac7675fa0 RCX: 00007fbac73fcdd9
[ 1312.029999][T23516] RDX: 0000200000000340 RSI: 00000000c06864ce RDI: 0000000000000004
[ 1312.030013][T23516] RBP: 00007fbac5656090 R08: 0000000000000000 R09: 0000000000000000
[ 1312.030027][T23516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1312.030040][T23516] R13: 00007fbac7676038 R14: 00007fbac7675fa0 R15: 00007ffc2d7b2708
[ 1312.030077][T23516]  </TASK>
[ 1312.042326][T23516] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1312.375816][T23518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1312.435452][ T5617] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1312.435500][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1312.435505][ T5617] Bluetooth: hci2: command 0x0405 tx timeout
[ 1312.435537][ T5609] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1314.301768][T23559] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1314.475625][T15739] usb 2-1: new full-speed USB device number 112 using dummy_hcd
[ 1314.767666][T15739] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1314.767749][T15739] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1314.767779][T15739] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1314.767808][T15739] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1314.767833][T15739] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1314.774321][T15739] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1314.774354][T15739] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1314.774376][T15739] usb 2-1: Product: syz
[ 1314.774392][T15739] usb 2-1: Manufacturer: syz
[ 1314.774407][T15739] usb 2-1: SerialNumber: syz
[ 1314.887692][T15739] usb 2-1: config 0 descriptor??
[ 1315.175567][T15739] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1315.175864][T15739] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[ 1315.744504][T15739] usb 2-1: USB disconnect, device number 112
[ 1315.836009][T23593] FAULT_INJECTION: forcing a failure.
[ 1315.836009][T23593] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1315.836050][T23593] CPU: 1 UID: 0 PID: 23593 Comm: syz.0.6494 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1315.836080][T23593] Tainted: [L]=SOFTLOCKUP
[ 1315.836088][T23593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1315.836102][T23593] Call Trace:
[ 1315.836111][T23593]  <TASK>
[ 1315.836121][T23593]  dump_stack_lvl+0xe8/0x150
[ 1315.836155][T23593]  should_fail_ex+0x46b/0x600
[ 1315.836198][T23593]  _copy_from_user+0x2d/0xb0
[ 1315.836225][T23593]  ___sys_sendmsg+0x1c6/0x360
[ 1315.836254][T23593]  ? __lock_acquire+0x6b5/0x2cf0
[ 1315.836300][T23593]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1315.836336][T23593]  ? kstrtouint+0x6e/0xe0
[ 1315.836398][T23593]  ? __fget_files+0x2a/0x420
[ 1315.836418][T23593]  ? __fget_files+0x3a6/0x420
[ 1315.836451][T23593]  __sys_sendmmsg+0x282/0x4e0
[ 1315.836487][T23593]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1315.836527][T23593]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1315.836576][T23593]  ? ksys_write+0x248/0x270
[ 1315.836607][T23593]  ? __pfx_ksys_write+0x10/0x10
[ 1315.836641][T23593]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1315.836672][T23593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1315.836698][T23593]  do_syscall_64+0x15f/0xf80
[ 1315.836723][T23593]  ? trace_irq_disable+0x3b/0x140
[ 1315.836750][T23593]  ? clear_bhb_loop+0x40/0x90
[ 1315.836785][T23593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1315.836808][T23593] RIP: 0033:0x7fbac73fcdd9
[ 1315.836829][T23593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1315.836849][T23593] RSP: 002b:00007fbac5635028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1315.836873][T23593] RAX: ffffffffffffffda RBX: 00007fbac7676090 RCX: 00007fbac73fcdd9
[ 1315.836889][T23593] RDX: 0000000000000001 RSI: 0000200000002680 RDI: 0000000000000003
[ 1315.836903][T23593] RBP: 00007fbac5635090 R08: 0000000000000000 R09: 0000000000000000
[ 1315.836917][T23593] R10: 0000000004000004 R11: 0000000000000246 R12: 0000000000000001
[ 1315.836930][T23593] R13: 00007fbac7676128 R14: 00007fbac7676090 R15: 00007ffc2d7b2708
[ 1315.836966][T23593]  </TASK>
[ 1316.221807][T18268] Bluetooth: hci2: Malformed HCI Event: 0x22
[ 1316.305004][T23599] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1316.475789][T15739] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1316.625763][T15739] usb 4-1: Using ep0 maxpacket: 16
[ 1316.628216][T15739] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1316.628270][T15739] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1316.628298][T15739] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1316.628324][T15739] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1316.634524][T15739] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1316.634558][T15739] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1316.634580][T15739] usb 4-1: Product: syz
[ 1316.634596][T15739] usb 4-1: Manufacturer: syz
[ 1316.634611][T15739] usb 4-1: SerialNumber: syz
[ 1316.742453][T15739] usb 4-1: config 0 descriptor??
[ 1316.758876][T15739] appledisplay 4-1:0.0: Submitting URB failed
[ 1316.759034][T15739] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -5
[ 1316.976966][T23597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1316.977535][T23597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1317.048395][T15739] usb 4-1: USB disconnect, device number 71
[ 1317.114682][T23621] comedi comedi0: Minor 2 could not be opened
[ 1317.334165][T23627] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1317.695889][T15738] usb 2-1: new full-speed USB device number 113 using dummy_hcd
[ 1317.853911][T15738] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1317.868232][T15738] usb 2-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16
[ 1317.868264][T15738] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1317.868286][T15738] usb 2-1: Product: syz
[ 1317.868302][T15738] usb 2-1: Manufacturer: syz
[ 1317.868318][T15738] usb 2-1: SerialNumber: syz
[ 1317.920528][T15738] usb 2-1: config 0 descriptor??
[ 1317.987516][T15738] mvusb_mdio 2-1:0.0: probe with driver mvusb_mdio failed with error -5
[ 1318.349126][T15738] usb 2-1: USB disconnect, device number 113
[ 1318.546148][T16634] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1318.656179][T23646] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.6515'.
[ 1318.686051][T16634] usb 3-1: device descriptor read/64, error -71
[ 1318.736350][T23648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6516'.
[ 1318.851270][T23652] comedi comedi0: Minor 2 could not be opened
[ 1319.103773][T16634] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1319.143704][T23640] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1319.144104][T23640] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1319.174270][T23640] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1319.175182][T23640] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1319.447501][T23640] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1319.874607][T23658] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1319.988538][T23660] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.6522'.
[ 1320.077968][T16634] usb 3-1: device descriptor read/64, error -71
[ 1320.197612][T16634] usb usb3-port1: attempt power cycle
[ 1320.275370][T23666] FAULT_INJECTION: forcing a failure.
[ 1320.275370][T23666] name failslab, interval 1, probability 0, space 0, times 0
[ 1320.275409][T23666] CPU: 0 UID: 0 PID: 23666 Comm: syz.4.6525 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1320.275439][T23666] Tainted: [L]=SOFTLOCKUP
[ 1320.275448][T23666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1320.275460][T23666] Call Trace:
[ 1320.275469][T23666]  <TASK>
[ 1320.275480][T23666]  dump_stack_lvl+0xe8/0x150
[ 1320.275513][T23666]  should_fail_ex+0x46b/0x600
[ 1320.275557][T23666]  should_failslab+0xa8/0x100
[ 1320.275588][T23666]  __kmalloc_noprof+0xdf/0x7b0
[ 1320.275613][T23666]  ? kfree+0x4d/0x6c0
[ 1320.275634][T23666]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1320.275679][T23666]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1320.275717][T23666]  ? tomoyo_domain+0xd8/0x130
[ 1320.275746][T23666]  ? tomoyo_path_number_perm+0x219/0x630
[ 1320.275776][T23666]  tomoyo_path_number_perm+0x246/0x630
[ 1320.275810][T23666]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1320.275840][T23666]  ? __lock_acquire+0x6b5/0x2cf0
[ 1320.275875][T23666]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1320.275951][T23666]  ? __fget_files+0x2a/0x420
[ 1320.275975][T23666]  ? __fget_files+0x2a/0x420
[ 1320.275994][T23666]  ? __fget_files+0x3a6/0x420
[ 1320.276012][T23666]  ? __fget_files+0x2a/0x420
[ 1320.276037][T23666]  security_file_ioctl+0xc3/0x2a0
[ 1320.276071][T23666]  __se_sys_ioctl+0x47/0x170
[ 1320.276098][T23666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.276124][T23666]  do_syscall_64+0x15f/0xf80
[ 1320.276149][T23666]  ? trace_irq_disable+0x3b/0x140
[ 1320.276175][T23666]  ? clear_bhb_loop+0x40/0x90
[ 1320.276204][T23666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1320.276227][T23666] RIP: 0033:0x7f79f603cdd9
[ 1320.276248][T23666] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1320.276268][T23666] RSP: 002b:00007f79f4296028 EFLAGS: 00000246
[ 1320.276273][T18268] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1320.276281][T23666]  ORIG_RAX: 0000000000000010
[ 1320.276292][T23666] RAX: ffffffffffffffda RBX: 00007f79f62b5fa0 RCX: 00007f79f603cdd9
[ 1320.276308][T23666] RDX: 0000200000000580 RSI: 00000000c06864b8 RDI: 0000000000000003
[ 1320.276322][T23666] RBP: 00007f79f4296090 R08: 0000000000000000 R09: 0000000000000000
[ 1320.276336][T23666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1320.276347][T23666] R13: 00007f79f62b6038 R14: 00007f79f62b5fa0 R15: 00007fff6aa5fe78
[ 1320.276377][T23666]  </TASK>
[ 1320.330396][T23666] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1320.546491][T16634] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1320.572809][T16634] usb 3-1: device descriptor read/8, error -71
[ 1320.783264][T23670] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6526'.
[ 1320.783399][T23670] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2)
[ 1320.813382][T16634] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1320.837253][T16634] usb 3-1: device descriptor read/8, error -71
[ 1320.946623][T16634] usb usb3-port1: unable to enumerate USB device
[ 1321.157030][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1321.236394][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1321.236427][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1321.366837][T23691] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.6534'.
[ 1321.476317][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1321.822363][T23700] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6538'.
[ 1321.882233][T23681] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1321.882480][T23681] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1321.882700][T23681] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1321.882909][T23681] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1321.883144][T23681] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1322.719798][T23707] comedi comedi0: Minor 2 could not be opened
[ 1322.746389][T15739] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1322.900262][T15739] usb 5-1: Using ep0 maxpacket: 32
[ 1322.903193][T15739] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1322.926632][T15739] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1322.926662][T15739] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1322.926683][T15739] usb 5-1: Product: syz
[ 1322.926699][T15739] usb 5-1: Manufacturer: syz
[ 1322.926715][T15739] usb 5-1: SerialNumber: syz
[ 1322.985791][T15739] usb 5-1: config 0 descriptor??
