last executing test programs:

13m33.22126581s ago: executing program 1 (id=22):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
process_madvise(r2, 0x0, 0x0, 0x18, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000240)={0x0, 0x6, 0x2, "9de1"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

13m30.121617544s ago: executing program 1 (id=30):
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000200)=ANY=[], 0x1cb)
close(r0)
geteuid()

13m29.785967893s ago: executing program 1 (id=32):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x50, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dvmrp1\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x4000000}]}], {0x14, 0x10}}, 0xd8}, 0x1, 0x0, 0x0, 0x24040841}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000200012800b00010067656e657665000010000280060005004e24000004000e0008000a00", @ANYRES32=r4], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
listen(r0, 0x0)
ioctl$sock_proto_private(r0, 0x89e8, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0)
syz_usb_connect(0x2, 0x12d, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x9e, 0x6f, 0xd7, 0x20, 0x19d2, 0xff89, 0x4239, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11b, 0x1, 0x7, 0xff, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x5, 0x5, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x80, 0x1, 0x10, 0x7, 0x28, 0x0, [@generic={0x5f, 0xb, "7cd23d3d00ce9ab148b004f45d23dd45ad5b1beb3648103d045432ec4d89bc82274947cdda06c8781a589c357a710ec3fae823d2e01872c0749ee1f11489213185f8df0453c4ce646e91631c532cba2efc6664989dfd5a79471dcc4480"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x2}]}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x5, 0x6, 0x1}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x4, 0xa6, 0xb, [@generic={0x12, 0x30, "1cd63c3e42f5c511fd33b69851d564ed"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x4, 0x6}]}}, {{0x9, 0x5, 0x7, 0xc, 0x200, 0x9, 0xd5, 0xf2, [@generic={0x5d, 0xd, "7e7b85dc0159a371615c18bc901cd31a4f54f2a89f023d7fc7202dd404ddb1f59bebd34763a8c4654011f2499bdeb8818e4ceb1599b3b72564cea7506911991cb6dbb9ab7e65deff3a98883b65ec77e7f5163abe88c0ba9385f0d7"}]}}, {{0x9, 0x5, 0x9, 0x1, 0x3ff, 0x8, 0x81, 0x1}}]}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x201, 0x0, 0x7b, 0x5, 0xff, 0x9}, 0x1d, &(0x7f00000001c0)={0x5, 0xf, 0x1d, 0x1, [@ssp_cap={0x18, 0x10, 0xa, 0x23, 0x3, 0x3, 0xf000, 0x100, [0xc0c0, 0x0, 0xf]}]}, 0x3, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x812}}, {0xf7, &(0x7f0000000240)=@string={0xf7, 0x3, "621c2d2c9958ae2cc4788655c67862fc548b31c48f8469e5fb3e0aa67dd26c2e6d25d2205a569fc82e96a1155e41afce7cde3c23d9dc817f9c85551e17452a363143cd99a33a046c0a09a12be1ae90d22bf3665e9cda60338dc045f523c0ad39be0c74f233a94fcf4113e5003ba0701f5471195415387f045a86187f9b4297c967d8993ac17f71f25116570492f7d185be71824bf843827af1f0724ba1091f73cd7c9461e3db65e16416dda10e2e4557a537501a911b88b1413a113a3a718900fc31c4f2d4042a17ba0e5ba963e38cddbc90d9545ba1c02420925f59831e43f59af99cf8f6248c51ee2e8efdd0a2883c6c6f045389"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x3c01}}]})

13m26.844983243s ago: executing program 1 (id=42):
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, 0x700000000000000}, 0x0)
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000200)=ANY=[], 0x1cb)
close(r0)
geteuid()

13m26.5729652s ago: executing program 1 (id=44):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x11}, 0x4008080)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}}, 0x24}}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @broadcast, 0x4}, 0x80, 0x0}}], 0x1, 0x11)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

13m26.303773801s ago: executing program 1 (id=47):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0xa, 0x2, 0x73)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7fc}], 0x2c)
sendto$inet6(r0, &(0x7f0000000040)="e4", 0x1, 0x0, &(0x7f00000003c0)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x41, 0x80, 0xfe, 0x2, 0x9, 0x40, 0x8, 0x5a, 0x0, 0x9, 0xa}, 0xe)
time(&(0x7f00000001c0))
recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/174, 0xae}], 0x1}, 0x6}], 0xfffc, 0x10000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1400000013000104000000000000000002"], 0x14}], 0x1}, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2e, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x37}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x4880}, 0x20008844)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r4=>0xffffffffffffffff}, 0x111, 0x3}}, 0x20)
r5 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xffff, 0x2, @empty, 0xa09c}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x39}}, r4, 0x40099d}}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

13m10.871344917s ago: executing program 32 (id=47):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0xa, 0x2, 0x73)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7fc}], 0x2c)
sendto$inet6(r0, &(0x7f0000000040)="e4", 0x1, 0x0, &(0x7f00000003c0)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x41, 0x80, 0xfe, 0x2, 0x9, 0x40, 0x8, 0x5a, 0x0, 0x9, 0xa}, 0xe)
time(&(0x7f00000001c0))
recvmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/174, 0xae}], 0x1}, 0x6}], 0xfffc, 0x10000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fdinfo/3\x00')
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1400000013000104000000000000000002"], 0x14}], 0x1}, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2e, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x37}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000080}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x4880}, 0x20008844)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r4=>0xffffffffffffffff}, 0x111, 0x3}}, 0x20)
r5 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xffff, 0x2, @empty, 0xa09c}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x39}}, r4, 0x40099d}}, 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

11m49.893818794s ago: executing program 0 (id=413):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x14, 0x4, &(0x7f0000000380)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000005a0000008500000022000000180100002020702500000000002020200100000000000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff"], 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffeb5, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r4}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000740), 0x75, r6}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000600)=ANY=[@ANYRESHEX=r2, @ANYRES32=r5, @ANYRES8=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a1b901a61329833, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r7}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r9 = dup2(r0, r1)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r10}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000540)={[0x6, 0x3, 0x8000000000000001, 0x6, 0x8, 0x5, 0x7fffffffffffffff, 0x101, 0x7fff, 0x3c0800000000, 0x1, 0x0, 0x7f, 0x68, 0x1], 0x2, 0x1000})
r12 = getpid()
sched_setscheduler(r12, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r13=>0xffffffffffffffff, <r14=>0xffffffffffffffff})
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="143f6d790c2b0b9abddb25ed", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20)
connect$unix(r13, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r14, &(0x7f0000000000), 0x651, 0x0)

11m48.300290741s ago: executing program 0 (id=429):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000240)="4bde03157888a32dd0e0eb1c779829f1e07e01ce1ca01b37", 0x18}, {&(0x7f0000000300)="c3617155c990328996fdc71ae7b15a38749a2b561489dc1b93d14e57e96ac17258bae8ad6399143d7545ce19f748b1bbdf9cb4ba62e4049d6df644217bdfd5df207b64a3061b67621c5672f46bb43b0b5888fd9a01054815316e4d23ba0bbe471733ddf5a2d3f0861e5b2cb77dcd6114bb55d0b2ea60514f16a66f8afb203faf0377a8a89cd919ef67b815af19e5a6828fe289dea6b328493ac1743687708bf349ac59fa47bbdac40601d3c9ef", 0xad}], 0x2)
sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef", 0xdb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e3", 0x10b}], 0x1}}], 0x2, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) (fail_nth: 1)

11m47.342479241s ago: executing program 0 (id=435):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)={0x24, 0xd, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x4}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x24}}, 0x4000010)

11m46.999174957s ago: executing program 0 (id=438):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xab101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000000)='./file0/../file0\x00', 0x900, &(0x7f0000000080)={0x8, 0x1, 0x40000}, 0x20)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="5ad39bfffff2aaf38906", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fedbdf253b0000000c009900060000005f000000"], 0x20}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1}, 0x80, 0x0}, 0x2000c005)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x38, 0x1, 0x1, 0x301, 0x0, 0x0, {0x5, 0x0, 0x2}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0xff}, @CTA_SEQ_ADJ_REPLY={0x14, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xfffffffe}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x84}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000014}, 0x4000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a29045", 0x54}], 0x1}, 0x20004804)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

11m44.545901396s ago: executing program 0 (id=442):
set_mempolicy(0x3, &(0x7f00000005c0)=0x7, 0x7fff)
set_mempolicy(0x0, 0x0, 0x1)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000001e40)=0x5)
set_mempolicy(0x1, 0x0, 0x8)

11m42.281153955s ago: executing program 0 (id=454):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = landlock_create_ruleset(&(0x7f0000000000)={0x1080, 0x1}, 0x18, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x1)
sendmsg$nl_generic(r1, 0x0, 0x84)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

11m41.796756613s ago: executing program 33 (id=454):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = landlock_create_ruleset(&(0x7f0000000000)={0x1080, 0x1}, 0x18, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000000c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x1)
sendmsg$nl_generic(r1, 0x0, 0x84)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

10m29.425574932s ago: executing program 2 (id=864):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x17, 0x0, 0x200, 0xb64, 0x4, 0x1}, 0x48)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10681, 0x189}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040000}, 0x20044002)

10m29.295608089s ago: executing program 2 (id=865):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)

10m29.080895493s ago: executing program 2 (id=866):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000002400010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900013200000000140000001100010000000000000000ecdd000000000000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x480d0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x3, 0x5}, 0x2}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x48001}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000200025a729bd7000fddbdf250a0010cdff000001020001000800060000000000140000000000000000000000000000000001080010"], 0x40}, 0x1, 0x0, 0x0, 0x840}, 0x4000000)
syz_emit_ethernet(0x165, &(0x7f0000000740)=ANY=[@ANYBLOB="bbbbbbbbbbbbd5652bf92c5586dd63094971012f060000000000000000000000ffffe0000002fc020000000000000000000000000001041b00000000000004010408d11448ad0aa9829831484bf90c68cf98f64714eeb40d4af8b22f8a2da2d0fdbd2bc799a9d1bc98acf6073ecf38f181e405fd1f9496c79a2c75e100da0486ec3df9e006b47e5c860d2733b7d41d5d60e9d02922d678c661b02befdd8d08934f55080f8f6527e21645c9c11d1b7302a6e93be1073397a2aaf7d854096e31da7e8151807245608c9b34432a1351701a31bb6acf231873242751b2496d36d9f8d4b55a63456f8ef5805b784f1e820b43ad47e0e54c84bd04c84f574b937a32538c9b4801ef73cb2b2ffface9bb662a12c0e541610502d6ca05020fff00008903000000000000010400000000c910ff0100000000000000000000000000010000000000000000000000000000000400004e2300004e21000000040000000200000000000000108db16effcd3b05eb5c3eeb4d62769207ea998cd34e48efeecc9e2f9d40a739833d664b62e7770211b2fff9715e64cbb7c0c852677eefb958c64ba9ebc0064eba95e634933220505c6c2b97b820b37042c7d28b1d81cf8be31795a2a310f2a1ea21725fe368664c4664f3570bf249f88f642bac95ff625b241fc3db05e207692410ce44e0bc5c7ef6aea4938e0849e65493748fc23dfa8fc5a21330f3911f35620349fb8c13e346293fb477c494aef51d45a2f70a65a4197a612eb3044deab4f98e4a87ba9e3be8bc3c221de5f88d4781224379c988373d36"], 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x38, 0xfff, 0x0, 0x180, 0x2, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x8, 0x0, 0x45, 0x1, 0xbdb], 0xdddd0000, 0x1c4213})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_GET_REGS(r4, 0x8090ae81, &(0x7f00000002c0))
r5 = io_uring_setup(0xcd5, &(0x7f0000000040)={0x0, 0xc89f, 0x400, 0x880007, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYRESOCT=r4, @ANYRES64=r4, @ANYRES32], 0x50)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
unshare(0x22020400)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
bind$qrtr(r6, &(0x7f0000000340)={0x2a, 0x0, 0x1}, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a0703000000000000000002000009080003400000000a0900010073797a30000000000c000640000600000000000214000000020a01"], 0x70}}, 0x0)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0xa01, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)

10m26.814302688s ago: executing program 2 (id=873):
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x101041, 0x0)
pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0xec25, 0x80, 0xfffffffd, 0x15f, 0x0, r0}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000100)='./file0/file0\x00', 0xbc9dc8fbd81cb4a1)
stat(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}], 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="2b6e65745f70400000000000633ad2046c7320061b618a1d1a9676885b071233"], 0x13)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000180)=@abs, 0x6e)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000002000010000000000030000000a108000d11b9e1d9636424b14000200fc02000000000000000000000000000114000100200100"], 0x44}}, 0x40000)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004f9912800b000100697036746e7c00002c000280140003002001000000000000000000000000000114000200fc0200"/68], 0x5c}}, 0x0)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="b800000010000000ac1414bb000000000000000000000000ac1414bb00000000000000000000000000000000ffff00000a00800000000000f2bc4b5e7dd512dc45ca1af496806022e8c5d07a6a53ba79a2983d6299eac44e31501b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0xb8}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x58, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000140)={'syztnl2\x00', &(0x7f00000005c0)={'syztnl1\x00', r10, 0x2f, 0x1, 0x9, 0x11c215a7, 0x21, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0x700, 0x700, 0x800}})
r11 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r11, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xdd9f83, 0xff, 0x9, 0x1, 0x8, 0xa, 0x722, 0x15, 0xf, 0x2, 0x3e, 0xb763599953cb091c, {0xf56, 0x6fd8e84b}, 0x3, 0xed}})

10m23.429208638s ago: executing program 2 (id=881):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) (fail_nth: 2)

10m22.706467115s ago: executing program 2 (id=888):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/uts\x00')
setuid(0xee01)
setns(r1, 0x4000000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0x9, 0x14, @random="97ec0bdc2db9"}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x101)
socket$nl_route(0x10, 0x3, 0x0) (async)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/uts\x00') (async)
setuid(0xee01) (async)
setns(r1, 0x4000000) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0x9, 0x14, @random="97ec0bdc2db9"}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10) (async)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x101) (async)

10m7.540499882s ago: executing program 34 (id=888):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/uts\x00')
setuid(0xee01)
setns(r1, 0x4000000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0x9, 0x14, @random="97ec0bdc2db9"}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x101)
socket$nl_route(0x10, 0x3, 0x0) (async)
syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/uts\x00') (async)
setuid(0xee01) (async)
setns(r1, 0x4000000) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0x9, 0x14, @random="97ec0bdc2db9"}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10) (async)
ioctl$SIOCPNADDRESOURCE(r2, 0x89e0, &(0x7f0000000080)=0x101) (async)

9m31.294840688s ago: executing program 4 (id=1121):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d0000001801000020206425"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}}, 0x24}}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(r0, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x11)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

9m30.050892441s ago: executing program 4 (id=1124):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x56}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r6 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r0, r5})
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0..:\x00', 0x0)
sendmmsg$inet(r6, &(0x7f0000001500)=[{{0x0, 0xffffffcf, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x34000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

9m29.771889955s ago: executing program 4 (id=1127):
syz_usb_connect(0x4, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
fanotify_init(0x0, 0x1000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000240)=0x1, 0x4)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e22, @local}, 0xffffffffffffffd9)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="400f68cdbbf6fc9688bcbeb7109aa674de7617cebe4d27f6ba6d8cc3a9b82f72d23cf842ba5f68913ff69297631469f6bbcddf70c001661af9b0fb531660892a2293db60b151cfbc15", 0x49, 0x40c0, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x119})
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1, 0xa}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, &(0x7f0000000280)="0f20e06635000002000f22e0660fc24c000962a9f700dde50f3a0fae001083dba900000f350f74db0f71e6fe0fa8", 0x2e}], 0x1, 0xa, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9m29.524943677s ago: executing program 4 (id=1130):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$VIDIOC_S_AUDOUT(0xffffffffffffffff, 0x40345632, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x18, 0x0, 0x1)

9m29.164628838s ago: executing program 4 (id=1132):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x901) (fail_nth: 2)

9m28.63587488s ago: executing program 4 (id=1135):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x37, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0x3, 0x6, 0x5b69, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x1, 0x6, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00040, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0xfffff50f, 0x4, 0x3, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x4, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x3, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd7d, 0x60a2, 0x7f, 0x9d26, 0x0, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x32d, 0x1000, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x7, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x13ffd, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r4, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)='\n', 0x1}], 0x1}}], 0x1, 0x815)
shutdown(r4, 0x1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="61124d000000000061134c0000000000bf2000000000000015000000400001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

9m12.976809324s ago: executing program 35 (id=1135):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x37, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0x3, 0x6, 0x5b69, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x1, 0x6, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00040, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0xfffff50f, 0x4, 0x3, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x4, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x8000003, 0x5, 0x9, 0x0, 0x3, 0x3, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd7d, 0x60a2, 0x7f, 0x9d26, 0x0, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x6, 0x80000001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x32d, 0x1000, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x7, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x13ffd, 0x1, 0x9]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r4, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)='\n', 0x1}], 0x1}}], 0x1, 0x815)
shutdown(r4, 0x1)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="61124d000000000061134c0000000000bf2000000000000015000000400001103d030100000000009500000000000000bc26000000000000bf67000000000000070300000fff070067020000030000001606000000000078bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

8m5.004691185s ago: executing program 8 (id=1492):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x56}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r6 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r0, r5})
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0..:\x00', 0x0)
sendmmsg$inet(r6, &(0x7f0000001500)=[{{0x0, 0xffffffcf, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x34000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

8m2.512995768s ago: executing program 8 (id=1498):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x38, r1, 0x1, 0x72bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3ff, 0xff, 0x2, 0x7fff, 0x400, 0x5, 0x40, 0x8]}}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040)
r3 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000680), r5)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x1f, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x34}, 0x94)
r9 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$inet6(r9, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x58, @mcast1, 0x49}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000001c0)="8000e8beec9dbc13", 0x8}], 0x1, &(0x7f0000000080)=[@tclass={{0x18, 0x29, 0x43, 0x8001}}], 0x18}, 0x4004000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
close(r4)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)={0x28, r6, 0x1, 0x1070bd27, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4049}, 0x4c080)
ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000080)={0xc000003, 0x3, &(0x7f0000000580)=[0x7d4, 0x4, 0x10011, 0xffff, 0x7, 0x1ed, 0x2, 0x3, 0x20007, 0x0, 0x70, 0x2, 0x3, 0x8, 0xfffffff8], 0x1, 0x5})
ioctl$I2C_SLAVE(r3, 0x703, 0x22d)

