last executing test programs:

8m58.385622114s ago: executing program 1 (id=2):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x34, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x4800) (fail_nth: 1)

8m56.653511804s ago: executing program 1 (id=16):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000f7ffffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
close(r1)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)

8m41.222402813s ago: executing program 32 (id=16):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000f7ffffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
close(r1)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0xf}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004000)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)

7m57.785935508s ago: executing program 0 (id=129):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
getsockopt$inet6_mreq(r0, 0x29, 0x1, 0x0, &(0x7f0000000a80))

7m57.59606425s ago: executing program 0 (id=132):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x400c014)

7m56.319140782s ago: executing program 0 (id=133):
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x40000)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24048084}, 0x40000)
syz_emit_ethernet(0x0, 0x0, 0x0)
getsockopt(0xffffffffffffffff, 0xff, 0x1, 0x0, &(0x7f00000002c0)=0xfffffffffffffecd)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)={0xd4, r1, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x41}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0x1e}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2e}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@loopback}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x30, 0x18}}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_1\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x66f2}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20000000}, 0x488c1)

7m55.337743384s ago: executing program 0 (id=136):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x400c014)

7m53.814838057s ago: executing program 0 (id=138):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x20001, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

7m53.150711495s ago: executing program 0 (id=142):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0xa}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x1, 0x0, 0xb2, 0xc, 0x8, 0x7f}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x11}, {0x5, 0xb}, {0xb, 0x4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000)
r8 = syz_genetlink_get_family_id$team(&(0x7f0000000300), r2)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@newlink={0x4c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000340)={'team0\x00', <r11=>0x0})
sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)={0x364, r8, 0x100, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0x1b0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r10}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}}]}}, {{0x8, 0x1, r11}, {0x58, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x0, 0x4e, 0x6, 0x1000}, {0x95ab, 0x40}, {0x27b0, 0x6, 0x9, 0x6}, {0x1, 0x4, 0x7, 0x48}]}}}]}}, {{0x8, 0x1, r7}, {0x130, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x100}}}]}}]}, 0x364}, 0x1, 0x0, 0x0, 0x8000}, 0x40080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

7m37.743979395s ago: executing program 33 (id=142):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0xa}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x1, 0x0, 0xb2, 0xc, 0x8, 0x7f}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0x11}, {0x5, 0xb}, {0xb, 0x4}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4000000)
r8 = syz_genetlink_get_family_id$team(&(0x7f0000000300), r2)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@newlink={0x4c, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}, @IFLA_IPVLAN_FLAGS={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r10}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000340)={'team0\x00', <r11=>0x0})
sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f00000006c0)={0x364, r8, 0x100, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r7}, {0x1b0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r10}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}}]}}, {{0x8, 0x1, r11}, {0x58, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x0, 0x4e, 0x6, 0x1000}, {0x95ab, 0x40}, {0x27b0, 0x6, 0x9, 0x6}, {0x1, 0x4, 0x7, 0x48}]}}}]}}, {{0x8, 0x1, r7}, {0x130, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x100}}}]}}]}, 0x364}, 0x1, 0x0, 0x0, 0x8000}, 0x40080)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

4m27.433694377s ago: executing program 2 (id=512):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f0000000300)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0xffffffffffffff7f, 0x3a, '+', 0x3a, '+', 0x3a, './file0'}, 0x29)

4m27.17061471s ago: executing program 2 (id=514):
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x40a00, 0x0)

4m26.800517142s ago: executing program 2 (id=517):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000006c0)={0xa, 0x4}, 0xc)

4m26.510443692s ago: executing program 2 (id=520):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

4m26.069802071s ago: executing program 2 (id=525):
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net\x00')
fchdir(r0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents(r1, &(0x7f0000000040)=""/61, 0x3d)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)

4m22.252616884s ago: executing program 2 (id=535):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket(0x28, 0xa, 0x0)
r2 = socket(0x28, 0x5, 0x0)
listen(r2, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = accept4$unix(r2, 0x0, 0x0, 0x0)
recvfrom$unix(r3, &(0x7f0000000140)=""/248, 0xffffffffffffff6e, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
mq_open(&(0x7f0000000200)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p\b\x00\x00\x00\x00\x00\x00\x00\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x42, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x27, 0x25, 0x0, &(0x7f00000007c0), 0x0, 0x702, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x8a44}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
r7 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000600)={0x0, 0xf3, "7c16244d6e4a1e51be7d826f91a030873a47923a21d21a24f7fad9f088ce3511b8871d09022b4241aa60827dd71e1e343c4197e8150c366aae864fe475d4012fc20118aabdc7db8126ddd7bb5598f1675a99ee400c0e4f51af07a46689db4e3202879e8dc58b7f6dc203e2a04a2917436727dac93b38bafb91b4246fe7ac683020859a513e01aad0b82d3576e468a0ba6c8ad40ffb63cb3d99be266908b49d419f84de50128e4ab930acd2e2ea804e02691b09d97dfc16837a001534021d48b284ba719b150e5b831915444ad021435d4e0fd2939148a5dae68eb6697fac8bade8ceb88bdcb950a2d6ba50d68a4c6cf64e711a"}, &(0x7f0000000700)=0xfb)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
mmap(&(0x7f00001fb000/0x2000)=nil, 0x2000, 0x2, 0x8031, r7, 0x87e41000)
madvise(&(0x7f0000347000/0x2000)=nil, 0x2000, 0x2)

4m21.238453083s ago: executing program 34 (id=535):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket(0x28, 0xa, 0x0)
r2 = socket(0x28, 0x5, 0x0)
listen(r2, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = accept4$unix(r2, 0x0, 0x0, 0x0)
recvfrom$unix(r3, &(0x7f0000000140)=""/248, 0xffffffffffffff6e, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
mq_open(&(0x7f0000000200)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p\b\x00\x00\x00\x00\x00\x00\x00\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x42, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x27, 0x25, 0x0, &(0x7f00000007c0), 0x0, 0x702, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x8a44}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
r7 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000600)={0x0, 0xf3, "7c16244d6e4a1e51be7d826f91a030873a47923a21d21a24f7fad9f088ce3511b8871d09022b4241aa60827dd71e1e343c4197e8150c366aae864fe475d4012fc20118aabdc7db8126ddd7bb5598f1675a99ee400c0e4f51af07a46689db4e3202879e8dc58b7f6dc203e2a04a2917436727dac93b38bafb91b4246fe7ac683020859a513e01aad0b82d3576e468a0ba6c8ad40ffb63cb3d99be266908b49d419f84de50128e4ab930acd2e2ea804e02691b09d97dfc16837a001534021d48b284ba719b150e5b831915444ad021435d4e0fd2939148a5dae68eb6697fac8bade8ceb88bdcb950a2d6ba50d68a4c6cf64e711a"}, &(0x7f0000000700)=0xfb)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x3, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
mmap(&(0x7f00001fb000/0x2000)=nil, 0x2000, 0x2, 0x8031, r7, 0x87e41000)
madvise(&(0x7f0000347000/0x2000)=nil, 0x2000, 0x2)

3m22.830946885s ago: executing program 3 (id=648):
r0 = socket(0x2, 0x3, 0xff)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000280)={0x1, {{0x2, 0x4e23, @multicast1}}, {{0x2, 0x4e26, @private=0xa010102}}}, 0x108)
r2 = syz_usb_connect$uac1(0x0, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206"], 0x0)
syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3009}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f0000001bc0)={0x2c, 0x0, &(0x7f0000000980)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000000780)={0x14, 0x0, &(0x7f00000009c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000640)={@multicast1, @loopback, 0x1, 0x2, [@local, @loopback]}, 0x18)
sendmmsg$inet(r0, &(0x7f0000001540)=[{{&(0x7f0000000000)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000080)="f500"/20, 0x14}], 0x1, &(0x7f0000001500)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @rand_addr=0x64010101}}}], 0x20}}], 0x1, 0x44080)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000005bfffffff721bb"], &(0x7f0000001f80)=""/226, 0x18, 0xe2, 0x2}, 0x28)

3m20.442278375s ago: executing program 3 (id=654):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='c +'], 0xa)

3m19.788603977s ago: executing program 3 (id=656):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf500090584"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = open$dir(&(0x7f0000000740)='./file0\x00', 0x0, 0x2)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
open(0x0, 0x14927e, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$rds(0x15, 0x5, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
recvmmsg(r5, &(0x7f0000007900), 0x847, 0x10162, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f00005ed000/0x4000)=nil, 0x0, 0x0, 0x0, 0xbff, 0x0, 0x2, 0x0, 0x20})
r6 = getpgid(0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1, 0x0, r6}}, 0x40)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x200000ffe000)

3m15.22313512s ago: executing program 3 (id=665):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x105000, 0xd, 0x20}, 0x18)
move_mount(r0, &(0x7f0000000280)='./file0\x00', 0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x10)
syz_clone(0x8001200, &(0x7f0000000300)="d7f98f2456bea23a4952b965cd985e1dc46b86860b5c2bf32641fe2fdcf1de01b6de1f22cf50b0fca46fc6c647473124949b644641383a109e481d4b572a5866debddc84ca472960a82b8e83151cfbf41b8f1ae8bd12bb1c7777c871bda96b770c57ba0a48a10bdf704a9a7a5e2f6330276f747b9ad2c7106a", 0x79, &(0x7f00000003c0), &(0x7f0000000400), &(0x7f0000000440)="4766da3f4503a65da1386e7df02d4a045a95e3313b5cbe20549f8d22ceffd75eb9e367315b092f114fa877db48dfb562bf")
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r2 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="39000000140081ae00002c000500015601618575e285af018025408a63a1dfee6fa171b0d8402fdea2000000171300883795c04a75ba377a1b", 0x39}], 0x1, 0x0, 0x0, 0xc00e}, 0x0)
recvmmsg(r2, &(0x7f0000007880)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x2002, 0x0)
move_mount(r1, &(0x7f0000000380)='./file0\x00', r1, 0x0, 0x40)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40000000c6302, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r4, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r5, 0x84, 0x6d, &(0x7f0000001080)=""/4096, &(0x7f0000000140)=0x1000)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'vlan0\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYRES64=r6, @ANYRES32=0x0, @ANYBLOB="19a691c3ddf6022bd4ba38434038700600ab8208368014000700ff15100000000000000000000000000114000600001d"], 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f00000000c0)={{0x1, 0x40}, {0x4e7, 0xfffffffb}, 0x3})

3m14.200256944s ago: executing program 3 (id=668):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a0601090512030008af07c109050c04400006030f07059acbcf32"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x181900, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000000)={0x3e, 0x2, 0x457f1c9146f8f874, "464905e100000000000000007f00", 0xb5315241})
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x10, 0x1, 0x0, 0x6, 0x0, 0x0, "5dc9ca561a5fbf61048955f6f876b2ff", 0x0, 0x1})
keyctl$dh_compute(0x17, &(0x7f0000000800), 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0xffffffffffffffef}, 0x27)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f00000000c0)='sys_enter\x00', r4}, 0x18)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="48010000100001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000001eb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c00120073657169762863636d28626c6f77666973682d61736d29290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000c0008"], 0x148}}, 0x0)
setpriority(0x0, 0x0, 0xacf0165)
getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a)
landlock_restrict_self(0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
kexec_load(0x7, 0x1, &(0x7f0000003200)=[{&(0x7f0000003180)='K', 0x1, 0x8000, 0x8000}], 0x3e0000)

3m11.589597147s ago: executing program 3 (id=676):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCEXCL(r0, 0x540c)
syz_open_dev$tty1(0xc, 0x4, 0x3)

3m11.106893444s ago: executing program 35 (id=676):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCEXCL(r0, 0x540c)
syz_open_dev$tty1(0xc, 0x4, 0x3)

11.798271894s ago: executing program 5 (id=923):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
socket$igmp(0x2, 0x3, 0x2)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000300), 0x8000, 0x0)
read$FUSE(r0, &(0x7f0000000780)={0x2020}, 0x2020)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x2, [0x0, <r1=>0x0]}, &(0x7f0000000080)=0xc)
sendmsg$nl_crypto(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=@alg={0xf8, 0x10, 0x400, 0x70bd26, 0x25dfdbff, {{'xchacha12-neon\x00'}, '\x00', '\x00', 0x2000, 0x6000}, [{0x8, 0x1, 0x8}, {0x8, 0x1, 0x401}, {0x8, 0x1, 0x4}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000}, 0x8050)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r1, 0xf8a4, 0xff}, &(0x7f0000000100)=0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

11.673650257s ago: executing program 5 (id=924):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(0x0, 0x60840, 0x1d2)
getsockname$inet(r3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, 0x0)
r4 = syz_open_dev$vbi(&(0x7f00000028c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x1, 0xd59f83, 0x7, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
vmsplice(r6, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}, {&(0x7f0000000100)="a7", 0xfec7}, {&(0x7f0000000880)="9f3846581b1b5159fa75b369536aed7fc089b18592fd1bd099864f1ed35c7046e78c84f4cf0e59594f6dac655efbe84343ff8c186af752f7691c612987b6c089fc2ac412de8edab1f67d0300a1acf9ef331f2b436ff4322adcde8648bcd1e193eb1cb83b0ff2de12d2", 0xfdb9}, {&(0x7f0000000300)='b', 0x1}], 0x28, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYRESHEX=r7], 0x0)

11.269905496s ago: executing program 4 (id=925):
mkdir(&(0x7f0000000400)='./file0\x00', 0x9)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000240), r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800070002"], 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
mount$fuse(0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES32=r1, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240)='//\xf2/\x06\b///o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000000c0)={0x6, 0x3, 0x0, 'queue1\x00', 0x8001})
writev(r7, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)

8.797882509s ago: executing program 4 (id=926):
r0 = memfd_create(&(0x7f0000000500)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa9\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x98m\x10L\xec\xfdWF\x7fj\x19\xb8<\xd2\x9d\xf0\xe9Qy\xe32\xed\x16f\xfe&\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6g\xb6\xca\xb1\xb3\xeb\xb9\x92*$\x03\x0fuL6\x93H\x19\xc5\x86\xec5Ke\x8dAx\x80\xde\x9c>\xe0\xa4b\xd0\xc8\t)\x81\x8c\t\xad\xac\x9fw-\x8e%\xc9P\xbd\x87\x00L\xf6X\xb9\xf8|\xad\xeb\xca\x12%#5\xb1\x18S\x86\xee\xd0PC\xba}N[c/\xbe\x9e^\xdf\"Q\xbaVp\xde\xc6\x1f\xaal\xa1j\xa1F_\xa0\xcfN]\x94J<UY\x03\xf8T\xbd6W(m\xf0\xbb\xa0\xcaq\x8bQ\x14l\xe3\xc1|\xed0\xa9', 0x5)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x1000000, 0x2012, r0, 0x0)
r1 = epoll_create1(0x0)
poll(0x0, 0x0, 0x8000db3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100))
shutdown(r2, 0x0)
epoll_wait(r1, &(0x7f0000000000)=[{}], 0x1, 0x101)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000140)={0x2000200b})
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}})
mkdir(0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x800, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_on}, {@uuid_on}]})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r4, 0x10001, 0x0)
r5 = socket(0x10, 0x803, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r7, @ANYBLOB], 0x34}}, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="f72ec02d9e4f3cbfe74958db5afd6b1e3400", @ANYRES32=r7, @ANYBLOB="1400020000000000000000000000ffff000000000800080070030000"], 0x34}}, 0x0)

8.408727327s ago: executing program 5 (id=927):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000180)={0x9, 'vlan1\x00', {0x6719}, 0x5})