[ 1323.070160][T23719] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6546'.
[ 1323.197081][T23704] netlink: 'syz.4.6540': attribute type 4 has an invalid length.
[ 1323.203288][T15739] usb 5-1: USB disconnect, device number 90
[ 1323.229080][T23723] netlink: 'syz.0.6548': attribute type 4 has an invalid length.
[ 1323.291234][T23725] FAULT_INJECTION: forcing a failure.
[ 1323.291234][T23725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1323.291274][T23725] CPU: 1 UID: 0 PID: 23725 Comm: syz.3.6549 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1323.291303][T23725] Tainted: [L]=SOFTLOCKUP
[ 1323.291311][T23725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1323.291323][T23725] Call Trace:
[ 1323.291332][T23725]  <TASK>
[ 1323.291342][T23725]  dump_stack_lvl+0xe8/0x150
[ 1323.291374][T23725]  should_fail_ex+0x46b/0x600
[ 1323.291418][T23725]  _copy_from_user+0x2d/0xb0
[ 1323.291454][T23725]  ___sys_sendmsg+0x1c6/0x360
[ 1323.291483][T23725]  ? __lock_acquire+0x6b5/0x2cf0
[ 1323.291520][T23725]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1323.291589][T23725]  ? __fget_files+0x2a/0x420
[ 1323.291610][T23725]  ? __fget_files+0x3a6/0x420
[ 1323.291642][T23725]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1323.291676][T23725]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1323.291718][T23725]  ? __pfx_ksys_write+0x10/0x10
[ 1323.291754][T23725]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1323.291781][T23725]  do_syscall_64+0x15f/0xf80
[ 1323.291807][T23725]  ? trace_irq_disable+0x3b/0x140
[ 1323.291834][T23725]  ? clear_bhb_loop+0x40/0x90
[ 1323.291863][T23725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1323.291886][T23725] RIP: 0033:0x7f576cd6cdd9
[ 1323.291907][T23725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1323.291926][T23725] RSP: 002b:00007f576afc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1323.291948][T23725] RAX: ffffffffffffffda RBX: 00007f576cfe5fa0 RCX: 00007f576cd6cdd9
[ 1323.291964][T23725] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1323.291978][T23725] RBP: 00007f576afc6090 R08: 0000000000000000 R09: 0000000000000000
[ 1323.291992][T23725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1323.292004][T23725] R13: 00007f576cfe6038 R14: 00007f576cfe5fa0 R15: 00007ffe816ce968
[ 1323.292039][T23725]  </TASK>
[ 1323.316490][ T5609] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1323.725851][T23739] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6554'.
[ 1324.027156][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1324.027346][T18268] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1324.040182][ T5617] Bluetooth: hci2: command 0x0405 tx timeout
[ 1324.048185][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1324.396384][T23729] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1324.422590][T23729] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1324.423557][T23729] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1324.423751][T23729] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1324.453205][T23729] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1325.359301][T23748] comedi comedi0: Minor 2 could not be opened
[ 1325.650779][T18268] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1325.763572][T23751] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.6559'.
[ 1326.436877][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1326.436920][T18268] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1326.436954][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1326.546933][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1329.619307][T23784] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1329.619594][T23784] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1329.619859][T23784] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1329.620136][T23784] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1329.620395][T23784] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1329.815571][T23796] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.6572'.
[ 1330.167209][T15738] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[ 1330.320797][T15738] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1330.320868][T15738] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1330.320894][T15738] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1330.320914][T15738] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1330.320931][T15738] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1330.323601][T15738] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1330.323636][T15738] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1330.323657][T15738] usb 4-1: Product: syz
[ 1330.323669][T15738] usb 4-1: Manufacturer: syz
[ 1330.323699][T15738] usb 4-1: SerialNumber: syz
[ 1330.989718][T15738] usb 4-1: config 0 descriptor??
[ 1331.247873][T15738] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1331.248205][T15738] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 1331.426297][T23818] dlm: non-version read from control device 0
[ 1331.456262][T15738] usb 4-1: USB disconnect, device number 72
[ 1331.633965][T23825] FAULT_INJECTION: forcing a failure.
[ 1331.633965][T23825] name failslab, interval 1, probability 0, space 0, times 0
[ 1331.633996][T23825] CPU: 1 UID: 0 PID: 23825 Comm: syz.4.6584 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1331.634018][T23825] Tainted: [L]=SOFTLOCKUP
[ 1331.634024][T23825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1331.634034][T23825] Call Trace:
[ 1331.634040][T23825]  <TASK>
[ 1331.634047][T23825]  dump_stack_lvl+0xe8/0x150
[ 1331.634071][T23825]  should_fail_ex+0x46b/0x600
[ 1331.634102][T23825]  should_failslab+0xa8/0x100
[ 1331.634124][T23825]  __kmalloc_noprof+0xdf/0x7b0
[ 1331.634141][T23825]  ? kfree+0x4d/0x6c0
[ 1331.634155][T23825]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1331.634191][T23825]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1331.634218][T23825]  ? tomoyo_domain+0xd8/0x130
[ 1331.634238][T23825]  ? tomoyo_path_number_perm+0x219/0x630
[ 1331.634260][T23825]  tomoyo_path_number_perm+0x246/0x630
[ 1331.634284][T23825]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1331.634305][T23825]  ? __lock_acquire+0x6b5/0x2cf0
[ 1331.634330][T23825]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1331.634374][T23825]  ? __fget_files+0x2a/0x420
[ 1331.634391][T23825]  ? __fget_files+0x2a/0x420
[ 1331.634405][T23825]  ? __fget_files+0x3a6/0x420
[ 1331.634418][T23825]  ? __fget_files+0x2a/0x420
[ 1331.634436][T23825]  security_file_ioctl+0xc3/0x2a0
[ 1331.634460][T23825]  __se_sys_ioctl+0x47/0x170
[ 1331.634480][T23825]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1331.634498][T23825]  do_syscall_64+0x15f/0xf80
[ 1331.634515][T23825]  ? trace_irq_disable+0x3b/0x140
[ 1331.634534][T23825]  ? clear_bhb_loop+0x40/0x90
[ 1331.634555][T23825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1331.634571][T23825] RIP: 0033:0x7f79f603cdd9
[ 1331.634586][T23825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1331.634602][T23825] RSP: 002b:00007f79f4296028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1331.634618][T23825] RAX: ffffffffffffffda RBX: 00007f79f62b5fa0 RCX: 00007f79f603cdd9
[ 1331.634630][T23825] RDX: 0000200000000140 RSI: 000000004040534e RDI: 0000000000000003
[ 1331.634641][T23825] RBP: 00007f79f4296090 R08: 0000000000000000 R09: 0000000000000000
[ 1331.634650][T23825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1331.634660][T23825] R13: 00007f79f62b6038 R14: 00007f79f62b5fa0 R15: 00007fff6aa5fe78
[ 1331.634688][T23825]  </TASK>
[ 1331.634970][T23818] netlink: 112 bytes leftover after parsing attributes in process `syz.0.6581'.
[ 1331.637534][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1331.637573][ T5609] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1331.637604][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1331.637633][ T5609] Bluetooth: hci2: command 0x0405 tx timeout
[ 1331.637663][ T5609] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1331.678816][T23825] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1332.241209][T23836] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.6587'.
[ 1332.442420][T23824] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1332.444063][T23824] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1332.444445][T23824] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1332.444971][T23824] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1332.445309][T23824] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1332.520830][T23840] sctp: [Deprecated]: syz.4.6589 (pid 23840) Use of int in max_burst socket option.
[ 1332.520830][T23840] Use struct sctp_assoc_value instead
[ 1332.826689][T23857] netlink: 'syz.3.6596': attribute type 1 has an invalid length.
[ 1332.826715][T23857] netlink: 'syz.3.6596': attribute type 22 has an invalid length.
[ 1332.865567][T23857] bridge0: port 3(erspan0) entered disabled state
[ 1332.881770][T23857] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1332.881996][T23857] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1333.448340][ T5609] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1333.478226][ T5609] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1333.480657][ T5609] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1333.484855][ T5609] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1333.509544][ T5609] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1333.665884][T23866] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.6600'.
[ 1334.809327][T18268] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1334.809495][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1334.809637][T18268] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1334.809874][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1334.850017][T23893] fuse: Bad value for 'fd'
[ 1335.079885][T23875] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1335.080133][T23875] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1335.080326][T23875] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1335.080549][T23875] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1335.080739][T23875] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1335.080946][T23875] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1335.081028][T23875] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1335.387339][T23897] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6608'.
[ 1335.452124][T23898] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6608'.
[ 1335.493466][T23875] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1336.056701][T23909] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1336.222032][T23913] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6614'.
[ 1337.157976][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1337.163170][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1337.163226][ T5609] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1337.163258][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1337.163291][ T5609] Bluetooth: hci2: command 0x0405 tx timeout
[ 1337.528055][T15738] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1337.694254][T15738] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1337.694287][T15738] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1337.694308][T15738] usb 2-1: Product: syz
[ 1337.694323][T15738] usb 2-1: SerialNumber: syz
[ 1337.745055][T15738] usb 2-1: config 0 descriptor??
[ 1337.988936][T15738] hso 2-1:0.0: Failed to find INT IN ep
[ 1338.026220][T23907] sctp: [Deprecated]: syz.4.6612 (pid 23907) Use of int in max_burst socket option.
[ 1338.026220][T23907] Use struct sctp_assoc_value instead
[ 1338.206543][T23863] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1338.206841][T23863] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1338.207113][T23863] bridge_slave_0: entered allmulticast mode
[ 1338.215073][T23863] bridge_slave_0: entered promiscuous mode
[ 1338.223447][T23863] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1338.224711][T23863] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1338.225375][T23863] bridge_slave_1: entered allmulticast mode
[ 1338.232991][T23863] bridge_slave_1: entered promiscuous mode
[ 1338.388418][ T7049] usb 2-1: USB disconnect, device number 114
[ 1338.422834][T23931] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1338.423087][T23931] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1338.423290][T23931] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1338.423497][T23931] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1338.423705][T23931] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1339.152528][T23863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1339.337513][T23951] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.6625'.