8m1.201671715s ago: executing program 8 (id=1501):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000700)=ANY=[@ANYBLOB="b601000000000000bd110000000000008510000002000000850000007600000095000000000000009500a5050000000077d8f3b4000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d75357f21699cdc6751dfb265a0e3ccae669e173a649c1cfd6587d472d64e7cc955d77578f4c35235138d5421f9453559c35da860e8ef14142b2a3e314422b854421eed734ceb1efeecb9c66854c3b3ffe1b4ce25d7c983c005c03bf3a48dfe3e26e7a23129d6606fd28a697a9d552af6d9a9df2c3af333e2008e11bbec0727cb3f647535deb6277f5696833a71011a7d06602e2fd5234712596b696418f163d1a13ed38a682f87925bfa753f631cd027edd68149ee99eebc6f7d6dd4ae59af7588c8e1f4efab57644ccb1973d7879b70a70001040000000000000000d7900a820b63278f4e9a217b98ef7042ad2a923132f208fd8289eaf8cd00000000000009d27d753a300800000000000000a5686f2fccc33e3e34c3969c5ad781302d40e97a8ad10ce0cbe17366d5ac6af2fca2360a15b80400d52040ef7b28d300747877e176fe4c4b8e40dbf260f5a9f7eee30293c1b163b795d0aef4deb851a30000f569dc8f39943f889008e1ec914faa9e6cd0b3b4b3b5db666ebeb49d6a62019d76459e70b459543c4ac42e53b4ad4c77cff373ebd95848f01864e456969cd28000170996016aceb583df5ee4dd722e8c350af489f9a900000000a0dcc36b3d7c734a9cce0439f832a20d7cbdcda5dff3ba92dd66afb9d74aa222038994dcd3e7784dbea1e51a15b0f1a040cc63177f8fafa3192fc8e5552da1a982ab8dfe31ad1a0968faa47c2069d6bf09c3aa4f0fc128cb578d99b08a150b4cc4b22f6a464c6398c952519818a44a1b223ff502df87865c276588ea478e328e8277e811b99ce1acfecaf8e2c55ccc4b8eae0a61635514e99ffd438784060f23ba74c0b30b1180d935832deb686d789ba1d436d116394534e88492a42b8bf050c719661a2dc50b3a1dcfbc871e5c27e3d7260f6fa589e40000b89db451ff994845f6b49c12e89291398bcb3c06ef1289f74e0b0e2cab592d35f82a69e7284223a171c616b1f0fee6c4711d7aecb69746064d2c096554975d605ebe646302bf3d5cf32a9a09915ae3f3d4eb96615d7b237da56cd5e9904a19e145f25b6d98eb2c019967f553b61d0e80d6913cee9f8d18469a654a239a84a85debbc02846ac5791278f18c6759e3b513a68284d2efc30587e433431b2896a3bd48020af67e9ac071b2dd6dc3b9efae4ff03558fa619aea909c7f2416e7e7da1c51ccc7e6ac27412f728dc6d80da8adf317ca863ed683897321f8c8bb5a5d953d6783b7a06353ee496bbdff418de3e53234df87756eb99e330253cf5da4aa1a9648a38f07e2d302b4165983db4f7b8972923fffa8c03c288512a3a38fbd7c816a44634f7a03fab30811b7b93257bea4369ba46024dee5e9b0b2c3d3324e9b7c1f99ab9bb3f498b1485373b79ec84a67dad4e37575dab87ce55a9a69ed856a4c4410d1242ac1bd1539094a641cc086c2c53e363beafc74ab4e9ff320373705cbf5644586ffe60d293944fa2d9dc18b55f1af5c42f27747bef1ffd0c1766f062d47d61bf9f64e6ee288fa7fc12d48da526527b9f5c318c93ec447cb8b5eee7aa8a1e85696af3dfef96657c0545c8ebd96528d9c28828e5befd80d684b03b6d153da3e3cbd3bfbf4a9375b8ad04a1d241bcb5d5505cb6cc7a44e2e24bd0b1ca4879caaff59d0ce39dc7f3fea447f4e46967855208e63ec988bd2692afefbed2b001205e4b30ee8fe417defa566a73ace8f01f7181de0ef25f1744896a3c38859e6148c42454949cd64b1a888e7fe9c2d86bb01023b6ddeb67f5eb038af3e460c771518a4126c338b0390d459361e03adf6e6b558b3651a0e33d101b5febfff82794203da18db6fcf89715c2d338f78d8b9220171b41f528f857a7cb79ca990de1208777e13faaa9b9cb9e67797b07d9eb9e909410b50c5d981d9a72aa36498b630519d1530ef0000000000000000000037fcffffffffffffff8db8379bd2044c652dff399a9f8bfa4e9c507f049d18837464276830461ee203ba51f6102d262fc9a26bc3638ecce24e65c55da6efaa462f03d0e119c963a8c7a522b59f5a7b44d018cb2648383073d9e032492cae44350bc0a85697f431392eb22cae093e85954af97d6d7b2e6e8f43353062275ad1578a431594243452a2bfb89f91d8eaac038e9e17136e7c698f73faaabb3d00000000000080014573789425c4c32da528d89356aa6d2ae6da082e756c80cf39053431080ea6cbf9997a5a0ddad0b9d12bc3f880476ab32f0feaac5f16e61f7b72b8c9082eec423c6b3eaecfdcc9ec72795e7696421c83b76c2d6bac19bc875d009679778d8ef97d7e05329649d97b0dc54bea9b650873de2d3d702690176e0b23ee5cb5e469a8d1612d611722e6200e3a297d92f8e1de98326c5ef2b89d4e2d47767cd755783e5d865e373338e96ceb8399f296c59b2d70ca27735ecaff62982616d3ac1ab041733bce119d8002a6c8a2b08b32551b2313b1a2ff41b3f04af61c69c85cb2da48215727271bac2ffdeb62d9f5dc4845f1c3f63dc806e615ee8d28d6d7f181e30807afa27f41d0364c746a65a47464db68f3c433d88dd625db35fded2c86d75af88efaf20c8b37c644b6c4e773a9589200faa553bc92f916b75ddbfa18ab73979f46947b35914286d2499a0b8c970000000000000000f4fe74e0c26ab52329bd600627b256ca44dd121ffc8dbb6e5f70cbe03efccac70375b30cc927574d254d1b46c607e8b1ca7d1511568c3ef4b6b885f4582bdcef74e5e010627fc8e4fe00000000000000000000869d9640f06b11df2971909b90133983308ea4f033de613763f32d913bcbe9dd082a6fff197a20730269e6cfd31275395833f1c2b8a50a94c30cceae2a11fe9b9b835d0da73891c0b3ce22dea6bf31e7f51808cf72f44b4455b77a778440795e152dc1b7bb0a5636aa4742ce4d331a47de5836539cdf289176527277b70c8162aaf6f9475418b478329f3565450acfaf07000000eab8cabfa97e35081967bb92a264b07e8003d2f15537e72a1e4ca5ec1e2aaaf8236ecdefbaf512c75e636b6b6f518ad20521f909b12e9bc97e408e0dc82f950d12705f35708bc862196abb27e8d7991b5273987f38c4706289ff4f6130cee76465d487a07a74452f87da2029bd3debd9870335d58d3fe1ac80574fa3ea312997ab81bc6f569ffdb10ba3f20a86d95128d13e0c778998d3b3114bfb07bd61e4bff8a5e2ce4aa572c63e09b44ca4a181bcfe4eec3ce843c65c4948169fe639a186acc2b4a96c6b8d4d2e6d53ab97bea01eab953e6e89e3af34d4ada217bc6fda0fb2095c49195d0d6f365ca80a955b9ec81240a84ef672afa369fc8e3d444ba35d0f51a0065a3b982d09dfc6874fc0d8079b185447cb8a695e132d4d613a529d9c77e2a8f7320ecf698e8a2b170fd601dc1a9767a38b10788e92d1356f6a6c1bcfb2d31b46e735db13f1be80bac1b6be04fd98610000000000000000000000000000139af5493f74751c5e2501a4936bc4a0fa516117f4ccadc692003adee0a080eba2f1059660c0ee0e9aec72d4d0fe095632e4f641b0e34c611c5b3e0ba05fa36542d40837dda323910672a9097d68398fd3539686e4288db0d6bf7cb8a1835f46dfe11865a66ef47e736dada06677a5bca133d6cbc8fe5c4557e51b006bdccd7c5f32ff1d9e8b130f77df09236870fb3de5b87b4f8acc13df534eba329b86670000000000000000b27a2616c03cdf6c009447a652bca9b325e73c0737d5b717945e4fe7a169c5e2c54fc71a4104aa7cf0f5d30e2fcd9503650edbd8a5971a9a1fde5e5df37469ae204a6e899eacc1e63034cbabc5604739881cb82604bed3e53696a0606b26b879ef232a1a038291389593d1575cb79aa8284cf01a7e1a456acab9d8d608ad69d4c4b56492af7004e7ed9d47c5db3d76a00bea7c804f3a3638408bc1636f1009b7f185f51606918eaa0ab6bef11ae3d300"], &(0x7f0000000080)='GPL\x00', 0x9, 0x34, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000000)={0x40, {0x2, 0xfffffffffffff667, 0x81, 0x3, 0x9}})

8m1.083575302s ago: executing program 8 (id=1502):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x2})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000d0000000a6c000000060a0904000000000000000002000002400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
r4 = syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0x2, 0x1, 0x3, "4a37f2c000190000000000000020000000000000f3ff000001000000ffff0400", 0x47504a50})
r5 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f00000007c0)=@hci={0x1f, 0x2f89, 0x31}, 0x80, 0x0}, 0x44000)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r6, &(0x7f0000000140)=ANY=[@ANYBLOB='lock i'], 0xc)
r7 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x28800, 0x0)
ioctl$FITRIM(r7, 0xc0185879, &(0x7f0000000100)={0x4, 0x8, 0x2910})

8m0.959315017s ago: executing program 8 (id=1503):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r5, 0x0)
accept4(r5, 0x0, 0x0, 0x0)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

7m53.02529459s ago: executing program 8 (id=1521):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

7m52.277231575s ago: executing program 36 (id=1521):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2m59.798631515s ago: executing program 5 (id=2916):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xbf)

2m58.101586298s ago: executing program 5 (id=2919):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r2, 0x2)
r3 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r3, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (fail_nth: 2)

2m54.829360013s ago: executing program 5 (id=2926):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f000014f000/0x2000)=nil)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x40289}, &(0x7f00000004c0)=<r2=>0x0, &(0x7f0000000480)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0})
io_uring_enter(r1, 0x3498, 0x3b01, 0xffff000000000000, 0x0, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5387, &(0x7f0000000000))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="2c0000003f00070dfeffffff00000000017c0000040077000c00038006000600801a0000080002"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0x4044000)
ioctl$SG_IO(r4, 0x2285, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r6, &(0x7f00000002c0)=[{0x5, 0x81, 0x0, 0xfd, @tick=0x1000, {0x0, 0xff}, {0xe}, @addr={0x81, 0x2}}], 0x1c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_LINKS(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x24, r8, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x4004010)
writev(r4, &(0x7f0000000080)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}, {&(0x7f0000000100)="aefdda9d050300005a90f17f07703aeff0f64ebb0052f436dd2a00000000000000000000ffff00000000ccb07c366792f1cf7297d9f5906619ad9ac6d6b77d67eb9a5c59af45266e5c9490259150b41327b58a8c0b", 0x55}, {&(0x7f0000000440)="5fb51513786e51b1e5088e520fa728e9af7d2b185bda39e63635ac3b3f9331f96f725a5fa50d3b6bf70a416bb65ac898e7076f8ac4a47e7337fa60e9e3959abb92767c3ffbfa39ddef4fc5da056fc3cd2e6d2c8420ab901fe37e9febd996ceb8a5a7672f1f0277882314376a6f3d096b41afecb6b4067e28038cd84b358cf802f0e8c8e68b5b29ad403ead7fec4c7df178c5a81b376097c7a230f702d3ea63fa3c06fa038976d64436088a98c6f62ee18f69ead7d9b4a6a29450e9e8e581aa28d31e7c55eb9243c8642db69f8e3152aae6d3da8efcc4c6360f64d03751956c0b9501b853e49004854144131fe188c031fdc091ae9a6ea065d32751a1388f3ce53b27b140967543a115539299cebf413ffaa64c9c0f6688bddebdeda707a497174449dfc897927a1ab736ef5d5562512fdd78c64e1d33508b35b905b3b981ad63b75721f0c16064cba5f735c67f2c3671e071240a3ea22d29056c93ff0e43a8a86f9cbcb5bbb61aea174cabe8abecf8d35424f35b8d59e2bbcb387ec3c12f5df76290ee140144722825832be397fb1f2300e04165e420a0c2b56c368a2ba7acce19293765946d542f4dd608235f21a4559f84fd996bc8a101243b45224884367e75cd88110482e63efcb265aace2b4fc004590787fb34e1fe31c2fbeaf95d4cc460bfbf087353faa8f2520037aa976ff5fdd449a28722327c747e3b057c7004ecdfce38037f733d537be3af2c68781a93296287a95a57bb04b4b9c4227c34bc66683d94206e90571365fb51e95e23ae307faf6b0a86f5bbd68a24443cd59d105d4ad8c357f7fecb820e0acd4cfd5770ed77d9abf8b8be0c4facbd16e30d8ec79526f6859c788f53123294bea2a7372d57269ab41790f49c501fc388eb7cdce56745af849969c8c5dac60da3351e8ac744ffd11bb3b980b8a922856c0f7832b7b19a7c203d601dfd8f127a473bf9ee74db3b45ad5710258d37adecc2e1ba2eda4afd07b41c9be350c4155ca6b55f52f0772d61843d1882abeacbd4fe9b37c62e3fa9cc4092e225e1223ddf42e737774ec48a09daf6690a1b9dd8ea55d4220d92abfcf7d7d3185d676984fe1701fcab529455c9a512b72515d1a365cc95ad13a0eeb2a6b7733c9e201f326a595354cfdfa33942cc91e434c666773632a27fca2f43313803509a8a7bfd1b9d4425c495ce0e1ddb875ec698649fa960ac06dc393dac15281a426efc6022a33f56e5a34ecec13b72929503014d32d0203bc6473f4e71a105634baa0a0e54860f21de4ecd0cc3e00bfda2cdb954fa93cbc05db6cced7f9b21c1dc131d4b5da1584cec3baea39723be865edf8e4702fca57a557fa197e377f8fb680d2a0fa58459d56dcdb2012e6ef16241767e9e1cfc941f67e5bd4a52071c7685818aaad06df7b7969656e92f20ea3124b383e8968e73696d8ee34668eec16e6f64bd3a6873e10db5f5c6633130f991439bb95e8ba4ca2060863229c762dedba9959e641184090f9ac0fdd4a448b92eb3a71d9d51e12d5552b0a0933f62f94a3fe5deddb8b9786ddc39eec02c177bda8a73cc06ef7b56a2c196c982aedc56de07d103ece082598c157ef7cd670e9dd2749a2a0014db6762d3195fb537ffd09300255b15b32d210a99eaf56fce210c0fe94065e19878ca4cf67b5f2a569ca362f4a0983c63056117bdb427ba6559471a7a9b206df71ab83b597a0244c98da85bffee33a07997bb48228dacf9bd7d2b108c5daa7b2f690c45524ab31a47ddf38bcb0a3b58642aa0ca3ef2ac02492322cf2f053934cd56da062fc84e0883ab40279242b013fa11d5af625b03be81ad9c187e94f1f4e85536c2c8e3cf106038e4162d26ec7e74e74a7f80b376a95729e61bf42c418830e683a44660ef3c7d70884c11d8883fda3024158dcafe651e483df0b44a007cb6a20e4c90eacb9abc24ef4ef3e7da358bee93589f6ce85dd7788268962ce7d590454eee3a281fe57f0dc6100e13ba49327f34bab6a2f802ef79cb617735ebc28ce95fc38a631939a106245daa74bb63fc36bdf0118c4a6e48322301288d0537e5c3b168f4f7f2d4cf8d73898976fb421137709edea849c3803c203d5e013c657199d2818f61dc1e9ac3e077ba966cff013f8aea931f5676fa53da9558855e35eb2feafd800adf2c9d6be4ffe34c5196d525a2c641de6ce62b42329f072089b30f9f8b2b2f03f3e6367aa90526a9a49778422aa3907ae5fd7f519b268cabc5097b0807b2643efdc8b1749f6c9c7ed712f6279e193b9d4a1e5c68a2acff94c01fce4e9991a471106654dfb6ad54718469f097b0c341564dfdcab5b533eaad4666da550ff4ded196b0c0b6542cfe3491f9599a55e9af37fdc32d393b79b72bb00c2b5fd4876b57363865e8c40a465612a47b05573cfd782446511ce1aed0777babde53d97e87da0ef84b9e102ad32c79e5ba3f50c6e6ebc459e26c5fe823b376101e799943b73e5d80c251cf2162b916ef9392a46c6b85d0aa3fa7d2cab720780577cc8b8065f24aad129eb5cf36f0c1c13a4c47a8b2a8c44485e5855e9b04ba48b08e60fc4144233674d49d328d3bc1034acae8aeb9dbfdb063618a3562d124d40084877ced44952ddb72dd6730c7032a331cd246a4114047ecd444ce72d6b3a468d12ecee28aa5ceca9c9034efb0a7bb30a4fdfceda7309214f0f8354246656cbf265a78a71167ae35afcce25ad72bba4e25d48fa7547beedaa6d148583fbdc1dfdc3f9b499f737b34b5864c523f6b8a3d4f75625269bd5480a3d8785447d2c9478951e726c913e06a416bd496aaad069972ab78ea7038e670cd07a757ba010a2b092e8aef06d04467a97c6dfbdefda98f533450e6b0404dfa8eb247574e7ba3d9f2562ed085bf71b164047d3f7383743b35bd9c0db06192df36a0de5c3c28a785ecb43b9fa57d94d2f86e0ed59747cb80212c3fa48b08a3729411fb34caa1329d1d4c770f95fa977344d945cccfd026138a6f1b9c44ba8f80b50835ec8ffdef5a1e1a5351843ddeb2d0d3271bc36c89c90b9770ad4f70d110fd3b98557863b75bbcd02d00e08d660dbdf51edfe6dddeaeeac9eaf38d0ee600d0d5588e1fe0a7c256d739cda41d2c6279136ec72f51b4e97ef67a3994bdd0e3d76286e1135f3ad8d7e119d363d0113337502de9d8b1c360f74d933d74c6dd9620745681dc11875ba8668a498020f89cc4f905dbe9b35ba480f2dec1ecc9fe7ea2223399abea280964db9fa71ce9a636bf98f99d69f2f7a8302f54a7f4cb118e9213d4f4ba1e62c814b344761ba8ac31f061730bd621e2e6d5b29b2763fe600032e091c14ba765441965e47d020bcbf442b674b54ab934c44189b8fde03f3a3e460f916544d448f39e0bd50de7f1cd2e36853e26ae51383ca1c6ccfc16c8c2c3372f6e2cd50c1d172a08d9b4d085e4a5ad2fc9d3167bae82436a8909fd90f1c897f358f003bade633567b72f88bae958dd380620914914c3959c7c4a0eeb0900a74785447ad4ba85174cd904de62886d740c513688ce8fded6d3cec003f5e4022b6d92734f4570e9ba70f4a4a522fb8d6203ce2dad965fac30380ddfc46ffa9f6e0d524599ab9238e31c3b7d3567feb404ef7573053628787ec72d08657069490e38ed4170333981fa17561dbad53652fa67a97fa1c1b8d4738c9db4af0219793897b82d0de04deb1560a1a1f8a865097ca0dc6fbff537b979694b95be500659a7890dc331ee92271b6f5a3dbc51f19e42c44e04e8b90f7db03a18856e79d003ce14e17a4e55d624f1dd667279aa9bbb3146040573a18c3f446aac64bc73f878b7a96393744819cbcfbb7a1e03940436a1ddc027c129ce68d25103fbe9183a9f601225951e80a432dde8ed0088ec9edad4cf6349b0039ec61d87f92875b07285a90c61ca9a402a4caf03d3af4d6a02a2f74a4c79512ef35ab3a56381b38b22cc62bb91ee0d5559b5846906b2fcf1d174b2dcd481974d94112f5e55d03a064bd5168bd088d2400eff5a979a90d976a4a19a3c22c6f2339331ce8d55cae3986b56c750e98590291c603bfdd61ed5a89ede733e73a2e06885cdddf3228d6bf626082cb03a885ae8ff9c941811687e6486c5f2a12777b52996c3566f174e09cee083b117b809234b812431f5b1342d1baac1654120b89c313cacd78d04ca70d9aacd9cc30750add8e6a6a428e7af6f88683b2f2c5eae4da90d5a5587b85a5e3dd34b45324204fb091c6c74a75eeaedb74670249f38d3e656bd45f8aae503c94bafd50a43fb3955cd1bc8cef63cc9ae59561fb473df774649c26db7380cd0403e329a96503b4f342f9129c16bd4ec3c9de4ff0468db22382119ee5200b4149e06f179bc38204f5651d2ac5d08633332c373bfe168c25957621fe5d229579e86bd78d00e2caf710c631d4ea1c331faedde25ce59957d971cefd54d9949dc9b8dd0470cebc5830c4d73a168e9197058f569aa2bf8a1243fbe82607d63c12176d8e8ae94fde0e297aaefaa90daac8cd1243f20daea5a9659cadc1ff5b1cfa961364794e3581e6e2d99e91c510d782efd72d6e2276d7933c746e5925f0ff0bda6ff76e110c43cef909ce0d029cab0c575ac4fdb160f94372bbe0b87cda78d2dcd64beba1485061a8729bd7bae235e1c5fad6407e11b0e496edbe20c5f337b5bf93da6d20dc9180754c05f159128315610654474d4775678fc790298647ac567be04763c44122afef9a3dc54f7d73f013d003ce0c6481f81d052f417f0345631d8e4a5481dcb42325c9982afcee9a6d8a5098960701a5aa601a000bdd0f40545e58510ab8889ea848bec75a55ab79ffbd98c5f44fae8c0471b5ae284d0c63ee9ab5e403ec1b6c92af780cd82bb15fe52faed7d8948d11fa6d4ca3e21791e3077706a8f95e72bd4e02683e73c5bf287ed7f09d5250721ccc04f961eb6fa442f069af398df0fd8a7018eaf4581267821583b0a863bd3b1ecb3a5b933a32799e1fece438dd28d2dc79d5b764030b8c258c15be80f7f2055a5bfb6b86569523b28288d385832a3a4235ff647c188b1871b2acb81a6e1013a28c754fdceba6a19e18cb44d3990ba07ba5b7305966e0d0cd9b054754ae761e44bfde45060224ca1bc43cb89b012ea094358d79e6ebce6e67120df313ac5fd90abba79a55cef6606f67718e43c23f6c156aada3131297f3cc8f181826910b0f1650dbdad0564f75a6bb39adf7ed80033090f9d6d2d8ee2d929721c6ed2ff202a7822825a9fb255e46d9dd8b8654d98748091b238e88cc23d502a654f8f5eef7da96bfc165834d6a4cf227b4f51e211cda5d90dc23786a014b587fb049ec4d7b0fce7bf100fc3e5e899973123b81b38b393835d9564c37ed426b3230e6468bde8c32167379635e1876cb9f8a27df3d83ec3d358a0d5b776ca6a259b641b7f9f1cd8eaa5dbd92198a245c12a4162b6a63d29b86335cef7841ade563903294f9f4e3ee5197f8d64159a39a71512305f6d67fed226a1cb0f45abbe1cf13090912ef952b233b9abcdf061426a5e8603488e1597ff7bd8bbee18985d06dd5d59109b4c395224dcc996a445a386f6f8beae22daef5fb09901fd3b375ca9b4d7c0442120b5d96291851dc3390a0156c1b6efcb635dd5bc04096d9bfbbc12a66118d668f31a8231b2f5b880c88235b075fa17e7d902355772bbb2eb75a0a8afdb944ccbd115c033ef47074ddefd60e63c435f7ba1dbf3678c92cbd8e33a9384afad01ec585a684e9bb6dde2ae4b961db2a44b9391c8eaa44e74f1286875ebc2cdc88514", 0x1000}], 0x3)

2m47.069107907s ago: executing program 5 (id=2935):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0x8000f28, 0x8)
splice(r2, 0x0, r0, 0x0, 0x6, 0xb)
ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x21, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000000)=0x6e)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = socket$inet6(0xa, 0xa, 0xd)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @local}], 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000240)={0x8, 0x8f, 0x206, 0xfffffffd, 0x3, 0xb37, 0xfffffe2f, 0x8}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000ec0)=@base={0x5, 0x7fff, 0x5, 0x7}, 0x48)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x18c, r7, 0x100, 0x70bd28, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0xb}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x5}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xf}, {0xc, 0x90, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x86}, {0xc, 0x90, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0x5}}]}, 0x18c}, 0x1, 0x0, 0x0, 0xc011}, 0x41)
syz_usb_connect(0x5, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e102"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
close(0x3)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r6, 0x84, 0x2, &(0x7f0000000080)={0xb, 0x8, 0x2, 0xff00}, 0x8)
sendmsg$inet_sctp(r6, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)

2m41.079758079s ago: executing program 5 (id=2948):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x0, 0x52424752, 0x2, @stepwise={0x8, 0x4, 0x3, 0x5, 0x800, 0xff}})

2m35.627128938s ago: executing program 5 (id=2954):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r0, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000580), 0x4)
recvmsg(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000080)=""/19, 0x13}, {&(0x7f0000000340)=""/172, 0xac}, {&(0x7f0000000400)=""/131, 0x83}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/83, 0x53}], 0x6}, 0x2)
syz_emit_ethernet(0x66, &(0x7f0000000340)=ANY=[], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
chown(&(0x7f0000001140)='./cgroup.cpu/cgroup.procs\x00', 0xffffffffffffffff, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f00000004c0))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x28}}, 0x802)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r4, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)

2m18.325038974s ago: executing program 37 (id=2954):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180)=r0, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000580), 0x4)
recvmsg(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000080)=""/19, 0x13}, {&(0x7f0000000340)=""/172, 0xac}, {&(0x7f0000000400)=""/131, 0x83}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/83, 0x53}], 0x6}, 0x2)
syz_emit_ethernet(0x66, &(0x7f0000000340)=ANY=[], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
chown(&(0x7f0000001140)='./cgroup.cpu/cgroup.procs\x00', 0xffffffffffffffff, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f00000004c0))
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0xc, &(0x7f0000000040)=0x8, 0x4)
sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000012000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b'], 0x28}}, 0x802)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r4, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r5)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)

1m55.47783428s ago: executing program 7 (id=3008):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/155, 0x6210}, {0x0, 0x30}], 0x2)

1m55.255834189s ago: executing program 7 (id=3009):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
renameat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00')

1m53.177856526s ago: executing program 7 (id=3013):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x87}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
close(0xffffffffffffffff)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000200)=[{0x20, 0x0, 0x0, 0x6d8d}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x0)

1m52.322041582s ago: executing program 7 (id=3018):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x40, 0x119, 0xfffffffe, 0x0, {0x2, 0x7c}, [@nested={0xc, 0x142, 0x0, 0x1, [@typed={0x8, 0xa, 0x0, 0x0, @fd}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='e1'}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)