7.669819316s ago: executing program 4 (id=928):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="10797fcd6cd957d2b903c6bf46b4abf3629ff075475e4bd6e43be1712bf8b4dc", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/122, 0x70}, {&(0x7f0000000600)=""/217, 0xd9}], 0x2)
sendmmsg$alg(r1, &(0x7f0000003880)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)="9c98d425afe56f214f063263de94ff93031f06039ddcb1d9cf89e039a97c89ebd9f53c411614e83992d1607b7a59cbe7993c3630080d6969b1c91da10113cd2657fdee548019656f33a2aa9cddad710a2d49b2b408db67acd1f838b73b2367cbd14eaeefaeb76faf0c1233c66b454155736ba29b46a8bebc251f84f1016dcb4fea", 0x81}], 0x1, 0x0, 0x0, 0x4}], 0x1, 0x0)

7.312968903s ago: executing program 4 (id=929):
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000140)=0x3, 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$swradio(&(0x7f00000004c0), 0x1, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
getsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0)
ioctl$VIDIOC_ENCODER_CMD(r2, 0xc028564d, &(0x7f0000000000)={0x3, 0x0, [0x95f, 0xfff, 0x7, 0xee5, 0x0, 0x4, 0x7f, 0x2]})
prctl$PR_MCE_KILL(0x4e, 0x1, 0x2)

6.287904936s ago: executing program 5 (id=930):
mkdir(&(0x7f0000000400)='./file0\x00', 0x9)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000240), r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800070002"], 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
mount$fuse(0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES32=r1, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
link(&(0x7f0000000280)='./file0/../file0/file0\x00', 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000000c0)={0x6, 0x3, 0x0, 'queue1\x00', 0x8001})
writev(r7, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)

4.677191144s ago: executing program 5 (id=931):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r3, &(0x7f0000000180)="f0c8361e949aa6a39ba59404135b8fd9fb3373e2665dd35ca55765100cdd491c1f44ff3e57925717f14e45de2660f9971faad6818b4b48e33dd22c6a57c2c1a0a71a76a15d774a0297c5da5d10381ce6b307283a87b4b9a0b5cffa89df3287cbb5c87da42568a77610b675551f02507d74465749d697ee8aa2b0", 0x7a, 0x4008084, &(0x7f0000000240)={0x2, 0x4e22, @multicast2}, 0x10)
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
read$FUSE(r4, &(0x7f00000005c0)={0x2020}, 0x2020)
write$P9_RVERSION(r4, &(0x7f0000000400)={0x13, 0x65, 0xffff, 0x1, 0x6, '9P2000'}, 0x13)

2.988364295s ago: executing program 5 (id=932):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4, 0xffffffff}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f00000002c0), r0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f0000000140)=0x16)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="c26803410000a727cd51bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$HIDIOCSUSAGE(r4, 0x4018480c, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x80, 0x141)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
getdents64(r5, &(0x7f0000003080)=""/4098, 0x1002)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001540)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="29082dbd7048fedbdf251e0000000a0004007770616e33000000080001"], 0x28}, 0x1, 0x0, 0x0, 0x2000c000}, 0x40240c4)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x40002004})
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, 0xffffffffffffffff, &(0x7f0000000c40)={0x20002005})

1.456146773s ago: executing program 4 (id=933):
mkdir(&(0x7f0000000400)='./file0\x00', 0x9)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(&(0x7f0000000240), r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000440)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001800070002"], 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r6, &(0x7f0000000000), 0xd)
mount$fuse(0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES32=r1, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240)='//\xf2/\x06\b///o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000000c0)={0x6, 0x3, 0x0, 'queue1\x00', 0x8001})
writev(r7, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2)

0s ago: executing program 4 (id=934):
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, &(0x7f0000000280)=0x3, 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8d80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xf5, 0x0, 0x0, 0x4, 0x1, 0x0, 0x5, 0xff, 0x1f, 0x0, 0x10000}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x9, 0x4, 0x0, 0x80000}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$BLKGETDISKSEQ(r1, 0x80081280, &(0x7f0000000100))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet(0x2b, 0x801, 0x0)
splice(r4, 0x0, r3, 0x0, 0x3ff, 0x9)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x1, r3, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f00000000c0)='0', 0x1)

kernel console output (not intermixed with test programs):

] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.810622][ T8772] CPU: 0 UID: 0 PID: 8772 Comm: syz.4.705 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  478.810645][ T8772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.810658][ T8772] Call Trace:
[  478.810666][ T8772]  <TASK>
[  478.810676][ T8772]  dump_stack_lvl+0x189/0x250
[  478.810712][ T8772]  ? __pfx____ratelimit+0x10/0x10
[  478.810740][ T8772]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.810769][ T8772]  ? __pfx__printk+0x10/0x10
[  478.810792][ T8772]  ? __might_fault+0xb0/0x130
[  478.810836][ T8772]  should_fail_ex+0x46c/0x600
[  478.810869][ T8772]  _copy_from_user+0x2d/0xb0
[  478.810894][ T8772]  ___sys_recvmsg+0x12e/0x510
[  478.810932][ T8772]  ? __pfx____sys_recvmsg+0x10/0x10
[  478.810992][ T8772]  ? __fget_files+0x3a6/0x420
[  478.811040][ T8772]  do_recvmmsg+0x30d/0x770
[  478.811081][ T8772]  ? __pfx_do_recvmmsg+0x10/0x10
[  478.811109][ T8772]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  478.811137][ T8772]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  478.811178][ T8772]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  478.811219][ T8772]  __x64_sys_recvmmsg+0x190/0x240
[  478.811253][ T8772]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  478.811280][ T8772]  ? rcu_is_watching+0x15/0xb0
[  478.811317][ T8772]  ? do_syscall_64+0xbe/0x3b0
[  478.811349][ T8772]  do_syscall_64+0xfa/0x3b0
[  478.811375][ T8772]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.811401][ T8772]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.811421][ T8772]  ? clear_bhb_loop+0x60/0xb0
[  478.811446][ T8772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.811464][ T8772] RIP: 0033:0x7f2d33d5ebe9
[  478.811483][ T8772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.811501][ T8772] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  478.811523][ T8772] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  478.811538][ T8772] RDX: 040000000000012d RSI: 0000200000000080 RDI: 0000000000000003
[  478.811552][ T8772] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  478.811564][ T8772] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  478.811577][ T8772] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  478.811611][ T8772]  </TASK>
[  479.531400][ T8631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  479.561124][ T5925] usb 6-1: USB disconnect, device number 7
[  479.714931][ T8631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.178588][ T8780] netlink: 28 bytes leftover after parsing attributes in process `syz.5.708'.
[  480.441948][ T8631] team0: Port device team_slave_0 added
[  480.624390][ T8631] team0: Port device team_slave_1 added
[  480.625483][ T8786] sit0: entered promiscuous mode
[  480.637792][ T8786] netlink: 'syz.4.710': attribute type 1 has an invalid length.
[  480.637814][ T8786] netlink: 1 bytes leftover after parsing attributes in process `syz.4.710'.
[  480.708973][ T8787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.710'.
[  481.230832][ T8631] batman_adv: batadv0: Adding interface: batadv_slave_0
[  481.230853][ T8631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.230971][ T8631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.319540][ T5911] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  481.354877][ T8631] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.354897][ T8631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.354926][ T8631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.482895][ T5911] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  481.482924][ T5911] usb 6-1: config 0 has no interface number 0
[  481.482974][ T5911] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  481.483010][ T5911] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  481.483054][ T5911] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  481.483079][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.551048][ T5911] usb 6-1: config 0 descriptor??
[  481.554008][ T8792] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  481.606527][ T5911] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  482.038223][ T8441] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  482.282881][ T8441] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  482.395494][ T8631] hsr_slave_0: entered promiscuous mode
[  482.412438][ T8631] hsr_slave_1: entered promiscuous mode
[  482.440575][ T8631] debugfs: 'hsr0' already exists in 'hsr'
[  482.440606][ T8631] Cannot create hsr debugfs directory
[  482.443855][ T8441] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  482.540407][ T8441] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  483.452706][   T44] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  483.662274][   T44] usb 5-1: Using ep0 maxpacket: 8
[  483.691585][   T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  483.714650][   T44] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  483.714817][   T44] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  483.714837][   T44] usb 5-1: Product: syz
[  483.714850][   T44] usb 5-1: Manufacturer: syz
[  483.714863][   T44] usb 5-1: SerialNumber: syz
[  484.195985][    C1] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  484.254231][   T44] usb 5-1: palm_os_3_probe - error -110 getting connection information
[  484.254354][   T44] visor 5-1:1.0: probe with driver visor failed with error -110
[  484.273824][ T8326] usb 6-1: USB disconnect, device number 8
[  486.048310][    T9] usb 5-1: USB disconnect, device number 34
[  486.165688][ T1495] bridge_slave_1: left allmulticast mode
[  486.165873][ T1495] bridge_slave_1: left promiscuous mode
[  486.169356][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  486.251155][ T1495] bridge_slave_0: left allmulticast mode
[  486.251191][ T1495] bridge_slave_0: left promiscuous mode
[  486.251498][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.358828][ T1495] bridge_slave_1: left allmulticast mode
[  486.358867][ T1495] bridge_slave_1: left promiscuous mode
[  486.361377][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  486.456179][ T1495] bridge_slave_0: left allmulticast mode
[  486.456219][ T1495] bridge_slave_0: left promiscuous mode
[  486.460955][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.869040][ T8824] netlink: 28 bytes leftover after parsing attributes in process `syz.5.719'.
[  489.650613][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  490.740569][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  490.782538][ T1495] bond0 (unregistering): Released all slaves
[  491.149517][ T1231] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  491.227819][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  491.301403][ T1231] usb 6-1: Using ep0 maxpacket: 8
[  491.303176][ T1231] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  491.305089][ T1231] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  491.305106][ T1231] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  491.305117][ T1231] usb 6-1: Product: syz
[  491.305125][ T1231] usb 6-1: Manufacturer: syz
[  491.305133][ T1231] usb 6-1: SerialNumber: syz
[  491.315657][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  491.437221][ T1495] bond0 (unregistering): Released all slaves
[  491.661878][ T1231] usb 6-1: palm_os_3_probe - error -110 getting connection information
[  491.661998][ T1231] visor 6-1:1.0: probe with driver visor failed with error -110
[  491.986235][ T1495] tipc: Left network mode
[  492.373488][ T8844] netlink: 'syz.4.725': attribute type 2 has an invalid length.
[  492.373514][ T8844] netlink: 24 bytes leftover after parsing attributes in process `syz.4.725'.
[  493.738243][ T5911] usb 6-1: USB disconnect, device number 9
[  493.817005][ T8850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.727'.
[  493.850184][ T1495] hsr_slave_0: left promiscuous mode
[  493.902232][ T1495] hsr_slave_1: left promiscuous mode
[  493.904683][ T1495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  493.904720][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  493.939575][ T8853] FAULT_INJECTION: forcing a failure.
[  493.939575][ T8853] name failslab, interval 1, probability 0, space 0, times 0
[  493.939613][ T8853] CPU: 1 UID: 0 PID: 8853 Comm: syz.5.728 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  493.939636][ T8853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  493.939648][ T8853] Call Trace:
[  493.939656][ T8853]  <TASK>
[  493.939664][ T8853]  dump_stack_lvl+0x189/0x250
[  493.939699][ T8853]  ? __pfx____ratelimit+0x10/0x10
[  493.939728][ T8853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  493.939757][ T8853]  ? __pfx__printk+0x10/0x10
[  493.939788][ T8853]  ? __pfx___might_resched+0x10/0x10
[  493.939811][ T8853]  ? fs_reclaim_acquire+0x7d/0x100
[  493.939836][ T8853]  should_fail_ex+0x46c/0x600
[  493.939870][ T8853]  should_failslab+0xa8/0x100
[  493.939900][ T8853]  __kmalloc_noprof+0xcb/0x430
[  493.939925][ T8853]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  493.939961][ T8853]  tomoyo_realpath_from_path+0xe3/0x5d0
[  493.939992][ T8853]  ? tomoyo_domain+0xda/0x130
[  493.940027][ T8853]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  493.940051][ T8853]  tomoyo_path_number_perm+0x1e8/0x5a0
[  493.940078][ T8853]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  493.940116][ T8853]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  493.940143][ T8853]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.940176][ T8853]  ? __lock_acquire+0xab9/0xd20
[  493.940228][ T8853]  ? __fget_files+0x2a/0x420
[  493.940260][ T8853]  ? __fget_files+0x2a/0x420
[  493.940286][ T8853]  ? __fget_files+0x3a6/0x420
[  493.940312][ T8853]  ? __fget_files+0x2a/0x420
[  493.940345][ T8853]  security_file_ioctl+0xcb/0x2d0
[  493.940373][ T8853]  __se_sys_ioctl+0x47/0x170
[  493.940406][ T8853]  do_syscall_64+0xfa/0x3b0
[  493.940432][ T8853]  ? lockdep_hardirqs_on+0x9c/0x150
[  493.940458][ T8853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.940478][ T8853]  ? clear_bhb_loop+0x60/0xb0
[  493.940503][ T8853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.940523][ T8853] RIP: 0033:0x7f756fe2ebe9
[  493.940541][ T8853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.940558][ T8853] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  493.940582][ T8853] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  493.940597][ T8853] RDX: 0000200000000080 RSI: 000000004040ae79 RDI: 0000000000000004
[  493.940610][ T8853] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  493.940622][ T8853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  493.940635][ T8853] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  493.940670][ T8853]  </TASK>
[  493.940808][ T8853] ERROR: Out of memory at tomoyo_realpath_from_path.
[  494.018625][ T1495] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  494.018659][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  494.501210][ T1495] hsr_slave_0: left promiscuous mode
[  495.725668][ T1495] hsr_slave_1: left promiscuous mode
[  495.726773][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.374315][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.435691][ T8868] netlink: 'syz.4.733': attribute type 2 has an invalid length.
[  496.435715][ T8868] netlink: 24 bytes leftover after parsing attributes in process `syz.4.733'.
[  496.606166][ T1495] veth1_macvtap: left promiscuous mode
[  496.606305][ T1495] veth0_macvtap: left promiscuous mode
[  496.606776][ T1495] veth0_vlan: left promiscuous mode
[  498.000672][ T5912] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  498.149355][ T5912] usb 6-1: Using ep0 maxpacket: 8
[  498.153944][ T5912] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  498.157821][ T5912] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  498.157858][ T5912] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  498.157880][ T5912] usb 6-1: Product: syz
[  498.157894][ T5912] usb 6-1: Manufacturer: syz
[  498.157908][ T5912] usb 6-1: SerialNumber: syz
[  498.289408][ T5844] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  498.459321][ T5844] usb 5-1: Using ep0 maxpacket: 16
[  498.468185][ T5844] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  498.468230][ T5844] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  498.513602][ T5844] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  498.513636][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.513656][ T5844] usb 5-1: Product: syz
[  498.513670][ T5844] usb 5-1: Manufacturer: syz
[  498.513684][ T5844] usb 5-1: SerialNumber: syz
[  498.560108][ T5912] usb 6-1: palm_os_3_probe - error -110 getting connection information
[  498.560228][ T5912] visor 6-1:1.0: probe with driver visor failed with error -110
[  498.602596][ T5844] usb 5-1: config 0 descriptor??
[  498.621797][ T5844] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  498.621845][ T5844] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  499.236724][ T5844] em28xx 5-1:0.0: chip ID is em28174
[  500.471588][ T5912] usb 6-1: USB disconnect, device number 10
[  500.552541][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  500.820621][ T5912] usb 5-1: USB disconnect, device number 35
[  500.823353][ T5912] em28xx 5-1:0.0: Disconnecting em28xx
[  500.883619][ T5912] em28xx 5-1:0.0: Freeing device
[  500.930238][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  501.297513][ T8886] FAULT_INJECTION: forcing a failure.
[  501.297513][ T8886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.297552][ T8886] CPU: 1 UID: 0 PID: 8886 Comm: syz.5.737 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  501.297576][ T8886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.297588][ T8886] Call Trace:
[  501.297596][ T8886]  <TASK>
[  501.297604][ T8886]  dump_stack_lvl+0x189/0x250
[  501.297639][ T8886]  ? __pfx____ratelimit+0x10/0x10
[  501.297667][ T8886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.297696][ T8886]  ? __pfx__printk+0x10/0x10
[  501.297719][ T8886]  ? __might_fault+0xb0/0x130
[  501.297762][ T8886]  should_fail_ex+0x46c/0x600
[  501.297804][ T8886]  _copy_from_user+0x2d/0xb0
[  501.297827][ T8886]  __sys_bpf+0x1ed/0x870
[  501.297856][ T8886]  ? __pfx___sys_bpf+0x10/0x10
[  501.297896][ T8886]  ? ksys_write+0x230/0x260
[  501.297924][ T8886]  ? __pfx_ksys_write+0x10/0x10
[  501.297946][ T8886]  ? rcu_is_watching+0x15/0xb0
[  501.297985][ T8886]  __x64_sys_bpf+0x7c/0x90
[  501.298009][ T8886]  do_syscall_64+0xfa/0x3b0
[  501.298035][ T8886]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.298066][ T8886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.298085][ T8886]  ? clear_bhb_loop+0x60/0xb0
[  501.298111][ T8886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.298131][ T8886] RIP: 0033:0x7f756fe2ebe9
[  501.298149][ T8886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.298167][ T8886] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  501.298190][ T8886] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  501.298205][ T8886] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000011
[  501.298219][ T8886] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  501.298232][ T8886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.298244][ T8886] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  501.298279][ T8886]  </TASK>
[  501.487635][ T8887] netlink: 28 bytes leftover after parsing attributes in process `syz.4.738'.
[  501.495947][ T8890] FAULT_INJECTION: forcing a failure.
[  501.495947][ T8890] name failslab, interval 1, probability 0, space 0, times 0
[  501.495979][ T8890] CPU: 1 UID: 0 PID: 8890 Comm: syz.5.739 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  501.496000][ T8890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  501.496011][ T8890] Call Trace:
[  501.496018][ T8890]  <TASK>
[  501.496025][ T8890]  dump_stack_lvl+0x189/0x250
[  501.496056][ T8890]  ? __pfx____ratelimit+0x10/0x10
[  501.496079][ T8890]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.496105][ T8890]  ? __pfx__printk+0x10/0x10
[  501.496130][ T8890]  ? __pfx___might_resched+0x10/0x10
[  501.496154][ T8890]  should_fail_ex+0x46c/0x600
[  501.496181][ T8890]  ? getname_flags+0xb8/0x540
[  501.496205][ T8890]  should_failslab+0xa8/0x100
[  501.496229][ T8890]  ? getname_flags+0xb8/0x540
[  501.496256][ T8890]  kmem_cache_alloc_noprof+0x6e/0x310
[  501.496285][ T8890]  getname_flags+0xb8/0x540
[  501.496309][ T8890]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  501.496337][ T8890]  vfs_fstatat+0x43/0x170
[  501.496364][ T8890]  __x64_sys_newfstatat+0x116/0x190
[  501.496385][ T8890]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[  501.496422][ T8890]  ? __pfx_ksys_write+0x10/0x10
[  501.496442][ T8890]  ? rcu_is_watching+0x15/0xb0
[  501.496473][ T8890]  ? do_syscall_64+0xbe/0x3b0
[  501.496501][ T8890]  do_syscall_64+0xfa/0x3b0
[  501.496522][ T8890]  ? lockdep_hardirqs_on+0x9c/0x150
[  501.496544][ T8890]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.496561][ T8890]  ? clear_bhb_loop+0x60/0xb0
[  501.496583][ T8890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.496601][ T8890] RIP: 0033:0x7f756fe2ebe9
[  501.496619][ T8890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.496634][ T8890] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[  501.496654][ T8890] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  501.496667][ T8890] RDX: 0000200000001040 RSI: 0000200000001000 RDI: ffffffffffffff9c
[  501.496680][ T8890] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  501.496691][ T8890] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  501.496703][ T8890] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  501.496733][ T8890]  </TASK>
[  501.708625][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  501.708714][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  502.374990][ T5153] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  502.387417][ T5153] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  502.388976][ T5153] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  502.399397][ T5153] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  502.400495][ T5153] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  503.500524][ T8900] netlink: 'syz.5.741': attribute type 2 has an invalid length.
[  503.500548][ T8900] netlink: 24 bytes leftover after parsing attributes in process `syz.5.741'.
[  504.990008][ T5153] Bluetooth: hci3: command tx timeout
[  505.989505][ T8326] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  506.159599][ T8326] usb 6-1: Using ep0 maxpacket: 8
[  506.162436][ T8326] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  506.166008][ T8326] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  506.166038][ T8326] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  506.166059][ T8326] usb 6-1: Product: syz
[  506.166073][ T8326] usb 6-1: Manufacturer: syz
[  506.166088][ T8326] usb 6-1: SerialNumber: syz
[  506.570206][ T8326] usb 6-1: palm_os_3_probe - error -110 getting connection information
[  506.570329][ T8326] visor 6-1:1.0: probe with driver visor failed with error -110
[  507.059313][ T5153] Bluetooth: hci3: command tx timeout
[  507.731323][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  507.883571][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  508.620265][ T5925] usb 6-1: USB disconnect, device number 11