[ 1339.385239][T23863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1339.543627][T23863] team0: Port device team_slave_0 added
[ 1339.547767][T23863] team0: Port device team_slave_1 added
[ 1339.664286][T23863] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1339.664300][T23863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1339.664321][T23863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1339.667850][T23863] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1339.667862][T23863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1339.667884][T23863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1339.798882][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1339.942421][T23863] hsr_slave_0: entered promiscuous mode
[ 1339.943809][T23863] hsr_slave_1: entered promiscuous mode
[ 1339.944629][T23863] debugfs: 'hsr0' already exists in 'hsr'
[ 1339.944652][T23863] Cannot create hsr debugfs directory
[ 1340.264848][T23981] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.6637'.
[ 1340.439764][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1340.439805][ T5617] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1340.439834][ T5617] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1340.439917][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1340.860499][T23971] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1340.860738][T23971] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1340.860943][T23971] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1340.861148][T23971] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1340.861364][T23971] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1340.904434][T23976] sctp: [Deprecated]: syz.4.6636 (pid 23976) Use of int in max_burst socket option.
[ 1340.904434][T23976] Use struct sctp_assoc_value instead
[ 1341.067336][T23863] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1341.118409][T15738] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1341.883234][T15738] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1341.883267][T15738] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1341.883288][T15738] usb 2-1: Product: syz
[ 1341.883304][T15738] usb 2-1: SerialNumber: syz
[ 1341.920624][T15738] usb 2-1: config 0 descriptor??
[ 1342.166177][T15738] hso 2-1:0.0: Failed to find INT IN ep
[ 1342.288582][T18268] Bluetooth: hci2: command 0x0405 tx timeout
[ 1342.374729][T15738] usb 2-1: USB disconnect, device number 115
[ 1342.587232][T24005] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.6646'.
[ 1342.647094][T23863] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1342.919750][T20570] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1342.920060][ T5617] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1342.924369][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1342.925726][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1343.562157][T24007] comedi comedi0: Minor 2 could not be opened
[ 1343.987957][T24012] comedi comedi0: Minor 2 could not be opened
[ 1344.647183][T24027] 9p: Bad value for 'rfdno'
[ 1344.694829][T23863] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.998917][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1345.046176][T24037] netlink: 'syz.1.6657': attribute type 1 has an invalid length.
[ 1345.046199][T24037] netlink: 'syz.1.6657': attribute type 22 has an invalid length.
[ 1345.362350][T24041] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.6659'.
[ 1345.541837][T24042] sctp: [Deprecated]: syz.4.6652 (pid 24042) Use of int in max_burst socket option.
[ 1345.541837][T24042] Use struct sctp_assoc_value instead
[ 1345.589554][T17548] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1345.593437][T23863] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1345.752880][T17548] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1345.752915][T17548] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1345.752936][T17548] usb 2-1: Product: syz
[ 1345.752952][T17548] usb 2-1: SerialNumber: syz
[ 1345.757362][T17548] usb 2-1: config 0 descriptor??
[ 1345.939852][T15738] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[ 1346.059862][T17548] hso 2-1:0.0: Failed to find INT IN ep
[ 1346.128982][T15738] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1346.129040][T15738] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1346.129065][T15738] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1346.129092][T15738] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1346.129115][T15738] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1346.132356][T15738] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1346.132387][T15738] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1346.132409][T15738] usb 4-1: Product: syz
[ 1346.132425][T15738] usb 4-1: Manufacturer: syz
[ 1346.132441][T15738] usb 4-1: SerialNumber: syz
[ 1346.229109][T15738] usb 4-1: config 0 descriptor??
[ 1346.261039][ T5926] usb 2-1: USB disconnect, device number 116
[ 1346.446259][T15738] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1346.446584][T15738] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 1346.901900][T15738] usb 4-1: USB disconnect, device number 73
[ 1347.079292][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1347.585609][T15738] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1347.751685][T15738] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1347.751756][T15738] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1347.751800][T15738] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1347.751824][T15738] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1347.823473][T15738] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1347.823505][T15738] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1347.823525][T15738] usb 2-1: Product: syz
[ 1347.823539][T15738] usb 2-1: Manufacturer: syz
[ 1347.823554][T15738] usb 2-1: SerialNumber: syz
[ 1347.883951][T23863] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1347.904326][T15738] cdc_mbim 2-1:1.0: skipping garbage
[ 1348.027721][T23863] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1348.033615][T23863] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1348.198107][T23863] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1348.211589][T23863] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1348.328025][T23863] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1348.338674][T23863] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1348.643037][T15738] cdc_mbim 2-1:1.0: bind() failure
[ 1349.173786][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1349.336500][T23863] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1349.459594][T15738] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 1349.459643][T15738] cdc_ncm 2-1:1.1: bind() failure
[ 1349.512548][T15738] usb 2-1: USB disconnect, device number 117
[ 1349.520163][T24080] comedi comedi0: Minor 2 could not be opened
[ 1350.033792][T24076] sctp: [Deprecated]: syz.4.6670 (pid 24076) Use of int in max_burst socket option.
[ 1350.033792][T24076] Use struct sctp_assoc_value instead
[ 1350.085928][T23863] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1350.187601][T23863] 8021q: adding VLAN 0 to HW filter on device team0
[ 1350.212649][T23571] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1350.290271][  T150] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1350.292726][  T150] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1350.380158][T23571] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1350.380196][T23571] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1350.380211][T23571] usb 4-1: Product: syz
[ 1350.380222][T23571] usb 4-1: SerialNumber: syz
[ 1350.427427][T23571] usb 4-1: config 0 descriptor??
[ 1350.622759][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1350.623308][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1350.668702][T23571] hso 4-1:0.0: Failed to find INT IN ep
[ 1350.892257][   T36] usb 4-1: USB disconnect, device number 74
[ 1352.056494][T24102] comedi comedi0: Minor 2 could not be opened
[ 1352.149620][T24110] FAULT_INJECTION: forcing a failure.
[ 1352.149620][T24110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1352.149658][T24110] CPU: 1 UID: 0 PID: 24110 Comm: syz.3.6677 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1352.149689][T24110] Tainted: [L]=SOFTLOCKUP
[ 1352.149697][T24110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1352.149710][T24110] Call Trace:
[ 1352.149719][T24110]  <TASK>
[ 1352.149728][T24110]  dump_stack_lvl+0xe8/0x150
[ 1352.149761][T24110]  should_fail_ex+0x46b/0x600
[ 1352.149804][T24110]  _copy_to_user+0x31/0xb0
[ 1352.149833][T24110]  simple_read_from_buffer+0xe1/0x170
[ 1352.149874][T24110]  proc_fail_nth_read+0x1be/0x230
[ 1352.149913][T24110]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1352.149954][T24110]  ? rw_verify_area+0x2ac/0x4e0
[ 1352.149978][T24110]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1352.150016][T24110]  vfs_read+0x212/0xa80
[ 1352.150056][T24110]  ? __pfx_vfs_read+0x10/0x10
[ 1352.150085][T24110]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1352.150113][T24110]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1352.150137][T24110]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1352.150170][T24110]  ? mutex_lock_nested+0x152/0x1d0
[ 1352.150201][T24110]  ? fdget_pos+0x252/0x320
[ 1352.150233][T24110]  ksys_read+0x156/0x270
[ 1352.150262][T24110]  ? __pfx_ksys_read+0x10/0x10
[ 1352.150297][T24110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1352.150323][T24110]  do_syscall_64+0x15f/0xf80
[ 1352.150348][T24110]  ? trace_irq_disable+0x3b/0x140
[ 1352.150376][T24110]  ? clear_bhb_loop+0x40/0x90
[ 1352.150405][T24110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1352.150428][T24110] RIP: 0033:0x7f576cd2d60e
[ 1352.150449][T24110] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1352.150468][T24110] RSP: 002b:00007f576afc5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1352.150491][T24110] RAX: ffffffffffffffda RBX: 00007f576afc66c0 RCX: 00007f576cd2d60e
[ 1352.150507][T24110] RDX: 000000000000000f RSI: 00007f576afc60a0 RDI: 0000000000000004
[ 1352.150521][T24110] RBP: 00007f576afc6090 R08: 0000000000000000 R09: 0000000000000000
[ 1352.150534][T24110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1352.150547][T24110] R13: 00007f576cfe6038 R14: 00007f576cfe5fa0 R15: 00007ffe816ce968
[ 1352.150582][T24110]  </TASK>
[ 1353.179776][ T5610] usb 5-1: new full-speed USB device number 91 using dummy_hcd
[ 1353.332605][ T5610] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1353.332661][ T5610] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1353.332691][ T5610] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1353.332718][ T5610] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1353.332741][ T5610] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1353.357135][ T5610] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1353.357227][ T5610] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1353.357469][ T5610] usb 5-1: Product: syz
[ 1353.357514][ T5610] usb 5-1: Manufacturer: syz
[ 1353.357558][ T5610] usb 5-1: SerialNumber: syz
[ 1353.466704][T23863] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1353.517374][ T5610] usb 5-1: config 0 descriptor??
[ 1353.752745][ T5610] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1353.753064][ T5610] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5
[ 1354.601614][ T5610] usb 5-1: USB disconnect, device number 91
[ 1354.643559][T19760] udevd[19760]: setting owner of /dev/bus/usb/005/091 to uid=0, gid=0 failed: No such file or directory
[ 1354.818798][T24133] comedi comedi0: Minor 2 could not be opened
[ 1354.964520][T23863] veth0_vlan: entered promiscuous mode
[ 1355.008442][T23863] veth1_vlan: entered promiscuous mode
[ 1355.184314][T23863] veth0_macvtap: entered promiscuous mode
[ 1355.204166][T23863] veth1_macvtap: entered promiscuous mode
[ 1355.272414][T23863] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1355.680619][T23863] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1355.790410][T15272] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.791748][T15272] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.792213][T15272] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.792579][T15272] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1355.890601][T24148] 9p: Bad value for 'rfdno'
[ 1357.891581][T15272] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1357.891604][T15272] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1358.087269][ T3286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1358.087293][ T3286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1358.763172][T16634] usb 3-1: new full-speed USB device number 106 using dummy_hcd
[ 1358.935522][T16634] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1358.935587][T16634] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1358.935616][T16634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1358.935644][T16634] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1358.935668][T16634] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1358.938672][T16634] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1358.938694][T16634] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1358.938708][T16634] usb 3-1: Product: syz
[ 1358.938719][T16634] usb 3-1: Manufacturer: syz
[ 1358.938729][T16634] usb 3-1: SerialNumber: syz
[ 1359.040249][T16634] usb 3-1: config 0 descriptor??
