last executing test programs:

7m14.920205258s ago: executing program 2 (id=3850):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
socket$inet(0x2, 0x3, 0x4)
socket$inet6(0xa, 0x3, 0x3c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000002000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x5c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'netdevsim0\x00'}]}]}], {0x14}}, 0xa4}}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/time\x00')
open_by_handle_at(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000100", @ANYRES64=r1], 0x0)

7m14.721309066s ago: executing program 2 (id=3851):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="f5ff0000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

7m14.55087564s ago: executing program 2 (id=3852):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
openat$comedi(0xffffff9c, &(0x7f0000000100)='/dev/comedi0\x00', 0x101080, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000005c0)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x99, 0x1000000000000, &(0x7f0000000400)="38e534ef7ee8d254738b67c1000611dabf9a49b28e34be6e2fdb8ea92cc0e63210eec9c342fbc404553bc5c181f5042f96dfc861dd9129980ff02c10fe337e5b880111f7cd6e89db56656ee7d0e85faf77b6ef9c22ea318768cf098c4545492608a874aff3789b0ed51c652d0a28ccdfcdff70943fd0ef72b701c0198ff2d899cfe11fd619dd343d896aa55fd01958d4013f3e25bce31566a4"}) (fail_nth: 3)

7m14.404184374s ago: executing program 2 (id=3853):
prlimit64(0x0, 0x2, &(0x7f0000000000)={0x1000000000000009, 0xffffffffffffffff}, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_opts(r0, 0x84, 0x1b, 0xfffffffffffffffe, &(0x7f0000000280)=0x2f)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000005000/0x2000)=nil)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0)
ioctl$FE_GET_INFO(r1, 0x80a86f3d, &(0x7f00000000c0))
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r2, 0x40106f52, &(0x7f0000000100)={0x3, &(0x7f0000000280)=[{0x42, '\x00', @st={0x4, [{0x2, @uvalue=0x1}, {0x3, @uvalue=0x9e39}, {0x1, @uvalue=0x3}, {0x3, @svalue=0x8}]}, 0xffff000}, {0x40, '\x00', @data=0x5d, 0x400}, {0xd, '\x00', @st={0x4, [{0x3, @svalue=0xffffffffffffffff}, {0x0, @svalue=0xeb66}, {0x3, @uvalue=0x401}, {0x3, @svalue=0x1}]}}, {0x17, '\x00', @st={0x4, [{0x2, @svalue=0x2}, {0x2, @svalue=0x4}, {0x1, @svalue=0x7}, {0x1, @svalue=0x10000}]}, 0x6}, {0xf, '\x00', @buffer={"ecf75e4ddf6ad82fb549482b2c7f6e5558cdc8e011d2d7afab2e2bfcbd3d27e4", 0x20}, 0x5}, {0x28, '\x00', @st={0x4, [{0x0, @uvalue=0x8001}, {0x3, @uvalue=0xf}, {0x0, @svalue=0x7}, {0x3}]}, 0x8}, {0xe, '\x00', @st={0x4, [{0x3, @svalue=0xa}, {0x1}, {0x1, @uvalue=0x6}, {0x3, @uvalue=0x101}]}}]})
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
r4 = signalfd4(r3, &(0x7f0000000180)={[0x3]}, 0x8, 0x80000)
fsetxattr$security_evm(r4, &(0x7f00000000c0), 0x0, 0x0, 0x3)
ioctl$sock_inet6_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000040))
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$FICLONE(r5, 0x40049409, 0xffffffffffffffff)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x136)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="27f575", @ANYRESDEC=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r6, &(0x7f0000000000)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x10, 0x10000000, 0x8001, 0x44, 0x18, 0x8, 0x0, 0x0, 0x40, 0x1}}, 0x50)
syz_fuse_handle_req(r6, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x81899, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3000, 0x6, &(0x7f0000ffd000/0x3000)=nil)
mount(0x0, &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x80000, 0x0)
unshare(0x6020400)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r7, &(0x7f0000006b40)={0x2020}, 0x2020)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shutdown(r0, 0x1)

