last executing test programs:

23m7.838167051s ago: executing program 32 (id=107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1a, 0x0, 0x0)

22m16.37693321s ago: executing program 33 (id=180):
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[], 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$kcm(0xa, 0x2, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e24, 0x3, 'lc\x00', 0x5, 0x8, 0x77}, {@remote, 0x4e20, 0x10000, 0xc, 0x2}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0)
r4 = syz_open_dev$cec(0x0, 0x0, 0x82002)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000140)=0x12)
close(r4)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_dev$sg(&(0x7f0000000280), 0x5dc, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000002c0)=ANY=[])
sched_setscheduler(0x0, 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x20, r7, 0xe9715da55d7fa39, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x2400c851}, 0x40)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)

17m38.645618893s ago: executing program 34 (id=593):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_procfs$pagemap(0x0, 0x0)
quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000801, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x6bb6c4a5b2d350d2, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'dvmrp0\x00', 0x2})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x4000037, [0x6, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x7fff, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xf62, 0x6, 0xfc000000, 0x3, 0xe4, 0x4a732f64, 0x8, 0xc, 0xd, 0x4, 0x12a3, 0x9, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7ff7, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0xffffffff, 0x2, 0x2, 0x3, 0x1, 0x1, 0x7ff, 0x6, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x7, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x3, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0x6, 0x4c2336d6, 0x4, 0x10000, 0x7af, 0x401, 0x46, 0xf1, 0x4, 0xab00041, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x4, 0x7fff, 0x762, 0xff, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0xfffff50f, 0x1, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0x21, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x48e, 0x8d3, 0x6, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x7, 0x5, 0x9, 0x5, 0xb, 0x0, 0x3, 0x9, 0x3, 0xc7, 0x0, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x8, 0x3437, 0x3, 0xfb2, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x7f, 0x9d26, 0x0, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x4, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x200005, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0x56, 0x40, 0xff, 0x5, 0x7fffffff, 0xfffffffe, 0xe, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xf7fffff7, 0x8, 0x40f1, 0x2, 0x3, 0xa, 0x80000001, 0x8, 0x1, 0x6, 0x100, 0xd8cb, 0x7fffffff, 0x424dfaee, 0xc, 0x32d, 0x1000, 0x1ff, 0x2000003, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0x7, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0x80dab, 0x3, 0x8, 0x13ffd, 0x1, 0xbe24]}, 0x45c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB='<4'], 0x1b0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000140)=ANY=[@ANYBLOB="01000900000000000000ffffffffffffaaaaaaaaaabbbbbbbbbbbbbbffffffffffff0180c2000002bbbbbbbbf6bb0180c2000000ffffffffffff"])
setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$KVM_CAP_HYPERV_SYNIC2(r3, 0x4068aea3, &(0x7f0000000040))

9m2.739106447s ago: executing program 35 (id=1707):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020100000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000160a01010000000000000000020000000900020073797a31000000000900010073797a300000000054000380080002400000000840000380140001006272696467655f736c6176655f31000014000100776732000000000000000000000000001400010077673200000000000000000000000000080001"], 0xa8}}, 0xc8c0)
r2 = accept(r0, 0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x40000000, 0x0)
ptrace(0x10, r3)
wait4(r3, 0x0, 0xa0000009, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x402, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000300600000000028290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000640)={r6, 0x0, 0x0}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
getsockopt$netrom_NETROM_N2(r2, 0x103, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000000300)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, &(0x7f0000000200))

8m57.965316641s ago: executing program 3 (id=1747):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000001040)=ANY=[@ANYRESHEX=r1], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0xd4)

8m56.110659938s ago: executing program 3 (id=1751):
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='geneve1\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000f80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(0x0, 0x0)

8m53.975141195s ago: executing program 3 (id=1755):
chown(0x0, 0x0, 0x0)
syz_open_dev$video(0x0, 0x485, 0x40000)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
mkdir(0x0, 0x2)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) (fail_nth: 1)
lseek(0xffffffffffffffff, 0x20000093, 0x1)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)

8m53.51066013s ago: executing program 3 (id=1756):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x2, 0x5, 0x0, 0x2, 0xe, 0x0, 0x0, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e24, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$uinput_user_dev(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x400002, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000110000000100000007000000dc1e6c6c75711dd75013c73d1d6245e04c02a39c739dc0d71f35f7e20a614925824d670f1fa5419ac99221cfc4c789670127f78be206db93fa96d42d38fe37652869fe3119ed2f13870e9e8c8f25ba821a46", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
fsmount(r4, 0x1, 0x79)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
pipe2$9p(0x0, 0x0)
dup(0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private2, 0x0, 0x2}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)

8m44.132856338s ago: executing program 6 (id=1771):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0xbe, &(0x7f0000000280)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x35}, {[@cipso={0x86, 0x71, 0x0, [{0x5, 0xc, "e256b28c04000000fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x6, 0x7, "cfa11cab1a"}, {0x0, 0x10, "c600"/14}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x1, 0x6, "7f36c525"}]}]}}}}}}}, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x7)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
writev(r2, &(0x7f0000000600)=[{&(0x7f0000000380)="ba", 0x1}], 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
set_mempolicy(0x4005, &(0x7f0000000180)=0x1004, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001c40)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670000000000005601000000ff07ad67060000020000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56601a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1fb3f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8d4fee81e3cdd5daf2cdad3d1a74a2f078aa6402483856a6e494408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae060959c9639564f000fc3cdd05a1575c91cf5ba8b2db403681ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f8000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780e95c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcba6ec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0d642986f8bbc7340bc6393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d6812467c1a4186edd036f15bf847c50f79e1a0ad3d2b5080ecb0148e2b86177869884ae62420c9f1b534e969fce97ffff070000000000dbbfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388892c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861224799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a0c3e28f359608ea326c77a1aa17318f392a0ec6c188916f452533d4327feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe481a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8668f076c659f56d6c7f97a96d6cdf45cfe88b30c170000000001000000effbf33bd1becb0de0a080931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db223f2be09295e4a8da03d23b48bb38b31a14ffcddd92c38f6b6d86a0e5ed47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f130000000000000000000000000000000000000000002a37163e8d7ef2f3c58d045f0700000094029acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sched_cls}, 0x43)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601040000000000000000070000001400078008001140000000000800124000040c8f0500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a6970"], 0x60}}, 0x20004000)
r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r4, 0x80184153, &(0x7f0000000140)={0x0, 0x0})

8m44.05957825s ago: executing program 3 (id=1773):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x50)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x40000)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r0], 0x48}}, 0x0)

8m43.121841433s ago: executing program 6 (id=1774):
close(0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2})
mkdir(0x0, 0x2)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket(0x2, 0x80805, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = syz_io_uring_setup(0xa0, &(0x7f0000000100)={0x0, 0x200089bd, 0x80, 0x1, 0x385}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000340)=@req={0x3, 0x7, 0x9, 0x680e}, 0x10)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x40, 0x2007, @fd=r2, 0xc000000, &(0x7f00000000c0)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1, 0x1e})
io_uring_enter(r3, 0x32dc, 0x0, 0xe, 0x0, 0x0) (fail_nth: 1)

8m43.095617958s ago: executing program 3 (id=1775):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCOUTQ(r1, 0x8902, &(0x7f0000000280))
r2 = io_uring_setup(0x2e71, &(0x7f00000003c0)={0x0, 0x800000, 0x400, 0x2, 0x131})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r2, 0x17, &(0x7f0000000300)={0x0}, 0x1)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e21, [0x0, 0xffffffff, 0x1], [0xfffffffe], 0x0, [0x1, 0x3]}}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}, 0x1, 0x0, 0x0, 0x44044}, 0x20004010)
syz_usb_connect$uac1(0x2, 0x9d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x3, 0x1, 0x0, 0x70, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8}, [@feature_unit={0x7}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x101, 0x6, 0x8, 0x1000, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x40, 0x2, 0xff, {0x7, 0x25, 0x1, 0x2, 0xff, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x3, 0x7, 0x3, "ce428ac4cefc548400"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x10, 0x1001}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0xc, 0x0, 0x9, {0x7, 0x25, 0x1, 0x3, 0x2, 0x81}}}}}}}]}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@empty, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x9ac, 0xfffffc, 0x3ffffffffffffffd, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}, 0x800, 0x6e6bbc, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000805}, 0x2c000010)
move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)

8m42.330329251s ago: executing program 6 (id=1777):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x23f, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}, 0x1, 0x0, 0x0, 0x10}, 0x40)

8m42.013580244s ago: executing program 6 (id=1778):
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a0006000802"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000)

8m41.692589859s ago: executing program 6 (id=1779):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r1, &(0x7f0000000100)={{0x3, @null, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
connect$ax25(r1, &(0x7f0000000280)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0xdc6e}]}, 0x30}}, 0x0)

8m41.485691375s ago: executing program 6 (id=1780):
r0 = syz_open_dev$media(&(0x7f0000000040), 0xa50b, 0x420903)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000080)={0x80000000, 0x0, &(0x7f0000000500)=[{{}, {<r1=>0x80000000}}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000300)={r1, 0x0, 0x0})
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_CMDTEST(r2, 0x8050640a, &(0x7f00000011c0)={0x0, 0x30000, 0x0, 0x82, 0xfffffe0c, 0x8, 0x20, 0x3, 0x1e0, 0x5, 0x40, 0x8001, 0x0, 0x0, 0x0})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000006100)={0x2020}, 0x2020)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
openat$cgroup_ro(r3, &(0x7f00000001c0)='net_prio.prioidx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x3, 0x4, &(0x7f00000002c0)=[{0x0, 0x0, 0x3e0000}], 0x0)

8m13.643578911s ago: executing program 36 (id=1781):
socket$nl_audit(0x10, 0x3, 0x9)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r1, 0xd, &(0x7f0000000100)={0x9, 0x5}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000300)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r1, 0x5, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb9985000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
syz_pidfd_open(r2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000a80)=ANY=[@ANYRESOCT=r5, @ANYBLOB="baa05faf4ec063f763400d1071591804affa9170dde192bfcd7cbf14e01ccf481eefb0c214a262fe8e0f3a7d582361e72a4d34ae8608d90bc7ddf425ea189c57841db353f35e7897587b064331b5a2c512", @ANYRESDEC=r0], 0x34}, 0x1, 0x0, 0x0, 0x20008011}, 0x50)
sendmsg$tipc(r7, &(0x7f00000003c0)={&(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x10, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x8000}, 0x4000000)
dup2(r8, r7)
sendmmsg(r7, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{&(0x7f0000000340)=@qipcrtr={0x2a, 0xc57dd0fd4cf23480, 0x4001}, 0x80, &(0x7f0000000840)=[{&(0x7f00000004c0)="da1afacaf73070765be8dadf24b3e82fe4e1ef3540100f638dc3628e8543efebcf2b28e52f7bfb037c72f448a83955bff0cda0db9d4fa6ec3f37e9628b0a4b260e11653e327952f30767005890d97b84323000079b9baf84cf216fa178a0c7202a043e349b5427c166ac4e67db53bb3f57f505a05d7fa27c23c88dcc86000f35289505ab1fcb2b4faf03dcd8d580b9c9492925b3f0411648c5", 0x99}, {&(0x7f0000000280)}, {&(0x7f0000000400)="f694015c9b8855eb6044a3110fb447f9754ef49ead1e1046f8a637d56c19ddbf0fb6a2040b0ce3fda9cfea71f01cb118d7ef46", 0x33}, {&(0x7f0000000580)="eebd9cfff1f6663d7b9a8d9b80329437f3b30d17baa7ad2111c46714af95ce3f466907b2426bb793d49599d2ce5c99638df47805306a988966c8e6126cb1ef7abbdf47116a065fbc8efa0ed37b3e47cebc9a24957c76f98879156e4d5956083467e88fe1cf88dfefd00a46b1e64b9dae56a64e5631a4a959c317f3c4f0984f8b077b4e2673db9c19182eb14c59be229c4b5a520a48c22957299a89035b", 0x9d}, {&(0x7f0000000640)="84ca426ca0094b147bb363c045bd0a97fc5f1bfe03b514a58fbb2a09ba60215217e191f76f16b6cb689171fe04b9a0bcd2a03541d3a5e42beb4b39ae0d24148fb513cddeb57ddbc52296eb7f1bff88bfcc4690d8143cac808c52eb9c5ac3179bee", 0x61}, {&(0x7f00000006c0)="09eb1e084b908432e68564c5b7968f49c083d2117b56f07895ffd9598ef54e85cf12b7d50a279d783bc20e84c8236c477546a2a4a534e75114e70920cc624dae3deb63b9f729c2c51d5f245d07dd5ec64541d2d3a7a497057ee3a65e7d114249389bfc96669c0b625ecb8a40b866fbf6ffcc85ab67", 0x75}, {&(0x7f0000000740)="f6b4a49a3f0259c9799949ecdf5df20dbfba8f7ffc7dd7370053004f024712933b8efe33abafe8166dd6476d46156ab42c40facb5c8747b560e9b1846a3aa33061205a5a3de99f53e765401ff1b5c93b6ff9929ba40be8f9f7c8a79046ecc3a2ff0b543b6b577056b1751d84f30c763eec41bf68b7767a7a2c1d582f8162ede084bb5d076248695966e0c3ad8fc17a81a106e3e3c73e14e151e2c19ec214daae579a75a5dcff5ca0350a98c34472ebf1d430872e45ef3af296dfc7ffce80759217e9e11fcbc0caa3", 0xc8}], 0x7, &(0x7f0000000dc0)=[{0x30, 0x111, 0xacf5, "2e0715d1cf1908871dfc131aa3dd50bcac7e4d6e35401737131b9a128b28fc"}, {0xb0, 0x10f, 0xffffff00, "c0183e61b65f59400107c5249017318eb8088a341123b0b5c66f5ebeaf344a5e448f413d600f8e4a101b8ed1825cbbcdd044648d665fc082b462c30b347561b3eb69163d3fd8828eb0ec8a7cfecfb1008c3fd0f891be0337e47ab9d3be849a16f3315cd493e2bfbef8391d6021a5a096be61b819dbcc461f7c10d2093da2439e8f5259667e476c0e7b855368bacb35e1c358fbc4593584f808ad293034"}, {0x40, 0x114, 0x0, "451935840f7e20f815e9bf3c4113cdf06f72a4e995baff90929fa9ad655c99dee0ca63ebd14f50454e6dbbe251fceb3b"}, {0x1010, 0x108, 0x4, "e3b4aaa9ed9ed38ebdfaa45eadd516106daa8f6111f80fa8bac834f946ec7d06b1d4f516078e84045a048e27521bad2db0e493db66457598cb1ada778c8cbde30c3b28bd0ad4830f34b733e115997177e1dacc10197c0089fdc65d8d16c18e96752ec7afe169e3c2ea40b78678e23e21980eb45a55b96a417d9e6129f13a74633e8118ed2a32afd5e3e407d18b74ab5e55534f7ed4ce8e6048125c89313c130308fecb7aaf430435fc9c0e86158353f9e98f4305d12ed24f9a770932f53b2e745efd06ad522c4d9f98f416f4d612eabc34c29eb568f2a5639e289185bc0d3ad55176b3bc8df90dc8a1264b839a844cefa60bf6cfb5ffbea477f3ad4bd0f24b3151832066dd3c1de4dcf9678005599b0392bfb3064922a86c52016d8f5082059e3eb299ca53a7d8d7a78948aa8b5ed65e257d94bfba2571e383beb978b2a93ba11acf5ac51386737cad9ceaf38013aabaf626df060ec781025da2ec73f94dad8d12f366f50c0a62bd9658940e480eef9a671fefe0ed4320421c2a41bf4c9c72565327c6bde48acb8ef13265d087b0e9a9ae9dc6a72f6793bf642ef5225f5cf70819232393e36135ee21cbc7bf4c3d718965bcea3590ec83dcb78b4cfa11928122aaea1b82d6c9c09153d15b84ecc9fab30e74f0380927c02f5f56ed4f113634925ccb80006e81cd71aabea5a158c54adc19847096d711713f9c840b6eb639139e480d8a3d3cc47b44f8e0ad7981b1b6a42c15dd56ead644cb0d0c2d7a5e6c52f24ad8d0f5368f3cdef1617f8d88666bc4db80c667bac31a7dc13d43483b1dfd7f0c8bd92e9d9befd4cf550d0abe0016f7846bcb450036c4aacf53f3ebf40f008d6ea0d0cda4e1563efc02019a48105e1a37a25477ee1cb31d85cb52dafbc514a06e5d36f66f72477b47aa5294daf9ca233ae7032d035a2296a8cbaaf15d4594f5e4d65bd07bb277c77797100bbcd1d4d9e2e6333d10e4ea33b47e58de80dbd3e7b82c6ccc9f74af6d1c6f11c4dd4fb41a315f45713c400b3d2fb4fb4dbe602d383526621b6ab9fca414662879c4bc9589e5ab4a55cffce116840647d7de6bc853dbe5fe1fdadb466ddbaa0b21f20932fd2e8c125b6c0e1315bb0112a3b4af2514a233c22f823776ddc02300038d482986b4e98d38e7dcf2db0782e73b9bc23cbc3b8f3d5461c78bbba30dc0decd870ca48b035b8f2e5c3f66c87ca1ddfd0932677ba5d1a9821d1aa0a437d4f8458f12924c22a71aef4d4ea8406991521d4dae9dcdd06ca81ec6f45aa7ce75dd39d1243a1e031cf01ce056cb390123053d169be4f295ac16b377d7d03392bf2b0507ff8b1cc4dc6998fcb5d46a630b0a58695ee6cc48db404873a2818c498da1ec70763b07a70d5910bfb6cc985e2f5d6150a60741f71c29fb07cefc70958482fea709dbd6fbcd9182fe7961d20a8988d6bbc4aeac083f2db704ea03e14bc594144ff42d10c61b8f0c5db8fef827a51cb4742cdde84a0ee8252ca067e71785ff6dae633489936bcc564367d534ad72113ac1da855135e9fbbab54e9c99ad243f01e69f5541ac261565d2062740ae7b7617e12655b115419753a9a0374775f5228fb3ae5f7d58fbbc7fc6e928acd1b1336497815d6a1d17dea92c2c400abff719b888128a1e9338266b3843b598eb17b0fb365131c5f732ba8b0bb52521470ce206540e2050bedaac4c7822a623267eb33a05946e2cec91814bef3bb1d66cfe531ab784968821bfc95cfb91284cde2489660111e4983d9e7ccc583afe77ebf209572b74e1ef452520841e9e77c71a87e2c7929deeb131cc4944fac5f0f9e315455aaa95a794df455012a2389f823929466fe837ac5a7c92ba03bccbd56e0aeb836c688e5d3c2dbc4b29306ad01be26443609ae7985aecaed68653e77c3c5c2737cecf4bc0319b8ab8f89bcbd2a3e08402aac93a7b3b40cb00f0ac40e1d24bd06d8049de54e1c371ada667bf5c395a18aad2b5c7509240877ef4f5a4a94badd53f7b8e1d3546f856feba9c0733c3f1fb93dcf5454e195be899eef6f4e6c258c9e43807dadd3421866016cb727da2c32509eb38bc89c622675cca6718c6def81ec4424c98e190d30681cf99987b1b68be1ba1c9545167f5cade8f515638f6c1bb5d5a8b3c2fe8b42dba5d222374009af03020f21067769b5bd9975beed10a86468ce9c71db9b38e9a6445f9ce305404ed6eafb99162ef6f1f8ec3b423c4e80fda16b6e5233e5468d5a279ba8863339d674dd41370d0555957b853f82cda65a06563eb6a75bd93277e31d4ffb4b986c6e5fdf3927df7c870c941bde39eac1d687598529ff74a4156d0d85da9ab3909776884e1ac26c79ff0ac96da46cea773be59865835e951e3fe0ddec15bcbd857bebf0f0156136f6b30f410b30938a0e0e730fd797b4a87fa3f704e6cf51e34953ecfe1c55e5d8cf275b8d90ab702b9f397e5b5bc9a983ae1c1dee723b38fc4978f2b835bc3aa02fea8b2afaefbdaa23b138277a4b45372e59f1c3617d306ee230d72b793acbc01261a6fb8c5124745bc0c7cf7852e1361255048a851b90212f8893980927e3649a64510e55381aba49c53580725344f1a84af397c8954dc6fa20c984117c7cabc7bf2e5a1fab4b9ff4f26a7bf7848f45f157a79dbd6f26ff4f5ec822df5885827ee5f70c22b9af0ad9d9b0c3fa8883912d70ec1dbe4f58321e547aee481894c52c6d410d495287e1943f5fbd4ec700963f45b3cd6c74416e98ad802b92040cd443d92d49331a9d708357ef58dde4c16450af5e9ecab7edbdc8165e9dbc7b3f686c7c63f61faadd6f07f66ab502ba4b33f5063235f41ca133c130b41b86a83eb2b7a6940d2ddc75dda726dcfa71179f9f1fa54a66d4bb52e9d9337a65e6cea026ccece390a2d0bbac847ecf2aabe6e89f023ad7b85833790e908e115682f41b8d9838dad130f6980e00a164d7ccd2a5fc71dacc7df7febfcc70d5b6ef9d17a86b6104e8dc9cde08cd3315e69f3cc53f6b371a9ad42c41e29b99a4056c8b289b06afb71541137c4c37a7b3b796cf513420cb689c4b6bcf9ca44b28a0abbf839ea2982f79c849007ba6c30c05d65caa4c7a0ba9b778a8e1e8cb1b7ab42cfe85d415fbd4b138fcef41f7c8aef3bee2395fe616bbbc3a892e6635ece1a7be8205c44dfb6d437a6d04a2af944f6fd3b7abefd37dc989f9d0ba5e7e068e8ea8dfd526b5230fcfafda60f7187fb6d929aee54d5ce298747022ea9a0b499317cd0fd25e86421ee645a7684560f84c43420d9b771fdac3f1ca6ff4b40500717ceb7081cfa7c66dc86863d86f18381ee97d103c87b999b6275d0c79f2e1770359aa840772d5e6fcf5c75da598e38da8fd313ae24ed6c562c84a59cd4ceb0e0a315fda089551ccde06272550b64e5c51737dcf6c5ead6bb441aa5cb3ad6bc03b5bc0cea2b5de851c66e1737689e67970a912ff047546ed9bc7426d96c775d78c902752c95604393a03d723e481ddcd85e6aba18dcbd56d93627e9813ee814690c1c31777cbdedc0dc7eef42839400fada5923715a6f1cee77b01c9c536c1040f3db7fc4c711c40ced6c34c689bf2ad563bdd7fd07b55fae6cd3c142bdf8fc5ffe27b2dabc981261fd1a79ab06b1d5328fbf5b1c146af35a0bdb10d95160d8746d9ffbd4cf3e39c3eca01753d63bc0b6b268f95bbc5c4adf893bc85050c3058fc3a70255eef3f603dc355398247aa1853fddab22396827b2163ca82b09f6226f81ed40fdb091bb3a8f37b2b1569d169cd34ed46c297978c94965e5aae6f56dc7da80671dae9f6e636857290f4b1ae0d2503189374af27b9418a5ee03342facc3060462aa76fe64bd668541066640a8bce2bdcec92348d1ec40e301916701b81c2f261d43c846b8c82d485eae45b96450e3791144b989737684923ae80dc7468a0495525d5b83f1138afc402357bf9cd19e58a6238c68cc5f8377fb52533b77d61732a5343e6672abc1fca2b5613a82eb9aec4b48d81d04cd24a6ad5f0e647fefae78dfb861f421c792b2ac5b044aa5cf72a91abad2071ad16389abbc3ab6a3a8a040654bc60e8c47da87e2d7c2d7be73215d95562abd1c7d4ade63fc38d813d20210dbd10a9e8a161770b32d81197be6a4a2c7f86fae3dfb563536fdf1a6a42e6b8a57f166a6e05450cfa26c9c69765b5eac832f99483ad0d9391ec83e638b166df9720164a8624bf18d8047926d0a3b9619b28797e25491420c2115d516214cd2e05d581f3f16b24eb3380df54dc6d0530b1de22e9e02fce2d313988402bc1a0cef643da2a1da39e59ccaa387745f501c338699b2ca5dad87b1d5ad9ab43866d414843c84cffb6c9df6b643702f13d541d14a81f19540a9d3ab7ee09e76a48f07cb63c805c5dde04c14e930f30e5e5949d1e939277de29878ae4e00c7158b98abf16ee1cb9614073d9750357c658c0765773e6c0026bcf91a9bc9a0d0be37bc9ad43851ef3d1e1a98c48a69ad0e0ba2915d2cef3bfef895f2284a048e5a8ee9869f779736a872299b6d890d39b25c579664e6134db1866a901920f32fa1f93902600171228f4b16052cd24342dfe8cbf3181bab6a8b5b78889ab98a3eb4dc8c29d6176318531de3c8f4bd78b2ebb3f49ba64c87d298096017345d1f026214a150ba29cc819c026b540ce35eb365d40d4c9527ae301d36f3dfd3a0ffd3333765557fdefc981687c333c9b73bed43701b24a3dda78556bc3c4f9f871e44294c42fc5e1512c8aa5d6df23259c49902c6870819101c51783c627386fdf6f83a9862ef9b2f44bd19906d94b9d1a5c064e729f05115fa4a98f6977f39e9a370f33ba3390aab7dd273d27ef5bd512bda53aad1a9e51c116ef30b43c1462398ce2cfdba1a71158ee45cc68b489f834e4f33290092a05a499e507ad5b3472ac3c4dd5afd97fbafac22daf960f173f0e3cbee141a9798b72c2e3f0d96f568280b1c56b2eadbcee9264af4a272e93bc73ba3b99a802ef0ce8611564e7419fff1af1e57191e7ef298b32db2ed5a2fbaa1f98879be734dd4eac214bc6cdba473d521c13f7b4207be978b57926927815f1b326cdd6fce7f070675dfeca8c9d054df8c510e9042fb82fbfce79b080aef88ad7d6b0bf99f4d1a4044b1caa7404105cadec6561cd2776d57b3be2bb221ff3e2a846b578bb4967535e10e1ac7181e69666c5af9cbbb3d758e9aca4504948e357c5ad384c97d75848b9d12131da52a749defa17ee2b29d0cad22d74cd45757aa7717a72c85478b04ab3d0bc6f53e39979f4b64dbcbd4f2008226e0b358b86c037da72950e4bf74d568b0d3dfd314fcba13c0a202abafeecfe9a7694d5aa55a7fd2d61927f9444808be2524438a959a3340559531a22020a587052f8380eae1a20c2a617baeb0826406e665b41c7d7450aed19b81b3c1d44f450d525fd3720877b61701aa0a6f5a23690117b20af1c13ae95ae6496a98a4976b1fc8fcd070bd8dcc917805032be94809cd94f1fb203f4ca8afdf80ad4a5a77e6c2e0b335fb4c24647e439b6468689e1b87d1f41f91f59f3efdb8a2bde0337471cdf896defae1d6a554b0ca14ef5e1b1c13f1868154341553c1831fc6c6db8b97544770800fd7843837f26806ebccad29fe9b13af48de54a06f52408f74e2bb4869569b3489f70b3d5fb04b05bc2608fbccbed64ad8f156a7ed9b65f41dca20523b24a55dc9d14de5ee134cd354940be1589b74901bec7e17a00217e214b55e96a282ebced2341e828f89bf3235c17aef2655a95933320c66d108bb7845ab321128c05e14"}], 0x1130}}], 0x7, 0x200000d1)
close_range(r6, 0xffffffffffffffff, 0x0)