1m50.340783462s ago: executing program 7 (id=3021):
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x2091, 0x4)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)

1m46.230906148s ago: executing program 7 (id=3027):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000020000000000000000080822"], 0x0}, 0x94)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001c00010a00000000fbc2"], 0x14}}, 0x20008000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x1000000000, 0x5, 0x41, 0x4, 0x0, 0x2004cb, 0x0, 0x40000000000a1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0xf9}, {0xffff1000, 0x10000, 0x1f, 0x0, 0x2, 0x2, 0x0, 0x0, 0x7, 0xff, 0x0, 0x5}, {0xeeee0000, 0xeeee1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x1, 0x48, 0x3, 0x0, 0x3}, {0x1, 0xffff1000, 0xe, 0x0, 0x1, 0x0, 0x9, 0x5, 0x8, 0x0, 0x4}, {0x6000, 0xffff1000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40}, {0x100000, 0x0, 0x0, 0x74, 0x5, 0x5, 0x2, 0x0, 0x0, 0x2, 0x5}, {0x0, 0xeeee8000, 0xa, 0x4, 0x0, 0x3, 0xa1, 0x20, 0x0, 0x9}, {0x0, 0x6000, 0x8, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x5}, {0xeeef0000, 0x3}, {0xdddd1000, 0x400}, 0xddf8ffdb, 0x0, 0x0, 0x400, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1)

1m29.537652189s ago: executing program 38 (id=3027):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000020000000000000000080822"], 0x0}, 0x94)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001c00010a00000000fbc2"], 0x14}}, 0x20008000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x1000000000, 0x5, 0x41, 0x4, 0x0, 0x2004cb, 0x0, 0x40000000000a1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0xf9}, {0xffff1000, 0x10000, 0x1f, 0x0, 0x2, 0x2, 0x0, 0x0, 0x7, 0xff, 0x0, 0x5}, {0xeeee0000, 0xeeee1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x1, 0x48, 0x3, 0x0, 0x3}, {0x1, 0xffff1000, 0xe, 0x0, 0x1, 0x0, 0x9, 0x5, 0x8, 0x0, 0x4}, {0x6000, 0xffff1000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40}, {0x100000, 0x0, 0x0, 0x74, 0x5, 0x5, 0x2, 0x0, 0x0, 0x2, 0x5}, {0x0, 0xeeee8000, 0xa, 0x4, 0x0, 0x3, 0xa1, 0x20, 0x0, 0x9}, {0x0, 0x6000, 0x8, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x5}, {0xeeef0000, 0x3}, {0xdddd1000, 0x400}, 0xddf8ffdb, 0x0, 0x0, 0x400, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1)

1m21.318951393s ago: executing program 6 (id=3072):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x56}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r5 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r0, r4})
sendmmsg$inet(r5, &(0x7f0000001500)=[{{0x0, 0xffffffcf, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x34000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)

1m16.98883955s ago: executing program 6 (id=3077):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d0000001801000020206425"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}}, 0x24}}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(r0, &(0x7f0000000740)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @broadcast, 0x4}, 0x80, 0x0}}], 0x1, 0x11)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1m15.44558462s ago: executing program 6 (id=3081):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x50, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'dvmrp1\x00'}]}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x4000000}]}], {0x14, 0x10}}, 0xac}, 0x1, 0x0, 0x0, 0x24040841}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000200012800b00010067656e657665000010000280060005004e24000004000e0008000a00", @ANYRES32=r4], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)
listen(r0, 0x0)
ioctl$sock_proto_private(r0, 0x89e8, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0)
syz_usb_connect(0x2, 0x12d, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x9e, 0x6f, 0xd7, 0x20, 0x19d2, 0xff89, 0x4239, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x11b, 0x1, 0x7, 0xff, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x5, 0x5, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x80, 0x1, 0x10, 0x7, 0x28, 0x0, [@generic={0x5f, 0xb, "7cd23d3d00ce9ab148b004f45d23dd45ad5b1beb3648103d045432ec4d89bc82274947cdda06c8781a589c357a710ec3fae823d2e01872c0749ee1f11489213185f8df0453c4ce646e91631c532cba2efc6664989dfd5a79471dcc4480"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x2}]}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x5, 0x6, 0x1}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x4, 0xa6, 0xb, [@generic={0x12, 0x30, "1cd63c3e42f5c511fd33b69851d564ed"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x4, 0x6}]}}, {{0x9, 0x5, 0x7, 0xc, 0x200, 0x9, 0xd5, 0xf2, [@generic={0x5d, 0xd, "7e7b85dc0159a371615c18bc901cd31a4f54f2a89f023d7fc7202dd404ddb1f59bebd34763a8c4654011f2499bdeb8818e4ceb1599b3b72564cea7506911991cb6dbb9ab7e65deff3a98883b65ec77e7f5163abe88c0ba9385f0d7"}]}}, {{0x9, 0x5, 0x9, 0x1, 0x3ff, 0x8, 0x81, 0x1}}]}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x201, 0x0, 0x7b, 0x5, 0xff, 0x9}, 0x1d, &(0x7f00000001c0)={0x5, 0xf, 0x1d, 0x1, [@ssp_cap={0x18, 0x10, 0xa, 0x23, 0x3, 0x3, 0xf000, 0x100, [0xc0c0, 0x0, 0xf]}]}, 0x3, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x812}}, {0xf7, &(0x7f0000000240)=@string={0xf7, 0x3, "621c2d2c9958ae2cc4788655c67862fc548b31c48f8469e5fb3e0aa67dd26c2e6d25d2205a569fc82e96a1155e41afce7cde3c23d9dc817f9c85551e17452a363143cd99a33a046c0a09a12be1ae90d22bf3665e9cda60338dc045f523c0ad39be0c74f233a94fcf4113e5003ba0701f5471195415387f045a86187f9b4297c967d8993ac17f71f25116570492f7d185be71824bf843827af1f0724ba1091f73cd7c9461e3db65e16416dda10e2e4557a537501a911b88b1413a113a3a718900fc31c4f2d4042a17ba0e5ba963e38cddbc90d9545ba1c02420925f59831e43f59af99cf8f6248c51ee2e8efdd0a2883c6c6f045389"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x3c01}}]})

1m4.708409214s ago: executing program 6 (id=3092):
r0 = socket(0x840000000002, 0x3, 0x100)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x26}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000dc0)='>', 0x1}], 0x1}, 0x0)
write$cgroup_subtree(r3, 0x0, 0x0)
recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000002c0)=""/199, 0xc7}], 0x1}, 0x102)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000140)={'syztnl2\x00', &(0x7f0000000100)={'gretap0\x00', <r7=>0x0, 0x8000, 0x10, 0x6, 0x8, {{0x6, 0x4, 0x0, 0x17, 0x18, 0x66, 0x0, 0xb, 0x2f, 0x0, @loopback, @empty, {[@noop, @end]}}}}})
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="7c00000013000500010000000000000007000000", @ANYRES32=r10, @ANYBLOB="00000000002000005c001a805800048054000a80"], 0x7c}, 0x1, 0x0, 0x0, 0x24000000}, 0x64040100)
r11 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=0xffffffffffffffff, 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x7, <r12=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1e, 0x5, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1000}, [@map_val={0x18, 0x1, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x7}]}, &(0x7f00000003c0)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x9, '\x00', r10, @fallback=0x38, r11, 0x8, &(0x7f0000000480)={0x9, 0x1}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x0, 0x6118, 0x8}, 0x10, r12, r0, 0x3, 0x0, &(0x7f0000000740)=[{0x3, 0x4, 0x9, 0x4}, {0x1, 0x2, 0x10, 0x3}, {0x1, 0x5, 0x6, 0x7}]}, 0x94)
r13 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00')
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, r5, 0x5, '\x00', r7, r13, 0x5, 0x1}, 0x50)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f00000000c0)={0x0, 0xe, 0x95, &(0x7f0000000000)=""/149})

1m1.948473113s ago: executing program 6 (id=3097):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0x8000f28, 0x8)
splice(r2, 0x0, r0, 0x0, 0x6, 0xb)
ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x21, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0)
accept$unix(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000000)=0x6e)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = socket$inet6(0xa, 0xa, 0xd)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @local}], 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000240)={0x8, 0x8f, 0x206, 0xfffffffd, 0x3, 0xb37, 0xfffffe2f, 0x8}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000ec0)=@base={0x5, 0x7fff, 0x5, 0x7}, 0x48)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x18c, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0xb}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x5}, {0xc}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xf}, {0xc, 0x90, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x100000001}, {0xc, 0x90, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x86}, {0xc, 0x90, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0x5}}]}, 0x18c}, 0x1, 0x0, 0x0, 0xc011}, 0x41)
syz_usb_connect(0x5, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e102"], 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
close(0x3)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r7, 0x84, 0x2, &(0x7f0000000080)={0xb, 0x8, 0x2, 0xff00}, 0x8)
sendmsg$inet_sctp(r7, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x2a000}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0)

59.519359384s ago: executing program 6 (id=3101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

52.115226814s ago: executing program 3 (id=3108):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000540)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fddbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="1912e7b5478fe250c8ade227e643675ad364a658409ed0409a2d982c1c6b98b0501fd605d25f26cc0add66c87c1b4301054c76f91a15b42a7fbd2799240558cc30238f6dc093c820bd2a46d2864ad8ba8c809e6b91f57b8321d1148a7ec156f41808a7a4531efd7c2faf2edd6a1985f32d8b33f20b0e3c6181ad91b3ce6c36a4c8aebb16198503b94275bd1a209ad73cccf2cfbf7770a8884d83dea06b6a7fedc1014e8040facaecf0856c7a0a9159ea1a21b38dab984f1e362dab6aaaacc38af1a340d5a7cfcffc2cfa71d98bbf276140b47aac26d028efb27bd3dd28d3924bfa469cc08e8c6c582f2668469488e625834804ff"], 0x20}, 0x1, 0x0, 0x0, 0x40841}, 0x20000000)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000001000010027bd7004ffdbdf2500000000", @ANYRES32=r4, @ANYBLOB="524e040080fe07002c0012801100f5ff6172696467655f736c617665000000001400058005000c0000000000050029"], 0x4c}, 0x1, 0x0, 0x0, 0x4008880}, 0x8002)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xffffffa8}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000200)={'ip6_vti0\x00', 0x0, 0x2f, 0x9, 0x3, 0x2, 0x2a, @remote, @loopback, 0x7800, 0x7, 0x8, 0x17}})
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0x200000000000017d, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000842baf06000000ce05838d8000000000000000000018110000", @ANYRES32=r9, @ANYRES16=r10], 0x0, 0x2, 0x0, 0x0, 0x6c41cede1b1c62f5, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r11, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000840)={&(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000800), 0x7, 0x2, 0x4})
sendmsg$nl_route_sched(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001580)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56f41, 0x1070b923, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x0, 0xd}, {0xffff, 0xb}, {0x9, 0xd}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7}}]}, 0x38}}, 0x4008800)
socket$nl_route(0x10, 0x3, 0x0)

48.81371913s ago: executing program 3 (id=3111):
socket(0x400000000010, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x7}, 0x4)
setsockopt$sock_int(r1, 0x1, 0x2c, &(0x7f00000000c0)=0xbfe, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c)
recvmmsg(r0, &(0x7f0000002300)=[{{&(0x7f0000000340)=@hci, 0x80, &(0x7f0000000080)=[{&(0x7f00000008c0)=""/69, 0x45}], 0x1, &(0x7f0000000980)=""/207, 0xcf}, 0x2}, {{&(0x7f0000000a80)=@generic, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000240)=""/21, 0x15}, {&(0x7f0000000b00)=""/156, 0x9c}, {&(0x7f00000002c0)=""/10, 0xa}, {&(0x7f0000000bc0)=""/105, 0x69}, {&(0x7f0000000c40)=""/100, 0x64}], 0x5}, 0x9066a0c4}, {{&(0x7f0000000d40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x80, &(0x7f0000002240)=[{&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000001dc0)=""/116, 0x74}, {&(0x7f0000001e40)=""/144, 0x90}, {&(0x7f00000003c0)}, {&(0x7f0000000440)=""/12, 0xc}, {&(0x7f0000001f00)=""/105, 0x69}, {&(0x7f0000001f80)=""/103, 0x67}, {&(0x7f0000002000)=""/84, 0x54}, {&(0x7f0000002080)=""/153, 0x99}, {&(0x7f0000002140)=""/218, 0xda}], 0xa}, 0xfffffff8}], 0x3, 0x2041, &(0x7f00000023c0))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="12000000050000000800000008"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r2, &(0x7f0000000240), &(0x7f00000000c0)=@udp6=r0}, 0x20)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
read$eventfd(r0, &(0x7f0000000040), 0x8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x4, &(0x7f0000ffe000/0x2000)=nil)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000140)='ufshcd_clk_scaling\x00'}, 0x18)
getitimer(0x2, &(0x7f0000000400))
r4 = socket$netlink(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000007702000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027d45ce500000000000000000000000000000000000400000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20ffffffff000000000000000000000000000000000000000000001000"/656], 0x290)
close_range(r4, 0xffffffffffffffff, 0x0)

48.184536598s ago: executing program 3 (id=3114):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000081c0)=[{{&(0x7f0000000380)=@abs={0x1, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f00000006c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18, 0x8}}], 0x1, 0x0)

45.983892717s ago: executing program 3 (id=3116):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd77, 0x181400)
mbind(&(0x7f0000ffc000/0x2000)=nil, 0xfaff, 0x4002, &(0x7f0000000000)=0x2, 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}, 0x0, r3})
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x1, 0x5, 0x2, 0x0, 0x7, 0x8, 0x652, 0x7, 0x8000009657, 0x1, 0x6, 0xffffffffffffffff, 0x10, 0x800000000b, 0x80000000000000, 0xcc0, 0x5, 0x1, 0x94d6, 0x10000000000001, 0x0, 0x809, 0x0, 0xfffffffffffffffa, 0x80003, 0xf64d})
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaae18674de7dc186dd60040a0000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aafffc4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000090780006"], 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

45.399817696s ago: executing program 3 (id=3118):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x24}, 0x94)
setresuid(0xee01, 0xee01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000002000000000000000000000e0000000000000000000000000600000d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e80c20000000000000000000000900000000000000000000000900000200000000000000000902"], 0x0, 0x96}, 0x28)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004000000000000ffa790ce135c0a6aaab6178fca6089e8f0875af0c01a606b65dca6e8e063618420d8bb66ceede405b45bb136bd086d16b98f712b"], 0x0, 0x26}, 0x28)
recvmmsg(0xffffffffffffffff, &(0x7f0000000ec0)=[{{&(0x7f00000003c0)=@x25, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000640)=""/127, 0x7f}, 0x8001}, {{&(0x7f00000006c0)=@nl=@proc, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000740)=""/149, 0x95}, {&(0x7f0000000800)=""/233, 0xe9}, {&(0x7f0000000a40)=""/211, 0xd3}, {&(0x7f0000000b40)=""/190, 0xbe}, {&(0x7f0000000c00)=""/219, 0xdb}, {&(0x7f0000000d00)=""/73, 0x49}], 0x6, &(0x7f0000000e00)=""/143, 0x8f}, 0x954}], 0x2, 0x10001, &(0x7f0000000240))
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r1, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10)
setfsuid(0xee00)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c4c4a25da716196ec866400fe2de0fae4e0afaf00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x28c00, 0x0)
ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x4e0cdd70e9af79cd, 0x8})
sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

43.897159213s ago: executing program 39 (id=3101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

42.639373612s ago: executing program 3 (id=3120):
syz_clone3(&(0x7f0000000340)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000000d0601010000000000000000070000070e0003006269746d0500050000000000050001000700"], 0x34}}, 0x4000020) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'hsr0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}})
read(r1, &(0x7f0000000140)=""/207, 0xcf)

26.601177511s ago: executing program 40 (id=3120):
syz_clone3(&(0x7f0000000340)={0x801400, &(0x7f0000000040), 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000000d0601010000000000000000070000070e0003006269746d0500050000000000050001000700"], 0x34}}, 0x4000020) (async)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'hsr0\x00', &(0x7f0000000340)=@ethtool_regs={0x7}})
read(r1, &(0x7f0000000140)=""/207, 0xcf)

25.883877712s ago: executing program 9 (id=3128):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x2, 0xfffffffd, 0x2})
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000001c0)={0x1c, 0x2e, 0x200, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9b, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

24.250384951s ago: executing program 9 (id=3129):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000540)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fddbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="1912e7b5478fe250c8ade227e643675ad364a658409ed0409a2d982c1c6b98b0501fd605d25f26cc0add66c87c1b4301054c76f91a15b42a7fbd2799240558cc30238f6dc093c820bd2a46d2864ad8ba8c809e6b91f57b8321d1148a7ec156f41808a7a4531efd7c2faf2edd6a1985f32d8b33f20b0e3c6181ad91b3ce6c36a4c8aebb16198503b94275bd1a209ad73cccf2cfbf7770a8884d83dea06b6a7fedc1014e8040facaecf0856c7a0a9159ea1a21b38dab984f1e362dab6aaaacc38af1a340d5a7cfcffc2cfa71d98bbf276140b47aac26d028efb27bd3dd28d3924bfa469cc08e8c6c582f2668469488e625834804ff"], 0x20}, 0x1, 0x0, 0x0, 0x40841}, 0x20000000)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000001000010027bd7004ffdbdf2500000000", @ANYRES32=r4, @ANYBLOB="524e040080fe07002c0012801100f5ff6172696467655f736c617665000000001400058005000c0000000000050029"], 0x4c}, 0x1, 0x0, 0x0, 0x4008880}, 0x8002)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x6, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xffffffa8}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', &(0x7f0000000200)={'ip6_vti0\x00', 0x0, 0x2f, 0x9, 0x3, 0x2, 0x2a, @remote, @loopback, 0x7800, 0x7, 0x8, 0x17}})
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0x200000000000017d, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000842baf06000000ce05838d8000000000000000000018110000", @ANYRES32=r9, @ANYRES16=r10], 0x0, 0x2, 0x0, 0x0, 0x6c41cede1b1c62f5, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r11, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc92b18236457ee3c8", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)

20.836926597s ago: executing program 9 (id=3130):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f00000043c0)=[{{&(0x7f00000021c0)={0xa, 0x4e22, 0x5, @mcast2, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1400000000000000290000003e000000000000000000000024000000000000002900000032"], 0x40}}], 0x1, 0x8040)

17.501335149s ago: executing program 9 (id=3131):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, 0x0, 0x0, 0x0)

16.281860461s ago: executing program 9 (id=3132):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000001240)={0x1, [<r1=>0x0]}, &(0x7f0000001200)=0x50)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x82, &(0x7f0000000300)={r1, 0x10, 0x7}, 0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x20}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r2}, 0x18)
r3 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r3, 0x2004, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x3fffffffe, 0x0, 0x7, 0x0, 0x402, 0x0, 0x1, 0x4, 0x3, 0x0, 0x1, 0x7, 0x6], 0x0, 0x2e1090})
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1, 0xa}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)

15.875396088s ago: executing program 9 (id=3133):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x3, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f0000000080)=0xffffffff, 0x46)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_ifreq(r0, 0x8938, &(0x7f0000000000)={'veth0_to_bond\x00', @ifru_hwaddr=@remote})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="61000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000080)=@ethtool_rxfh={0x1}})

0s ago: executing program 41 (id=3133):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x3, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, &(0x7f0000000080)=0xffffffff, 0x46)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_ifreq(r0, 0x8938, &(0x7f0000000000)={'veth0_to_bond\x00', @ifru_hwaddr=@remote})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="61000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000080)=@ethtool_rxfh={0x1}})

kernel console output (not intermixed with test programs):