7m14.040441683s ago: executing program 2 (id=3860):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r0, &(0x7f00000000c0), 0x12)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x41a9c0, 0x0)
r1 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x8, 0x0, 0x0, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100), 0x2c929a41f76d088e, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x100a, 0x5})
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f00000001c0)={0x3})
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f0000000080)={0x0, 0x1, {0x3, 0x3, 0x5, 0x1}, 0x7})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0x40a85323, &(0x7f0000000100)={{0x4}, 'port1\x00', 0x8, 0x20061, 0x1a, 0x2, 0x6, 0x8, 0xd, 0x0, 0x2, 0x2})

7m12.808361431s ago: executing program 2 (id=3881):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x20, 0x2f, 0x9, 0x70bd24, 0x0, {0x4}, [@typed={0xc, 0x17, 0x0, 0x0, @u64}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x80000)
write(r0, &(0x7f0000000080)="2400000058001f000307f4f9002304000a04f55f08000100020100020800038005000000", 0x24)
socket$pppoe(0x18, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002980), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002c00)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x1185418, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x5, &(0x7f0000000040)=[{0x3, 0x7, 0x40, 0x5}, {0xb, 0xa5, 0x6a, 0x3fb6fe9f}, {0x2, 0xc, 0x0, 0x6}, {0x2, 0x6, 0xf7, 0x10000}, {0x321, 0x7, 0x50, 0x2}]})

7m12.610322953s ago: executing program 32 (id=3881):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x20, 0x2f, 0x9, 0x70bd24, 0x0, {0x4}, [@typed={0xc, 0x17, 0x0, 0x0, @u64}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x80000)
write(r0, &(0x7f0000000080)="2400000058001f000307f4f9002304000a04f55f08000100020100020800038005000000", 0x24)
socket$pppoe(0x18, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002980), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000002c00)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1\x00', 0x0, 0x1185418, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000140)={0x5, &(0x7f0000000040)=[{0x3, 0x7, 0x40, 0x5}, {0xb, 0xa5, 0x6a, 0x3fb6fe9f}, {0x2, 0xc, 0x0, 0x6}, {0x2, 0x6, 0xf7, 0x10000}, {0x321, 0x7, 0x50, 0x2}]})

5m24.014899072s ago: executing program 3 (id=4767):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmsg$inet6(r0, &(0x7f0000000880)={&(0x7f0000000000)={0xa, 0x4e20, 0x2, @remote, 0x9}, 0x1c, &(0x7f0000002100)=[{&(0x7f0000000040)="8000e8", 0x3}, {&(0x7f0000000f40)="649f5d074d33a7ec", 0x8}], 0x2}, 0x4004000)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002000008404c05cc090000000000010902240001000090080904000009030003000921fdff080122090009058103"], 0x0)
r2 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000280)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff)
keyctl$revoke(0x3, r2)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x9, {0x9}}}, 0x0)

5m22.381572102s ago: executing program 3 (id=4772):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, 0x0)

5m22.296347627s ago: executing program 3 (id=4775):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000002000/0x4000)=nil, 0x4000}, 0x1})
syz_genetlink_get_family_id$nl80211(&(0x7f00000020c0), 0xffffffffffffffff)
read$FUSE(r1, &(0x7f0000004240)={0x2020}, 0x2020)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x50000, 0x0, 0x73, 0x4, 0x3, 0xcb, 0x2, 0x0, 0x6, 0x6}, {0x7000, 0xeeee0000, 0xe, 0xeb, 0x2, 0x1, 0x0, 0xf, 0x7, 0x0, 0x3}, {0xeeee0000, 0x1000, 0xe, 0x0, 0x7, 0xc4, 0x40, 0x1, 0x45, 0x3, 0x4, 0xf9}, {0x1, 0x0, 0x9, 0x4, 0x81, 0x0, 0x9, 0x0, 0x3, 0x0, 0x9}, {0x0, 0xffff1000, 0x3, 0x4, 0x0, 0x4, 0x0, 0x4, 0x2, 0x34, 0x4}, {0xffff1000, 0x54000, 0x0, 0x78, 0x8, 0x0, 0x2, 0x1c, 0xa3, 0xff, 0x5}, {0xeeee8000, 0x4000, 0xa, 0x4, 0x6d, 0x0, 0x7, 0x1c}, {0x0, 0x6000, 0xd, 0x0, 0xa4, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x5}, {0x25000, 0x3}, {0x3000, 0xfffd}, 0xddf8ffdb, 0x0, 0x0, 0x120, 0x0, 0xbf01, 0xdddd1000, [0x80000001, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe]})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x5, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c35130000", 0x0, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0})
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0x6, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'erspan0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f0000000180)="0b032200eb1025120212475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r4}, 0x14)
ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000200)={0x5, 0xffd4, "004004", 0x5a, 0x60})