[ 1359.294887][T16634] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1359.295202][T16634] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[ 1360.485068][T16634] usb 3-1: USB disconnect, device number 106
[ 1360.745853][ T5617] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1360.774933][ T5617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1360.827668][ T5617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1360.847085][ T5617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1360.855475][ T5617] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1361.339420][T16634] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1361.621354][T16634] usb 5-1: Using ep0 maxpacket: 32
[ 1361.633420][T16634] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1361.633470][T16634] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 1361.635984][T16634] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1361.636012][T16634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1361.636032][T16634] usb 5-1: SerialNumber: syz
[ 1361.745885][T16634] cdc_ether 5-1:1.0: skipping garbage
[ 1361.745909][T16634] usb 5-1: No union descriptors
[ 1361.901850][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.977571][T24214] netlink: 'syz.1.6703': attribute type 1 has an invalid length.
[ 1361.977594][T24214] netlink: 'syz.1.6703': attribute type 22 has an invalid length.
[ 1361.978468][T24194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1361.979109][T24194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1362.023059][T15739] usb 5-1: USB disconnect, device number 92
[ 1362.664400][T24225] sctp: [Deprecated]: syz.1.6705 (pid 24225) Use of int in max_burst socket option.
[ 1362.664400][T24225] Use struct sctp_assoc_value instead
[ 1363.000760][ T5617] Bluetooth: hci1: command tx timeout
[ 1364.159196][T24241] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1364.170747][T24188] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1364.170995][T24188] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1364.171430][T24188] bridge_slave_0: entered allmulticast mode
[ 1364.174447][T24188] bridge_slave_0: entered promiscuous mode
[ 1364.177016][T24241] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1364.177329][T24241] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1364.177602][T24241] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1364.177889][T24241] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1364.178017][T24241] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1364.178391][T24188] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1364.178568][T24188] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1364.178759][T24188] bridge_slave_1: entered allmulticast mode
[ 1364.182685][T24188] bridge_slave_1: entered promiscuous mode
[ 1364.302292][T24188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1364.306715][T24269] netlink: 'syz.0.6714': attribute type 1 has an invalid length.
[ 1364.306734][T24269] netlink: 'syz.0.6714': attribute type 22 has an invalid length.
[ 1364.336578][T24269] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1364.336896][T24269] bridge0: port 1(
1¾x9ÿ) entered disabled state
[ 1364.381585][T24241] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1364.402756][T24188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1364.485714][T24188] team0: Port device team_slave_0 added
[ 1364.489556][T24188] team0: Port device team_slave_1 added
[ 1364.721600][   T36] usb 2-1: new full-speed USB device number 118 using dummy_hcd
[ 1364.789600][T24276] overlayfs: missing 'lowerdir'
[ 1364.957379][   T36] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1364.957439][   T36] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1364.957467][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1364.957495][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1364.957519][   T36] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1364.960644][   T36] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1364.960674][   T36] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1365.038087][   T36] usb 2-1: Product: syz
[ 1365.038111][   T36] usb 2-1: Manufacturer: syz
[ 1365.038128][   T36] usb 2-1: SerialNumber: syz
[ 1365.070269][   T36] usb 2-1: config 0 descriptor??
[ 1365.313246][T24281] sctp: [Deprecated]: syz.2.6718 (pid 24281) Use of int in max_burst socket option.
[ 1365.313246][T24281] Use struct sctp_assoc_value instead
[ 1365.386726][   T36] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1365.386991][   T36] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[ 1365.551489][   T36] usb 2-1: USB disconnect, device number 118
[ 1365.656068][T24188] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1365.656090][T24188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1365.656122][T24188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1365.715483][T24188] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1365.715502][T24188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1365.715535][T24188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1365.811381][ T5617] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1365.947059][T24188] hsr_slave_0: entered promiscuous mode
[ 1365.948968][T24188] hsr_slave_1: entered promiscuous mode
[ 1365.950142][T24188] debugfs: 'hsr0' already exists in 'hsr'
[ 1365.950170][T24188] Cannot create hsr debugfs directory
[ 1366.157262][ T5617] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1366.203189][T18268] Bluetooth: hci4: command 0x041b tx timeout
[ 1366.203235][T18268] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1366.203266][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1366.203326][ T5617] Bluetooth: hci1: command 0x040f tx timeout
[ 1366.492188][T24299] netlink: 'syz.4.6724': attribute type 1 has an invalid length.
[ 1366.492212][T24299] netlink: 'syz.4.6724': attribute type 22 has an invalid length.
[ 1367.079145][T24188] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1367.383450][T24303] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1367.384339][T24303] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1367.384824][T24303] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1367.385110][T24303] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1367.385414][T24303] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1368.473506][T24326] FAULT_INJECTION: forcing a failure.
[ 1368.473506][T24326] name failslab, interval 1, probability 0, space 0, times 0
[ 1368.473556][T24326] CPU: 1 UID: 0 PID: 24326 Comm: syz.1.6728 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1368.473592][T24326] Tainted: [L]=SOFTLOCKUP
[ 1368.473601][T24326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1368.473616][T24326] Call Trace:
[ 1368.473624][T24326]  <TASK>
[ 1368.473635][T24326]  dump_stack_lvl+0xe8/0x150
[ 1368.473668][T24326]  should_fail_ex+0x46b/0x600
[ 1368.473713][T24326]  should_failslab+0xa8/0x100
[ 1368.473746][T24326]  kmem_cache_alloc_noprof+0x87/0x680
[ 1368.473772][T24326]  ? do_getname+0x2e/0x250
[ 1368.473809][T24326]  do_getname+0x2e/0x250
[ 1368.473840][T24326]  ? getname_flags+0x11/0x20
[ 1368.473872][T24326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.473899][T24326]  __x64_sys_execve+0x7a/0xc0
[ 1368.473927][T24326]  do_syscall_64+0x15f/0xf80
[ 1368.473952][T24326]  ? trace_irq_disable+0x3b/0x140
[ 1368.473980][T24326]  ? clear_bhb_loop+0x40/0x90
[ 1368.474011][T24326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1368.474035][T24326] RIP: 0033:0x7fb13bd5cdd9
[ 1368.474056][T24326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1368.474076][T24326] RSP: 002b:00007fb139f8d028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[ 1368.474099][T24326] RAX: ffffffffffffffda RBX: 00007fb13bfd6090 RCX: 00007fb13bd5cdd9
[ 1368.474116][T24326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000080
[ 1368.474129][T24326] RBP: 00007fb139f8d090 R08: 0000000000000000 R09: 0000000000000000
[ 1368.474143][T24326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1368.474156][T24326] R13: 00007fb13bfd6128 R14: 00007fb13bfd6090 R15: 00007ffcc299fdf8
[ 1368.474193][T24326]  </TASK>
[ 1368.743242][T24188] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1368.841559][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1369.261536][T16634] usb 5-1: new full-speed USB device number 93 using dummy_hcd
[ 1369.401493][ T5609] Bluetooth: hci1: command 0x040f tx timeout
[ 1369.401540][ T5609] Bluetooth: hci4: command 0x041b tx timeout
[ 1369.401597][ T5609] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1369.401628][ T5609] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1369.462850][T16634] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1369.462909][T16634] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1369.462938][T16634] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1369.462967][T16634] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1369.462991][T16634] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1369.466961][T16634] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1369.466991][T16634] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1369.467014][T16634] usb 5-1: Product: syz
[ 1369.467030][T16634] usb 5-1: Manufacturer: syz
[ 1369.467051][T16634] usb 5-1: SerialNumber: syz
[ 1369.473108][T16634] usb 5-1: config 0 descriptor??
[ 1369.683945][T16634] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1369.684273][T16634] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5
[ 1369.719696][T24188] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1369.910429][T16634] usb 5-1: USB disconnect, device number 93
[ 1371.250412][T24355] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6738'.
[ 1371.485751][ T5617] Bluetooth: hci1: command 0x040f tx timeout
[ 1371.787845][T24350] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1371.788142][T24350] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1371.788561][T24350] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1371.788838][T24350] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1371.789104][T24350] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1372.131305][ T5617] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1372.353314][T24383] FAULT_INJECTION: forcing a failure.
[ 1372.353314][T24383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1372.353348][T24383] CPU: 0 UID: 0 PID: 24383 Comm: syz.2.6745 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1372.353373][T24383] Tainted: [L]=SOFTLOCKUP
[ 1372.353380][T24383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1372.353393][T24383] Call Trace:
[ 1372.353403][T24383]  <TASK>
[ 1372.353411][T24383]  dump_stack_lvl+0xe8/0x150
[ 1372.353438][T24383]  should_fail_ex+0x46b/0x600
[ 1372.353487][T24383]  _copy_from_user+0x2d/0xb0
[ 1372.353509][T24383]  __sys_bpf+0x229/0x950
[ 1372.353533][T24383]  ? __pfx___sys_bpf+0x10/0x10
[ 1372.353553][T24383]  ? kmem_cache_free+0x187/0x6c0
[ 1372.353594][T24383]  ? __pfx_ksys_write+0x10/0x10
[ 1372.353621][T24383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.353641][T24383]  __x64_sys_bpf+0x7c/0x90
[ 1372.353663][T24383]  do_syscall_64+0x15f/0xf80
[ 1372.353685][T24383]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.353706][T24383]  ? clear_bhb_loop+0x40/0x90
[ 1372.353732][T24383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.353753][T24383] RIP: 0033:0x7f356813cdd9
[ 1372.353773][T24383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1372.353801][T24383] RSP: 002b:00007f3566396028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1372.353821][T24383] RAX: ffffffffffffffda RBX: 00007f35683b5fa0 RCX: 00007f356813cdd9
[ 1372.353834][T24383] RDX: 0000000000000000 RSI: 9999999999999999 RDI: 000000000000000f
[ 1372.353846][T24383] RBP: 00007f3566396090 R08: 0000000000000000 R09: 0000000000000000
[ 1372.353857][T24383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1372.353868][T24383] R13: 00007f35683b6038 R14: 00007f35683b5fa0 R15: 00007ffcc1f9c6e8
[ 1372.353896][T24383]  </TASK>
[ 1372.678269][T24387] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1372.678289][T24387] IPv6: NLM_F_CREATE should be set when creating new route
[ 1372.678343][T24387] IPv6: NLM_F_CREATE should be set when creating new route
[ 1372.725434][T24388] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1372.953878][T24188] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1372.991864][T16634] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[ 1372.991881][T15739] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1373.012485][T24188] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1373.033813][T24188] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1373.116239][T24188] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1373.118049][T24188] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1373.156210][T16634] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1373.156269][T16634] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1373.156289][T16634] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1373.156307][T16634] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1373.156323][T16634] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1373.208610][T16634] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1373.208642][T16634] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1373.208664][T16634] usb 5-1: Product: syz
[ 1373.208679][T16634] usb 5-1: Manufacturer: syz
[ 1373.208694][T16634] usb 5-1: SerialNumber: syz
[ 1373.209662][T15739] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1
[ 1373.209694][T15739] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.209809][T15739] usb 3-1: Product: syz
[ 1373.209826][T15739] usb 3-1: Manufacturer: syz
[ 1373.209842][T15739] usb 3-1: SerialNumber: syz
[ 1373.313785][T15739] usb 3-1: config 0 descriptor??