[  508.717132][ T8898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.742'.
[  508.717352][ T8898] netlink: 'syz.4.742': attribute type 5 has an invalid length.
[  508.972102][ T8893] lo speed is unknown, defaulting to 1000
[  509.149485][ T5153] Bluetooth: hci3: command tx timeout
[  509.281499][ T8919] FAULT_INJECTION: forcing a failure.
[  509.281499][ T8919] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  509.281538][ T8919] CPU: 1 UID: 0 PID: 8919 Comm: syz.4.747 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  509.281562][ T8919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  509.281575][ T8919] Call Trace:
[  509.281583][ T8919]  <TASK>
[  509.281593][ T8919]  dump_stack_lvl+0x189/0x250
[  509.281626][ T8919]  ? __pfx____ratelimit+0x10/0x10
[  509.281654][ T8919]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.281684][ T8919]  ? __pfx__printk+0x10/0x10
[  509.281711][ T8919]  ? __might_fault+0xb0/0x130
[  509.281765][ T8919]  should_fail_ex+0x46c/0x600
[  509.281798][ T8919]  _copy_from_user+0x2d/0xb0
[  509.281823][ T8919]  __sys_bpf+0x1ed/0x870
[  509.281851][ T8919]  ? __pfx___sys_bpf+0x10/0x10
[  509.281892][ T8919]  ? ksys_write+0x230/0x260
[  509.281921][ T8919]  ? __pfx_ksys_write+0x10/0x10
[  509.281943][ T8919]  ? rcu_is_watching+0x15/0xb0
[  509.281983][ T8919]  __x64_sys_bpf+0x7c/0x90
[  509.282005][ T8919]  do_syscall_64+0xfa/0x3b0
[  509.282033][ T8919]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.282059][ T8919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.282079][ T8919]  ? clear_bhb_loop+0x60/0xb0
[  509.282104][ T8919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.282124][ T8919] RIP: 0033:0x7f2d33d5ebe9
[  509.282144][ T8919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.282162][ T8919] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  509.282187][ T8919] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  509.282202][ T8919] RDX: 0000000000000033 RSI: 0000200000000000 RDI: 000000000000000a
[  509.282216][ T8919] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  509.282230][ T8919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  509.282242][ T8919] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  509.282277][ T8919]  </TASK>
[  510.384805][ T8925] netlink: 28 bytes leftover after parsing attributes in process `syz.4.749'.
[  510.706851][ T8928] netlink: 'syz.5.750': attribute type 2 has an invalid length.
[  510.706876][ T8928] netlink: 12 bytes leftover after parsing attributes in process `syz.5.750'.
[  510.742819][ T8534] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  510.948787][ T8534] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  511.226816][ T5153] Bluetooth: hci3: command tx timeout
[  511.308591][ T8940] FAULT_INJECTION: forcing a failure.
[  511.308591][ T8940] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  511.308650][ T8940] CPU: 0 UID: 0 PID: 8940 Comm: syz.4.752 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  511.308674][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  511.308686][ T8940] Call Trace:
[  511.308694][ T8940]  <TASK>
[  511.308703][ T8940]  dump_stack_lvl+0x189/0x250
[  511.308739][ T8940]  ? __pfx____ratelimit+0x10/0x10
[  511.308767][ T8940]  ? __pfx_dump_stack_lvl+0x10/0x10
[  511.308797][ T8940]  ? __pfx__printk+0x10/0x10
[  511.308821][ T8940]  ? __might_fault+0xb0/0x130
[  511.308865][ T8940]  should_fail_ex+0x46c/0x600
[  511.308899][ T8940]  _copy_from_user+0x2d/0xb0
[  511.308923][ T8940]  do_tcp_setsockopt+0x47d/0x1f10
[  511.308969][ T8940]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  511.308997][ T8940]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  511.309026][ T8940]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  511.309065][ T8940]  ? mutex_lock_nested+0x154/0x1d0
[  511.309083][ T8940]  ? sock_common_setsockopt+0x36/0xc0
[  511.309105][ T8940]  ? tcp_setsockopt+0x3d/0xe0
[  511.309133][ T8940]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  511.309157][ T8940]  smc_setsockopt+0x232/0xab0
[  511.309189][ T8940]  ? __pfx_smc_setsockopt+0x10/0x10
[  511.309213][ T8940]  ? __fget_files+0x2a/0x420
[  511.309238][ T8940]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  511.309257][ T8940]  ? __pfx_smc_setsockopt+0x10/0x10
[  511.309285][ T8940]  do_sock_setsockopt+0x179/0x1b0
[  511.309321][ T8940]  __x64_sys_setsockopt+0x145/0x1b0
[  511.309353][ T8940]  do_syscall_64+0xfa/0x3b0
[  511.309378][ T8940]  ? lockdep_hardirqs_on+0x9c/0x150
[  511.309404][ T8940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.309424][ T8940]  ? clear_bhb_loop+0x60/0xb0
[  511.309450][ T8940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.309470][ T8940] RIP: 0033:0x7f2d33d5ebe9
[  511.309489][ T8940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.309507][ T8940] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  511.309531][ T8940] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  511.309546][ T8940] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000003
[  511.309558][ T8940] RBP: 00007f2d31fc6090 R08: 0000000000000004 R09: 0000000000000000
[  511.309572][ T8940] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  511.309585][ T8940] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  511.309621][ T8940]  </TASK>
[  511.339271][ T5911] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  511.605265][ T5911] usb 6-1: Using ep0 maxpacket: 8
[  511.607806][ T5911] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  511.607837][ T5911] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  511.607862][ T5911] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  511.607886][ T5911] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  511.607941][ T5911] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  511.607965][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.888526][ T5911] usb 6-1: GET_CAPABILITIES returned 0
[  511.888586][ T5911] usbtmc 6-1:16.0: can't read capabilities
[  511.949535][ T8534] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  512.106291][    C0] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  512.139398][ T8935] netlink: 208 bytes leftover after parsing attributes in process `syz.5.751'.
[  512.204157][ T5911] usb 6-1: USB disconnect, device number 12
[  513.101204][ T8958] FAULT_INJECTION: forcing a failure.
[  513.101204][ T8958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  513.101276][ T8958] CPU: 0 UID: 0 PID: 8958 Comm: syz.5.757 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  513.101292][ T8958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  513.101299][ T8958] Call Trace:
[  513.101304][ T8958]  <TASK>
[  513.101310][ T8958]  dump_stack_lvl+0x189/0x250
[  513.101332][ T8958]  ? __pfx____ratelimit+0x10/0x10
[  513.101348][ T8958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.101363][ T8958]  ? __pfx__printk+0x10/0x10
[  513.101376][ T8958]  ? __might_fault+0xb0/0x130
[  513.101398][ T8958]  should_fail_ex+0x46c/0x600
[  513.101417][ T8958]  copy_fpstate_to_sigframe+0xa7d/0xce0
[  513.101439][ T8958]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  513.101456][ T8958]  ? do_raw_spin_lock+0x121/0x290
[  513.101475][ T8958]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  513.101491][ T8958]  ? fpu__alloc_mathframe+0xad/0x130
[  513.101506][ T8958]  get_sigframe+0x58d/0x7d0
[  513.101522][ T8958]  ? __pfx_get_sigframe+0x10/0x10
[  513.101535][ T8958]  ? rt_mutex_slowunlock+0x493/0x8a0
[  513.101549][ T8958]  ? rt_spin_lock+0x1bb/0x2c0
[  513.101563][ T8958]  x64_setup_rt_frame+0x15c/0xd40
[  513.101578][ T8958]  ? rt_spin_unlock+0x65/0x80
[  513.101599][ T8958]  ? get_signal+0x1122/0x1310
[  513.101619][ T8958]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  513.101638][ T8958]  arch_do_signal_or_restart+0x3dc/0x750
[  513.101655][ T8958]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  513.101678][ T8958]  ? exit_to_user_mode_loop+0x40/0x110
[  513.101695][ T8958]  exit_to_user_mode_loop+0x75/0x110
[  513.101710][ T8958]  do_syscall_64+0x2bd/0x3b0
[  513.101726][ T8958]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.101737][ T8958]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  513.101748][ T8958]  ? clear_bhb_loop+0x60/0xb0
[  513.101761][ T8958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.101772][ T8958] RIP: 0033:0x7f756fe2d69f
[  513.101783][ T8958] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  513.101793][ T8958] RSP: 002b:00007f756e06d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  513.101807][ T8958] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00007f756fe2d69f
[  513.101814][ T8958] RDX: 0000000000000001 RSI: 00007f756e06d090 RDI: 0000000000000003
[  513.101821][ T8958] RBP: 00007f756e06d090 R08: 0000000000000000 R09: 00007f756e06cdf7
[  513.101828][ T8958] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  513.101835][ T8958] R13: 00007f7570066128 R14: 00007f7570066090 R15: 00007fffd60b61b8
[  513.101853][ T8958]  </TASK>
[  513.188218][ T8631] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  513.731696][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  513.774856][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  513.823724][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  513.842806][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  513.844636][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  513.859523][ T8631] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  514.029020][ T8631] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  514.179569][ T8631] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  514.563396][ T8893] chnl_net:caif_netlink_parms(): no params data found
[  515.048184][ T8963] lo speed is unknown, defaulting to 1000
[  515.384395][ T8983] netlink: 28 bytes leftover after parsing attributes in process `syz.4.759'.
[  515.816531][ T8893] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.816750][ T8893] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.817019][ T8893] bridge_slave_0: entered allmulticast mode
[  515.843507][ T8893] bridge_slave_0: entered promiscuous mode
[  515.927703][ T8893] bridge0: port 2(bridge_slave_1) entered blocking state
[  515.927868][ T8893] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.928132][ T8893] bridge_slave_1: entered allmulticast mode
[  515.952516][ T8893] bridge_slave_1: entered promiscuous mode
[  516.024596][ T5153] Bluetooth: hci1: command tx timeout
[  516.800257][ T8893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  516.886024][ T8893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.099335][ T5153] Bluetooth: hci1: command tx timeout
[  519.087776][ T9035] netlink: 28 bytes leftover after parsing attributes in process `syz.4.767'.
[  519.162561][ T8893] team0: Port device team_slave_0 added
[  519.173508][ T8893] team0: Port device team_slave_1 added
[  519.746213][ T8893] batman_adv: batadv0: Adding interface: batadv_slave_0
[  519.746232][ T8893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.746261][ T8893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  519.774580][ T8893] batman_adv: batadv0: Adding interface: batadv_slave_1
[  519.774599][ T8893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.774624][ T8893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  519.819507][ T8326] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  519.989385][ T8326] usb 6-1: Using ep0 maxpacket: 8
[  519.992720][ T8326] usb 6-1: unable to get BOS descriptor or descriptor too short
[  519.994678][ T8326] usb 6-1: config 4 has an invalid interface number: 30 but max is 0
[  519.994706][ T8326] usb 6-1: config 4 has no interface number 0
[  519.994772][ T8326] usb 6-1: config 4 interface 30 has no altsetting 0
[  520.020916][ T8326] usb 6-1: string descriptor 0 read error: -22
[  520.021094][ T8326] usb 6-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[  520.021117][ T8326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.042820][ T8326] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[  520.042869][ T8326] dw2102: su3000_power_ctrl: 1, initialized 0
[  520.043435][ T8326] dvb-usb: bulk message failed: -22 (2/0)
[  520.192931][ T8326] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  520.193142][ T5153] Bluetooth: hci1: command tx timeout
[  520.198476][ T8326] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[  520.198588][ T8326] usb 6-1: media controller created
[  520.203062][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203082][ T8326] dw2102: i2c transfer failed.
[  520.203106][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203119][ T8326] dw2102: i2c transfer failed.
[  520.203135][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203148][ T8326] dw2102: i2c transfer failed.
[  520.203163][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203176][ T8326] dw2102: i2c transfer failed.
[  520.203192][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203204][ T8326] dw2102: i2c transfer failed.
[  520.203220][ T8326] dvb-usb: bulk message failed: -22 (6/0)
[  520.203232][ T8326] dw2102: i2c transfer failed.
[  520.203242][ T8326] dvb-usb: MAC address: 02:02:02:02:02:02
[  520.267414][ T9040] dvb-usb: bulk message failed: -22 (3/0)
[  520.267435][ T9040] dw2102: i2c transfer failed.
[  520.267445][ T9040] dvb-usb: bulk message failed: -22 (3/0)
[  520.267460][ T9040] dw2102: i2c transfer failed.
[  520.267470][ T9040] dvb-usb: bulk message failed: -22 (3/0)
[  520.267485][ T9040] dw2102: i2c transfer failed.
[  520.412704][ T8326] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  520.548763][ T8326] dvb-usb: bulk message failed: -22 (3/0)
[  520.548785][ T8326] dw2102: command 0x0e transfer failed.
[  520.548796][ T8326] dvb-usb: bulk message failed: -22 (3/0)
[  520.548811][ T8326] dw2102: command 0x0e transfer failed.
[  520.853792][ T8326] dvb-usb: bulk message failed: -22 (3/0)
[  520.853826][ T8326] dw2102: command 0x0e transfer failed.
[  520.853837][ T8326] dvb-usb: bulk message failed: -22 (3/0)
[  520.853851][ T8326] dw2102: command 0x0e transfer failed.
[  520.853860][ T8326] dvb-usb: bulk message failed: -22 (1/0)
[  520.853874][ T8326] dw2102: command 0x51 transfer failed.
[  520.853884][ T8326] dvb-usb: bulk message failed: -22 (5/0)
[  520.853899][ T8326] dw2102: i2c probe for address 0x68 failed.
[  520.853912][ T8326] dvb-usb: bulk message failed: -22 (5/0)
[  520.853926][ T8326] dw2102: i2c probe for address 0x69 failed.
[  520.853937][ T8326] dvb-usb: bulk message failed: -22 (5/0)
[  520.853952][ T8326] dw2102: i2c probe for address 0x6a failed.
[  520.853963][ T8326] dw2102: probing for demodulator failed. Is the external power switched on?
[  520.853973][ T8326] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[  520.908421][ T8893] hsr_slave_0: entered promiscuous mode
[  520.920125][ T8893] hsr_slave_1: entered promiscuous mode
[  520.957587][ T8963] chnl_net:caif_netlink_parms(): no params data found
[  521.121530][ T8326] rc_core: IR keymap rc-tt-1500 not found
[  521.121561][ T8326] Registered IR keymap rc-empty
[  521.127142][ T8326] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[  521.147200][ T8326] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input9
[  521.190177][ T8326] dvb-usb: schedule remote query interval to 250 msecs.
[  521.190202][ T8326] dw2102: su3000_power_ctrl: 0, initialized 1
[  521.190214][ T8326] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[  521.236197][ T8326] usb 6-1: USB disconnect, device number 13
[  521.324134][ T9062] FAULT_INJECTION: forcing a failure.
[  521.324134][ T9062] name failslab, interval 1, probability 0, space 0, times 0
[  521.324173][ T9062] CPU: 0 UID: 0 PID: 9062 Comm: syz.4.775 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  521.324196][ T9062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  521.324208][ T9062] Call Trace:
[  521.324217][ T9062]  <TASK>
[  521.324224][ T9062]  dump_stack_lvl+0x189/0x250
[  521.324258][ T9062]  ? __pfx____ratelimit+0x10/0x10
[  521.324285][ T9062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  521.324315][ T9062]  ? __pfx__printk+0x10/0x10
[  521.324346][ T9062]  ? __pfx___might_resched+0x10/0x10
[  521.324369][ T9062]  ? fs_reclaim_acquire+0x7d/0x100
[  521.324393][ T9062]  should_fail_ex+0x46c/0x600
[  521.324426][ T9062]  should_failslab+0xa8/0x100
[  521.324456][ T9062]  __kmalloc_noprof+0xcb/0x430
[  521.324482][ T9062]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  521.324517][ T9062]  tomoyo_realpath_from_path+0xe3/0x5d0
[  521.324546][ T9062]  ? tomoyo_domain+0xda/0x130
[  521.324579][ T9062]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  521.324604][ T9062]  tomoyo_path_number_perm+0x1e8/0x5a0
[  521.324631][ T9062]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  521.324659][ T9062]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  521.324687][ T9062]  ? lockdep_hardirqs_on+0x9c/0x150
[  521.324722][ T9062]  ? __lock_acquire+0xab9/0xd20
[  521.324780][ T9062]  ? __fget_files+0x2a/0x420
[  521.324812][ T9062]  ? __fget_files+0x2a/0x420
[  521.324839][ T9062]  ? __fget_files+0x3a6/0x420
[  521.324862][ T9062]  ? __fget_files+0x2a/0x420
[  521.324895][ T9062]  security_file_ioctl+0xcb/0x2d0
[  521.324924][ T9062]  __se_sys_ioctl+0x47/0x170
[  521.324951][ T9062]  do_syscall_64+0xfa/0x3b0
[  521.324978][ T9062]  ? lockdep_hardirqs_on+0x9c/0x150
[  521.325003][ T9062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.325022][ T9062]  ? clear_bhb_loop+0x60/0xb0
[  521.325047][ T9062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.325067][ T9062] RIP: 0033:0x7f2d33d5ebe9
[  521.325086][ T9062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.325104][ T9062] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  521.325126][ T9062] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  521.325141][ T9062] RDX: 0000200000000300 RSI: 00000000c0405602 RDI: 0000000000000003
[  521.325155][ T9062] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  521.325168][ T9062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  521.325180][ T9062] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  521.325214][ T9062]  </TASK>
[  521.325222][ T9062] ERROR: Out of memory at tomoyo_realpath_from_path.
[  522.259297][ T5153] Bluetooth: hci1: command tx timeout
[  522.306848][ T8326] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[  522.659339][ T5911] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[  522.812576][ T5911] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  522.812610][ T5911] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  522.812631][ T5911] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  522.812671][ T5911] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  522.812714][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  522.812738][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  522.869685][ T5911] usb 5-1: string descriptor 0 read error: -22
[  522.869896][ T5911] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  522.869921][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.924847][ T5911] usb 5-1: config 0 descriptor??
[  522.943691][ T5911] hub 5-1:0.0: bad descriptor, ignoring hub
[  522.943737][ T5911] hub 5-1:0.0: probe with driver hub failed with error -5
[  525.292747][   T37] audit: type=1804 audit(1757057962.419:35): pid=9068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.777" name="/newroot/251/file0" dev="tmpfs" ino=1366 res=1 errno=0