5m19.168288675s ago: executing program 3 (id=4797):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@mcast2, @in=@private=0xa010100, 0x4e23, 0x0, 0x4e21, 0x0, 0x2}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9c0, 0x3}, {0xffffbffffffffffc, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@private0, 0x4d3, 0x3c}, 0xa, @in=@multicast2, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x4000000, 0x1}}, 0xe8)
r2 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000180)=[{0x20, 0x84, 0x8, "eeb4fe8ba15e3999ef"}, {0x10, 0x6}], 0x30}, 0x41)
r3 = socket(0x2, 0x80805, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x5, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x4, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x80000000, 0x5, 0x79b, 0x2, 0x1, 0x7d, 0x4, 0x1000a, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x8, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x5, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0xffffff01, 0x8, 0x752, 0x0, 0x1005, 0x5, 0x10001, 0x2, 0xffffffff, 0x6, 0x4, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x800100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x2, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x3, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x300, 0x0, 0x54}, 0x98)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f00000000c0), 0x10)
setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
sendmsg$can_bcm(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="05000000f268000037040000002000ff", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="000000000100000004000060000200007789294c5b15276e"], 0x48}, 0x1, 0x0, 0x0, 0x40488c0}, 0x5014)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)

5m19.090516183s ago: executing program 3 (id=4799):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000200304306000000000000109022400010000000009040000010300000009210000000122020009058103e16a71c9f6597a34aee05b7d9ecfdf7f2f877f68fa78b1b64ec0669ae2b6aede3d1f3e0517884705d53d348ab405cb8e0d254bed151b68a6d34ef31eb6e610a4b9e213de40f7a29fe553786735e809674b7b2e47558102315d3f6929cabfd013fd5fd17c51a7408f0a56e1dba49d3aa21ac3ada67dd504e069e5064bcd3f27f8ac7cb081f0f8f2f677fc83535bb203278979a06af7e926e2acb31f53314b"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x1e, 0x4, 0x0)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000840), r1)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000a80)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x24, r3, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0x101d}]}, 0x24}}, 0x2)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r4 = socket(0x1e, 0x4, 0x0)
syz_usb_connect$printer(0x4, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x51, 0x0, 0x0, 0x0, 0x10, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0xa0, 0x6, "", [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x7, 0x1, 0x2, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7, 0x7, 0x54}}}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x0, 0x6, 0xe7, 0xa, 0x10}, 0x27, &(0x7f0000000380)={0x5, 0xf, 0x27, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0xc, 0x0, 0x7ff}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0xeb, 0x2, 0xd31f}, @wireless={0xb, 0x10, 0x1, 0x8, 0x31, 0xb, 0x72, 0x100, 0x6}]}, 0x4, [{0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x41a}}, {0xc6, &(0x7f0000000540)=@string={0xc6, 0x3, "e967b7aa56c41a41ae27b4f9ab1f01862bdfc0c442d945e2fd640a4a21447295c328053f160fd1e5bfbbf110d0c3e2a82106dee8c20fb02dd178de5a4decb38852cf0edd4ba95869061134450c05743b62ade54a6be3c1a481d534a3dd552554460fd73ca542a210a577f76f8ace3cbde9d78307bed90bdd4e83fe9dc396c6c54fa28c6e68a14e3bcba270f683c1934c789fd60a5ed3caaaa2ec104cc3e14c0639432e0f74603b8a4f58176c4d31d20a3dbe5d8842cf35ed27a47f468a960857d4c22d89"}}, {0x6e, &(0x7f0000000640)=@string={0x6e, 0x3, "9160dee4f445fce5ec1229ec870f046375fb8c390decebe34540fd39eb7e6c6354f7fa95dbc7c26f4f09d6812636ccca34d8db4ef5bd4a4c4ec0a1350381e0dac319db7c8afd979f8b817a58fd41f0468f909afff7ed41ad238b3d75c4c93ed4f4db06cd74a02599eab17fdf"}}, {0x4d, &(0x7f0000000700)=@string={0x4d, 0x3, "68a42f23f42d2b45594c42323dd50683e2b8a2353d16f41ab1841dbbf59239e93fa0fc849b7e956fe2857ed0c00034519ca05c4ec2f94d904fb926c3232d9be2ab5b02d7d496695d6eba44"}}]})