8m13.481116621s ago: executing program 37 (id=1769):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000000))

8m13.264477798s ago: executing program 38 (id=1775):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TIOCOUTQ(r1, 0x8902, &(0x7f0000000280))
r2 = io_uring_setup(0x2e71, &(0x7f00000003c0)={0x0, 0x800000, 0x400, 0x2, 0x131})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r2, 0x17, &(0x7f0000000300)={0x0}, 0x1)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e21, [0x0, 0xffffffff, 0x1], [0xfffffffe], 0x0, [0x1, 0x3]}}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}, 0x1, 0x0, 0x0, 0x44044}, 0x20004010)
syz_usb_connect$uac1(0x2, 0x9d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x3, 0x1, 0x0, 0x70, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8}, [@feature_unit={0x7}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x101, 0x6, 0x8, 0x1000, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x40, 0x2, 0xff, {0x7, 0x25, 0x1, 0x2, 0xff, 0x40}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x3, 0x7, 0x3, "ce428ac4cefc548400"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x10, 0x1001}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0xc, 0x0, 0x9, {0x7, 0x25, 0x1, 0x3, 0x2, 0x81}}}}}}}]}}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@empty, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x9ac, 0xfffffc, 0x3ffffffffffffffd, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}, 0x800, 0x6e6bbc, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000805}, 0x2c000010)
move_pages(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)

8m13.096663733s ago: executing program 39 (id=1780):
r0 = syz_open_dev$media(&(0x7f0000000040), 0xa50b, 0x420903)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000080)={0x80000000, 0x0, &(0x7f0000000500)=[{{}, {<r1=>0x80000000}}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000000300)={r1, 0x0, 0x0})
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_CMDTEST(r2, 0x8050640a, &(0x7f00000011c0)={0x0, 0x30000, 0x0, 0x82, 0xfffffe0c, 0x8, 0x20, 0x3, 0x1e0, 0x5, 0x40, 0x8001, 0x0, 0x0, 0x0})
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000480)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000006100)={0x2020}, 0x2020)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
openat$cgroup_ro(r3, &(0x7f00000001c0)='net_prio.prioidx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x3, 0x4, &(0x7f00000002c0)=[{0x0, 0x0, 0x3e0000}], 0x0)

7m25.962507227s ago: executing program 9 (id=1786):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52ba}, [@call={0x85, 0x0, 0x0, 0x6d}, @printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
socket$netlink(0x10, 0x3, 0x8000000004)

7m24.865294323s ago: executing program 9 (id=1787):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}, @NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x23f, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}, 0x1, 0x0, 0x0, 0x10}, 0x40)

7m23.867620407s ago: executing program 9 (id=1788):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f00000000c0)=0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000700)={0x23e, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x87\xc3\xa1 c\xbf;\xad\xebT\x10', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbe\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xc5\x01!\x96\xa7c\x19\x85'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100), 0x4)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
listen(0xffffffffffffffff, 0x7f)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaaaaaa13080045000008006800008306907864010101ac14f2aa00004e22", @ANYRES32=0x41424344, @ANYRESDEC, @ANYBLOB="6dd09faa95558d0ec6995792f6c218465d118a2b5efafe70dc4b15aa817c63100c14130518fccd39ec27eaf2592022a7b0620473acf3bd2b9ba5b9191d6e96abe92da6da663df967a07d150d47b7b57af150a289d55d64cec2a8aa0bdd24b2a0af381d6d4bd5292c5b2b19f68ddc8b8e720ed008042208b19b47b2f1ebc14ccd501523dae1934d33c3"], 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000002e00090027bd7000000000000400000008000c00", @ANYRES32=0x0, @ANYRES64=r1], 0xb8}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

7m22.394492329s ago: executing program 9 (id=1789):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd27, 0xa, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random='\x00'}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x1c}]]}, 0x2c}}, 0x0) (fail_nth: 1)

7m22.065764803s ago: executing program 9 (id=1790):
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='geneve1\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000f80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(0x0, 0x0)

7m20.211345019s ago: executing program 9 (id=1791):
open(&(0x7f00000002c0)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x1e4, 0x3180, 0x0, 0x400251}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
rt_sigprocmask(0x2, &(0x7f00000001c0)={[0x1]}, 0x0, 0x8)
syz_io_uring_submit(r3, r4, &(0x7f0000000500)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x33, 0x4000, @fd_index=0x1, 0x5, 0x0, 0x0, 0x2, 0x1, {0x2}})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})

7m4.56160479s ago: executing program 40 (id=1791):
open(&(0x7f00000002c0)='./file0\x00', 0x2a4c0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400600142603600e1208000b0000000401a8001600a400014009000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x1e4, 0x3180, 0x0, 0x400251}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
rt_sigprocmask(0x2, &(0x7f00000001c0)={[0x1]}, 0x0, 0x8)
syz_io_uring_submit(r3, r4, &(0x7f0000000500)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x33, 0x4000, @fd_index=0x1, 0x5, 0x0, 0x0, 0x2, 0x1, {0x2}})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})

4m26.318384814s ago: executing program 1 (id=1841):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x48, 0x0, &(0x7f0000000180)="e30080670000ec67838717bd86dde148f063096244fe42904bcee14db4241544716b9ea42231ed3373a3e29953e3bb017d9c1fd05dacf5bb80b4b7ee0fae7aea5349ff567ea8f626", 0x0, 0x407, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85) (fail_nth: 1)

4m25.954348047s ago: executing program 1 (id=1842):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@dellink={0x30, 0x11, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40020, 0x600}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x1}, @IFLA_GROUP={0x5f, 0x1b, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004}, 0x48840)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x7, 0x2, 0x6, 0x0, 0x2, 0x7, 0x1, 0x0, 0x7fffffff})
mount(&(0x7f0000000080)=@md0, &(0x7f0000000140)='./file0/file0/../file0\x00', &(0x7f00000001c0)='reiserfs\x00', 0x2, 0x0)
symlink(&(0x7f00000024c0)='./file0/file0\x00', &(0x7f0000002500)='./file1\x00')

4m25.916238522s ago: executing program 1 (id=1843):
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000700)={0x23e, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x87\xc3\xa1 c\xbf;\xad\xebT\x10', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbe\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xc5\x01!\x96\xa7c\x19\x85'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100), 0x4)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0)
r7 = socket(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
listen(r7, 0x7f)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaaaaaa13080045000008006800008306907864010101ac14f2aa00004e22", @ANYRES32=0x41424344, @ANYRESDEC=r7, @ANYBLOB="6dd09faa95558d0ec6995792f6c218465d118a2b5efafe70dc4b15aa817c63100c14130518fccd39ec27eaf2592022a7b0620473acf3bd2b9ba5b9191d6e96abe92da6da663df967a07d150d47b7b57af150a289d55d64cec2a8aa0bdd24b2a0af381d6d4bd5292c5b2b19f68ddc8b8e720ed008042208b19b47b2f1ebc14ccd501523dae1934d33c3"], 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000002e00090027bd7000000000000400000008000c00", @ANYRES32=0x0, @ANYRES64=r0], 0xb8}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

4m23.116437499s ago: executing program 1 (id=1844):
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='geneve1\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000f80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(0x0, 0x0)

4m21.846124054s ago: executing program 1 (id=1845):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4006}, 0x4)
setsockopt$sock_int(r1, 0x1, 0x2c, &(0x7f00000000c0)=0xbfe, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x75b0c000)
fchdir(r2)
connect(r2, &(0x7f0000000180)=@xdp={0x2c, 0xe, 0x0, 0x1c}, 0x80)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
getsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100), &(0x7f0000000140)=0x4)
syz_open_procfs(r0, &(0x7f0000000200)='net/ip6_tables_names\x00')

4m21.784318436s ago: executing program 1 (id=1846):
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000700)={0x23e, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x87\xc3\xa1 c\xbf;\xad\xebT\x10', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbe\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xc5\x01!\x96\xa7c\x19\x85'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100), 0x4)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0)
r7 = socket(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
listen(r7, 0x7f)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaaaaaa13080045000008006800008306907864010101ac14f2aa00004e22", @ANYRES32=0x41424344, @ANYRESDEC=r7, @ANYBLOB="6dd09faa95558d0ec6995792f6c218465d118a2b5efafe70dc4b15aa817c63100c14130518fccd39ec27eaf2592022a7b0620473acf3bd2b9ba5b9191d6e96abe92da6da663df967a07d150d47b7b57af150a289d55d64cec2a8aa0bdd24b2a0af381d6d4bd5292c5b2b19f68ddc8b8e720ed008042208b19b47b2f1ebc14ccd501523dae1934d33c3"], 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000002e00090027bd7000000000000400000008000c00", @ANYRES32=0x0, @ANYRES64=r0], 0xb8}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

4m6.029415391s ago: executing program 41 (id=1846):
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000700)={0x23e, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x87\xc3\xa1 c\xbf;\xad\xebT\x10', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbe\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xc5\x01!\x96\xa7c\x19\x85'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f0000000100), 0x4)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0)
r7 = socket(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
listen(r7, 0x7f)
syz_emit_ethernet(0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaaaaaa13080045000008006800008306907864010101ac14f2aa00004e22", @ANYRES32=0x41424344, @ANYRESDEC=r7, @ANYBLOB="6dd09faa95558d0ec6995792f6c218465d118a2b5efafe70dc4b15aa817c63100c14130518fccd39ec27eaf2592022a7b0620473acf3bd2b9ba5b9191d6e96abe92da6da663df967a07d150d47b7b57af150a289d55d64cec2a8aa0bdd24b2a0af381d6d4bd5292c5b2b19f68ddc8b8e720ed008042208b19b47b2f1ebc14ccd501523dae1934d33c3"], 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000002e00090027bd7000000000000400000008000c00", @ANYRES32=0x0, @ANYRES64=r0], 0xb8}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

2m48.738301752s ago: executing program 7 (id=1918):
syz_emit_ethernet(0x38d, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x357, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}]}}}}}}, 0x0)

2m48.553560044s ago: executing program 7 (id=1919):
r0 = creat(0x0, 0xe5)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xb, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="1800000005400000000000000702000000000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000002c0)=0x4)
ioctl$TIOCSTI(r1, 0x5412, 0x0)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000040)={0xfffffff8, 0x401, 0xfffffffd, 0xc4cf, 0x7, "0441920887e87fcb367800000000080100", 0x4, 0x200})
ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f00000003c0)=""/189)
setgroups(0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0203000007000000e5000000000000000500060000a000000a0080ff00000000fe88e2000000000000000000000001010000000000000000"], 0x38}}, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r4)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$TIOCL_SETVESABLANK(r4, 0x560e, &(0x7f0000000140))
ioctl$VT_ACTIVATE(r2, 0x5606, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYRESDEC=r1], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r6 = socket$kcm(0x29, 0x2, 0x0)
r7 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r7, r5})
r8 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r8, 0x10e, 0xc, &(0x7f00000005c0)=0x4, 0x4)
sendmsg$netlink(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000780)=ANY=[@ANYBLOB="1c0000005e0001"], 0x1c}], 0x1}, 0x800)
sendmmsg(r6, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000340)='B?', 0x2}], 0x1}}], 0x1, 0x4000050)
r9 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r9, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/191, 0xfffffd90}], 0x1, 0x182, 0x0)
ioctl$sock_SIOCINQ(r6, 0x541b, &(0x7f0000000280))

2m47.499121907s ago: executing program 7 (id=1923):
close(0x3)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x30}}, 0x40)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ff07000000ffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0x3fc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffeff}]}, 0x140}}, 0x844)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r8, @ANYRES32=r0, @ANYBLOB="05"], 0x10)

2m46.303063376s ago: executing program 7 (id=1927):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, 0x0, 0x0) (async)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000080)=@base={0xa, 0x16, 0xb3, 0x7f, 0x10044}, 0x50)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10022, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xb, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071103900000000007d400500000000002604000001ed00000f030000000000007c440000000000006b0a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c26fc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca4856ff03b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec860cde7c79f7b4d4e24c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b450100000001000000393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00400000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd599c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb80610eb37bd2d40ebdfed687f0b093e68f10b72146a0b749ee2105e2da94a288146abbbaf7c0b24fe0000000000000000f1a4f4de6a8d12dc9e71a20cbd412898586843b534d36e21379a8a06133c1babde9e5bd5b6afc5f684aada43ee560e800f58cb33b8483f6518abde7c86bd5d389c1b3c40fdd4bebe4adf87b1025ff57eb50984cc5bad9ea1c15484ea627c3c1501d612ed65939266e7332966f03e0376076e7c5dfe25f367dda7f69db89829b360dd2f59cbaad10f13e269eca792725bbacb96aa0a5c426ca76f84322661"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffa3, 0x0, 0xffffffffffffffff, 0x2f}, 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r1, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000400)="580000001400192340834b80040d8c560a067fbc45ff620500000000070058000b480400945f640094272d7061d328b92d0000000000008000f0fffeffe809000000ffd9dd000000100001000b0808004149224e06040800", 0x58}], 0x1) (async)
syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c89000c2c0120010000000000000000000000000001"], 0x0) (async, rerun: 64)
syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x250, 0x47, 0x8b, 0xb0, 0x40, 0x2899, 0x12c, 0xbaf8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x5f, 0x65, 0x60, 0x70, [{{0x9, 0x4, 0xe3, 0x8, 0x1, 0xc0, 0x8a, 0xc8, 0x3, [], [{{0x9, 0x5, 0xe, 0xc, 0x8, 0x3, 0x0, 0x3}}]}}]}}]}}, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0}) (rerun: 64)

2m42.882463133s ago: executing program 7 (id=1935):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd}) (async)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r0, 0x29, 0x49, 0x0, &(0x7f0000000a40))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x49010}, 0xc0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00708ac87384421f5e78b82f00000000000000", @ANYRES32=0x0, @ANYBLOB="00000200"], 0x1c}}, 0x4000800)
pipe(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x2c020400) (async)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) (async)
io_setup(0x4, &(0x7f00000014c0)=<r5=>0x0) (async)
r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00')
io_submit(r5, 0x1, &(0x7f0000000280)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0xfffe, r6, 0x0}]) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) (async)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) (async)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000007fc0)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020) (async)
r9 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_ipv6host(r9, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x3, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x40, 0x20, '!$'}, 0xb0) (async)
write$P9_RGETLOCK(r4, &(0x7f00000003c0)=ANY=[@ANYRES16=r7, @ANYRESDEC=r9, @ANYRES64=r8, @ANYRESHEX, @ANYRESDEC=r1], 0x200002e6) (async)
fcntl$setpipe(r4, 0x407, 0x7000000) (async)
fcntl$setpipe(r3, 0x407, 0x3a4) (async)
r10 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
lseek(r10, 0x7, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x0, 0x0, &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