[  527.933108][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  527.965795][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  528.061087][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  528.069913][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  528.092319][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  528.124338][    T9] usb 5-1: USB disconnect, device number 36
[  528.756216][ T8963] bridge0: port 1(bridge_slave_0) entered blocking state
[  528.756465][ T8963] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.756735][ T8963] bridge_slave_0: entered allmulticast mode
[  528.762418][ T8963] bridge_slave_0: entered promiscuous mode
[  528.856996][ T8963] bridge0: port 2(bridge_slave_1) entered blocking state
[  528.857162][ T8963] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.857382][ T8963] bridge_slave_1: entered allmulticast mode
[  528.861615][   T44] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  528.901672][ T8963] bridge_slave_1: entered promiscuous mode
[  529.669309][   T44] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  529.669368][   T44] usb 5-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00
[  529.669393][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.761319][   T44] usb 5-1: config 0 descriptor??
[  530.189580][ T5153] Bluetooth: hci4: command tx timeout
[  532.326206][ T5153] Bluetooth: hci4: command tx timeout
[  533.401785][ T8963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  533.786055][   T44] usbhid 5-1:0.0: can't add hid device: -71
[  533.786200][   T44] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  533.810350][   T44] usb 5-1: USB disconnect, device number 37
[  533.834448][ T8963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  533.844513][ T9076] lo speed is unknown, defaulting to 1000
[  534.646426][ T5153] Bluetooth: hci4: command tx timeout
[  535.320762][   T44] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  535.449373][   T44] usb 5-1: device descriptor read/64, error -71
[  535.689499][   T44] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  535.717685][ T8963] team0: Port device team_slave_0 added
[  535.819355][   T44] usb 5-1: device descriptor read/64, error -71
[  535.868494][ T8963] team0: Port device team_slave_1 added
[  535.948700][   T44] usb usb5-port1: attempt power cycle
[  536.309390][   T44] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  536.359379][   T44] usb 5-1: device descriptor read/8, error -71
[  536.746418][   T44] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  536.763287][   T44] usb 5-1: device descriptor read/8, error -71
[  536.808454][ T5153] Bluetooth: hci4: command tx timeout
[  537.504921][   T44] usb usb5-port1: unable to enumerate USB device
[  538.004004][ T8963] batman_adv: batadv0: Adding interface: batadv_slave_0
[  538.004023][ T8963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.004053][ T8963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  538.353275][   T37] audit: type=1326 audit(1757057975.479:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9140 comm="syz.5.790" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f756fe2ebe9 code=0x0
[  538.386831][ T8963] batman_adv: batadv0: Adding interface: batadv_slave_1
[  538.386850][ T8963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.386880][ T8963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.817077][ T8963] hsr_slave_0: entered promiscuous mode
[  538.818972][ T8963] hsr_slave_1: entered promiscuous mode
[  538.833095][ T8963] debugfs: 'hsr0' already exists in 'hsr'
[  538.834813][ T8963] Cannot create hsr debugfs directory
[  539.162067][ T9151] FAULT_INJECTION: forcing a failure.
[  539.162067][ T9151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.162106][ T9151] CPU: 0 UID: 0 PID: 9151 Comm: syz.4.792 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  539.162129][ T9151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  539.162141][ T9151] Call Trace:
[  539.162150][ T9151]  <TASK>
[  539.162159][ T9151]  dump_stack_lvl+0x189/0x250
[  539.162203][ T9151]  ? __pfx____ratelimit+0x10/0x10
[  539.162230][ T9151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  539.162257][ T9151]  ? __pfx__printk+0x10/0x10
[  539.162293][ T9151]  should_fail_ex+0x46c/0x600
[  539.162326][ T9151]  strncpy_from_user+0x36/0x290
[  539.162365][ T9151]  path_getxattrat+0x122/0x400
[  539.162400][ T9151]  ? __pfx_path_getxattrat+0x10/0x10
[  539.162447][ T9151]  ? __pfx_ksys_write+0x10/0x10
[  539.162469][ T9151]  ? rcu_is_watching+0x15/0xb0
[  539.162499][ T9151]  ? do_syscall_64+0xbe/0x3b0
[  539.162525][ T9151]  do_syscall_64+0xfa/0x3b0
[  539.162549][ T9151]  ? lockdep_hardirqs_on+0x9c/0x150
[  539.162573][ T9151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.162591][ T9151]  ? clear_bhb_loop+0x60/0xb0
[  539.162613][ T9151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.162632][ T9151] RIP: 0033:0x7f2d33d5ebe9
[  539.162651][ T9151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.162667][ T9151] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c1
[  539.162690][ T9151] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  539.162705][ T9151] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  539.162718][ T9151] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  539.162731][ T9151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.162743][ T9151] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  539.162777][ T9151]  </TASK>
[  539.719317][ T1231] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  539.875833][ T1231] usb 6-1: too many configurations: 104, using maximum allowed: 8
[  539.882070][ T1231] usb 6-1: unable to read config index 0 descriptor/start: -61
[  539.882108][ T1231] usb 6-1: can't read configurations, error -61
[  540.009634][ T1231] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[  540.089805][ T9076] chnl_net:caif_netlink_parms(): no params data found
[  540.115058][ T1495] bridge_slave_1: left allmulticast mode
[  540.115095][ T1495] bridge_slave_1: left promiscuous mode
[  540.115423][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.180415][ T1231] usb 6-1: too many configurations: 104, using maximum allowed: 8
[  540.182911][ T1231] usb 6-1: unable to read config index 0 descriptor/start: -61
[  540.182951][ T1231] usb 6-1: can't read configurations, error -61
[  540.183414][ T1231] usb usb6-port1: attempt power cycle
[  540.231704][ T1495] bridge_slave_0: left allmulticast mode
[  540.231742][ T1495] bridge_slave_0: left promiscuous mode
[  540.235260][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.326762][ T1495] bridge_slave_1: left allmulticast mode
[  540.326800][ T1495] bridge_slave_1: left promiscuous mode
[  540.327095][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.411240][ T1495] bridge_slave_0: left allmulticast mode
[  540.411278][ T1495] bridge_slave_0: left promiscuous mode
[  540.412423][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.519474][ T1231] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  540.541315][ T1231] usb 6-1: too many configurations: 104, using maximum allowed: 8
[  540.543984][ T1231] usb 6-1: unable to read config index 0 descriptor/start: -61
[  540.544022][ T1231] usb 6-1: can't read configurations, error -61
[  540.669601][ T1231] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  540.704853][ T1231] usb 6-1: too many configurations: 104, using maximum allowed: 8
[  540.708963][ T1231] usb 6-1: unable to read config index 0 descriptor/start: -61
[  540.709002][ T1231] usb 6-1: can't read configurations, error -61
[  540.716426][ T1231] usb usb6-port1: unable to enumerate USB device
[  541.102086][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  541.241916][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  541.345647][ T1495] bond0 (unregistering): Released all slaves
[  541.981668][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  542.080616][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  542.145263][ T1495] bond0 (unregistering): Released all slaves
[  544.757849][ T1495] hsr_slave_0: left promiscuous mode
[  544.827182][ T1495] hsr_slave_1: left promiscuous mode
[  544.828277][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  544.881190][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  545.069464][ T1495] hsr_slave_0: left promiscuous mode
[  545.070918][ T9195] netlink: 24 bytes leftover after parsing attributes in process `syz.5.802'.
[  545.120258][ T1495] hsr_slave_1: left promiscuous mode
[  545.120916][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  545.185642][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  546.610366][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  546.759915][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  546.799585][ T1231] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  546.961818][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.961855][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  546.961878][ T1231] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  546.961925][ T1231] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  546.961949][ T1231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.990959][ T1231] usb 5-1: config 0 descriptor??
[  547.470524][ T1231] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  548.861511][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  549.016211][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  549.488199][ T5911] usb 5-1: USB disconnect, device number 42
[  551.863459][ T9217] FAULT_INJECTION: forcing a failure.
[  551.863459][ T9217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.863505][ T9217] CPU: 1 UID: 0 PID: 9217 Comm: syz.4.809 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  551.863530][ T9217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  551.863541][ T9217] Call Trace:
[  551.863550][ T9217]  <TASK>
[  551.863559][ T9217]  dump_stack_lvl+0x189/0x250
[  551.863594][ T9217]  ? __pfx____ratelimit+0x10/0x10
[  551.863622][ T9217]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.863652][ T9217]  ? __pfx__printk+0x10/0x10
[  551.863675][ T9217]  ? __might_fault+0xb0/0x130
[  551.863718][ T9217]  should_fail_ex+0x46c/0x600
[  551.863752][ T9217]  _copy_from_user+0x2d/0xb0
[  551.863777][ T9217]  __sys_connect+0x124/0x450
[  551.863807][ T9217]  ? __pfx___sys_connect+0x10/0x10
[  551.863848][ T9217]  ? __pfx_ksys_write+0x10/0x10
[  551.863872][ T9217]  ? rcu_is_watching+0x15/0xb0
[  551.863912][ T9217]  __x64_sys_connect+0x7a/0x90
[  551.863940][ T9217]  do_syscall_64+0xfa/0x3b0
[  551.863967][ T9217]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.863994][ T9217]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.864014][ T9217]  ? clear_bhb_loop+0x60/0xb0
[  551.864040][ T9217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.864060][ T9217] RIP: 0033:0x7f2d33d5ebe9
[  551.864078][ T9217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.864095][ T9217] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  551.864119][ T9217] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  551.864134][ T9217] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003
[  551.864148][ T9217] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  551.864161][ T9217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.864174][ T9217] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  551.864207][ T9217]  </TASK>
[  553.194468][ T9076] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.194721][ T9076] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.194996][ T9076] bridge_slave_0: entered allmulticast mode
[  553.198952][ T9076] bridge_slave_0: entered promiscuous mode
[  553.208461][ T9226] sit0: left promiscuous mode
[  553.228473][ T9076] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.228716][ T9076] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.228916][ T9076] bridge_slave_1: entered allmulticast mode
[  553.242795][ T9076] bridge_slave_1: entered promiscuous mode
[  555.147179][ T9076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  555.154941][ T9076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  555.661771][ T9237] FAULT_INJECTION: forcing a failure.
[  555.661771][ T9237] name failslab, interval 1, probability 0, space 0, times 0
[  555.661808][ T9237] CPU: 0 UID: 0 PID: 9237 Comm: syz.4.815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  555.661829][ T9237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  555.661840][ T9237] Call Trace:
[  555.661848][ T9237]  <TASK>
[  555.661857][ T9237]  dump_stack_lvl+0x189/0x250
[  555.661891][ T9237]  ? __pfx____ratelimit+0x10/0x10
[  555.661919][ T9237]  ? __pfx_dump_stack_lvl+0x10/0x10
[  555.661948][ T9237]  ? __pfx__printk+0x10/0x10
[  555.661977][ T9237]  ? __pfx___might_resched+0x10/0x10
[  555.661997][ T9237]  ? fs_reclaim_acquire+0x7d/0x100
[  555.662021][ T9237]  should_fail_ex+0x46c/0x600
[  555.662054][ T9237]  should_failslab+0xa8/0x100
[  555.662083][ T9237]  __kvmalloc_node_noprof+0x15a/0x550
[  555.662109][ T9237]  ? traverse+0xd9/0x570
[  555.662138][ T9237]  traverse+0xd9/0x570
[  555.662167][ T9237]  ? seq_read_iter+0xb8/0xe10
[  555.662194][ T9237]  seq_read_iter+0xcff/0xe10
[  555.662229][ T9237]  ? __asan_memset+0x22/0x50
[  555.662259][ T9237]  seq_read+0x36c/0x480
[  555.662279][ T9237]  ? __lock_acquire+0xab9/0xd20
[  555.662314][ T9237]  ? __pfx_seq_read+0x10/0x10
[  555.662341][ T9237]  ? __import_iovec+0x5d4/0x7f0
[  555.662369][ T9237]  ? __pfx_seq_read+0x10/0x10
[  555.662388][ T9237]  proc_reg_read+0x1f6/0x2f0
[  555.662426][ T9237]  vfs_readv+0x5b0/0x850
[  555.662457][ T9237]  ? __pfx_proc_reg_read+0x10/0x10
[  555.662485][ T9237]  ? __pfx_vfs_readv+0x10/0x10
[  555.662532][ T9237]  ? __fget_files+0x2a/0x420
[  555.662566][ T9237]  ? __fget_files+0x3a6/0x420
[  555.662591][ T9237]  ? __fget_files+0x2a/0x420
[  555.662630][ T9237]  __x64_sys_preadv+0x19a/0x2a0
[  555.662661][ T9237]  ? __pfx___x64_sys_preadv+0x10/0x10
[  555.662685][ T9237]  ? rcu_is_watching+0x15/0xb0
[  555.662723][ T9237]  ? do_syscall_64+0xbe/0x3b0
[  555.662756][ T9237]  do_syscall_64+0xfa/0x3b0
[  555.662782][ T9237]  ? lockdep_hardirqs_on+0x9c/0x150
[  555.662808][ T9237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.662829][ T9237]  ? clear_bhb_loop+0x60/0xb0
[  555.662853][ T9237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.662873][ T9237] RIP: 0033:0x7f2d33d5ebe9
[  555.662891][ T9237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.662909][ T9237] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  555.662931][ T9237] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  555.662946][ T9237] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000003
[  555.662960][ T9237] RBP: 00007f2d31fc6090 R08: 0000000000000001 R09: 0000000000000000
[  555.662972][ T9237] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001
[  555.662985][ T9237] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  555.663021][ T9237]  </TASK>
[  555.664181][ T9076] team0: Port device team_slave_0 added
[  556.978309][ T9076] team0: Port device team_slave_1 added
[  557.220531][ T9247] FAULT_INJECTION: forcing a failure.
[  557.220531][ T9247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  557.220569][ T9247] CPU: 0 UID: 0 PID: 9247 Comm: syz.4.817 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  557.220593][ T9247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  557.220605][ T9247] Call Trace:
[  557.220613][ T9247]  <TASK>
[  557.220622][ T9247]  dump_stack_lvl+0x189/0x250
[  557.220657][ T9247]  ? __pfx____ratelimit+0x10/0x10
[  557.220686][ T9247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.220716][ T9247]  ? __pfx__printk+0x10/0x10
[  557.220739][ T9247]  ? __might_fault+0xb0/0x130
[  557.220783][ T9247]  should_fail_ex+0x46c/0x600
[  557.220817][ T9247]  _copy_from_user+0x2d/0xb0
[  557.220841][ T9247]  ___sys_sendmsg+0x158/0x2a0
[  557.220876][ T9247]  ? __pfx____sys_sendmsg+0x10/0x10
[  557.220951][ T9247]  ? __fget_files+0x2a/0x420
[  557.220979][ T9247]  ? __fget_files+0x3a6/0x420
[  557.221020][ T9247]  __sys_sendmmsg+0x22d/0x430
[  557.221057][ T9247]  ? __pfx___sys_sendmmsg+0x10/0x10
[  557.221099][ T9247]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  557.221139][ T9247]  ? ksys_write+0x230/0x260
[  557.221176][ T9247]  ? __pfx_ksys_write+0x10/0x10
[  557.221198][ T9247]  ? rcu_is_watching+0x15/0xb0
[  557.221238][ T9247]  __x64_sys_sendmmsg+0xa0/0xc0
[  557.221271][ T9247]  do_syscall_64+0xfa/0x3b0
[  557.221297][ T9247]  ? lockdep_hardirqs_on+0x9c/0x150
[  557.221324][ T9247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.221345][ T9247]  ? clear_bhb_loop+0x60/0xb0
[  557.221371][ T9247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.221390][ T9247] RIP: 0033:0x7f2d33d5ebe9
[  557.221408][ T9247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  557.221425][ T9247] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  557.221447][ T9247] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  557.221462][ T9247] RDX: 0000000000000001 RSI: 0000200000007a80 RDI: 0000000000000005
[  557.221475][ T9247] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  557.221488][ T9247] R10: 0000000000000844 R11: 0000000000000246 R12: 0000000000000001
[  557.221500][ T9247] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  557.221535][ T9247]  </TASK>
[  558.782357][ T9259] FAULT_INJECTION: forcing a failure.
[  558.782357][ T9259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  558.782404][ T9259] CPU: 1 UID: 0 PID: 9259 Comm: syz.4.820 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  558.782427][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  558.782438][ T9259] Call Trace:
[  558.782444][ T9259]  <TASK>
[  558.782453][ T9259]  dump_stack_lvl+0x189/0x250
[  558.782488][ T9259]  ? __pfx____ratelimit+0x10/0x10
[  558.782515][ T9259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  558.782543][ T9259]  ? __pfx__printk+0x10/0x10
[  558.782566][ T9259]  ? __might_fault+0xb0/0x130
[  558.782609][ T9259]  should_fail_ex+0x46c/0x600
[  558.782641][ T9259]  _copy_from_user+0x2d/0xb0
[  558.782663][ T9259]  __sys_sendto+0x262/0x520
[  558.782693][ T9259]  ? __pfx___sys_sendto+0x10/0x10
[  558.782751][ T9259]  ? ksys_write+0x230/0x260
[  558.782778][ T9259]  ? __pfx_ksys_write+0x10/0x10
[  558.782799][ T9259]  ? rcu_is_watching+0x15/0xb0
[  558.782836][ T9259]  __x64_sys_sendto+0xde/0x100
[  558.782868][ T9259]  do_syscall_64+0xfa/0x3b0
[  558.782894][ T9259]  ? lockdep_hardirqs_on+0x9c/0x150
[  558.782921][ T9259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.782940][ T9259]  ? clear_bhb_loop+0x60/0xb0
[  558.782966][ T9259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  558.782985][ T9259] RIP: 0033:0x7f2d33d5ebe9
[  558.783004][ T9259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  558.783022][ T9259] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  558.783045][ T9259] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  558.783060][ T9259] RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 0000000000000003
[  558.783074][ T9259] RBP: 00007f2d31fc6090 R08: 0000200000000000 R09: 0000000000000014
[  558.783088][ T9259] R10: 000000000404c010 R11: 0000000000000246 R12: 0000000000000001