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/246, 0xf6}], 0x1}, 0x20)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
r5 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000240)=0x1, 0x4)
recvmsg$can_raw(r5, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=""/35, 0xfffffffffffffec8}, 0x10142)
close(0x4)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r1)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r8, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
r11 = fcntl$dupfd(r8, 0x406, r10)
setsockopt$inet_mtu(r11, 0x111, 0xa, &(0x7f0000000000), 0x4)
sendmsg$NFC_CMD_START_POLL(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)={0x24, r7, 0x1, 0x123, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xd0}]}, 0x24}}, 0x20004080)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00140d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5m18.805950477s ago: executing program 3 (id=4802):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x59, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='lp', 0x2)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14be0000000201030009ba0c3d8e365d0b36eebe80d60000000000000a000000"], 0x14}, 0x1, 0x0, 0x0, 0x4804}, 0x4008811)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c000280080001400700ffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
close(r2)
umount2(0x0, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, 0x0, 0x0)
r3 = epoll_create1(0x80000)
mmap(&(0x7f00007d6000/0x2000)=nil, 0x2000, 0xa, 0x20013, r3, 0x3d9e3000)
open_by_handle_at(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wg0\x00', <r5=>0x0})
sendmmsg$inet6(r4, &(0x7f0000000880)=[{{&(0x7f0000000200)={0xa, 0x4e24, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0xa}, 0x1c, &(0x7f0000000980)=[{&(0x7f0000000240)="2af537bb7685609c8464265d772e3652f94122b98f2ebcd2a8d74f7e4e437ccaa07dbdc3b8d82a", 0x27}, {&(0x7f0000000900)="9b39244a77756067fd9ffc3e087af89cadd19ff5e57667894e6af7c90e29acb950cc10f133a18de1fed37198c78b86297ea4a9fe01ee81b44b59a3f6fcb0c86f8a6166b262d8e3a820511ee2af1859926524e9ca8fafd82533d1", 0x5a}], 0x2, &(0x7f00000002c0)}}, {{&(0x7f0000000380)={0xa, 0x4e21, 0x3, @remote, 0x80}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000400)="6085aa8d41d3b19a9d0bc7ac12eb611d8de71c98096258c71c8c11ace040b3542da000711f07a96559905210baa3230d0da01fadf92c3d5f8f3d460310369192cc3109c5436a1fcc68f3ba278192761bff44a1229d817316f65f8c8e247ad9c306dea972a6f7b94d98955bdc1fadd3bfc3558b95e5cdee231fe28ed28a06d0a7fdea264ba1d62e045889938d4804583cf9ba1bce1f21b581eb979da956bbb43cb260745f8ecf98010605edde98558c4ead200e85b8c9abe4d989e0da268991eb87d247bff5f48f58823a6df2b2dc0bdd7385354a035b47a1561752f72c034854e1db265972ba4d2147d8db69e92910adaf9213fe5b59d9f4e141aa", 0xfb}], 0x1, &(0x7f0000000600)=[@rthdr={{0x48, 0x29, 0x39, {0x3a, 0x6, 0x9cdc7fba0a19e17, 0x6, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00']}}}, @hoplimit={{0x14, 0x29, 0x34, 0xb2a}}, @dstopts_2292={{0x108, 0x29, 0x4, {0x16, 0x1d, '\x00', [@pad1, @jumbo={0xc2, 0x4, 0x7}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x8, 0xb3, "90ccb5df2cc58104b3f9c8eef6173912b22b01729732941aa3ae9416fb462bc6e60b3d20aa66e7ca77c717bd6cc6826d551f0f73d5394005a0b20b7dcf8bae38eb3201318b578b8306201a038569fa0cfcde46663fced5306ef278c40fd8d045dde4ce63e3f06e4e2656a670a739a25a6c84620e27b31df7f4c8252094cddbe50f4d22e241adf48804176016e3da4b6a7ed8e0d7d113012266f7970d422a8d0d9a563c47aa80e93917146243b521ca64b975a8"}, @pad1, @hao={0xc9, 0x10, @private1}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x3}, @enc_lim={0x4, 0x1, 0x8}, @ra={0x5, 0x2, 0x1}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@rand_addr=' \x01\x00', r5}}}, @hopopts={{0x58, 0x29, 0x36, {0x32, 0x7, '\x00', [@jumbo={0xc2, 0x4, 0xc6}, @calipso={0x7, 0x20, {0x2, 0x6, 0x19, 0x2, [0x7, 0x7, 0xe]}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x1}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}, @hopopts_2292={{0x20, 0x29, 0x36, {0x39, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0xb}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x2}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}}}], 0x248}}], 0x2, 0x0)