2m37.788800442s ago: executing program 7 (id=1948):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x2100, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x14b440, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800190007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

2m22.523679072s ago: executing program 42 (id=1948):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x2100, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x14b440, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800190007000200060001c00200bc24eab556a705251e618294ff4051f60a84c9f4d4938037e786a6d00010000400000000000000c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4004004)

7.078852467s ago: executing program 5 (id=2659):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x69c, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000001300)={{0x3, 0x3, 0x1, 0x1}})

4.345126303s ago: executing program 5 (id=2692):
unshare(0x400)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, 0x0, 0x0)

4.300848198s ago: executing program 4 (id=2693):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000020080)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x12002, 0x0)

4.097900621s ago: executing program 4 (id=2695):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002abd7000020000fb010000000800010000eb15fa"], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

4.09773334s ago: executing program 8 (id=2696):
unshare(0x400)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0)

4.077095649s ago: executing program 5 (id=2697):
syz_open_dev$vim2m(0x0, 0x101, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00e}, 0x0)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x1c015, 0x0, 0x0)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
bind$802154_raw(r4, &(0x7f0000007cc0)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0202}}}, 0x14)

3.515362155s ago: executing program 8 (id=2699):
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069116200000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x15, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x65bba632}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="6400000002060300000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e657400000014000780080012400880000008000840000000140500050002000000050004000000000009000200"], 0x64}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f00000000c0)={'wlan1\x00', @random="c24f7b36aec9"})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@migrate={0x50, 0x11, [{@in6=@loopback, @in=@private=0xa010100, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x10)

3.089108157s ago: executing program 4 (id=2700):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d1000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f0000000300)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)

2.913739525s ago: executing program 5 (id=2701):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, 0x0}}], 0x1, 0x4000000)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000080)={r2, 0x7, 0x109e, 0x0, 0x605c, 0xf}, 0x14)

2.762750964s ago: executing program 5 (id=2702):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20002, <r3=>r1, 0x2})
r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)={<r5=>0x0, 0x0, r3})
ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, &(0x7f0000000300)={r5})
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7})
syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.74561003s ago: executing program 4 (id=2703):
unshare(0x22020600)
r0 = socket$unix(0x1, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e75", 0xc7}], 0x1}, 0xff00)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x5c, 0x0, &(0x7f0000000000))

2.638745531s ago: executing program 8 (id=2704):
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000003c0)={r2, 0x0, 0x20}, 0xc)

2.512460103s ago: executing program 4 (id=2706):
unshare(0x22020600)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x22, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000100)=""/219, &(0x7f0000000040)=0xdb)

2.456642993s ago: executing program 8 (id=2708):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000100), 0x8)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0404"], 0xd)

2.453818574s ago: executing program 5 (id=2709):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="0100"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r8], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c00000010000104000000000000080000000000", @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r11], 0x4c}}, 0x884)

2.330381765s ago: executing program 8 (id=2711):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)

2.277878791s ago: executing program 4 (id=2712):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000480), 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r3=>0x0})
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000200)={r3, 0x1, 0x6, @multicast}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x3, 0xfff1}, {0x9, 0xa}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x4048080}, 0x0)

1.882993794s ago: executing program 0 (id=2720):
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x47)

1.788264728s ago: executing program 0 (id=2722):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000100), 0x8)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0404"], 0xd)

1.764615228s ago: executing program 0 (id=2723):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e24, 0x6, @local, 0xffffff6e}}, 0xc, 0x3, 0x0, 0x7, 0x52, 0x7f, 0x7}, 0x9c)

1.650285595s ago: executing program 0 (id=2725):
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000069116200000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x15, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x65bba632}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="6400000002060300000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e657400000014000780080012400880000008000840000000140500050002000000050004000000000009000200"], 0x64}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40))
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2}}, [@migrate={0x50, 0x11, [{@in6=@loopback, @in=@private=0xa010100, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x10)

1.59052539s ago: executing program 8 (id=2727):
accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000080))
socket(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0)

1.550544659s ago: executing program 0 (id=2729):
syz_open_dev$vim2m(0x0, 0x101, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000000100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x100000000002, 0x4)
sendmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00e}, 0x0)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x1c015, 0x0, 0x0)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r4, &(0x7f0000007cc0)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0202}}}, 0x14)

449.565711ms ago: executing program 2 (id=2738):
bind$alg(0xffffffffffffffff, &(0x7f0000020100)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-512\x00'}, 0x58)
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000020080)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x12002, 0x0)

392.914645ms ago: executing program 2 (id=2739):
unshare(0x22020600)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r0, 0x6, 0xe, 0x0, &(0x7f0000000080))

350.321535ms ago: executing program 0 (id=2740):
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
r0 = socket(0x28, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)
close(r1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000ffffff80e500020000000000c500fcff000000008500feffd100000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
connect$vsock_stream(r0, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10)

261.985872ms ago: executing program 2 (id=2741):
unshare(0x400)
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$unix(0x1, 0x1, 0x0)
socket$inet(0x2, 0x1, 0x5)
socket(0x2, 0x3, 0xff)
socket$alg(0x26, 0x5, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e)

209.797412ms ago: executing program 2 (id=2742):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x1, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @empty}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x50}}, 0x44)

135.296594ms ago: executing program 2 (id=2743):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0xa}, {0xe, 0xb}, {0x9, 0x4}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0xe, 0xb, 0x3}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x2004c8f3}, 0x404c000)

0s ago: executing program 2 (id=2744):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000003140)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10)
close(0x3)
accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000)

kernel console output (not intermixed with test programs):

usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1460.594429][T14795] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1460.594454][T14795] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1460.594478][T14795] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1460.594502][T14795] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1460.594545][T14795] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1460.594569][T14795] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1460.720934][T14795] usb 3-1: config 0 descriptor??
[ 1460.968887][T15280] team0: Port device team_slave_0 added
[ 1460.978790][T15473] loop2: detected capacity change from 0 to 7
[ 1460.993185][T15473] Dev loop2: unable to read RDB block 7
[ 1460.993224][T15473]  loop2: AHDI p2 p3
[ 1460.993255][T15473] loop2: partition table partially beyond EOD, truncated
[ 1460.993362][T15473] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1460.997249][T15280] team0: Port device team_slave_1 added
[ 1460.998528][T14795] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 20 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1461.276561][T15280] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1461.276580][T15280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1461.276606][T15280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1461.281479][T15280] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1461.281498][T15280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1461.281527][T15280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1461.796653][T15483] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2047'.
[ 1462.275723][T15482] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2044'.
[ 1463.400099][T15486] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2048'.
[ 1465.338715][   T68] bridge_slave_1: left allmulticast mode
[ 1465.338746][   T68] bridge_slave_1: left promiscuous mode
[ 1465.338990][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1465.423410][   T68] bridge_slave_0: left allmulticast mode
[ 1465.423440][   T68] bridge_slave_0: left promiscuous mode
[ 1465.423682][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1465.459190][T15495] usb 3-1: USB disconnect, device number 20
[ 1465.485768][T15495] usblp0: removed
[ 1465.524603][T15505] IPVS: length: 149 != 8
[ 1466.154619][T15527] loop5: detected capacity change from 0 to 7
[ 1466.205993][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1466.206273][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.098473][T15495] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1467.161877][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.161914][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.242192][ T5814] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1467.248172][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.264217][T15495] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1467.264246][T15495] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1467.264272][T15495] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1467.264294][T15495] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1467.264333][T15495] usb 9-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1467.264357][T15495] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.349384][T15495] usb 9-1: config 0 descriptor??
[ 1467.384242][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.384276][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.385754][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.385790][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.386125][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.386149][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.386412][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.386433][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.386813][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.386835][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.386951][T15527] ldm_validate_partition_table(): Disk read failed.
[ 1467.387135][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.387160][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.387408][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1467.387431][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.388680][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1467.389881][T15527] Dev loop5: unable to read RDB block 0
[ 1467.390606][T15527]  loop5: unable to read partition table
[ 1467.390881][T15527] loop5: partition table beyond EOD, truncated
[ 1467.390895][T15527] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1467.549073][ T5814] usb 1-1: Using ep0 maxpacket: 16
[ 1467.568593][ T5814] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 28
[ 1467.568656][ T5814] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1467.568743][ T5814] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1467.568779][ T5814] usb 1-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00
[ 1467.568803][ T5814] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.580932][ T5814] usb 1-1: config 0 descriptor??
[ 1467.600244][T15495] hdpvr 9-1:0.0: firmware version 0xce dated çæ
[ 1467.600244][T15495] uÇjO—m{­¢ò…}…ÑXn~mæj.­Xýžè†Ëº63¥øký_
[ 1467.600279][T15495] hdpvr 9-1:0.0: untested firmware, the driver might not work.
[ 1467.686358][T14734] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1467.850075][T15525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1467.850469][T15525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1467.854198][T14734] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1467.854247][T14734] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[ 1467.854273][T14734] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.859260][T14734] usb 3-1: config 0 descriptor??
[ 1468.068427][ T5814] usbhid 1-1:0.0: can't add hid device: -71
[ 1468.068754][ T5814] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1468.079731][ T5814] usb 1-1: USB disconnect, device number 66
[ 1468.324982][T14734] steelseries 0003:1038:12B6.000B: item fetching failed at offset 6/7
[ 1468.325717][T14734] steelseries 0003:1038:12B6.000B: probe with driver steelseries failed with error -22
[ 1468.530219][T15532] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[ 1468.565323][T15532] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1468.581043][T15532] vhci_hcd vhci_hcd.0: Device attached
[ 1468.594166][T15538] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(8)
[ 1468.594185][T15538] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1468.594308][T15538] vhci_hcd vhci_hcd.0: Device attached
[ 1468.600541][T15532] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(10)
[ 1468.600571][T15532] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1468.600654][T15532] vhci_hcd vhci_hcd.0: Device attached
[ 1468.697176][T15539] vhci_hcd: connection closed
[ 1468.697803][T15536] vhci_hcd: connection closed
[ 1468.699499][T15541] vhci_hcd: connection closed
[ 1468.705861][ T6218] usb 3-1: USB disconnect, device number 21
[ 1468.709293][ T4186] vhci_hcd vhci_hcd.2: stop threads
[ 1468.709320][ T4186] vhci_hcd vhci_hcd.2: release socket
[ 1468.709383][ T4186] vhci_hcd vhci_hcd.2: disconnect device
[ 1468.716169][ T4186] vhci_hcd vhci_hcd.2: stop threads
[ 1468.716187][ T4186] vhci_hcd vhci_hcd.2: release socket
[ 1468.716297][ T4186] vhci_hcd vhci_hcd.2: disconnect device
[ 1468.719744][ T4186] vhci_hcd vhci_hcd.2: stop threads
[ 1468.719762][ T4186] vhci_hcd vhci_hcd.2: release socket
[ 1468.719824][ T4186] vhci_hcd vhci_hcd.2: disconnect device
[ 1468.762050][T11142] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1469.833791][T15548] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2061'.
[ 1471.313163][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1471.372559][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1471.394768][   T68] bond0 (unregistering): Released all slaves
[ 1471.600675][T15554] random: crng reseeded on system resumption
[ 1471.900057][T15556] IPVS: length: 149 != 8
[ 1471.929434][T15495] hdpvr 9-1:0.0: device init failed
[ 1471.929526][T15495] hdpvr 9-1:0.0: probe with driver hdpvr failed with error -12
[ 1471.984738][T15544] erspan0: entered promiscuous mode
[ 1471.984873][T15544] macsec1: entered promiscuous mode
[ 1471.987966][T15495] usb 9-1: USB disconnect, device number 7
[ 1472.042933][T15544] erspan0: left promiscuous mode
[ 1472.191359][T15280] hsr_slave_0: entered promiscuous mode
[ 1472.200430][T15280] hsr_slave_1: entered promiscuous mode
[ 1472.201052][T15280] debugfs: 'hsr0' already exists in 'hsr'
[ 1472.201071][T15280] Cannot create hsr debugfs directory
[ 1472.242562][T15566] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2066'.
[ 1472.362122][T15495] usb 9-1: new full-speed USB device number 8 using dummy_hcd
[ 1472.560500][T15495] usb 9-1: not running at top speed; connect to a high speed hub
[ 1472.601714][T15495] usb 9-1: config 7 has an invalid interface number: 140 but max is 0
[ 1472.601745][T15495] usb 9-1: config 7 has no interface number 0
[ 1472.603116][T15495] usb 9-1: config 7 interface 140 has no altsetting 0
[ 1472.627320][T15495] usb 9-1: New USB device found, idVendor=06e1, idProduct=0709, bcdDevice= 2.04
[ 1472.627352][T15495] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1472.627374][T15495] usb 9-1: Product: syz
[ 1472.627389][T15495] usb 9-1: Manufacturer: syz
[ 1472.627405][T15495] usb 9-1: SerialNumber: syz
[ 1476.397555][T15589] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2072'.
[ 1477.231400][T15495] go7007 9-1:7.140: probe with driver go7007 failed with error -12
[ 1477.234421][T15495] usb 9-1: USB disconnect, device number 8
[ 1477.361996][ T5974] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1477.445844][   T68] hsr_slave_0: left promiscuous mode
[ 1477.458119][T15566] syz.2.2066 (15566): drop_caches: 2
[ 1477.493555][   T68] hsr_slave_1: left promiscuous mode
[ 1477.494583][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1477.494608][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1477.544547][ T5974] usb 1-1: Using ep0 maxpacket: 8
[ 1477.546870][ T5974] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[ 1477.549863][ T5974] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1477.549895][ T5974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1477.549917][ T5974] usb 1-1: Product: syz
[ 1477.549932][ T5974] usb 1-1: Manufacturer: syz
[ 1477.549947][ T5974] usb 1-1: SerialNumber: syz
[ 1477.754782][ T5974] usb 1-1: config 0 descriptor??
[ 1477.867568][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1477.867598][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1477.898724][ T5974] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1477.898780][ T5974] usb 1-1: setting power ON
[ 1477.898809][ T5974] dvb-usb: bulk message failed: -22 (2/0)
[ 1477.932871][ T5974] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1477.933823][ T5974] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1477.933875][ T5974] usb 1-1: media controller created
[ 1477.988174][ T5974] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1478.026735][ T5974] usb 1-1: selecting invalid altsetting 6
[ 1478.026759][ T5974] usb 1-1: digital interface selection failed (-22)
[ 1478.026782][ T5974] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1478.031747][ T5974] usb 1-1: setting power OFF
[ 1478.031789][ T5974] dvb-usb: bulk message failed: -22 (2/0)
[ 1478.051988][ T5974] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1478.052012][ T5974] (NULL device *): no alternate interface
[ 1478.092218][T15591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1478.092765][T15591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1478.098589][T15591] dvb-usb: bulk message failed: -22 (3/0)
[ 1478.098619][T15591] dvb-usb: bulk message failed: -22 (4/0)
[ 1478.098634][T15591] cxusb: i2c read failed
[ 1478.168362][   T68] veth1_macvtap: left promiscuous mode
[ 1478.168483][   T68] veth0_macvtap: left promiscuous mode
[ 1478.168741][   T68] veth1_vlan: left promiscuous mode
[ 1478.168919][   T68] veth0_vlan: left promiscuous mode
[ 1478.418894][T15591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1478.419324][T15591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1479.312374][ T5974] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1479.388823][ T5974] usb 1-1: USB disconnect, device number 67
[ 1480.736540][T15656] FAULT_INJECTION: forcing a failure.
[ 1480.736540][T15656] name failslab, interval 1, probability 0, space 0, times 0
[ 1480.736578][T15656] CPU: 0 UID: 0 PID: 15656 Comm: syz.2.2097 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1480.736607][T15656] Tainted: [L]=SOFTLOCKUP
[ 1480.736614][T15656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1480.736626][T15656] Call Trace:
[ 1480.736634][T15656]  <TASK>
[ 1480.736643][T15656]  dump_stack_lvl+0x189/0x250
[ 1480.736672][T15656]  ? __pfx____ratelimit+0x10/0x10
[ 1480.736701][T15656]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1480.736725][T15656]  ? __pfx__printk+0x10/0x10
[ 1480.736750][T15656]  ? __pfx___might_resched+0x10/0x10
[ 1480.736775][T15656]  should_fail_ex+0x46c/0x600
[ 1480.736805][T15656]  should_failslab+0xa8/0x100
[ 1480.736827][T15656]  __kmalloc_cache_noprof+0x84/0x6d0
[ 1480.736854][T15656]  ? rwbase_write_lock+0x56f/0x750
[ 1480.736875][T15656]  ? assoc_array_clear+0x76/0x190
[ 1480.736901][T15656]  assoc_array_clear+0x76/0x190
[ 1480.736927][T15656]  keyring_clear+0xc2/0x240
[ 1480.736950][T15656]  ? __pfx_keyring_search_iterator+0x10/0x10
[ 1480.736972][T15656]  ? __pfx_keyring_clear+0x10/0x10
[ 1480.736998][T15656]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1480.737021][T15656]  keyctl_keyring_clear+0xc9/0x170
[ 1480.737048][T15656]  __se_sys_keyctl+0x392/0x910
[ 1480.737077][T15656]  ? __pfx___se_sys_keyctl+0x10/0x10
[ 1480.737101][T15656]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1480.737127][T15656]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1480.737151][T15656]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1480.737186][T15656]  ? fput+0xa0/0xd0
[ 1480.737207][T15656]  ? ksys_write+0x230/0x260
[ 1480.737234][T15656]  ? __pfx_ksys_write+0x10/0x10
[ 1480.737263][T15656]  ? do_syscall_64+0xbe/0xf80
[ 1480.737280][T15656]  ? __x64_sys_keyctl+0x20/0xc0
[ 1480.737309][T15656]  do_syscall_64+0xfa/0xf80
[ 1480.737328][T15656]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1480.737347][T15656]  ? clear_bhb_loop+0x60/0xb0
[ 1480.737370][T15656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1480.737386][T15656] RIP: 0033:0x7f953b8df749
[ 1480.737402][T15656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1480.737418][T15656] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1480.737437][T15656] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1480.737450][T15656] RDX: 0000000000000000 RSI: 00000000094e753d RDI: 0000000000000007
[ 1480.737463][T15656] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1480.737475][T15656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1480.737494][T15656] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1480.737528][T15656]  </TASK>
[ 1481.099120][    C0] vcan0: j1939_tp_rxtimer: 0xffff88808e899000: rx timeout, send abort
[ 1481.102322][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88808e899000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1481.523178][ T2226] Bluetooth: hci3: received HCILL_GO_TO_SLEEP_ACK in state 1
[ 1481.541731][ T2226] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1482.322133][ T6218] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1482.484115][ T6218] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1482.484161][ T6218] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[ 1482.484185][ T6218] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1482.488736][ T6218] usb 1-1: config 0 descriptor??
[ 1482.898800][T15683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1482.899896][T15683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1482.960209][ T5984] kernel read not supported for file /175/coredump_filter (pid: 5984 comm: kworker/1:11)
[ 1482.969982][T15683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1482.970372][T15683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1482.971377][T15683] sctp: [Deprecated]: syz.0.2109 (pid 15683) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1482.971377][T15683] Use struct sctp_sack_info instead
[ 1482.973965][   T37] audit: type=1326 audit(1766142049.716:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15682 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeaef6f749 code=0x7ffc0000
[ 1482.974376][   T37] audit: type=1326 audit(1766142049.716:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15682 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbeaef6f749 code=0x7ffc0000
[ 1482.974847][   T37] audit: type=1326 audit(1766142049.716:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15682 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeaef6f749 code=0x7ffc0000
[ 1482.975202][   T37] audit: type=1326 audit(1766142049.716:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15682 comm="syz.0.2109" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbeaef6f749 code=0x7ffc0000
[ 1483.182879][   T68] team0 (unregistering): Port device team_slave_1 removed
[ 1483.453406][   T68] team0 (unregistering): Port device team_slave_0 removed
[ 1483.592046][T15409] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1483.885472][T15708] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1487.565379][T15700] syz_tun: entered allmulticast mode
[ 1487.716144][ T6218] usbhid 1-1:0.0: can't add hid device: -32
[ 1487.716270][ T6218] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[ 1487.876810][   T43] usb 1-1: USB disconnect, device number 68
[ 1487.916048][T15701] syz_tun: left allmulticast mode
[ 1488.163433][T15721] netlink: 8744 bytes leftover after parsing attributes in process `syz.8.2124'.
[ 1488.451968][ T5974] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1488.622153][ T5974] usb 9-1: Using ep0 maxpacket: 8
[ 1488.623582][ T5974] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1488.624812][ T5974] usb 9-1: config 1 interface 0 has no altsetting 0
[ 1488.627361][ T5974] usb 9-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.40
[ 1488.627389][ T5974] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1488.627410][ T5974] usb 9-1: Product: syz
[ 1488.627426][ T5974] usb 9-1: Manufacturer: syz
[ 1488.627448][ T5974] usb 9-1: SerialNumber: syz
[ 1488.860107][ T5974] usbhid 9-1:1.0: can't add hid device: -71
[ 1488.860180][ T5974] usbhid 9-1:1.0: probe with driver usbhid failed with error -71
[ 1488.873293][ T5974] usb 9-1: USB disconnect, device number 9
[ 1490.553419][T15750] FAULT_INJECTION: forcing a failure.
[ 1490.553419][T15750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1490.553456][T15750] CPU: 0 UID: 0 PID: 15750 Comm: syz.2.2131 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1490.553485][T15750] Tainted: [L]=SOFTLOCKUP
[ 1490.553492][T15750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1490.553505][T15750] Call Trace:
[ 1490.553513][T15750]  <TASK>
[ 1490.553523][T15750]  dump_stack_lvl+0x189/0x250
[ 1490.553553][T15750]  ? __pfx____ratelimit+0x10/0x10
[ 1490.553582][T15750]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1490.553614][T15750]  ? __pfx__printk+0x10/0x10
[ 1490.553650][T15750]  should_fail_ex+0x46c/0x600
[ 1490.553682][T15750]  _copy_to_user+0x31/0xb0
[ 1490.553706][T15750]  simple_read_from_buffer+0xe1/0x170
[ 1490.553733][T15750]  proc_fail_nth_read+0x1b6/0x220
[ 1490.553766][T15750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1490.553797][T15750]  ? rw_verify_area+0x2ac/0x4e0
[ 1490.553822][T15750]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1490.553851][T15750]  vfs_read+0x206/0xa30
[ 1490.553886][T15750]  ? __pfx_vfs_read+0x10/0x10
[ 1490.553909][T15750]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1490.553946][T15750]  ? mutex_lock_nested+0x154/0x1d0
[ 1490.553970][T15750]  ? fdget_pos+0x253/0x320
[ 1490.554001][T15750]  ksys_read+0x14b/0x260
[ 1490.554030][T15750]  ? __pfx_ksys_read+0x10/0x10
[ 1490.554060][T15750]  ? do_syscall_64+0xbe/0xf80
[ 1490.554084][T15750]  do_syscall_64+0xfa/0xf80
[ 1490.554105][T15750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.554125][T15750]  ? clear_bhb_loop+0x60/0xb0
[ 1490.554148][T15750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1490.554168][T15750] RIP: 0033:0x7f953b8de15c
[ 1490.554186][T15750] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1490.554203][T15750] RSP: 002b:00007f9539b1d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1490.554224][T15750] RAX: ffffffffffffffda RBX: 00007f953bb36090 RCX: 00007f953b8de15c
[ 1490.554239][T15750] RDX: 000000000000000f RSI: 00007f9539b1d0a0 RDI: 0000000000000003
[ 1490.554252][T15750] RBP: 00007f9539b1d090 R08: 0000000000000000 R09: 0000000000000000
[ 1490.554264][T15750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1490.554277][T15750] R13: 00007f953bb36128 R14: 00007f953bb36090 R15: 00007ffef566ea68
[ 1490.554311][T15750]  </TASK>
[ 1492.408173][T15767] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1492.841986][ T5897] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1492.943580][T15787] FAULT_INJECTION: forcing a failure.
[ 1492.943580][T15787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1492.943605][T15787] CPU: 1 UID: 0 PID: 15787 Comm: syz.2.2148 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1492.943621][T15787] Tainted: [L]=SOFTLOCKUP
[ 1492.943625][T15787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1492.943632][T15787] Call Trace:
[ 1492.943637][T15787]  <TASK>
[ 1492.943642][T15787]  dump_stack_lvl+0x189/0x250
[ 1492.943661][T15787]  ? __pfx____ratelimit+0x10/0x10
[ 1492.943678][T15787]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1492.943691][T15787]  ? __pfx__printk+0x10/0x10
[ 1492.943702][T15787]  ? __might_fault+0xb0/0x130
[ 1492.943723][T15787]  should_fail_ex+0x46c/0x600
[ 1492.943740][T15787]  _copy_from_user+0x2d/0xb0
[ 1492.943751][T15787]  sk_setsockopt+0x276/0x2a70
[ 1492.943767][T15787]  ? lockdep_hardirqs_on+0x98/0x140
[ 1492.943778][T15787]  ? __pfx_sk_setsockopt+0x10/0x10
[ 1492.943789][T15787]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1492.943800][T15787]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1492.943821][T15787]  ? __fget_files+0x2a/0x420
[ 1492.943834][T15787]  ? __fget_files+0x2a/0x420
[ 1492.943844][T15787]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1492.943861][T15787]  do_sock_setsockopt+0x11b/0x1b0
[ 1492.943877][T15787]  __x64_sys_setsockopt+0x145/0x1b0
[ 1492.943892][T15787]  do_syscall_64+0xfa/0xf80
[ 1492.943904][T15787]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.943915][T15787]  ? clear_bhb_loop+0x60/0xb0
[ 1492.943927][T15787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.943938][T15787] RIP: 0033:0x7f953b8df749
[ 1492.943949][T15787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1492.943958][T15787] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1492.943971][T15787] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1492.943979][T15787] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000004
[ 1492.943986][T15787] RBP: 00007f9539b3e090 R08: 0000000000000010 R09: 0000000000000000
[ 1492.943993][T15787] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1492.944013][T15787] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1492.944035][T15787]  </TASK>
[ 1492.992100][ T5897] usb 1-1: Using ep0 maxpacket: 16
[ 1493.004632][ T5897] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 28
[ 1493.004695][ T5897] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1493.004724][ T5897] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1493.004757][ T5897] usb 1-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00
[ 1493.004780][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1493.010318][ T5897] usb 1-1: config 0 descriptor??
[ 1493.227722][T15769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1493.228384][T15769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1493.588069][ T5897] usbhid 1-1:0.0: can't add hid device: -71
[ 1493.588184][ T5897] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1493.593652][ T5897] usb 1-1: USB disconnect, device number 69
[ 1494.544108][T15833] FAULT_INJECTION: forcing a failure.
