last executing test programs: 11m14.236252302s ago: executing program 0 (id=21): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r5, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 11m10.291015564s ago: executing program 0 (id=26): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 11m7.097780633s ago: executing program 0 (id=31): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) io_setup(0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r5 = dup3(r4, r3, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11m4.276736162s ago: executing program 0 (id=35): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f000001b000)=ANY=[], 0x1238}], 0x1, 0x0, 0x0, 0x10004800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r5], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syncfs(r6) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10m59.666770209s ago: executing program 0 (id=42): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{0x0, 0x1238}], 0x1, 0x0, 0x0, 0x10004800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r5], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syncfs(r6) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10m53.121516649s ago: executing program 0 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f00000017c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) 10m37.528561503s ago: executing program 32 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) syz_usb_connect$cdc_ecm(0x1, 0x4d, &(0x7f00000017c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) 9m52.519485405s ago: executing program 1 (id=142): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 9m50.993489149s ago: executing program 1 (id=145): r0 = syz_open_dev$video(0x0, 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r5, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 9m49.480370494s ago: executing program 1 (id=146): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 9m48.578120758s ago: executing program 1 (id=147): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r4, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r5, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 9m38.283458879s ago: executing program 1 (id=160): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x18) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x36}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_extract_tcp_res$synack(&(0x7f00000001c0)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0xb0, &(0x7f0000000380)={@broadcast, @remote, @void, {@ipv6={0x86dd, @tcp={0xd, 0x6, "9638ff", 0x7a, 0x6, 0x1, @private2, @empty, {[@srh={0x16, 0x4, 0x4, 0x2, 0x1, 0x40, 0xffff, [@private2={0xfc, 0x2, '\x00', 0x1}, @empty]}], {{0x4e24, 0x4e23, r7, 0x41424344, 0x1, 0x0, 0x6, 0x10, 0x1, 0x0, 0x6, {[@mss={0x2, 0x4, 0xb}]}}, {"613cb06ba353358e5d1d42c84ff14774ae1dd2ef1ee80f654ee2b77f3796c63d7e6a2d6c71c82a9698aca25cdc37f8cfddb99bfabf957ec35df8"}}}}}}}, 0x0) r8 = signalfd4(r6, &(0x7f00000000c0)={[0xff]}, 0x8, 0x80800) io_uring_enter(r8, 0x43d0, 0x4add, 0x1, &(0x7f0000000140)={[0x8]}, 0x8) 9m34.180164109s ago: executing program 1 (id=163): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) epoll_create1(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x1, 0x80802, 0x0) epoll_create1(0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000040)=0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 9m18.969293226s ago: executing program 33 (id=163): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) epoll_create1(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x1, 0x80802, 0x0) epoll_create1(0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @remote}}}, &(0x7f0000000040)=0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 15.883280564s ago: executing program 2 (id=966): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 10.976278115s ago: executing program 4 (id=973): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f000001b000)=ANY=[@ANYBLOB="381200003300000126bd7000fddbdf253010fb801d101380783cabcf3de8f3c211caac293bfba1f6c66248e2705bfdeaf3e518701e75b6870e949c9efe541264de467766dfe253da80bc4601fddfb29d68a356ca39cba5bb876bdee1d1f6640bb64e313f030da7715e4e5f282235c21405e318614f33083a4b615d83fbc2757362a21e81598dd1c94f416f7fe0291ee066acb78990917d93450dc091617b2b9b856b762e98782567c7ae32d25d68ac22ba4415ab4e9411b60459b5fe04a16c83cb50e70b539e77b39213d9c96b5f0eaa04346eb659528defaefebc201f6fd8a70ef275ffc1ccaf61d56015c4bb63039c3b5db172b76ef8c834ae9df36f8764c27785f4098f8bbe8190e92a2f53d0e17cbd0e3150c8839cfd779a96807dfb84d6d424978b1060dc0fe13a00d526681c018bd90b954e1dd4f36787f6cf693c4a428c8cc5a6c0c77a940f5911f6191babbb44ddb0874a2e573d9a4c41cc89134dc1498259ae3da6f5e2bb40631050a2b28b86f43fa397c8cb73698f2625d966e2695db75c2d719077e59f4278644ce09c0b5cd873f4ce68a6d88819c0caf1c3b58612897c74636701d99260c2ed0e29392f96e6b46a5d8e4797d49f7db2400f81bbdfe7fedab277d090a977eb6d3143e34ab570975d403d9d5975d8a1b373d0322ea31faf954d8921cca83c962e55959bb2b82ab789e617a67200d503f89c88d6e8f04deb2773349669e22cdc62f0d6037bc11334f3b7f3c203866d39f6f2f15215fa9a707960c2f6d5229ee00a879a842724c9f633dcb55114d5b4ae228f59001fdea972a1e2893ca0f1855a3918dda375af22d6531cf30c28f84ab3f45d7893f65a9ac09cca966c896c79172b1f8b8da2af3c82ad641eb3db53966e1f670fa1f94465c356331e7a9e39be91d6b2719780109b8e0fae2ad2c85814892d2bdc40d650d54e75277ba22818857a3ce176b85f447a52d43e52d621422695ce1bbeaaa3611d296953b63f08238844704293e37334ef7dc826b87704ffa5e634c89fe70223869ef8484d0dbab21bf206fae62fa6b645ecd4f1f0ea1107ec9ae55882dd92b099da4cd71ab2493b81a3eee6f617dd53af22ff15b01e97689db12b6fe53f941207303d1e822a7b98303617efdaa4e844df85dac246617b3aff4cd0bb5db224a59fa4e7161c4862114cdec7a7b9f4ffcbd7e8a9dc761dc3368a0f37541463227ae5cf525441ab99b9ba09d70b4c2ad9719a5c48258398e77adb9d1f8dcc64d8d658cfcd1b5fef2669f1b2c19f0988268611a644f02f13b86377a9203c36091545f09d62c96c98732c2619cc81dbd4ca19dd62141ce8421dbc28de8b32fa91631b8957025c89812d5fdd72d79aa5d1f765aaa08317915d35ebdfc8a880923596ffbbe4bc6bbd81427869350d59a206c96c813efb25bade849f515e6b6a47c6ccb2131e60c8c05891ea8f065baf49459218c32257c13a82b423cee266dbf51f500ce996d76a723e662f3c3d2fddaff5c050f2ef2e17d0fafb0c42a82184201d8732fa4f1c370384fed4b0d8ee842f2de5523aed2e09e2c484f940a1736359711eb655bd00504e76f3c72f26970d3c05b00ea25803e8be24d7751baadfda870d3e0e64514f0b290a052071cd8f71a2c6ff4850b891c3f1818e0774794c46c62d511db9ee5b960404c866850602205b15b287e6d3279e6a5d1dce653ef770f68af6a16dfa552145e18dd0b185571f29542c24b753ee6ee5f5fb448afcfe643d540e7a120ebf36f2e4f3a30b46d8497ad69b5a55ee023709f640d44e1ba6a4da79579fbaf66676c8e2f60a1a8e3fe123a70b4604e75db29ee19bb8805e22195aeda6b0412c750e0043a53c673e24f9bf68544089b1bc8fe1763e0b157106cec5b21847eeea377c258bac16ff48a208b4c7d3cd1fcf410d22148beb6f95317061c1de7e2d87c448bc2c00069d2e886a7a37c4ced954d2b06ee6de91785a967d4dd117b83fdf7786133abd08ac3399ba7e6f521d933e14966ca444056c4289ec24c76b9eed38ceae0c5493dbe53c20063ac6f9290663cad2b4c73b5276bc5a17847e9098563928694a0316d7d73c4a439bd0fb91fdb520d9b92c5c686ed1122383012b84f4846f4d5e0c5fedf74c9c07ec64da1f2157feee49aa476a4d2b830f528f1c8bf8b7b76ecf7d2266ed1b9d8278a5923501cf134fb9e59f1ee9a5c1397387c2959e0743e634cc41782b57f8c7ea51525150c443066b352f84050fbfb72f55680f24461c791024efa74022caa8d58f1e9985e910f25aa92bfe756ab3eacf8079e7eb7f970165b3ff1bf1ca457ab5f4d9a1a08448ffca704fcee8030a7d8aca43ae64b0be45efd5151bcea83845720d210aa76ef748810e46ffb0cdb7bad706a24d6cb076171a6b79f5de5ac6b8190919a68b1b41b173914dd37d599f7a78587c4ee606b31949a88e6a790e000000008d32f05a22e68d22793282b716d151d9de60e24cc049e3bf4cce36fe43b5ea824a7b3c854860ceed13d466439263353e81940e7ded03f31211cc714f4cdf240516025f1f5621cced4b88a4e48c940d6f46ff2f57f0583046b650a440c4ea8e9fab79e98d7529db2f11cc7529bb361cf8cb65600ffb36eb5fd93acbdd58398ecbb0befd277e267051f93dc3e7c6a5212c2ed990eb60d9d451b4458cb44cd691dac77ece483236e3006b7f7913e39f685ca41bcd1692494370acb70d0cfdc9e6de0bcd602040a0bc2de02a8cd477fef88b5410f5dfea1cd32d25464853d56c82abd3c11caebd992ca656e88a10ca2779f887472d5064fddd7397eb0205c419b23c2756a3b9b722ff273907c50f8b176834edcc1268e036214a2a25651c719541a4f7729ef7e32dee27c5b910bfea677c562138b30b3355b462c8f910874acc292f6787f8d94fa1cb2e648789cc67d05eb49d6d3c8788a024e3c523c4ee282764090044b44f30a9848daf2522b76448ecb9249ffe58dad4363b1d08181131a89af718ecbd5ffe44e032ca26664eecabc9aa57a875b5964ea492b7e745606a3f4ab36130a8a43a19be74709dea4eeebf5e53706685122e6603247996d672dacdf1bbadf5df111cfe7e72f5b2c6cdc32c1e4eed30147c9a51c5abd4214c577c4c8d1725daf906d145c6ff2c9ab0fc3da4edfb92be40b4af234c2bc147b2d08a801b539928cb754f2f6d2d4280ee0c834ee4f5eb8b0662ffa6f7154307b0fe55fe248a3f953a09b06244674adbf31dd7489be3f26423140ffe98671ca413d678047096fcad53f5bca7e602354553af02c225a67e4e8eabf298495a99de9653638405ebe78dc75e6d16c39e1547dadbc07a014369e39175991368d05be623656c4ecb3735612546b9a9c1490f834cab7567e61c8b2669aa62f156f2ff3b76b32e11b0e0acb6c7ccd6623bef1a5ccbe5f477ae90b3918899fc6b6075c514deaf387d5f09cd59f3fb3c0a9614f1eec092a8f7c6bd200e04da47085d58adc08f1f0651f7ce0cea5792a30aa2bee9970913fc9e79bcf0b5c55adfa6967a44b84ffcd3ce7fb47a610773eb9323b8ab3b5b9670f3ddc06e673e5ebe929f1ae4508decd56a2cefc34bab4703bbd3d83fcfdc27fc4e8a799a34742526848f6aae932ec98959f46ea50f12e0ad3ba4ef50a7b4defdf2fcf8dd2afdb8f29a1b7eed384b17c8b4ff4cfc220745cef2c083615eee226bccb8f2b7faf5a8948e60edc37a644b70011ff8b608da74a3873b2d8a6ba50dcce8a5ed6fe96c599c6d0b8a431f0b96789e974ea48400b94c2d1fbb7a8908de838cc64d4de93d506dfb450012df4af40d5980aed567e0b94281f8109ae7cb42f8253783a9ccb1cdd07245b31c0a00f13b42eedea9dd6d031f283a277f140f7ccacffc4e76829fede0479d59a542f873524651dbed995a00749e1b06182f073ebc3122ef1b007436d9eeb89d4f82ad366361ae8bb54e795b5c3d0594ccab1d5019f4b9191fd7c84598c866a8f98b2759738a65af53943b466aec83bb055e8f6c6e7755862de6c4c203fa67663702783f5f19459620a99f4de75fc85efedc44cf65adaaead7038406ebc507048b115c44209057f887f204a60ad9f6abc9b7983b930be5115cd91de9723bef58d29e421e123c7fa19ac3de2900827041d096ce0d589d45159c322ff3529687b89a10dd6c628977aedb1547ab6630995b48edba0a6f0e9ce99166dd7acdab5253f6bd4c3891c45d6ce4cf136a77eb9a343569b57559215f79051388cff4761a3a63f6c73d8d7aafa8053e4f764f1c37b8b57128ecea00d7046c7532576bd413e01bf6df40bb1c3bf0480efbb1407003a98b1014552d2a1ecf99ba29c063ba96b3555cca24a211c2c604766a6b503a875040039f23f7ed46566519ee1aed0167c774555b623bee2bcfe83459af5527b312a19298e8323cd9b3fe5e075ee0867aadae8bc81939919d6d36834a87c1bf9e47d467395892aa09f12cfc172a2a9a44a43ff880219487798a206fbaca25172b3f00867d3f100f355ccb987bd0c41c015d791bae97c258ea4138a377fee51219e917893248391b7b2fa8d1bedc3ac71e5dd6ac382a0c8e0753f16bda800108d9dcbf9ccb192136b1cc555129afd8821b007543ff2d14f07003fe05cdd5fd133295c36bd44aca53c8fd91428fbd72951d4a97006636456baeac6c4d2f75d864e5aec7e738d865f2a0e5bdfadccc2486241fb38c024f981b08c8ad06bd48e99ee116c764d894f39e603949a4644ab2ed942d933876f16949c833f0bf1962b908087ff77b9318945edd47cf5c6b329e0dc403944fc9fc49e0c88f0177ba649ce61b4758ccdce20df2abbc45fec9e350286898d3fbc0ace3f75a5d8667438217ad564903ce64ee98e90ea770e431bec58c7d624278c5dc5955a555056be562308c7a003abdeb13456d43c245bcaa63c4ed17a4fb73cd53d890130322ad78c9b53073e7146ee8cc36f29f632c0e554dbcf161ab7a01badd56a0d84c8f337a2a3248c4ec96445158cb59060c352df81f6b85cccda5a0d737d44101a413d9edf5ed0bf16537520bd544e25540124ac7fc202bb8db6b141fca9cc25e85b4d064535de0dc5b8868025b71f8950ddc35d6b1bf04d8440c8ea2660fa3476578981bb467e9a54a9ebb2561f1414d34a922168537cde92375d6bb4e35cf4e2655cb0daca2a1b75013a9a5f72768b061492a381d1e339970a322f07ff3d0b9af33af6a191ed778a99b721eb89a294ebf76748230837f75cb9f5f31a0dcc4b9f6dcc99487e5799e1ff5db60f7193308a4b40dcac5e9aa3a288c03d724a5e2da794590446c236234eb0b34cc60fde282400039d7a263fad5b2df94907c54b07cc0d3e6d97a64e7306131f741caec8bfca4e40b033f4633a63d0845db13b0b59b3eb0ad2cde32856ee356d8e910524f71aa75d1b527bd0c69c7126f7d18644c3547acedcac805f9077778362d40004e8fb4d6de7f3dd679e1519f8896174be1fb", @ANYRES32=0x0, @ANYBLOB="f7a0892a0f44ae21cef9bccdc148b946ddef45529a62c9e1934ed61f2ddf4fdbe9bb7c15cb11095e580d4d866f2d5b708e455bf1f43dde72df495711a095ce0940bf134854b7c70a45393aba65021b51892210c9adf6fc0b74be5275c5a5bfc70b89ce"], 0x1238}], 0x1, 0x0, 0x0, 0x10004800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r5], 0x10) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x20000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syncfs(r6) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.968640607s ago: executing program 2 (id=974): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r6}) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000280), &(0x7f0000000300)=[r7], &(0x7f0000000340)}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = syz_io_uring_setup(0x88d, &(0x7f0000000140)={0x0, 0xcfe8, 0x0, 0xffffffff, 0x121}, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r11, 0x0, 0x0) r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r12) sendmsg$NFC_CMD_LLC_SET_PARAMS(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x1c, r13, 0x101, 0x0, 0x0, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0xf00}]}, 0x1c}}, 0x0) io_uring_enter(r10, 0x47f6, 0x0, 0x0, 0x0, 0x0) recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, 0x0}, 0x1f00) sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000000)={0x110, @tick=0x1, 0x78, {0x4, 0x1}, 0x3a, 0x0, 0x2}) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) 8.932154063s ago: executing program 2 (id=976): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5", @ANYRES32=0x0, @ANYRES64, @ANYRESOCT], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000000)={0x4}, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x3, 0x0, 0x7, 0x6274}]}) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) creat(0x0, 0xd931d3864d39dcca) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x0, 0x0) recvmmsg(r4, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) syz_open_dev$sndmidi(0x0, 0x5, 0x141101) syz_io_uring_setup(0x2642, &(0x7f0000000280)={0x0, 0x1ca0, 0x2, 0x3, 0x351}, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_j1939(r6, &(0x7f0000000140)={0x1d, r7}, 0x18) sendmmsg(r6, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0) 8.898920745s ago: executing program 3 (id=977): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5", @ANYRES32=0x0, @ANYRES64, @ANYRESOCT], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000000)={0x4}, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x3, 0x0, 0x7, 0x6274}]}) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) creat(0x0, 0xd931d3864d39dcca) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x0, 0x0) recvmmsg(r4, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) syz_open_dev$sndmidi(0x0, 0x5, 0x141101) syz_io_uring_setup(0x2642, &(0x7f0000000280)={0x0, 0x1ca0, 0x2, 0x3, 0x351}, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r6}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r6}, 0x18) sendmmsg(0xffffffffffffffff, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0) 7.351186714s ago: executing program 3 (id=978): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r2) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r4, 0x0, 0xae6, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) 7.26118178s ago: executing program 4 (id=979): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) timer_create(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x2, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) 5.703795276s ago: executing program 4 (id=980): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@deltaction={0x44, 0x31, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x30, 0x1, [{0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xc810}, 0x850) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x201, 0x4800003e, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000680)={0x0, 0x4e, "d462c64d01ae206935a0a8bc88e78bc43576f6e2470a1d2a68d35db918d0857fe5407064ec2ca636ef2694e3b2b5999bc6393053706b28d7ddc884fbd9e1ae04fd8c3bb38d5e53831fbfcbe276e6"}, &(0x7f0000000700)=0x56) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r5, &(0x7f0000000380)={{0x3, @null, 0x1}, [@null={0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000740)={0x0, 0x8, 0x7fffffff, 0x8}, &(0x7f0000000780)=0x10) getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f00000007c0)={r4, 0x8000, 0x8, 0x3, 0x2, 0x1, 0x101, 0x7ff, {r6, @in6={{0xa, 0x4e24, 0x5, @loopback}}, 0x7fff, 0x5, 0xb, 0xf, 0x3}}, &(0x7f0000000880)=0xb0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r7, 0x0, 0xfffffffffffffffd}, 0x18) socket$inet6_sctp(0xa, 0x5, 0x84) r8 = getpgid(0x0) r9 = syz_pidfd_open(r8, 0x0) r10 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r11 = pidfd_getfd(r9, r10, 0x0) readlinkat(r11, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 5.651845674s ago: executing program 3 (id=981): r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86c}}) socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) r3 = getpid() ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x20040442) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001800), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'gretap0\x00'}) shutdown(r4, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000300)={'\x00', 0x902, 0x100, 0x8, 0x0, 0x8, r3}) 5.392852485s ago: executing program 3 (id=982): bind$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @default, 0x1}, [@null, @null, @default, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) writev(0xffffffffffffffff, &(0x7f0000001240)=[{&(0x7f0000000000)="ed", 0x1}], 0x1) 5.371323127s ago: executing program 4 (id=983): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$key(0xf, 0x3, 0x2) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_extract_tcp_res$synack(&(0x7f00000001c0)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0xb0, &(0x7f0000000380)={@broadcast, @remote, @void, {@ipv6={0x86dd, @tcp={0xd, 0x6, "9638ff", 0x7a, 0x6, 0x1, @private2, @empty, {[@srh={0x16, 0x4, 0x4, 0x2, 0x1, 0x40, 0xffff, [@private2={0xfc, 0x2, '\x00', 0x1}, @empty]}], {{0x4e24, 0x4e23, r5, 0x41424344, 0x1, 0x0, 0x6, 0x10, 0x1, 0x0, 0x6, {[@mss={0x2, 0x4, 0xb}]}}, {"613cb06ba353358e5d1d42c84ff14774ae1dd2ef1ee80f654ee2b77f3796c63d7e6a2d6c71c82a9698aca25cdc37f8cfddb99bfabf957ec35df8"}}}}}}}, 0x0) signalfd4(r4, &(0x7f00000000c0)={[0xff]}, 0x8, 0x80800) 4.780208875s ago: executing program 3 (id=984): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[0x0], &(0x7f0000000280), 0x1, r6}) ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000280), &(0x7f0000000300)=[r7], &(0x7f0000000340)}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = syz_io_uring_setup(0x88d, &(0x7f0000000140)={0x0, 0xcfe8, 0x0, 0xffffffff, 0x121}, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r11, 0x0, 0x0) r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nfc(&(0x7f0000000480), r12) sendmsg$NFC_CMD_LLC_SET_PARAMS(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x1c, r13, 0x101, 0x0, 0x0, {}, [@NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0xf00}]}, 0x1c}}, 0x0) io_uring_enter(r10, 0x47f6, 0x0, 0x0, 0x0, 0x0) recvmsg(r8, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, 0x0}, 0x1f00) sendmsg$tipc(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, &(0x7f0000000000)={0x110, @tick=0x1, 0x78, {0x4, 0x1}, 0x3a, 0x0, 0x2}) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0) 3.565583175s ago: executing program 2 (id=985): r0 = socket$inet6(0xa, 0x802, 0x88) sendto$inet6(r0, 0x0, 0x0, 0x40488c1, &(0x7f0000000180)={0xa, 0x4e23, 0x1001, @loopback, 0x4}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.460827939s ago: executing program 2 (id=986): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5", @ANYRES32=0x0, @ANYRES64, @ANYRESOCT], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000000)={0x4}, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000340)=[{0x3, 0x0, 0x7, 0x6274}]}) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) creat(0x0, 0xd931d3864d39dcca) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x0, 0x0) recvmmsg(r4, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) syz_open_dev$sndmidi(0x0, 0x5, 0x141101) syz_io_uring_setup(0x2642, &(0x7f0000000280)={0x0, 0x1ca0, 0x2, 0x3, 0x351}, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r6}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, r6}, 0x18) sendmmsg(0xffffffffffffffff, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0) 1.69190969s ago: executing program 3 (id=987): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) request_key(&(0x7f0000000000)='ceph\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f00000000c0)='hmac(sha384)\x00', 0xfffffffffffffffd) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002400)=ANY=[], 0xc00}}, 0x804) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffffff7}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x1000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0xffff, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) 1.213340918s ago: executing program 2 (id=988): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0xffff, 0x8000}, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000fc0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x236, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x10, 0xf, [{{0x9, 0x4, 0x0, 0xf9, 0x2, 0x3, 0x1, 0x2, 0x4, {0x9, 0x21, 0x1, 0x90, 0x1, {0x22, 0x566}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x81, 0xff, 0x8}}}}}]}}]}}, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0}) 1.088053062s ago: executing program 4 (id=989): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r2) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r4, 0x0, 0xae6, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 4 (id=990): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x40001, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) (fail_nth: 3) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xff) kernel console output (not intermixed with test programs): C1] vkms_vblank_simulate: vblank timer overrun [ 523.661627][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.006439][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.694754][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.823765][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.923293][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.023274][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.311276][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.111631][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.022847][ T8496] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 527.044855][ T8496] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 527.048383][ T8496] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 527.064811][ T8496] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 527.070261][ T8496] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 527.128953][ T8202] team0: Port device team_slave_0 added [ 527.149378][ T8202] team0: Port device team_slave_1 added [ 528.303139][ T8202] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 528.303161][ T8202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 528.303187][ T8202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 528.397358][ T6033] bridge_slave_1: left allmulticast mode [ 528.564676][ T6033] bridge_slave_1: left promiscuous mode [ 528.565002][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state [ 528.661450][ T6033] bridge_slave_0: left allmulticast mode [ 528.661486][ T6033] bridge_slave_0: left promiscuous mode [ 528.661872][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.741078][ T8511] fuse: Unknown parameter '0x0000000000000007' [ 528.820121][ T6033] bridge_slave_1: left allmulticast mode [ 528.820158][ T6033] bridge_slave_1: left promiscuous mode [ 528.820464][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.062399][ T6033] bridge_slave_0: left allmulticast mode [ 529.062434][ T6033] bridge_slave_0: left promiscuous mode [ 529.062710][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.116058][ T8496] Bluetooth: hci4: command tx timeout [ 530.542185][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 530.768664][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.317090][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.673778][ T8496] Bluetooth: hci4: command tx timeout [ 531.699645][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.796604][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.844084][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 533.963410][ T31] usb 4-1: new low-speed USB device number 20 using dummy_hcd [ 534.023306][ T8496] Bluetooth: hci4: command tx timeout [ 534.107835][ T6033] bond0 (unregistering): Released all slaves [ 535.234426][ T31] usb 4-1: unable to get BOS descriptor or descriptor too short [ 535.293530][ T31] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 535.293586][ T31] usb 4-1: can't read configurations, error -71 [ 535.618946][ T8554] fuse: Unknown parameter '0x0000000000000007' [ 535.944655][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 536.210245][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.723666][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.753602][ T8496] Bluetooth: hci4: command tx timeout [ 536.765569][ C1] vkms_vblank_simulate: vblank timer overrun [ 536.901740][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.026185][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.293272][ T6033] bond0 (unregistering): Released all slaves [ 537.432343][ T8202] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 537.432370][ T8202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 537.432399][ T8202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 537.972101][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.089976][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.714224][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 540.024812][ T6033] hsr_slave_0: left promiscuous mode [ 540.087477][ T6033] hsr_slave_1: left promiscuous mode [ 540.088601][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 540.194608][ T8576] fuse: Unknown parameter 'use00000000000000000000' [ 540.360422][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 540.964734][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.010043][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.239078][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.573678][ T6056] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 543.377536][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 543.394010][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 543.395385][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 543.402700][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 543.406579][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 543.458954][ T6056] usb 3-1: unable to get BOS descriptor or descriptor too short [ 543.460043][ T6056] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 543.460076][ T6056] usb 3-1: can't read configurations, error -71 [ 543.651691][ T8588] fuse: Unknown parameter '0x0000000000000007' [ 544.743875][ C0] vkms_vblank_simulate: vblank timer overrun [ 544.860216][ T6033] team0 (unregistering): Port device team_slave_1 removed [ 545.216092][ C0] vkms_vblank_simulate: vblank timer overrun [ 547.388170][ C0] vkms_vblank_simulate: vblank timer overrun [ 547.422262][ C0] vkms_vblank_simulate: vblank timer overrun [ 547.604115][ C0] vkms_vblank_simulate: vblank timer overrun [ 547.627918][ T8496] Bluetooth: hci0: command tx timeout [ 547.887052][ T5844] usb 5-1: new low-speed USB device number 14 using dummy_hcd [ 548.086243][ C0] vkms_vblank_simulate: vblank timer overrun [ 548.124323][ T6033] team0 (unregistering): Port device team_slave_0 removed [ 548.967756][ C0] vkms_vblank_simulate: vblank timer overrun [ 549.179603][ C0] vkms_vblank_simulate: vblank timer overrun [ 549.224700][ T5844] usb 5-1: unable to get BOS descriptor or descriptor too short [ 549.225965][ T5844] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 549.226007][ T5844] usb 5-1: can't read configurations, error -71 [ 549.655968][ T5834] Bluetooth: hci0: command tx timeout [ 550.972231][ T8630] fuse: Unknown parameter '0x0000000000000007' [ 551.910142][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.934651][ T5834] Bluetooth: hci0: command tx timeout [ 552.296609][ T8637] Zero length message leads to an empty skb [ 552.684284][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.890108][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.172315][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.355380][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.430546][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.461194][ T6033] team0 (unregistering): Port device team_slave_1 removed [ 553.846916][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.171654][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.297377][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.379820][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.403513][ T5834] Bluetooth: hci0: command tx timeout [ 554.454778][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.734213][ T6033] team0 (unregistering): Port device team_slave_0 removed [ 555.021126][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.058136][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.171599][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.262795][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.346710][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.508144][ T8666] fuse: Unknown parameter 'fd0x0000000000000007' [ 556.629550][ T8668] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 556.629565][ T8668] IPv6: NLM_F_CREATE should be set when creating new route [ 556.629715][ T8668] IPv6: NLM_F_CREATE should be set when creating new route [ 556.629735][ T8668] IPv6: NLM_F_CREATE should be set when creating new route [ 556.666303][ T8668] FAULT_INJECTION: forcing a failure. [ 556.666303][ T8668] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 556.666340][ T8668] CPU: 0 UID: 0 PID: 8668 Comm: syz.2.586 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 556.666363][ T8668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 556.666375][ T8668] Call Trace: [ 556.666383][ T8668] [ 556.666392][ T8668] dump_stack_lvl+0x189/0x250 [ 556.666428][ T8668] ? __pfx____ratelimit+0x10/0x10 [ 556.666455][ T8668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 556.666485][ T8668] ? __pfx__printk+0x10/0x10 [ 556.666508][ T8668] ? __might_fault+0xb0/0x130 [ 556.666559][ T8668] should_fail_ex+0x46c/0x600 [ 556.666593][ T8668] _copy_from_user+0x2d/0xb0 [ 556.666617][ T8668] ___sys_sendmsg+0x158/0x2a0 [ 556.666650][ T8668] ? __pfx____sys_sendmsg+0x10/0x10 [ 556.666722][ T8668] ? __fget_files+0x2a/0x420 [ 556.666750][ T8668] ? __fget_files+0x3a6/0x420 [ 556.666790][ T8668] __sys_sendmmsg+0x22d/0x430 [ 556.666825][ T8668] ? __pfx___sys_sendmmsg+0x10/0x10 [ 556.666866][ T8668] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 556.666903][ T8668] ? ksys_write+0x230/0x260 [ 556.666931][ T8668] ? __pfx_ksys_write+0x10/0x10 [ 556.666964][ T8668] __x64_sys_sendmmsg+0xa0/0xc0 [ 556.666996][ T8668] do_syscall_64+0xfa/0x3b0 [ 556.667025][ T8668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.667044][ T8668] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 556.667064][ T8668] ? clear_bhb_loop+0x60/0xb0 [ 556.667089][ T8668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.667109][ T8668] RIP: 0033:0x7f8b16f4ebe9 [ 556.667127][ T8668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 556.667144][ T8668] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 556.667166][ T8668] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 556.667180][ T8668] RDX: 0492492492492627 RSI: 00002000000000c0 RDI: 0000000000000003 [ 556.667194][ T8668] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 556.667207][ T8668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 556.667219][ T8668] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 556.667252][ T8668] [ 557.179965][ C0] vkms_vblank_simulate: vblank timer overrun [ 557.702047][ C0] vkms_vblank_simulate: vblank timer overrun [ 558.078163][ T8678] fuse: Bad value for 'group_id' [ 558.078186][ T8678] fuse: Bad value for 'group_id' [ 559.484845][ T8685] FAULT_INJECTION: forcing a failure. [ 559.484845][ T8685] name failslab, interval 1, probability 0, space 0, times 1 [ 559.484882][ T8685] CPU: 1 UID: 0 PID: 8685 Comm: syz.4.591 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 559.484905][ T8685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 559.484917][ T8685] Call Trace: [ 559.484925][ T8685] [ 559.484934][ T8685] dump_stack_lvl+0x189/0x250 [ 559.484969][ T8685] ? __pfx____ratelimit+0x10/0x10 [ 559.484996][ T8685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 559.485026][ T8685] ? __pfx__printk+0x10/0x10 [ 559.485056][ T8685] ? __pfx___might_resched+0x10/0x10 [ 559.485079][ T8685] ? fs_reclaim_acquire+0x7d/0x100 [ 559.485103][ T8685] should_fail_ex+0x46c/0x600 [ 559.485136][ T8685] ? vm_area_dup+0x2b/0x670 [ 559.485155][ T8685] should_failslab+0xa8/0x100 [ 559.485178][ T8685] ? vm_area_dup+0x2b/0x670 [ 559.485192][ T8685] kmem_cache_alloc_noprof+0x6e/0x310 [ 559.485227][ T8685] vm_area_dup+0x2b/0x670 [ 559.485253][ T8685] __split_vma+0x1ad/0x9e0 [ 559.485290][ T8685] ? __pfx___split_vma+0x10/0x10 [ 559.485326][ T8685] ? can_vma_merge_left+0x195/0x6b0 [ 559.485359][ T8685] vma_modify+0x1328/0x1880 [ 559.485402][ T8685] vma_modify_flags+0x1e8/0x230 [ 559.485441][ T8685] ? __pfx_vma_modify_flags+0x10/0x10 [ 559.485484][ T8685] ? mas_next_slot+0xc23/0xd00 [ 559.485513][ T8685] mprotect_fixup+0x407/0x9c0 [ 559.485547][ T8685] ? __pfx_mprotect_fixup+0x10/0x10 [ 559.485581][ T8685] do_mprotect_pkey+0x8cd/0xce0 [ 559.485621][ T8685] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 559.485677][ T8685] ? __pfx_ksys_write+0x10/0x10 [ 559.485700][ T8685] ? rcu_is_watching+0x15/0xb0 [ 559.485740][ T8685] __x64_sys_mprotect+0x80/0x90 [ 559.485764][ T8685] do_syscall_64+0xfa/0x3b0 [ 559.485790][ T8685] ? lockdep_hardirqs_on+0x9c/0x150 [ 559.485815][ T8685] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.485835][ T8685] ? clear_bhb_loop+0x60/0xb0 [ 559.485861][ T8685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.485881][ T8685] RIP: 0033:0x7f86afe7ebe9 [ 559.485899][ T8685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.485915][ T8685] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 559.485938][ T8685] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 559.485953][ T8685] RDX: 0000000000000005 RSI: 0000000000800000 RDI: 0000200000000000 [ 559.485966][ T8685] RBP: 00007f86ae0e6090 R08: 0000000000000000 R09: 0000000000000000 [ 559.485979][ T8685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 559.485991][ T8685] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 