5m18.592725297s ago: executing program 33 (id=4802):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000005c0)=0x59, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='lp', 0x2)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14be0000000201030009ba0c3d8e365d0b36eebe80d60000000000000a000000"], 0x14}, 0x1, 0x0, 0x0, 0x4804}, 0x4008811)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c000280080001400700ffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
close(r2)
umount2(0x0, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, 0x0, 0x0)
r3 = epoll_create1(0x80000)
mmap(&(0x7f00007d6000/0x2000)=nil, 0x2000, 0xa, 0x20013, r3, 0x3d9e3000)
open_by_handle_at(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wg0\x00', <r5=>0x0})
sendmmsg$inet6(r4, &(0x7f0000000880)=[{{&(0x7f0000000200)={0xa, 0x4e24, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0xa}, 0x1c, &(0x7f0000000980)=[{&(0x7f0000000240)="2af537bb7685609c8464265d772e3652f94122b98f2ebcd2a8d74f7e4e437ccaa07dbdc3b8d82a", 0x27}, {&(0x7f0000000900)="9b39244a77756067fd9ffc3e087af89cadd19ff5e57667894e6af7c90e29acb950cc10f133a18de1fed37198c78b86297ea4a9fe01ee81b44b59a3f6fcb0c86f8a6166b262d8e3a820511ee2af1859926524e9ca8fafd82533d1", 0x5a}], 0x2, &(0x7f00000002c0)}}, {{&(0x7f0000000380)={0xa, 0x4e21, 0x3, @remote, 0x80}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000400)="6085aa8d41d3b19a9d0bc7ac12eb611d8de71c98096258c71c8c11ace040b3542da000711f07a96559905210baa3230d0da01fadf92c3d5f8f3d460310369192cc3109c5436a1fcc68f3ba278192761bff44a1229d817316f65f8c8e247ad9c306dea972a6f7b94d98955bdc1fadd3bfc3558b95e5cdee231fe28ed28a06d0a7fdea264ba1d62e045889938d4804583cf9ba1bce1f21b581eb979da956bbb43cb260745f8ecf98010605edde98558c4ead200e85b8c9abe4d989e0da268991eb87d247bff5f48f58823a6df2b2dc0bdd7385354a035b47a1561752f72c034854e1db265972ba4d2147d8db69e92910adaf9213fe5b59d9f4e141aa", 0xfb}], 0x1, &(0x7f0000000600)=[@rthdr={{0x48, 0x29, 0x39, {0x3a, 0x6, 0x9cdc7fba0a19e17, 0x6, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00']}}}, @hoplimit={{0x14, 0x29, 0x34, 0xb2a}}, @dstopts_2292={{0x108, 0x29, 0x4, {0x16, 0x1d, '\x00', [@pad1, @jumbo={0xc2, 0x4, 0x7}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x8, 0xb3, "90ccb5df2cc58104b3f9c8eef6173912b22b01729732941aa3ae9416fb462bc6e60b3d20aa66e7ca77c717bd6cc6826d551f0f73d5394005a0b20b7dcf8bae38eb3201318b578b8306201a038569fa0cfcde46663fced5306ef278c40fd8d045dde4ce63e3f06e4e2656a670a739a25a6c84620e27b31df7f4c8252094cddbe50f4d22e241adf48804176016e3da4b6a7ed8e0d7d113012266f7970d422a8d0d9a563c47aa80e93917146243b521ca64b975a8"}, @pad1, @hao={0xc9, 0x10, @private1}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x3}, @enc_lim={0x4, 0x1, 0x8}, @ra={0x5, 0x2, 0x1}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@rand_addr=' \x01\x00', r5}}}, @hopopts={{0x58, 0x29, 0x36, {0x32, 0x7, '\x00', [@jumbo={0xc2, 0x4, 0xc6}, @calipso={0x7, 0x20, {0x2, 0x6, 0x19, 0x2, [0x7, 0x7, 0xe]}}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x1}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}}}, @hopopts_2292={{0x20, 0x29, 0x36, {0x39, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0xb}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x2}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}}}], 0x248}}], 0x2, 0x0)