[ 1494.544108][T15833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1494.544146][T15833] CPU: 1 UID: 0 PID: 15833 Comm: syz.8.2167 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1494.544175][T15833] Tainted: [L]=SOFTLOCKUP
[ 1494.544183][T15833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1494.544196][T15833] Call Trace:
[ 1494.544204][T15833]  <TASK>
[ 1494.544213][T15833]  dump_stack_lvl+0x189/0x250
[ 1494.544242][T15833]  ? __pfx____ratelimit+0x10/0x10
[ 1494.544270][T15833]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1494.544295][T15833]  ? __pfx__printk+0x10/0x10
[ 1494.544315][T15833]  ? __might_fault+0xb0/0x130
[ 1494.544354][T15833]  should_fail_ex+0x46c/0x600
[ 1494.544384][T15833]  _copy_from_user+0x2d/0xb0
[ 1494.544404][T15833]  ___sys_sendmsg+0x158/0x2a0
[ 1494.544431][T15833]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1494.544490][T15833]  ? __fget_files+0x2a/0x420
[ 1494.544510][T15833]  ? __fget_files+0x3a6/0x420
[ 1494.544541][T15833]  __x64_sys_sendmsg+0x1a1/0x260
[ 1494.544567][T15833]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1494.544601][T15833]  ? __pfx_ksys_write+0x10/0x10
[ 1494.544631][T15833]  ? do_syscall_64+0xbe/0xf80
[ 1494.544654][T15833]  do_syscall_64+0xfa/0xf80
[ 1494.544673][T15833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1494.544693][T15833]  ? clear_bhb_loop+0x60/0xb0
[ 1494.544716][T15833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1494.544735][T15833] RIP: 0033:0x7f8026a2f749
[ 1494.544753][T15833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1494.544770][T15833] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1494.544791][T15833] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1494.544806][T15833] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[ 1494.544818][T15833] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1494.544831][T15833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1494.544843][T15833] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1494.544882][T15833]  </TASK>
[ 1495.348083][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1495.348156][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1495.635643][T15840] kAFS: unable to lookup cell '/yz1'
[ 1495.641312][T12821] hid (null): global environment stack underflow
[ 1495.646012][T12821] hid-generic 0001:0003:0004.000C: global environment stack underflow
[ 1495.646034][T12821] hid-generic 0001:0003:0004.000C: item 0 1 1 11 parsing failed
[ 1495.646706][T12821] hid-generic 0001:0003:0004.000C: probe with driver hid-generic failed with error -22
[ 1495.765539][T15847] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2170'.
[ 1496.084649][T15860] FAULT_INJECTION: forcing a failure.
[ 1496.084649][T15860] name failslab, interval 1, probability 0, space 0, times 0
[ 1496.084687][T15860] CPU: 1 UID: 0 PID: 15860 Comm: syz.2.2174 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1496.084715][T15860] Tainted: [L]=SOFTLOCKUP
[ 1496.084723][T15860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1496.084735][T15860] Call Trace:
[ 1496.084743][T15860]  <TASK>
[ 1496.084753][T15860]  dump_stack_lvl+0x189/0x250
[ 1496.084781][T15860]  ? __pfx____ratelimit+0x10/0x10
[ 1496.084811][T15860]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1496.084836][T15860]  ? __pfx__printk+0x10/0x10
[ 1496.084862][T15860]  ? __pfx___might_resched+0x10/0x10
[ 1496.084888][T15860]  should_fail_ex+0x46c/0x600
[ 1496.084919][T15860]  should_failslab+0xa8/0x100
[ 1496.084941][T15860]  __kmalloc_noprof+0xe0/0x7e0
[ 1496.084968][T15860]  ? kfree+0x4d/0x900
[ 1496.084988][T15860]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1496.085015][T15860]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1496.085044][T15860]  ? tomoyo_domain+0xd9/0x130
[ 1496.085070][T15860]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1496.085097][T15860]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1496.085126][T15860]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1496.085156][T15860]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1496.085178][T15860]  ? lockdep_hardirqs_on+0x98/0x140
[ 1496.085227][T15860]  ? __fget_files+0x2a/0x420
[ 1496.085254][T15860]  ? __fget_files+0x3a6/0x420
[ 1496.085273][T15860]  ? __fget_files+0x2a/0x420
[ 1496.085298][T15860]  security_file_ioctl+0xcb/0x2d0
[ 1496.085327][T15860]  __se_sys_ioctl+0x47/0x170
[ 1496.085356][T15860]  do_syscall_64+0xfa/0xf80
[ 1496.085377][T15860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.085397][T15860]  ? clear_bhb_loop+0x60/0xb0
[ 1496.085421][T15860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.085444][T15860] RIP: 0033:0x7f953b8df749
[ 1496.085463][T15860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1496.085481][T15860] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1496.085502][T15860] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1496.085517][T15860] RDX: 0000000000000002 RSI: 000000000000540b RDI: 0000000000000003
[ 1496.085530][T15860] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1496.085543][T15860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1496.085555][T15860] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1496.085588][T15860]  </TASK>
[ 1496.087725][T15860] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1497.195953][T15888] IPVS: length: 149 != 8
[ 1497.417357][T15903] FAULT_INJECTION: forcing a failure.
[ 1497.417357][T15903] name failslab, interval 1, probability 0, space 0, times 0
[ 1497.417394][T15903] CPU: 0 UID: 0 PID: 15903 Comm: syz.8.2181 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1497.417421][T15903] Tainted: [L]=SOFTLOCKUP
[ 1497.417429][T15903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1497.417441][T15903] Call Trace:
[ 1497.417449][T15903]  <TASK>
[ 1497.417459][T15903]  dump_stack_lvl+0x189/0x250
[ 1497.417489][T15903]  ? __pfx____ratelimit+0x10/0x10
[ 1497.417518][T15903]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1497.417542][T15903]  ? __pfx__printk+0x10/0x10
[ 1497.417568][T15903]  ? __pfx___might_resched+0x10/0x10
[ 1497.417601][T15903]  should_fail_ex+0x46c/0x600
[ 1497.417633][T15903]  should_failslab+0xa8/0x100
[ 1497.417655][T15903]  __kmalloc_noprof+0xe0/0x7e0
[ 1497.417681][T15903]  ? kfree+0x4d/0x900
[ 1497.417702][T15903]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1497.417729][T15903]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1497.417751][T15903]  ? tomoyo_domain+0xd9/0x130
[ 1497.417778][T15903]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1497.417804][T15903]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1497.417833][T15903]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1497.417862][T15903]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1497.417883][T15903]  ? lockdep_hardirqs_on+0x98/0x140
[ 1497.417933][T15903]  ? __fget_files+0x2a/0x420
[ 1497.417959][T15903]  ? __fget_files+0x3a6/0x420
[ 1497.417979][T15903]  ? __fget_files+0x2a/0x420
[ 1497.418003][T15903]  security_file_ioctl+0xcb/0x2d0
[ 1497.418032][T15903]  __se_sys_ioctl+0x47/0x170
[ 1497.418061][T15903]  do_syscall_64+0xfa/0xf80
[ 1497.418082][T15903]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.418102][T15903]  ? clear_bhb_loop+0x60/0xb0
[ 1497.418126][T15903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.418145][T15903] RIP: 0033:0x7f8026a2f749
[ 1497.418163][T15903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1497.418181][T15903] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1497.418202][T15903] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1497.418218][T15903] RDX: 0000200000000040 RSI: 0000000040085618 RDI: 0000000000000004
[ 1497.418232][T15903] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1497.418245][T15903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1497.418257][T15903] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1497.418292][T15903]  </TASK>
[ 1497.418300][T15903] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1498.916316][T15409] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1498.930262][T15409] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1498.933171][T15409] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1498.946420][T15409] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1498.947259][T15409] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1499.174511][T15928] FAULT_INJECTION: forcing a failure.
[ 1499.174511][T15928] name failslab, interval 1, probability 0, space 0, times 0
[ 1499.174549][T15928] CPU: 0 UID: 0 PID: 15928 Comm: syz.8.2190 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1499.174577][T15928] Tainted: [L]=SOFTLOCKUP
[ 1499.174585][T15928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1499.174596][T15928] Call Trace:
[ 1499.174605][T15928]  <TASK>
[ 1499.174614][T15928]  dump_stack_lvl+0x189/0x250
[ 1499.174643][T15928]  ? __pfx____ratelimit+0x10/0x10
[ 1499.174673][T15928]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1499.174694][T15928]  ? __pfx__printk+0x10/0x10
[ 1499.174720][T15928]  ? __pfx___might_resched+0x10/0x10
[ 1499.174745][T15928]  should_fail_ex+0x46c/0x600
[ 1499.174777][T15928]  should_failslab+0xa8/0x100
[ 1499.174799][T15928]  __kmalloc_noprof+0xe0/0x7e0
[ 1499.174824][T15928]  ? kfree+0x4d/0x900
[ 1499.174844][T15928]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1499.174871][T15928]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1499.174891][T15928]  ? tomoyo_domain+0xd9/0x130
[ 1499.174917][T15928]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1499.174943][T15928]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1499.174971][T15928]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1499.175002][T15928]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1499.175023][T15928]  ? lockdep_hardirqs_on+0x98/0x140
[ 1499.175073][T15928]  ? __fget_files+0x2a/0x420
[ 1499.175099][T15928]  ? __fget_files+0x3a6/0x420
[ 1499.175118][T15928]  ? __fget_files+0x2a/0x420
[ 1499.175143][T15928]  security_file_ioctl+0xcb/0x2d0
[ 1499.175172][T15928]  __se_sys_ioctl+0x47/0x170
[ 1499.175200][T15928]  do_syscall_64+0xfa/0xf80
[ 1499.175221][T15928]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.175242][T15928]  ? clear_bhb_loop+0x60/0xb0
[ 1499.175266][T15928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.175285][T15928] RIP: 0033:0x7f8026a2f749
[ 1499.175303][T15928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1499.175321][T15928] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1499.175342][T15928] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1499.175358][T15928] RDX: 0000200000000100 RSI: 00000000c02c5625 RDI: 0000000000000003
[ 1499.175371][T15928] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1499.175384][T15928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1499.175396][T15928] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1499.175435][T15928]  </TASK>
[ 1499.175445][T15928] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1499.852869][T15919] chnl_net:caif_netlink_parms(): no params data found
[ 1501.274524][T15409] Bluetooth: hci3: command tx timeout
[ 1503.353321][T15409] Bluetooth: hci3: command tx timeout
[ 1503.924880][T15978] FAULT_INJECTION: forcing a failure.
[ 1503.924880][T15978] name failslab, interval 1, probability 0, space 0, times 0
[ 1503.924917][T15978] CPU: 1 UID: 0 PID: 15978 Comm: syz.2.2204 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1503.924945][T15978] Tainted: [L]=SOFTLOCKUP
[ 1503.924952][T15978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1503.924964][T15978] Call Trace:
[ 1503.924980][T15978]  <TASK>
[ 1503.924990][T15978]  dump_stack_lvl+0x189/0x250
[ 1503.925021][T15978]  ? __pfx____ratelimit+0x10/0x10
[ 1503.925050][T15978]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1503.925075][T15978]  ? __pfx__printk+0x10/0x10
[ 1503.925101][T15978]  ? __pfx___might_resched+0x10/0x10
[ 1503.925127][T15978]  should_fail_ex+0x46c/0x600
[ 1503.925156][T15978]  ? __alloc_skb+0x255/0x430
[ 1503.925177][T15978]  should_failslab+0xa8/0x100
[ 1503.925198][T15978]  ? __alloc_skb+0x255/0x430
[ 1503.925217][T15978]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[ 1503.925252][T15978]  __alloc_skb+0x255/0x430
[ 1503.925276][T15978]  ? __pfx___alloc_skb+0x10/0x10
[ 1503.925299][T15978]  ? netlink_autobind+0xdb/0x300
[ 1503.925323][T15978]  ? netlink_autobind+0x2c2/0x300
[ 1503.925353][T15978]  netlink_sendmsg+0x5c6/0xb30
[ 1503.925387][T15978]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1503.925420][T15978]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1503.925445][T15978]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1503.925471][T15978]  __sock_sendmsg+0x21c/0x270
[ 1503.925502][T15978]  sock_write_iter+0x27f/0x370
[ 1503.925531][T15978]  ? __pfx_sock_write_iter+0x10/0x10
[ 1503.925568][T15978]  ? kstrtoull+0x12f/0x1d0
[ 1503.925600][T15978]  do_iter_readv_writev+0x635/0x8d0
[ 1503.925634][T15978]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1503.925670][T15978]  ? rw_verify_area+0x25b/0x4e0
[ 1503.925699][T15978]  vfs_writev+0x323/0x970
[ 1503.925729][T15978]  ? __pfx_vfs_writev+0x10/0x10
[ 1503.925764][T15978]  ? __fget_files+0x2a/0x420
[ 1503.925790][T15978]  ? __fget_files+0x3a6/0x420
[ 1503.925810][T15978]  ? __fget_files+0x2a/0x420
[ 1503.925839][T15978]  do_writev+0x153/0x2d0
[ 1503.925862][T15978]  ? __pfx_do_writev+0x10/0x10
[ 1503.925883][T15978]  ? do_syscall_64+0xbe/0xf80
[ 1503.925905][T15978]  do_syscall_64+0xfa/0xf80
[ 1503.925923][T15978]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1503.925943][T15978]  ? clear_bhb_loop+0x60/0xb0
[ 1503.925967][T15978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1503.925994][T15978] RIP: 0033:0x7f953b8df749
[ 1503.926012][T15978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1503.926029][T15978] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1503.926050][T15978] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1503.926065][T15978] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000004
[ 1503.926078][T15978] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1503.926091][T15978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1503.926103][T15978] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1503.926136][T15978]  </TASK>
[ 1504.008298][T15979] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2202'.
[ 1505.187338][T15919] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1505.188003][T15919] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1505.188256][T15919] bridge_slave_0: entered allmulticast mode
[ 1505.246841][T15919] bridge_slave_0: entered promiscuous mode
[ 1505.393288][T16008] FAULT_INJECTION: forcing a failure.
[ 1505.393288][T16008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1505.393325][T16008] CPU: 0 UID: 0 PID: 16008 Comm: syz.2.2215 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1505.393353][T16008] Tainted: [L]=SOFTLOCKUP
[ 1505.393361][T16008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1505.393373][T16008] Call Trace:
[ 1505.393382][T16008]  <TASK>
[ 1505.393391][T16008]  dump_stack_lvl+0x189/0x250
[ 1505.393423][T16008]  ? __pfx____ratelimit+0x10/0x10
[ 1505.393453][T16008]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1505.393478][T16008]  ? __pfx__printk+0x10/0x10
[ 1505.393498][T16008]  ? __might_fault+0xb0/0x130
[ 1505.393536][T16008]  should_fail_ex+0x46c/0x600
[ 1505.393568][T16008]  _copy_from_user+0x2d/0xb0
[ 1505.393588][T16008]  ___sys_recvmsg+0x12e/0x510
[ 1505.393621][T16008]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1505.393643][T16008]  ? do_raw_spin_lock+0x121/0x290
[ 1505.393691][T16008]  ? __fget_files+0x3a6/0x420
[ 1505.393724][T16008]  __x64_sys_recvmsg+0x19e/0x260
[ 1505.393752][T16008]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1505.393786][T16008]  ? __pfx_ksys_write+0x10/0x10
[ 1505.393817][T16008]  ? do_syscall_64+0xbe/0xf80
[ 1505.393899][T16008]  do_syscall_64+0xfa/0xf80
[ 1505.393931][T16008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.393952][T16008]  ? clear_bhb_loop+0x60/0xb0
[ 1505.393977][T16008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.393997][T16008] RIP: 0033:0x7f953b8df749
[ 1505.394016][T16008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1505.394032][T16008] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1505.394053][T16008] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1505.394068][T16008] RDX: 0000000040002002 RSI: 0000200000000000 RDI: 0000000000000004
[ 1505.394082][T16008] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1505.394094][T16008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1505.394107][T16008] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1505.394150][T16008]  </TASK>
[ 1505.405415][T15409] Bluetooth: hci3: command tx timeout
[ 1505.716160][T16001] IPVS: Error connecting to the multicast addr
[ 1505.719819][T15919] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1505.719940][T15919] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1505.720169][T15919] bridge_slave_1: entered allmulticast mode
[ 1505.733517][T15919] bridge_slave_1: entered promiscuous mode
[ 1507.483341][T15409] Bluetooth: hci3: command tx timeout
[ 1507.863302][T15919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1507.867482][T15919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1508.123290][T16056] FAULT_INJECTION: forcing a failure.
[ 1508.123290][T16056] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1508.123324][T16056] CPU: 0 UID: 0 PID: 16056 Comm: syz.2.2236 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1508.123350][T16056] Tainted: [L]=SOFTLOCKUP
[ 1508.123358][T16056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1508.123369][T16056] Call Trace:
[ 1508.123377][T16056]  <TASK>
[ 1508.123384][T16056]  dump_stack_lvl+0x189/0x250
[ 1508.123413][T16056]  ? __pfx____ratelimit+0x10/0x10
[ 1508.123440][T16056]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1508.123464][T16056]  ? __pfx__printk+0x10/0x10
[ 1508.123483][T16056]  ? __might_fault+0xb0/0x130
[ 1508.123520][T16056]  should_fail_ex+0x46c/0x600
[ 1508.123550][T16056]  _copy_from_user+0x2d/0xb0
[ 1508.123570][T16056]  do_sock_getsockopt+0x15c/0x3d0
[ 1508.123604][T16056]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1508.123625][T16056]  ? do_syscall_64+0x80/0xf80
[ 1508.123642][T16056]  ? __fget_files+0x2a/0x420
[ 1508.123662][T16056]  ? __fget_files+0x3a6/0x420
[ 1508.123680][T16056]  ? __fget_files+0x2a/0x420
[ 1508.123704][T16056]  __x64_sys_getsockopt+0x1ab/0x250
[ 1508.123725][T16056]  ? do_syscall_64+0x80/0xf80
[ 1508.123746][T16056]  ? do_syscall_64+0x80/0xf80
[ 1508.123767][T16056]  do_syscall_64+0xfa/0xf80
[ 1508.123787][T16056]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1508.123806][T16056]  ? clear_bhb_loop+0x60/0xb0
[ 1508.123825][T16056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1508.123842][T16056] RIP: 0033:0x7f953b8df749
[ 1508.123859][T16056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1508.123874][T16056] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1508.123892][T16056] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1508.123906][T16056] RDX: 0000000000000014 RSI: 0000000000000084 RDI: 0000000000000003
[ 1508.123918][T16056] RBP: 00007f9539b3e090 R08: 0000200000000500 R09: 0000000000000000
[ 1508.123931][T16056] R10: 00002000000003c0 R11: 0000000000000246 R12: 0000000000000001
[ 1508.123944][T16056] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1508.123975][T16056]  </TASK>
[ 1508.255697][T16057] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2235'.
[ 1508.322180][T16061] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2235'.
[ 1508.709974][T15919] team0: Port device team_slave_0 added
[ 1508.725556][T16075] binder: Unknown parameter 'fsuuid'
[ 1508.795957][T15919] team0: Port device team_slave_1 added
[ 1509.010914][T16087] FAULT_INJECTION: forcing a failure.
[ 1509.010914][T16087] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1509.010953][T16087] CPU: 0 UID: 0 PID: 16087 Comm: syz.2.2247 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1509.010982][T16087] Tainted: [L]=SOFTLOCKUP
[ 1509.010990][T16087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1509.011003][T16087] Call Trace:
[ 1509.011011][T16087]  <TASK>
[ 1509.011020][T16087]  dump_stack_lvl+0x189/0x250
[ 1509.011050][T16087]  ? __pfx____ratelimit+0x10/0x10
[ 1509.011080][T16087]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1509.011105][T16087]  ? __pfx__printk+0x10/0x10
[ 1509.011125][T16087]  ? __might_fault+0xb0/0x130
[ 1509.011163][T16087]  should_fail_ex+0x46c/0x600
[ 1509.011194][T16087]  _copy_from_user+0x2d/0xb0
[ 1509.011214][T16087]  ___sys_sendmsg+0x158/0x2a0
[ 1509.011243][T16087]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1509.011303][T16087]  ? __fget_files+0x2a/0x420
[ 1509.011323][T16087]  ? __fget_files+0x3a6/0x420
[ 1509.011355][T16087]  __x64_sys_sendmsg+0x1a1/0x260
[ 1509.011382][T16087]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1509.011416][T16087]  ? __pfx_ksys_write+0x10/0x10
[ 1509.011447][T16087]  ? do_syscall_64+0xbe/0xf80
[ 1509.011471][T16087]  do_syscall_64+0xfa/0xf80
[ 1509.011490][T16087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.011510][T16087]  ? clear_bhb_loop+0x60/0xb0
[ 1509.011533][T16087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.011553][T16087] RIP: 0033:0x7f953b8df749
[ 1509.011571][T16087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1509.011588][T16087] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1509.011609][T16087] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1509.011624][T16087] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 0000000000000005
[ 1509.011637][T16087] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1509.011649][T16087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1509.011661][T16087] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1509.011693][T16087]  </TASK>
[ 1509.281057][T16093] overlayfs: failed to resolve './file1': -2
[ 1510.954961][T15919] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1510.954980][T15919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1510.955007][T15919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1510.957358][T15919] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1510.957373][T15919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1510.957401][T15919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1511.085531][T16111] FAULT_INJECTION: forcing a failure.
[ 1511.085531][T16111] name failslab, interval 1, probability 0, space 0, times 0
[ 1511.085579][T16111] CPU: 1 UID: 0 PID: 16111 Comm: syz.2.2255 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1511.085607][T16111] Tainted: [L]=SOFTLOCKUP
[ 1511.085613][T16111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1511.085622][T16111] Call Trace:
[ 1511.085630][T16111]  <TASK>
[ 1511.085637][T16111]  dump_stack_lvl+0x189/0x250
[ 1511.085660][T16111]  ? __pfx____ratelimit+0x10/0x10
[ 1511.085687][T16111]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1511.085712][T16111]  ? __pfx__printk+0x10/0x10
[ 1511.085737][T16111]  ? __pfx___might_resched+0x10/0x10
[ 1511.085762][T16111]  should_fail_ex+0x46c/0x600
[ 1511.085790][T16111]  ? fanotify_handle_event+0x1b63/0x3f20
[ 1511.085819][T16111]  should_failslab+0xa8/0x100
[ 1511.085839][T16111]  ? fanotify_handle_event+0x1b63/0x3f20
[ 1511.085865][T16111]  kmem_cache_alloc_noprof+0x84/0x6c0
[ 1511.085898][T16111]  fanotify_handle_event+0x1b63/0x3f20
[ 1511.085940][T16111]  ? fanotify_handle_event+0xf90/0x3f20
[ 1511.085972][T16111]  ? __pfx_fanotify_handle_event+0x10/0x10
[ 1511.086010][T16111]  ? fsnotify+0x72c/0x1ac0
[ 1511.086038][T16111]  ? __pfx_fanotify_handle_event+0x10/0x10
[ 1511.086068][T16111]  fsnotify+0x141e/0x1ac0
[ 1511.086107][T16111]  ? fsnotify+0x72c/0x1ac0
[ 1511.086129][T16111]  ? __pfx_fsnotify+0x10/0x10
[ 1511.086149][T16111]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1511.086177][T16111]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1511.086205][T16111]  __fsnotify_parent+0x461/0x5d0
[ 1511.086235][T16111]  ? __pfx___fsnotify_parent+0x10/0x10
[ 1511.086261][T16111]  ? splice_file_to_pipe+0x337/0x450
[ 1511.086286][T16111]  ? fsnotify_access+0x1f3/0x2a0
[ 1511.086315][T16111]  do_sendfile+0x560/0x7f0
[ 1511.086335][T16111]  ? __pfx_vfs_write+0x10/0x10
[ 1511.086367][T16111]  ? __pfx_do_sendfile+0x10/0x10
[ 1511.086401][T16111]  __se_sys_sendfile64+0x13e/0x190
[ 1511.086425][T16111]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1511.086450][T16111]  ? do_syscall_64+0xbe/0xf80