 clear_bhb_loop+0x60/0xb0
[  683.080721][T14125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.080745][T14125] RIP: 0033:0x7f26fa33f6c9
[  683.080767][T14125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.080793][T14125] RSP: 002b:00007f26f857d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  683.080818][T14125] RAX: ffffffffffffffda RBX: 00007f26fa596090 RCX: 00007f26fa33f6c9
[  683.080837][T14125] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  683.080852][T14125] RBP: 00007f26f857d090 R08: 0000000000000000 R09: 0000000000000000
[  683.080867][T14125] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  683.080882][T14125] R13: 00007f26fa596128 R14: 00007f26fa596090 R15: 00007ffcabdf8c18
[  683.080921][T14125]  </TASK>
[  684.103641][ T3120] usb 7-1: USB disconnect, device number 63
[  684.214375][ T5974] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[  684.215932][ T5877] usb 6-1: new full-speed USB device number 71 using dummy_hcd
[  684.366747][ T5974] usb 8-1: config 0 has an invalid interface number: 69 but max is 0
[  684.366776][ T5974] usb 8-1: config 0 has no interface number 0
[  684.366843][ T5974] usb 8-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  684.366870][ T5974] usb 8-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  684.370296][ T5974] usb 8-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  684.370383][ T5974] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.370406][ T5974] usb 8-1: Product: syz
[  684.370423][ T5974] usb 8-1: Manufacturer: syz
[  684.370439][ T5974] usb 8-1: SerialNumber: syz
[  684.447783][ T5877] usb 6-1: unable to get BOS descriptor or descriptor too short
[  684.452465][ T5877] usb 6-1: not running at top speed; connect to a high speed hub
[  684.498767][ T5877] usb 6-1: config 106 has an invalid interface number: 8 but max is 0
[  684.498796][ T5877] usb 6-1: config 106 has no interface number 0
[  684.498833][ T5877] usb 6-1: config 106 interface 8 has no altsetting 0
[  684.502834][ T5974] usb 8-1: config 0 descriptor??
[  684.504251][T14130] raw-gadget.2 gadget.7: fail, usb_ep_enable returned -22
[  684.543314][ T5877] usb 6-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=93.dd
[  684.543348][ T5877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  684.543372][ T5877] usb 6-1: Product: syz
[  684.543389][ T5877] usb 6-1: Manufacturer: syz
[  684.543405][ T5877] usb 6-1: SerialNumber: syz
[  684.591583][ T5974] cyberjack 8-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  684.664443][ T5974] usb 8-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  686.107323][ T5877] kalmia 6-1:106.8 (unnamed net_device) (uninitialized): Error sending init packet. Status -22
[  686.109284][ T5877] kalmia 6-1:106.8: probe with driver kalmia failed with error -22
[  686.149975][ T5877] usb 6-1: USB disconnect, device number 71
[  687.028690][T14163] FAULT_INJECTION: forcing a failure.
[  687.028690][T14163] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.028717][T14163] CPU: 1 UID: 0 PID: 14163 Comm: syz.3.2697 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  687.028735][T14163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  687.028745][T14163] Call Trace:
[  687.028751][T14163]  <TASK>
[  687.028758][T14163]  dump_stack_lvl+0x189/0x250
[  687.028790][T14163]  ? __pfx____ratelimit+0x10/0x10
[  687.028812][T14163]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.028836][T14163]  ? __pfx__printk+0x10/0x10
[  687.028856][T14163]  ? __might_fault+0xb0/0x130
[  687.028887][T14163]  should_fail_ex+0x46c/0x600
[  687.028913][T14163]  _copy_from_user+0x2d/0xb0
[  687.028932][T14163]  ___sys_sendmsg+0x158/0x2a0
[  687.028954][T14163]  ? __pfx____sys_sendmsg+0x10/0x10
[  687.029000][T14163]  ? __fget_files+0x2a/0x420
[  687.029022][T14163]  ? __fget_files+0x3a6/0x420
[  687.029052][T14163]  __x64_sys_sendmsg+0x1a1/0x260
[  687.029073][T14163]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  687.029100][T14163]  ? __pfx_ksys_write+0x10/0x10
[  687.029122][T14163]  ? do_syscall_64+0xbe/0xfa0
[  687.029148][T14163]  do_syscall_64+0xfa/0xfa0
[  687.029169][T14163]  ? lockdep_hardirqs_on+0x9c/0x150
[  687.029191][T14163]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.029207][T14163]  ? clear_bhb_loop+0x60/0xb0
[  687.029226][T14163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.029241][T14163] RIP: 0033:0x7f26fa33f6c9
[  687.029255][T14163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.029270][T14163] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  687.029287][T14163] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  687.029299][T14163] RDX: 0000000020040051 RSI: 0000200000002ac0 RDI: 0000000000000003
[  687.029310][T14163] RBP: 00007f26f859e090 R08: 0000000000000000 R09: 0000000000000000
[  687.029320][T14163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.029330][T14163] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  687.029355][T14163]  </TASK>
[  687.164948][   T10] usb 8-1: USB disconnect, device number 37
[  687.374236][   T10] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  687.374713][   T10] cyberjack 8-1:0.69: device disconnected
[  687.750700][T14169] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[  687.750728][T14169] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  687.750836][T14169] vhci_hcd vhci_hcd.0: Device attached
[  687.821037][T14167] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  688.012322][ T5877] usb 47-1: new high-speed USB device number 3 using vhci_hcd
[  688.774188][T14197] FAULT_INJECTION: forcing a failure.
[  688.774188][T14197] name failslab, interval 1, probability 0, space 0, times 0
[  688.774224][T14197] CPU: 1 UID: 0 PID: 14197 Comm: syz.9.2709 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  688.774251][T14197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  688.774276][T14197] Call Trace:
[  688.774286][T14197]  <TASK>
[  688.774297][T14197]  dump_stack_lvl+0x189/0x250
[  688.774339][T14197]  ? __pfx____ratelimit+0x10/0x10
[  688.774371][T14197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  688.774411][T14197]  ? __pfx__printk+0x10/0x10
[  688.774447][T14197]  ? __pfx___might_resched+0x10/0x10
[  688.774478][T14197]  should_fail_ex+0x46c/0x600
[  688.774515][T14197]  should_failslab+0xa8/0x100
[  688.774552][T14197]  __kmalloc_noprof+0xcc/0x7d0
[  688.774583][T14197]  ? kfree+0x51/0x950
[  688.774607][T14197]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  688.774644][T14197]  tomoyo_realpath_from_path+0xe3/0x5d0
[  688.774675][T14197]  ? tomoyo_domain+0xda/0x130
[  688.774710][T14197]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  688.774748][T14197]  tomoyo_path_number_perm+0x1e8/0x5a0
[  688.774789][T14197]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  688.774831][T14197]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  688.774873][T14197]  ? lockdep_hardirqs_on+0x9c/0x150
[  688.774939][T14197]  ? __fget_files+0x2a/0x420
[  688.774978][T14197]  ? __fget_files+0x3a6/0x420
[  688.775010][T14197]  ? __fget_files+0x2a/0x420
[  688.775067][T14197]  security_file_ioctl+0xcb/0x2d0
[  688.775095][T14197]  __se_sys_ioctl+0x47/0x170
[  688.775126][T14197]  do_syscall_64+0xfa/0xfa0
[  688.775158][T14197]  ? lockdep_hardirqs_on+0x9c/0x150
[  688.775192][T14197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.775218][T14197]  ? clear_bhb_loop+0x60/0xb0
[  688.775247][T14197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.775277][T14197] RIP: 0033:0x7fd0fe15f6c9
[  688.775298][T14197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.775319][T14197] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  688.775344][T14197] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  688.775361][T14197] RDX: 0000200000000080 RSI: 0000000040084149 RDI: 0000000000000005
[  688.775377][T14197] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  688.775393][T14197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.775408][T14197] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  688.775447][T14197]  </TASK>
[  688.776100][T14197] ERROR: Out of memory at tomoyo_realpath_from_path.
[  689.444249][T14199] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2710'.
[  690.081251][ T5974] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[  690.231174][ T5974] usb 7-1: Using ep0 maxpacket: 16
[  690.237437][ T5974] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  690.237468][ T5974] usb 7-1: config 0 has no interface number 0
[  690.266717][ T5974] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  690.266751][ T5974] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.266775][ T5974] usb 7-1: Product: syz
[  690.266791][ T5974] usb 7-1: Manufacturer: syz
[  690.266808][ T5974] usb 7-1: SerialNumber: syz
[  690.326970][ T5974] usb 7-1: config 0 descriptor??
[  690.356583][ T5974] hub 7-1:0.132: bad descriptor, ignoring hub
[  690.356627][ T5974] hub 7-1:0.132: probe with driver hub failed with error -5
[  690.384366][ T5974] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.132/input/input64
[  690.607872][T14209] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.625005][T14209] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.795171][T14171] vhci_hcd: connection reset by peer
[  690.795572][   T72] vhci_hcd: stop threads
[  690.795590][   T72] vhci_hcd: release socket
[  690.795674][   T72] vhci_hcd: disconnect device
[  690.918180][T14237] FAULT_INJECTION: forcing a failure.
[  690.918180][T14237] name failslab, interval 1, probability 0, space 0, times 0
[  690.918227][T14237] CPU: 1 UID: 0 PID: 14237 Comm: syz.5.2722 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  690.918260][T14237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  690.918283][T14237] Call Trace:
[  690.918293][T14237]  <TASK>
[  690.918304][T14237]  dump_stack_lvl+0x189/0x250
[  690.918351][T14237]  ? __pfx____ratelimit+0x10/0x10
[  690.918385][T14237]  ? __pfx_dump_stack_lvl+0x10/0x10
[  690.918426][T14237]  ? __pfx__printk+0x10/0x10
[  690.918462][T14237]  ? __pfx___might_resched+0x10/0x10
[  690.918495][T14237]  should_fail_ex+0x46c/0x600
[  690.918539][T14237]  should_failslab+0xa8/0x100
[  690.918585][T14237]  __kmalloc_noprof+0xcc/0x7d0
[  690.918629][T14237]  ? kfree+0x51/0x950
[  690.918658][T14237]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  690.918712][T14237]  tomoyo_realpath_from_path+0xe3/0x5d0
[  690.918768][T14237]  ? tomoyo_domain+0xda/0x130
[  690.918824][T14237]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  690.918876][T14237]  tomoyo_path_number_perm+0x1e8/0x5a0
[  690.918917][T14237]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  690.918985][T14237]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  690.919044][T14237]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.919187][T14237]  ? __fget_files+0x2a/0x420
[  690.919248][T14237]  ? __fget_files+0x3a6/0x420
[  690.919306][T14237]  ? __fget_files+0x2a/0x420
[  690.919360][T14237]  security_file_ioctl+0xcb/0x2d0
[  690.919391][T14237]  __se_sys_ioctl+0x47/0x170
[  690.919430][T14237]  do_syscall_64+0xfa/0xfa0
[  690.919462][T14237]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.919507][T14237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.919547][T14237]  ? clear_bhb_loop+0x60/0xb0
[  690.919584][T14237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.919612][T14237] RIP: 0033:0x7f3fc126f6c9
[  690.919641][T14237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.919663][T14237] RSP: 002b:00007f3fbf4ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  690.919692][T14237] RAX: ffffffffffffffda RBX: 00007f3fc14c5fa0 RCX: 00007f3fc126f6c9
[  690.919711][T14237] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  690.919726][T14237] RBP: 00007f3fbf4ce090 R08: 0000000000000000 R09: 0000000000000000
[  690.919750][T14237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.919775][T14237] R13: 00007f3fc14c6038 R14: 00007f3fc14c5fa0 R15: 00007fff4bc3dcb8
[  690.919822][T14237]  </TASK>
[  690.919833][T14237] ERROR: Out of memory at tomoyo_realpath_from_path.
[  692.322926][T14261] FAULT_INJECTION: forcing a failure.
[  692.322926][T14261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.322965][T14261] CPU: 0 UID: 0 PID: 14261 Comm: syz.9.2734 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  692.322992][T14261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  692.323008][T14261] Call Trace:
[  692.323017][T14261]  <TASK>
[  692.323028][T14261]  dump_stack_lvl+0x189/0x250
[  692.323069][T14261]  ? __pfx____ratelimit+0x10/0x10
[  692.323101][T14261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  692.323134][T14261]  ? __pfx__printk+0x10/0x10
[  692.323155][T14261]  ? __might_fault+0xb0/0x130
[  692.323187][T14261]  should_fail_ex+0x46c/0x600
[  692.323216][T14261]  _copy_from_user+0x2d/0xb0
[  692.323235][T14261]  ___sys_sendmsg+0x158/0x2a0
[  692.323259][T14261]  ? __pfx____sys_sendmsg+0x10/0x10
[  692.323306][T14261]  ? __fget_files+0x2a/0x420
[  692.323328][T14261]  ? __fget_files+0x3a6/0x420
[  692.323359][T14261]  __x64_sys_sendmsg+0x1a1/0x260
[  692.323381][T14261]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  692.323409][T14261]  ? __pfx_ksys_write+0x10/0x10
[  692.323433][T14261]  ? do_syscall_64+0xbe/0xfa0
[  692.323460][T14261]  do_syscall_64+0xfa/0xfa0
[  692.323482][T14261]  ? lockdep_hardirqs_on+0x9c/0x150
[  692.323505][T14261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.323521][T14261]  ? clear_bhb_loop+0x60/0xb0
[  692.323541][T14261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.323557][T14261] RIP: 0033:0x7fd0fe15f6c9
[  692.323572][T14261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.323586][T14261] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.323603][T14261] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  692.323615][T14261] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[  692.323626][T14261] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  692.323636][T14261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.323646][T14261] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  692.323672][T14261]  </TASK>
[  692.693806][T14265] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2735'.
[  693.075588][T14277] netlink: 'syz.5.2740': attribute type 1 has an invalid length.
[  693.141506][ T5877] vhci_hcd: vhci_device speed not set
[  693.421207][T14280] bond1: (slave geneve2): making interface the new active one
[  693.422367][T14280] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  693.500707][ T5989] usb 6-1: new full-speed USB device number 72 using dummy_hcd
[  693.530394][T14287] netlink: 'syz.7.2743': attribute type 1 has an invalid length.
[  693.612771][   T72] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  693.665931][ T5989] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[  693.665962][ T5989] usb 6-1: config 0 has no interface number 0
[  693.685405][ T5989] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  693.685435][ T5989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.685457][ T5989] usb 6-1: Product: syz
[  693.685472][ T5989] usb 6-1: Manufacturer: syz
[  693.685488][ T5989] usb 6-1: SerialNumber: syz
[  693.746884][ T5989] usb 6-1: config 0 descriptor??
[  693.779788][   T10] usb 7-1: USB disconnect, device number 64
[  693.890473][T14295] mmap: syz.3.2748 (14295): VmData 37597184 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data.
[  693.931325][   T72] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  694.089810][T14296] FAULT_INJECTION: forcing a failure.
[  694.089810][T14296] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  694.090785][T14296] CPU: 1 UID: 0 PID: 14296 Comm: syz.9.2746 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  694.090813][T14296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  694.090827][T14296] Call Trace:
[  694.090836][T14296]  <TASK>
[  694.090850][T14296]  dump_stack_lvl+0x189/0x250
[  694.090898][T14296]  ? __pfx____ratelimit+0x10/0x10
[  694.090927][T14296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.090960][T14296]  ? __pfx__printk+0x10/0x10
[  694.090987][T14296]  ? __might_fault+0xb0/0x130
[  694.091029][T14296]  should_fail_ex+0x46c/0x600
[  694.091065][T14296]  _copy_from_iter+0x1de/0x1790
[  694.091103][T14296]  ? __lock_acquire+0xab9/0xd20
[  694.091142][T14296]  ? __pfx__copy_from_iter+0x10/0x10
[  694.091193][T14296]  tun_get_user+0x219/0x3ec0
[  694.091228][T14296]  ? __lock_acquire+0xab9/0xd20
[  694.091268][T14296]  ? __might_fault+0xb0/0x130
[  694.091298][T14296]  ? __pfx_tun_get_user+0x10/0x10
[  694.091325][T14296]  ? _parse_integer_limit+0x1ae/0x1f0
[  694.091364][T14296]  ? __lock_acquire+0xab9/0xd20
[  694.091399][T14296]  ? ref_tracker_alloc+0x2fe/0x450
[  694.091428][T14296]  ? __lock_acquire+0xab9/0xd20
[  694.091459][T14296]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  694.091495][T14296]  ? tun_get+0x1c/0x2f0
[  694.091529][T14296]  ? tun_get+0x1c/0x2f0
[  694.091554][T14296]  ? tun_get+0x1c/0x2f0
[  694.091586][T14296]  tun_chr_write_iter+0x119/0x200
[  694.091617][T14296]  vfs_write+0x5d5/0xb40
[  694.091649][T14296]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  694.091678][T14296]  ? __pfx_vfs_write+0x10/0x10
[  694.091716][T14296]  ? __fget_files+0x2a/0x420
[  694.091757][T14296]  ksys_write+0x14b/0x260
[  694.091786][T14296]  ? __pfx_ksys_write+0x10/0x10
[  694.091817][T14296]  ? do_syscall_64+0xbe/0xfa0
[  694.091852][T14296]  do_syscall_64+0xfa/0xfa0
[  694.091889][T14296]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.091918][T14296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.091940][T14296]  ? clear_bhb_loop+0x60/0xb0
[  694.091966][T14296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.091987][T14296] RIP: 0033:0x7fd0fe15f6c9
[  694.092007][T14296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.092027][T14296] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  694.092050][T14296] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  694.092066][T14296] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003
[  694.092079][T14296] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  694.092092][T14296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.092105][T14296] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  694.092140][T14296]  </TASK>
[  694.099404][ T5801] usb 8-1: new full-speed USB device number 38 using dummy_hcd
[  694.273620][ T5801] usb 8-1: config 0 has an invalid interface number: 133 but max is 0
[  694.273652][ T5801] usb 8-1: config 0 has no interface number 0
[  694.277208][ T5801] usb 8-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  694.277240][ T5801] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.277266][ T5801] usb 8-1: Product: syz
[  694.277285][ T5801] usb 8-1: Manufacturer: syz
[  694.277305][ T5801] usb 8-1: SerialNumber: syz
[  694.311287][ T5801] usb 8-1: config 0 descriptor??
[  694.358010][T14275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.360953][T14275] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.407824][ T5989] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[  694.459101][   T72] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  694.486653][   T12] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  695.422304][ T5989] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[  695.422383][ T5989] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[  695.422453][ T5989] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[  695.465414][T14284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.465895][T14284] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.498847][ T5989] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  695.558570][ T5989] usb 6-1: USB disconnect, device number 72
[  695.638745][ T5989] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  695.642919][ T5989] keyspan 6-1:0.133: device disconnected
[  695.986513][ T5801] keyspan 8-1:0.133: Keyspan 1 port adapter converter detected
[  695.989928][ T5801] keyspan 8-1:0.133: found no endpoint descriptor for endpoint 81
[  695.990062][ T5801] keyspan 8-1:0.133: found no endpoint descriptor for endpoint 1
[  695.990159][ T5801] keyspan 8-1:0.133: found no endpoint descriptor for endpoint 2
[  695.999634][ T5801] usb 8-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  696.007485][ T5989] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[  696.036075][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  696.036151][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  696.101038][ T5801] usb 8-1: USB disconnect, device number 38
[  696.147269][ T5801] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  696.147956][ T5801] keyspan 8-1:0.133: device disconnected
[  696.218437][ T5989] usb 6-1: Using ep0 maxpacket: 16
[  696.320563][ T5989] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  696.320595][ T5989] usb 6-1: config 0 has no interface number 0
[  696.325198][ T5989] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  696.325231][ T5989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.325253][ T5989] usb 6-1: Product: syz
[  696.325269][ T5989] usb 6-1: Manufacturer: syz
[  696.325284][ T5989] usb 6-1: SerialNumber: syz
[  696.450661][ T5989] usb 6-1: config 0 descriptor??
[  696.457456][ T5989] hub 6-1:0.132: bad descriptor, ignoring hub
[  696.457497][ T5989] hub 6-1:0.132: probe with driver hub failed with error -5
[  696.498543][ T5989] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.132/input/input65
[  696.717205][T14324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.717693][T14324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.377592][ T5989] usb 8-1: new high-speed USB device number 39 using dummy_hcd
[  697.475954][T14363] FAULT_INJECTION: forcing a failure.
[  697.475954][T14363] name failslab, interval 1, probability 0, space 0, times 0
[  697.475997][T14363] CPU: 1 UID: 0 PID: 14363 Comm: syz.3.2775 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  697.476025][T14363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  697.476041][T14363] Call Trace:
[  697.476051][T14363]  <TASK>
[  697.476062][T14363]  dump_stack_lvl+0x189/0x250
[  697.476105][T14363]  ? __pfx____ratelimit+0x10/0x10
[  697.476138][T14363]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.476174][T14363]  ? __pfx__printk+0x10/0x10
[  697.476211][T14363]  ? __pfx___might_resched+0x10/0x10
[  697.476239][T14363]  ? fs_reclaim_acquire+0x7d/0x100
[  697.476279][T14363]  should_fail_ex+0x46c/0x600
[  697.476317][T14363]  ? __alloc_skb+0x112/0x2d0
[  697.476341][T14363]  should_failslab+0xa8/0x100
[  697.476377][T14363]  ? __alloc_skb+0x112/0x2d0
[  697.476399][T14363]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  697.476432][T14363]  ? netlink_autobind+0xdb/0x300
[  697.476465][T14363]  __alloc_skb+0x112/0x2d0
[  697.476504][T14363]  netlink_sendmsg+0x5c6/0xb30
[  697.476529][T14363]  ? is_bpf_text_address+0x26/0x2b0
[  697.476577][T14363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.476613][T14363]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  697.476647][T14363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.476674][T14363]  __sock_sendmsg+0x21c/0x270
[  697.476713][T14363]  ____sys_sendmsg+0x508/0x820
[  697.476749][T14363]  ? __pfx_____sys_sendmsg+0x10/0x10
[  697.476790][T14363]  ? import_iovec+0x74/0xa0
[  697.476820][T14363]  ___sys_sendmsg+0x21f/0x2a0
[  697.476852][T14363]  ? __pfx____sys_sendmsg+0x10/0x10
[  697.476933][T14363]  ? __fget_files+0x2a/0x420
[  697.476972][T14363]  ? __fget_files+0x3a6/0x420
[  697.477036][T14363]  __x64_sys_sendmsg+0x1a1/0x260
[  697.477069][T14363]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  697.477124][T14363]  ? __pfx_ksys_write+0x10/0x10
[  697.477168][T14363]  ? do_syscall_64+0xbe/0xfa0
[  697.477233][T14363]  do_syscall_64+0xfa/0xfa0
[  697.477270][T14363]  ? lockdep_hardirqs_on+0x9c/0x150
[  697.477316][T14363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.477344][T14363]  ? clear_bhb_loop+0x60/0xb0
[  697.477380][T14363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.477402][T14363] RIP: 0033:0x7f26fa33f6c9
[  697.477427][T14363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.477447][T14363] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  697.477483][T14363] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  697.477507][T14363] RDX: 0000000020000090 RSI: 00002000000000c0 RDI: 0000000000000003
[  697.477523][T14363] RBP: 00007f26f859e090 R08: 0000000000000000 R09: 0000000000000000
[  697.477538][T14363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.477553][T14363] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  697.477593][T14363]  </TASK>
[  697.785059][ T5989] usb 8-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  697.785094][ T5989] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.785116][ T5989] usb 8-1: Product: syz
[  697.785132][ T5989] usb 8-1: Manufacturer: syz
[  697.785149][ T5989] usb 8-1: SerialNumber: syz
[  697.825285][ T5989] usb 8-1: config 0 descriptor??
[  697.842077][ T5989] i2c-tiny-usb 8-1:0.0: version 6d.cc found at bus 008 address 039
[  698.251237][ T5989]  (null): failure reading functionality
[  698.266383][ T5989] i2c i2c-2: failure reading functionality
[  698.283958][ T5989] i2c i2c-2: connected i2c-tiny-usb device
[  698.570688][T14359] loop7: detected capacity change from 0 to 7
[  698.583322][T14359] Dev loop7: unable to read RDB block 7
[  698.583368][T14359]  loop7: unable to read partition table
[  698.584065][T14359] loop7: partition table beyond EOD, truncated
[  698.584086][T14359] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5)
[  699.117344][T14387] xt_l2tp: invalid flags combination: 0
[  699.497348][  T981] usb 6-1: USB disconnect, device number 73
[  699.515509][ T5974] usb 8-1: USB disconnect, device number 39
[  700.058708][T14410] FAULT_INJECTION: forcing a failure.
[  700.058708][T14410] name failslab, interval 1, probability 0, space 0, times 0
[  700.058746][T14410] CPU: 1 UID: 0 PID: 14410 Comm: syz.9.2796 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  700.058773][T14410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  700.058789][T14410] Call Trace:
[  700.058798][T14410]  <TASK>
[  700.058809][T14410]  dump_stack_lvl+0x189/0x250
[  700.058850][T14410]  ? __pfx____ratelimit+0x10/0x10
[  700.058881][T14410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.058918][T14410]  ? __pfx__printk+0x10/0x10
[  700.058953][T14410]  ? __pfx___might_resched+0x10/0x10
[  700.058979][T14410]  ? fs_reclaim_acquire+0x7d/0x100
[  700.059018][T14410]  should_fail_ex+0x46c/0x600
[  700.059057][T14410]  should_failslab+0xa8/0x100
[  700.059095][T14410]  __kmalloc_noprof+0xcc/0x7d0
[  700.059127][T14410]  ? tomoyo_encode+0x28b/0x550
[  700.059166][T14410]  tomoyo_encode+0x28b/0x550
[  700.059213][T14410]  tomoyo_realpath_from_path+0x58d/0x5d0
[  700.059244][T14410]  ? tomoyo_domain+0xda/0x130
[  700.059278][T14410]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  700.059342][T14410]  tomoyo_path_number_perm+0x1e8/0x5a0
[  700.059384][T14410]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  700.059428][T14410]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  700.059474][T14410]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.059546][T14410]  ? __fget_files+0x2a/0x420
[  700.059581][T14410]  ? __fget_files+0x3a6/0x420
[  700.059610][T14410]  ? __fget_files+0x2a/0x420
[  700.059645][T14410]  security_file_ioctl+0xcb/0x2d0
[  700.059669][T14410]  __se_sys_ioctl+0x47/0x170
[  700.059696][T14410]  do_syscall_64+0xfa/0xfa0
[  700.059725][T14410]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.059758][T14410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.059779][T14410]  ? clear_bhb_loop+0x60/0xb0
[  700.059806][T14410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.059827][T14410] RIP: 0033:0x7fd0fe15f6c9
[  700.059845][T14410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.059865][T14410] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  700.059887][T14410] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  700.059903][T14410] RDX: 0000200000000040 RSI: 0000000000008918 RDI: 0000000000000003
[  700.059917][T14410] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  700.059932][T14410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.059945][T14410] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  700.059979][T14410]  </TASK>
[  700.064708][T14410] ERROR: Out of memory at tomoyo_realpath_from_path.
[  701.819843][T14426] FAULT_INJECTION: forcing a failure.
[  701.819843][T14426] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  701.819881][T14426] CPU: 0 UID: 0 PID: 14426 Comm: syz.9.2802 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  701.819908][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  701.819923][T14426] Call Trace:
[  701.819932][T14426]  <TASK>
[  701.819943][T14426]  dump_stack_lvl+0x189/0x250
[  701.819983][T14426]  ? __pfx____ratelimit+0x10/0x10
[  701.820015][T14426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  701.820050][T14426]  ? __pfx__printk+0x10/0x10
[  701.820078][T14426]  ? __might_fault+0xb0/0x130
[  701.820124][T14426]  should_fail_ex+0x46c/0x600
[  701.820162][T14426]  _copy_from_user+0x2d/0xb0
[  701.820189][T14426]  sctp_setsockopt+0x19f/0x1200
[  701.820225][T14426]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  701.820264][T14426]  do_sock_setsockopt+0x17c/0x1b0
[  701.820295][T14426]  __x64_sys_setsockopt+0x145/0x1b0
[  701.820328][T14426]  do_syscall_64+0xfa/0xfa0
[  701.820361][T14426]  ? lockdep_hardirqs_on+0x9c/0x150
[  701.820393][T14426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.820423][T14426]  ? clear_bhb_loop+0x60/0xb0
[  701.820451][T14426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.820474][T14426] RIP: 0033:0x7fd0fe15f6c9
[  701.820494][T14426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.820515][T14426] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  701.820539][T14426] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  701.820555][T14426] RDX: 0000000000000085 RSI: 0000000000000084 RDI: 0000000000000003
[  701.820570][T14426] RBP: 00007fd0fc3be090 R08: 0000000000000090 R09: 0000000000000000
[  701.820585][T14426] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.820600][T14426] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  701.820637][T14426]  </TASK>
[  702.818498][T14436] FAULT_INJECTION: forcing a failure.
[  702.818498][T14436] name failslab, interval 1, probability 0, space 0, times 0
[  702.818536][T14436] CPU: 1 UID: 0 PID: 14436 Comm: syz.9.2808 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  702.818563][T14436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  702.818578][T14436] Call Trace:
[  702.818587][T14436]  <TASK>
[  702.818598][T14436]  dump_stack_lvl+0x189/0x250
[  702.818641][T14436]  ? __pfx____ratelimit+0x10/0x10
[  702.818675][T14436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  702.818712][T14436]  ? __pfx__printk+0x10/0x10
[  702.818748][T14436]  ? __pfx___might_resched+0x10/0x10
[  702.818773][T14436]  ? fs_reclaim_acquire+0x7d/0x100
[  702.818814][T14436]  should_fail_ex+0x46c/0x600
[  702.818854][T14436]  should_failslab+0xa8/0x100
[  702.818893][T14436]  __kmalloc_noprof+0xcc/0x7d0
[  702.818925][T14436]  ? tomoyo_encode+0x28b/0x550
[  702.818959][T14436]  tomoyo_encode+0x28b/0x550
[  702.818995][T14436]  tomoyo_realpath_from_path+0x58d/0x5d0
[  702.819027][T14436]  ? tomoyo_domain+0xda/0x130
[  702.819070][T14436]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  702.819110][T14436]  tomoyo_path_number_perm+0x1e8/0x5a0
[  702.819152][T14436]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  702.819201][T14436]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  702.819249][T14436]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.819313][T14436]  ? __fget_files+0x2a/0x420
[  702.819351][T14436]  ? __fget_files+0x3a6/0x420
[  702.819383][T14436]  ? __fget_files+0x2a/0x420
[  702.819420][T14436]  security_file_ioctl+0xcb/0x2d0
[  702.819446][T14436]  __se_sys_ioctl+0x47/0x170
[  702.819476][T14436]  do_syscall_64+0xfa/0xfa0
[  702.819508][T14436]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.819540][T14436]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.819562][T14436]  ? clear_bhb_loop+0x60/0xb0
[  702.819608][T14436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.819630][T14436] RIP: 0033:0x7fd0fe15f6c9
[  702.819649][T14436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.819667][T14436] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  702.819691][T14436] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  702.819709][T14436] RDX: 0000200000000000 RSI: 000000004048ae9b RDI: 0000000000000005
[  702.819725][T14436] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  702.819740][T14436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  702.819756][T14436] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  702.819795][T14436]  </TASK>
[  702.819818][T14436] ERROR: Out of memory at tomoyo_realpath_from_path.
[  705.283044][T14455] FAULT_INJECTION: forcing a failure.
[  705.283044][T14455] name failslab, interval 1, probability 0, space 0, times 0
[  705.283091][T14455] CPU: 1 UID: 0 PID: 14455 Comm: syz.9.2815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  705.283118][T14455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  705.283133][T14455] Call Trace:
[  705.283142][T14455]  <TASK>
[  705.283154][T14455]  dump_stack_lvl+0x189/0x250
[  705.283194][T14455]  ? __pfx____ratelimit+0x10/0x10
[  705.283226][T14455]  ? __pfx_dump_stack_lvl+0x10/0x10
[  705.283262][T14455]  ? __pfx__printk+0x10/0x10
[  705.283297][T14455]  ? __pfx___might_resched+0x10/0x10
[  705.283329][T14455]  should_fail_ex+0x46c/0x600
[  705.283366][T14455]  should_failslab+0xa8/0x100
[  705.283404][T14455]  __kmalloc_cache_noprof+0x6f/0x6c0
[  705.283438][T14455]  ? snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  705.283489][T14455]  snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  705.283536][T14455]  ? __lock_acquire+0xab9/0xd20
[  705.283577][T14455]  ? do_raw_spin_lock+0x121/0x290
[  705.283614][T14455]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  705.283651][T14455]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  705.283684][T14455]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.283727][T14455]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  705.283772][T14455]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  705.283813][T14455]  ? mutex_lock_interruptible_nested+0x154/0x1d0
[  705.283838][T14455]  ? snd_pcm_oss_write+0x295/0x11a0
[  705.283876][T14455]  snd_pcm_oss_write+0x301/0x11a0
[  705.283908][T14455]  ? __lock_acquire+0xab9/0xd20
[  705.283956][T14455]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  705.283989][T14455]  ? __lock_acquire+0xab9/0xd20
[  705.284023][T14455]  ? rw_verify_area+0x25b/0x4e0
[  705.284054][T14455]  vfs_writev+0x4bf/0x970
[  705.284077][T14455]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  705.284120][T14455]  ? __pfx_vfs_writev+0x10/0x10
[  705.284156][T14455]  ? __fget_files+0x2a/0x420
[  705.284191][T14455]  ? __fget_files+0x3a6/0x420
[  705.284221][T14455]  ? __fget_files+0x2a/0x420
[  705.284261][T14455]  do_writev+0x153/0x2d0
[  705.284297][T14455]  ? __pfx_do_writev+0x10/0x10
[  705.284334][T14455]  ? do_syscall_64+0xbe/0xfa0
[  705.284368][T14455]  do_syscall_64+0xfa/0xfa0
[  705.284397][T14455]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.284427][T14455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.284449][T14455]  ? clear_bhb_loop+0x60/0xb0
[  705.284476][T14455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.284497][T14455] RIP: 0033:0x7fd0fe15f6c9
[  705.284534][T14455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.284554][T14455] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  705.284578][T14455] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  705.284596][T14455] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  705.284611][T14455] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  705.284626][T14455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  705.284641][T14455] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  705.284679][T14455]  </TASK>
[  705.836959][T14460] FAULT_INJECTION: forcing a failure.
[  705.836959][T14460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  705.836998][T14460] CPU: 1 UID: 0 PID: 14460 Comm: syz.6.2817 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  705.837033][T14460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  705.837048][T14460] Call Trace:
[  705.837057][T14460]  <TASK>
[  705.837068][T14460]  dump_stack_lvl+0x189/0x250
[  705.837109][T14460]  ? __pfx____ratelimit+0x10/0x10
[  705.837141][T14460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  705.837177][T14460]  ? __pfx__printk+0x10/0x10
[  705.837222][T14460]  should_fail_ex+0x46c/0x600
[  705.837260][T14460]  _copy_to_user+0x31/0xb0
[  705.837289][T14460]  simple_read_from_buffer+0xe1/0x170
[  705.837327][T14460]  proc_fail_nth_read+0x1b6/0x220
[  705.837356][T14460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  705.837385][T14460]  ? rw_verify_area+0x2ac/0x4e0
[  705.837413][T14460]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  705.837441][T14460]  vfs_read+0x206/0xa30
[  705.837479][T14460]  ? __pfx_vfs_read+0x10/0x10
[  705.837503][T14460]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  705.837540][T14460]  ? mutex_lock_nested+0x154/0x1d0
[  705.837564][T14460]  ? fdget_pos+0x253/0x320
[  705.837607][T14460]  ksys_read+0x14b/0x260
[  705.837638][T14460]  ? __pfx_ksys_read+0x10/0x10
[  705.837664][T14460]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[  705.837697][T14460]  ? syscall_user_dispatch+0x4f/0x90
[  705.837736][T14460]  do_syscall_64+0xfa/0xfa0
[  705.837787][T14460]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.837837][T14460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.837861][T14460]  ? clear_bhb_loop+0x60/0xb0
[  705.837891][T14460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.837914][T14460] RIP: 0033:0x7faf381ae0dc
[  705.837935][T14460] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  705.837956][T14460] RSP: 002b:00007faf3640e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  705.837981][T14460] RAX: ffffffffffffffda RBX: 00007faf38405fa0 RCX: 00007faf381ae0dc
[  705.837999][T14460] RDX: 000000000000000f RSI: 00007faf3640e0a0 RDI: 0000000000000003
[  705.838021][T14460] RBP: 00007faf3640e090 R08: 0000000000000000 R09: 0000000000000000
[  705.838037][T14460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  705.838052][T14460] R13: 00007faf38406038 R14: 00007faf38405fa0 R15: 00007ffcf88588a8
[  705.838092][T14460]  </TASK>
[  706.873137][  T981] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[  707.103063][  T981] usb 6-1: Using ep0 maxpacket: 16
[  707.134433][  T981] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  707.134464][  T981] usb 6-1: config 0 has no interface number 0
[  707.203741][  T981] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  707.203777][  T981] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.203801][  T981] usb 6-1: Product: syz
[  707.203818][  T981] usb 6-1: Manufacturer: syz
[  707.203835][  T981] usb 6-1: SerialNumber: syz
[  707.276960][  T981] usb 6-1: config 0 descriptor??
[  707.299432][  T981] hub 6-1:0.132: bad descriptor, ignoring hub
[  707.299477][  T981] hub 6-1:0.132: probe with driver hub failed with error -5
[  707.344656][  T981] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.132/input/input66
[  707.505182][T14469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.505633][T14469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  708.392836][T14499] FAULT_INJECTION: forcing a failure.
[  708.392836][T14499] name failslab, interval 1, probability 0, space 0, times 0
[  708.392877][T14499] CPU: 1 UID: 0 PID: 14499 Comm: syz.6.2831 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  708.392904][T14499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  708.392920][T14499] Call Trace:
[  708.392929][T14499]  <TASK>
[  708.392941][T14499]  dump_stack_lvl+0x189/0x250
[  708.392984][T14499]  ? __pfx____ratelimit+0x10/0x10
[  708.393016][T14499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.393054][T14499]  ? __pfx__printk+0x10/0x10
[  708.393090][T14499]  ? __pfx___might_resched+0x10/0x10
[  708.393118][T14499]  ? fs_reclaim_acquire+0x7d/0x100
[  708.393159][T14499]  should_fail_ex+0x46c/0x600
[  708.393196][T14499]  ? __alloc_skb+0x112/0x2d0
[  708.393220][T14499]  should_failslab+0xa8/0x100
[  708.393257][T14499]  ? __alloc_skb+0x112/0x2d0
[  708.393278][T14499]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  708.393312][T14499]  ? netlink_autobind+0xdb/0x300
[  708.393345][T14499]  __alloc_skb+0x112/0x2d0
[  708.393375][T14499]  netlink_sendmsg+0x5c6/0xb30
[  708.393400][T14499]  ? is_bpf_text_address+0x26/0x2b0
[  708.393447][T14499]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.393483][T14499]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  708.393518][T14499]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.393546][T14499]  __sock_sendmsg+0x21c/0x270
[  708.393593][T14499]  ____sys_sendmsg+0x508/0x820
[  708.393629][T14499]  ? __pfx_____sys_sendmsg+0x10/0x10
[  708.393669][T14499]  ? import_iovec+0x74/0xa0
[  708.393700][T14499]  ___sys_sendmsg+0x21f/0x2a0
[  708.393743][T14499]  ? __pfx____sys_sendmsg+0x10/0x10
[  708.393815][T14499]  ? __fget_files+0x2a/0x420
[  708.393847][T14499]  ? __fget_files+0x3a6/0x420
[  708.393892][T14499]  __x64_sys_sendmsg+0x1a1/0x260
[  708.393923][T14499]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  708.393963][T14499]  ? __pfx_ksys_write+0x10/0x10
[  708.393997][T14499]  ? do_syscall_64+0xbe/0xfa0
[  708.394035][T14499]  do_syscall_64+0xfa/0xfa0
[  708.394066][T14499]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.394099][T14499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.394122][T14499]  ? clear_bhb_loop+0x60/0xb0
[  708.394151][T14499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.394173][T14499] RIP: 0033:0x7faf381af6c9
[  708.394193][T14499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.394214][T14499] RSP: 002b:00007faf3640e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  708.394240][T14499] RAX: ffffffffffffffda RBX: 00007faf38405fa0 RCX: 00007faf381af6c9
[  708.394257][T14499] RDX: 0000000004000000 RSI: 0000200000000400 RDI: 0000000000000003
[  708.394274][T14499] RBP: 00007faf3640e090 R08: 0000000000000000 R09: 0000000000000000
[  708.394289][T14499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.394303][T14499] R13: 00007faf38406038 R14: 00007faf38405fa0 R15: 00007ffcf88588a8
[  708.394340][T14499]  </TASK>
[  709.088841][T14505] bridge0: entered allmulticast mode
[  709.107148][T14505] pim6reg: entered allmulticast mode
[  710.425600][ T5974] usb 6-1: USB disconnect, device number 74
[  710.645989][T14535] FAULT_INJECTION: forcing a failure.
[  710.645989][T14535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.646036][T14535] CPU: 1 UID: 0 PID: 14535 Comm: syz.3.2834 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  710.646063][T14535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  710.646078][T14535] Call Trace:
[  710.646088][T14535]  <TASK>
[  710.646099][T14535]  dump_stack_lvl+0x189/0x250
[  710.646143][T14535]  ? __pfx____ratelimit+0x10/0x10
[  710.646175][T14535]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.646211][T14535]  ? __pfx__printk+0x10/0x10
[  710.646240][T14535]  ? __might_fault+0xb0/0x130
[  710.646288][T14535]  should_fail_ex+0x46c/0x600
[  710.646325][T14535]  _copy_from_iter+0x1de/0x1790
[  710.646381][T14535]  ? __pfx__copy_from_iter+0x10/0x10
[  710.646430][T14535]  ? rcu_is_watching+0x15/0xb0
[  710.646454][T14535]  ? kfree+0x51/0x950
[  710.646479][T14535]  ? file_tty_write+0x32e/0xa30
[  710.646513][T14535]  file_tty_write+0x4ca/0xa30
[  710.646550][T14535]  vfs_write+0x5d5/0xb40
[  710.646585][T14535]  ? __pfx_tty_write+0x10/0x10
[  710.646613][T14535]  ? __pfx_vfs_write+0x10/0x10
[  710.646654][T14535]  ? __fget_files+0x2a/0x420
[  710.646698][T14535]  ksys_write+0x14b/0x260
[  710.646730][T14535]  ? __pfx_ksys_write+0x10/0x10
[  710.646764][T14535]  ? do_syscall_64+0xbe/0xfa0
[  710.646802][T14535]  do_syscall_64+0xfa/0xfa0
[  710.646834][T14535]  ? lockdep_hardirqs_on+0x9c/0x150
[  710.646866][T14535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.646890][T14535]  ? clear_bhb_loop+0x60/0xb0
[  710.646920][T14535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.646943][T14535] RIP: 0033:0x7f26fa33f6c9
[  710.646965][T14535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  710.646987][T14535] RSP: 002b:00007f26f855c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  710.647012][T14535] RAX: ffffffffffffffda RBX: 00007f26fa596180 RCX: 00007f26fa33f6c9
[  710.647030][T14535] RDX: 0000000000001006 RSI: 0000200000002100 RDI: 0000000000000006
[  710.647046][T14535] RBP: 00007f26f855c090 R08: 0000000000000000 R09: 0000000000000000
[  710.647061][T14535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  710.647076][T14535] R13: 00007f26fa596218 R14: 00007f26fa596180 R15: 00007ffcabdf8c18
[  710.647114][T14535]  </TASK>
[  711.370826][ T5974] usb 6-1: new full-speed USB device number 75 using dummy_hcd
[  711.583126][ T5974] usb 6-1: unable to get BOS descriptor or descriptor too short
[  711.583752][ T5974] usb 6-1: not running at top speed; connect to a high speed hub
[  711.585005][ T5974] usb 6-1: config 106 has an invalid interface number: 8 but max is 0
[  711.585033][ T5974] usb 6-1: config 106 has no interface number 0
[  711.585070][ T5974] usb 6-1: config 106 interface 8 has no altsetting 0
[  711.587583][ T5974] usb 6-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=93.dd
[  711.587614][ T5974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.587637][ T5974] usb 6-1: Product: syz
[  711.587654][ T5974] usb 6-1: Manufacturer: syz
[  711.587671][ T5974] usb 6-1: SerialNumber: syz
[  712.065428][ T5974] kalmia 6-1:106.8 (unnamed net_device) (uninitialized): Error sending init packet. Status -22
[  712.065730][ T5974] kalmia 6-1:106.8: probe with driver kalmia failed with error -22
[  712.116975][ T5974] usb 6-1: USB disconnect, device number 75
[  712.340917][T14553] FAULT_INJECTION: forcing a failure.
[  712.340917][T14553] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  712.340954][T14553] CPU: 0 UID: 0 PID: 14553 Comm: syz.9.2855 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  712.340981][T14553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  712.340995][T14553] Call Trace:
[  712.341004][T14553]  <TASK>
[  712.341015][T14553]  dump_stack_lvl+0x189/0x250
[  712.341055][T14553]  ? __pfx____ratelimit+0x10/0x10
[  712.341086][T14553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  712.341128][T14553]  ? __pfx__printk+0x10/0x10
[  712.341172][T14553]  should_fail_ex+0x46c/0x600
[  712.341218][T14553]  _copy_to_user+0x31/0xb0
[  712.341247][T14553]  simple_read_from_buffer+0xe1/0x170
[  712.341284][T14553]  proc_fail_nth_read+0x1b6/0x220
[  712.341313][T14553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  712.341342][T14553]  ? rw_verify_area+0x2ac/0x4e0
[  712.341370][T14553]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  712.341398][T14553]  vfs_read+0x206/0xa30
[  712.341435][T14553]  ? __pfx_vfs_read+0x10/0x10
[  712.341460][T14553]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  712.341502][T14553]  ? mutex_lock_nested+0x154/0x1d0
[  712.341526][T14553]  ? fdget_pos+0x253/0x320
[  712.341570][T14553]  ksys_read+0x14b/0x260
[  712.341601][T14553]  ? __pfx_ksys_read+0x10/0x10
[  712.341634][T14553]  ? do_syscall_64+0xbe/0xfa0
[  712.341672][T14553]  do_syscall_64+0xfa/0xfa0
[  712.341703][T14553]  ? lockdep_hardirqs_on+0x9c/0x150
[  712.341734][T14553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.341758][T14553]  ? clear_bhb_loop+0x60/0xb0
[  712.341786][T14553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.341809][T14553] RIP: 0033:0x7fd0fe15e0dc
[  712.341830][T14553] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  712.341851][T14553] RSP: 002b:00007fd0fc39d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  712.341875][T14553] RAX: ffffffffffffffda RBX: 00007fd0fe3b6090 RCX: 00007fd0fe15e0dc
[  712.341891][T14553] RDX: 000000000000000f RSI: 00007fd0fc39d0a0 RDI: 0000000000000004
[  712.341906][T14553] RBP: 00007fd0fc39d090 R08: 0000000000000000 R09: 0000000000000000
[  712.341920][T14553] R10: 0000000060000002 R11: 0000000000000246 R12: 0000000000000001
[  712.341935][T14553] R13: 00007fd0fe3b6128 R14: 00007fd0fe3b6090 R15: 00007fff8d1e2cb8
[  712.341973][T14553]  </TASK>
[  713.446140][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.034513][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.179469][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.427847][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.535598][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.613381][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.645371][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.734608][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.795373][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.933979][    C0] vkms_vblank_simulate: vblank timer overrun
[  714.985653][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.034146][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.145427][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.214616][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.445578][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.545256][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.665577][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.693618][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.745692][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.813956][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.861096][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.896298][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.060307][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.160276][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.196020][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.260698][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.532758][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.584212][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.683066][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.734041][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.793732][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.831389][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.883021][    C0] vkms_vblank_simulate: vblank timer overrun
[  717.913118][    C0] vkms_vblank_simulate: vblank timer overrun
[  718.636958][ T5989] usb 8-1: new high-speed USB device number 40 using dummy_hcd
[  718.787581][T14616] FAULT_INJECTION: forcing a failure.
[  718.787581][T14616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.787755][T14616] CPU: 1 UID: 0 PID: 14616 Comm: syz.3.2879 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  718.787789][T14616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  718.787808][T14616] Call Trace:
[  718.787822][T14616]  <TASK>
[  718.787837][T14616]  dump_stack_lvl+0x189/0x250
[  718.787881][T14616]  ? __pfx____ratelimit+0x10/0x10
[  718.787918][T14616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.787959][T14616]  ? __pfx__printk+0x10/0x10
[  718.787992][T14616]  ? __might_fault+0xb0/0x130
[  718.788040][T14616]  should_fail_ex+0x46c/0x600
[  718.788078][T14616]  _copy_from_user+0x2d/0xb0
[  718.788121][T14616]  core_sys_select+0x60b/0xa20
[  718.788176][T14616]  ? __pfx_core_sys_select+0x10/0x10
[  718.788251][T14616]  ? __pfx_set_user_sigmask+0x10/0x10
[  718.788284][T14616]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  718.788312][T14616]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  718.788360][T14616]  __se_sys_pselect6+0x27a/0x300
[  718.788403][T14616]  ? __pfx___se_sys_pselect6+0x10/0x10
[  718.788435][T14616]  ? __pfx_ksys_write+0x10/0x10
[  718.788473][T14616]  ? __x64_sys_pselect6+0x21/0xf0
[  718.788508][T14616]  do_syscall_64+0xfa/0xfa0