1m37.281797835s ago: executing program 4 (id=6192):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x34, r1, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x2}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0xd9}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x40}]}, 0x34}}, 0x0)

1m37.22230381s ago: executing program 4 (id=6193):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000140)='securityfs\x00', 0x0, &(0x7f0000000180)='\x00')
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f00000000c0)='./file1\x00')
r0 = gettid()
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x20)
rt_sigtimedwait(&(0x7f0000000000)={[0xfffffffffffffffb]}, &(0x7f0000000bc0), 0x0, 0x8)
socket$netlink(0x10, 0x3, 0xe)
tkill(r0, 0xb)
unlink(&(0x7f0000000000)='./file1\x00')
r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
memfd_secret(0xa51cd372813f45c5)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0x9360, 0x0)

1m37.048110359s ago: executing program 4 (id=6194):
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
timerfd_settime(0xffffffffffffffff, 0x1, &(0x7f0000000140)={{}, {r0, r1+60000000}}, &(0x7f0000000180))
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000640)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU\x82\xe7\x80^\xad\xd2\xf2\xb3=\xf6\xa6\x9b\xfa\xa4\xb4\xe7N\v\xd1*C\x1duf\xa4y\xd8\xba\xde\x8b\x99\x82\x94\xd7\xb9_\xd0_C\x87-\xa8\x8a<E`\xbc_\x9c^q\xc7\x873\xbf\x96,\xe4\xfcD\x96a\x18\xc6l\x8a\x96\x06\xd2\x8a\r\xeca\xa0\x9b\x8f\x14\xfc\x91\xe01\x8c\x8a\nW\xfc0D\x85*\x9a\x94\x13\xc3\x9e\xc0\x8e\x7fP\xa3C\xd5\xec\xe6B\x9d\xa4\xbd\xa4oL:\x96\xfc?\x9c\xd86\x14\x91\xb8\x96\xde=\xe8\tr6t\xe0\x06\xd4\x92\xd3\xf9iHiRZ1\xdbk\xa6\xa2\x95`l\xc9\x91\xef\xb4\xdf\xb8\x88\xd1Y\xe57\xf88\xe0P\xd52\xd8\xdb\xf6\x14V_\xf3{@gX\xf6VQ\xa1i\xaf\xc9/r+\xa4DY\xden\x88\x8a3x\xc7Q', 0x2)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000040)={{r3}, 0x41, 0xf, 0x4})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
write$uinput_user_dev(r4, &(0x7f0000001b40)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x39, 0x3, 0x4000401, 0x8, 0xe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xfffffffd, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x5, 0xfffffff6, 0x0, 0x8, 0x6, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1], [0x3, 0xfffff41a, 0x0, 0x0, 0x4, 0x20000, 0x2000000, 0xedc0, 0x0, 0x5ee, 0x5, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0xfefffff8, 0x2, 0x0, 0x2, 0x400, 0x0, 0x0, 0x8, 0x40000, 0x0, 0xc0800000, 0x100, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0xfffffffe, 0xfffff986], [0x0, 0x8, 0x0, 0x0, 0x5, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x200, 0x2, 0x6, 0x80000000, 0x2, 0x47fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x3, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0xf88], [0xfffffffe, 0x0, 0x4, 0x0, 0xfffefffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x2, 0x803, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffe, 0x3, 0x0, 0x4, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0xffffffff, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r4, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r4, 0x5501)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000100)={'veth0_to_hsr\x00', &(0x7f0000000080)=@ethtool_gstrings={0x1b, 0x7}})
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000011147d852abd70000000000008004b0028"], 0x28}, 0x1, 0x0, 0x0, 0x4050}, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x1, &(0x7f0000000080)=0x100, 0x4)