559.486047][ T8685] [ 560.240204][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.171984][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.440918][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.703269][ T5844] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 561.911346][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.005157][ T5844] usb 5-1: unable to get BOS descriptor or descriptor too short [ 563.008368][ T5844] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 563.008418][ T5844] usb 5-1: can't read configurations, error -71 [ 563.204069][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.204160][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.289535][ T8494] chnl_net:caif_netlink_parms(): no params data found [ 563.358869][ T8715] fuse: Unknown parameter 'fd0x0000000000000007' [ 563.742201][ T8583] chnl_net:caif_netlink_parms(): no params data found [ 563.877243][ T8728] FAULT_INJECTION: forcing a failure. [ 563.877243][ T8728] name failslab, interval 1, probability 0, space 0, times 0 [ 563.877280][ T8728] CPU: 0 UID: 0 PID: 8728 Comm: syz.4.599 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 563.877304][ T8728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 563.877315][ T8728] Call Trace: [ 563.877323][ T8728] [ 563.877333][ T8728] dump_stack_lvl+0x189/0x250 [ 563.877369][ T8728] ? __pfx____ratelimit+0x10/0x10 [ 563.877396][ T8728] ? __pfx_dump_stack_lvl+0x10/0x10 [ 563.877425][ T8728] ? __pfx__printk+0x10/0x10 [ 563.877455][ T8728] ? __pfx___might_resched+0x10/0x10 [ 563.877488][ T8728] ? fs_reclaim_acquire+0x7d/0x100 [ 563.877512][ T8728] should_fail_ex+0x46c/0x600 [ 563.877546][ T8728] should_failslab+0xa8/0x100 [ 563.877576][ T8728] __kmalloc_noprof+0xcb/0x430 [ 563.877602][ T8728] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 563.877637][ T8728] tomoyo_realpath_from_path+0xe3/0x5d0 [ 563.877668][ T8728] ? tomoyo_domain+0xda/0x130 [ 563.877703][ T8728] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 563.877727][ T8728] tomoyo_path_number_perm+0x1e8/0x5a0 [ 563.877755][ T8728] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 563.877782][ T8728] ? __lock_acquire+0xab9/0xd20 [ 563.877823][ T8728] ? __lock_acquire+0xab9/0xd20 [ 563.877875][ T8728] ? __fget_files+0x2a/0x420 [ 563.877907][ T8728] ? __fget_files+0x2a/0x420 [ 563.877934][ T8728] ? __fget_files+0x3a6/0x420 [ 563.877960][ T8728] ? __fget_files+0x2a/0x420 [ 563.877994][ T8728] security_file_ioctl+0xcb/0x2d0 [ 563.878022][ T8728] __se_sys_ioctl+0x47/0x170 [ 563.878048][ T8728] do_syscall_64+0xfa/0x3b0 [ 563.878074][ T8728] ? lockdep_hardirqs_on+0x9c/0x150 [ 563.878099][ T8728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.878119][ T8728] ? clear_bhb_loop+0x60/0xb0 [ 563.878145][ T8728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.878165][ T8728] RIP: 0033:0x7f86afe7ebe9 [ 563.878183][ T8728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.878199][ T8728] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 563.878221][ T8728] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 563.878236][ T8728] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 563.878248][ T8728] RBP: 00007f86ae0e6090 R08: 0000000000000000 R09: 0000000000000000 [ 563.878261][ T8728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.878273][ T8728] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 563.878309][ T8728] [ 563.878318][ T8728] ERROR: Out of memory at tomoyo_realpath_from_path. [ 563.943986][ T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 564.093219][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 564.099075][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 564.099098][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 564.103412][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 564.103444][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.103463][ T9] usb 4-1: Product: syz [ 564.103477][ T9] usb 4-1: Manufacturer: syz [ 564.103492][ T9] usb 4-1: SerialNumber: syz [ 564.477642][ T9] usb 4-1: 0:2 : does not exist [ 564.492034][ T9] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 564.729104][ T8736] overlayfs: failed to resolve './file1': -2 [ 564.745713][ T9] usb 4-1: USB disconnect, device number 22 [ 565.320365][ T7819] udevd[7819]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 565.437114][ T8748] fuse: Bad value for 'group_id' [ 565.437135][ T8748] fuse: Bad value for 'group_id' [ 565.725120][ T8751] FAULT_INJECTION: forcing a failure. [ 565.725120][ T8751] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.725156][ T8751] CPU: 0 UID: 0 PID: 8751 Comm: syz.2.602 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 565.725178][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 565.725190][ T8751] Call Trace: [ 565.725198][ T8751] [ 565.725207][ T8751] dump_stack_lvl+0x189/0x250 [ 565.725242][ T8751] ? __pfx____ratelimit+0x10/0x10 [ 565.725268][ T8751] ? __pfx_dump_stack_lvl+0x10/0x10 [ 565.725298][ T8751] ? __pfx__printk+0x10/0x10 [ 565.725320][ T8751] ? __might_fault+0xb0/0x130 [ 565.725362][ T8751] should_fail_ex+0x46c/0x600 [ 565.725396][ T8751] _copy_from_user+0x2d/0xb0 [ 565.725431][ T8751] ___sys_sendmsg+0x158/0x2a0 [ 565.725464][ T8751] ? __pfx____sys_sendmsg+0x10/0x10 [ 565.725532][ T8751] ? __fget_files+0x2a/0x420 [ 565.725559][ T8751] ? __fget_files+0x3a6/0x420 [ 565.725596][ T8751] __x64_sys_sendmsg+0x1a1/0x260 [ 565.725625][ T8751] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 565.725664][ T8751] ? __pfx_ksys_write+0x10/0x10 [ 565.725687][ T8751] ? rcu_is_watching+0x15/0xb0 [ 565.725722][ T8751] ? do_syscall_64+0xbe/0x3b0 [ 565.725754][ T8751] do_syscall_64+0xfa/0x3b0 [ 565.725779][ T8751] ? lockdep_hardirqs_on+0x9c/0x150 [ 565.725804][ T8751] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.725824][ T8751] ? clear_bhb_loop+0x60/0xb0 [ 565.725850][ T8751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.725869][ T8751] RIP: 0033:0x7f8b16f4ebe9 [ 565.725888][ T8751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 565.725905][ T8751] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 565.725928][ T8751] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 565.725943][ T8751] RDX: 0000000004000010 RSI: 0000200000001200 RDI: 0000000000000004 [ 565.725957][ T8751] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 565.725987][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.726000][ T8751] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 565.726033][ T8751] [ 566.063163][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 566.311719][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.311969][ T8494] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.312248][ T8494] bridge_slave_0: entered allmulticast mode [ 566.342653][ T8494] bridge_slave_0: entered promiscuous mode [ 566.617225][ T8494] bridge0: port 2(bridge_slave_1) entered blocking state [ 566.617400][ T8494] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.617667][ T8494] bridge_slave_1: entered allmulticast mode [ 566.629183][ T8494] bridge_slave_1: entered promiscuous mode [ 566.852227][ T8761] fuse: Unknown parameter 'fd0x0000000000000007' [ 566.994956][ T8583] bridge0: port 1(bridge_slave_0) entered blocking state [ 566.995144][ T8583] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.995360][ T8583] bridge_slave_0: entered allmulticast mode [ 567.002816][ T8583] bridge_slave_0: entered promiscuous mode [ 567.180984][ T8765] FAULT_INJECTION: forcing a failure. [ 567.180984][ T8765] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 567.181021][ T8765] CPU: 1 UID: 0 PID: 8765 Comm: syz.2.607 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 567.181045][ T8765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 567.181057][ T8765] Call Trace: [ 567.181065][ T8765] [ 567.181075][ T8765] dump_stack_lvl+0x189/0x250 [ 567.181108][ T8765] ? __pfx____ratelimit+0x10/0x10 [ 567.181135][ T8765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 567.181164][ T8765] ? __pfx__printk+0x10/0x10 [ 567.181186][ T8765] ? __might_fault+0xb0/0x130 [ 567.181227][ T8765] should_fail_ex+0x46c/0x600 [ 567.181260][ T8765] _copy_from_user+0x2d/0xb0 [ 567.181284][ T8765] get_nodes+0x29c/0x390 [ 567.181318][ T8765] ? __pfx_get_nodes+0x10/0x10 [ 567.181355][ T8765] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 567.181382][ T8765] ? lockdep_hardirqs_on+0x9c/0x150 [ 567.181409][ T8765] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 567.181440][ T8765] __se_sys_mbind+0x18d/0xc30 [ 567.181464][ T8765] ? __pfx_vfs_write+0x10/0x10 [ 567.181494][ T8765] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 567.181515][ T8765] ? __pfx___se_sys_mbind+0x10/0x10 [ 567.181546][ T8765] ? fput+0xa0/0xd0 [ 567.181565][ T8765] ? ksys_write+0x230/0x260 [ 567.181591][ T8765] ? rcu_is_watching+0x15/0xb0 [ 567.181624][ T8765] ? __x64_sys_mbind+0x21/0xf0 [ 567.181649][ T8765] do_syscall_64+0xfa/0x3b0 [ 567.181672][ T8765] ? lockdep_hardirqs_on+0x9c/0x150 [ 567.181697][ T8765] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.181717][ T8765] ? clear_bhb_loop+0x60/0xb0 [ 567.181744][ T8765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.181763][ T8765] RIP: 0033:0x7f8b16f4ebe9 [ 567.181782][ T8765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 567.181799][ T8765] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 567.181822][ T8765] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 567.181837][ T8765] RDX: 0000000000000002 RSI: 0000000000004000 RDI: 0000200000ffa000 [ 567.181851][ T8765] RBP: 00007f8b151ae090 R08: 0000000000000008 R09: 0000000000000000 [ 567.181864][ T8765] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 567.181878][ T8765] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 567.181912][ T8765] [ 567.182292][ T8583] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.182461][ T8583] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.182720][ T8583] bridge_slave_1: entered allmulticast mode [ 567.198644][ T8583] bridge_slave_1: entered promiscuous mode [ 567.211453][ T8494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 567.273222][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 567.462310][ T8494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.463205][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 567.489300][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.489336][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 567.489379][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 567.489403][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.542252][ T9] usb 5-1: config 0 descriptor?? [ 567.828112][ T8763] program syz.4.606 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 567.938094][ T8583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 568.347555][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 568.347643][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 568.384699][ T9] usb 5-1: USB disconnect, device number 18 [ 568.685603][ T8583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 568.785493][ T8494] team0: Port device team_slave_0 added [ 569.117044][ T8494] team0: Port device team_slave_1 added [ 569.197011][ T8777] netlink: 24 bytes leftover after parsing attributes in process `syz.2.612'. [ 569.494942][ T8777] bond0: invalid ARP target 0.0.0.0 specified for addition [ 569.494972][ T8777] bond0: option arp_ip_target: invalid value (0) [ 569.501654][ T8583] team0: Port device team_slave_0 added [ 569.502693][ T6033] bridge_slave_1: left allmulticast mode [ 569.502723][ T6033] bridge_slave_1: left promiscuous mode [ 569.503007][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.617737][ T6033] bridge_slave_0: left allmulticast mode [ 569.617775][ T6033] bridge_slave_0: left promiscuous mode [ 569.619306][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.707834][ T6033] bridge_slave_1: left allmulticast mode [ 569.707870][ T6033] bridge_slave_1: left promiscuous mode [ 569.708171][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.794358][ T6033] bridge_slave_0: left allmulticast mode [ 569.794382][ T6033] bridge_slave_0: left promiscuous mode [ 569.794555][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.984520][ T5844] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 570.143136][ T5844] usb 4-1: Using ep0 maxpacket: 32 [ 570.146591][ T5844] usb 4-1: unable to get BOS descriptor or descriptor too short [ 570.148430][ T5844] usb 4-1: config 7 has an invalid interface number: 187 but max is 0 [ 570.148455][ T5844] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 570.148474][ T5844] usb 4-1: config 7 has no interface number 0 [ 570.148530][ T5844] usb 4-1: config 7 interface 187 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 570.148557][ T5844] usb 4-1: config 7 interface 187 has no altsetting 0 [ 570.152292][ T5844] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 570.152319][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.152339][ T5844] usb 4-1: Product: syz [ 570.152353][ T5844] usb 4-1: Manufacturer: syz [ 570.152367][ T5844] usb 4-1: SerialNumber: syz [ 570.394091][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 570.559614][ T5844] usb 4-1: Invalid number of CPorts: 0 [ 570.559665][ T5844] es2_ap_driver 4-1:7.187: probe with driver es2_ap_driver failed with error -22 [ 570.591418][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 570.687957][ T6033] bond0 (unregistering): Released all slaves [ 571.275902][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 571.298072][ T8790] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 571.318561][ T8790] netlink: 'syz.2.616': attribute type 11 has an invalid length. [ 571.425318][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 571.553696][ T6033] bond0 (unregistering): Released all slaves [ 571.846103][ T8583] team0: Port device team_slave_1 added [ 571.869876][ T8796] fuse: Bad value for 'group_id' [ 571.869897][ T8796] fuse: Bad value for 'group_id' [ 572.235371][ T8781] netlink: 72 bytes leftover after parsing attributes in process `syz.3.613'. [ 572.237087][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 572.237102][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.237129][ T8494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 572.290440][ T9] usb 4-1: USB disconnect, device number 23 [ 572.745603][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 572.745622][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.745650][ T8494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.034546][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.034566][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.034593][ T8583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.037263][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 573.125423][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 573.361520][ T8800] netlink: 24 bytes leftover after parsing attributes in process `syz.3.619'. [ 573.524481][ T8804] FAULT_INJECTION: forcing a failure. [ 573.524481][ T8804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 573.524518][ T8804] CPU: 1 UID: 0 PID: 8804 Comm: syz.4.620 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 573.524540][ T8804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 573.524552][ T8804] Call Trace: [ 573.524560][ T8804] [ 573.524569][ T8804] dump_stack_lvl+0x189/0x250 [ 573.524602][ T8804] ? __pfx____ratelimit+0x10/0x10 [ 573.524628][ T8804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.524655][ T8804] ? __pfx__printk+0x10/0x10 [ 573.524680][ T8804] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 573.524709][ T8804] should_fail_ex+0x46c/0x600 [ 573.524741][ T8804] _copy_to_user+0x31/0xb0 [ 573.524767][ T8804] __x64_sys_ustat+0x167/0x1e0 [ 573.524791][ T8804] ? __pfx___x64_sys_ustat+0x10/0x10 [ 573.524844][ T8804] ? do_syscall_64+0xbe/0x3b0 [ 573.524873][ T8804] do_syscall_64+0xfa/0x3b0 [ 573.524898][ T8804] ? lockdep_hardirqs_on+0x9c/0x150 [ 573.524924][ T8804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.524944][ T8804] ? clear_bhb_loop+0x60/0xb0 [ 573.524969][ T8804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.524988][ T8804] RIP: 0033:0x7f86afe7ebe9 [ 573.525005][ T8804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.525022][ T8804] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000088 [ 573.525045][ T8804] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 573.525080][ T8804] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000011 [ 573.525094][ T8804] RBP: 00007f86ae0e6090 R08: 0000000000000000 R09: 0000000000000000 [ 573.525107][ T8804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.525118][ T8804] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 573.525152][ T8804] [ 573.581031][ T8806] Driver unsupported XDP return value 0 on prog (id 149) dev N/A, expect packet loss! [ 573.596576][ T8806] netlink: 12 bytes leftover after parsing attributes in process `syz.3.619'. [ 573.596603][ T8806] netlink: 12 bytes leftover after parsing attributes in process `syz.3.619'. [ 573.596616][ T8806] netlink: 50 bytes leftover after parsing attributes in process `syz.3.619'. [ 573.935183][ T6033] team0 (unregistering): Port device team_slave_1 removed [ 574.843465][ T6033] team0 (unregistering): Port device team_slave_0 removed [ 575.874085][ T5900] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 576.543349][ T5844] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 576.703331][ T5844] usb 5-1: Using ep0 maxpacket: 32 [ 576.706670][ T5844] usb 5-1: config 0 interface 0 altsetting 181 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 576.706703][ T5844] usb 5-1: config 0 interface 0 altsetting 181 endpoint 0x3 has invalid wMaxPacketSize 0 [ 576.706726][ T5844] usb 5-1: config 0 interface 0 altsetting 181 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 576.706752][ T5844] usb 5-1: config 0 interface 0 has no altsetting 0 [ 576.722618][ T5844] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 576.722648][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.722667][ T5844] usb 5-1: Product: syz [ 576.722679][ T5844] usb 5-1: Manufacturer: syz [ 576.722692][ T5844] usb 5-1: SerialNumber: syz [ 576.737758][ T5844] usb 5-1: config 0 descriptor?? [ 576.792953][ T5844] usb 5-1: no audio or video endpoints found [ 577.395794][ T6033] team0 (unregistering): Port device team_slave_1 removed [ 577.565258][ T6033] team0 (unregistering): Port device team_slave_0 removed [ 577.916377][ T5900] usb 3-1: unable to get BOS descriptor or descriptor too short [ 577.918610][ T5900] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 577.918646][ T5900] usb 3-1: can't read configurations, error -71 [ 578.211399][ T8830] FAULT_INJECTION: forcing a failure. [ 578.211399][ T8830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 578.211436][ T8830] CPU: 1 UID: 0 PID: 8830 Comm: syz.2.627 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 578.211458][ T8830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 578.211468][ T8830] Call Trace: [ 578.211476][ T8830] [ 578.211485][ T8830] dump_stack_lvl+0x189/0x250 [ 578.211519][ T8830] ? __pfx____ratelimit+0x10/0x10 [ 578.211546][ T8830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 578.211574][ T8830] ? __pfx__printk+0x10/0x10 [ 578.211614][ T8830] should_fail_ex+0x46c/0x600 [ 578.211646][ T8830] _copy_to_user+0x31/0xb0 [ 578.211672][ T8830] simple_read_from_buffer+0xe1/0x170 [ 578.211704][ T8830] proc_fail_nth_read+0x1b6/0x220 [ 578.211727][ T8830] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 578.211751][ T8830] ? rw_verify_area+0x2ac/0x4e0 [ 578.211774][ T8830] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 578.211796][ T8830] vfs_read+0x203/0xa30 [ 578.211831][ T8830] ? __pfx_vfs_read+0x10/0x10 [ 578.211851][ T8830] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 578.211881][ T8830] ? mutex_lock_nested+0x154/0x1d0 [ 578.211899][ T8830] ? fdget_pos+0x253/0x320 [ 578.211938][ T8830] ksys_read+0x14b/0x260 [ 578.211965][ T8830] ? __pfx_ksys_read+0x10/0x10 [ 578.211987][ T8830] ? rcu_is_watching+0x15/0xb0 [ 578.212024][ T8830] ? do_syscall_64+0xbe/0x3b0 [ 578.212068][ T8830] do_syscall_64+0xfa/0x3b0 [ 578.212092][ T8830] ? lockdep_hardirqs_on+0x9c/0x150 [ 578.212117][ T8830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.212137][ T8830] ? clear_bhb_loop+0x60/0xb0 [ 578.212162][ T8830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.212180][ T8830] RIP: 0033:0x7f8b16f4d5fc [ 578.212197][ T8830] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 578.212211][ T8830] RSP: 002b:00007f8b151ae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 578.212233][ T8830] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4d5fc [ 578.212247][ T8830] RDX: 000000000000000f RSI: 00007f8b151ae0a0 RDI: 0000000000000004 [ 578.212260][ T8830] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 578.212272][ T8830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.212282][ T8830] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 578.212314][ T8830] [ 578.524057][ T6056] usb 5-1: USB disconnect, device number 19 [ 578.976625][ T8583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.976644][ T8583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.976672][ T8583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.656927][ T5900] usb 3-1: new low-speed USB device number 15 using dummy_hcd [ 581.153340][ T5844] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 581.218484][ T8494] hsr_slave_0: entered promiscuous mode [ 581.220262][ T8494] hsr_slave_1: entered promiscuous mode [ 581.303237][ T5844] usb 5-1: Using ep0 maxpacket: 16 [ 581.338540][ T5844] usb 5-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=d9.10 [ 581.338570][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.338590][ T5844] usb 5-1: Product: syz [ 581.338605][ T5844] usb 5-1: Manufacturer: syz [ 581.338619][ T5844] usb 5-1: SerialNumber: syz [ 581.381175][ T5844] usb 5-1: config 0 descriptor?? [ 581.442421][ T5844] usbsevseg 5-1:0.0: USB 7 Segment device now attached [ 581.705383][ T5900] usb 3-1: unable to get BOS descriptor or descriptor too short [ 581.706679][ T5900] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 581.706718][ T5900] usb 3-1: can't read configurations, error -71 [ 581.756527][ T5844] usb 5-1: USB disconnect, device number 20 [ 581.764268][ T5844] usbsevseg 5-1:0.0: USB 7 Segment now disconnected [ 582.081159][ T8583] hsr_slave_0: entered promiscuous mode [ 582.082862][ T8583] hsr_slave_1: entered promiscuous mode [ 582.103864][ T8583] debugfs: 'hsr0' already exists in 'hsr' [ 582.103895][ T8583] Cannot create hsr debugfs directory [ 583.848225][ T8883] overlayfs: failed to resolve './file1': -2 [ 584.974322][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 584.999318][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 585.000558][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 585.041481][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 585.052287][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 586.599610][ T8916] binder: 8914:8916 ioctl c0306201 0 returned -14 [ 587.103161][ T5834] Bluetooth: hci4: command tx timeout [ 587.748885][ T8923] binder: 8919:8923 ioctl c0306201 0 returned -14 [ 588.573211][ T8548] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 588.729330][ T8548] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 588.729363][ T8548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.729383][ T8548] usb 4-1: Product: syz [ 588.729397][ T8548] usb 4-1: Manufacturer: syz [ 588.729412][ T8548] usb 4-1: SerialNumber: syz [ 588.785184][ T8548] usb 4-1: config 0 descriptor?? [ 588.994620][ T8548] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 589.173446][ T5834] Bluetooth: hci4: command tx timeout [ 589.510388][ T1305] bridge_slave_1: left allmulticast mode [ 589.510426][ T1305] bridge_slave_1: left promiscuous mode [ 589.510734][ T1305] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.595347][ T1305] bridge_slave_0: left allmulticast mode [ 589.595386][ T1305] bridge_slave_0: left promiscuous mode [ 589.601751][ T1305] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.647608][ T5203] udevd[5203]: worker [7819] terminated by signal 33 (Unknown signal 33) [ 589.647672][ T5203] udevd[5203]: worker [7819] failed while handling '/devices/virtual/block/loop2' [ 589.862514][ T8548] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 589.908927][ T5842] usb 4-1: USB disconnect, device number 24 [ 590.554745][ T1305] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.697617][ T8946] FAULT_INJECTION: forcing a failure. [ 590.697617][ T8946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 590.697656][ T8946] CPU: 0 UID: 0 PID: 8946 Comm: syz.3.649 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 590.697679][ T8946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 590.697691][ T8946] Call Trace: [ 590.697700][ T8946] [ 590.697709][ T8946] dump_stack_lvl+0x189/0x250 [ 590.697744][ T8946] ? __pfx____ratelimit+0x10/0x10 [ 590.697771][ T8946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 590.697801][ T8946] ? __pfx__printk+0x10/0x10 [ 590.697824][ T8946] ? __might_fault+0xb0/0x130 [ 590.697866][ T8946] should_fail_ex+0x46c/0x600 [ 590.697900][ T8946] _copy_from_user+0x2d/0xb0 [ 590.697924][ T8946] ___sys_sendmsg+0x158/0x2a0 [ 590.697958][ T8946] ? __pfx____sys_sendmsg+0x10/0x10 [ 590.698029][ T8946] ? __fget_files+0x2a/0x420 [ 590.698055][ T8946] ? __fget_files+0x3a6/0x420 [ 590.698095][ T8946] __x64_sys_sendmsg+0x1a1/0x260 [ 590.698128][ T8946] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 590.698169][ T8946] ? __pfx_ksys_write+0x10/0x10 [ 590.698192][ T8946] ? rcu_is_watching+0x15/0xb0 [ 590.698228][ T8946] ? do_syscall_64+0xbe/0x3b0 [ 590.698260][ T8946] do_syscall_64+0xfa/0x3b0 [ 590.698294][ T8946] ? lockdep_hardirqs_on+0x9c/0x150 [ 590.698319][ T8946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.698340][ T8946] ? clear_bhb_loop+0x60/0xb0 [ 590.698365][ T8946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.698385][ T8946] RIP: 0033:0x7f4246b7ebe9 [ 590.698404][ T8946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 590.698422][ T8946] RSP: 002b:00007f4244de6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 590.698444][ T8946] RAX: ffffffffffffffda RBX: 00007f4246da5fa0 RCX: 00007f4246b7ebe9 [ 590.698459][ T8946] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 590.698473][ T8946] RBP: 00007f4244de6090 R08: 0000000000000000 R09: 0000000000000000 [ 590.698486][ T8946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 590.698498][ T8946] R13: 00007f4246da6038 R14: 00007f4246da5fa0 R15: 00007fff8399b7a8 [ 590.698532][ T8946] [ 590.944394][ T1305] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.163268][ T37] audit: type=1326 audit(1756440555.477:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8948 comm="syz.3.651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4246b7ebe9 code=0x0 [ 591.253309][ T5834] Bluetooth: hci4: command tx timeout [ 591.317922][ T1305] bond0 (unregistering): Released all slaves [ 592.127389][ T8960] FAULT_INJECTION: forcing a failure. [ 592.127389][ T8960] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 592.127427][ T8960] CPU: 1 UID: 0 PID: 8960 Comm: syz.4.653 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 592.127452][ T8960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 592.127464][ T8960] Call Trace: [ 592.127473][ T8960] [ 592.127482][ T8960] dump_stack_lvl+0x189/0x250 [ 592.127516][ T8960] ? __pfx____ratelimit+0x10/0x10 [ 592.127543][ T8960] ? __pfx_dump_stack_lvl+0x10/0x10 [ 592.127573][ T8960] ? __pfx__printk+0x10/0x10 [ 592.127595][ T8960] ? __might_fault+0xb0/0x130 [ 592.127637][ T8960] should_fail_ex+0x46c/0x600 [ 592.127670][ T8960] _copy_from_user+0x2d/0xb0 [ 592.127692][ T8960] ___sys_sendmsg+0x158/0x2a0 [ 592.127723][ T8960] ? __pfx____sys_sendmsg+0x10/0x10 [ 592.127793][ T8960] ? __fget_files+0x2a/0x420 [ 592.127820][ T8960] ? __fget_files+0x3a6/0x420 [ 592.127859][ T8960] __x64_sys_sendmsg+0x1a1/0x260 [ 592.127891][ T8960] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 592.127929][ T8960] ? __pfx_ksys_write+0x10/0x10 [ 592.127951][ T8960] ? rcu_is_watching+0x15/0xb0 [ 592.127988][ T8960] ? do_syscall_64+0xbe/0x3b0 [ 592.128020][ T8960] do_syscall_64+0xfa/0x3b0 [ 592.128044][ T8960] ? lockdep_hardirqs_on+0x9c/0x150 [ 592.128070][ T8960] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.128091][ T8960] ? clear_bhb_loop+0x60/0xb0 [ 592.128116][ T8960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.128136][ T8960] RIP: 0033:0x7f86afe7ebe9 [ 592.128154][ T8960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.128185][ T8960] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 592.128209][ T8960] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 592.128224][ T8960] RDX: 0000000000040014 RSI: 00002000000002c0 RDI: 0000000000000003 [ 592.128237][ T8960] RBP: 00007f86ae0e6090 R08: 0000000000000000 R09: 0000000000000000 [ 592.128250][ T8960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 592.128262][ T8960] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 592.128296][ T8960] [ 593.974563][ T5834] Bluetooth: hci4: command tx timeout [ 594.065880][ T8970] bridge0: entered promiscuous mode [ 594.066109][ T8970] macvlan2: entered promiscuous mode [ 594.113690][ T5900] usb 3-1: new low-speed USB device number 17 using dummy_hcd [ 594.435296][ T1305] hsr_slave_0: left promiscuous mode [ 594.594424][ T1305] hsr_slave_1: left promiscuous mode [ 594.646179][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 594.981821][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 595.462409][ T5900] usb 3-1: unable to get BOS descriptor or descriptor too short [ 595.463794][ T5900] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 595.463835][ T5900] usb 3-1: can't read configurations, error -71 [ 596.299069][ T8984] FAULT_INJECTION: forcing a failure. [ 596.299069][ T8984] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.299107][ T8984] CPU: 1 UID: 0 PID: 8984 Comm: syz.2.659 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 596.299131][ T8984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 596.299143][ T8984] Call Trace: [ 596.299150][ T8984] [ 596.299159][ T8984] dump_stack_lvl+0x189/0x250 [ 596.299194][ T8984] ? __pfx____ratelimit+0x10/0x10 [ 596.299222][ T8984] ? __pfx_dump_stack_lvl+0x10/0x10 [ 596.299252][ T8984] ? __pfx__printk+0x10/0x10 [ 596.299274][ T8984] ? __might_fault+0xb0/0x130 [ 596.299317][ T8984] should_fail_ex+0x46c/0x600 [ 596.299350][ T8984] _copy_to_iter+0x1de/0x1790 [ 596.299380][ T8984] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 596.299413][ T8984] ? __lock_acquire+0xab9/0xd20 [ 596.299444][ T8984] ? rt_mutex_slowunlock+0x493/0x8a0 [ 596.299465][ T8984] ? __pfx__copy_to_iter+0x10/0x10 [ 596.299495][ T8984] ? rt_spin_lock+0x1bb/0x2c0 [ 596.299515][ T8984] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 596.299549][ T8984] __skb_datagram_iter+0xf8/0x990 [ 596.299583][ T8984] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 596.299624][ T8984] skb_copy_datagram_iter+0xc5/0x230 [ 596.299660][ T8984] netlink_recvmsg+0x2ab/0xa30 [ 596.299697][ T8984] ? __pfx_netlink_recvmsg+0x10/0x10 [ 596.299729][ T8984] ? __lock_acquire+0xab9/0xd20 [ 596.299758][ T8984] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 596.299776][ T8984] ? security_socket_recvmsg+0x7e/0x2e0 [ 596.299798][ T8984] ? __pfx_netlink_recvmsg+0x10/0x10 [ 596.299823][ T8984] sock_recvmsg+0x22c/0x270 [ 596.299851][ T8984] sock_read_iter+0x23a/0x2f0 [ 596.299874][ T8984] ? __pfx_sock_read_iter+0x10/0x10 [ 596.299929][ T8984] vfs_read+0x563/0xa30 [ 596.299964][ T8984] ? __pfx_vfs_read+0x10/0x10 [ 596.300000][ T8984] ? __fget_files+0x2a/0x420 [ 596.300039][ T8984] ksys_read+0x14b/0x260 [ 596.300067][ T8984] ? __pfx_ksys_read+0x10/0x10 [ 596.300089][ T8984] ? __task_pid_nr_ns+0x28/0x470 [ 596.300125][ T8984] ? do_syscall_64+0xbe/0x3b0 [ 596.300154][ T8984] do_syscall_64+0xfa/0x3b0 [ 596.300180][ T8984] ? lockdep_hardirqs_on+0x9c/0x150 [ 596.300204][ T8984] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.300224][ T8984] ? clear_bhb_loop+0x60/0xb0 [ 596.300250][ T8984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.300271][ T8984] RIP: 0033:0x7f8b16f4ebe9 [ 596.300289][ T8984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.300308][ T8984] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 596.300331][ T8984] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 596.300346][ T8984] RDX: 00000000000000ba RSI: 0000200000000080 RDI: 0000000000000003 [ 596.300358][ T8984] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 596.300371][ T8984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.300383][ T8984] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 596.300416][ T8984] [ 597.922202][ T1305] team0 (unregistering): Port device team_slave_1 removed [ 598.114287][ T1305] team0 (unregistering): Port device team_slave_0 removed [ 599.791294][ T8496] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 599.806192][ T8496] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 599.807510][ T8496] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 599.808746][ T8496] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 599.809514][ T8496] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 599.901483][ T9009] FAULT_INJECTION: forcing a failure. [ 599.901483][ T9009] name failslab, interval 1, probability 0, space 0, times 0 [ 599.901518][ T9009] CPU: 1 UID: 0 PID: 9009 Comm: syz.2.667 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 599.901541][ T9009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 599.901554][ T9009] Call Trace: [ 599.901563][ T9009] [ 599.901572][ T9009] dump_stack_lvl+0x189/0x250 [ 599.901606][ T9009] ? __pfx____ratelimit+0x10/0x10 [ 599.901634][ T9009] ? __pfx_dump_stack_lvl+0x10/0x10 [ 599.901664][ T9009] ? __pfx__printk+0x10/0x10 [ 599.901692][ T9009] ? __pfx___might_resched+0x10/0x10 [ 599.901712][ T9009] ? fs_reclaim_acquire+0x7d/0x100 [ 599.901736][ T9009] should_fail_ex+0x46c/0x600 [ 599.901766][ T9009] ? __alloc_skb+0x112/0x2d0 [ 599.901790][ T9009] should_failslab+0xa8/0x100 [ 599.901819][ T9009] ? __alloc_skb+0x112/0x2d0 [ 599.901841][ T9009] kmem_cache_alloc_node_noprof+0x77/0x330 [ 599.901879][ T9009] __alloc_skb+0x112/0x2d0 [ 599.901909][ T9009] netlink_sendmsg+0x5c6/0xb30 [ 599.901954][ T9009] ? __pfx_netlink_sendmsg+0x10/0x10 [ 599.901989][ T9009] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 599.902009][ T9009] ? __pfx_netlink_sendmsg+0x10/0x10 [ 599.902036][ T9009] __sock_sendmsg+0x219/0x270 [ 