[  558.783101][ T9259] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  558.783134][ T9259]  </TASK>
[  559.450096][ T9076] batman_adv: batadv0: Adding interface: batadv_slave_0
[  559.450116][ T9076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.450148][ T9076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  559.453856][ T9076] batman_adv: batadv0: Adding interface: batadv_slave_1
[  559.453872][ T9076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  559.453899][ T9076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  559.649886][ T9263] cgroup: No subsys list or none specified
[  561.267713][ T9076] hsr_slave_0: entered promiscuous mode
[  561.290464][ T9076] hsr_slave_1: entered promiscuous mode
[  561.291501][ T9076] debugfs: 'hsr0' already exists in 'hsr'
[  561.291528][ T9076] Cannot create hsr debugfs directory
[  563.382900][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  563.382985][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  563.502549][ T8326] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  564.273635][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  564.287080][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  564.299210][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  564.323007][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  564.324455][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  564.529221][ T8326] usb 6-1: Using ep0 maxpacket: 8
[  564.536509][ T8326] usb 6-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[  564.536540][ T8326] usb 6-1: config 0 has an invalid interface number: 150 but max is 64
[  564.536561][ T8326] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  564.536580][ T8326] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 65
[  564.536610][ T8326] usb 6-1: config 0 has no interface number 0
[  564.537783][ T8326] usb 6-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  564.537815][ T8326] usb 6-1: config 0 interface 150 has no altsetting 0
[  564.537853][ T8326] usb 6-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  564.537876][ T8326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.596199][ T8326] usb 6-1: config 0 descriptor??
[  565.067259][ T9287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  565.067898][ T9287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  565.958011][ T9289] lo speed is unknown, defaulting to 1000
[  566.251317][ T8326] usb 6-1: USB disconnect, device number 18
[  566.421838][ T5849] Bluetooth: hci0: command tx timeout
[  567.764753][ T9303] FAULT_INJECTION: forcing a failure.
[  567.764753][ T9303] name failslab, interval 1, probability 0, space 0, times 0
[  567.764791][ T9303] CPU: 1 UID: 0 PID: 9303 Comm: syz.5.832 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  567.764815][ T9303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.764827][ T9303] Call Trace:
[  567.764836][ T9303]  <TASK>
[  567.764845][ T9303]  dump_stack_lvl+0x189/0x250
[  567.764881][ T9303]  ? __pfx____ratelimit+0x10/0x10
[  567.764908][ T9303]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.764936][ T9303]  ? __pfx__printk+0x10/0x10
[  567.764964][ T9303]  ? __pfx___might_resched+0x10/0x10
[  567.764986][ T9303]  ? fs_reclaim_acquire+0x7d/0x100
[  567.765011][ T9303]  should_fail_ex+0x46c/0x600
[  567.765042][ T9303]  ? vm_area_dup+0x2b/0x670
[  567.765062][ T9303]  should_failslab+0xa8/0x100
[  567.765091][ T9303]  ? vm_area_dup+0x2b/0x670
[  567.765109][ T9303]  kmem_cache_alloc_noprof+0x6e/0x310
[  567.765153][ T9303]  vm_area_dup+0x2b/0x670
[  567.765181][ T9303]  __split_vma+0x1ad/0x9e0
[  567.765206][ T9303]  ? mas_next_slot+0xc23/0xd00
[  567.765237][ T9303]  ? __pfx___split_vma+0x10/0x10
[  567.765274][ T9303]  ? mas_find+0xb0e/0xd30
[  567.765296][ T9303]  ? userfaultfd_unmap_prep+0x99/0x3e0
[  567.765328][ T9303]  vms_gather_munmap_vmas+0x4ce/0x12f0
[  567.765375][ T9303]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  567.765409][ T9303]  ? mas_find+0xa7d/0xd30
[  567.765442][ T9303]  mmap_region+0x729/0x20a0
[  567.765489][ T9303]  ? __pfx_mmap_region+0x10/0x10
[  567.765524][ T9303]  ? is_bpf_text_address+0x26/0x2b0
[  567.765622][ T9303]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  567.765656][ T9303]  ? do_raw_spin_lock+0x121/0x290
[  567.765685][ T9303]  ? cap_mmap_addr+0xb0/0x100
[  567.765712][ T9303]  ? bpf_lsm_mmap_addr+0x9/0x20
[  567.765734][ T9303]  ? security_mmap_addr+0x71/0x270
[  567.765771][ T9303]  do_mmap+0xc23/0x10c0
[  567.765811][ T9303]  ? __pfx_do_mmap+0x10/0x10
[  567.765835][ T9303]  ? rwbase_write_lock+0x56f/0x750
[  567.765864][ T9303]  ? __pfx_vfs_write+0x10/0x10
[  567.765903][ T9303]  vm_mmap_pgoff+0x2a9/0x4d0
[  567.765941][ T9303]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  567.765965][ T9303]  ? ksys_write+0x230/0x260
[  567.765993][ T9303]  ? __pfx_ksys_write+0x10/0x10
[  567.766013][ T9303]  ? rcu_is_watching+0x15/0xb0
[  567.766048][ T9303]  ? __x64_sys_mmap+0x7f/0x140
[  567.766078][ T9303]  do_syscall_64+0xfa/0x3b0
[  567.766104][ T9303]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.766138][ T9303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.766157][ T9303]  ? clear_bhb_loop+0x60/0xb0
[  567.766183][ T9303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.766202][ T9303] RIP: 0033:0x7f756fe2ebe9
[  567.766222][ T9303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.766239][ T9303] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  567.766262][ T9303] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  567.766278][ T9303] RDX: 0000000000000002 RSI: 0000000000fbe000 RDI: 0000200000000000
[  567.766292][ T9303] RBP: 00007f756e08e090 R08: ffffffffffffffff R09: 0000000000000000
[  567.766306][ T9303] R10: 0000000000000031 R11: 0000000000000246 R12: 0000000000000001
[  567.766318][ T9303] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  567.766353][ T9303]  </TASK>
[  569.206056][ T5849] Bluetooth: hci0: command tx timeout
[  570.602277][ T8963] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  570.669461][ T8326] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  570.702631][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.5.836'.
[  570.730032][ T8963] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  570.826339][ T8326] usb 5-1: Using ep0 maxpacket: 16
[  570.837600][ T8326] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  570.837629][ T8326] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  570.870869][ T8326] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  570.870900][ T8326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.870921][ T8326] usb 5-1: Product: syz
[  570.870935][ T8326] usb 5-1: Manufacturer: syz
[  570.870949][ T8326] usb 5-1: SerialNumber: syz
[  571.112370][ T8963] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  571.229344][ T5153] Bluetooth: hci0: command tx timeout
[  571.294260][ T8326] usb 5-1: 0:2 : does not exist
[  571.296800][ T8963] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  571.523200][ T8326] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  571.649995][ T8326] usb 5-1: USB disconnect, device number 43
[  571.821775][ T8476] udevd[8476]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  571.826082][ T1495] bridge_slave_1: left allmulticast mode
[  571.826120][ T1495] bridge_slave_1: left promiscuous mode
[  571.826531][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.932952][ T1495] bridge_slave_0: left allmulticast mode
[  571.932988][ T1495] bridge_slave_0: left promiscuous mode
[  571.933347][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  573.307905][ T5153] Bluetooth: hci0: command tx timeout
[  573.693419][ T9338] netlink: 132 bytes leftover after parsing attributes in process `syz.4.840'.
[  573.909614][ T9342] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  574.189370][   T31] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  574.275009][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  574.324764][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  574.328759][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  574.355101][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  574.356555][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  574.388681][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  574.388714][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  574.388734][   T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  574.388774][   T31] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  574.388795][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.474576][   T31] usb 6-1: config 0 descriptor??
[  574.963138][   T31] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  575.164663][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  575.282724][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  575.347788][ T1495] bond0 (unregistering): Released all slaves
[  575.675140][ T9289] chnl_net:caif_netlink_parms(): no params data found
[  575.846364][ T9342] netlink: 'syz.5.841': attribute type 4 has an invalid length.
[  576.359447][   T31] usb 6-1: reset high-speed USB device number 19 using dummy_hcd
[  576.362417][ T1495] hsr_slave_0: left promiscuous mode
[  576.401244][ T1495] hsr_slave_1: left promiscuous mode
[  576.403419][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  576.419367][ T5153] Bluetooth: hci3: command tx timeout
[  576.454261][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  577.169372][   T44] usb 6-1: USB disconnect, device number 19
[  577.599317][   T44] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  577.617847][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  577.749589][   T44] usb 6-1: Using ep0 maxpacket: 32
[  577.754892][   T44] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  577.754923][   T44] usb 6-1: config 0 has no interface number 0
[  577.754983][   T44] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  577.755020][   T44] usb 6-1: config 0 interface 85 has no altsetting 0
[  577.798993][   T44] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  577.799033][   T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.799054][   T44] usb 6-1: Product: syz
[  577.799068][   T44] usb 6-1: Manufacturer: syz
[  577.799082][   T44] usb 6-1: SerialNumber: syz
[  577.808449][   T44] usb 6-1: config 0 descriptor??
[  577.840773][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  578.057615][   T44] appletouch 6-1:0.85: Failed to read mode from device.
[  578.058023][   T44] appletouch 6-1:0.85: probe with driver appletouch failed with error -5
[  578.499387][ T5153] Bluetooth: hci3: command tx timeout
[  578.510775][   T44] usb 6-1: USB disconnect, device number 20
[  579.604826][ T9355] netlink: 84 bytes leftover after parsing attributes in process `syz.4.843'.
[  580.029575][ T9363] tipc: Started in network mode
[  580.029614][ T9363] tipc: Node identity 22e179906d36, cluster identity 4711
[  580.029870][ T9363] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  580.031738][ T9364] syzkaller0: entered promiscuous mode
[  580.031768][ T9364] syzkaller0: entered allmulticast mode
[  580.054196][ T9343] lo speed is unknown, defaulting to 1000
[  580.094384][ T9362] tipc: Resetting bearer <eth:syzkaller0>
[  580.158192][ T9359] tipc: Resetting bearer <eth:syzkaller0>
[  580.310445][ T9359] tipc: Disabling bearer <eth:syzkaller0>
[  580.579354][ T5153] Bluetooth: hci3: command tx timeout
[  581.365492][ T9390] Bluetooth: MGMT ver 1.23
[  582.659402][ T5153] Bluetooth: hci3: command tx timeout
[  584.000825][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  584.017008][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  584.028392][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  584.052718][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  584.055625][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  584.232384][ T9289] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.232542][ T9289] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.232787][ T9289] bridge_slave_0: entered allmulticast mode
[  584.234632][ T9289] bridge_slave_0: entered promiscuous mode
[  584.331630][ T9289] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.331841][ T9289] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.332119][ T9289] bridge_slave_1: entered allmulticast mode
[  584.380065][ T9289] bridge_slave_1: entered promiscuous mode
[  584.898519][ T9289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  585.171319][ T9289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  585.802511][ T9406] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  585.808603][ T9406] block device autoloading is deprecated and will be removed.
[  586.259450][ T5849] Bluetooth: hci1: command tx timeout
[  587.580462][ T9397] lo speed is unknown, defaulting to 1000
[  587.837460][ T9289] team0: Port device team_slave_0 added
[  588.034213][ T9289] team0: Port device team_slave_1 added
[  588.339234][ T5849] Bluetooth: hci1: command tx timeout
[  590.419254][ T5849] Bluetooth: hci1: command tx timeout
[  590.447751][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_0
[  590.447769][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  590.447800][ T9289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  590.514430][ T9289] batman_adv: batadv0: Adding interface: batadv_slave_1
[  590.514451][ T9289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  590.514482][ T9289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  590.687914][ T9426] FAULT_INJECTION: forcing a failure.
[  590.687914][ T9426] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.687952][ T9426] CPU: 0 UID: 0 PID: 9426 Comm: syz.4.861 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  590.687974][ T9426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  590.687985][ T9426] Call Trace:
[  590.687992][ T9426]  <TASK>
[  590.688000][ T9426]  dump_stack_lvl+0x189/0x250
[  590.688034][ T9426]  ? __pfx____ratelimit+0x10/0x10
[  590.688062][ T9426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  590.688089][ T9426]  ? __pfx__printk+0x10/0x10
[  590.688111][ T9426]  ? __might_fault+0xb0/0x130
[  590.688165][ T9426]  should_fail_ex+0x46c/0x600
[  590.688198][ T9426]  _copy_from_user+0x2d/0xb0
[  590.688222][ T9426]  __sys_connect+0x124/0x450
[  590.688253][ T9426]  ? __pfx___sys_connect+0x10/0x10
[  590.688293][ T9426]  ? __pfx_ksys_write+0x10/0x10
[  590.688316][ T9426]  ? rcu_is_watching+0x15/0xb0
[  590.688354][ T9426]  __x64_sys_connect+0x7a/0x90
[  590.688380][ T9426]  do_syscall_64+0xfa/0x3b0
[  590.688406][ T9426]  ? lockdep_hardirqs_on+0x9c/0x150
[  590.688431][ T9426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.688451][ T9426]  ? clear_bhb_loop+0x60/0xb0
[  590.688476][ T9426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.688494][ T9426] RIP: 0033:0x7f2d33d5ebe9
[  590.688513][ T9426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.688530][ T9426] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  590.688553][ T9426] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  590.688567][ T9426] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004
[  590.688580][ T9426] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  590.688592][ T9426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.688604][ T9426] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  590.688639][ T9426]  </TASK>
[  591.116269][    C1] vkms_vblank_simulate: vblank timer overrun
[  592.304966][ T9289] hsr_slave_0: entered promiscuous mode
[  592.319824][ T9289] hsr_slave_1: entered promiscuous mode
[  592.320438][ T9289] debugfs: 'hsr0' already exists in 'hsr'
[  592.320456][ T9289] Cannot create hsr debugfs directory
[  592.520064][ T5849] Bluetooth: hci1: command tx timeout
[  592.821832][ T9343] chnl_net:caif_netlink_parms(): no params data found
[  594.110344][    C1] vkms_vblank_simulate: vblank timer overrun
[  594.509211][    C1] vkms_vblank_simulate: vblank timer overrun
[  594.957238][    C1] vkms_vblank_simulate: vblank timer overrun
[  595.816694][ T9478] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  596.280587][ T1231] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  596.304364][ T9343] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.304586][ T9343] bridge0: port 1(bridge_slave_0) entered disabled state
[  596.304808][ T9343] bridge_slave_0: entered allmulticast mode
[  596.307656][ T9343] bridge_slave_0: entered promiscuous mode
[  596.311386][ T9397] chnl_net:caif_netlink_parms(): no params data found
[  596.387574][ T9343] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.387714][ T9343] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.388002][ T9343] bridge_slave_1: entered allmulticast mode
[  596.425504][ T9343] bridge_slave_1: entered promiscuous mode
[  596.432383][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  596.432415][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  596.432435][ T1231] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  596.432475][ T1231] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  596.432496][ T1231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.454904][ T1231] usb 5-1: config 0 descriptor??
[  596.909961][ T1231] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  597.135572][ T9343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  597.199367][ T8326] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  597.262299][ T9343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  597.349298][ T8326] usb 6-1: Using ep0 maxpacket: 8
[  597.365027][ T8326] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[  597.365066][ T8326] usb 6-1: config 0 has no interface number 0
[  597.365120][ T8326] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  597.365140][ T8326] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2
[  597.365164][ T8326] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x2 has an invalid bInterval 175, changing to 11
[  597.365192][ T8326] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  597.365218][ T8326] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  597.365245][ T8326] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8911, setting to 1024
[  597.365270][ T8326] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  597.380230][ T8326] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  597.380259][ T8326] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  597.380277][ T8326] usb 6-1: Product: syz
[  597.380291][ T8326] usb 6-1: Manufacturer: syz
[  597.380303][ T8326] usb 6-1: SerialNumber: syz
[  597.394054][ T8326] usb 6-1: config 0 descriptor??
[  597.563877][ T9488] netlink: 'syz.4.874': attribute type 4 has an invalid length.
[  597.746859][ T1231] usb 5-1: USB disconnect, device number 44
[  598.848353][ T8326] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  598.859832][ T8326] usb 6-1: USB disconnect, device number 21
[  598.991172][ T9343] team0: Port device team_slave_0 added
[  599.551028][ T9343] team0: Port device team_slave_1 added
[  599.732672][ T9397] bridge0: port 1(bridge_slave_0) entered blocking state
[  599.732848][ T9397] bridge0: port 1(bridge_slave_0) entered disabled state
[  599.733154][ T9397] bridge_slave_0: entered allmulticast mode
[  599.784836][ T9397] bridge_slave_0: entered promiscuous mode
[  600.037312][ T9397] bridge0: port 2(bridge_slave_1) entered blocking state