[ 1373.314537][T16634] usb 5-1: config 0 descriptor??
[ 1373.317337][T24188] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1373.347991][T24188] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1373.628003][T16634] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1373.628279][T16634] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5
[ 1373.801888][ T5617] Bluetooth: hci1: command 0x040f tx timeout
[ 1373.801929][ T5617] Bluetooth: hci4: command 0x041b tx timeout
[ 1373.801955][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1373.802044][ T5609] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1373.802073][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1373.832599][T24188] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1374.230869][T15739] int51x1 3-1:0.0: probe with driver int51x1 failed with error -71
[ 1374.294098][T15739] usb 3-1: USB disconnect, device number 107
[ 1374.482189][T16634] usb 5-1: USB disconnect, device number 94
[ 1375.883669][T18268] Bluetooth: hci1: command 0x040f tx timeout
[ 1376.249256][T24188] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1376.930362][T24188] 8021q: adding VLAN 0 to HW filter on device team0
[ 1377.080437][T15272] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1377.080659][T15272] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1377.154425][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1377.154556][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1377.432777][T24421] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1377.437285][T24421] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1377.437685][T24421] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1377.437962][T24421] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1377.438191][T24421] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1378.623641][T18268] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1378.914276][ T7051] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1378.962843][T24188] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1379.072457][ T7051] usb 2-1: Using ep0 maxpacket: 16
[ 1379.075684][ T7051] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1379.075740][ T7051] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1379.075768][ T7051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1379.075795][ T7051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1379.078973][ T7051] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1379.079006][ T7051] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1379.079028][ T7051] usb 2-1: Product: syz
[ 1379.079043][ T7051] usb 2-1: Manufacturer: syz
[ 1379.079059][ T7051] usb 2-1: SerialNumber: syz
[ 1379.082545][T18268] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1379.135853][ T7051] usb 2-1: config 0 descriptor??
[ 1379.218210][T24188] veth0_vlan: entered promiscuous mode
[ 1379.220935][ T7051] appledisplay 2-1:0.0: Submitting URB failed
[ 1379.221033][ T7051] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -5
[ 1379.424888][T24188] veth1_vlan: entered promiscuous mode
[ 1379.427890][T24452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1379.430327][T24452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1379.482709][ T5617] Bluetooth: hci4: command 0x041b tx timeout
[ 1379.482753][ T5617] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1379.482785][ T5617] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1379.482858][T18268] Bluetooth: hci1: command 0x040f tx timeout
[ 1379.709033][ T7051] usb 2-1: USB disconnect, device number 119
[ 1379.935885][T24188] veth0_macvtap: entered promiscuous mode
[ 1379.952209][T24188] veth1_macvtap: entered promiscuous mode
[ 1379.989346][T24188] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1380.010183][T24188] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1380.037487][T15272] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1380.038525][T15272] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1380.038573][T15272] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1380.038613][T15272] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1380.250896][ T7049] usb 5-1: new full-speed USB device number 95 using dummy_hcd
[ 1380.463811][ T7049] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1380.463868][ T7049] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1380.463897][ T7049] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1380.463927][ T7049] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1380.463950][ T7049] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1380.507196][ T7049] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1380.507284][ T7049] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1380.507341][ T7049] usb 5-1: Product: syz
[ 1380.507385][ T7049] usb 5-1: Manufacturer: syz
[ 1380.507421][ T7049] usb 5-1: SerialNumber: syz
[ 1380.617843][ T7049] usb 5-1: config 0 descriptor??
[ 1381.032548][ T7049] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1381.085985][T24471] comedi comedi0: Minor 2 could not be opened
[ 1381.262619][ T7049] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5
[ 1382.496763][ T7049] usb 5-1: USB disconnect, device number 95
[ 1382.594150][ T5931] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1382.594173][ T5931] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1382.781861][T15272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1382.781883][T15272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1383.020143][T24477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1383.602346][T18268] Bluetooth: hci4: Malformed HCI Event: 0x22
[ 1385.254432][T15739] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1385.343024][ T7049] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1385.404767][T15739] usb 5-1: Using ep0 maxpacket: 16
[ 1385.407131][T15739] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1385.407167][T15739] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1385.407208][T15739] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1385.407233][T15739] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1385.464837][T15739] usb 5-1: config 0 descriptor??
[ 1385.531861][ T7049] usb 3-1: Using ep0 maxpacket: 16
[ 1385.548487][T24502] input: syz0 as /devices/virtual/input/input100
[ 1385.555491][ T7049] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1385.555565][ T7049] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1385.555645][ T7049] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1385.555696][ T7049] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1385.619227][ T7049] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1385.619258][ T7049] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1385.619286][ T7049] usb 3-1: Product: syz
[ 1385.619301][ T7049] usb 3-1: Manufacturer: syz
[ 1385.619316][ T7049] usb 3-1: SerialNumber: syz
[ 1385.684916][ T7049] usb 3-1: config 0 descriptor??
[ 1385.710841][ T7049] appledisplay 3-1:0.0: Submitting URB failed
[ 1385.710996][ T7049] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -5
[ 1385.736481][T18268] Bluetooth: hci1: Malformed HCI Event: 0x22
[ 1385.988525][T24493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1386.009818][T24493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1386.057577][T19121] IPVS: starting estimator thread 0...
[ 1386.095986][T17548] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1386.101860][T15739] microsoft 0003:045E:07DA.0010: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[ 1386.101897][T15739] microsoft 0003:045E:07DA.0010: no inputs found
[ 1386.101912][T15739] microsoft 0003:045E:07DA.0010: could not initialize ff, continuing anyway
[ 1386.163288][T24505] IPVS: using max 11 ests per chain, 26400 per kthread
[ 1386.243086][T17548] usb 4-1: Using ep0 maxpacket: 16
[ 1386.247790][T17548] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1386.247930][T17548] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1386.247960][T17548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1386.247986][T17548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1386.317728][T17548] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1386.317772][T17548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1386.317793][T17548] usb 4-1: Product: syz
[ 1386.317810][T17548] usb 4-1: Manufacturer: syz
[ 1386.317826][T17548] usb 4-1: SerialNumber: syz
[ 1386.381604][ T7049] usb 3-1: USB disconnect, device number 108
[ 1386.390882][T17548] usb 4-1: config 0 descriptor??
[ 1386.481464][T17548] appledisplay 4-1:0.0: Submitting URB failed
[ 1386.481617][T17548] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -5
[ 1386.620487][T24504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1386.621141][T24504] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1386.729071][T17548] usb 4-1: USB disconnect, device number 75
[ 1387.246858][T15738] usb 5-1: USB disconnect, device number 96
[ 1387.477091][T24527] FAULT_INJECTION: forcing a failure.
[ 1387.477091][T24527] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1387.477132][T24527] CPU: 0 UID: 0 PID: 24527 Comm: syz.4.6786 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1387.477162][T24527] Tainted: [L]=SOFTLOCKUP
[ 1387.477171][T24527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1387.477185][T24527] Call Trace:
[ 1387.477194][T24527]  <TASK>
[ 1387.477204][T24527]  dump_stack_lvl+0xe8/0x150
[ 1387.477237][T24527]  should_fail_ex+0x46b/0x600
[ 1387.477282][T24527]  _copy_from_user+0x2d/0xb0
[ 1387.477310][T24527]  __sys_connect+0x156/0x450
[ 1387.477340][T24527]  ? __pfx___sys_connect+0x10/0x10
[ 1387.477381][T24527]  ? __pfx_ksys_write+0x10/0x10
[ 1387.477414][T24527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1387.477440][T24527]  __x64_sys_connect+0x7a/0x90
[ 1387.477468][T24527]  do_syscall_64+0x15f/0xf80
[ 1387.477494][T24527]  ? trace_irq_disable+0x3b/0x140
[ 1387.477521][T24527]  ? clear_bhb_loop+0x40/0x90
[ 1387.477551][T24527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1387.477574][T24527] RIP: 0033:0x7f79f603cdd9
[ 1387.477596][T24527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1387.477615][T24527] RSP: 002b:00007f79f4275028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1387.477644][T24527] RAX: ffffffffffffffda RBX: 00007f79f62b6090 RCX: 00007f79f603cdd9
[ 1387.477660][T24527] RDX: 000000000000006e RSI: 0000200000000080 RDI: 0000000000000006
[ 1387.477673][T24527] RBP: 00007f79f4275090 R08: 0000000000000000 R09: 0000000000000000
[ 1387.477687][T24527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1387.477700][T24527] R13: 00007f79f62b6128 R14: 00007f79f62b6090 R15: 00007fff6aa5fe78
[ 1387.477735][T24527]  </TASK>
[ 1390.752791][T18268] Bluetooth: hci4: Malformed HCI Event: 0x22
[ 1391.093903][   T31] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1391.468394][   T31] usb 3-1: Using ep0 maxpacket: 16
[ 1391.471613][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1391.471670][   T31] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1391.471700][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1391.471728][   T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1392.212378][   T31] usb 3-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1392.212413][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1392.212435][   T31] usb 3-1: Product: syz
[ 1392.212451][   T31] usb 3-1: Manufacturer: syz
[ 1392.212467][   T31] usb 3-1: SerialNumber: syz
[ 1392.268550][   T31] usb 3-1: config 0 descriptor??
[ 1392.292911][   T31] appledisplay 3-1:0.0: Submitting URB failed
[ 1392.293064][   T31] appledisplay 3-1:0.0: probe with driver appledisplay failed with error -5
[ 1392.534668][T24567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1392.557783][T24567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1392.698166][   T31] usb 3-1: USB disconnect, device number 109
[ 1392.868029][T24592] FAULT_INJECTION: forcing a failure.