599.902062][ T9009] ____sys_sendmsg+0x508/0x820 [ 599.902097][ T9009] ? __pfx_____sys_sendmsg+0x10/0x10 [ 599.902137][ T9009] ? import_iovec+0x74/0xa0 [ 599.902164][ T9009] ___sys_sendmsg+0x21f/0x2a0 [ 599.902194][ T9009] ? __pfx____sys_sendmsg+0x10/0x10 [ 599.902264][ T9009] ? __fget_files+0x2a/0x420 [ 599.902292][ T9009] ? __fget_files+0x3a6/0x420 [ 599.902332][ T9009] __x64_sys_sendmsg+0x1a1/0x260 [ 599.902364][ T9009] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 599.902404][ T9009] ? __pfx_ksys_write+0x10/0x10 [ 599.902427][ T9009] ? rcu_is_watching+0x15/0xb0 [ 599.902464][ T9009] ? do_syscall_64+0xbe/0x3b0 [ 599.902494][ T9009] do_syscall_64+0xfa/0x3b0 [ 599.902518][ T9009] ? lockdep_hardirqs_on+0x9c/0x150 [ 599.902543][ T9009] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.902562][ T9009] ? clear_bhb_loop+0x60/0xb0 [ 599.902586][ T9009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.902606][ T9009] RIP: 0033:0x7f8b16f4ebe9 [ 599.902623][ T9009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 599.902641][ T9009] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 599.902664][ T9009] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 599.902679][ T9009] RDX: 0000000000008000 RSI: 0000200000000340 RDI: 0000000000000003 [ 599.902692][ T9009] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 599.902705][ T9009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 599.902717][ T9009] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 599.902750][ T9009] [ 600.418145][ T8892] chnl_net:caif_netlink_parms(): no params data found [ 601.988037][ T8496] Bluetooth: hci5: command tx timeout [ 602.815254][ T5842] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 603.356398][ T5842] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 603.356436][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 603.356463][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 603.356487][ T5842] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 603.356534][ T5842] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 603.356559][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.434070][ T5842] usb 5-1: config 0 descriptor?? [ 603.552941][ T9036] FAULT_INJECTION: forcing a failure. [ 603.552941][ T9036] name failslab, interval 1, probability 0, space 0, times 0 [ 603.552977][ T9036] CPU: 1 UID: 0 PID: 9036 Comm: syz.3.675 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 603.553006][ T9036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 603.553017][ T9036] Call Trace: [ 603.553025][ T9036] [ 603.553035][ T9036] dump_stack_lvl+0x189/0x250 [ 603.553066][ T9036] ? __pfx____ratelimit+0x10/0x10 [ 603.553092][ T9036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 603.553128][ T9036] ? __pfx__printk+0x10/0x10 [ 603.553158][ T9036] ? __pfx___might_resched+0x10/0x10 [ 603.553184][ T9036] should_fail_ex+0x46c/0x600 [ 603.553217][ T9036] should_failslab+0xa8/0x100 [ 603.553245][ T9036] __kmalloc_noprof+0xcb/0x430 [ 603.553269][ T9036] ? tomoyo_encode+0x28b/0x550 [ 603.553295][ T9036] tomoyo_encode+0x28b/0x550 [ 603.553323][ T9036] tomoyo_realpath_from_path+0x58d/0x5d0 [ 603.553358][ T9036] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 603.553378][ T9036] tomoyo_path_number_perm+0x1e8/0x5a0 [ 603.553401][ T9036] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 603.553426][ T9036] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 603.553450][ T9036] ? lockdep_hardirqs_on+0x9c/0x150 [ 603.553477][ T9036] ? __lock_acquire+0xab9/0xd20 [ 603.553519][ T9036] ? __fget_files+0x2a/0x420 [ 603.553544][ T9036] ? __fget_files+0x2a/0x420 [ 603.553564][ T9036] ? __fget_files+0x3a6/0x420 [ 603.553584][ T9036] ? __fget_files+0x2a/0x420 [ 603.553611][ T9036] security_file_ioctl+0xcb/0x2d0 [ 603.553634][ T9036] __se_sys_ioctl+0x47/0x170 [ 603.553655][ T9036] do_syscall_64+0xfa/0x3b0 [ 603.553675][ T9036] ? lockdep_hardirqs_on+0x9c/0x150 [ 603.553695][ T9036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.553713][ T9036] ? clear_bhb_loop+0x60/0xb0 [ 603.553734][ T9036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.553751][ T9036] RIP: 0033:0x7f4246b7ebe9 [ 603.553769][ T9036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 603.553784][ T9036] RSP: 002b:00007f4244de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 603.553802][ T9036] RAX: ffffffffffffffda RBX: 00007f4246da5fa0 RCX: 00007f4246b7ebe9 [ 603.553814][ T9036] RDX: 0000000000000000 RSI: 000000008008af00 RDI: 0000000000000003 [ 603.553825][ T9036] RBP: 00007f4244de6090 R08: 0000000000000000 R09: 0000000000000000 [ 603.553835][ T9036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.553845][ T9036] R13: 00007f4246da6038 R14: 00007f4246da5fa0 R15: 00007fff8399b7a8 [ 603.553873][ T9036] [ 603.817186][ T9036] ERROR: Out of memory at tomoyo_realpath_from_path. [ 604.053300][ T8496] Bluetooth: hci5: command tx timeout [ 605.628601][ T9051] netdevsim netdevsim2: Direct firmware load for þ failed with error -2 [ 605.628634][ T9051] netdevsim netdevsim2: Falling back to sysfs fallback for: þ [ 605.910348][ T8892] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.911519][ T8892] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.929874][ T8892] bridge_slave_0: entered allmulticast mode [ 605.962740][ T8892] bridge_slave_0: entered promiscuous mode [ 606.048193][ T8892] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.048350][ T8892] bridge0: port 2(bridge_slave_1) entered disabled state [ 606.048557][ T8892] bridge_slave_1: entered allmulticast mode [ 606.078125][ T8892] bridge_slave_1: entered promiscuous mode [ 606.133364][ T8496] Bluetooth: hci5: command tx timeout [ 608.004799][ T5842] usbhid 5-1:0.0: can't add hid device: -71 [ 608.004955][ T5842] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 608.030447][ T5842] usb 5-1: USB disconnect, device number 21 [ 608.055366][ T8892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 608.214425][ T8496] Bluetooth: hci5: command tx timeout [ 608.377138][ T8892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 608.402136][ T9066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.683'. [ 608.521507][ T9073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 608.521528][ T9073] IPv6: NLM_F_CREATE should be set when creating new route [ 608.521597][ T9073] IPv6: NLM_F_CREATE should be set when creating new route [ 608.521636][ T9073] IPv6: NLM_F_CREATE should be set when creating new route [ 608.522543][ T9073] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 608.713310][ T8548] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 608.863107][ T8548] usb 3-1: Using ep0 maxpacket: 8 [ 608.874157][ T8548] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 608.874219][ T8548] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 608.874240][ T8548] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 608.874261][ T8548] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 608.874283][ T8548] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 608.874323][ T8548] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 608.874345][ T8548] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.111701][ T8548] usb 3-1: GET_CAPABILITIES returned 0 [ 609.111761][ T8548] usbtmc 3-1:16.0: can't read capabilities [ 609.176221][ T8892] team0: Port device team_slave_0 added [ 609.310776][ T6064] usb 3-1: USB disconnect, device number 19 [ 609.348187][ T9005] chnl_net:caif_netlink_parms(): no params data found [ 609.532765][ T8892] team0: Port device team_slave_1 added [ 610.067684][ T8892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 610.067698][ T8892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.067715][ T8892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 610.413126][ T8892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 610.413153][ T8892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.413185][ T8892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 614.454361][ T9005] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.454529][ T9005] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.454783][ T9005] bridge_slave_0: entered allmulticast mode [ 614.458099][ T9005] bridge_slave_0: entered promiscuous mode [ 615.355659][ T9005] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.355840][ T9005] bridge0: port 2(bridge_slave_1) entered disabled state [ 615.356062][ T9005] bridge_slave_1: entered allmulticast mode [ 615.361908][ T9005] bridge_slave_1: entered promiscuous mode [ 615.388467][ T8892] hsr_slave_0: entered promiscuous mode [ 615.393611][ T8892] hsr_slave_1: entered promiscuous mode [ 615.591656][ T9123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.695'. [ 615.847571][ T9129] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 615.849076][ T9129] FAULT_INJECTION: forcing a failure. [ 615.849076][ T9129] name failslab, interval 1, probability 0, space 0, times 0 [ 615.849111][ T9129] CPU: 0 UID: 0 PID: 9129 Comm: syz.2.697 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 615.849135][ T9129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 615.849147][ T9129] Call Trace: [ 615.849155][ T9129] [ 615.849164][ T9129] dump_stack_lvl+0x189/0x250 [ 615.849200][ T9129] ? __pfx____ratelimit+0x10/0x10 [ 615.849227][ T9129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 615.849257][ T9129] ? __pfx__printk+0x10/0x10 [ 615.849287][ T9129] ? __pfx___might_resched+0x10/0x10 [ 615.849310][ T9129] ? fs_reclaim_acquire+0x7d/0x100 [ 615.849334][ T9129] should_fail_ex+0x46c/0x600 [ 615.849366][ T9129] ? __alloc_skb+0x112/0x2d0 [ 615.849391][ T9129] should_failslab+0xa8/0x100 [ 615.849420][ T9129] ? __alloc_skb+0x112/0x2d0 [ 615.849443][ T9129] kmem_cache_alloc_node_noprof+0x77/0x330 [ 615.849480][ T9129] __alloc_skb+0x112/0x2d0 [ 615.849512][ T9129] netlink_sendmsg+0x5c6/0xb30 [ 615.849549][ T9129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.849585][ T9129] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 615.849605][ T9129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 615.849631][ T9129] __sock_sendmsg+0x219/0x270 [ 615.849658][ T9129] ____sys_sendmsg+0x508/0x820 [ 615.849705][ T9129] ? __pfx_____sys_sendmsg+0x10/0x10 [ 615.849754][ T9129] ? import_iovec+0x74/0xa0 [ 615.849780][ T9129] ___sys_sendmsg+0x21f/0x2a0 [ 615.849812][ T9129] ? __pfx____sys_sendmsg+0x10/0x10 [ 615.849879][ T9129] ? __fget_files+0x2a/0x420 [ 615.849906][ T9129] ? __fget_files+0x3a6/0x420 [ 615.849945][ T9129] __x64_sys_sendmsg+0x1a1/0x260 [ 615.849977][ T9129] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 615.850014][ T9129] ? __pfx_ksys_write+0x10/0x10 [ 615.850035][ T9129] ? rcu_is_watching+0x15/0xb0 [ 615.850070][ T9129] ? do_syscall_64+0xbe/0x3b0 [ 615.850102][ T9129] do_syscall_64+0xfa/0x3b0 [ 615.850127][ T9129] ? lockdep_hardirqs_on+0x9c/0x150 [ 615.850152][ T9129] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.850171][ T9129] ? clear_bhb_loop+0x60/0xb0 [ 615.850197][ T9129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.850217][ T9129] RIP: 0033:0x7f8b16f4ebe9 [ 615.850235][ T9129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.850253][ T9129] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 615.850277][ T9129] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 615.850292][ T9129] RDX: 0000000060040050 RSI: 0000200000000640 RDI: 0000000000000003 [ 615.850306][ T9129] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 615.850319][ T9129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 615.850331][ T9129] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 615.850366][ T9129] [ 616.093278][ T8548] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 616.255023][ T8548] usb 4-1: Using ep0 maxpacket: 8 [ 616.261048][ T8548] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 616.261120][ T8548] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 616.261144][ T8548] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 616.261169][ T8548] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 616.261193][ T8548] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 616.261239][ T8548] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 616.261263][ T8548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.923182][ T8548] usb 4-1: GET_CAPABILITIES returned 0 [ 616.923236][ T8548] usbtmc 4-1:16.0: can't read capabilities [ 617.011749][ T9005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.114973][ T6064] usb 4-1: USB disconnect, device number 25 [ 617.197126][ T9005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 617.212243][ T9140] warning: `syz.2.700' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 617.293390][ T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 617.424663][ T9140] netlink: 148 bytes leftover after parsing attributes in process `syz.2.700'. [ 617.443354][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 617.456829][ T9] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 617.456861][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.456883][ T9] usb 5-1: Product: syz [ 617.456897][ T9] usb 5-1: Manufacturer: syz [ 617.456910][ T9] usb 5-1: SerialNumber: syz [ 617.499304][ T9] usb 5-1: config 0 descriptor?? [ 617.527746][ T9] gspca_main: sq930x-2.14.0 probing 2770:930c [ 617.609044][ T9005] team0: Port device team_slave_0 added [ 617.684359][ T9005] team0: Port device team_slave_1 added [ 618.166196][ T1305] bridge_slave_1: left allmulticast mode [ 618.166232][ T1305] bridge_slave_1: left promiscuous mode [ 618.166514][ T1305] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.273343][ T1305] bridge_slave_0: left allmulticast mode [ 618.273472][ T1305] bridge_slave_0: left promiscuous mode [ 618.276340][ T1305] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.639982][ T9151] netlink: 16 bytes leftover after parsing attributes in process `syz.2.704'. [ 618.640017][ T9151] netlink: 40 bytes leftover after parsing attributes in process `syz.2.704'. [ 618.753112][ T9] gspca_sq930x: reg_w 0305 fd00 failed -110 [ 618.753291][ T9] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 619.064358][ T1305] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 619.872352][ T1305] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 620.001309][ T1305] bond0 (unregistering): Released all slaves [ 620.254094][ T6031] usb 5-1: USB disconnect, device number 22 [ 620.401549][ T9005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 620.401568][ T9005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.401597][ T9005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 620.500908][ T9005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 620.500927][ T9005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 620.500957][ T9005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 621.942165][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.004402][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.193438][ T1305] hsr_slave_0: left promiscuous mode [ 622.241396][ T1305] hsr_slave_1: left promiscuous mode [ 622.242490][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 622.301305][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 622.424158][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 622.573196][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 622.576454][ T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 622.576528][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 622.576552][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 622.576577][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 622.576601][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 622.576646][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 622.576670][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.688416][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.916672][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 622.916729][ T9] usbtmc 3-1:16.0: can't read capabilities [ 623.129700][ T6064] usb 3-1: USB disconnect, device number 20 [ 623.258694][ T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 623.391518][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.404105][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 623.407736][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 623.407799][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 623.407824][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.451885][ T9] usb 4-1: config 0 descriptor?? [ 623.477757][ T9] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 623.843244][ T5900] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 624.003432][ T5900] usb 5-1: Using ep0 maxpacket: 32 [ 624.008706][ T5900] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 624.008739][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.015774][ T5900] usb 5-1: config 0 descriptor?? [ 624.514680][ T5900] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 624.528601][ T5900] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 624.528633][ T5900] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 624.633959][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.634047][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.863725][ T9] gspca_vc032x: reg_r err -110 [ 624.863837][ T9] vc032x 4-1:0.0: probe with driver vc032x failed with error -110 [ 625.203586][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.235451][ T1305] team0 (unregistering): Port device team_slave_1 removed [ 625.896858][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.820592][ T1305] team0 (unregistering): Port device team_slave_0 removed [ 629.016057][ C0] vkms_vblank_simulate: vblank timer overrun [ 629.728534][ T9212] netlink: 'syz.2.722': attribute type 13 has an invalid length. [ 629.789059][ T9184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 629.793942][ T6031] usb 4-1: USB disconnect, device number 26 [ 630.005964][ C0] vkms_vblank_simulate: vblank timer overrun [ 630.287492][ C0] vkms_vblank_simulate: vblank timer overrun [ 630.595264][ T8496] Bluetooth: hci3: unexpected event for opcode 0x0405 [ 630.628910][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.313770][ C0] vkms_vblank_simulate: vblank timer overrun [ 631.336029][ T9228] FAULT_INJECTION: forcing a failure. [ 631.336029][ T9228] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 631.336054][ T9228] CPU: 1 UID: 0 PID: 9228 Comm: syz.2.727 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 631.336069][ T9228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 631.336076][ T9228] Call Trace: [ 631.336081][ T9228] [ 631.336086][ T9228] dump_stack_lvl+0x189/0x250 [ 631.336108][ T9228] ? __pfx____ratelimit+0x10/0x10 [ 631.336124][ T9228] ? __pfx_dump_stack_lvl+0x10/0x10 [ 631.336140][ T9228] ? __pfx__printk+0x10/0x10 [ 631.336153][ T9228] ? __might_fault+0xb0/0x130 [ 631.336176][ T9228] should_fail_ex+0x46c/0x600 [ 631.336195][ T9228] _copy_from_user+0x2d/0xb0 [ 631.336208][ T9228] core_sys_select+0x606/0xa20 [ 631.336231][ T9228] ? __pfx_core_sys_select+0x10/0x10 [ 631.336260][ T9228] ? __pfx_set_user_sigmask+0x10/0x10 [ 631.336273][ T9228] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 631.336285][ T9228] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 631.336301][ T9228] __se_sys_pselect6+0x27a/0x300 [ 631.336320][ T9228] ? __pfx___se_sys_pselect6+0x10/0x10 [ 631.336335][ T9228] ? __pfx_ksys_write+0x10/0x10 [ 631.336347][ T9228] ? rcu_is_watching+0x15/0xb0 [ 631.336370][ T9228] ? __x64_sys_pselect6+0x21/0xf0 [ 631.336387][ T9228] do_syscall_64+0xfa/0x3b0 [ 631.336402][ T9228] ? lockdep_hardirqs_on+0x9c/0x150 [ 631.336415][ T9228] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.336427][ T9228] ? clear_bhb_loop+0x60/0xb0 [ 631.336440][ T9228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.336451][ T9228] RIP: 0033:0x7f8b16f4ebe9 [ 631.336463][ T9228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.336473][ T9228] RSP: 002b:00007f8b1518d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 631.336487][ T9228] RAX: ffffffffffffffda RBX: 00007f8b17176090 RCX: 00007f8b16f4ebe9 [ 631.336496][ T9228] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000040 [ 631.336504][ T9228] RBP: 00007f8b1518d090 R08: 0000000000000000 R09: 0000000000000000 [ 631.336511][ T9228] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 631.336519][ T9228] R13: 00007f8b17176128 R14: 00007f8b17176090 R15: 00007ffe7cf0cc88 [ 631.336537][ T9228] [ 631.856359][ T9005] hsr_slave_0: entered promiscuous mode [ 631.865791][ T9005] hsr_slave_1: entered promiscuous mode [ 631.883532][ T9005] debugfs: 'hsr0' already exists in 'hsr' [ 631.883562][ T9005] Cannot create hsr debugfs directory [ 632.490206][ C0] vkms_vblank_simulate: vblank timer overrun [ 633.701670][ C0] vkms_vblank_simulate: vblank timer overrun [ 634.856279][ T9243] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 634.862351][ T9243] cramfs: wrong magic [ 634.876723][ T9243] (syz.4.731,9243,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 634.876756][ T9243] (syz.4.731,9243,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 639.607669][ T8892] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 639.678166][ T8892] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 639.703182][ T31] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 639.863146][ T31] usb 3-1: Using ep0 maxpacket: 8 [ 639.868618][ T31] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 639.868689][ T31] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 639.868713][ T31] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 639.868737][ T31] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 639.868762][ T31] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 639.868806][ T31] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 639.868829][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.442862][ T31] usb 3-1: usb_control_msg returned -71 [ 640.442929][ T31] usbtmc 3-1:16.0: can't read capabilities [ 640.488407][ T8892] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 640.542596][ T8892] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 640.561064][ T31] usb 3-1: USB disconnect, device number 21 [ 641.578461][ T8892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 642.008124][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.011336][ T9289] FAULT_INJECTION: forcing a failure. [ 642.011336][ T9289] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.011359][ T9289] CPU: 1 UID: 0 PID: 9289 Comm: syz.2.741 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 642.011373][ T9289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 642.011380][ T9289] Call Trace: [ 642.011385][ T9289] [ 642.011390][ T9289] dump_stack_lvl+0x189/0x250 [ 642.011412][ T9289] ? __pfx____ratelimit+0x10/0x10 [ 642.011428][ T9289] ? __pfx_dump_stack_lvl+0x10/0x10 [ 642.011444][ T9289] ? __pfx__printk+0x10/0x10 [ 642.011456][ T9289] ? __might_fault+0xb0/0x130 [ 642.011479][ T9289] should_fail_ex+0x46c/0x600 [ 642.011497][ T9289] _copy_from_user+0x2d/0xb0 [ 642.011510][ T9289] copy_clone_args_from_user+0x565/0x6d0 [ 642.011528][ T9289] ? __pfx_copy_clone_args_from_user+0x10/0x10 [ 642.011552][ T9289] __se_sys_clone3+0xf1/0x2d0 [ 642.011568][ T9289] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 642.011583][ T9289] ? __pfx___se_sys_clone3+0x10/0x10 [ 642.011618][ T9289] ? __pfx_ksys_write+0x10/0x10 [ 642.011635][ T9289] ? do_syscall_64+0xbe/0x3b0 [ 642.011656][ T9289] do_syscall_64+0xfa/0x3b0 [ 642.011670][ T9289] ? lockdep_hardirqs_on+0x9c/0x150 [ 642.011683][ T9289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.011694][ T9289] ? clear_bhb_loop+0x60/0xb0 [ 642.011708][ T9289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.011718][ T9289] RIP: 0033:0x7f8b16f4ebe9 [ 642.011730][ T9289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.011740][ T9289] RSP: 002b:00007f8b151adf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 642.011754][ T9289] RAX: ffffffffffffffda RBX: 000000000000009c RCX: 00007f8b16f4ebe9 [ 642.011762][ T9289] RDX: 00007f8b151adf20 RSI: 000000000000009c RDI: 00007f8b151adf20 [ 642.011770][ T9289] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 000000000000009c [ 642.011777][ T9289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 642.011785][ T9289] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 642.011803][ T9289] [ 642.628038][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.940289][ T9005] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 642.985901][ T9005] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 643.040261][ T9005] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 643.115963][ T9005] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 643.463532][ T9005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 643.495043][ T9005] 8021q: adding VLAN 0 to HW filter on device team0 [ 643.511189][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state [ 643.511355][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 643.539681][ T1305] bridge0: port 2(bridge_slave_1) entered blocking state [ 643.539801][ T1305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 646.149645][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.294042][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.581249][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 646.597926][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 646.599261][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 646.600714][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 646.610543][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 646.953078][ T8496] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 647.054449][ T9332] overlayfs: failed to resolve './file1': -2 [ 647.322621][ T9005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 647.413143][ T5842] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 647.563212][ T5842] usb 4-1: Using ep0 maxpacket: 32 [ 647.565845][ T5842] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 647.565891][ T5842] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 647.565954][ T5842] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 647.565983][ T5842] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 647.566011][ T5842] usb 4-1: config 0 interface 0 has no altsetting 0 [ 647.569456][ T5842] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 647.569484][ T5842] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 647.569506][ T5842] usb 4-1: Product: syz [ 647.569530][ T5842] usb 4-1: Manufacturer: syz [ 647.569545][ T5842] usb 4-1: SerialNumber: syz [ 647.730647][ T5842] usb 4-1: config 0 descriptor?? [ 647.760891][ T5842] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 647.819383][ T5842] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 647.966379][ T5842] usb 4-1: USB disconnect, device number 27 [ 647.986314][ T5842] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 648.782121][ T8496] Bluetooth: hci4: command tx timeout [ 649.184352][ T9005] veth0_vlan: entered promiscuous mode [ 649.200712][ T9353] erofs (device nbd2): cannot find valid erofs superblock [ 650.137270][ T9005] veth1_vlan: entered promiscuous mode [ 650.370472][ T5974] bridge_slave_1: left allmulticast mode [ 650.370508][ T5974] bridge_slave_1: left promiscuous mode [ 650.370835][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.476704][ T5974] bridge_slave_0: left allmulticast mode [ 650.476743][ T5974] bridge_slave_0: left promiscuous mode [ 650.477052][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.018379][ T8496] Bluetooth: hci4: command tx timeout [ 652.664507][ T9378] FAULT_INJECTION: forcing a failure. [ 652.664507][ T9378] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 652.664558][ T9378] CPU: 0 UID: 0 PID: 9378 Comm: syz.4.761 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 652.664582][ T9378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 652.664595][ T9378] Call Trace: [ 652.664603][ T9378] [ 652.664613][ T9378] dump_stack_lvl+0x189/0x250 [ 652.664647][ T9378] ? __pfx____ratelimit+0x10/0x10 [ 652.664675][ T9378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 652.664705][ T9378] ? __pfx__printk+0x10/0x10 [ 652.664733][ T9378] ? get_sigframe+0x596/0x7d0 [ 652.664763][ T9378] should_fail_ex+0x46c/0x600 [ 652.664795][ T9378] _copy_to_user+0x31/0xb0 [ 652.664830][ T9378] copy_siginfo_to_user+0x22/0xc0 [ 652.664859][ T9378] x64_setup_rt_frame+0x777/0xd40 [ 652.664887][ T9378] ? rt_spin_unlock+0x65/0x80 [ 652.664927][ T9378] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 652.664964][ T9378] arch_do_signal_or_restart+0x3dc/0x750 [ 652.664997][ T9378] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 652.665041][ T9378] ? exit_to_user_mode_loop+0x40/0x110 [ 652.665072][ T9378] exit_to_user_mode_loop+0x75/0x110 [ 652.665099][ T9378] do_syscall_64+0x2bd/0x3b0 [ 652.665126][ T9378] ? lockdep_hardirqs_on+0x9c/0x150 [ 652.665151][ T9378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.665172][ T9378] ? clear_bhb_loop+0x60/0xb0 [ 652.665198][ T9378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 652.665217][ T9378] RIP: 0033:0x7f86afe7ebe7 [ 652.665236][ T9378] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 652.665255][ T9378] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 652.665278][ T9378] RAX: 0000000000000113 RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 652.665293][ T9378] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 652.665305][ T9378] RBP: 00007f86ae0e6090 R08: 0000000000000ae6 R09: 0000000000000004 [ 652.665318][ T9378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 652.665331][ T9378] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 652.665399][ T9378] [ 653.093659][ T8496] Bluetooth: hci4: command tx timeout [ 653.489823][ T9381] gfs2: gfs2 mount does not exist [ 655.175823][ T8496] Bluetooth: hci4: command tx timeout [ 656.122815][ T9402] FAULT_INJECTION: forcing a failure. [ 656.122815][ T9402] name failslab, interval 1, probability 0, space 0, times 0 [ 656.122853][ T9402] CPU: 0 UID: 0 PID: 9402 Comm: syz.2.767 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 656.122877][ T9402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 656.122889][ T9402] Call Trace: [ 656.122898][ T9402] [ 656.122907][ T9402] dump_stack_lvl+0x189/0x250 [ 656.122939][ T9402] ? __pfx____ratelimit+0x10/0x10 [ 656.122960][ T9402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 656.122988][ T9402] ? __pfx__printk+0x10/0x10 [ 656.123017][ T9402] ? __pfx___might_resched+0x10/0x10 [ 656.123034][ T9402] ? fs_reclaim_acquire+0x7d/0x100 [ 656.123053][ T9402] should_fail_ex+0x46c/0x600 [ 656.123076][ T9402] ? __alloc_skb+0x112/0x2d0 [ 656.123094][ T9402] should_failslab+0xa8/0x100 [ 656.123116][ T9402] ? __alloc_skb+0x112/0x2d0 [ 656.123132][ T9402] kmem_cache_alloc_node_noprof+0x77/0x330 [ 656.123159][ T9402] __alloc_skb+0x112/0x2d0 [ 656.123182][ T9402] netlink_dump+0x1b7/0xe90 [ 656.123212][ T9402] ? __pfx_netlink_dump+0x10/0x10 [ 656.123246][ T9402] ? netlink_recvmsg+0x5b2/0xa30 [ 656.123263][ T9402] ? kmem_cache_free+0x195/0x510 [ 656.123288][ T9402] netlink_recvmsg+0x676/0xa30 [ 656.123315][ T9402] ? __pfx_netlink_recvmsg+0x10/0x10 [ 656.123339][ T9402] ? __lock_acquire+0xab9/0xd20 [ 656.123360][ T9402] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 656.123375][ T9402] ? security_socket_recvmsg+0x7e/0x2e0 [ 656.123392][ T9402] ? __pfx_netlink_recvmsg+0x10/0x10 [ 656.123411][ T9402] sock_recvmsg+0x22c/0x270 [ 656.123432][ T9402] sock_read_iter+0x23a/0x2f0 [ 656.123450][ T9402] ? __pfx_sock_read_iter+0x10/0x10 [ 656.123495][ T9402] vfs_read+0x563/0xa30 [ 656.123522][ T9402] ? __pfx_vfs_read+0x10/0x10 [ 656.123550][ T9402] ? __fget_files+0x2a/0x420 [ 656.123581][ T9402] ksys_read+0x14b/0x260 [ 656.123601][ T9402] ? __pfx_ksys_read+0x10/0x10 [ 656.123617][ T9402] ? __task_pid_nr_ns+0x28/0x470 [ 656.123645][ T9402] ? do_syscall_64+0xbe/0x3b0 [ 656.123669][ T9402] do_syscall_64+0xfa/0x3b0 [ 656.123686][ T9402] ? lockdep_hardirqs_on+0x9c/0x150 [ 656.123705][ T9402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.123721][ T9402] ? clear_bhb_loop+0x60/0xb0 [ 656.123740][ T9402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.123755][ T9402] RIP: 0033:0x7f8b16f4ebe9 [ 656.123769][ T9402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.123783][ T9402] RSP: 002b:00007f8b151ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 656.123801][ T9402] RAX: ffffffffffffffda RBX: 00007f8b17175fa0 RCX: 00007f8b16f4ebe9 [ 656.123812][ T9402] RDX: 00000000000000ba RSI: 0000200000000080 RDI: 0000000000000003 [ 656.123822][ T9402] RBP: 00007f8b151ae090 R08: 0000000000000000 R09: 0000000000000000 [ 656.123832][ T9402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.123841][ T9402] R13: 00007f8b17176038 R14: 00007f8b17175fa0 R15: 00007ffe7cf0cc88 [ 656.123868][ T9402] [ 657.752257][ T31] usb 3-1: new low-speed USB device number 22 using dummy_hcd [ 658.782887][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 658.974655][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 659.044285][ T5974] bond0 (unregistering): Released all slaves [ 659.131659][ T9327] chnl_net:caif_netlink_parms(): no params data found [ 659.772196][ T31] usb 3-1: unable to get BOS descriptor or descriptor too short [ 659.781381][ T31] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 659.781427][ T31] usb 3-1: can't read configurations, error -71 [ 659.944244][ T5974] hsr_slave_0: left promiscuous mode [ 660.018667][ T5974] hsr_slave_1: left promiscuous mode [ 660.020001][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 660.056037][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 660.250680][ T9437] netlink: 8 bytes leftover after parsing attributes in process `syz.3.776'. [ 660.607834][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 660.624917][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 660.644892][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 660.825797][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 660.826705][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 663.071567][ T8496] Bluetooth: hci0: command tx timeout [ 663.851776][ T5974] team0 (unregistering): Port device team_slave_1 removed [ 665.029927][ T5974] team0 (unregistering): Port device team_slave_0 removed [ 665.361186][ T8496] Bluetooth: hci0: command tx timeout [ 665.856846][ C1] vkms_vblank_simulate: vblank timer overrun [ 665.951415][ C1] vkms_vblank_simulate: vblank timer overrun [ 666.228961][ C1] vkms_vblank_simulate: vblank timer overrun [ 666.687849][ T9499] block nbd4: Attempted send on invalid socket [ 666.688017][ T9499] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 666.691380][ T9499] ADFS-fs (nbd4): error: unable to read block 3, try 0 [ 666.833583][ C1] vkms_vblank_simulate: vblank timer overrun [ 666.853641][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.118252][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.207957][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.538744][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.812692][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.896883][ T8496] Bluetooth: hci0: command tx timeout [ 668.702432][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.038910][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.111384][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.309217][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.381907][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.444818][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.577439][ T9] IPVS: starting estimator thread 0... [ 669.673389][ T9518] IPVS: using max 5 ests per chain, 12000 per kthread [ 669.916440][ T9520] sctp: failed to load transform for md5: -2 [ 669.985475][ T8496] Bluetooth: hci0: command tx timeout [ 670.428699][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.132704][ C1] vkms_vblank_simulate: vblank timer overrun [ 671.250457][ C1] vkms_vblank_simulate: vblank timer overrun [ 672.277996][ C1] vkms_vblank_simulate: vblank timer overrun [ 672.386670][ C1] vkms_vblank_simulate: vblank timer overrun [ 672.950664][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.175074][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.393488][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.458765][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.035902][ C1] vkms_vblank_simulate: vblank timer overrun [ 676.190537][ T9327] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.190635][ T9327] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.190760][ T9327] bridge_slave_0: entered allmulticast mode [ 676.192487][ T9327] bridge_slave_0: entered promiscuous mode [ 676.220402][ T9327] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.220611][ T9327] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.220781][ T9327] bridge_slave_1: entered allmulticast mode [ 676.222419][ T9327] bridge_slave_1: entered promiscuous mode [ 676.364279][ T5842] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 676.513234][ T5842] usb 3-1: device descriptor read/64, error -71 [ 676.864136][ T5842] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 677.722506][ T9327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.763214][ T5842] usb 3-1: device descriptor read/64, error -71 [ 677.799761][ T9327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.552666][ T5842] usb usb3-port1: attempt power cycle [ 678.893201][ T5842] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 678.914372][ T5842] usb 3-1: device descriptor read/8, error -71 [ 679.029916][ T9327] team0: Port device team_slave_0 added [ 679.134076][ T9327] team0: Port device team_slave_1 added [ 680.654793][ T9327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 680.654807][ T9327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 680.654823][ T9327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 680.718823][ T9327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 680.718838][ T9327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 680.718855][ T9327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 681.752836][ T9327] hsr_slave_0: entered promiscuous mode [ 681.769425][ T9327] hsr_slave_1: entered promiscuous mode [ 683.173728][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.517940][ C0] vkms_vblank_simulate: vblank timer overrun [ 684.218725][ T9631] netlink: 36 bytes leftover after parsing attributes in process `syz.2.822'. [ 684.899815][ T9639] FAULT_INJECTION: forcing a failure. [ 684.899815][ T9639] name failslab, interval 1, probability 0, space 0, times 0 [ 684.899883][ T9639] CPU: 1 UID: 0 PID: 9639 Comm: syz.2.823 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 684.899908][ T9639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 684.899922][ T9639] Call Trace: [ 684.899931][ T9639] [ 684.899942][ T9639] dump_stack_lvl+0x189/0x250 [ 684.899977][ T9639] ? __pfx____ratelimit+0x10/0x10 [ 684.900005][ T9639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 684.900035][ T9639] ? __pfx__printk+0x10/0x10 [ 684.900065][ T9639] ? __pfx___might_resched+0x10/0x10 [ 684.900089][ T9639] ? fs_reclaim_acquire+0x7d/0x100 [ 684.900115][ T9639] should_fail_ex+0x46c/0x600 [ 684.900149][ T9639] should_failslab+0xa8/0x100 [ 684.900179][ T9639] __kmalloc_noprof+0xcb/0x430 [ 684.900205][ T9639] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 684.900240][ T9639] tomoyo_realpath_from_path+0xe3/0x5d0 [ 684.900271][ T9639] ? tomoyo_domain+0xda/0x130 [ 684.900319][ T9639] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 684.900343][ T9639] tomoyo_path_number_perm+0x1e8/0x5a0 [ 684.900372][ T9639] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 684.900401][ T9639] ? __pfx___schedule+0x10/0x10 [ 684.900423][ T9639] ? __schedule+0x1709/0x4c20 [ 684.900459][ T9639] ? __lock_acquire+0xab9/0xd20 [ 684.900513][ T9639] ? __fget_files+0x2a/0x420 [ 684.900544][ T9639] ? __fget_files+0x2a/0x420 [ 684.900571][ T9639] ? __fget_files+0x3a6/0x420 [ 684.900598][ T9639] ? __fget_files+0x2a/0x420 [ 684.900631][ T9639] security_file_ioctl+0xcb/0x2d0 [ 684.900660][ T9639] __se_sys_ioctl+0x47/0x170 [ 684.900687][ T9639] do_syscall_64+0xfa/0x3b0 [ 684.900717][ T9639] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.900737][ T9639] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 684.900757][ T9639] ? clear_bhb_loop+0x60/0xb0 [ 684.900782][ T9639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 684.900802][ T9639] RIP: 0033:0x7f8b16f4ebe9 [ 684.900821][ T9639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 684.900839][ T9639] RSP: 002b:00007f8b1516c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 684.900863][ T9639] RAX: ffffffffffffffda RBX: 00007f8b17176180 RCX: 00007f8b16f4ebe9 [ 684.900878][ T9639] RDX: 0000200000000440 RSI: 0000000040046f41 RDI: 0000000000000005 [ 684.900892][ T9639] RBP: 00007f8b1516c090 R08: 0000000000000000 R09: 0000000000000000 [ 684.900905][ T9639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 684.900918][ T9639] R13: 00007f8b17176218 R14: 00007f8b17176180 R15: 00007ffe7cf0cc88 [ 684.900955][ T9639] [ 684.900994][ T9639] ERROR: Out of memory at tomoyo_realpath_from_path. [ 686.065316][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.065407][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.084147][ T5900] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 686.084207][ T5900] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 686.098248][ T5900] usb 5-1: USB disconnect, device number 23 [ 686.226362][ T9440] chnl_net:caif_netlink_parms(): no params data found [ 686.433243][ T5900] usb 5-1: new low-speed USB device number 24 using dummy_hcd [ 687.363205][ T5900] usb 5-1: unable to get BOS descriptor or descriptor too short [ 687.450603][ T5900] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 687.453650][ T5900] usb 5-1: can't read configurations, error -71 [ 687.655496][ T9650] binder: 9644:9650 ioctl c0306201 0 returned -14 [ 687.733100][ T9652] netlink: 'syz.4.826': attribute type 10 has an invalid length. [ 688.187733][ T9659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'. [ 688.231964][ T9652] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode [ 688.247280][ T9652] team0: Port device wlan1 added [ 688.503154][ T5900] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 688.653440][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 688.656145][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.656178][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.657945][ T5900] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 688.658006][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.741114][ T9669] netlink: 28 bytes leftover after parsing attributes in process `syz.2.830'. [ 688.741297][ T9669] netlink: 28 bytes leftover after parsing attributes in process `syz.2.830'. [ 688.928843][ T5900] usb 5-1: config 0 descriptor?? [ 689.360425][ T5974] bridge_slave_1: left allmulticast mode [ 689.360687][ T5974] bridge_slave_1: left promiscuous mode [ 689.364051][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.445993][ T5974] bridge_slave_0: left allmulticast mode [ 689.446042][ T5974] bridge_slave_0: left promiscuous mode [ 689.446358][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 690.626437][ T5900] usbhid 5-1:0.0: can't add hid device: -71 [ 690.626630][ T5900] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 690.660174][ T5900] usb 5-1: USB disconnect, device number 25 [ 693.335678][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 693.417920][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 693.440741][ T5974] bond0 (unregistering): Released all slaves [ 693.483758][ T9440] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.573389][ T9440] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.573664][ T9440] bridge_slave_0: entered allmulticast mode [ 693.577905][ T9440] bridge_slave_0: entered promiscuous mode [ 693.652129][ T9440] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.652304][ T9440] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.652530][ T9440] bridge_slave_1: entered allmulticast mode [ 693.657497][ T9440] bridge_slave_1: entered promiscuous mode [ 694.627990][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.723675][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.826589][ T9704] netlink: 28 bytes leftover after parsing attributes in process `syz.2.840'. [ 694.826660][ T9704] netlink: 28 bytes leftover after parsing attributes in process `syz.2.840'. [ 694.924953][ T9440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.190074][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.304484][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.425750][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.546005][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.666796][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.840304][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.000312][ T5974] hsr_slave_0: left promiscuous mode [ 696.049961][ T5974] hsr_slave_1: left promiscuous mode [ 696.051064][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 696.126681][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.176227][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.249372][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.465155][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.711287][ T5974] veth1_vlan: left promiscuous mode [ 697.711576][ T5974] veth0_vlan: left promiscuous mode [ 697.723703][ T8548] usb 5-1: new low-speed USB device number 26 using dummy_hcd [ 697.908589][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.988913][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.119446][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.173625][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.261275][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.326017][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.410648][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.581241][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.771010][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.236178][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.473968][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.696014][ T8548] usb 5-1: unable to get BOS descriptor or descriptor too short [ 699.697305][ T8548] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 699.697345][ T8548] usb 5-1: can't read configurations, error -71 [ 699.790009][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.380711][ T9748] overlayfs: failed to resolve './file1': -2 [ 702.056978][ T5974] team0 (unregistering): Port device team_slave_1 removed [ 702.297622][ T5974] team0 (unregistering): Port device team_slave_0 removed [ 704.518073][ T9440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 704.912347][ T9440] team0: Port device team_slave_0 added [ 704.936731][ T9440] team0: Port device team_slave_1 added [ 705.192684][ T9440] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 705.192704][ T9440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 705.192733][ T9440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 705.195748][ T9440] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 705.195762][ T9440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 705.195786][ T9440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 706.606916][ T9440] hsr_slave_0: entered promiscuous mode [ 706.613972][ T9440] hsr_slave_1: entered promiscuous mode [ 706.618192][ T9440] debugfs: 'hsr0' already exists in 'hsr' [ 706.618224][ T9440] Cannot create hsr debugfs directory [ 717.579243][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 717.584276][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 717.587812][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 717.589054][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 717.589874][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 719.973559][ T8496] Bluetooth: hci5: command tx timeout [ 721.237895][ T9792] chnl_net:caif_netlink_parms(): no params data found [ 722.055899][ T5836] Bluetooth: hci5: command tx timeout [ 722.764817][ T5974] bridge_slave_1: left allmulticast mode [ 722.764856][ T5974] bridge_slave_1: left promiscuous mode [ 722.765770][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 722.830723][ T8496] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 722.850690][ T8496] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 722.857977][ T8496] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 722.868136][ T8496] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 722.899758][ T8496] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 722.939645][ T5974] bridge_slave_0: left allmulticast mode [ 722.939681][ T5974] bridge_slave_0: left promiscuous mode [ 722.940027][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.855972][ T5836] Bluetooth: hci1: unexpected event for opcode 0x0405 [ 724.707351][ T5836] Bluetooth: hci5: command tx timeout [ 725.109827][ T5836] Bluetooth: hci0: command tx timeout [ 725.659478][ T9855] netlink: 28 bytes leftover after parsing attributes in process `syz.3.878'. [ 725.659553][ T9855] netlink: 28 bytes leftover after parsing attributes in process `syz.3.878'. [ 726.202544][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 726.354324][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 726.434929][ T5974] bond0 (unregistering): Released all slaves [ 726.773802][ T5836] Bluetooth: hci5: command tx timeout [ 727.175833][ T5836] Bluetooth: hci0: command tx timeout [ 729.010002][ T9894] netlink: 28 bytes leftover after parsing attributes in process `syz.2.888'. [ 729.010068][ T9894] netlink: 28 bytes leftover after parsing attributes in process `syz.2.888'. [ 729.488585][ T5836] Bluetooth: hci0: command tx timeout [ 730.128340][ T5974] hsr_slave_0: left promiscuous mode [ 730.163295][ T5974] hsr_slave_1: left promiscuous mode [ 730.164349][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 731.489929][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.493662][ T5836] Bluetooth: hci0: command tx timeout [ 731.495266][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 731.551078][ C1] vkms_vblank_simulate: vblank timer overrun [ 731.935264][ C1] vkms_vblank_simulate: vblank timer overrun [ 732.113290][ C1] vkms_vblank_simulate: vblank timer overrun [ 732.585030][ C1] vkms_vblank_simulate: vblank timer overrun [ 733.269763][ C1] vkms_vblank_simulate: vblank timer overrun [ 733.505922][ T9920] netlink: 24 bytes leftover after parsing attributes in process `syz.2.894'. [ 734.505444][ C1] vkms_vblank_simulate: vblank timer overrun [ 734.840306][ T5974] team0 (unregistering): Port device team_slave_1 removed [ 735.087312][ T5974] team0 (unregistering): Port device team_slave_0 removed [ 736.032230][ T9792] bridge0: port 1(bridge_slave_0) entered blocking state [ 736.032379][ T9792] bridge0: port 1(bridge_slave_0) entered disabled state [ 736.032545][ T9792] bridge_slave_0: entered allmulticast mode [ 736.113289][ T9792] bridge_slave_0: entered promiscuous mode [ 736.153595][ T9792] bridge0: port 2(bridge_slave_1) entered blocking state [ 736.153784][ T9792] bridge0: port 2(bridge_slave_1) entered disabled state [ 736.154043][ T9792] bridge_slave_1: entered allmulticast mode [ 736.157370][ T9792] bridge_slave_1: entered promiscuous mode [ 738.316057][ T9792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.395417][ T9792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 739.743875][ T9792] team0: Port device team_slave_0 added [ 739.792868][ T9792] team0: Port device team_slave_1 added [ 740.921605][ T9965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.906'. [ 741.204335][ T9792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 741.204356][ T9792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 741.204385][ T9792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 741.265598][ T9792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 741.265616][ T9792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 