[  718.788545][T14616]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.788578][T14616]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.788606][T14616]  ? clear_bhb_loop+0x60/0xb0
[  718.788635][T14616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.788664][T14616] RIP: 0033:0x7f26fa33f6c9
[  718.788689][T14616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.788710][T14616] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  718.788736][T14616] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  718.788759][T14616] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[  718.788779][T14616] RBP: 00007f26f859e090 R08: 0000000000000000 R09: 0000000000000000
[  718.788794][T14616] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001
[  718.788810][T14616] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  718.788852][T14616]  </TASK>
[  718.799806][ T5989] usb 8-1: config 0 has an invalid interface number: 69 but max is 0
[  718.799835][ T5989] usb 8-1: config 0 has no interface number 0
[  718.799888][ T5989] usb 8-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  718.799922][ T5989] usb 8-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  718.803480][ T5989] usb 8-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  718.803512][ T5989] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.803536][ T5989] usb 8-1: Product: syz
[  718.803554][ T5989] usb 8-1: Manufacturer: syz
[  718.803571][ T5989] usb 8-1: SerialNumber: syz
[  719.109887][ T5989] usb 8-1: config 0 descriptor??
[  719.110793][T14602] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  719.256302][ T5989] cyberjack 8-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  719.421274][ T5989] usb 8-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  721.930871][  T981] usb 8-1: USB disconnect, device number 40
[  722.256282][  T981] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  722.259944][  T981] cyberjack 8-1:0.69: device disconnected
[  725.734318][T14639] FAULT_INJECTION: forcing a failure.
[  725.734318][T14639] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.734358][T14639] CPU: 0 UID: 0 PID: 14639 Comm: syz.3.2888 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  725.734385][T14639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  725.734400][T14639] Call Trace:
[  725.734409][T14639]  <TASK>
[  725.734420][T14639]  dump_stack_lvl+0x189/0x250
[  725.734459][T14639]  ? __pfx____ratelimit+0x10/0x10
[  725.734491][T14639]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.734526][T14639]  ? __pfx__printk+0x10/0x10
[  725.734555][T14639]  ? __might_fault+0xb0/0x130
[  725.734600][T14639]  should_fail_ex+0x46c/0x600
[  725.734637][T14639]  _copy_from_iter+0x1de/0x1790
[  725.734674][T14639]  ? __lock_acquire+0xab9/0xd20
[  725.734705][T14639]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  725.734749][T14639]  ? __pfx__copy_from_iter+0x10/0x10
[  725.734791][T14639]  ? dev_get_by_index+0x22/0x2e0
[  725.734824][T14639]  ? dev_get_by_index+0x22/0x2e0
[  725.734860][T14639]  packet_sendmsg+0x3072/0x5080
[  725.734888][T14639]  ? __lock_acquire+0xab9/0xd20
[  725.734929][T14639]  ? __might_fault+0xb0/0x130
[  725.734964][T14639]  ? _parse_integer_limit+0x1ae/0x1f0
[  725.735010][T14639]  ? smack_socket_sendmsg+0x1fa/0x520
[  725.735040][T14639]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  725.735070][T14639]  ? __lock_acquire+0xab9/0xd20
[  725.735101][T14639]  ? __pfx_packet_sendmsg+0x10/0x10
[  725.735133][T14639]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  725.735173][T14639]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  725.735206][T14639]  ? __pfx_packet_sendmsg+0x10/0x10
[  725.735231][T14639]  __sock_sendmsg+0x21c/0x270
[  725.735268][T14639]  __sys_sendto+0x3c7/0x520
[  725.735303][T14639]  ? __pfx___sys_sendto+0x10/0x10
[  725.735356][T14639]  ? ksys_write+0x230/0x260
[  725.735387][T14639]  ? __pfx_ksys_write+0x10/0x10
[  725.735421][T14639]  __x64_sys_sendto+0xde/0x100
[  725.735449][T14639]  do_syscall_64+0xfa/0xfa0
[  725.735482][T14639]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.735514][T14639]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.735537][T14639]  ? clear_bhb_loop+0x60/0xb0
[  725.735565][T14639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.735588][T14639] RIP: 0033:0x7f26fa33f6c9
[  725.735608][T14639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.735629][T14639] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  725.735653][T14639] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  725.735670][T14639] RDX: 000000000000e90c RSI: 00002000000000c0 RDI: 0000000000000003
[  725.735685][T14639] RBP: 00007f26f859e090 R08: 0000200000000540 R09: 0000000000000014
[  725.735701][T14639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.735714][T14639] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  725.735750][T14639]  </TASK>
[  735.519188][T14675] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2900'.
[  736.683016][T14683] FAULT_INJECTION: forcing a failure.
[  736.683016][T14683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.683056][T14683] CPU: 1 UID: 0 PID: 14683 Comm: syz.9.2904 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  736.683083][T14683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  736.683108][T14683] Call Trace:
[  736.683118][T14683]  <TASK>
[  736.683129][T14683]  dump_stack_lvl+0x189/0x250
[  736.683170][T14683]  ? __pfx____ratelimit+0x10/0x10
[  736.683203][T14683]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.683239][T14683]  ? __pfx__printk+0x10/0x10
[  736.683282][T14683]  should_fail_ex+0x46c/0x600
[  736.683321][T14683]  strncpy_from_user+0x36/0x290
[  736.683357][T14683]  getname_flags+0xf3/0x540
[  736.683398][T14683]  __x64_sys_mkdir+0x5d/0x80
[  736.683429][T14683]  do_syscall_64+0xfa/0xfa0
[  736.683462][T14683]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.683496][T14683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.683520][T14683]  ? clear_bhb_loop+0x60/0xb0
[  736.683550][T14683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.683573][T14683] RIP: 0033:0x7fd0fe15f6c9
[  736.683594][T14683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.683615][T14683] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  736.683640][T14683] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  736.683672][T14683] RDX: 0000000000000000 RSI: 000000000000ffe9 RDI: 00002000000003c0
[  736.683688][T14683] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  736.683714][T14683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.683727][T14683] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  736.683771][T14683]  </TASK>
[  739.619211][T14697] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  739.619244][T14697] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  739.619364][T14697] vhci_hcd vhci_hcd.0: Device attached
[  740.105118][T14710] FAULT_INJECTION: forcing a failure.
[  740.105118][T14710] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  740.105157][T14710] CPU: 1 UID: 0 PID: 14710 Comm: syz.5.2911 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  740.105185][T14710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  740.105199][T14710] Call Trace:
[  740.105209][T14710]  <TASK>
[  740.105219][T14710]  dump_stack_lvl+0x189/0x250
[  740.105260][T14710]  ? __pfx____ratelimit+0x10/0x10
[  740.105292][T14710]  ? __pfx_dump_stack_lvl+0x10/0x10
[  740.105328][T14710]  ? __pfx__printk+0x10/0x10
[  740.105356][T14710]  ? __might_fault+0xb0/0x130
[  740.105402][T14710]  should_fail_ex+0x46c/0x600
[  740.105439][T14710]  _copy_from_iter+0x1de/0x1790
[  740.105475][T14710]  ? __lock_acquire+0xab9/0xd20
[  740.105526][T14710]  ? __lock_acquire+0xab9/0xd20
[  740.105556][T14710]  ? __pfx__copy_from_iter+0x10/0x10
[  740.105593][T14710]  ? smack_socket_sendmsg+0x1a7/0x520
[  740.105623][T14710]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  740.105658][T14710]  bcm_sendmsg+0x15b/0x6a0
[  740.105679][T14710]  ? is_bpf_text_address+0x26/0x2b0
[  740.105721][T14710]  ? __pfx_bcm_sendmsg+0x10/0x10
[  740.105756][T14710]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  740.105789][T14710]  ? __pfx_bcm_sendmsg+0x10/0x10
[  740.105813][T14710]  __sock_sendmsg+0x21c/0x270
[  740.105857][T14710]  ____sys_sendmsg+0x508/0x820
[  740.105892][T14710]  ? __pfx_____sys_sendmsg+0x10/0x10
[  740.105930][T14710]  ? import_iovec+0x74/0xa0
[  740.105979][T14710]  ___sys_sendmsg+0x21f/0x2a0
[  740.106010][T14710]  ? __pfx____sys_sendmsg+0x10/0x10
[  740.106081][T14710]  ? __fget_files+0x2a/0x420
[  740.106112][T14710]  ? __fget_files+0x3a6/0x420
[  740.106158][T14710]  __x64_sys_sendmsg+0x1a1/0x260
[  740.106192][T14710]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  740.106231][T14710]  ? __pfx_ksys_write+0x10/0x10
[  740.106266][T14710]  ? do_syscall_64+0xbe/0xfa0
[  740.106304][T14710]  do_syscall_64+0xfa/0xfa0
[  740.106336][T14710]  ? lockdep_hardirqs_on+0x9c/0x150
[  740.106370][T14710]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  740.106394][T14710]  ? clear_bhb_loop+0x60/0xb0
[  740.106423][T14710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  740.106446][T14710] RIP: 0033:0x7f3fc126f6c9
[  740.106467][T14710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  740.106488][T14710] RSP: 002b:00007f3fbf4ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  740.106512][T14710] RAX: ffffffffffffffda RBX: 00007f3fc14c6090 RCX: 00007f3fc126f6c9
[  740.106531][T14710] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  740.106547][T14710] RBP: 00007f3fbf4ad090 R08: 0000000000000000 R09: 0000000000000000
[  740.106562][T14710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  740.106577][T14710] R13: 00007f3fc14c6128 R14: 00007f3fc14c6090 R15: 00007fff4bc3dcb8
[  740.106616][T14710]  </TASK>
[  740.471904][ T5801] usb 45-1: new high-speed USB device number 3 using vhci_hcd
[  743.084726][  T981] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  743.297186][  T981] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  743.297258][  T981] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  743.297286][  T981] usb 10-1: config 0 interface 0 has no altsetting 0
[  743.664879][  T981] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  743.664916][  T981] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  743.664941][  T981] usb 10-1: Product: syz
[  743.664957][  T981] usb 10-1: Manufacturer: syz
[  743.664974][  T981] usb 10-1: SerialNumber: syz
[  744.442402][  T981] usb 10-1: config 0 descriptor??
[  744.592286][  T981] hub 10-1:0.0: bad descriptor, ignoring hub
[  744.592331][  T981] hub 10-1:0.0: probe with driver hub failed with error -5
[  744.669331][  T981] usb 10-1: selecting invalid altsetting 0
[  744.807519][T14699] vhci_hcd: connection reset by peer
[  744.808585][ T5994] vhci_hcd: stop threads
[  744.808607][ T5994] vhci_hcd: release socket
[  744.808686][ T5994] vhci_hcd: disconnect device
[  745.675083][T14732] FAULT_INJECTION: forcing a failure.
[  745.675083][T14732] name failslab, interval 1, probability 0, space 0, times 0
[  745.675122][T14732] CPU: 0 UID: 0 PID: 14732 Comm: syz.5.2919 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  745.675150][T14732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  745.675165][T14732] Call Trace:
[  745.675174][T14732]  <TASK>
[  745.675186][T14732]  dump_stack_lvl+0x189/0x250
[  745.675228][T14732]  ? __pfx____ratelimit+0x10/0x10
[  745.675261][T14732]  ? __pfx_dump_stack_lvl+0x10/0x10
[  745.675298][T14732]  ? __pfx__printk+0x10/0x10
[  745.675333][T14732]  ? __pfx___might_resched+0x10/0x10
[  745.675372][T14732]  should_fail_ex+0x46c/0x600
[  745.675411][T14732]  should_failslab+0xa8/0x100
[  745.675449][T14732]  __kmalloc_noprof+0xcc/0x7d0
[  745.675482][T14732]  ? tomoyo_encode2+0x27f/0x530
[  745.675508][T14732]  ? tomoyo_check_unix_address+0x15a/0x7b0
[  745.675543][T14732]  tomoyo_encode2+0x27f/0x530
[  745.675579][T14732]  tomoyo_check_unix_address+0x3c3/0x7b0
[  745.675618][T14732]  ? tomoyo_check_unix_address+0x15a/0x7b0
[  745.675657][T14732]  ? __pfx_tomoyo_check_unix_address+0x10/0x10
[  745.675701][T14732]  ? __might_fault+0xb0/0x130
[  745.675742][T14732]  tomoyo_socket_connect_permission+0x1b2/0x290
[  745.675782][T14732]  security_socket_connect+0xc8/0x2b0
[  745.675820][T14732]  __sys_connect+0x237/0x450
[  745.675848][T14732]  ? __pfx___sys_connect+0x10/0x10
[  745.675887][T14732]  ? __pfx_ksys_write+0x10/0x10
[  745.675923][T14732]  __x64_sys_connect+0x7a/0x90
[  745.675948][T14732]  do_syscall_64+0xfa/0xfa0
[  745.675980][T14732]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.676029][T14732]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.676053][T14732]  ? clear_bhb_loop+0x60/0xb0
[  745.676082][T14732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.676105][T14732] RIP: 0033:0x7f3fc126f6c9
[  745.676126][T14732] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.676148][T14732] RSP: 002b:00007f3fbf4ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  745.676173][T14732] RAX: ffffffffffffffda RBX: 00007f3fc14c5fa0 RCX: 00007f3fc126f6c9
[  745.676191][T14732] RDX: 000000000000006e RSI: 0000200000000080 RDI: 0000000000000006
[  745.676207][T14732] RBP: 00007f3fbf4ce090 R08: 0000000000000000 R09: 0000000000000000
[  745.676222][T14732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.676237][T14732] R13: 00007f3fc14c6038 R14: 00007f3fc14c5fa0 R15: 00007fff4bc3dcb8
[  745.676277][T14732]  </TASK>
[  745.995717][ T5801] vhci_hcd: vhci_device speed not set
[  746.217122][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.269793][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.338963][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.391304][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.469623][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.507441][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.539024][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.585391][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.641039][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.767279][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.802968][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.851181][    C0] vkms_vblank_simulate: vblank timer overrun
[  747.857345][    C0] vkms_vblank_simulate: vblank timer overrun
[  747.908139][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.037607][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.182583][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.241609][  T981] usb 10-1: USB disconnect, device number 19
[  748.287922][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.367562][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.407701][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.469243][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.689094][    C0] vkms_vblank_simulate: vblank timer overrun
[  748.937130][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.056692][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.157172][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.232471][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.322117][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.433639][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.466795][    C0] vkms_vblank_simulate: vblank timer overrun
[  749.506917][    C0] vkms_vblank_simulate: vblank timer overrun
[  750.564787][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.134841][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.237507][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.436784][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.467683][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.537430][    C0] vkms_vblank_simulate: vblank timer overrun
[  752.221343][T14743] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  752.221343][T14743]    program syz.5.2926 not setting count and/or reply_len properly
[  752.482082][T14751] FAULT_INJECTION: forcing a failure.
[  752.482082][T14751] name failslab, interval 1, probability 0, space 0, times 0
[  752.482119][T14751] CPU: 1 UID: 0 PID: 14751 Comm: syz.7.2928 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  752.482145][T14751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  752.482159][T14751] Call Trace:
[  752.482168][T14751]  <TASK>
[  752.482178][T14751]  dump_stack_lvl+0x189/0x250
[  752.482216][T14751]  ? __pfx____ratelimit+0x10/0x10
[  752.482247][T14751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  752.482281][T14751]  ? __pfx__printk+0x10/0x10
[  752.482314][T14751]  ? __pfx___might_resched+0x10/0x10
[  752.482339][T14751]  ? fs_reclaim_acquire+0x7d/0x100
[  752.482376][T14751]  should_fail_ex+0x46c/0x600
[  752.482408][T14751]  ? __alloc_skb+0x112/0x2d0
[  752.482427][T14751]  should_failslab+0xa8/0x100
[  752.482458][T14751]  ? __alloc_skb+0x112/0x2d0
[  752.482477][T14751]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  752.482507][T14751]  ? netlink_autobind+0xdb/0x300
[  752.482555][T14751]  __alloc_skb+0x112/0x2d0
[  752.482582][T14751]  netlink_sendmsg+0x5c6/0xb30
[  752.482606][T14751]  ? is_bpf_text_address+0x26/0x2b0
[  752.482653][T14751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  752.482687][T14751]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  752.482719][T14751]  ? __pfx_netlink_sendmsg+0x10/0x10
[  752.482745][T14751]  __sock_sendmsg+0x21c/0x270
[  752.482783][T14751]  ____sys_sendmsg+0x508/0x820
[  752.482818][T14751]  ? __pfx_____sys_sendmsg+0x10/0x10
[  752.482857][T14751]  ? import_iovec+0x74/0xa0
[  752.482887][T14751]  ___sys_sendmsg+0x21f/0x2a0
[  752.482918][T14751]  ? __pfx____sys_sendmsg+0x10/0x10
[  752.482995][T14751]  ? __fget_files+0x2a/0x420
[  752.483030][T14751]  ? __fget_files+0x3a6/0x420
[  752.483075][T14751]  __x64_sys_sendmsg+0x1a1/0x260
[  752.483107][T14751]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  752.483148][T14751]  ? __pfx_ksys_write+0x10/0x10
[  752.483184][T14751]  ? do_syscall_64+0xbe/0xfa0
[  752.483223][T14751]  do_syscall_64+0xfa/0xfa0
[  752.483254][T14751]  ? lockdep_hardirqs_on+0x9c/0x150
[  752.483287][T14751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.483311][T14751]  ? clear_bhb_loop+0x60/0xb0
[  752.483340][T14751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.483363][T14751] RIP: 0033:0x7fe7ca71f6c9
[  752.483384][T14751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  752.483406][T14751] RSP: 002b:00007fe7c8986038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  752.483430][T14751] RAX: ffffffffffffffda RBX: 00007fe7ca975fa0 RCX: 00007fe7ca71f6c9
[  752.483448][T14751] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  752.483464][T14751] RBP: 00007fe7c8986090 R08: 0000000000000000 R09: 0000000000000000
[  752.483480][T14751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  752.483495][T14751] R13: 00007fe7ca976038 R14: 00007fe7ca975fa0 R15: 00007ffd6a3a6e18
[  752.483535][T14751]  </TASK>
[  757.186320][T14776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  757.186778][T14776] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  757.376871][T14780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  757.377286][T14780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  757.435307][T14771] program syz.6.2936 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  757.456621][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  757.456699][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  757.503532][T14771] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2936'.
[  757.577512][   T10] usb 8-1: new high-speed USB device number 41 using dummy_hcd
[  758.085305][   T10] usb 8-1: Using ep0 maxpacket: 8
[  758.093462][   T10] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  758.093499][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  758.117289][   T44] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  758.142085][   T10] usb 8-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  758.142119][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.142142][   T10] usb 8-1: Product: syz
[  758.142159][   T10] usb 8-1: Manufacturer: syz
[  758.142175][   T10] usb 8-1: SerialNumber: syz
[  758.201976][   T10] usb 8-1: config 0 descriptor??
[  758.389822][   T10] streamzap 8-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[  758.687100][ T5989] usb 8-1: USB disconnect, device number 41
[  758.691042][   T44] usb 6-1: Using ep0 maxpacket: 16
[  758.712295][   T44] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  758.712327][   T44] usb 6-1: config 0 has no interface number 0
[  760.131413][   T44] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  760.131449][   T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.131473][   T44] usb 6-1: Product: syz
[  760.200410][   T44] usb 6-1: config 0 descriptor??
[  760.217095][   T44] usb 6-1: can't set config #0, error -71
[  760.591951][   T44] usb 6-1: USB disconnect, device number 76
[  771.018368][T14840] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  771.018399][T14840] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  771.018507][T14840] vhci_hcd vhci_hcd.0: Device attached
[  771.299224][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.328021][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.386470][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.416392][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.448193][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.479150][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.509898][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.569207][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.599751][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.632392][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.640655][ T5801] usb 8-1: new high-speed USB device number 42 using dummy_hcd
[  771.663064][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.695068][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.728008][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.760466][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.796215][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.829512][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.861791][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.892129][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.956324][    C1] vkms_vblank_simulate: vblank timer overrun
[  771.988963][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.023055][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.056229][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.089248][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.121887][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.154581][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.187066][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.219536][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.311641][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.346368][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.377757][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.411858][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.444434][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.503649][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.538310][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.545006][ T5801] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  772.545038][ T5801] usb 8-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  772.545062][ T5801] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  772.545120][ T5801] usb 8-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  772.545150][ T5801] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 255, changing to 11
[  772.545182][ T5801] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 59391, setting to 1024
[  772.571106][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.572989][ T5801] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  772.573022][ T5801] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  772.573046][ T5801] usb 8-1: Product: syz
[  772.573063][ T5801] usb 8-1: Manufacturer: syz
[  772.602367][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.635593][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.668598][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.700686][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.731571][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.765099][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.797333][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.829866][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.861652][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.892855][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.925063][    C1] vkms_vblank_simulate: vblank timer overrun
[  772.989773][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.022021][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.054394][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.086783][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.118787][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.152452][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.183976][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.215712][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.310763][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.343685][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.374552][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.423584][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.454948][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.487177][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.518784][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.551131][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.569450][T14849] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  773.580394][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.610057][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.642831][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.677136][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.711573][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.744326][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.776662][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.780254][ T5801] cdc_wdm 8-1:1.0: skipping garbage