[ 1511.086478][T16111]  do_syscall_64+0xfa/0xf80
[ 1511.086499][T16111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.086519][T16111]  ? clear_bhb_loop+0x60/0xb0
[ 1511.086547][T16111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.086563][T16111] RIP: 0033:0x7f953b8df749
[ 1511.086579][T16111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1511.086595][T16111] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1511.086611][T16111] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1511.086619][T16111] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006
[ 1511.086626][T16111] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1511.086633][T16111] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[ 1511.086640][T16111] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1511.086658][T16111]  </TASK>
[ 1511.743220][T16124] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1511.834017][T16131] FAULT_INJECTION: forcing a failure.
[ 1511.834017][T16131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1511.834052][T16131] CPU: 1 UID: 0 PID: 16131 Comm: syz.4.2260 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1511.834077][T16131] Tainted: [L]=SOFTLOCKUP
[ 1511.834083][T16131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1511.834093][T16131] Call Trace:
[ 1511.834099][T16131]  <TASK>
[ 1511.834107][T16131]  dump_stack_lvl+0x189/0x250
[ 1511.834133][T16131]  ? __pfx____ratelimit+0x10/0x10
[ 1511.834159][T16131]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1511.834180][T16131]  ? __pfx__printk+0x10/0x10
[ 1511.834196][T16131]  ? __might_fault+0xb0/0x130
[ 1511.834228][T16131]  should_fail_ex+0x46c/0x600
[ 1511.834255][T16131]  _copy_from_user+0x2d/0xb0
[ 1511.834272][T16131]  ___sys_sendmsg+0x158/0x2a0
[ 1511.834293][T16131]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1511.834336][T16131]  ? __fget_files+0x2a/0x420
[ 1511.834352][T16131]  ? __fget_files+0x3a6/0x420
[ 1511.834374][T16131]  __x64_sys_sendmsg+0x1a1/0x260
[ 1511.834394][T16131]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1511.834419][T16131]  ? __pfx_ksys_write+0x10/0x10
[ 1511.834442][T16131]  ? do_syscall_64+0xbe/0xf80
[ 1511.834470][T16131]  do_syscall_64+0xfa/0xf80
[ 1511.834486][T16131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.834501][T16131]  ? clear_bhb_loop+0x60/0xb0
[ 1511.834520][T16131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.834535][T16131] RIP: 0033:0x7f868d00f749
[ 1511.834551][T16131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1511.834564][T16131] RSP: 002b:00007f868b22c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1511.834582][T16131] RAX: ffffffffffffffda RBX: 00007f868d266180 RCX: 00007f868d00f749
[ 1511.834594][T16131] RDX: 0000000000000080 RSI: 00002000000015c0 RDI: 0000000000000003
[ 1511.834606][T16131] RBP: 00007f868b22c090 R08: 0000000000000000 R09: 0000000000000000
[ 1511.834617][T16131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1511.834628][T16131] R13: 00007f868d266218 R14: 00007f868d266180 R15: 00007fff7f4fbc78
[ 1511.834651][T16131]  </TASK>
[ 1511.852040][T11142] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1511.992110][T11142] usb 1-1: device descriptor read/64, error -71
[ 1512.129774][T15919] hsr_slave_0: entered promiscuous mode
[ 1512.138741][T15919] hsr_slave_1: entered promiscuous mode
[ 1512.141103][T15919] debugfs: 'hsr0' already exists in 'hsr'
[ 1512.157512][T15919] Cannot create hsr debugfs directory
[ 1512.272124][T11142] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1513.231974][T16136] FAULT_INJECTION: forcing a failure.
[ 1513.231974][T16136] name failslab, interval 1, probability 0, space 0, times 0
[ 1513.232000][T16136] CPU: 1 UID: 0 PID: 16136 Comm: syz.4.2264 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1513.232016][T16136] Tainted: [L]=SOFTLOCKUP
[ 1513.232020][T16136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1513.232027][T16136] Call Trace:
[ 1513.232032][T16136]  <TASK>
[ 1513.232038][T16136]  dump_stack_lvl+0x189/0x250
[ 1513.232056][T16136]  ? __pfx____ratelimit+0x10/0x10
[ 1513.232072][T16136]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1513.232088][T16136]  ? __pfx__printk+0x10/0x10
[ 1513.232103][T16136]  ? __pfx___might_resched+0x10/0x10
[ 1513.232117][T16136]  should_fail_ex+0x46c/0x600
[ 1513.232135][T16136]  should_failslab+0xa8/0x100
[ 1513.232147][T16136]  __kmalloc_noprof+0xe0/0x7e0
[ 1513.232161][T16136]  ? kfree+0x4d/0x900
[ 1513.232173][T16136]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1513.232188][T16136]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1513.232200][T16136]  ? tomoyo_domain+0xd9/0x130
[ 1513.232214][T16136]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1513.232229][T16136]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1513.232245][T16136]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1513.232261][T16136]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1513.232273][T16136]  ? lockdep_hardirqs_on+0x98/0x140
[ 1513.232301][T16136]  ? __fget_files+0x2a/0x420
[ 1513.232315][T16136]  ? __fget_files+0x3a6/0x420
[ 1513.232326][T16136]  ? __fget_files+0x2a/0x420
[ 1513.232346][T16136]  security_file_ioctl+0xcb/0x2d0
[ 1513.232362][T16136]  __se_sys_ioctl+0x47/0x170
[ 1513.232378][T16136]  do_syscall_64+0xfa/0xf80
[ 1513.232390][T16136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1513.232402][T16136]  ? clear_bhb_loop+0x60/0xb0
[ 1513.232415][T16136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1513.232425][T16136] RIP: 0033:0x7f868d00f749
[ 1513.232436][T16136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1513.232446][T16136] RSP: 002b:00007f868b26e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1513.232459][T16136] RAX: ffffffffffffffda RBX: 00007f868d265fa0 RCX: 00007f868d00f749
[ 1513.232467][T16136] RDX: 00002000000001c0 RSI: 00000000c01864c6 RDI: 0000000000000003
[ 1513.232474][T16136] RBP: 00007f868b26e090 R08: 0000000000000000 R09: 0000000000000000
[ 1513.232481][T16136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1513.232488][T16136] R13: 00007f868d266038 R14: 00007f868d265fa0 R15: 00007fff7f4fbc78
[ 1513.232506][T16136]  </TASK>
[ 1513.232512][T16136] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1513.308281][T11142] usb 1-1: device descriptor read/64, error -71
[ 1513.425871][T11142] usb usb1-port1: attempt power cycle
[ 1513.772474][T11142] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 1513.795544][T11142] usb 1-1: device descriptor read/8, error -71
[ 1514.982013][T11142] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1515.012305][ T3988] bridge_slave_1: left allmulticast mode
[ 1515.012335][ T3988] bridge_slave_1: left promiscuous mode
[ 1515.012588][ T3988] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1515.825837][T11142] usb 1-1: device not accepting address 73, error -71
[ 1515.892834][T11142] usb usb1-port1: unable to enumerate USB device
[ 1516.091206][ T3988] bridge_slave_0: left allmulticast mode
[ 1516.091236][ T3988] bridge_slave_0: left promiscuous mode
[ 1516.091512][ T3988] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1516.214916][T16170] overlayfs: failed to resolve './file1': -2
[ 1517.819829][T16180] 9p: Bad value for 'rfdno'
[ 1517.821779][T16180] FAULT_INJECTION: forcing a failure.
[ 1517.821779][T16180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1517.821816][T16180] CPU: 1 UID: 0 PID: 16180 Comm: syz.2.2280 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1517.821841][T16180] Tainted: [L]=SOFTLOCKUP
[ 1517.821848][T16180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1517.821858][T16180] Call Trace:
[ 1517.821866][T16180]  <TASK>
[ 1517.821875][T16180]  dump_stack_lvl+0x189/0x250
[ 1517.821904][T16180]  ? __pfx____ratelimit+0x10/0x10
[ 1517.821945][T16180]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1517.821970][T16180]  ? __pfx__printk+0x10/0x10
[ 1517.822007][T16180]  should_fail_ex+0x46c/0x600
[ 1517.822038][T16180]  _copy_to_user+0x31/0xb0
[ 1517.822060][T16180]  simple_read_from_buffer+0xe1/0x170
[ 1517.822087][T16180]  proc_fail_nth_read+0x1b6/0x220
[ 1517.822117][T16180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1517.822148][T16180]  ? rw_verify_area+0x2ac/0x4e0
[ 1517.822173][T16180]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1517.822202][T16180]  vfs_read+0x206/0xa30
[ 1517.822237][T16180]  ? __pfx_vfs_read+0x10/0x10
[ 1517.822260][T16180]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1517.822296][T16180]  ? mutex_lock_nested+0x154/0x1d0
[ 1517.822320][T16180]  ? fdget_pos+0x253/0x320
[ 1517.822351][T16180]  ksys_read+0x14b/0x260
[ 1517.822375][T16180]  ? __fget_files+0x2a/0x420
[ 1517.822397][T16180]  ? __pfx_ksys_read+0x10/0x10
[ 1517.822427][T16180]  ? do_syscall_64+0xbe/0xf80
[ 1517.822451][T16180]  do_syscall_64+0xfa/0xf80
[ 1517.822472][T16180]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.822492][T16180]  ? clear_bhb_loop+0x60/0xb0
[ 1517.822515][T16180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1517.822535][T16180] RIP: 0033:0x7f953b8de15c
[ 1517.822553][T16180] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1517.822571][T16180] RSP: 002b:00007f9539b1d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1517.822592][T16180] RAX: ffffffffffffffda RBX: 00007f953bb36090 RCX: 00007f953b8de15c
[ 1517.822607][T16180] RDX: 000000000000000f RSI: 00007f9539b1d0a0 RDI: 0000000000000005
[ 1517.822621][T16180] RBP: 00007f9539b1d090 R08: 0000000000000000 R09: 0000000000000000
[ 1517.822634][T16180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1517.822646][T16180] R13: 00007f953bb36128 R14: 00007f953bb36090 R15: 00007ffef566ea68
[ 1517.822680][T16180]  </TASK>
[ 1517.984628][T16186] 9p: Bad value for 'wfdno'
[ 1518.193318][ T3988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1518.606100][ T3988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1518.609962][T16196] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1518.671203][ T3988] bond0 (unregistering): Released all slaves
[ 1518.683599][ T5974] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1518.883300][ T5974] usb 3-1: Using ep0 maxpacket: 32
[ 1518.885366][ T5974] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1518.885395][ T5974] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1518.885418][ T5974] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1518.885478][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1518.885502][ T5974] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1518.885529][ T5974] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1518.885572][ T5974] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1518.885598][ T5974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1518.987959][ T5974] usb 3-1: config 0 descriptor??
[ 1519.381601][ T5974] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 22 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1519.393669][T16192] FAULT_INJECTION: forcing a failure.
[ 1519.393669][T16192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1519.393705][T16192] CPU: 0 UID: 0 PID: 16192 Comm: syz.2.2283 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1519.393732][T16192] Tainted: [L]=SOFTLOCKUP
[ 1519.393740][T16192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1519.393752][T16192] Call Trace:
[ 1519.393760][T16192]  <TASK>
[ 1519.393769][T16192]  dump_stack_lvl+0x189/0x250
[ 1519.393798][T16192]  ? __pfx____ratelimit+0x10/0x10
[ 1519.393827][T16192]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1519.393852][T16192]  ? __pfx__printk+0x10/0x10
[ 1519.393872][T16192]  ? __might_fault+0xb0/0x130
[ 1519.393911][T16192]  should_fail_ex+0x46c/0x600
[ 1519.393942][T16192]  _copy_from_user+0x2d/0xb0
[ 1519.393963][T16192]  do_sys_poll+0x23d/0xed0
[ 1519.393990][T16192]  ? __lock_acquire+0x6b6/0x2cf0
[ 1519.394021][T16192]  ? __pfx_do_sys_poll+0x10/0x10
[ 1519.394122][T16192]  ? seqcount_lockdep_reader_access+0x122/0x1c0
[ 1519.394177][T16192]  ? __pfx_timespec64_add_safe+0x10/0x10
[ 1519.394215][T16192]  __se_sys_poll+0x128/0x320
[ 1519.394237][T16192]  ? __pfx___se_sys_poll+0x10/0x10
[ 1519.394258][T16192]  ? do_syscall_64+0xbe/0xf80
[ 1519.394282][T16192]  do_syscall_64+0xfa/0xf80
[ 1519.394302][T16192]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1519.394321][T16192]  ? clear_bhb_loop+0x60/0xb0
[ 1519.394344][T16192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1519.394363][T16192] RIP: 0033:0x7f953b8df749
[ 1519.394381][T16192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1519.394397][T16192] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[ 1519.394419][T16192] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1519.394433][T16192] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000200000000240
[ 1519.394446][T16192] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1519.394458][T16192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1519.394471][T16192] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1519.394510][T16192]  </TASK>
[ 1519.454245][T16205] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2288'.
[ 1520.107494][ T5974] usb 3-1: USB disconnect, device number 22
[ 1520.133703][ T5974] usblp0: removed
[ 1520.223370][T16209] FAULT_INJECTION: forcing a failure.
[ 1520.223370][T16209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1520.223408][T16209] CPU: 1 UID: 0 PID: 16209 Comm: syz.8.2287 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1520.223445][T16209] Tainted: [L]=SOFTLOCKUP
[ 1520.223452][T16209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1520.223465][T16209] Call Trace:
[ 1520.223473][T16209]  <TASK>
[ 1520.223482][T16209]  dump_stack_lvl+0x189/0x250
[ 1520.223511][T16209]  ? __pfx____ratelimit+0x10/0x10
[ 1520.223541][T16209]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1520.223565][T16209]  ? __pfx__printk+0x10/0x10
[ 1520.223585][T16209]  ? __might_fault+0xb0/0x130
[ 1520.223622][T16209]  should_fail_ex+0x46c/0x600
[ 1520.223652][T16209]  _copy_from_user+0x2d/0xb0
[ 1520.223672][T16209]  __sys_bpf+0x1e3/0x860
[ 1520.223698][T16209]  ? __pfx___sys_bpf+0x10/0x10
[ 1520.223717][T16209]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1520.223756][T16209]  ? ksys_write+0x230/0x260
[ 1520.223783][T16209]  ? __pfx_ksys_write+0x10/0x10
[ 1520.223812][T16209]  __x64_sys_bpf+0x7c/0x90
[ 1520.223832][T16209]  do_syscall_64+0xfa/0xf80
[ 1520.223853][T16209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1520.223871][T16209]  ? clear_bhb_loop+0x60/0xb0
[ 1520.223892][T16209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1520.223911][T16209] RIP: 0033:0x7f8026a2f749
[ 1520.223928][T16209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1520.223945][T16209] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1520.223966][T16209] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1520.223981][T16209] RDX: 0000000000000022 RSI: 0000200000001bc0 RDI: 000000000000000a
[ 1520.223993][T16209] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1520.224006][T16209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1520.224018][T16209] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1520.224050][T16209]  </TASK>
[ 1520.612136][ T3988] hsr_slave_0: left promiscuous mode
[ 1520.633106][ T3988] hsr_slave_1: left promiscuous mode
[ 1520.634070][ T3988] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1520.663580][ T3988] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1522.272049][T14734] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1522.456604][T14734] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[ 1522.456664][T14734] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1522.456692][T14734] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1522.456717][T14734] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1522.456753][T14734] usb 1-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[ 1522.456778][T14734] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1522.464825][T14734] usb 1-1: config 0 descriptor??
[ 1522.654596][T16236] FAULT_INJECTION: forcing a failure.
[ 1522.654596][T16236] name failslab, interval 1, probability 0, space 0, times 0
[ 1522.654634][T16236] CPU: 0 UID: 0 PID: 16236 Comm: syz.2.2302 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1522.654658][T16236] Tainted: [L]=SOFTLOCKUP
[ 1522.654662][T16236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1522.654670][T16236] Call Trace:
[ 1522.654675][T16236]  <TASK>
[ 1522.654680][T16236]  dump_stack_lvl+0x189/0x250
[ 1522.654699][T16236]  ? __pfx____ratelimit+0x10/0x10
[ 1522.654727][T16236]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1522.654752][T16236]  ? __pfx__printk+0x10/0x10
[ 1522.654778][T16236]  ? __pfx___might_resched+0x10/0x10
[ 1522.654804][T16236]  should_fail_ex+0x46c/0x600
[ 1522.654830][T16236]  should_failslab+0xa8/0x100
[ 1522.654842][T16236]  __kmalloc_noprof+0xe0/0x7e0
[ 1522.654857][T16236]  ? kfree+0x4d/0x900
[ 1522.654869][T16236]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1522.654895][T16236]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1522.654917][T16236]  ? tomoyo_domain+0xd9/0x130
[ 1522.654943][T16236]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1522.654969][T16236]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1522.654994][T16236]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1522.655010][T16236]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1522.655021][T16236]  ? lockdep_hardirqs_on+0x98/0x140
[ 1522.655061][T16236]  ? __fget_files+0x2a/0x420
[ 1522.655086][T16236]  ? __fget_files+0x3a6/0x420
[ 1522.655104][T16236]  ? __fget_files+0x2a/0x420
[ 1522.655126][T16236]  security_file_ioctl+0xcb/0x2d0
[ 1522.655152][T16236]  __se_sys_ioctl+0x47/0x170
[ 1522.655182][T16236]  do_syscall_64+0xfa/0xf80
[ 1522.655203][T16236]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.655222][T16236]  ? clear_bhb_loop+0x60/0xb0
[ 1522.655246][T16236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1522.655272][T16236] RIP: 0033:0x7f953b8df749
[ 1522.655290][T16236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1522.655307][T16236] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1522.655323][T16236] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1522.655331][T16236] RDX: 0000200000000180 RSI: 0000000040049366 RDI: 000000000000000a
[ 1522.655338][T16236] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1522.655345][T16236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1522.655352][T16236] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1522.655379][T16236]  </TASK>
[ 1522.655388][T16236] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1522.942813][T14734] logitech 0003:046D:C24F.000D: unbalanced collection at end of report description
[ 1522.943666][T14734] logitech 0003:046D:C24F.000D: parse failed
[ 1522.943774][T14734] logitech 0003:046D:C24F.000D: probe with driver logitech failed with error -22
[ 1523.151779][ T5985] usb 1-1: USB disconnect, device number 74
[ 1523.763261][T16257] sd 0:0:1:0: device reset
[ 1524.415303][ T3988] team0 (unregistering): Port device team_slave_1 removed
[ 1524.634601][T16272] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2317'.
[ 1524.637417][T16274] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2317'.
[ 1524.640649][T16275] binder: 16271:16275 ioctl 4602 200000000480 returned -22
[ 1524.641150][T16274] binder: 16271:16274 ioctl 40086602 2000000002c0 returned -22
[ 1524.694568][ T3988] team0 (unregistering): Port device team_slave_0 removed
[ 1526.282416][T14736] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1526.554447][T14736] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1526.554486][T14736] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1526.554514][T14736] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1526.554539][T14736] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1526.554583][T14736] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1526.554608][T14736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1526.565601][T14736] usb 5-1: config 0 descriptor??
[ 1526.828570][T16291] FAULT_INJECTION: forcing a failure.
[ 1526.828570][T16291] name failslab, interval 1, probability 0, space 0, times 0
[ 1526.828606][T16291] CPU: 0 UID: 0 PID: 16291 Comm: syz.0.2322 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1526.828634][T16291] Tainted: [L]=SOFTLOCKUP
[ 1526.828641][T16291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1526.828654][T16291] Call Trace:
[ 1526.828662][T16291]  <TASK>
[ 1526.828671][T16291]  dump_stack_lvl+0x189/0x250
[ 1526.828699][T16291]  ? __pfx____ratelimit+0x10/0x10
[ 1526.828727][T16291]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1526.828752][T16291]  ? __pfx__printk+0x10/0x10
[ 1526.828777][T16291]  ? __pfx___might_resched+0x10/0x10
[ 1526.828797][T16291]  ? fs_reclaim_acquire+0x7d/0x100
[ 1526.828820][T16291]  should_fail_ex+0x46c/0x600
[ 1526.828850][T16291]  should_failslab+0xa8/0x100
[ 1526.828872][T16291]  __kmalloc_cache_noprof+0x84/0x6d0
[ 1526.828897][T16291]  ? __lock_acquire+0x6b6/0x2cf0
[ 1526.828921][T16291]  ? alloc_pipe_info+0xe9/0x4d0
[ 1526.828952][T16291]  alloc_pipe_info+0xe9/0x4d0
[ 1526.828981][T16291]  splice_direct_to_actor+0xa6e/0xcd0
[ 1526.829010][T16291]  ? __lock_acquire+0x6b6/0x2cf0
[ 1526.829047][T16291]  ? get_pid_task+0x20/0x1f0
[ 1526.829074][T16291]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1526.829096][T16291]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1526.829127][T16291]  do_splice_direct+0x187/0x270
[ 1526.829151][T16291]  ? __pfx_do_splice_direct+0x10/0x10
[ 1526.829173][T16291]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1526.829202][T16291]  ? rw_verify_area+0x25b/0x4e0
[ 1526.829231][T16291]  do_sendfile+0x4ec/0x7f0
[ 1526.829251][T16291]  ? __pfx_vfs_write+0x10/0x10
[ 1526.829282][T16291]  ? __pfx_do_sendfile+0x10/0x10
[ 1526.829316][T16291]  __se_sys_sendfile64+0x13e/0x190
[ 1526.829339][T16291]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1526.829364][T16291]  ? do_syscall_64+0xbe/0xf80
[ 1526.829387][T16291]  do_syscall_64+0xfa/0xf80
[ 1526.829407][T16291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1526.829426][T16291]  ? clear_bhb_loop+0x60/0xb0
[ 1526.829450][T16291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1526.829469][T16291] RIP: 0033:0x7fbeaef6f749
[ 1526.829487][T16291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1526.829503][T16291] RSP: 002b:00007fbead1d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1526.829524][T16291] RAX: ffffffffffffffda RBX: 00007fbeaf1c5fa0 RCX: 00007fbeaef6f749
[ 1526.829538][T16291] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[ 1526.829551][T16291] RBP: 00007fbead1d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1526.829563][T16291] R10: 0000020000023893 R11: 0000000000000246 R12: 0000000000000001
[ 1526.829575][T16291] R13: 00007fbeaf1c6038 R14: 00007fbeaf1c5fa0 R15: 00007ffe40f923e8
[ 1526.829607][T16291]  </TASK>
[ 1526.996212][T14736] usbhid 5-1:0.0: can't add hid device: -71
[ 1526.996341][T14736] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1527.000675][T14736] usb 5-1: USB disconnect, device number 25
[ 1527.515745][T16301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1527.516078][T16301] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1527.762060][T14736] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 1528.269796][T16316] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2329'.
[ 1528.429398][T16315] netlink: 152 bytes leftover after parsing attributes in process `syz.8.2330'.
[ 1528.562775][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805b1c2000: rx timeout, send abort
[ 1529.289650][T16326] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3)
[ 1529.289680][T16326] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1529.290068][T16326] vhci_hcd vhci_hcd.0: Device attached
[ 1529.294305][T16326] vhci_hcd vhci_hcd.0: pdev(8) rhport(1) sockfd(5)
[ 1529.294332][T16326] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1529.294450][T16326] vhci_hcd vhci_hcd.0: Device attached
[ 1529.297264][T16326] vhci_hcd vhci_hcd.0: pdev(8) rhport(2) sockfd(7)
[ 1529.297290][T16326] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1529.297410][T16326] vhci_hcd vhci_hcd.0: Device attached
[ 1529.300435][T16326] vhci_hcd vhci_hcd.0: pdev(8) rhport(3) sockfd(9)
[ 1529.300458][T16326] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1529.300566][T16326] vhci_hcd vhci_hcd.0: Device attached