741.265645][ T9792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.998844][ T5974] bridge_slave_1: left allmulticast mode [ 743.998967][ T5974] bridge_slave_1: left promiscuous mode [ 743.999287][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.035144][ T5974] bridge_slave_0: left allmulticast mode [ 744.035183][ T5974] bridge_slave_0: left promiscuous mode [ 744.035647][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.309693][ T9987] overlayfs: failed to resolve './file1': -2 [ 744.631525][ T5974] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.715286][ T5974] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 744.785786][ T5974] bond0 (unregistering): Released all slaves [ 746.035275][ T9792] hsr_slave_0: entered promiscuous mode [ 746.036824][ T9792] hsr_slave_1: entered promiscuous mode [ 746.307542][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.557558][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.656861][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.756447][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.849144][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.951769][ C0] vkms_vblank_simulate: vblank timer overrun [ 747.193161][ T5974] hsr_slave_0: left promiscuous mode [ 747.233227][ T5974] hsr_slave_1: left promiscuous mode [ 747.235932][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 747.274119][ T5974] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 747.501220][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.501326][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.974224][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.263550][ T5974] team0 (unregistering): Port device team_slave_1 removed [ 749.572290][ T5974] team0 (unregistering): Port device team_slave_0 removed [ 749.657371][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.288191][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.748136][ C0] vkms_vblank_simulate: vblank timer overrun [ 751.284966][ C0] vkms_vblank_simulate: vblank timer overrun [ 751.411698][ C0] vkms_vblank_simulate: vblank timer overrun [ 751.789560][ C0] vkms_vblank_simulate: vblank timer overrun [ 752.057763][ C0] vkms_vblank_simulate: vblank timer overrun [ 753.560173][ C0] vkms_vblank_simulate: vblank timer overrun [ 753.626661][ C0] vkms_vblank_simulate: vblank timer overrun [ 753.753578][T10044] overlayfs: failed to resolve './file1': -2 [ 754.630204][ C0] vkms_vblank_simulate: vblank timer overrun [ 755.002397][ C0] vkms_vblank_simulate: vblank timer overrun [ 755.318495][ T6788] Bluetooth: Error in BCSP hdr checksum [ 755.651389][ T6017] Bluetooth: Error in BCSP hdr checksum [ 755.694124][ T9835] chnl_net:caif_netlink_parms(): no params data found [ 755.846209][ T6008] Bluetooth: Error in BCSP hdr checksum [ 756.004146][ C0] vkms_vblank_simulate: vblank timer overrun [ 756.235677][ C0] vkms_vblank_simulate: vblank timer overrun [ 756.255626][ T1305] Bluetooth: Error in BCSP hdr checksum [ 756.726201][ T6008] Bluetooth: Error in BCSP hdr checksum [ 756.933457][ T5836] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 757.007969][ C0] vkms_vblank_simulate: vblank timer overrun [ 757.244981][ T6079] Bluetooth: Error in BCSP hdr checksum [ 757.476005][ T6008] Bluetooth: Error in BCSP hdr checksum [ 757.763065][ T1305] Bluetooth: Error in BCSP hdr checksum [ 758.201371][ C0] vkms_vblank_simulate: vblank timer overrun [ 758.293180][ C0] vkms_vblank_simulate: vblank timer overrun [ 758.827362][ T6064] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 758.983559][ T6064] usb 3-1: Using ep0 maxpacket: 8 [ 758.988392][ T6064] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 758.988433][ T6064] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 758.988446][ T6064] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 758.988460][ T6064] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 758.988473][ T6064] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 758.988498][ T6064] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 758.988511][ T6064] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.237381][ T6064] usb 3-1: usb_control_msg returned -71 [ 759.237439][ T6064] usbtmc 3-1:16.0: can't read capabilities [ 759.390535][ T6064] usb 3-1: USB disconnect, device number 28 [ 759.689536][ T9835] bridge0: port 1(bridge_slave_0) entered blocking state [ 759.689676][ T9835] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.689822][ T9835] bridge_slave_0: entered allmulticast mode [ 759.716927][ T9835] bridge_slave_0: entered promiscuous mode [ 759.755272][ T9835] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.755459][ T9835] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.755680][ T9835] bridge_slave_1: entered allmulticast mode [ 759.757629][ T9835] bridge_slave_1: entered promiscuous mode [ 760.401005][ T9835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 760.632500][ T9835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 763.877630][ T9835] team0: Port device team_slave_0 added [ 763.915811][ T9835] team0: Port device team_slave_1 added [ 765.530986][ T9835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 765.531000][ T9835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 765.531015][ T9835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 765.533946][ T9835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 765.533961][ T9835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 765.533985][ T9835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.146049][ T9835] hsr_slave_0: entered promiscuous mode [ 766.147655][ T9835] hsr_slave_1: entered promiscuous mode [ 766.148693][ T9835] debugfs: 'hsr0' already exists in 'hsr' [ 766.148720][ T9835] Cannot create hsr debugfs directory [ 770.735734][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 770.758121][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 770.760386][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 770.762375][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 770.784349][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 770.919179][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.032634][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.132767][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.232972][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.269085][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.423192][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.462726][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.523097][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.748387][ C0] vkms_vblank_simulate: vblank timer overrun [ 772.198131][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.034090][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.267651][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.279215][ T5836] Bluetooth: hci4: command tx timeout [ 773.454506][T10179] netlink: 28 bytes leftover after parsing attributes in process `syz.3.960'. [ 773.454553][T10179] netlink: 28 bytes leftover after parsing attributes in process `syz.3.960'. [ 773.688076][ C0] vkms_vblank_simulate: vblank timer overrun [ 774.018110][ C0] vkms_vblank_simulate: vblank timer overrun [ 774.152632][ T5836] Bluetooth: hci1: unexpected event for opcode 0x0405 [ 774.357393][ C0] vkms_vblank_simulate: vblank timer overrun [ 774.711293][ C0] vkms_vblank_simulate: vblank timer overrun [ 774.869724][ C0] vkms_vblank_simulate: vblank timer overrun [ 776.055975][ T5836] Bluetooth: hci4: command tx timeout [ 778.654274][ T5836] Bluetooth: hci4: command tx timeout [ 780.704662][ T5836] Bluetooth: hci4: command tx timeout [ 780.794265][ T9835] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 781.103067][ T9835] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 781.264985][T10147] chnl_net:caif_netlink_parms(): no params data found [ 782.154891][ T6079] bridge_slave_1: left allmulticast mode [ 782.154930][ T6079] bridge_slave_1: left promiscuous mode [ 782.155237][ T6079] bridge0: port 2(bridge_slave_1) entered disabled state [ 783.182579][ T6079] bridge_slave_0: left allmulticast mode [ 783.182618][ T6079] bridge_slave_0: left promiscuous mode [ 783.185272][ T6079] bridge0: port 1(bridge_slave_0) entered disabled state [ 784.108986][ T8496] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 784.123466][ T8496] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 784.127543][ T8496] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 784.133643][ T8496] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 784.161630][ T8496] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 784.457596][ C1] vkms_vblank_simulate: vblank timer overrun [ 784.652326][ C1] vkms_vblank_simulate: vblank timer overrun [ 785.124873][ C1] vkms_vblank_simulate: vblank timer overrun [ 785.576781][ C1] vkms_vblank_simulate: vblank timer overrun [ 786.182682][ C1] vkms_vblank_simulate: vblank timer overrun [ 786.569494][ C1] vkms_vblank_simulate: vblank timer overrun [ 786.585279][ T5836] Bluetooth: hci5: command tx timeout [ 787.078750][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.364546][ T6079] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 787.568159][ T6079] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 787.772298][ C1] vkms_vblank_simulate: vblank timer overrun [ 787.863264][ T6079] bond0 (unregistering): Released all slaves [ 788.189474][ C1] vkms_vblank_simulate: vblank timer overrun [ 788.564805][ C1] vkms_vblank_simulate: vblank timer overrun [ 788.960769][ C1] vkms_vblank_simulate: vblank timer overrun [ 788.962448][ T5836] Bluetooth: hci5: command tx timeout [ 791.120595][ T5836] Bluetooth: hci5: command tx timeout [ 792.103407][ T5934] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 792.778533][ T5934] usb 3-1: unable to get BOS descriptor or descriptor too short [ 792.862152][ T5934] usb 3-1: not running at top speed; connect to a high speed hub [ 792.873933][ T5934] usb 3-1: config 1 interface 0 altsetting 249 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 792.873971][ T5934] usb 3-1: config 1 interface 0 has no altsetting 0 [ 792.876544][ T5934] usb 3-1: New USB device found, idVendor=05ac, idProduct=0236, bcdDevice= 0.40 [ 792.876574][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 792.876585][ T5934] usb 3-1: Product: syz [ 792.876593][ T5934] usb 3-1: Manufacturer: syz [ 792.876601][ T5934] usb 3-1: SerialNumber: syz [ 793.062668][T10307] FAULT_INJECTION: forcing a failure. [ 793.062668][T10307] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 793.062704][T10307] CPU: 1 UID: 0 PID: 10307 [ 793.062704][T10307] CPU: 1 UID: 0 PID: 10307 Comm: syz.4.990 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 793.062727][T10307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.062739][T10307] Call Trace: [ 793.062747][T10307] [ 793.062756][T10307] dump_stack_lvl+0x189/0x250 [ 793.062791][T10307] ? __pfx____ratelimit+0x10/0x10 [ 793.062819][T10307] ? __pfx_dump_stack_lvl+0x10/0x10 [ 793.062856][T10307] ? __pfx__printk+0x10/0x10 [ 793.062882][T10307] ? fs_reclaim_acquire+0x7d/0x100 [ 793.062909][T10307] should_fail_ex+0x46c/0x600 [ 793.062945][T10307] prepare_alloc_pages+0x213/0x670 [ 793.062974][T10307] __alloc_frozen_pages_noprof+0x123/0x370 [ 793.063000][T10307] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 793.063033][T10307] ? policy_nodemask+0x27c/0x720 [ 793.063064][T10307] alloc_pages_mpol+0xd1/0x380 [ 793.063096][T10307] ___kmalloc_large_node+0x5f/0x1b0 [ 793.063122][T10307] ? __ldsem_down_read_nested+0x1ae/0x7d0 [ 793.063152][T10307] __kmalloc_large_node_noprof+0x18/0x90 [ 793.063180][T10307] __kmalloc_noprof+0x27a/0x430 [ 793.063205][T10307] ? hci_alloc_dev_priv+0x28/0x20b0 [ 793.063230][T10307] hci_alloc_dev_priv+0x28/0x20b0 [ 793.063255][T10307] hci_uart_tty_ioctl+0x3be/0xa00 [ 793.063288][T10307] ? __pfx_hci_uart_tty_ioctl+0x10/0x10 [ 793.063314][T10307] tty_ioctl+0x9cc/0xde0 [ 793.063344][T10307] ? __pfx_tty_ioctl+0x10/0x10 [ 793.063373][T10307] __se_sys_ioctl+0xfc/0x170 [ 793.063400][T10307] do_syscall_64+0xfa/0x3b0 [ 793.063424][T10307] ? lockdep_hardirqs_on+0x9c/0x150 [ 793.063450][T10307] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.063471][T10307] ? clear_bhb_loop+0x60/0xb0 [ 793.063498][T10307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.063516][T10307] RIP: 0033:0x7f86afe7ebe9 [ 793.063536][T10307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.063553][T10307] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 793.063575][T10307] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 793.063590][T10307] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000003 [ 793.063604][T10307] RBP: 00007f86ae0e6090 R08: 0000000000000000 R09: 0000000000000000 [ 793.063617][T10307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 793.063629][T10307] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 793.063663][T10307] [ 793.075850][T10307] Bluetooth: Can't allocate HCI device [ 793.078448][T10307] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000039: 0000 [#1] SMP KASAN PTI [ 793.078475][T10307] KASAN: null-ptr-deref in range [0x00000000000001c8-0x00000000000001cf] [ 793.078495][T10307] CPU: 0 UID: 0 PID: 10307 Comm: syz.4.990 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 793.078516][T10307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.078526][T10307] RIP: 0010:bcsp_recv+0x13d/0x1740 [ 793.078554][T10307] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 c4 fb 35 fa 49 8b 1f 31 ff 48 89 [ 793.078569][T10307] RSP: 0018:ffffc900040a7c00 EFLAGS: 00010206 [ 793.078595][T10307] RAX: 0000000000000039 RBX: 0000000000000048 RCX: 0000000000000047 [ 793.078607][T10307] RDX: 0000000000000047 RSI: 0000000000000001 RDI: 0000000000000000 [ 793.078618][T10307] RBP: ffffc900040a7d60 R08: 0000000000000000 R09: 0000000000000000 [ 793.078629][T10307] R10: dffffc0000000000 R11: ffffffff87e79620 R12: 0000000000000001 [ 793.078642][T10307] R13: ffffc900040a7e00 R14: dffffc0000000000 R15: 00000000000001c8 [ 793.078655][T10307] FS: 00007f86ae0e66c0(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 793.078671][T10307] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 793.078683][T10307] CR2: 00007fbc94e50e53 CR3: 0000000051bca000 CR4: 00000000003526f0 [ 793.078700][T10307] Call Trace: [ 793.078707][T10307] [ 793.078721][T10307] ? __pfx_bcsp_recv+0x10/0x10 [ 793.078743][T10307] ? rcu_read_lock_any_held+0xb3/0x120 [ 793.078761][T10307] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 793.078777][T10307] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 793.078800][T10307] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 793.078825][T10307] hci_uart_tty_receive+0x194/0x220 [ 793.078847][T10307] ? __pfx_hci_uart_tty_receive+0x10/0x10 [ 793.078869][T10307] tiocsti+0x23c/0x2c0 [ 793.078894][T10307] ? __pfx_tiocsti+0x10/0x10 [ 793.078916][T10307] ? __fget_files+0x2a/0x420 [ 793.078938][T10307] ? __fget_files+0x3a6/0x420 [ 793.078959][T10307] ? __fget_files+0x2a/0x420 [ 793.078983][T10307] tty_ioctl+0x62c/0xde0 [ 793.079005][T10307] ? __pfx_tty_ioctl+0x10/0x10 [ 793.079028][T10307] __se_sys_ioctl+0xfc/0x170 [ 793.079047][T10307] do_syscall_64+0xfa/0x3b0 [ 793.079069][T10307] ? lockdep_hardirqs_on+0x9c/0x150 [ 793.079089][T10307] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.079106][T10307] ? clear_bhb_loop+0x60/0xb0 [ 793.079125][T10307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.079141][T10307] RIP: 0033:0x7f86afe7ebe9 [ 793.079156][T10307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.079169][T10307] RSP: 002b:00007f86ae0e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 793.079187][T10307] RAX: ffffffffffffffda RBX: 00007f86b00a5fa0 RCX: 00007f86afe7ebe9 [ 793.079200][T10307] RDX: 0000200000000080 RSI: 0000000000005412 RDI: 0000000000000003 [ 793.079212][T10307] RBP: 00007f86aff01e19 R08: 0000000000000000 R09: 0000000000000000 [ 793.079223][T10307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.079233][T10307] R13: 00007f86b00a6038 R14: 00007f86b00a5fa0 R15: 00007ffd255ce278 [ 793.079252][T10307] [ 793.079258][T10307] Modules linked in: [ 793.079285][T10307] ---[ end trace 0000000000000000 ]--- [ 793.079935][T10307] RIP: 0010:bcsp_recv+0x13d/0x1740 [ 793.079961][T10307] Code: 89 4c 24 40 48 89 54 24 28 48 c1 ea 03 48 89 54 24 68 48 89 5c 24 20 48 c1 eb 03 48 89 5c 24 60 4c 89 7c 24 38 48 8b 44 24 58 <42> 80 3c 30 00 74 08 4c 89 ff e8 c4 fb 35 fa 49 8b 1f 31 ff 48 89 [ 793.079975][T10307] RSP: 0018:ffffc900040a7c00 EFLAGS: 00010206 [ 793.079991][T10307] RAX: 0000000000000039 RBX: 0000000000000048 RCX: 0000000000000047 [ 793.080002][T10307] RDX: 0000000000000047 RSI: 0000000000000001 RDI: 0000000000000000 [ 793.080013][T10307] RBP: ffffc900040a7d60 R08: 0000000000000000 R09: 0000000000000000 [ 793.080024][T10307] R10: dffffc0000000000 R11: ffffffff87e79620 R12: 0000000000000001 [ 793.080257][T10307] R13: ffffc900040a7e00 R14: dffffc0000000000 R15: 00000000000001c8 [ 793.080272][T10307] FS: 00007f86ae0e66c0(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 793.080287][T10307] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 793.080300][T10307] CR2: 00007fbc94e50e53 CR3: 0000000051bca000 CR4: 00000000003526f0 [ 793.080319][T10307] Kernel panic - not syncing: Fatal exception [ 793.080668][T10307] Kernel Offset: disabled