[ 1392.868029][T24592] name failslab, interval 1, probability 0, space 0, times 0
[ 1392.868063][T24592] CPU: 0 UID: 0 PID: 24592 Comm: syz.3.6802 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1392.868087][T24592] Tainted: [L]=SOFTLOCKUP
[ 1392.868094][T24592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1392.868105][T24592] Call Trace:
[ 1392.868112][T24592]  <TASK>
[ 1392.868120][T24592]  dump_stack_lvl+0xe8/0x150
[ 1392.868148][T24592]  should_fail_ex+0x46b/0x600
[ 1392.868182][T24592]  should_failslab+0xa8/0x100
[ 1392.868206][T24592]  __kmalloc_noprof+0xdf/0x7b0
[ 1392.868225][T24592]  ? kfree+0x4d/0x6c0
[ 1392.868241][T24592]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1392.868276][T24592]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1392.868305][T24592]  ? tomoyo_domain+0xd8/0x130
[ 1392.868327][T24592]  ? tomoyo_path_number_perm+0x219/0x630
[ 1392.868350][T24592]  tomoyo_path_number_perm+0x246/0x630
[ 1392.868379][T24592]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1392.868402][T24592]  ? __lock_acquire+0x6b5/0x2cf0
[ 1392.868430][T24592]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1392.868476][T24592]  ? __fget_files+0x2a/0x420
[ 1392.868495][T24592]  ? __fget_files+0x2a/0x420
[ 1392.868509][T24592]  ? __fget_files+0x3a6/0x420
[ 1392.868524][T24592]  ? __fget_files+0x2a/0x420
[ 1392.868543][T24592]  security_file_ioctl+0xc3/0x2a0
[ 1392.868575][T24592]  __se_sys_ioctl+0x47/0x170
[ 1392.868597][T24592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.868629][T24592]  do_syscall_64+0x15f/0xf80
[ 1392.868648][T24592]  ? trace_irq_disable+0x3b/0x140
[ 1392.868671][T24592]  ? clear_bhb_loop+0x40/0x90
[ 1392.868693][T24592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.868711][T24592] RIP: 0033:0x7fe1390ccdd9
[ 1392.868729][T24592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1392.868745][T24592] RSP: 002b:00007fe13731e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1392.868764][T24592] RAX: ffffffffffffffda RBX: 00007fe139345fa0 RCX: 00007fe1390ccdd9
[ 1392.868778][T24592] RDX: 0000000000000000 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1392.868789][T24592] RBP: 00007fe13731e090 R08: 0000000000000000 R09: 0000000000000000
[ 1392.868800][T24592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1392.868810][T24592] R13: 00007fe139346038 R14: 00007fe139345fa0 R15: 00007ffe8c430e28
[ 1392.868839][T24592]  </TASK>
[ 1392.868848][T24592] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1393.223133][T24593] netlink: 92 bytes leftover after parsing attributes in process `syz.1.6803'.
[ 1396.298585][T24652] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1396.940898][T24669] FAULT_INJECTION: forcing a failure.
[ 1396.940898][T24669] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1396.940961][T24669] CPU: 0 UID: 0 PID: 24669 Comm: syz.3.6822 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1396.940993][T24669] Tainted: [L]=SOFTLOCKUP
[ 1396.941001][T24669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1396.941013][T24669] Call Trace:
[ 1396.941022][T24669]  <TASK>
[ 1396.941032][T24669]  dump_stack_lvl+0xe8/0x150
[ 1396.941066][T24669]  should_fail_ex+0x46b/0x600
[ 1396.941098][T24669]  _copy_from_user+0x2d/0xb0
[ 1396.941117][T24669]  __sys_bpf+0x229/0x950
[ 1396.941140][T24669]  ? __pfx___sys_bpf+0x10/0x10
[ 1396.941171][T24669]  ? ksys_write+0x248/0x270
[ 1396.941192][T24669]  ? __pfx_ksys_write+0x10/0x10
[ 1396.941214][T24669]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1396.941232][T24669]  __x64_sys_bpf+0x7c/0x90
[ 1396.941250][T24669]  do_syscall_64+0x15f/0xf80
[ 1396.941269][T24669]  ? clear_bhb_loop+0x40/0x90
[ 1396.941296][T24669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1396.941312][T24669] RIP: 0033:0x7fe1390ccdd9
[ 1396.941327][T24669] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1396.941341][T24669] RSP: 002b:00007fe1372dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1396.941359][T24669] RAX: ffffffffffffffda RBX: 00007fe139346180 RCX: 00007fe1390ccdd9
[ 1396.941371][T24669] RDX: 0000000000000048 RSI: 0000200000000140 RDI: 2000000000000000
[ 1396.941382][T24669] RBP: 00007fe1372dc090 R08: 0000000000000000 R09: 0000000000000000
[ 1396.941393][T24669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1396.941402][T24669] R13: 00007fe139346218 R14: 00007fe139346180 R15: 00007ffe8c430e28
[ 1396.941427][T24669]  </TASK>
[ 1397.695408][T24674] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6824'.
[ 1398.014446][T18268] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1399.064495][T15738] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1399.214606][T15738] usb 2-1: Using ep0 maxpacket: 16
[ 1399.217094][T15738] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1399.217150][T15738] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1399.217178][T15738] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1399.217206][T15738] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1399.220193][T15738] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1399.220223][T15738] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1399.220243][T15738] usb 2-1: Product: syz
[ 1399.220258][T15738] usb 2-1: Manufacturer: syz
[ 1399.220274][T15738] usb 2-1: SerialNumber: syz
[ 1399.323081][T15738] usb 2-1: config 0 descriptor??
[ 1399.350488][T15738] appledisplay 2-1:0.0: Submitting URB failed
[ 1399.350657][T15738] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -5
[ 1399.566949][T24702] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1399.599410][T24683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1399.600095][T24683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1399.684958][T15738] usb 2-1: USB disconnect, device number 120
[ 1399.754680][ T7049] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1399.934731][ T7049] usb 5-1: Using ep0 maxpacket: 16
[ 1399.937867][ T7049] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1399.939738][ T7049] usb 5-1: config 7 has an invalid interface number: 118 but max is 0
[ 1399.939764][ T7049] usb 5-1: config 7 has no interface number 0
[ 1399.939798][ T7049] usb 5-1: config 7 interface 118 has no altsetting 0
[ 1399.995383][ T7049] usb 5-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=22.09
[ 1399.995417][ T7049] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1399.995438][ T7049] usb 5-1: Product: syz
[ 1399.995454][ T7049] usb 5-1: Manufacturer: syz
[ 1399.995469][ T7049] usb 5-1: SerialNumber: syz
[ 1400.404207][ T7049]  (null): radio-mr800 - initialization failed
[ 1400.412133][T24718] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6834'.
[ 1400.432718][T24715] ucma_write: process 43 (syz.3.6834) changed security contexts after opening file descriptor, this is not allowed.
[ 1400.459873][ T7049] radio-mr800 5-1:7.118: probe with driver radio-mr800 failed with error -22
[ 1400.460424][ T7049] usbhid 5-1:7.118: couldn't find an input interrupt endpoint
[ 1400.499657][ T7049] usb 5-1: USB disconnect, device number 97
[ 1401.265718][T24740] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.6839'.
[ 1401.265850][T24740] netlink: Conntrack attr type has unexpected length (type=2, length=0, expected=2)
[ 1401.375261][T24744] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1402.225089][ T5609] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1402.247226][   T36] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1402.247367][   T36] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1403.429662][T24764] comedi comedi0: Minor 2 could not be opened
[ 1403.707436][T24753] comedi comedi0: Minor 2 could not be opened
[ 1404.303638][T24778] random: crng reseeded on system resumption
[ 1405.788591][T18252] usb 3-1: new low-speed USB device number 110 using dummy_hcd
[ 1405.915190][T18252] usb 3-1: device descriptor read/64, error -71
[ 1406.155397][T18252] usb 3-1: new low-speed USB device number 111 using dummy_hcd
[ 1406.370772][T24795] sctp: [Deprecated]: syz.3.6857 (pid 24795) Use of int in max_burst socket option.
[ 1406.370772][T24795] Use struct sctp_assoc_value instead
[ 1406.435342][T18252] usb 3-1: device descriptor read/64, error -71
[ 1406.545631][T18252] usb usb3-port1: attempt power cycle
[ 1406.679621][T24805] FAULT_INJECTION: forcing a failure.
[ 1406.679621][T24805] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1406.679679][T24805] CPU: 0 UID: 0 PID: 24805 Comm: syz.1.6858 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1406.679711][T24805] Tainted: [L]=SOFTLOCKUP
[ 1406.679719][T24805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1406.679731][T24805] Call Trace:
[ 1406.679789][T24805]  <TASK>
[ 1406.679799][T24805]  dump_stack_lvl+0xe8/0x150
[ 1406.679824][T24805]  should_fail_ex+0x46b/0x600
[ 1406.679855][T24805]  _copy_from_user+0x2d/0xb0
[ 1406.679875][T24805]  __sys_bpf+0x229/0x950
[ 1406.679897][T24805]  ? __pfx___sys_bpf+0x10/0x10
[ 1406.679914][T24805]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1406.679951][T24805]  ? ksys_write+0x248/0x270
[ 1406.679978][T24805]  ? __pfx_ksys_write+0x10/0x10
[ 1406.679996][T24805]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[ 1406.680022][T24805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.680040][T24805]  __x64_sys_bpf+0x7c/0x90
[ 1406.680057][T24805]  do_syscall_64+0x15f/0xf80
[ 1406.680077][T24805]  ? clear_bhb_loop+0x40/0x90
[ 1406.680097][T24805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1406.680113][T24805] RIP: 0033:0x7fb13bd5cdd9
[ 1406.680130][T24805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1406.680144][T24805] RSP: 002b:00007fb139f6c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1406.680239][T24805] RAX: ffffffffffffffda RBX: 00007fb13bfd6180 RCX: 00007fb13bd5cdd9
[ 1406.680252][T24805] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a
[ 1406.680264][T24805] RBP: 00007fb139f6c090 R08: 0000000000000000 R09: 0000000000000000
[ 1406.680274][T24805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1406.680285][T24805] R13: 00007fb13bfd6218 R14: 00007fb13bfd6180 R15: 00007ffcc299fdf8
[ 1406.680311][T24805]  </TASK>
[ 1406.897524][T18252] usb 3-1: new low-speed USB device number 112 using dummy_hcd
[ 1406.920352][T18252] usb 3-1: device descriptor read/8, error -71
[ 1407.185286][T18252] usb 3-1: new low-speed USB device number 113 using dummy_hcd
[ 1407.206351][T18252] usb 3-1: device descriptor read/8, error -71
[ 1407.315772][T18252] usb usb3-port1: unable to enumerate USB device
[ 1407.645754][T18268] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1407.650011][   T36] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1407.650029][   T36] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 1408.588161][T24827] FAULT_INJECTION: forcing a failure.