1m36.509080593s ago: executing program 4 (id=6199):
socket$packet(0x11, 0x3, 0x300) (async)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x81, 0x6, @remote}, 0x14) (async)
bind$packet(r0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x81, 0x6, @remote}, 0x14)
sendmmsg$sock(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@txtime={{0x18, 0x1, 0x3d, 0x4c}}], 0x18}}], 0x1, 0x40500f0) (async)
sendmmsg$sock(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@txtime={{0x18, 0x1, 0x3d, 0x4c}}], 0x18}}], 0x1, 0x40500f0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x4, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x3}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/igmp\x00')
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="01000000b53d10590f178eadd326bed390a5d3152d98516bd367a1485f47c6dffa7b1a4e2690ea6094a07013456ba69fa8491dae530fe1118d2decc53e31cbf83080f3d5f4f7c875838e6b6a0f96c82d", @ANYRES16=r4, @ANYBLOB="0100ffffffff0a2000002e00000008000300", @ANYRES32=r5, @ANYBLOB="0a00340002020202020200000800490005ac0f00"], 0x30}, 0x1, 0x0, 0x0, 0x200008c0}, 0x4004050)
preadv(r2, &(0x7f0000000000)=[{&(0x7f0000001bc0)=""/126, 0x7e}], 0x1, 0x79, 0x1)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x0)
getpgid(0x0) (async)
r6 = getpgid(0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) (async)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) (async)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) (async)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r7 = syz_pidfd_open(r6, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00d8d3122c0002000000020000000800260065616d5f736c6176655f3100"/42], 0x30}, 0x1, 0x0, 0x0, 0x8800}, 0x4000)
mount$tmpfs(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000001c0), 0x800, 0x0)
r8 = pidfd_getfd(r7, r7, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r9, 0x89fa, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @local}, @broadcast, 0x18, 0x12}})
setns(r8, 0x2000000) (async)
setns(r8, 0x2000000)
umount2(&(0x7f0000000040)='.\x00', 0x2)

1m35.813074785s ago: executing program 4 (id=6207):
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x4}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x8a, 0x0, 0x0)
close(r0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/prev\x00')
pipe(&(0x7f0000000000))
socket$inet_udp(0x2, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_crypto(0x10, 0x3, 0x15)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r2], 0xc4}}, 0x0)

1m26.273126727s ago: executing program 4 (id=6291):
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0xf501, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0xb, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x9, 0x5, 0x2})

1m25.715296852s ago: executing program 34 (id=6291):
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0xf501, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0xb, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x9, 0x5, 0x2})

9.186749581s ago: executing program 1 (id=6911):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, &(0x7f0000000200))
r2 = dup(0xffffffffffffffff)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000726000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/7, 0x7, 0x1, &(0x7f0000000080)=""/35, 0x23}, &(0x7f0000000100)=0x40)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)

9.128883559s ago: executing program 6 (id=6912):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a800160020000a000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a70000090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100100040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e05000000214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc00000000010000000001000000", 0xd8}], 0x1}, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r5, 0x0, 0x10000, 0x0, 0x8, 0x2ea473, 0x2eb80c})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r5, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x2fc247})
close_range(r0, 0xffffffffffffffff, 0x0)