[  773.780273][ T5801] cdc_wdm 8-1:1.0: skipping garbage
[  773.783846][ T5801] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  773.783866][ T5801] cdc_wdm 8-1:1.0: Unknown control protocol
[  773.807963][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.869914][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.899739][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.930250][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.962144][    C1] vkms_vblank_simulate: vblank timer overrun
[  773.992735][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.056237][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.088562][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.121138][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.157995][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.190451][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.282238][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.311980][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.344040][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.375196][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.410780][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.444152][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.475375][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.507563][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.540520][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.588543][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.622327][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.655373][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.688491][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.721785][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.754310][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.787289][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.820305][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.852039][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.884743][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.917827][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.949585][    C1] vkms_vblank_simulate: vblank timer overrun
[  774.982485][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.014521][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.045987][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.077972][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.110224][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.143213][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.175877][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.208597][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.298388][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.326634][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.357781][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.390266][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.436345][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.466001][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.501712][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.532755][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.564849][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.597535][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.631380][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.646938][ T5801] usb 8-1: USB disconnect, device number 42
[  775.664042][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.696390][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.728744][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.761648][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.793643][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.825584][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.860267][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.892144][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.923122][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.960820][    C1] vkms_vblank_simulate: vblank timer overrun
[  775.992732][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.024786][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.060669][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.091587][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.123829][    C1] vkms_vblank_simulate: vblank timer overrun
[  776.156022][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.697972][T14844] vhci_hcd: connection closed
[  777.731899][   T72] vhci_hcd: stop threads
[  777.731926][   T72] vhci_hcd: release socket
[  777.732024][   T72] vhci_hcd: disconnect device
[  784.134223][ T5989] usb 8-1: new high-speed USB device number 43 using dummy_hcd
[  785.423556][ T5989] usb 8-1: device not accepting address 43, error -71
[  788.486154][ T5974] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[  788.909351][ T5974] usb 7-1: config 0 has an invalid interface number: 69 but max is 0
[  788.909384][ T5974] usb 7-1: config 0 has no interface number 0
[  788.909439][ T5974] usb 7-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  788.909468][ T5974] usb 7-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  788.948540][ T5974] usb 7-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  788.948583][ T5974] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  788.948607][ T5974] usb 7-1: Product: syz
[  788.948623][ T5974] usb 7-1: Manufacturer: syz
[  788.948640][ T5974] usb 7-1: SerialNumber: syz
[  789.988535][ T5974] usb 7-1: config 0 descriptor??
[  790.058814][ T5974] usb 7-1: can't set config #0, error -71
[  790.641226][ T5974] usb 7-1: USB disconnect, device number 65
[  793.879416][  T981] usb 8-1: new high-speed USB device number 45 using dummy_hcd
[  795.095743][  T981] usb 8-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  795.095776][  T981] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.095800][  T981] usb 8-1: Product: syz
[  795.095816][  T981] usb 8-1: Manufacturer: syz
[  795.095833][  T981] usb 8-1: SerialNumber: syz
[  795.475217][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  795.486805][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  795.491127][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  795.503661][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  795.504743][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  796.207051][  T981] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  796.207120][  T981] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  797.577641][   T61] Bluetooth: hci5: command tx timeout
[  799.612421][T14950] netlink: 80 bytes leftover after parsing attributes in process `syz.9.2998'.
[  799.626909][  T981] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO
[  799.626971][  T981] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  799.627801][  T981] lan78xx 8-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  799.656743][   T61] Bluetooth: hci5: command tx timeout
[  799.678481][T14938] lo speed is unknown, defaulting to 1000
[  801.240899][  T981] lan78xx 8-1:1.0: probe with driver lan78xx failed with error -71
[  801.745415][ T5117] Bluetooth: hci5: command tx timeout
[  801.753983][   T10] usb 7-1: new full-speed USB device number 66 using dummy_hcd
[  802.524953][  T981] usb 8-1: USB disconnect, device number 45
[  803.624446][  T981] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  804.280771][ T5117] Bluetooth: hci5: command tx timeout
[  804.526388][   T10] usb 7-1: device descriptor read/all, error -71
[  806.332316][   T38] kauditd_printk_skb: 21 callbacks suppressed
[  806.332339][   T38] audit: type=1326 audit(6054253458.293:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf3814b779 code=0x7ffc0000
[  806.332395][   T38] audit: type=1326 audit(6054253458.293:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf3814b779 code=0x7ffc0000
[  806.411934][   T38] audit: type=1326 audit(6054253458.293:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.412004][   T38] audit: type=1326 audit(6054253458.373:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.585500][   T38] audit: type=1326 audit(6054253458.553:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.585574][   T38] audit: type=1326 audit(6054253458.553:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.585627][   T38] audit: type=1326 audit(6054253458.553:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf3814b779 code=0x7ffc0000
[  806.585680][   T38] audit: type=1326 audit(6054253458.553:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.585731][   T38] audit: type=1326 audit(6054253458.553:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf381af6c9 code=0x7ffc0000
[  806.763664][   T38] audit: type=1326 audit(6054253458.723:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14965 comm="syz.6.3004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faf3814b779 code=0x7ffc0000
[  810.173921][T14938] chnl_net:caif_netlink_parms(): no params data found
[  812.989957][   T10] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  813.252730][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  813.252769][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  813.252813][   T10] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  813.252840][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.258436][   T10] usb 8-1: config 0 descriptor??
[  814.427523][   T10] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  814.427654][   T10] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0
[  814.560762][   T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0D8C:0022.0015/input/input67
[  814.823082][   T10] cm6533_jd 0003:0D8C:0022.0015: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.7-1/input0
[  815.074033][   T10] usb 8-1: USB disconnect, device number 47
[  816.806784][T15026] FAULT_INJECTION: forcing a failure.
[  816.806784][T15026] name failslab, interval 1, probability 0, space 0, times 0
[  816.806823][T15026] CPU: 0 UID: 0 PID: 15026 Comm: syz.7.3027 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  816.806850][T15026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  816.806865][T15026] Call Trace:
[  816.806874][T15026]  <TASK>
[  816.806885][T15026]  dump_stack_lvl+0x189/0x250
[  816.806926][T15026]  ? __pfx____ratelimit+0x10/0x10
[  816.806958][T15026]  ? __pfx_dump_stack_lvl+0x10/0x10
[  816.806994][T15026]  ? __pfx__printk+0x10/0x10
[  816.807029][T15026]  ? __pfx___might_resched+0x10/0x10
[  816.807060][T15026]  should_fail_ex+0x46c/0x600
[  816.807098][T15026]  should_failslab+0xa8/0x100
[  816.807134][T15026]  __kmalloc_noprof+0xcc/0x7d0
[  816.807165][T15026]  ? kfree+0x51/0x950
[  816.807189][T15026]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  816.807225][T15026]  tomoyo_realpath_from_path+0xe3/0x5d0
[  816.807254][T15026]  ? tomoyo_domain+0xda/0x130
[  816.807288][T15026]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  816.807325][T15026]  tomoyo_path_number_perm+0x1e8/0x5a0
[  816.807365][T15026]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  816.807415][T15026]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  816.807451][T15026]  ? lockdep_hardirqs_on+0x9c/0x150
[  816.807516][T15026]  ? __fget_files+0x2a/0x420
[  816.807554][T15026]  ? __fget_files+0x3a6/0x420
[  816.807584][T15026]  ? __fget_files+0x2a/0x420
[  816.807621][T15026]  security_file_ioctl+0xcb/0x2d0
[  816.807648][T15026]  __se_sys_ioctl+0x47/0x170
[  816.807681][T15026]  do_syscall_64+0xfa/0xfa0
[  816.807709][T15026]  ? lockdep_hardirqs_on+0x9c/0x150
[  816.807740][T15026]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.807764][T15026]  ? clear_bhb_loop+0x60/0xb0
[  816.807792][T15026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.807814][T15026] RIP: 0033:0x7fe7ca71f6c9
[  816.807835][T15026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  816.807857][T15026] RSP: 002b:00007fe7c8944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  816.807882][T15026] RAX: ffffffffffffffda RBX: 00007fe7ca976180 RCX: 00007fe7ca71f6c9
[  816.807899][T15026] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  816.807914][T15026] RBP: 00007fe7c8944090 R08: 0000000000000000 R09: 0000000000000000
[  816.807929][T15026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  816.807943][T15026] R13: 00007fe7ca976218 R14: 00007fe7ca976180 R15: 00007ffd6a3a6e18
[  816.807981][T15026]  </TASK>
[  816.929979][T15026] ERROR: Out of memory at tomoyo_realpath_from_path.
[  819.012828][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  819.012908][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  820.066329][   T10] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[  820.787946][T14938] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.788268][T14938] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.788726][T14938] bridge_slave_0: entered allmulticast mode
[  820.793518][T14938] bridge_slave_0: entered promiscuous mode
[  820.819055][T14938] bridge0: port 2(bridge_slave_1) entered blocking state
[  820.819206][T14938] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.819526][T14938] bridge_slave_1: entered allmulticast mode
[  820.826673][   T10] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  820.826702][   T10] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[  820.826759][   T10] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  820.826785][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.854549][T14938] bridge_slave_1: entered promiscuous mode
[  820.896991][   T10] usb 10-1: config 0 descriptor??
[  820.903635][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  820.904219][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  821.331499][T15035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  821.331787][T15035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  821.332414][T15035] FAULT_INJECTION: forcing a failure.
[  821.332414][T15035] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  821.332438][T15035] CPU: 1 UID: 0 PID: 15035 Comm: syz.9.3031 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  821.332457][T15035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  821.332467][T15035] Call Trace:
[  821.332474][T15035]  <TASK>
[  821.332481][T15035]  dump_stack_lvl+0x189/0x250
[  821.332510][T15035]  ? __pfx____ratelimit+0x10/0x10
[  821.332533][T15035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  821.332575][T15035]  ? __pfx__printk+0x10/0x10
[  821.332606][T15035]  should_fail_ex+0x46c/0x600
[  821.332634][T15035]  _copy_to_user+0x31/0xb0
[  821.332654][T15035]  simple_read_from_buffer+0xe1/0x170
[  821.332680][T15035]  proc_fail_nth_read+0x1b6/0x220
[  821.332701][T15035]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  821.332722][T15035]  ? rw_verify_area+0x2ac/0x4e0
[  821.332742][T15035]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  821.332761][T15035]  vfs_read+0x206/0xa30
[  821.332788][T15035]  ? __pfx_vfs_read+0x10/0x10
[  821.332805][T15035]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  821.332831][T15035]  ? mutex_lock_nested+0x154/0x1d0
[  821.332849][T15035]  ? fdget_pos+0x253/0x320
[  821.332880][T15035]  ksys_read+0x14b/0x260
[  821.332900][T15035]  ? __fget_files+0x2a/0x420
[  821.332924][T15035]  ? __pfx_ksys_read+0x10/0x10
[  821.332948][T15035]  ? do_syscall_64+0xbe/0xfa0
[  821.332975][T15035]  do_syscall_64+0xfa/0xfa0
[  821.332997][T15035]  ? lockdep_hardirqs_on+0x9c/0x150
[  821.333028][T15035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.333045][T15035]  ? clear_bhb_loop+0x60/0xb0
[  821.333065][T15035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.333081][T15035] RIP: 0033:0x7fd0fe15e0dc
[  821.333096][T15035] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  821.333111][T15035] RSP: 002b:00007fd0fc3be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  821.333128][T15035] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15e0dc
[  821.333140][T15035] RDX: 000000000000000f RSI: 00007fd0fc3be0a0 RDI: 0000000000000005
[  821.333151][T15035] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  821.333161][T15035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  821.333171][T15035] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  821.333196][T15035]  </TASK>
[  821.630820][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  821.644349][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  821.644406][   T10] usb 10-1: media controller created
[  821.660685][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  821.686396][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  821.686606][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  821.694831][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input68
[  821.787168][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  821.787193][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  821.790166][   T10] usb 10-1: USB disconnect, device number 20
[  823.898939][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  826.335131][T14938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  826.340425][T14938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  828.271131][T14938] team0: Port device team_slave_0 added
[  828.378709][T14938] team0: Port device team_slave_1 added
[  829.571633][ T5801] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[  829.979466][ T5801] usb 7-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  829.979497][ T5801] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.979518][ T5801] usb 7-1: Product: syz
[  829.979532][ T5801] usb 7-1: Manufacturer: syz
[  829.979547][ T5801] usb 7-1: SerialNumber: syz
[  830.032223][ T5801] usb 7-1: config 0 descriptor??
[  830.504693][ T5801] i2c-tiny-usb 7-1:0.0: version 6d.cc found at bus 007 address 068
[  830.828056][ T5801]  (null): failure reading functionality
[  831.389674][T15072] loop7: detected capacity change from 0 to 7
[  831.407714][T15072] Dev loop7: unable to read RDB block 7
[  831.407765][T15072]  loop7: unable to read partition table
[  831.408042][T15072] loop7: partition table beyond EOD, truncated
[  831.408079][T15072] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5)
[  831.535418][ T5801] i2c i2c-2: failure reading functionality
[  831.540716][ T5801] i2c i2c-2: connected i2c-tiny-usb device
[  831.800629][ T5801] usb 7-1: USB disconnect, device number 68
[  832.304913][T14938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  832.304931][T14938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  832.304959][T14938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  832.307399][T14938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  832.307415][T14938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  832.307447][T14938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  838.445067][T14938] hsr_slave_0: entered promiscuous mode
[  838.446581][T14938] hsr_slave_1: entered promiscuous mode
[  838.479940][T14938] debugfs: 'hsr0' already exists in 'hsr'
[  838.479973][T14938] Cannot create hsr debugfs directory
[  840.243127][ T5117] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  840.249774][ T5117] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  840.280160][ T5117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  840.301111][ T5117] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  840.313398][ T5117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  842.475108][   T61] Bluetooth: hci6: command tx timeout
[  844.534003][   T61] Bluetooth: hci6: command tx timeout
[  846.679779][   T61] Bluetooth: hci6: command tx timeout
[  846.734713][T15148] FAULT_INJECTION: forcing a failure.
[  846.734713][T15148] name failslab, interval 1, probability 0, space 0, times 0
[  846.734753][T15148] CPU: 0 UID: 0 PID: 15148 Comm: syz.3.3079 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  846.734781][T15148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  846.734796][T15148] Call Trace:
[  846.734815][T15148]  <TASK>
[  846.734825][T15148]  dump_stack_lvl+0x189/0x250
[  846.734867][T15148]  ? __pfx____ratelimit+0x10/0x10
[  846.734899][T15148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.734936][T15148]  ? __pfx__printk+0x10/0x10
[  846.734973][T15148]  ? __pfx___might_resched+0x10/0x10
[  846.735006][T15148]  should_fail_ex+0x46c/0x600
[  846.735047][T15148]  should_failslab+0xa8/0x100
[  846.735085][T15148]  __kmalloc_noprof+0xcc/0x7d0
[  846.735119][T15148]  ? fuse_direct_io+0x367/0x2aa0
[  846.735155][T15148]  ? fuse_direct_io+0x2f8/0x2aa0
[  846.735196][T15148]  fuse_direct_io+0x367/0x2aa0
[  846.735234][T15148]  ? do_raw_spin_lock+0x121/0x290
[  846.735276][T15148]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  846.735317][T15148]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  846.735362][T15148]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  846.735406][T15148]  ? __pfx_fuse_direct_io+0x10/0x10
[  846.735435][T15148]  ? generic_write_checks_count+0x44a/0x550
[  846.735488][T15148]  fuse_file_write_iter+0x709/0x10c0
[  846.735530][T15148]  ? __pfx_fuse_file_write_iter+0x10/0x10
[  846.735587][T15148]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  846.735631][T15148]  vfs_write+0x5d5/0xb40
[  846.735667][T15148]  ? __pfx_fuse_file_write_iter+0x10/0x10
[  846.735702][T15148]  ? __pfx_vfs_write+0x10/0x10
[  846.735728][T15148]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  846.735767][T15148]  ? mutex_lock_nested+0x154/0x1d0
[  846.735792][T15148]  ? fdget_pos+0x253/0x320
[  846.735844][T15148]  ksys_write+0x14b/0x260
[  846.735877][T15148]  ? __pfx_ksys_write+0x10/0x10
[  846.735913][T15148]  ? do_syscall_64+0xbe/0xfa0
[  846.735951][T15148]  do_syscall_64+0xfa/0xfa0
[  846.735983][T15148]  ? lockdep_hardirqs_on+0x9c/0x150
[  846.736017][T15148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.736041][T15148]  ? clear_bhb_loop+0x60/0xb0
[  846.736070][T15148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.736093][T15148] RIP: 0033:0x7f26fa33f6c9
[  846.736115][T15148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  846.736131][T15148] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  846.736153][T15148] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  846.736168][T15148] RDX: 0000000000000025 RSI: 00002000000000c0 RDI: 0000000000000004
[  846.736181][T15148] RBP: 00007f26f859e090 R08: 0000000000000000 R09: 0000000000000000
[  846.736194][T15148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  846.736207][T15148] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  846.736244][T15148]  </TASK>
[  847.427853][T15156] netlink: 'syz.6.3081': attribute type 1 has an invalid length.
[  848.771869][   T61] Bluetooth: hci6: command tx timeout
[  849.188792][ T5117] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  849.797632][ T5117] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  849.825427][ T5117] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  849.829901][ T5117] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  849.830694][ T5117] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  849.901346][   T10] usb 7-1: new full-speed USB device number 69 using dummy_hcd
[  852.223461][   T61] Bluetooth: hci7: command tx timeout
[  854.509088][   T61] Bluetooth: hci7: command tx timeout
[  855.548977][   T10] usb 7-1: device descriptor read/all, error -110
[  856.058261][   T10] usb 7-1: new full-speed USB device number 70 using dummy_hcd
[  856.817776][   T61] Bluetooth: hci7: command tx timeout
[  856.821098][T15119] lo speed is unknown, defaulting to 1000
[  857.028808][T15156] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  857.108688][   T10] usb 7-1: device descriptor read/64, error -32
[  857.218008][   T10] usb usb7-port1: attempt power cycle
[  857.930547][T15163] lo speed is unknown, defaulting to 1000
[  857.967185][   T10] usb 7-1: new full-speed USB device number 71 using dummy_hcd
[  858.177084][   T10] usb 7-1: device not accepting address 71, error -71
[  858.851715][ T5117] Bluetooth: hci7: command tx timeout
[  860.203136][T15196] FAULT_INJECTION: forcing a failure.
[  860.203136][T15196] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  860.203175][T15196] CPU: 0 UID: 0 PID: 15196 Comm: syz.3.3096 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  860.203202][T15196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  860.203217][T15196] Call Trace:
[  860.203226][T15196]  <TASK>
[  860.203237][T15196]  dump_stack_lvl+0x189/0x250
[  860.203278][T15196]  ? __pfx____ratelimit+0x10/0x10
[  860.203311][T15196]  ? __pfx_dump_stack_lvl+0x10/0x10
[  860.203348][T15196]  ? __pfx__printk+0x10/0x10
[  860.203379][T15196]  ? fs_reclaim_acquire+0x7d/0x100
[  860.203425][T15196]  should_fail_ex+0x46c/0x600
[  860.203463][T15196]  prepare_alloc_pages+0x213/0x670
[  860.203509][T15196]  __alloc_frozen_pages_noprof+0x123/0x370
[  860.203552][T15196]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  860.203601][T15196]  ? policy_nodemask+0x27c/0x720
[  860.203650][T15196]  alloc_pages_mpol+0xd1/0x380
[  860.203689][T15196]  alloc_pages_noprof+0xcf/0x1e0
[  860.203730][T15196]  get_free_pages_noprof+0xf/0x80
[  860.203766][T15196]  vcs_write+0xf6/0x1260
[  860.203791][T15196]  ? __lock_acquire+0xab9/0xd20
[  860.203823][T15196]  ? iovec_from_user+0x87/0x250
[  860.203870][T15196]  ? __asan_memset+0x22/0x50
[  860.203897][T15196]  ? __import_iovec+0x40e/0x7f0
[  860.203927][T15196]  ? __pfx_vcs_write+0x10/0x10
[  860.203956][T15196]  ? rw_verify_area+0x25b/0x4e0
[  860.203988][T15196]  vfs_writev+0x4bf/0x970
[  860.204013][T15196]  ? __pfx_vcs_write+0x10/0x10
[  860.204042][T15196]  ? __pfx_vfs_writev+0x10/0x10
[  860.204079][T15196]  ? __fget_files+0x2a/0x420
[  860.204118][T15196]  ? __fget_files+0x3a6/0x420
[  860.204149][T15196]  ? __fget_files+0x2a/0x420
[  860.204192][T15196]  do_writev+0x153/0x2d0
[  860.204230][T15196]  ? __pfx_do_writev+0x10/0x10
[  860.204270][T15196]  ? do_syscall_64+0xbe/0xfa0
[  860.204306][T15196]  do_syscall_64+0xfa/0xfa0