[ 1529.312727][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1529.313379][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1529.539850][T16330] vhci_hcd: connection closed
[ 1529.541007][T16327] vhci_hcd: connection closed
[ 1529.554115][T15085] vhci_hcd vhci_hcd.8: stop threads
[ 1529.554143][T15085] vhci_hcd vhci_hcd.8: release socket
[ 1529.554369][T15085] vhci_hcd vhci_hcd.8: disconnect device
[ 1529.554688][T15085] vhci_hcd vhci_hcd.8: stop threads
[ 1529.554703][T15085] vhci_hcd vhci_hcd.8: release socket
[ 1529.554891][T15085] vhci_hcd vhci_hcd.8: disconnect device
[ 1529.571980][T14795] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1529.592246][ T5897] usb 49-1: new low-speed USB device number 2 using vhci_hcd
[ 1529.592324][ T5897] usb 49-1: enqueue for inactive port 0
[ 1529.621895][T16332] vhci_hcd: connection closed
[ 1529.625993][T16334] vhci_hcd: connection closed
[ 1529.626041][T15085] vhci_hcd vhci_hcd.8: stop threads
[ 1529.626069][T15085] vhci_hcd vhci_hcd.8: release socket
[ 1529.626860][T15085] vhci_hcd vhci_hcd.8: disconnect device
[ 1529.627299][T15085] vhci_hcd vhci_hcd.8: stop threads
[ 1529.627319][T15085] vhci_hcd vhci_hcd.8: release socket
[ 1529.627711][T15085] vhci_hcd vhci_hcd.8: disconnect device
[ 1529.662100][ T5897] vhci_hcd vhci_hcd.8: vhci_device speed not set
[ 1530.193032][T16349] FAULT_INJECTION: forcing a failure.
[ 1530.193032][T16349] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1530.193070][T16349] CPU: 0 UID: 0 PID: 16349 Comm: syz.8.2337 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1530.193098][T16349] Tainted: [L]=SOFTLOCKUP
[ 1530.193105][T16349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1530.193117][T16349] Call Trace:
[ 1530.193124][T16349]  <TASK>
[ 1530.193133][T16349]  dump_stack_lvl+0x189/0x250
[ 1530.193163][T16349]  ? __pfx____ratelimit+0x10/0x10
[ 1530.193191][T16349]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1530.193215][T16349]  ? __pfx__printk+0x10/0x10
[ 1530.193235][T16349]  ? __might_fault+0xb0/0x130
[ 1530.193273][T16349]  should_fail_ex+0x46c/0x600
[ 1530.193302][T16349]  _copy_from_user+0x2d/0xb0
[ 1530.193323][T16349]  ___sys_sendmsg+0x158/0x2a0
[ 1530.193350][T16349]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1530.193408][T16349]  ? __fget_files+0x2a/0x420
[ 1530.193428][T16349]  ? __fget_files+0x3a6/0x420
[ 1530.193458][T16349]  __x64_sys_sendmsg+0x1a1/0x260
[ 1530.193484][T16349]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1530.193516][T16349]  ? __pfx_ksys_write+0x10/0x10
[ 1530.193546][T16349]  ? do_syscall_64+0xbe/0xf80
[ 1530.193569][T16349]  do_syscall_64+0xfa/0xf80
[ 1530.193588][T16349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.193608][T16349]  ? clear_bhb_loop+0x60/0xb0
[ 1530.193630][T16349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.193649][T16349] RIP: 0033:0x7f8026a2f749
[ 1530.193666][T16349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1530.193683][T16349] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1530.193704][T16349] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1530.193719][T16349] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1530.193732][T16349] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1530.193745][T16349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1530.193763][T16349] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1530.193795][T16349]  </TASK>
[ 1530.322061][ T5814] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1530.337318][T16352] netlink: 144 bytes leftover after parsing attributes in process `syz.8.2338'.
[ 1530.471928][ T5814] usb 1-1: Using ep0 maxpacket: 16
[ 1530.481510][ T5814] usb 1-1: config 0 has an invalid interface number: 217 but max is 0
[ 1530.481542][ T5814] usb 1-1: config 0 has no interface number 0
[ 1530.481579][ T5814] usb 1-1: config 0 interface 217 has no altsetting 0
[ 1530.495490][ T5814] usb 1-1: New USB device found, idVendor=1604, idProduct=8005, bcdDevice=ce.a8
[ 1530.495523][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1530.495545][ T5814] usb 1-1: Product: syz
[ 1530.495560][ T5814] usb 1-1: Manufacturer: syz
[ 1530.495576][ T5814] usb 1-1: SerialNumber: syz
[ 1530.510021][ T5814] usb 1-1: config 0 descriptor??
[ 1530.970209][T16358] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2336'.
[ 1530.970236][T16358] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2336'.
[ 1530.970253][T16358] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2336'.
[ 1531.174900][T12821] usb 1-1: USB disconnect, device number 76
[ 1531.435929][T15919] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1531.561095][T16363] netlink: 152 bytes leftover after parsing attributes in process `syz.8.2341'.
[ 1531.669237][T15919] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1531.759649][T16365] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2342'.
[ 1532.500053][    C1] vcan0: j1939_tp_rxtimer: 0xffff888035484c00: rx timeout, send abort
[ 1532.718424][T15919] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1532.790135][T15919] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1532.851791][T16374] overlayfs: failed to resolve './file0': -2
[ 1532.893300][T16379] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(3)
[ 1532.893326][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1532.893744][T16379] vhci_hcd vhci_hcd.0: Device attached
[ 1532.903055][T16379] vhci_hcd vhci_hcd.0: pdev(8) rhport(1) sockfd(5)
[ 1532.903081][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1532.903205][T16379] vhci_hcd vhci_hcd.0: Device attached
[ 1532.940811][T16379] vhci_hcd vhci_hcd.0: pdev(8) rhport(2) sockfd(7)
[ 1532.940838][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1532.940966][T16379] vhci_hcd vhci_hcd.0: Device attached
[ 1532.947753][T16379] vhci_hcd vhci_hcd.0: pdev(8) rhport(3) sockfd(9)
[ 1532.947782][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1532.947902][T16379] vhci_hcd vhci_hcd.0: Device attached
[ 1532.993123][T16391] vhci_hcd: connection closed
[ 1532.993474][T16389] vhci_hcd: connection closed
[ 1532.993925][T16384] vhci_hcd: connection closed
[ 1532.994865][T16387] vhci_hcd: connection closed
[ 1532.995392][   T12] vhci_hcd vhci_hcd.8: stop threads
[ 1532.995416][   T12] vhci_hcd vhci_hcd.8: release socket
[ 1532.995463][   T12] vhci_hcd vhci_hcd.8: disconnect device
[ 1532.995740][   T12] vhci_hcd vhci_hcd.8: stop threads
[ 1532.995755][   T12] vhci_hcd vhci_hcd.8: release socket
[ 1532.995796][   T12] vhci_hcd vhci_hcd.8: disconnect device
[ 1532.996058][   T12] vhci_hcd vhci_hcd.8: stop threads
[ 1532.996072][   T12] vhci_hcd vhci_hcd.8: release socket
[ 1532.996106][   T12] vhci_hcd vhci_hcd.8: disconnect device
[ 1532.996367][   T12] vhci_hcd vhci_hcd.8: stop threads
[ 1532.996381][   T12] vhci_hcd vhci_hcd.8: release socket
[ 1532.996415][   T12] vhci_hcd vhci_hcd.8: disconnect device
[ 1533.130123][T15919] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1533.154252][T15919] 8021q: adding VLAN 0 to HW filter on device team0
[ 1533.219031][T15919] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1533.219055][T15919] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1533.265050][  T807] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1533.265236][  T807] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1533.289331][  T807] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1533.289470][  T807] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1535.403434][    C1] vcan0: j1939_tp_rxtimer: 0xffff888032620800: rx timeout, send abort
[ 1535.793906][T16420] overlayfs: failed to resolve './file1': -2
[ 1535.888693][T15919] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1535.957965][T16428] FAULT_INJECTION: forcing a failure.
[ 1535.957965][T16428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1535.957990][T16428] CPU: 1 UID: 0 PID: 16428 Comm: syz.8.2360 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1535.958006][T16428] Tainted: [L]=SOFTLOCKUP
[ 1535.958011][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1535.958018][T16428] Call Trace:
[ 1535.958023][T16428]  <TASK>
[ 1535.958029][T16428]  dump_stack_lvl+0x189/0x250
[ 1535.958047][T16428]  ? __pfx____ratelimit+0x10/0x10
[ 1535.958064][T16428]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1535.958078][T16428]  ? __pfx__printk+0x10/0x10
[ 1535.958097][T16428]  should_fail_ex+0x46c/0x600
[ 1535.958115][T16428]  _copy_to_user+0x31/0xb0
[ 1535.958127][T16428]  simple_read_from_buffer+0xe1/0x170
[ 1535.958142][T16428]  proc_fail_nth_read+0x1b6/0x220
[ 1535.958162][T16428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1535.958178][T16428]  ? rw_verify_area+0x2ac/0x4e0
[ 1535.958192][T16428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1535.958208][T16428]  vfs_read+0x206/0xa30
[ 1535.958226][T16428]  ? __pfx_vfs_read+0x10/0x10
[ 1535.958247][T16428]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1535.958266][T16428]  ? mutex_lock_nested+0x154/0x1d0
[ 1535.958279][T16428]  ? fdget_pos+0x253/0x320
[ 1535.958295][T16428]  ksys_read+0x14b/0x260
[ 1535.958311][T16428]  ? __pfx_ksys_read+0x10/0x10
[ 1535.958326][T16428]  ? do_syscall_64+0xbe/0xf80
[ 1535.958339][T16428]  do_syscall_64+0xfa/0xf80
[ 1535.958350][T16428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1535.958361][T16428]  ? clear_bhb_loop+0x60/0xb0
[ 1535.958374][T16428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1535.958385][T16428] RIP: 0033:0x7f8026a2e15c
[ 1535.958396][T16428] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1535.958405][T16428] RSP: 002b:00007f8024c8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1535.958418][T16428] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2e15c
[ 1535.958426][T16428] RDX: 000000000000000f RSI: 00007f8024c8e0a0 RDI: 0000000000000005
[ 1535.958433][T16428] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1535.958440][T16428] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[ 1535.958446][T16428] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1535.958464][T16428]  </TASK>
[ 1536.456050][T16443] FAULT_INJECTION: forcing a failure.
[ 1536.456050][T16443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1536.456087][T16443] CPU: 1 UID: 0 PID: 16443 Comm: syz.2.2365 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1536.456115][T16443] Tainted: [L]=SOFTLOCKUP
[ 1536.456122][T16443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1536.456134][T16443] Call Trace:
[ 1536.456142][T16443]  <TASK>
[ 1536.456151][T16443]  dump_stack_lvl+0x189/0x250
[ 1536.456180][T16443]  ? __pfx____ratelimit+0x10/0x10
[ 1536.456210][T16443]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1536.456235][T16443]  ? __pfx__printk+0x10/0x10
[ 1536.456255][T16443]  ? __might_fault+0xb0/0x130
[ 1536.456292][T16443]  should_fail_ex+0x46c/0x600
[ 1536.456322][T16443]  _copy_from_user+0x2d/0xb0
[ 1536.456342][T16443]  ___sys_sendmsg+0x158/0x2a0
[ 1536.456370][T16443]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1536.456429][T16443]  ? __fget_files+0x2a/0x420
[ 1536.456449][T16443]  ? __fget_files+0x3a6/0x420
[ 1536.456479][T16443]  __x64_sys_sendmsg+0x1a1/0x260
[ 1536.456505][T16443]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1536.456538][T16443]  ? __pfx_ksys_write+0x10/0x10
[ 1536.456568][T16443]  ? do_syscall_64+0xbe/0xf80
[ 1536.456591][T16443]  do_syscall_64+0xfa/0xf80
[ 1536.456612][T16443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.456631][T16443]  ? clear_bhb_loop+0x60/0xb0
[ 1536.456654][T16443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.456672][T16443] RIP: 0033:0x7f953b8df749
[ 1536.456689][T16443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1536.456706][T16443] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1536.456726][T16443] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1536.456740][T16443] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1536.456753][T16443] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1536.456766][T16443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.456778][T16443] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1536.456811][T16443]  </TASK>
[ 1536.846657][T16451] overlayfs: failed to resolve './file1': -2
[ 1537.149610][T16459] netlink: 180 bytes leftover after parsing attributes in process `syz.8.2372'.
[ 1537.150824][T16459] FAULT_INJECTION: forcing a failure.
[ 1537.150824][T16459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1537.150859][T16459] CPU: 0 UID: 0 PID: 16459 Comm: syz.8.2372 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1537.150886][T16459] Tainted: [L]=SOFTLOCKUP
[ 1537.150893][T16459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1537.150906][T16459] Call Trace:
[ 1537.150914][T16459]  <TASK>
[ 1537.150923][T16459]  dump_stack_lvl+0x189/0x250
[ 1537.150952][T16459]  ? __pfx____ratelimit+0x10/0x10
[ 1537.150980][T16459]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1537.151005][T16459]  ? __pfx__printk+0x10/0x10
[ 1537.151025][T16459]  ? __might_fault+0xb0/0x130
[ 1537.151063][T16459]  should_fail_ex+0x46c/0x600
[ 1537.151093][T16459]  _copy_to_iter+0x1de/0x1790
[ 1537.151119][T16459]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1537.151141][T16459]  ? rt_spin_lock+0x1c1/0x3e0
[ 1537.151173][T16459]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1537.151198][T16459]  ? __pfx__copy_to_iter+0x10/0x10
[ 1537.151227][T16459]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1537.151263][T16459]  __skb_datagram_iter+0xf8/0x990
[ 1537.151292][T16459]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1537.151328][T16459]  skb_copy_datagram_iter+0xb5/0x210
[ 1537.151373][T16459]  netlink_recvmsg+0x2ab/0xa30
[ 1537.151399][T16459]  ? __lock_acquire+0x6b6/0x2cf0
[ 1537.151433][T16459]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1537.151468][T16459]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1537.151492][T16459]  ? security_socket_recvmsg+0x7e/0x2e0
[ 1537.151517][T16459]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1537.151542][T16459]  sock_recvmsg+0x22c/0x270
[ 1537.151575][T16459]  sock_read_iter+0x23a/0x2f0
[ 1537.151603][T16459]  ? __pfx_sock_read_iter+0x10/0x10
[ 1537.151652][T16459]  vfs_read+0x563/0xa30
[ 1537.151686][T16459]  ? __pfx_vfs_read+0x10/0x10
[ 1537.151723][T16459]  ? __fget_files+0x2a/0x420
[ 1537.151752][T16459]  ksys_read+0x14b/0x260
[ 1537.151779][T16459]  ? __pfx_ksys_read+0x10/0x10
[ 1537.151911][T16459]  ? do_syscall_64+0xbe/0xf80
[ 1537.151935][T16459]  do_syscall_64+0xfa/0xf80
[ 1537.151956][T16459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.151975][T16459]  ? clear_bhb_loop+0x60/0xb0
[ 1537.151996][T16459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.152015][T16459] RIP: 0033:0x7f8026a2f749
[ 1537.152033][T16459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1537.152069][T16459] RSP: 002b:00007f8024c8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1537.152091][T16459] RAX: ffffffffffffffda RBX: 00007f8026c85fa0 RCX: 00007f8026a2f749
[ 1537.152109][T16459] RDX: 000000000000effd RSI: 0000000000000000 RDI: 0000000000000003
[ 1537.152122][T16459] RBP: 00007f8024c8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1537.152137][T16459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1537.152149][T16459] R13: 00007f8026c86038 R14: 00007f8026c85fa0 R15: 00007fffdef53cc8
[ 1537.152187][T16459]  </TASK>
[ 1537.449765][T15919] veth0_vlan: entered promiscuous mode
[ 1537.475489][T15919] veth1_vlan: entered promiscuous mode
[ 1537.510270][T16463] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2354'.
[ 1537.644439][T15919] veth0_macvtap: entered promiscuous mode
[ 1537.650430][T15919] veth1_macvtap: entered promiscuous mode
[ 1537.746835][T15919] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1537.766459][T15919] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1537.786935][T14775] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1537.787199][T14775] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1537.787237][T14775] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1537.787272][T14775] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1537.806469][T16471] FAULT_INJECTION: forcing a failure.
[ 1537.806469][T16471] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.806508][T16471] CPU: 1 UID: 0 PID: 16471 Comm: syz.0.2377 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1537.806534][T16471] Tainted: [L]=SOFTLOCKUP
[ 1537.806542][T16471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1537.806554][T16471] Call Trace:
[ 1537.806565][T16471]  <TASK>
[ 1537.806574][T16471]  dump_stack_lvl+0x189/0x250
[ 1537.806602][T16471]  ? __pfx____ratelimit+0x10/0x10
[ 1537.806630][T16471]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1537.806655][T16471]  ? __pfx__printk+0x10/0x10
[ 1537.806681][T16471]  ? __pfx___might_resched+0x10/0x10
[ 1537.806705][T16471]  should_fail_ex+0x46c/0x600
[ 1537.806735][T16471]  should_failslab+0xa8/0x100
[ 1537.806756][T16471]  __kmalloc_noprof+0xe0/0x7e0
[ 1537.806782][T16471]  ? kfree+0x4d/0x900
[ 1537.806803][T16471]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1537.806835][T16471]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1537.806856][T16471]  ? tomoyo_domain+0xd9/0x130
[ 1537.806882][T16471]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1537.806908][T16471]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1537.806936][T16471]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1537.806965][T16471]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1537.806986][T16471]  ? lockdep_hardirqs_on+0x98/0x140
[ 1537.807033][T16471]  ? __fget_files+0x2a/0x420
[ 1537.807059][T16471]  ? __fget_files+0x3a6/0x420
[ 1537.807077][T16471]  ? __fget_files+0x2a/0x420
[ 1537.807101][T16471]  security_file_ioctl+0xcb/0x2d0
[ 1537.807129][T16471]  __se_sys_ioctl+0x47/0x170
[ 1537.807157][T16471]  do_syscall_64+0xfa/0xf80
[ 1537.807177][T16471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.807197][T16471]  ? clear_bhb_loop+0x60/0xb0
[ 1537.807220][T16471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.807238][T16471] RIP: 0033:0x7fbeaef6f749
[ 1537.807255][T16471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1537.807272][T16471] RSP: 002b:00007fbead1d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1537.807293][T16471] RAX: ffffffffffffffda RBX: 00007fbeaf1c5fa0 RCX: 00007fbeaef6f749
[ 1537.807307][T16471] RDX: 0000200000000000 RSI: 000000008028640c RDI: 0000000000000004
[ 1537.807320][T16471] RBP: 00007fbead1d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1537.807332][T16471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1537.807345][T16471] R13: 00007fbeaf1c6038 R14: 00007fbeaf1c5fa0 R15: 00007ffe40f923e8
[ 1537.807377][T16471]  </TASK>
[ 1537.811718][T16471] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1537.894203][T16472] netlink: 'syz.8.2375': attribute type 12 has an invalid length.
[ 1537.951993][T15409] Bluetooth: hci0: command 0x0405 tx timeout
[ 1538.216997][T16481] overlayfs: failed to resolve './file1': -2
[ 1538.773566][T16502] FAULT_INJECTION: forcing a failure.
[ 1538.773566][T16502] name failslab, interval 1, probability 0, space 0, times 0
[ 1538.773603][T16502] CPU: 1 UID: 0 PID: 16502 Comm: syz.2.2390 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1538.773631][T16502] Tainted: [L]=SOFTLOCKUP
[ 1538.773637][T16502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1538.773659][T16502] Call Trace:
[ 1538.773667][T16502]  <TASK>
[ 1538.773675][T16502]  dump_stack_lvl+0x189/0x250
[ 1538.773705][T16502]  ? __pfx____ratelimit+0x10/0x10
[ 1538.773731][T16502]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1538.773756][T16502]  ? __pfx__printk+0x10/0x10
[ 1538.773781][T16502]  ? __pfx___might_resched+0x10/0x10
[ 1538.773802][T16502]  ? fs_reclaim_acquire+0x7d/0x100
[ 1538.773825][T16502]  should_fail_ex+0x46c/0x600
[ 1538.773854][T16502]  ? getname_flags+0xb8/0x540
[ 1538.773872][T16502]  should_failslab+0xa8/0x100
[ 1538.773892][T16502]  ? getname_flags+0xb8/0x540
[ 1538.773909][T16502]  kmem_cache_alloc_noprof+0x84/0x6c0
[ 1538.773935][T16502]  ? __pfx_vfs_write+0x10/0x10
[ 1538.773964][T16502]  getname_flags+0xb8/0x540
[ 1538.773988][T16502]  do_sys_openat2+0xbc/0x200
[ 1538.774013][T16502]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1538.774038][T16502]  ? ksys_write+0x230/0x260
[ 1538.774065][T16502]  ? __pfx_ksys_write+0x10/0x10
[ 1538.774090][T16502]  __x64_sys_openat+0x138/0x170
[ 1538.774116][T16502]  do_syscall_64+0xfa/0xf80
[ 1538.774134][T16502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.774153][T16502]  ? clear_bhb_loop+0x60/0xb0
[ 1538.774177][T16502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.774196][T16502] RIP: 0033:0x7f953b8ddf90
[ 1538.774214][T16502] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[ 1538.774230][T16502] RSP: 002b:00007f9539b3df10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1538.774251][T16502] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f953b8ddf90
[ 1538.774265][T16502] RDX: 0000000000000002 RSI: 00007f9539b3dfa0 RDI: 00000000ffffff9c
[ 1538.774278][T16502] RBP: 00007f9539b3dfa0 R08: 0000000000000000 R09: 0000000000000000
[ 1538.774290][T16502] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1538.774301][T16502] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1538.774333][T16502]  </TASK>
[ 1538.809492][   T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1538.809513][   T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1539.281627][T16508] netlink: 152 bytes leftover after parsing attributes in process `syz.8.2391'.
[ 1539.283999][   T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1539.284018][   T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1540.120680][T16517] FAULT_INJECTION: forcing a failure.
[ 1540.120680][T16517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1540.120718][T16517] CPU: 1 UID: 0 PID: 16517 Comm: syz.4.2397 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1540.120745][T16517] Tainted: [L]=SOFTLOCKUP
[ 1540.120752][T16517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1540.120764][T16517] Call Trace:
[ 1540.120772][T16517]  <TASK>
[ 1540.120781][T16517]  dump_stack_lvl+0x189/0x250
[ 1540.120811][T16517]  ? __pfx____ratelimit+0x10/0x10
[ 1540.120841][T16517]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1540.120865][T16517]  ? __pfx__printk+0x10/0x10
[ 1540.120885][T16517]  ? __might_fault+0xb0/0x130
[ 1540.120924][T16517]  should_fail_ex+0x46c/0x600
[ 1540.120955][T16517]  _copy_from_user+0x2d/0xb0
[ 1540.120975][T16517]  __sys_bind+0x19f/0x3e0
[ 1540.120999][T16517]  ? __pfx___sys_bind+0x10/0x10
[ 1540.121031][T16517]  ? __pfx_ksys_write+0x10/0x10
[ 1540.121064][T16517]  __x64_sys_bind+0x7a/0x90
[ 1540.121085][T16517]  do_syscall_64+0xfa/0xf80
[ 1540.121106][T16517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1540.121126][T16517]  ? clear_bhb_loop+0x60/0xb0
[ 1540.121150][T16517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1540.121169][T16517] RIP: 0033:0x7f868d00f749
[ 1540.121187][T16517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1540.121204][T16517] RSP: 002b:00007f868b26e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1540.121225][T16517] RAX: ffffffffffffffda RBX: 00007f868d265fa0 RCX: 00007f868d00f749
[ 1540.121240][T16517] RDX: 000000000000000a RSI: 00002000000001c0 RDI: 0000000000000005
[ 1540.121253][T16517] RBP: 00007f868b26e090 R08: 0000000000000000 R09: 0000000000000000
[ 1540.121265][T16517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1540.121277][T16517] R13: 00007f868d266038 R14: 00007f868d265fa0 R15: 00007fff7f4fbc78
[ 1540.121309][T16517]  </TASK>
[ 1541.213897][T16526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1541.214291][T16526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1541.425151][ T5997] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1541.468745][T16535] FAULT_INJECTION: forcing a failure.
[ 1541.468745][T16535] name failslab, interval 1, probability 0, space 0, times 0
[ 1541.468783][T16535] CPU: 0 UID: 0 PID: 16535 Comm: syz.2.2404 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1541.468811][T16535] Tainted: [L]=SOFTLOCKUP
[ 1541.468818][T16535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1541.468831][T16535] Call Trace:
[ 1541.468839][T16535]  <TASK>
[ 1541.468849][T16535]  dump_stack_lvl+0x189/0x250
[ 1541.468879][T16535]  ? __pfx____ratelimit+0x10/0x10
[ 1541.468909][T16535]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1541.468934][T16535]  ? __pfx__printk+0x10/0x10