[ 1408.588161][T24827] name failslab, interval 1, probability 0, space 0, times 0
[ 1408.588202][T24827] CPU: 1 UID: 0 PID: 24827 Comm: syz.0.6861 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1408.588243][T24827] Tainted: [L]=SOFTLOCKUP
[ 1408.588252][T24827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1408.588265][T24827] Call Trace:
[ 1408.588274][T24827]  <TASK>
[ 1408.588284][T24827]  dump_stack_lvl+0xe8/0x150
[ 1408.588317][T24827]  should_fail_ex+0x46b/0x600
[ 1408.588358][T24827]  should_failslab+0xa8/0x100
[ 1408.588389][T24827]  __kmalloc_noprof+0xdf/0x7b0
[ 1408.588413][T24827]  ? kfree+0x4d/0x6c0
[ 1408.588434][T24827]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1408.588476][T24827]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1408.588514][T24827]  ? tomoyo_domain+0xd8/0x130
[ 1408.588543][T24827]  ? tomoyo_path_number_perm+0x219/0x630
[ 1408.588575][T24827]  tomoyo_path_number_perm+0x246/0x630
[ 1408.588609][T24827]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1408.588638][T24827]  ? __lock_acquire+0x6b5/0x2cf0
[ 1408.588673][T24827]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1408.588734][T24827]  ? __fget_files+0x2a/0x420
[ 1408.588760][T24827]  ? __fget_files+0x2a/0x420
[ 1408.588780][T24827]  ? __fget_files+0x3a6/0x420
[ 1408.588800][T24827]  ? __fget_files+0x2a/0x420
[ 1408.588825][T24827]  security_file_ioctl+0xc3/0x2a0
[ 1408.588859][T24827]  __se_sys_ioctl+0x47/0x170
[ 1408.588887][T24827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1408.588914][T24827]  do_syscall_64+0x15f/0xf80
[ 1408.588940][T24827]  ? trace_irq_disable+0x3b/0x140
[ 1408.588968][T24827]  ? clear_bhb_loop+0x40/0x90
[ 1408.589010][T24827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1408.589038][T24827] RIP: 0033:0x7fbac73fcdd9
[ 1408.589060][T24827] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1408.589078][T24827] RSP: 002b:00007fbac5656028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1408.589101][T24827] RAX: ffffffffffffffda RBX: 00007fbac7675fa0 RCX: 00007fbac73fcdd9
[ 1408.589117][T24827] RDX: 0000000000000000 RSI: 00000000400448c8 RDI: 0000000000000004
[ 1408.589131][T24827] RBP: 00007fbac5656090 R08: 0000000000000000 R09: 0000000000000000
[ 1408.589145][T24827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1408.589158][T24827] R13: 00007fbac7676038 R14: 00007fbac7675fa0 R15: 00007ffc2d7b2708
[ 1408.589193][T24827]  </TASK>
[ 1408.594737][T24827] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1410.458896][T24838] netlink: 'syz.3.6865': attribute type 10 has an invalid length.
[ 1410.690817][T24838] 8021q: adding VLAN 0 to HW filter on device team0
[ 1410.729263][T24838] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1411.002942][T24852] netlink: 'syz.4.6871': attribute type 1 has an invalid length.
[ 1411.313920][T24863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6874'.
[ 1411.566026][T24693] usb 4-1: new full-speed USB device number 76 using dummy_hcd
[ 1411.630383][T24872] sctp: [Deprecated]: syz.1.6875 (pid 24872) Use of int in max_burst socket option.
[ 1411.630383][T24872] Use struct sctp_assoc_value instead
[ 1411.718027][T24693] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1411.718084][T24693] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1411.718113][T24693] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1411.718142][T24693] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1411.718166][T24693] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1411.732238][T24693] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1411.732337][T24693] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1411.732425][T24693] usb 4-1: Product: syz
[ 1411.732475][T24693] usb 4-1: Manufacturer: syz
[ 1411.732507][T24693] usb 4-1: SerialNumber: syz
[ 1411.830694][T24693] usb 4-1: config 0 descriptor??
[ 1412.078047][T24693] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1412.078364][T24693] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 1413.426736][T18268] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1413.589808][   T36] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1413.589838][   T36] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1413.674161][T24693] usb 4-1: USB disconnect, device number 76
[ 1414.020390][T24898] FAULT_INJECTION: forcing a failure.
[ 1414.020390][T24898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1414.020431][T24898] CPU: 1 UID: 0 PID: 24898 Comm: syz.1.6879 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1414.020461][T24898] Tainted: [L]=SOFTLOCKUP
[ 1414.020469][T24898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1414.020482][T24898] Call Trace:
[ 1414.020491][T24898]  <TASK>
[ 1414.020527][T24898]  dump_stack_lvl+0xe8/0x150
[ 1414.020560][T24898]  should_fail_ex+0x46b/0x600
[ 1414.020604][T24898]  _copy_from_user+0x2d/0xb0
[ 1414.020632][T24898]  __sys_connect+0x156/0x450
[ 1414.020661][T24898]  ? __pfx___sys_connect+0x10/0x10
[ 1414.020701][T24898]  ? __pfx_ksys_write+0x10/0x10
[ 1414.020733][T24898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1414.020761][T24898]  __x64_sys_connect+0x7a/0x90
[ 1414.020788][T24898]  do_syscall_64+0x15f/0xf80
[ 1414.020814][T24898]  ? trace_irq_disable+0x3b/0x140
[ 1414.020841][T24898]  ? clear_bhb_loop+0x40/0x90
[ 1414.020871][T24898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1414.020895][T24898] RIP: 0033:0x7fb13bd5cdd9
[ 1414.020915][T24898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1414.020935][T24898] RSP: 002b:00007fb139f6c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1414.020958][T24898] RAX: ffffffffffffffda RBX: 00007fb13bfd6180 RCX: 00007fb13bd5cdd9
[ 1414.020975][T24898] RDX: 000000000000006e RSI: 0000200000000080 RDI: 0000000000000006
[ 1414.020989][T24898] RBP: 00007fb139f6c090 R08: 0000000000000000 R09: 0000000000000000
[ 1414.021003][T24898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1414.021016][T24898] R13: 00007fb13bfd6218 R14: 00007fb13bfd6180 R15: 00007ffcc299fdf8
[ 1414.021050][T24898]  </TASK>
[ 1414.527611][T24902] macsec1: entered promiscuous mode
[ 1414.529495][T24902] macsec1: entered allmulticast mode
[ 1414.529522][T24902] veth1_macvtap: entered allmulticast mode
[ 1414.685578][T24907] FAULT_INJECTION: forcing a failure.
[ 1414.685578][T24907] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1414.685619][T24907] CPU: 0 UID: 0 PID: 24907 Comm: syz.4.6888 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1414.685650][T24907] Tainted: [L]=SOFTLOCKUP
[ 1414.685659][T24907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1414.685674][T24907] Call Trace:
[ 1414.685683][T24907]  <TASK>
[ 1414.685694][T24907]  dump_stack_lvl+0xe8/0x150
[ 1414.685735][T24907]  should_fail_ex+0x46b/0x600
[ 1414.685779][T24907]  _copy_from_user+0x2d/0xb0
[ 1414.685807][T24907]  ucma_write+0x166/0x2f0
[ 1414.685838][T24907]  ? __pfx_ucma_write+0x10/0x10
[ 1414.685869][T24907]  ? rw_verify_area+0x25b/0x4e0
[ 1414.685904][T24907]  vfs_writev+0x4c6/0x9a0
[ 1414.685936][T24907]  ? __pfx_ucma_write+0x10/0x10
[ 1414.685967][T24907]  ? __pfx_vfs_writev+0x10/0x10
[ 1414.686012][T24907]  ? __fget_files+0x2a/0x420
[ 1414.686037][T24907]  ? __fget_files+0x3a6/0x420
[ 1414.686057][T24907]  ? __fget_files+0x2a/0x420
[ 1414.686086][T24907]  do_writev+0x15a/0x2e0
[ 1414.686120][T24907]  ? __pfx_do_writev+0x10/0x10
[ 1414.686157][T24907]  ? __secure_computing+0xe1/0x2a0
[ 1414.686190][T24907]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1414.686216][T24907]  do_syscall_64+0x15f/0xf80
[ 1414.686241][T24907]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1414.686265][T24907]  ? clear_bhb_loop+0x40/0x90
[ 1414.686292][T24907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1414.686315][T24907] RIP: 0033:0x7f79f603cdd9
[ 1414.686336][T24907] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1414.686355][T24907] RSP: 002b:00007f79f4296028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1414.686378][T24907] RAX: ffffffffffffffda RBX: 00007f79f62b5fa0 RCX: 00007f79f603cdd9
[ 1414.686394][T24907] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 000000000000000d
[ 1414.686408][T24907] RBP: 00007f79f4296090 R08: 0000000000000000 R09: 0000000000000000
[ 1414.686422][T24907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1414.686434][T24907] R13: 00007f79f62b6038 R14: 00007f79f62b5fa0 R15: 00007fff6aa5fe78
[ 1414.686468][T24907]  </TASK>
[ 1415.268843][T24914] netlink: 'syz.2.6890': attribute type 1 has an invalid length.
[ 1415.268867][T24914] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6890'.
[ 1415.334070][T24910] sctp: [Deprecated]: syz.0.6889 (pid 24910) Use of int in max_burst socket option.
[ 1415.334070][T24910] Use struct sctp_assoc_value instead
[ 1415.419965][T15738] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[ 1415.568775][T15738] usb 5-1: Using ep0 maxpacket: 16
[ 1415.571080][T15738] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1415.571135][T15738] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 1415.571164][T15738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1415.571191][T15738] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1415.619405][T15738] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1415.619440][T15738] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1415.619470][T15738] usb 5-1: Product: syz
[ 1415.619486][T15738] usb 5-1: Manufacturer: syz
[ 1415.619503][T15738] usb 5-1: SerialNumber: syz
[ 1415.681653][T15738] usb 5-1: config 0 descriptor??