[  600.037481][ T9397] bridge0: port 2(bridge_slave_1) entered disabled state
[  600.037756][ T9397] bridge_slave_1: entered allmulticast mode
[  600.080175][ T9397] bridge_slave_1: entered promiscuous mode
[  600.327208][ T9502] FAULT_INJECTION: forcing a failure.
[  600.327208][ T9502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  600.327248][ T9502] CPU: 0 UID: 0 PID: 9502 Comm: syz.4.880 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  600.327272][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.327285][ T9502] Call Trace:
[  600.327294][ T9502]  <TASK>
[  600.327302][ T9502]  dump_stack_lvl+0x189/0x250
[  600.327337][ T9502]  ? __pfx____ratelimit+0x10/0x10
[  600.327422][ T9502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  600.327462][ T9502]  ? __pfx__printk+0x10/0x10
[  600.327485][ T9502]  ? __might_fault+0xb0/0x130
[  600.327527][ T9502]  should_fail_ex+0x46c/0x600
[  600.327561][ T9502]  _copy_from_user+0x2d/0xb0
[  600.327585][ T9502]  ___sys_sendmsg+0x158/0x2a0
[  600.327619][ T9502]  ? __pfx____sys_sendmsg+0x10/0x10
[  600.327698][ T9502]  ? __fget_files+0x2a/0x420
[  600.327734][ T9502]  ? __fget_files+0x3a6/0x420
[  600.327774][ T9502]  __x64_sys_sendmsg+0x1a1/0x260
[  600.327808][ T9502]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  600.327850][ T9502]  ? __pfx_ksys_write+0x10/0x10
[  600.327873][ T9502]  ? rcu_is_watching+0x15/0xb0
[  600.327912][ T9502]  ? do_syscall_64+0xbe/0x3b0
[  600.327946][ T9502]  do_syscall_64+0xfa/0x3b0
[  600.327968][ T9502]  ? lockdep_hardirqs_on+0x9c/0x150
[  600.327989][ T9502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.328008][ T9502]  ? clear_bhb_loop+0x60/0xb0
[  600.328033][ T9502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.328054][ T9502] RIP: 0033:0x7f2d33d5ebe9
[  600.328074][ T9502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.328092][ T9502] RSP: 002b:00007f2d31fc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  600.328123][ T9502] RAX: ffffffffffffffda RBX: 00007f2d33f95fa0 RCX: 00007f2d33d5ebe9
[  600.328139][ T9502] RDX: 0000000024000000 RSI: 0000200000009b40 RDI: 0000000000000003
[  600.328153][ T9502] RBP: 00007f2d31fc6090 R08: 0000000000000000 R09: 0000000000000000
[  600.328166][ T9502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.328179][ T9502] R13: 00007f2d33f96038 R14: 00007f2d33f95fa0 R15: 00007ffda5f69258
[  600.328218][ T9502]  </TASK>
[  600.823655][ T9343] batman_adv: batadv0: Adding interface: batadv_slave_0
[  600.823674][ T9343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.823703][ T9343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  601.204367][ T9343] batman_adv: batadv0: Adding interface: batadv_slave_1
[  601.204381][ T9343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  601.204398][ T9343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  601.273914][ T9397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.484788][ T9397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  603.324069][ T9397] team0: Port device team_slave_0 added
[  603.380899][ T9343] hsr_slave_0: entered promiscuous mode
[  603.385516][ T9343] hsr_slave_1: entered promiscuous mode
[  603.401628][ T9343] debugfs: 'hsr0' already exists in 'hsr'
[  603.401660][ T9343] Cannot create hsr debugfs directory
[  603.532001][ T9397] team0: Port device team_slave_1 added
[  603.944993][ T9516] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  604.078741][ T9397] batman_adv: batadv0: Adding interface: batadv_slave_0
[  604.078758][ T9397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  604.078783][ T9397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  604.156038][ T9397] batman_adv: batadv0: Adding interface: batadv_slave_1
[  604.156057][ T9397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  604.156084][ T9397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  604.209295][ T5911] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  604.341715][   T44] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  604.369745][   T44] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  604.382320][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  604.382353][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  604.382373][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  604.382414][ T5911] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  604.382435][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.414409][ T5911] usb 5-1: config 0 descriptor??
[  604.655322][ T1495] bridge_slave_1: left allmulticast mode
[  604.655360][ T1495] bridge_slave_1: left promiscuous mode
[  604.657806][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.727272][ T1495] bridge_slave_0: left allmulticast mode
[  604.727390][ T1495] bridge_slave_0: left promiscuous mode
[  604.729242][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.851137][ T1495] bridge_slave_1: left allmulticast mode
[  604.851177][ T1495] bridge_slave_1: left promiscuous mode
[  604.851474][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.914971][ T5911] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  604.954131][ T1495] bridge_slave_0: left allmulticast mode
[  604.954168][ T1495] bridge_slave_0: left promiscuous mode
[  604.954463][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.492093][ T9526] netlink: 'syz.4.884': attribute type 4 has an invalid length.
[  605.602168][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.665832][ T9089] usb 5-1: USB disconnect, device number 45
[  605.726678][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.828249][ T1495] bond0 (unregistering): Released all slaves
[  606.172269][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  606.301041][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  606.430950][ T1495] bond0 (unregistering): Released all slaves
[  607.182742][ T5911] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  607.350419][ T5911] usb 6-1: Using ep0 maxpacket: 8
[  607.373650][ T5911] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7
[  607.600110][ T5911] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  607.600141][ T5911] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  607.600160][ T5911] usb 6-1: Product: syz
[  607.600171][ T5911] usb 6-1: Manufacturer: syz
[  607.600182][ T5911] usb 6-1: SerialNumber: syz
[  607.684178][ T9539] tipc: Started in network mode
[  607.684214][ T9539] tipc: Node identity e0000002, cluster identity 4711
[  607.684277][ T9539] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  607.971363][ T5911] usb 6-1: palm_os_3_probe - error -110 getting connection information
[  607.971484][ T5911] visor 6-1:1.0: probe with driver visor failed with error -110
[  608.115884][ T9397] hsr_slave_0: entered promiscuous mode
[  608.120906][ T9397] hsr_slave_1: entered promiscuous mode
[  608.124335][ T9397] debugfs: 'hsr0' already exists in 'hsr'
[  608.124361][ T9397] Cannot create hsr debugfs directory
[  608.279466][ T1231] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  608.519547][ T1231] usb 5-1: Using ep0 maxpacket: 8
[  608.525793][ T1495] hsr_slave_0: left promiscuous mode
[  608.528285][ T1231] usb 5-1: config 11 has an invalid interface number: 95 but max is 0
[  608.528368][ T1231] usb 5-1: config 11 has no interface number 0
[  608.528420][ T1231] usb 5-1: config 11 interface 95 altsetting 64 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  608.528435][ T1231] usb 5-1: config 11 interface 95 altsetting 64 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  608.528450][ T1231] usb 5-1: config 11 interface 95 altsetting 64 endpoint 0x8F has invalid wMaxPacketSize 0
[  608.528463][ T1231] usb 5-1: config 11 interface 95 has no altsetting 0
[  608.600547][ T1495] hsr_slave_1: left promiscuous mode
[  608.602770][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  608.604530][ T1231] usb 5-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  608.604559][ T1231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.604580][ T1231] usb 5-1: Product: syz
[  608.604595][ T1231] usb 5-1: Manufacturer: syz
[  608.604610][ T1231] usb 5-1: SerialNumber: syz
[  608.682284][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  608.869813][ T1495] hsr_slave_0: left promiscuous mode
[  608.889447][ T1495] hsr_slave_1: left promiscuous mode
[  608.892475][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  608.936716][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  609.187057][ T1231] usbtouchscreen 5-1:11.95: probe with driver usbtouchscreen failed with error -90
[  609.208201][ T1231] usb 5-1: USB disconnect, device number 46
[  609.388298][ T5911] usb 6-1: USB disconnect, device number 22
[  611.254123][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  611.380402][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  611.677841][ T9553] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  611.929422][ T1231] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  612.102690][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.102729][ T1231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  612.102751][ T1231] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  612.102797][ T1231] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  612.102818][ T1231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.140740][ T1231] usb 5-1: config 0 descriptor??
[  612.703362][ T1231] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  612.780438][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  612.930372][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  613.267780][ T9555] netlink: 'syz.4.894': attribute type 4 has an invalid length.
[  613.552679][ T9089] usb 5-1: USB disconnect, device number 47
[  616.502106][    C0] vkms_vblank_simulate: vblank timer overrun
[  616.595188][ T9574] FAULT_INJECTION: forcing a failure.
[  616.595188][ T9574] name failslab, interval 1, probability 0, space 0, times 0
[  616.595225][ T9574] CPU: 0 UID: 0 PID: 9574 Comm: syz.5.900 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  616.595247][ T9574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  616.595259][ T9574] Call Trace:
[  616.595267][ T9574]  <TASK>
[  616.595276][ T9574]  dump_stack_lvl+0x189/0x250
[  616.595312][ T9574]  ? __pfx____ratelimit+0x10/0x10
[  616.595340][ T9574]  ? __pfx_dump_stack_lvl+0x10/0x10
[  616.595369][ T9574]  ? __pfx__printk+0x10/0x10
[  616.595398][ T9574]  ? __pfx___might_resched+0x10/0x10
[  616.595417][ T9574]  ? fs_reclaim_acquire+0x7d/0x100
[  616.595442][ T9574]  should_fail_ex+0x46c/0x600
[  616.595474][ T9574]  should_failslab+0xa8/0x100
[  616.595504][ T9574]  __kvmalloc_node_noprof+0x15a/0x550
[  616.595531][ T9574]  ? traverse+0xd9/0x570
[  616.595560][ T9574]  traverse+0xd9/0x570
[  616.595591][ T9574]  ? seq_read_iter+0xb8/0xe10
[  616.595629][ T9574]  seq_read_iter+0xcff/0xe10
[  616.595665][ T9574]  ? __asan_memset+0x22/0x50
[  616.595694][ T9574]  seq_read+0x36c/0x480
[  616.595714][ T9574]  ? __lock_acquire+0xab9/0xd20
[  616.595751][ T9574]  ? __pfx_seq_read+0x10/0x10
[  616.595780][ T9574]  ? __import_iovec+0x5d4/0x7f0
[  616.595815][ T9574]  ? __pfx_seq_read+0x10/0x10
[  616.595834][ T9574]  proc_reg_read+0x1f6/0x2f0
[  616.595862][ T9574]  vfs_readv+0x5b0/0x850
[  616.595893][ T9574]  ? __pfx_proc_reg_read+0x10/0x10
[  616.595920][ T9574]  ? __pfx_vfs_readv+0x10/0x10
[  616.595969][ T9574]  ? __fget_files+0x2a/0x420
[  616.596003][ T9574]  ? __fget_files+0x3a6/0x420
[  616.596029][ T9574]  ? __fget_files+0x2a/0x420
[  616.596068][ T9574]  __x64_sys_preadv+0x19a/0x2a0
[  616.596100][ T9574]  ? __pfx___x64_sys_preadv+0x10/0x10
[  616.596124][ T9574]  ? rcu_is_watching+0x15/0xb0
[  616.596161][ T9574]  ? do_syscall_64+0xbe/0x3b0
[  616.596194][ T9574]  do_syscall_64+0xfa/0x3b0
[  616.596220][ T9574]  ? lockdep_hardirqs_on+0x9c/0x150
[  616.596245][ T9574]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.596266][ T9574]  ? clear_bhb_loop+0x60/0xb0
[  616.596292][ T9574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.596311][ T9574] RIP: 0033:0x7f756fe2ebe9
[  616.596331][ T9574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.596348][ T9574] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  616.596371][ T9574] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  616.596387][ T9574] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003
[  616.596400][ T9574] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  616.596412][ T9574] R10: 00000000000000f2 R11: 0000000000000246 R12: 0000000000000001
[  616.596425][ T9574] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  616.596460][ T9574]  </TASK>
[  618.446217][    C0] vkms_vblank_simulate: vblank timer overrun
[  618.747771][    C0] vkms_vblank_simulate: vblank timer overrun
[  619.292163][ T9289] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  619.417637][ T9289] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  619.559408][ T9289] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  619.757388][ T9586] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  619.795127][ T9289] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  619.999298][ T8326] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  620.018924][ T9343] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  620.119397][    C0] vkms_vblank_simulate: vblank timer overrun
[  620.214686][ T8326] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  620.214723][ T8326] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.214747][ T8326] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  620.214794][ T8326] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  620.214818][ T8326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.502523][    C0] vkms_vblank_simulate: vblank timer overrun
[  620.750096][    C0] vkms_vblank_simulate: vblank timer overrun
[  620.892288][ T9343] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  621.073847][ T8326] usb 6-1: config 0 descriptor??
[  621.161519][ T9343] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  621.505538][ T8326] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  621.537178][ T9343] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  621.894435][ T1495] bridge_slave_1: left allmulticast mode
[  621.894473][ T1495] bridge_slave_1: left promiscuous mode
[  621.894788][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  621.947002][ T1495] bridge_slave_0: left allmulticast mode
[  621.947041][ T1495] bridge_slave_0: left promiscuous mode
[  621.947356][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  622.130536][ T9608] netlink: 'syz.5.903': attribute type 4 has an invalid length.
[  622.332702][ T1231] usb 6-1: USB disconnect, device number 23
[  622.600878][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  622.680369][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  622.750074][ T1495] bond0 (unregistering): Released all slaves
[  622.927566][ T9397] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  623.026921][ T9397] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  623.125929][ T9397] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  623.271284][ T9397] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  623.488586][ T1495] hsr_slave_0: left promiscuous mode
[  623.529622][ T1495] hsr_slave_1: left promiscuous mode
[  623.530646][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  623.605060][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  624.124682][ T5153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  624.133819][ T5153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  624.136692][ T5153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  624.137922][ T5153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  624.138733][ T5153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  624.592444][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  624.592535][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  624.820242][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  624.983770][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  626.259966][ T5849] Bluetooth: hci0: command tx timeout
[  626.449685][ T9617] lo speed is unknown, defaulting to 1000
[  626.549320][ T5911] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  626.549542][ T6018] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  626.709574][ T6018] usb 5-1: Using ep0 maxpacket: 16
[  626.709759][ T5911] usb 6-1: Using ep0 maxpacket: 16
[  626.718978][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.719012][ T6018] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  626.719034][ T6018] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  626.720037][ T6018] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  626.720065][ T6018] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.789512][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.789548][ T5911] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  626.789571][ T5911] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  626.789617][ T5911] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  626.789639][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.795383][ T6018] usb 5-1: config 0 descriptor??
[  626.798782][ T5911] usb 6-1: config 0 descriptor??
[  627.244648][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244688][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244724][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244750][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244775][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244801][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244826][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244851][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244876][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.244900][ T5911] microsoft 0003:045E:07DA.000D: unknown main item tag 0x0
[  627.295652][ T6018] HID 045e:07da: Invalid code 65791 type 1
[  627.338873][ T5911] HID 045e:07da: Invalid code 65791 type 1
[  627.353660][ T5911] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000D/input/input16
[  627.383608][ T6018] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000E/input/input17
[  627.497572][ T9637] FAULT_INJECTION: forcing a failure.
[  627.497572][ T9637] name failslab, interval 1, probability 0, space 0, times 0
[  627.497607][ T9637] CPU: 0 UID: 0 PID: 9637 Comm: syz.5.911 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  627.497629][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  627.497641][ T9637] Call Trace:
[  627.497650][ T9637]  <TASK>
[  627.497659][ T9637]  dump_stack_lvl+0x189/0x250
[  627.497691][ T9637]  ? __pfx____ratelimit+0x10/0x10
[  627.497725][ T9637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  627.497752][ T9637]  ? __pfx__printk+0x10/0x10
[  627.497780][ T9637]  ? __pfx___might_resched+0x10/0x10
[  627.497803][ T9637]  ? fs_reclaim_acquire+0x7d/0x100
[  627.497826][ T9637]  should_fail_ex+0x46c/0x600
[  627.497859][ T9637]  should_failslab+0xa8/0x100
[  627.497888][ T9637]  __kmalloc_noprof+0xcb/0x430
[  627.497913][ T9637]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  627.497947][ T9637]  tomoyo_realpath_from_path+0xe3/0x5d0
[  627.497978][ T9637]  ? tomoyo_domain+0xda/0x130
[  627.498012][ T9637]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  627.498054][ T9637]  tomoyo_path_number_perm+0x1e8/0x5a0