[ 1541.468960][T16535]  ? __pfx___might_resched+0x10/0x10
[ 1541.468986][T16535]  should_fail_ex+0x46c/0x600
[ 1541.469018][T16535]  should_failslab+0xa8/0x100
[ 1541.469041][T16535]  __kmalloc_noprof+0xe0/0x7e0
[ 1541.469067][T16535]  ? kfree+0x4d/0x900
[ 1541.469088][T16535]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1541.469115][T16535]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1541.469137][T16535]  ? tomoyo_domain+0xd9/0x130
[ 1541.469163][T16535]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1541.469189][T16535]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1541.469218][T16535]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1541.469248][T16535]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1541.469269][T16535]  ? lockdep_hardirqs_on+0x98/0x140
[ 1541.469319][T16535]  ? __fget_files+0x2a/0x420
[ 1541.469346][T16535]  ? __fget_files+0x3a6/0x420
[ 1541.469365][T16535]  ? __fget_files+0x2a/0x420
[ 1541.469397][T16535]  security_file_ioctl+0xcb/0x2d0
[ 1541.469426][T16535]  __se_sys_ioctl+0x47/0x170
[ 1541.469454][T16535]  do_syscall_64+0xfa/0xf80
[ 1541.469476][T16535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1541.469499][T16535]  ? clear_bhb_loop+0x60/0xb0
[ 1541.469523][T16535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1541.469542][T16535] RIP: 0033:0x7f953b8df749
[ 1541.469559][T16535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1541.469575][T16535] RSP: 002b:00007f9539b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1541.469596][T16535] RAX: ffffffffffffffda RBX: 00007f953bb35fa0 RCX: 00007f953b8df749
[ 1541.469611][T16535] RDX: 0000000000000000 RSI: 0000000040184152 RDI: 0000000000000005
[ 1541.469624][T16535] RBP: 00007f9539b3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1541.469637][T16535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1541.469648][T16535] R13: 00007f953bb36038 R14: 00007f953bb35fa0 R15: 00007ffef566ea68
[ 1541.469680][T16535]  </TASK>
[ 1541.469789][T16535] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1541.501986][ T5897] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1541.688443][ T5897] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1541.688474][ T5897] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1541.688495][ T5897] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1541.688551][ T5897] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1541.743572][ T5897] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1541.743604][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1541.743625][ T5897] usb 6-1: Product: syz
[ 1541.743640][ T5897] usb 6-1: Manufacturer: syz
[ 1541.772021][ T5997] usb 9-1: Using ep0 maxpacket: 32
[ 1541.802618][ T5997] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1541.802647][ T5997] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1541.812087][ T5897] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1541.873060][ T5997] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1541.873094][ T5997] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=3
[ 1541.873118][ T5997] usb 9-1: Manufacturer: syz
[ 1541.873134][ T5997] usb 9-1: SerialNumber: syz
[ 1542.085803][ T5997] usb 9-1: Audio class v2/v3 interfaces need an interface association
[ 1542.130639][ T5997] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1542.143390][ T5997] usb 9-1: USB disconnect, device number 10
[ 1542.180758][ T5897] usb 6-1: USB disconnect, device number 27
[ 1542.497008][T16552] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2409'.
[ 1543.615955][T16564] FAULT_INJECTION: forcing a failure.
[ 1543.615955][T16564] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1543.616076][T16564] CPU: 1 UID: 0 PID: 16564 Comm: syz.0.2413 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1543.616101][T16564] Tainted: [L]=SOFTLOCKUP
[ 1543.616108][T16564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1543.616120][T16564] Call Trace:
[ 1543.616128][T16564]  <TASK>
[ 1543.616137][T16564]  dump_stack_lvl+0x189/0x250
[ 1543.616165][T16564]  ? __pfx____ratelimit+0x10/0x10
[ 1543.616201][T16564]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1543.616225][T16564]  ? __pfx__printk+0x10/0x10
[ 1543.616247][T16564]  ? fs_reclaim_acquire+0x7d/0x100
[ 1543.616273][T16564]  should_fail_ex+0x46c/0x600
[ 1543.616303][T16564]  prepare_alloc_pages+0x22b/0x6c0
[ 1543.616329][T16564]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1543.616352][T16564]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1543.616381][T16564]  ? policy_nodemask+0x27c/0x720
[ 1543.616406][T16564]  alloc_pages_mpol+0xd1/0x380
[ 1543.616428][T16564]  ___kmalloc_large_node+0x4e/0x150
[ 1543.616456][T16564]  __kmalloc_large_node_noprof+0x18/0x90
[ 1543.616485][T16564]  __kmalloc_noprof+0x4cb/0x7e0
[ 1543.616509][T16564]  ? iovec_from_user+0x87/0x250
[ 1543.616526][T16564]  ? register_lock_class+0x51/0x320
[ 1543.616555][T16564]  iovec_from_user+0x87/0x250
[ 1543.616572][T16564]  ? __lock_acquire+0x6b6/0x2cf0
[ 1543.616598][T16564]  __import_iovec+0x163/0x7f0
[ 1543.616614][T16564]  ? register_lock_class+0x51/0x320
[ 1543.616646][T16564]  import_iovec+0x74/0xa0
[ 1543.616668][T16564]  vfs_writev+0x1a6/0x970
[ 1543.616689][T16564]  ? do_raw_spin_lock+0x121/0x290
[ 1543.616715][T16564]  ? __pfx_vfs_writev+0x10/0x10
[ 1543.616755][T16564]  ? mutex_lock_nested+0x154/0x1d0
[ 1543.616778][T16564]  ? fdget_pos+0x253/0x320
[ 1543.616807][T16564]  do_writev+0x153/0x2d0
[ 1543.616830][T16564]  ? __pfx_do_writev+0x10/0x10
[ 1543.616853][T16564]  ? do_syscall_64+0xbe/0xf80
[ 1543.616877][T16564]  do_syscall_64+0xfa/0xf80
[ 1543.616897][T16564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1543.616916][T16564]  ? clear_bhb_loop+0x60/0xb0
[ 1543.616940][T16564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1543.616959][T16564] RIP: 0033:0x7fbeaef6f749
[ 1543.616978][T16564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1543.616994][T16564] RSP: 002b:00007fbead1d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1543.617015][T16564] RAX: ffffffffffffffda RBX: 00007fbeaf1c5fa0 RCX: 00007fbeaef6f749
[ 1543.617029][T16564] RDX: 100000000000022d RSI: 00002000000003c0 RDI: 0000000000000003
[ 1543.617043][T16564] RBP: 00007fbead1d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1543.617055][T16564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1543.617068][T16564] R13: 00007fbeaf1c6038 R14: 00007fbeaf1c5fa0 R15: 00007ffe40f923e8
[ 1543.617099][T16564]  </TASK>
[ 1544.847115][T16583] xt_l2tp: missing protocol rule (udp|l2tpip)
[ 1544.900596][T16586] team_slave_0: entered promiscuous mode
[ 1544.900647][T16586] team_slave_1: entered promiscuous mode
[ 1545.853247][T16579] team_slave_0: left promiscuous mode
[ 1545.853312][T16579] team_slave_1: left promiscuous mode
[ 1546.661998][T14734] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1546.813540][T14734] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1546.813559][T14734] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1546.814623][T14734] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1546.814639][T14734] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1546.814651][T14734] usb 6-1: SerialNumber: syz
[ 1548.316755][T14734] usb 6-1: 0:2 : does not exist
[ 1549.233896][T14734] usb 6-1: USB disconnect, device number 28
[ 1549.287144][T16586] infiniband syz1: set active
[ 1549.287166][T16586] infiniband syz1: added veth0_to_team
[ 1550.451354][T16586] RDS/IB: syz1: added
[ 1550.459406][T16586] smc: adding ib device syz1 with port count 1
[ 1550.459742][T16586] smc:    ib device syz1 port 1 has no pnetid
[ 1550.853573][T16644] FAULT_INJECTION: forcing a failure.
[ 1550.853573][T16644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1550.853611][T16644] CPU: 1 UID: 0 PID: 16644 Comm: syz.0.2444 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1550.853639][T16644] Tainted: [L]=SOFTLOCKUP
[ 1550.853646][T16644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1550.853658][T16644] Call Trace:
[ 1550.853667][T16644]  <TASK>
[ 1550.853676][T16644]  dump_stack_lvl+0x189/0x250
[ 1550.853706][T16644]  ? __pfx____ratelimit+0x10/0x10
[ 1550.853737][T16644]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1550.853777][T16644]  ? __pfx__printk+0x10/0x10
[ 1550.853797][T16644]  ? __might_fault+0xb0/0x130
[ 1550.853836][T16644]  should_fail_ex+0x46c/0x600
[ 1550.853868][T16644]  _copy_from_user+0x2d/0xb0
[ 1550.853888][T16644]  ___sys_recvmsg+0x12e/0x510
[ 1550.853920][T16644]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1550.853943][T16644]  ? do_raw_spin_lock+0x121/0x290
[ 1550.853991][T16644]  ? __fget_files+0x3a6/0x420
[ 1550.854024][T16644]  __x64_sys_recvmsg+0x19e/0x260
[ 1550.854051][T16644]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1550.854086][T16644]  ? __pfx_ksys_write+0x10/0x10
[ 1550.854117][T16644]  ? do_syscall_64+0xbe/0xf80
[ 1550.854141][T16644]  do_syscall_64+0xfa/0xf80
[ 1550.854162][T16644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1550.854181][T16644]  ? clear_bhb_loop+0x60/0xb0
[ 1550.854205][T16644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1550.854224][T16644] RIP: 0033:0x7fbeaef6f749
[ 1550.854242][T16644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1550.854259][T16644] RSP: 002b:00007fbead1d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1550.854280][T16644] RAX: ffffffffffffffda RBX: 00007fbeaf1c5fa0 RCX: 00007fbeaef6f749
[ 1550.854295][T16644] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[ 1550.854307][T16644] RBP: 00007fbead1d6090 R08: 0000000000000000 R09: 0000000000000000
[ 1550.854320][T16644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1550.854332][T16644] R13: 00007fbeaf1c6038 R14: 00007fbeaf1c5fa0 R15: 00007ffe40f923e8
[ 1550.854365][T16644]  </TASK>
[ 1552.706552][ T5897] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1552.916198][ T5897] usb 6-1: config 0 has no interfaces?
[ 1552.920525][ T5897] usb 6-1: New USB device found, idVendor=0b05, idProduct=171d, bcdDevice=2b.6e
[ 1552.920552][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1552.920572][ T5897] usb 6-1: Product: syz
[ 1552.920585][ T5897] usb 6-1: Manufacturer: syz
[ 1552.920598][ T5897] usb 6-1: SerialNumber: syz
[ 1552.930275][ T5897] usb 6-1: config 0 descriptor??
[ 1553.154833][ T5997] usb 6-1: USB disconnect, device number 29
[ 1553.538228][T16670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1553.538733][T16670] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1553.792103][ T5897] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1553.962146][ T5897] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1553.962185][ T5897] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1553.962228][ T5897] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1553.962253][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1553.983077][T16669] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1554.006899][ T5897] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1554.208026][ T5997] usb 5-1: USB disconnect, device number 27
[ 1555.791990][ T5997] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1555.928042][T16702] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1555.939856][T16702] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1555.959293][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1555.959329][ T5997] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1555.959352][ T5997] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1555.959394][ T5997] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1555.959417][ T5997] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1556.024622][ T5997] usb 6-1: config 0 descriptor??
[ 1556.368498][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1556.368627][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1556.443036][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.443077][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.443107][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.443137][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.443166][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.443195][ T5997] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[ 1556.500966][ T5997] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1556.704515][ T5997] usb 6-1: USB disconnect, device number 30
[ 1556.766778][T16702] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1556.786140][T16702] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1557.952825][ T3988] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1558.043884][ T3988] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1558.144738][ T3988] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1558.144789][ T3988] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1558.183736][T16806] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2515'.
[ 1558.184091][T16806] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2515'.
[ 1558.490975][T16818] tun0: tun_chr_ioctl cmd 1074025677
[ 1558.491101][T16818] tun0: linktype set to 769
[ 1558.767757][T15408] block nbd1: Receive control failed (result -32)
[ 1560.224556][T16859] NILFS (nullb0): couldn't find nilfs on the device
[ 1560.319580][   T37] audit: type=1326 audit(1766142127.036:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16863 comm="syz.0.2543" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbeaef6f749 code=0x0
[ 1561.662425][T16900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1561.692422][T16900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1561.978280][T16905] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2560'.
[ 1561.978308][T16905] tipc: Started in network mode
[ 1561.978325][T16905] tipc: Node identity 7, cluster identity 4711
[ 1561.978338][T16905] tipc: Node number set to 7
[ 1563.592108][T15408] Bluetooth: hci0: connection err: -111
[ 1564.491948][ T5997] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1564.643530][ T5997] usb 9-1: Using ep0 maxpacket: 32
[ 1564.658044][ T5997] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[ 1564.677119][ T5997] usb 9-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1564.677170][ T5997] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1564.677192][ T5997] usb 9-1: Product: syz
[ 1564.677207][ T5997] usb 9-1: Manufacturer: syz
[ 1564.677223][ T5997] usb 9-1: SerialNumber: syz
[ 1564.687512][ T5997] usb 9-1: config 0 descriptor??
[ 1564.736525][T16961] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1564.768943][ T5997] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input35
[ 1565.018101][T16989] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1565.034901][T14734] usb 9-1: USB disconnect, device number 11
[ 1565.034947][    C0] usbtouchscreen 9-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[ 1565.110022][T16993] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2599'.
[ 1565.110067][T16993] nbd: couldn't find a device at index 1074069516
[ 1566.992046][ T1146] wlan1: Trigger new scan to find an IBSS to join
[ 1567.667821][T14734] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1567.875928][T14734] usb 1-1: Using ep0 maxpacket: 32
[ 1567.974403][T14734] usb 1-1: config 0 has an invalid interface number: 247 but max is 0
[ 1567.974481][T14734] usb 1-1: config 0 has no interface number 0
[ 1568.087683][T14734] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[ 1568.087764][T14734] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[ 1568.087810][T14734] usb 1-1: Product: syz
[ 1568.087866][T14734] usb 1-1: Manufacturer: syz
[ 1568.507423][T14734] usb 1-1: config 0 descriptor??
[ 1568.688610][T17047] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2622'.
[ 1568.717143][ T5814] usb 1-1: USB disconnect, device number 77
[ 1568.824654][T17053] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 1, id = 0
[ 1570.726838][T17082] netlink: 'syz.4.2635': attribute type 2 has an invalid length.
[ 1571.092013][ T5984] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1571.243487][ T5984] usb 1-1: Using ep0 maxpacket: 8
[ 1571.247355][ T5984] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1571.247409][ T5984] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1571.247434][ T5984] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1571.287784][ T5984] usb 1-1: config 0 descriptor??
[ 1571.540676][ T5984] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1571.715055][ T5984] usb 1-1: USB disconnect, device number 78
[ 1572.992224][T16107] wlan1: Trigger new scan to find an IBSS to join
[ 1573.652268][T17176] dummy0: entered promiscuous mode
[ 1573.669130][T17176] bond0: entered promiscuous mode
[ 1573.669155][T17176] bond_slave_0: entered promiscuous mode
[ 1573.669442][T17176] bond_slave_1: entered promiscuous mode
[ 1573.694542][T17176] hsr1: entered allmulticast mode
[ 1573.694576][T17176] dummy0: entered allmulticast mode
[ 1573.694598][T17176] bond0: entered allmulticast mode
[ 1573.694613][T17176] bond_slave_0: entered allmulticast mode
[ 1573.694632][T17176] bond_slave_1: entered allmulticast mode
[ 1573.888194][T17186] netlink: 56 bytes leftover after parsing attributes in process `syz.8.2683'.
[ 1573.889580][T17186] netlink: 'syz.8.2683': attribute type 33 has an invalid length.
[ 1573.889601][T17186] netlink: 152 bytes leftover after parsing attributes in process `syz.8.2683'.
[ 1573.889634][T17186] `: renamed from team0 (while UP)
[ 1573.972936][ T6289] wlan1: Creating new IBSS network, BSSID 8e:a5:c8:9b:1a:0d
[ 1575.067684][T17219] nbd: illegal input index -99226880
[ 1576.412696][T15408] Bluetooth: hci0: connection err: -111
[ 1576.448663][T17244] netlink: 'syz.5.2709': attribute type 1 has an invalid length.
[ 1576.573964][T17248] batadv_slave_1: entered promiscuous mode
[ 1576.575303][T17248] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2712'.
[ 1576.626237][T17244] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2709'.
[ 1576.653758][T17251] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1576.655263][T17251] bond1: (slave vxcan3): Error -95 calling set_mac_address
[ 1576.743123][T17248] bridge_slave_1: left allmulticast mode
[ 1576.743154][T17248] bridge_slave_1: left promiscuous mode
[ 1576.743435][T17248] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1576.825350][T17248] bridge_slave_0: left allmulticast mode
[ 1576.825383][T17248] bridge_slave_0: left promiscuous mode
[ 1576.828996][T17248] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1577.011095][T15408] Bluetooth: hci7: connection err: -111
[ 1577.170167][T17244] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1577.279780][T17258] bond1: (slave bridge1): Enslaving as an active interface with a down link
[ 1577.567703][T17263] macvlan2: entered promiscuous mode
[ 1577.567730][T17263] macvlan2: entered allmulticast mode
[ 1577.569982][T17263] bond1: entered promiscuous mode
[ 1577.576061][T17263] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1578.504690][T17263] bond1: left promiscuous mode
[ 1578.770965][T17314] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[ 1578.770991][T17314] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 17314, name: syz.0.2740
[ 1578.771012][T17314] preempt_count: 2, expected: 0
[ 1578.771023][T17314] RCU nest depth: 1, expected: 1
[ 1578.771040][T17314] 3 locks held by syz.0.2740/17314:
[ 1578.771054][T17314]  #0: ffff8880492898d8 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x152/0xd40
[ 1578.771131][T17314]  #1: ffffffff8d5ae8c0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run9+0x1ec/0x510
[ 1578.771187][T17314]  #2: ffff8880b893fe88 (&s->lock_key#14){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x1400
[ 1578.771246][T17314] Preemption disabled at:
[ 1578.771252][T17314] [<ffffffff82185b6a>] __slab_alloc+0xea/0x1f0
[ 1578.771288][T17314] CPU: 1 UID: 0 PID: 17314 Comm: syz.0.2740 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1578.771319][T17314] Tainted: [L]=SOFTLOCKUP
[ 1578.771328][T17314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1578.771343][T17314] Call Trace:
[ 1578.771353][T17314]  <TASK>
[ 1578.771362][T17314]  dump_stack_lvl+0x189/0x250
[ 1578.771398][T17314]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1578.771427][T17314]  ? __pfx__printk+0x10/0x10
[ 1578.771455][T17314]  ? print_lock_name+0xde/0x100
[ 1578.771488][T17314]  ? __slab_alloc+0xea/0x1f0
[ 1578.771516][T17314]  __might_resched+0x44b/0x5d0
[ 1578.771545][T17314]  ? __slab_alloc+0xea/0x1f0
[ 1578.771568][T17314]  ? __pfx___might_resched+0x10/0x10
[ 1578.771592][T17314]  ? ___slab_alloc+0x12f/0x1400
[ 1578.771618][T17314]  ? __lock_acquire+0x6b6/0x2cf0
[ 1578.771658][T17314]  rt_spin_lock+0xc7/0x3e0
[ 1578.771691][T17314]  ? __pfx_rt_spin_lock+0x10/0x10
[ 1578.771719][T17314]  ? __lock_acquire+0x6b6/0x2cf0
[ 1578.771752][T17314]  ? __lock_acquire+0x6b6/0x2cf0
[ 1578.771785][T17314]  ___slab_alloc+0x12f/0x1400
[ 1578.771838][T17314]  ? unwind_next_frame+0xa5/0x23d0
[ 1578.771863][T17314]  ? __bpf_stream_push_str+0xa8/0x2b0
[ 1578.771888][T17314]  __slab_alloc+0xc6/0x1f0
[ 1578.771908][T17314]  ? __bpf_stream_push_str+0xa8/0x2b0
[ 1578.771928][T17314]  kmalloc_nolock_noprof+0x1be/0x440
[ 1578.771955][T17314]  ? __bpf_stream_push_str+0xa8/0x2b0
[ 1578.771978][T17314]  __bpf_stream_push_str+0xa8/0x2b0
[ 1578.771997][T17314]  ? __asan_memcpy+0x40/0x70
[ 1578.772024][T17314]  ? __pfx___bpf_stream_push_str+0x10/0x10
[ 1578.772055][T17314]  bpf_stream_stage_printk+0x14e/0x1c0
[ 1578.772074][T17314]  ? __pfx_find_from_stack_cb+0x10/0x10
[ 1578.772098][T17314]  ? arch_bpf_stack_walk+0x112/0x170
[ 1578.772132][T17314]  ? __pfx_bpf_stream_stage_printk+0x10/0x10
[ 1578.772160][T17314]  ? stack_trace_save+0x9c/0xe0
[ 1578.772195][T17314]  bpf_prog_report_may_goto_violation+0xc4/0x190
[ 1578.772218][T17314]  ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10
[ 1578.772240][T17314]  ? irqentry_exit+0x5dd/0x660
[ 1578.772261][T17314]  ? trace_irq_disable+0x37/0x100
[ 1578.772289][T17314]  ? read_tsc+0x9/0x20
[ 1578.772314][T17314]  bpf_check_timed_may_goto+0xaa/0xb0
[ 1578.772338][T17314]  arch_bpf_timed_may_goto+0x21/0x40
[ 1578.772366][T17314]  bpf_prog_6fd842a53d323cc5+0x53/0x5f
[ 1578.772389][T17314]  bpf_trace_run9+0x2de/0x510
[ 1578.772417][T17314]  ? bpf_trace_run9+0x1ec/0x510
[ 1578.772441][T17314]  ? __pfx_bpf_trace_run9+0x10/0x10
[ 1578.772486][T17314]  __bpf_trace_virtio_transport_alloc_pkt+0x2d7/0x340
[ 1578.772525][T17314]  ? __pfx___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10
[ 1578.772558][T17314]  ? __alloc_skb+0x2f1/0x430
[ 1578.772604][T17314]  ? __local_bh_enable+0x28c/0x410
[ 1578.772637][T17314]  virtio_transport_alloc_skb+0x10af/0x1110
[ 1578.772688][T17314]  ? __pfx_virtio_transport_alloc_skb+0x10/0x10
[ 1578.772724][T17314]  ? rt_spin_unlock+0x150/0x200
[ 1578.772757][T17314]  virtio_transport_send_pkt_info+0x694/0x10b0
[ 1578.772809][T17314]  virtio_transport_connect+0xa7/0x100
[ 1578.772848][T17314]  ? __pfx_virtio_transport_connect+0x10/0x10
[ 1578.772881][T17314]  ? __pfx_vsock_auto_bind+0x10/0x10
[ 1578.772915][T17314]  ? vsock_assign_transport+0x672/0x7f0
[ 1578.772951][T17314]  vsock_connect+0xaca/0xd40
[ 1578.772993][T17314]  ? __might_fault+0xb0/0x130
[ 1578.773025][T17314]  ? __pfx_vsock_connect+0x10/0x10
[ 1578.773059][T17314]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1578.773095][T17314]  ? bpf_lsm_socket_connect+0x9/0x20
[ 1578.773127][T17314]  __sys_connect+0x323/0x450
[ 1578.773154][T17314]  ? __pfx___sys_connect+0x10/0x10
[ 1578.773187][T17314]  ? rcu_is_watching+0x15/0xb0
[ 1578.773218][T17314]  __x64_sys_connect+0x7a/0x90
[ 1578.773243][T17314]  do_syscall_64+0xfa/0xf80
[ 1578.773267][T17314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.773290][T17314]  ? clear_bhb_loop+0x60/0xb0
[ 1578.773317][T17314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1578.773338][T17314] RIP: 0033:0x7fbeaef6f749
[ 1578.773358][T17314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1578.773377][T17314] RSP: 002b:00007fbead1d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1578.773400][T17314] RAX: ffffffffffffffda RBX: 00007fbeaf1c5fa0 RCX: 00007fbeaef6f749
[ 1578.773417][T17314] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000003
[ 1578.773432][T17314] RBP: 00007fbeaeff3f91 R08: 0000000000000000 R09: 0000000000000000
[ 1578.773446][T17314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1578.773460][T17314] R13: 00007fbeaf1c6038 R14: 00007fbeaf1c5fa0 R15: 00007ffe40f923e8
[ 1578.773496][T17314]  </TASK>
[ 1579.305420][T17247] batadv_slave_1: left promiscuous mode