[ 1415.693784][T15738] appledisplay 5-1:0.0: Submitting URB failed
[ 1415.693932][T15738] appledisplay 5-1:0.0: probe with driver appledisplay failed with error -5
[ 1415.891755][T24915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1415.927800][T24915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1416.085557][T15738] usb 5-1: USB disconnect, device number 98
[ 1416.460729][T24934] FAULT_INJECTION: forcing a failure.
[ 1416.460729][T24934] name failslab, interval 1, probability 0, space 0, times 0
[ 1416.460768][T24934] CPU: 0 UID: 0 PID: 24934 Comm: syz.0.6896 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1416.460799][T24934] Tainted: [L]=SOFTLOCKUP
[ 1416.460807][T24934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1416.460821][T24934] Call Trace:
[ 1416.460830][T24934]  <TASK>
[ 1416.460840][T24934]  dump_stack_lvl+0xe8/0x150
[ 1416.460875][T24934]  should_fail_ex+0x46b/0x600
[ 1416.460919][T24934]  should_failslab+0xa8/0x100
[ 1416.460950][T24934]  __kmalloc_noprof+0xdf/0x7b0
[ 1416.460975][T24934]  ? kfree+0x4d/0x6c0
[ 1416.460996][T24934]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1416.461039][T24934]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1416.461078][T24934]  ? tomoyo_domain+0xd8/0x130
[ 1416.461108][T24934]  ? tomoyo_path_number_perm+0x219/0x630
[ 1416.461139][T24934]  tomoyo_path_number_perm+0x246/0x630
[ 1416.461174][T24934]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1416.461205][T24934]  ? __lock_acquire+0x6b5/0x2cf0
[ 1416.461240][T24934]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1416.461312][T24934]  ? __fget_files+0x2a/0x420
[ 1416.461339][T24934]  ? __fget_files+0x2a/0x420
[ 1416.461359][T24934]  ? __fget_files+0x3a6/0x420
[ 1416.461379][T24934]  ? __fget_files+0x2a/0x420
[ 1416.461410][T24934]  security_file_ioctl+0xc3/0x2a0
[ 1416.461445][T24934]  __se_sys_ioctl+0x47/0x170
[ 1416.461473][T24934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1416.461498][T24934]  do_syscall_64+0x15f/0xf80
[ 1416.461524][T24934]  ? trace_irq_disable+0x3b/0x140
[ 1416.461552][T24934]  ? clear_bhb_loop+0x40/0x90
[ 1416.461591][T24934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1416.461614][T24934] RIP: 0033:0x7fbac73fcdd9
[ 1416.461636][T24934] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1416.461657][T24934] RSP: 002b:00007fbac5656028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1416.461679][T24934] RAX: ffffffffffffffda RBX: 00007fbac7675fa0 RCX: 00007fbac73fcdd9
[ 1416.461696][T24934] RDX: 0000200000000580 RSI: 00000000c03864bc RDI: 0000000000000003
[ 1416.461711][T24934] RBP: 00007fbac5656090 R08: 0000000000000000 R09: 0000000000000000
[ 1416.461725][T24934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1416.461739][T24934] R13: 00007fbac7676038 R14: 00007fbac7675fa0 R15: 00007ffc2d7b2708
[ 1416.461774][T24934]  </TASK>
[ 1416.466514][T24934] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1416.602890][   T36] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 1416.602913][   T36] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[ 1416.616260][    C0] ------------[ cut here ]------------
[ 1416.616336][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci4
[ 1416.616476][    C0] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd5c/0x1010, CPU#0: ktimers/0/16
[ 1416.616562][    C0] Modules linked in:
[ 1416.616584][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1416.616613][    C0] Tainted: [L]=SOFTLOCKUP
[ 1416.616621][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1416.616635][    C0] RIP: 0010:__queue_work+0xd87/0x1010
[ 1416.616688][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 9a 5b 9e 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 11 fa
[ 1416.616742][    C0] RSP: 0018:ffffc900001579b0 EFLAGS: 00010082
[ 1416.616796][    C0] RAX: 1ffff1100a4ef153 RBX: 0000000000000008 RCX: ffff88801cee0000
[ 1416.616842][    C0] RDX: ffff888060951968 RSI: ffffffff8a0fed40 RDI: ffffffff8f8bacb0
[ 1416.616896][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[ 1416.616930][    C0] R10: dffffc0000000000 R11: ffffffff818d2590 R12: dffffc0000000000
[ 1416.616976][    C0] R13: ffff888052778a98 R14: ffffffff8f8bacb0 R15: ffff888060951968
[ 1416.617030][    C0] FS:  0000000000000000(0000) GS:ffff888126179000(0000) knlGS:0000000000000000
[ 1416.617076][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1416.617120][    C0] CR2: 00007fbac73e5f40 CR3: 00000000313c8000 CR4: 00000000003526f0
[ 1416.617182][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1416.617231][    C0] DR3: 0000000000000002 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1416.617280][    C0] Call Trace:
[ 1416.617303][    C0]  <TASK>
[ 1416.617327][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1416.617418][    C0]  call_timer_fn+0x192/0x5e0
[ 1416.617483][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1416.617555][    C0]  ? call_timer_fn+0xd4/0x5e0
[ 1416.617643][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1416.617772][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[ 1416.617841][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1416.617918][    C0]  __run_timer_base+0x764/0x9f0
[ 1416.618042][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1416.618143][    C0]  ? __local_bh_disable_ip+0x3c/0x420
[ 1416.618242][    C0]  run_timer_softirq+0xb7/0x170
[ 1416.618326][    C0]  handle_softirqs+0x1de/0x6d0
[ 1416.618425][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1416.618509][    C0]  run_ktimerd+0x69/0x100
[ 1416.618595][    C0]  smpboot_thread_fn+0x541/0xa50
[ 1416.618675][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1416.618779][    C0]  kthread+0x388/0x470
[ 1416.618866][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1416.618941][    C0]  ? __pfx_kthread+0x10/0x10
[ 1416.619006][    C0]  ret_from_fork+0x514/0xb70
[ 1416.619046][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1416.619146][    C0]  ? __switch_to+0xc79/0x1410
[ 1416.619283][    C0]  ? __pfx_kthread+0x10/0x10
[ 1416.619366][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1416.619512][    C0]  </TASK>
[ 1416.619555][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1416.619611][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1416.619693][    C0] Tainted: [L]=SOFTLOCKUP
[ 1416.619716][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1416.619759][    C0] Call Trace:
[ 1416.619784][    C0]  <TASK>
[ 1416.619807][    C0]  vpanic+0x56c/0xa60
[ 1416.619895][    C0]  ? __pfx__printk+0x10/0x10
[ 1416.619987][    C0]  ? __pfx_vpanic+0x10/0x10
[ 1416.620063][    C0]  ? is_bpf_text_address+0x292/0x2b0
[ 1416.620144][    C0]  ? is_bpf_text_address+0x26/0x2b0
[ 1416.620256][    C0]  panic+0xc5/0xd0
[ 1416.620331][    C0]  ? __pfx_panic+0x10/0x10
[ 1416.620440][    C0]  ? ret_from_fork_asm+0x1a/0x30
[ 1416.620483][    C0]  __warn+0x315/0x4c0
[ 1416.620572][    C0]  ? __queue_work+0xd5c/0x1010
[ 1416.620681][    C0]  ? __queue_work+0xd5c/0x1010
[ 1416.620758][    C0]  __report_bug+0x29a/0x540
[ 1416.620847][    C0]  ? __queue_work+0xd5c/0x1010
[ 1416.620919][    C0]  ? __pfx___report_bug+0x10/0x10
[ 1416.620985][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[ 1416.621073][    C0]  ? register_lock_class+0x31/0x2e0
[ 1416.621173][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[ 1416.621271][    C0]  report_bug_entry+0x19a/0x290
[ 1416.621343][    C0]  ? __queue_work+0xd87/0x1010
[ 1416.621410][    C0]  ? __queue_work+0xd8c/0x1010
[ 1416.621484][    C0]  handle_bug+0xce/0x200
[ 1416.621575][    C0]  exc_invalid_op+0x1a/0x50
[ 1416.621654][    C0]  asm_exc_invalid_op+0x1a/0x20
[ 1416.621719][    C0] RIP: 0010:__queue_work+0xd87/0x1010
[ 1416.621788][    C0] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 9a 5b 9e 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 11 fa
[ 1416.621844][    C0] RSP: 0018:ffffc900001579b0 EFLAGS: 00010082
[ 1416.621907][    C0] RAX: 1ffff1100a4ef153 RBX: 0000000000000008 RCX: ffff88801cee0000
[ 1416.621945][    C0] RDX: ffff888060951968 RSI: ffffffff8a0fed40 RDI: ffffffff8f8bacb0
[ 1416.621978][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100
[ 1416.622028][    C0] R10: dffffc0000000000 R11: ffffffff818d2590 R12: dffffc0000000000
[ 1416.622082][    C0] R13: ffff888052778a98 R14: ffffffff8f8bacb0 R15: ffff888060951968
[ 1416.622149][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1416.622236][    C0]  ? __pfx_hci_cmd_timeout+0x10/0x10
[ 1416.622327][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1416.622428][    C0]  call_timer_fn+0x192/0x5e0
[ 1416.622517][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1416.622594][    C0]  ? call_timer_fn+0xd4/0x5e0
[ 1416.622681][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[ 1416.622801][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[ 1416.622870][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[ 1416.622958][    C0]  __run_timer_base+0x764/0x9f0
[ 1416.623089][    C0]  ? __pfx___run_timer_base+0x10/0x10
[ 1416.623182][    C0]  ? __local_bh_disable_ip+0x3c/0x420
[ 1416.623294][    C0]  run_timer_softirq+0xb7/0x170
[ 1416.623377][    C0]  handle_softirqs+0x1de/0x6d0
[ 1416.623474][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1416.623543][    C0]  run_ktimerd+0x69/0x100
[ 1416.623631][    C0]  smpboot_thread_fn+0x541/0xa50
[ 1416.623661][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[ 1416.623698][    C0]  kthread+0x388/0x470
[ 1416.623723][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1416.623744][    C0]  ? __pfx_kthread+0x10/0x10
[ 1416.623770][    C0]  ret_from_fork+0x514/0xb70
[ 1416.623793][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1416.623814][    C0]  ? __switch_to+0xc79/0x1410
[ 1416.623844][    C0]  ? __pfx_kthread+0x10/0x10
[ 1416.623870][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1416.623907][    C0]  </TASK>
[ 1416.630816][    C0] Kernel Offset: disabled