[  860.204338][T15196]  ? lockdep_hardirqs_on+0x9c/0x150
[  860.204389][T15196]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.204413][T15196]  ? clear_bhb_loop+0x60/0xb0
[  860.204460][T15196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.204484][T15196] RIP: 0033:0x7f26fa33f6c9
[  860.204504][T15196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  860.204526][T15196] RSP: 002b:00007f26f859e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  860.204551][T15196] RAX: ffffffffffffffda RBX: 00007f26fa595fa0 RCX: 00007f26fa33f6c9
[  860.204570][T15196] RDX: 000000000000000e RSI: 0000200000000c40 RDI: 0000000000000003
[  860.204585][T15196] RBP: 00007f26f859e090 R08: 0000000000000000 R09: 0000000000000000
[  860.204599][T15196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  860.204614][T15196] R13: 00007f26fa596038 R14: 00007f26fa595fa0 R15: 00007ffcabdf8c18
[  860.204659][T15196]  </TASK>
[  863.960829][T15218] FAULT_INJECTION: forcing a failure.
[  863.960829][T15218] name failslab, interval 1, probability 0, space 0, times 0
[  863.960867][T15218] CPU: 0 UID: 0 PID: 15218 Comm: syz.9.3104 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  863.960894][T15218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  863.960909][T15218] Call Trace:
[  863.960918][T15218]  <TASK>
[  863.960929][T15218]  dump_stack_lvl+0x189/0x250
[  863.960970][T15218]  ? __pfx____ratelimit+0x10/0x10
[  863.961002][T15218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  863.961049][T15218]  ? __pfx__printk+0x10/0x10
[  863.961082][T15218]  ? __pfx___might_resched+0x10/0x10
[  863.961107][T15218]  ? fs_reclaim_acquire+0x7d/0x100
[  863.961143][T15218]  should_fail_ex+0x46c/0x600
[  863.961176][T15218]  ? __alloc_skb+0x112/0x2d0
[  863.961197][T15218]  should_failslab+0xa8/0x100
[  863.961230][T15218]  ? __alloc_skb+0x112/0x2d0
[  863.961250][T15218]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  863.961280][T15218]  ? netlink_autobind+0xdb/0x300
[  863.961317][T15218]  __alloc_skb+0x112/0x2d0
[  863.961343][T15218]  netlink_sendmsg+0x5c6/0xb30
[  863.961365][T15218]  ? is_bpf_text_address+0x26/0x2b0
[  863.961408][T15218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.961440][T15218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  863.961489][T15218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  863.961516][T15218]  __sock_sendmsg+0x21c/0x270
[  863.961554][T15218]  ____sys_sendmsg+0x508/0x820
[  863.961589][T15218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  863.961628][T15218]  ? import_iovec+0x74/0xa0
[  863.961658][T15218]  ___sys_sendmsg+0x21f/0x2a0
[  863.961689][T15218]  ? __pfx____sys_sendmsg+0x10/0x10
[  863.961757][T15218]  ? __fget_files+0x2a/0x420
[  863.961789][T15218]  ? __fget_files+0x3a6/0x420
[  863.961833][T15218]  __x64_sys_sendmsg+0x1a1/0x260
[  863.961865][T15218]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  863.961904][T15218]  ? __pfx_ksys_write+0x10/0x10
[  863.961938][T15218]  ? do_syscall_64+0xbe/0xfa0
[  863.961977][T15218]  do_syscall_64+0xfa/0xfa0
[  863.962008][T15218]  ? lockdep_hardirqs_on+0x9c/0x150
[  863.962040][T15218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.962065][T15218]  ? clear_bhb_loop+0x60/0xb0
[  863.962093][T15218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  863.962116][T15218] RIP: 0033:0x7fd0fe15f6c9
[  863.962136][T15218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  863.962157][T15218] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  863.962181][T15218] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  863.962198][T15218] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000003
[  863.962214][T15218] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  863.962228][T15218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  863.962251][T15218] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  863.962288][T15218]  </TASK>
[  868.488831][T15226] fuse: Bad value for 'fd'
[  868.802621][T15227] FAULT_INJECTION: forcing a failure.
[  868.802621][T15227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  868.802659][T15227] CPU: 0 UID: 0 PID: 15227 Comm: syz.9.3105 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  868.802687][T15227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  868.802702][T15227] Call Trace:
[  868.802711][T15227]  <TASK>
[  868.802721][T15227]  dump_stack_lvl+0x189/0x250
[  868.802763][T15227]  ? __pfx____ratelimit+0x10/0x10
[  868.802795][T15227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  868.802833][T15227]  ? __pfx__printk+0x10/0x10
[  868.802880][T15227]  should_fail_ex+0x46c/0x600
[  868.802919][T15227]  _copy_to_user+0x31/0xb0
[  868.802948][T15227]  simple_read_from_buffer+0xe1/0x170
[  868.802994][T15227]  proc_fail_nth_read+0x1b6/0x220
[  868.803025][T15227]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  868.803055][T15227]  ? rw_verify_area+0x2ac/0x4e0
[  868.803084][T15227]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  868.803112][T15227]  vfs_read+0x206/0xa30
[  868.803152][T15227]  ? __pfx_vfs_read+0x10/0x10
[  868.803178][T15227]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  868.803217][T15227]  ? mutex_lock_nested+0x154/0x1d0
[  868.803242][T15227]  ? fdget_pos+0x253/0x320
[  868.803288][T15227]  ksys_read+0x14b/0x260
[  868.803320][T15227]  ? __pfx_ksys_read+0x10/0x10
[  868.803355][T15227]  ? do_syscall_64+0xbe/0xfa0
[  868.803393][T15227]  do_syscall_64+0xfa/0xfa0
[  868.803425][T15227]  ? lockdep_hardirqs_on+0x9c/0x150
[  868.803458][T15227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.803482][T15227]  ? clear_bhb_loop+0x60/0xb0
[  868.803512][T15227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.803535][T15227] RIP: 0033:0x7fd0fe15e0dc
[  868.803556][T15227] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  868.803578][T15227] RSP: 002b:00007fd0fc39d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  868.803603][T15227] RAX: ffffffffffffffda RBX: 00007fd0fe3b6090 RCX: 00007fd0fe15e0dc
[  868.803620][T15227] RDX: 000000000000000f RSI: 00007fd0fc39d0a0 RDI: 0000000000000006
[  868.803656][T15227] RBP: 00007fd0fc39d090 R08: 0000000000000000 R09: 0000000000000000
[  868.803672][T15227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  868.803687][T15227] R13: 00007fd0fe3b6128 R14: 00007fd0fe3b6090 R15: 00007fff8d1e2cb8
[  868.803727][T15227]  </TASK>
[  872.872320][T15236] ieee802154 phy0 wpan0: encryption failed: -22
[  880.260815][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  880.260869][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  881.296050][T15263] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3120'.
[  887.453512][T15272] FAULT_INJECTION: forcing a failure.
[  887.453512][T15272] name failslab, interval 1, probability 0, space 0, times 0
[  887.453552][T15272] CPU: 0 UID: 0 PID: 15272 Comm: syz.9.3124 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  887.453580][T15272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  887.453595][T15272] Call Trace:
[  887.453605][T15272]  <TASK>
[  887.453616][T15272]  dump_stack_lvl+0x189/0x250
[  887.453658][T15272]  ? __pfx____ratelimit+0x10/0x10
[  887.453692][T15272]  ? __pfx_dump_stack_lvl+0x10/0x10
[  887.453728][T15272]  ? __pfx__printk+0x10/0x10
[  887.453764][T15272]  ? __pfx___might_resched+0x10/0x10
[  887.453792][T15272]  ? fs_reclaim_acquire+0x7d/0x100
[  887.453832][T15272]  should_fail_ex+0x46c/0x600
[  887.453870][T15272]  ? __alloc_skb+0x112/0x2d0
[  887.453894][T15272]  should_failslab+0xa8/0x100
[  887.453930][T15272]  ? __alloc_skb+0x112/0x2d0
[  887.453952][T15272]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  887.453984][T15272]  ? smack_socket_sendmsg+0x1a7/0x520
[  887.454019][T15272]  __alloc_skb+0x112/0x2d0
[  887.454057][T15272]  netlink_sendmsg+0x5c6/0xb30
[  887.454082][T15272]  ? is_bpf_text_address+0x26/0x2b0
[  887.454130][T15272]  ? __pfx_netlink_sendmsg+0x10/0x10
[  887.454166][T15272]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  887.454200][T15272]  ? __pfx_netlink_sendmsg+0x10/0x10
[  887.454232][T15272]  __sock_sendmsg+0x21c/0x270
[  887.454271][T15272]  ____sys_sendmsg+0x508/0x820
[  887.454306][T15272]  ? __pfx_____sys_sendmsg+0x10/0x10
[  887.454347][T15272]  ? import_iovec+0x74/0xa0
[  887.454378][T15272]  ___sys_sendmsg+0x21f/0x2a0
[  887.454410][T15272]  ? __pfx____sys_sendmsg+0x10/0x10
[  887.454481][T15272]  ? __fget_files+0x2a/0x420
[  887.454514][T15272]  ? __fget_files+0x3a6/0x420
[  887.454560][T15272]  __x64_sys_sendmsg+0x1a1/0x260
[  887.454593][T15272]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  887.454634][T15272]  ? __pfx_ksys_write+0x10/0x10
[  887.454669][T15272]  ? do_syscall_64+0xbe/0xfa0
[  887.454708][T15272]  do_syscall_64+0xfa/0xfa0
[  887.454740][T15272]  ? lockdep_hardirqs_on+0x9c/0x150
[  887.454773][T15272]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  887.454797][T15272]  ? clear_bhb_loop+0x60/0xb0
[  887.454826][T15272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  887.454849][T15272] RIP: 0033:0x7fd0fe15f6c9
[  887.454870][T15272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  887.454890][T15272] RSP: 002b:00007fd0fc3be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  887.454914][T15272] RAX: ffffffffffffffda RBX: 00007fd0fe3b5fa0 RCX: 00007fd0fe15f6c9
[  887.454932][T15272] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000006
[  887.454948][T15272] RBP: 00007fd0fc3be090 R08: 0000000000000000 R09: 0000000000000000
[  887.454963][T15272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  887.454978][T15272] R13: 00007fd0fe3b6038 R14: 00007fd0fe3b5fa0 R15: 00007fff8d1e2cb8
[  887.455016][T15272]  </TASK>
[  888.083802][T15274] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  888.169371][T15274] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  888.366643][T15274] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  888.369227][T15274] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  888.370097][T15274] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  892.399977][T15274] Bluetooth: hci5: command tx timeout
[  894.419135][T15274] Bluetooth: hci5: command tx timeout
[  896.498223][T15274] Bluetooth: hci5: command tx timeout
[  898.646914][T15274] Bluetooth: hci5: command tx timeout
[  904.679956][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  904.729087][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  904.784178][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  904.810533][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  904.813864][ T5117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  906.246627][T15274] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  906.282345][T15274] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  906.285545][T15274] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  906.302047][T15274] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  906.311529][T15274] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  907.202624][T15274] Bluetooth: hci0: command tx timeout
[  909.421596][ T5117] Bluetooth: hci0: command tx timeout
[  910.331188][ T5117] Bluetooth: hci4: command tx timeout
[  911.142215][T15274] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  911.146584][T15274] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  911.148040][T15274] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  911.149317][T15274] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  911.150945][T15274] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  911.600461][ T5117] Bluetooth: hci0: command tx timeout
[  912.412390][ T5117] Bluetooth: hci4: command tx timeout
[  913.219760][ T5117] Bluetooth: hci3: command tx timeout
[  913.689415][ T5117] Bluetooth: hci0: command tx timeout
[  914.479150][ T5117] Bluetooth: hci4: command tx timeout
[  915.359653][ T5117] Bluetooth: hci3: command tx timeout
[  916.574895][ T5117] Bluetooth: hci4: command tx timeout
[  917.437712][ T5117] Bluetooth: hci3: command tx timeout
[  919.607055][ T5117] Bluetooth: hci3: command tx timeout
[  933.001610][T15274] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  933.021825][T15274] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  933.023666][T15274] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  933.025049][T15274] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  933.026007][T15274] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  935.337149][T15274] Bluetooth: hci2: command tx timeout
[  937.347801][T15274] Bluetooth: hci2: command tx timeout
[  939.426796][T15274] Bluetooth: hci2: command tx timeout
[  941.575588][T15274] Bluetooth: hci2: command tx timeout
[  942.105790][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  942.105870][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  946.504592][ T5117] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  946.511695][ T5117] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  946.539693][ T5117] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  946.541613][ T5117] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  946.542351][ T5117] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  948.785130][ T5117] Bluetooth: hci6: command tx timeout
[  950.860862][ T5117] Bluetooth: hci6: command tx timeout
[  952.939773][ T5117] Bluetooth: hci6: command tx timeout
[  955.118584][ T5117] Bluetooth: hci6: command tx timeout
[  962.017070][T15274] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  962.068575][T15274] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  962.076987][T15274] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  962.078830][T15274] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  962.080072][T15274] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  963.170378][T15274] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  963.183831][T15274] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  963.197970][T15274] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  963.202245][T15274] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  963.203057][T15274] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  964.224208][ T5117] Bluetooth: hci8: command tx timeout
[  965.333542][ T5117] Bluetooth: hci9: command tx timeout
[  966.293205][ T5117] Bluetooth: hci8: command tx timeout
[  967.444706][   T39] INFO: task syz.7.3027:15022 blocked for more than 143 seconds.
[  967.444734][   T39]       Not tainted syzkaller #0
[  967.444747][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  967.444758][   T39] task:syz.7.3027      state:D stack:25160 pid:15022 tgid:15022 ppid:8969   task_flags:0x400040 flags:0x00080003
[  967.444835][   T39] Call Trace:
[  967.444844][   T39]  <TASK>
[  967.444862][   T39]  __schedule+0x16f3/0x4c20
[  967.444927][   T39]  ? __lock_acquire+0xab9/0xd20
[  967.444963][   T39]  ? __pfx___schedule+0x10/0x10
[  967.445015][   T39]  ? schedule+0x91/0x360
[  967.445052][   T39]  schedule+0x165/0x360
[  967.445087][   T39]  schedule_timeout+0x9a/0x270
[  967.445120][   T39]  ? __pfx_schedule_timeout+0x10/0x10
[  967.445178][   T39]  ? _raw_spin_unlock_irq+0x23/0x50
[  967.445214][   T39]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.445245][   T39]  ? wait_for_completion+0x267/0x5d0
[  967.445283][   T39]  wait_for_completion+0x2bf/0x5d0
[  967.445331][   T39]  ? __pfx_wait_for_completion+0x10/0x10
[  967.445374][   T39]  ? __init_swait_queue_head+0xa9/0x150
[  967.445409][   T39]  rcu_barrier+0x463/0x570
[  967.445448][   T39]  kvm_mmu_uninit_vm+0x53/0x90
[  967.445487][   T39]  kvm_arch_destroy_vm+0x23d/0x280
[  967.445524][   T39]  kvm_put_kvm+0x6ca/0xa80
[  967.445567][   T39]  ? __pfx_kvm_vm_release+0x10/0x10
[  967.445599][   T39]  kvm_vm_release+0x46/0x50
[  967.445629][   T39]  __fput+0x45b/0xa80
[  967.445668][   T39]  task_work_run+0x1d4/0x260
[  967.445697][   T39]  ? __pfx_task_work_run+0x10/0x10
[  967.445726][   T39]  ? exit_to_user_mode_loop+0x40/0x130
[  967.445765][   T39]  exit_to_user_mode_loop+0xe9/0x130
[  967.445797][   T39]  do_syscall_64+0x2bd/0xfa0
[  967.445832][   T39]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.445866][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.445890][   T39]  ? clear_bhb_loop+0x60/0xb0
[  967.445925][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.445951][   T39] RIP: 0033:0x7fe7ca71f6c9
[  967.445972][   T39] RSP: 002b:00007ffd6a3a6f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  967.445998][   T39] RAX: 0000000000000000 RBX: 00007fe7ca977da0 RCX: 00007fe7ca71f6c9
[  967.446015][   T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  967.446030][   T39] RBP: 00007fe7ca977da0 R08: 0000000000000000 R09: 0000000a6a3a726f
[  967.446048][   T39] R10: 000000000003fd80 R11: 0000000000000246 R12: 00000000000c7772
[  967.446064][   T39] R13: 00007ffd6a3a7070 R14: ffffffffffffffff R15: 00007ffd6a3a7090
[  967.446105][   T39]  </TASK>
[  967.446136][   T39] 
[  967.446136][   T39] Showing all locks held in the system:
[  967.446159][   T39] 2 locks held by kworker/u8:0/12:
[  967.446174][   T39]  #0: ffff8881446c7138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  967.446238][   T39]  #1: ffffc90000117ba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  967.446301][   T39] 7 locks held by ksoftirqd/0/15:
[  967.446317][   T39] 5 locks held by ksoftirqd/1/30:
[  967.446331][   T39] 1 lock held by khungtaskd/39:
[  967.446345][   T39]  #0: ffffffff8d5aa840 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  967.446408][   T39] 5 locks held by kworker/u8:5/72:
[  967.446446][   T39] 3 locks held by kworker/u8:11/3584:
[  967.446459][   T39]  #0: ffff88802f971138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  967.446520][   T39]  #1: ffffc9000da67ba0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  967.446582][   T39]  #2: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  967.446642][   T39] 2 locks held by getty/5555:
[  967.446656][   T39]  #0: ffff88823bf700a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  967.446716][   T39]  #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  967.446784][   T39] 1 lock held by syz-executor/5785:
[  967.446799][   T39] 3 locks held by kworker/u8:14/5994:
[  967.446813][   T39] 3 locks held by kworker/u8:15/6105:
[  967.446827][   T39]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  967.446895][   T39]  #1: ffffc90005847ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  967.446955][   T39]  #2: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  967.447020][   T39] 1 lock held by syz.6.893/8799:
[  967.447034][   T39]  #0: ffffffff8d5b01f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  967.447094][   T39] 1 lock held by syz-executor/10715:
[  967.447108][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  967.447180][   T39] 2 locks held by syz.5.2954/14833:
[  967.447194][   T39] 1 lock held by syz-executor/14938:
[  967.447208][   T39]  #0: ffffffff8d5b01f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  967.447266][   T39] 1 lock held by syz.7.3027/15022:
[  967.447280][   T39]  #0: ffffffff8d5b01f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  967.447337][   T39] 1 lock held by syz-executor/15119:
[  967.447351][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  967.447414][   T39] 1 lock held by syz-executor/15163:
[  967.447428][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  967.447483][   T39] 1 lock held by syz.3.3120/15261:
[  967.447497][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  967.447558][   T39] 1 lock held by syz-executor/15273:
[  967.447572][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  967.447627][   T39] 1 lock held by syz-executor/15292:
[  967.447641][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.447705][   T39] 1 lock held by syz-executor/15302:
[  967.447719][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.447782][   T39] 1 lock held by syz-executor/15311:
[  967.447796][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.447859][   T39] 1 lock held by syz-executor/15314:
[  967.447873][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.447937][   T39] 1 lock held by syz-executor/15317:
[  967.447952][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.448015][   T39] 1 lock held by syz-executor/15321:
[  967.448029][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.448092][   T39] 1 lock held by syz-executor/15323:
[  967.448106][   T39]  #0: ffffffff8e863338 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  967.448177][   T39] 
[  967.448184][   T39] =============================================
[  967.448184][   T39] 
[  967.448196][   T39] NMI backtrace for cpu 1
[  967.448216][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  967.448243][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  967.448258][   T39] Call Trace:
[  967.448268][   T39]  <TASK>
[  967.448278][   T39]  dump_stack_lvl+0x189/0x250
[  967.448319][   T39]  ? __pfx_dump_stack_lvl+0x10/0x10
[  967.448356][   T39]  ? __pfx__printk+0x10/0x10
[  967.448400][   T39]  nmi_cpu_backtrace+0x39e/0x3d0
[  967.448430][   T39]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  967.448460][   T39]  ? __pfx__printk+0x10/0x10
[  967.448495][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  967.448527][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  967.448558][   T39]  watchdog+0xf60/0xfa0
[  967.448598][   T39]  ? watchdog+0x1e2/0xfa0
[  967.448640][   T39]  kthread+0x711/0x8a0
[  967.448679][   T39]  ? __pfx_watchdog+0x10/0x10
[  967.448711][   T39]  ? __pfx_kthread+0x10/0x10
[  967.448745][   T39]  ? rt_spin_unlock+0x150/0x200
[  967.448776][   T39]  ? rt_spin_unlock+0x161/0x200
[  967.448800][   T39]  ? __pfx_kthread+0x10/0x10
[  967.448833][   T39]  ret_from_fork+0x4bc/0x870
[  967.448864][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  967.448898][   T39]  ? __switch_to_asm+0x39/0x70
[  967.448918][   T39]  ? __switch_to_asm+0x33/0x70
[  967.448939][   T39]  ? __pfx_kthread+0x10/0x10
[  967.448972][   T39]  ret_from_fork_asm+0x1a/0x30
[  967.449018][   T39]  </TASK>
[  967.449029][   T39] Sending NMI from CPU 1 to CPUs 0:
[  967.449061][    C0] NMI backtrace for cpu 0
[  967.449086][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  967.449109][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  967.449122][    C0] Workqueue: events rtc_timer_do_work
[  967.449151][    C0] RIP: 0010:rtc_cmos_read+0x10/0x20
[  967.449173][    C0] Code: e5 fe ff ff e8 11 1a 58 09 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 89 fb e8 64 66 56 00 89 d8 e6 70 <e4> 71 5b e9 58 d8 5b 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90
[  967.449190][    C0] RSP: 0018:ffffc900000f76c0 EFLAGS: 00000293
[  967.449206][    C0] RAX: 0000000000000004 RBX: 0000000000000004 RCX: ffff88801b2d1e00
[  967.449220][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  967.449231][    C0] RBP: 0000000000000051 R08: 0000000000000000 R09: 0000000000000000
[  967.449243][    C0] R10: dffffc0000000000 R11: ffffffff86fd6660 R12: 1ffff9200001eef0
[  967.449258][    C0] R13: 0000000000000004 R14: ffffc900000f7904 R15: dffffc0000000000
[  967.449272][    C0] FS:  0000000000000000(0000) GS:ffff888126df7000(0000) knlGS:0000000000000000
[  967.449288][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  967.449302][    C0] CR2: 00007fa38bd64ac2 CR3: 000000000d3a6000 CR4: 00000000003526f0
[  967.449319][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  967.449330][    C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  967.449343][    C0] Call Trace:
[  967.449351][    C0]  <TASK>
[  967.449358][    C0]  mc146818_get_time_callback+0x97/0x380
[  967.449379][    C0]  ? __pfx_mc146818_get_time_callback+0x10/0x10
[  967.449404][    C0]  mc146818_avoid_UIP+0xa2/0x1b0
[  967.449436][    C0]  mc146818_get_time+0x95/0x4b0
[  967.449467][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  967.449497][    C0]  ? __pfx_mc146818_get_time+0x10/0x10
[  967.449528][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  967.449556][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  967.449587][    C0]  ? __pfx_cmos_read_time+0x10/0x10
[  967.449604][    C0]  cmos_read_time+0x57/0xf0
[  967.449623][    C0]  __rtc_read_time+0xdf/0x300
[  967.449646][    C0]  ? rtc_timer_do_work+0xc8/0x920
[  967.449674][    C0]  rtc_timer_do_work+0xd6/0x920
[  967.449700][    C0]  ? do_raw_spin_lock+0x121/0x290
[  967.449722][    C0]  ? look_up_lock_class+0x74/0x170
[  967.449752][    C0]  ? __pfx_rtc_timer_do_work+0x10/0x10
[  967.449780][    C0]  ? __lock_acquire+0xab9/0xd20
[  967.449813][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  967.449840][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  967.449867][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  967.449890][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  967.449915][    C0]  process_scheduled_works+0xae1/0x17b0
[  967.449955][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  967.449989][    C0]  worker_thread+0x8a0/0xda0
[  967.450015][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  967.450048][    C0]  ? __kthread_parkme+0x7b/0x200
[  967.450080][    C0]  kthread+0x711/0x8a0
[  967.450109][    C0]  ? __pfx_worker_thread+0x10/0x10
[  967.450133][    C0]  ? __pfx_kthread+0x10/0x10
[  967.450161][    C0]  ? rt_spin_unlock+0x150/0x200
[  967.450186][    C0]  ? rt_spin_unlock+0x161/0x200
[  967.450206][    C0]  ? __pfx_kthread+0x10/0x10
[  967.450235][    C0]  ret_from_fork+0x4bc/0x870
[  967.450259][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  967.450286][    C0]  ? __switch_to_asm+0x39/0x70
[  967.450304][    C0]  ? __switch_to_asm+0x33/0x70
[  967.450322][    C0]  ? __pfx_kthread+0x10/0x10
[  967.450351][    C0]  ret_from_fork_asm+0x1a/0x30
[  967.450381][    C0]  </TASK>
[  967.462515][ T5117] Bluetooth: hci9: command tx timeout
[  968.372470][ T5117] Bluetooth: hci8: command tx timeout
[  969.661367][ T5117] Bluetooth: hci9: command tx timeout
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  970.451091][ T5117] Bluetooth: hci8: command tx timeout
[  971.820320][T15274] Bluetooth: hci9: command tx timeout
[  974.528914][ T5117] Bluetooth: hci7: command 0x0406 tx timeout