[  627.498080][ T9637]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  627.498108][ T9637]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  627.498134][ T9637]  ? lockdep_hardirqs_on+0x9c/0x150
[  627.498169][ T9637]  ? __lock_acquire+0xab9/0xd20
[  627.498221][ T9637]  ? __fget_files+0x2a/0x420
[  627.498252][ T9637]  ? __fget_files+0x2a/0x420
[  627.498276][ T9637]  ? __fget_files+0x3a6/0x420
[  627.498301][ T9637]  ? __fget_files+0x2a/0x420
[  627.498332][ T9637]  security_file_ioctl+0xcb/0x2d0
[  627.498360][ T9637]  __se_sys_ioctl+0x47/0x170
[  627.498386][ T9637]  do_syscall_64+0xfa/0x3b0
[  627.498412][ T9637]  ? lockdep_hardirqs_on+0x9c/0x150
[  627.498438][ T9637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.498457][ T9637]  ? clear_bhb_loop+0x60/0xb0
[  627.498481][ T9637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  627.498501][ T9637] RIP: 0033:0x7f756fe2ebe9
[  627.498518][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  627.498535][ T9637] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  627.498557][ T9637] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  627.498572][ T9637] RDX: 0000200000000000 RSI: 0000000040284504 RDI: 0000000000000004
[  627.498585][ T9637] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  627.498598][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  627.498611][ T9637] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  627.498645][ T9637]  </TASK>
[  627.498653][ T9637] ERROR: Out of memory at tomoyo_realpath_from_path.
[  627.909427][ T5911] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  627.943657][ T5911] usb 6-1: USB disconnect, device number 24
[  628.085036][ T6018] microsoft 0003:045E:07DA.000E: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  628.204450][ T9656] fido_id[9656]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  628.253782][ T6018] usb 5-1: USB disconnect, device number 48
[  628.339419][ T5849] Bluetooth: hci0: command tx timeout
[  628.356235][ T9658] fido_id[9658]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  628.564818][ T9343] 8021q: adding VLAN 0 to HW filter on device bond0
[  628.691840][ T9663] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  628.981710][ T6018] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  629.193720][ T6018] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  629.193756][ T6018] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  629.193779][ T6018] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  629.193822][ T6018] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  629.193845][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.225126][ T6018] usb 6-1: config 0 descriptor??
[  629.513537][ T9343] 8021q: adding VLAN 0 to HW filter on device team0
[  629.708273][ T9397] 8021q: adding VLAN 0 to HW filter on device bond0
[  629.764844][ T6018] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  630.384078][ T9617] chnl_net:caif_netlink_parms(): no params data found
[  630.411689][ T9682] netlink: 'syz.5.913': attribute type 4 has an invalid length.
[  630.419326][ T5849] Bluetooth: hci0: command tx timeout
[  630.530727][   T31] usb 6-1: USB disconnect, device number 25
[  630.679452][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  630.679622][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  631.677893][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state
[  631.678259][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  631.679258][   T31] usb 6-1: new low-speed USB device number 26 using dummy_hcd
[  631.847214][   T31] usb 6-1: config index 0 descriptor too short (expected 1307, got 27)
[  631.847246][   T31] usb 6-1: config 0 has an invalid interface number: 0 but max is -1
[  631.847276][   T31] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0
[  631.847317][   T31] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  631.847360][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  631.847381][   T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  631.918038][   T31] usb 6-1: string descriptor 0 read error: -22
[  631.918210][   T31] usb 6-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  631.918235][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.951638][   T31] usb 6-1: config 0 descriptor??
[  631.970165][   T31] hub 6-1:0.0: bad descriptor, ignoring hub
[  631.970209][   T31] hub 6-1:0.0: probe with driver hub failed with error -5
[  632.072718][ T9397] 8021q: adding VLAN 0 to HW filter on device team0
[  632.494169][   T37] audit: type=1804 audit(1757058069.619:37): pid=9704 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.915" name="/newroot/185/file0" dev="tmpfs" ino=1031 res=1 errno=0
[  632.526746][ T5849] Bluetooth: hci0: command tx timeout
[  635.562713][ T9617] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.562940][ T9617] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.563211][ T9617] bridge_slave_0: entered allmulticast mode
[  635.566536][ T9617] bridge_slave_0: entered promiscuous mode
[  635.651266][ T7485] bridge0: port 1(bridge_slave_0) entered blocking state
[  635.651449][ T7485] bridge0: port 1(bridge_slave_0) entered forwarding state
[  635.653832][ T9617] bridge0: port 2(bridge_slave_1) entered blocking state
[  635.654036][ T9617] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.654324][ T9617] bridge_slave_1: entered allmulticast mode
[  635.671354][ T9617] bridge_slave_1: entered promiscuous mode
[  635.859355][ T9716] netlink: 28 bytes leftover after parsing attributes in process `syz.4.917'.
[  636.016884][ T7906] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.018528][ T7906] bridge0: port 2(bridge_slave_1) entered forwarding state
[  636.186015][ T5153] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  636.198208][ T5153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  636.211650][ T5911] usb 6-1: USB disconnect, device number 26
[  636.212268][ T5153] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  636.215344][ T5153] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  636.216276][ T5153] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  636.534635][ T9617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  636.674651][ T9617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  636.831588][ T9733] FAULT_INJECTION: forcing a failure.
[  636.831588][ T9733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  636.831625][ T9733] CPU: 0 UID: 0 PID: 9733 Comm: syz.5.920 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  636.831648][ T9733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  636.831660][ T9733] Call Trace:
[  636.831668][ T9733]  <TASK>
[  636.831677][ T9733]  dump_stack_lvl+0x189/0x250
[  636.831712][ T9733]  ? __pfx____ratelimit+0x10/0x10
[  636.831740][ T9733]  ? __pfx_dump_stack_lvl+0x10/0x10
[  636.831770][ T9733]  ? __pfx__printk+0x10/0x10
[  636.831793][ T9733]  ? __might_fault+0xb0/0x130
[  636.831836][ T9733]  should_fail_ex+0x46c/0x600
[  636.831870][ T9733]  _copy_from_user+0x2d/0xb0
[  636.831895][ T9733]  ___sys_sendmsg+0x158/0x2a0
[  636.831929][ T9733]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.832001][ T9733]  ? __fget_files+0x2a/0x420
[  636.832029][ T9733]  ? __fget_files+0x3a6/0x420
[  636.832070][ T9733]  __x64_sys_sendmsg+0x1a1/0x260
[  636.832104][ T9733]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  636.832145][ T9733]  ? __pfx_ksys_write+0x10/0x10
[  636.832169][ T9733]  ? rcu_is_watching+0x15/0xb0
[  636.832206][ T9733]  ? do_syscall_64+0xbe/0x3b0
[  636.832240][ T9733]  do_syscall_64+0xfa/0x3b0
[  636.832265][ T9733]  ? lockdep_hardirqs_on+0x9c/0x150
[  636.832290][ T9733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.832310][ T9733]  ? clear_bhb_loop+0x60/0xb0
[  636.832332][ T9733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.832352][ T9733] RIP: 0033:0x7f756fe2ebe9
[  636.832370][ T9733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  636.832385][ T9733] RSP: 002b:00007f756e08e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  636.832407][ T9733] RAX: ffffffffffffffda RBX: 00007f7570065fa0 RCX: 00007f756fe2ebe9
[  636.832422][ T9733] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  636.832435][ T9733] RBP: 00007f756e08e090 R08: 0000000000000000 R09: 0000000000000000
[  636.832447][ T9733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  636.832458][ T9733] R13: 00007f7570066038 R14: 00007f7570065fa0 R15: 00007fffd60b61b8
[  636.832492][ T9733]  </TASK>
[  637.119371][ T5912] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  637.271221][ T5912] usb 5-1: Using ep0 maxpacket: 8
[  637.278993][ T5912] usb 5-1: config 0 has an invalid interface number: 186 but max is 0
[  637.279023][ T5912] usb 5-1: config 0 has no interface number 0
[  637.306818][ T5912] usb 5-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  637.306850][ T5912] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x12, changing to 0x2
[  637.306878][ T5912] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x2 has an invalid bInterval 175, changing to 11
[  637.306907][ T5912] usb 5-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  637.306932][ T5912] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  637.306959][ T5912] usb 5-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid maxpacket 8911, setting to 1024
[  637.306986][ T5912] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  637.398988][ T5912] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  637.399023][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.399044][ T5912] usb 5-1: Product: syz
[  637.399058][ T5912] usb 5-1: Manufacturer: syz
[  637.425952][ T5912] usb 5-1: SerialNumber: syz
[  637.450635][ T5912] usb 5-1: config 0 descriptor??
[  638.048239][ T5912] iowarrior 5-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  638.114535][ T5912] usb 5-1: USB disconnect, device number 49
[  638.253098][ T9617] team0: Port device team_slave_0 added
[  638.269538][ T5849] Bluetooth: hci4: command tx timeout
[  638.355758][ T9617] team0: Port device team_slave_1 added
[  638.371337][ T9720] lo speed is unknown, defaulting to 1000
[  638.762833][ T9617] batman_adv: batadv0: Adding interface: batadv_slave_0
[  638.762854][ T9617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.762882][ T9617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  638.820221][ T9749] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  638.869584][ T9617] batman_adv: batadv0: Adding interface: batadv_slave_1
[  638.869603][ T9617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  638.869632][ T9617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  638.966835][ T1495] bridge_slave_1: left allmulticast mode
[  638.966932][ T1495] bridge_slave_1: left promiscuous mode
[  638.967209][ T1495] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.032078][ T1495] bridge_slave_0: left allmulticast mode
[  639.032118][ T1495] bridge_slave_0: left promiscuous mode
[  639.032414][ T1495] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.079531][ T9089] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  639.257599][ T9089] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  639.257636][ T9089] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.257649][ T9089] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  639.257676][ T9089] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  639.257690][ T9089] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.325532][ T9089] usb 5-1: config 0 descriptor??
[  639.764017][ T9089] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  639.822688][ T1495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  639.963210][ T1495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  640.063021][ T1495] bond0 (unregistering): Released all slaves
[  640.339370][ T5849] Bluetooth: hci4: command tx timeout
[  640.387306][ T9750] netlink: 'syz.4.922': attribute type 4 has an invalid length.
[  640.576381][ T6018] usb 5-1: USB disconnect, device number 50
[  640.685913][ T9617] hsr_slave_0: entered promiscuous mode
[  640.690071][ T9617] hsr_slave_1: entered promiscuous mode
[  640.899533][ T1495] hsr_slave_0: left promiscuous mode
[  640.967013][ T1495] hsr_slave_1: left promiscuous mode
[  640.974311][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  641.000182][ T1495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  641.972340][   T44] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  642.180462][   T44] usb 6-1: device descriptor read/64, error -71
[  642.419319][ T5849] Bluetooth: hci4: command tx timeout
[  642.459260][   T44] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  642.599502][   T44] usb 6-1: device descriptor read/64, error -71
[  642.799965][   T44] usb usb6-port1: attempt power cycle
[  642.966936][ T9763] Bluetooth: MGMT ver 1.23
[  643.529395][   T44] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  643.550123][   T44] usb 6-1: device descriptor read/8, error -71
[  643.799366][   T44] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  643.830304][   T44] usb 6-1: device descriptor read/8, error -71
[  643.940452][   T44] usb usb6-port1: unable to enumerate USB device
[  644.296552][ T9767] netlink: 28 bytes leftover after parsing attributes in process `syz.4.926'.
[  644.485474][ T5153] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  644.510592][ T5153] Bluetooth: hci4: command tx timeout
[  644.510956][ T5153] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  644.522071][ T5153] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  644.528379][ T5153] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  644.530760][ T5153] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  644.810329][ T1495] team0 (unregistering): Port device team_slave_1 removed
[  644.981655][ T1495] team0 (unregistering): Port device team_slave_0 removed
[  646.695453][ T5153] Bluetooth: hci3: command tx timeout
[  649.508971][ T5849] Bluetooth: hci3: command tx timeout
[  650.034646][ T9792] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  650.289261][   T31] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  650.342631][ T9771] lo speed is unknown, defaulting to 1000
[  650.447100][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.447137][   T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  650.447159][   T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  650.447205][   T31] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  650.447229][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.562077][   T31] usb 6-1: config 0 descriptor??
[  651.068036][   T31] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  651.539269][ T5153] Bluetooth: hci3: command tx timeout
[  652.248522][ T9800] netlink: 'syz.5.932': attribute type 4 has an invalid length.
[  652.679656][ T6018] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN PTI
[  652.679684][ T6018] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
[  652.679706][ T6018] CPU: 0 UID: 0 PID: 6018 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  652.679730][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  652.679744][ T6018] Workqueue: events __usb_queue_reset_device
[  652.679774][ T6018] RIP: 0010:usb_gadget_udc_reset+0x29/0xb0
[  652.679802][ T6018] Code: 90 f3 0f 1e fa 41 57 41 56 53 49 89 f6 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 02 f0 c2 fa 49 83 c6 40 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 f8 29 22 fb 4d 8b 1e 48 89 df 41
[  652.679820][ T6018] RSP: 0018:ffffc900056b7338 EFLAGS: 00010202
[  652.679837][ T6018] RAX: 0000000000000008 RBX: ffff888145b90c40 RCX: ffff88802e2d0000
[  652.679852][ T6018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  652.679864][ T6018] RBP: ffff88803a390164 R08: ffffffff8f1d5137 R09: 1ffffffff1e3aa26
[  652.679879][ T6018] R10: dffffc0000000000 R11: fffffbfff1e3aa27 R12: ffff888145b90c40
[  652.679895][ T6018] R13: 1ffff11028be6ea1 R14: 0000000000000040 R15: dffffc0000000000
[  652.679911][ T6018] FS:  0000000000000000(0000) GS:ffff8881268c1000(0000) knlGS:0000000000000000
[  652.679928][ T6018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  652.679943][ T6018] CR2: 0000555593a6b608 CR3: 000000003b08e000 CR4: 00000000003526f0
[  652.679965][ T6018] Call Trace:
[  652.679973][ T6018]  <TASK>
[  652.679984][ T6018]  set_link_state+0x80b/0x1220
[  652.680012][ T6018]  dummy_hub_control+0xcc0/0x1760
[  652.680037][ T6018]  ? trace_kmalloc+0x1f/0xd0
[  652.680066][ T6018]  usb_hcd_submit_urb+0xde9/0x1a80
[  652.680095][ T6018]  usb_start_wait_urb+0x114/0x4c0
[  652.680116][ T6018]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  652.680145][ T6018]  usb_control_msg+0x232/0x3e0
[  652.680167][ T6018]  hub_port_reset+0x390/0x1740
[  652.680200][ T6018]  hub_port_init+0x2b0/0x2800
[  652.680237][ T6018]  ? usb_enable_endpoint+0x104/0x1b0
[  652.680260][ T6018]  usb_reset_and_verify_device+0x4cd/0x1a80
[  652.680288][ T6018]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  652.680316][ T6018]  ? __pfx_usb_reset_and_verify_device+0x10/0x10
[  652.680340][ T6018]  ? mutex_lock_nested+0x154/0x1d0
[  652.680360][ T6018]  ? usb_reset_device+0x549/0xae0
[  652.680380][ T6018]  usb_reset_device+0x552/0xae0
[  652.680405][ T6018]  __usb_queue_reset_device+0x73/0xa0
[  652.680427][ T6018]  ? process_scheduled_works+0x9ef/0x17b0
[  652.680452][ T6018]  process_scheduled_works+0xade/0x17b0
[  652.680487][ T6018]  ? __pfx_process_scheduled_works+0x10/0x10
[  652.680519][ T6018]  worker_thread+0x8a0/0xda0
[  652.680546][ T6018]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  652.680576][ T6018]  ? __kthread_parkme+0x7b/0x200
[  652.680607][ T6018]  kthread+0x70e/0x8a0
[  652.680636][ T6018]  ? __pfx_worker_thread+0x10/0x10
[  652.680661][ T6018]  ? __pfx_kthread+0x10/0x10
[  652.680693][ T6018]  ? __pfx_kthread+0x10/0x10
[  652.680721][ T6018]  ret_from_fork+0x3f9/0x770
[  652.680749][ T6018]  ? __pfx_ret_from_fork+0x10/0x10
[  652.680775][ T6018]  ? __switch_to_asm+0x39/0x70
[  652.680795][ T6018]  ? __switch_to_asm+0x33/0x70
[  652.680813][ T6018]  ? __pfx_kthread+0x10/0x10
[  652.680842][ T6018]  ret_from_fork_asm+0x1a/0x30
[  652.680868][ T6018]  </TASK>
[  652.680875][ T6018] Modules linked in:
[  652.680890][ T6018] ---[ end trace 0000000000000000 ]---
[  652.680901][ T6018] RIP: 0010:usb_gadget_udc_reset+0x29/0xb0
[  652.680926][ T6018] Code: 90 f3 0f 1e fa 41 57 41 56 53 49 89 f6 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 02 f0 c2 fa 49 83 c6 40 4c 89 f0 48 c1 e8 03 <42> 80 3c 38 00 74 08 4c 89 f7 e8 f8 29 22 fb 4d 8b 1e 48 89 df 41
[  652.680944][ T6018] RSP: 0018:ffffc900056b7338 EFLAGS: 00010202
[  652.680961][ T6018] RAX: 0000000000000008 RBX: ffff888145b90c40 RCX: ffff88802e2d0000
[  652.680976][ T6018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  652.680989][ T6018] RBP: ffff88803a390164 R08: ffffffff8f1d5137 R09: 1ffffffff1e3aa26
[  652.681005][ T6018] R10: dffffc0000000000 R11: fffffbfff1e3aa27 R12: ffff888145b90c40
[  652.681021][ T6018] R13: 1ffff11028be6ea1 R14: 0000000000000040 R15: dffffc0000000000
[  652.681037][ T6018] FS:  0000000000000000(0000) GS:ffff8881268c1000(0000) knlGS:0000000000000000
[  652.681054][ T6018] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  652.681069][ T6018] CR2: 0000555593a6b608 CR3: 000000003b08e000 CR4: 00000000003526f0
[  652.681093][ T6018] Kernel panic - not syncing: Fatal exception
[  652.681442][ T6018] Kernel Offset: disabled