8.448051021s ago: executing program 6 (id=6913):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x140a, 0x205cfe77fa614fc7, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x20000024}, 0x80) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 64)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xd4, r2, 0x800, 0x70bd29, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000800)

7.845464735s ago: executing program 1 (id=6914):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000300)={[0xfffffffffffffff9]}, 0x0, 0x8)
setrlimit(0x1, &(0x7f0000000040))
r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x100000, 0x16}])
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x20, r3, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x0)

7.540760185s ago: executing program 6 (id=6915):
r0 = socket(0x1000000000000010, 0x80802, 0x0)
sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5500000010007fd500fe01b2a4a280930a06000000a843089100fe801100080008000c00080000002d000f009b2c136ef75afb83de448daa72540d8102d2c55327c43ab82286ef1fdd20642383656d4d2449155037", 0x55}], 0x1}, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000640)={0x18, r2, 0x0, 0x0, 0x0})

7.381709781s ago: executing program 1 (id=6917):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, 0x0, &(0x7f0000002140))
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="2e00000011008188040f46ecdb4cb9cca7480ef42b", 0x4e}], 0x1, 0x0, 0x0, 0xc9e}, 0x400c0c0)

7.274272484s ago: executing program 6 (id=6918):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x3, 0x0, 0x6}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20040000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, 0x0, 0x4040040)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$GTP_CMD_NEWPDP(r3, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket(0x8, 0x3, 0x1)
syz_usb_connect(0x5, 0x27, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000094}, 0x0)
sendmsg$inet(r4, 0x0, 0x240040c4)
socket$kcm(0x10, 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1}, 0x40080)
recvmmsg(r6, &(0x7f0000007600)=[{{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000000040)=""/48, 0x30}, {&(0x7f00000014c0)=""/255, 0xff}, {0x0}], 0x3}, 0x5}], 0x1, 0x40000122, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r7], 0x7)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)

7.098751819s ago: executing program 1 (id=6919):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRESHEX=0x0], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x40400, 0x0)
r2 = syz_open_procfs$userns(0x0, &(0x7f0000000000))
fchown(r2, 0x0, 0xee00)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r3, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x15, r4})
syz_usb_control_io$printer(r0, 0x0, 0x0)

4.92226261s ago: executing program 5 (id=6926):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x3, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c3513", 0x0, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000})

4.88963095s ago: executing program 5 (id=6927):
r0 = socket$netlink(0x10, 0x3, 0x4)
fcntl$getflags(r0, 0x403)
r1 = syz_open_dev$video4linux(&(0x7f0000000300), 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)

4.180179421s ago: executing program 6 (id=6928):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000101e0400310000220000010902"], 0x0)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @local}, 0x1, 0x0, 0x1, 0x3}}, 0x26)
prlimit64(0x0, 0xe, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00')
r4 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0x0, 0x1000, 0x40002, 0x1e5}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140))
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="37031c00", 0x4, 0x4000800, 0x0, 0x47)
syz_ublk_add_dev(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2e, 0xa, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000400)=@any_dev={0x3, 0x127, 0x0, 0x0, 0x1000, 0x1d6, 0xffffffffffffffff, 0x0, 0xa}}}, 0x0)
syz_ublk_setup_queues(r4, 0x0, &(0x7f0000000200)={0x0, 0xe12b, 0x10700, 0x2, 0xb2, 0x0, r4}, &(0x7f00000006c0)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x4485, 0x4000, 0x401, 0x31c, 0x0, r4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x7682, 0x40, 0x4, 0x302, 0x0, r4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1, 0x0, 0x1, 0x19}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x3a0b, 0x1000, 0x2, 0x40021a}}], 0x4, &(0x7f0000001540)={0x2e, 0x42, 0x0, r3, 0xc0107520, 0x0, 0x0, 0x0, 0x90d51674ee3a23a, {0x6}, 0x0, 0x0, '\x00', {0x103, 0xbce, 0x0, 0x0}}, 0x0)

3.99767674s ago: executing program 1 (id=6929):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000280), 0x4, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32314247, 0x0, 0x0, [{0x1}, {}, {}, {}, {}, {}, {0xbf13, 0x80000001}]}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r1, 0x0)
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x11, &(0x7f0000000100)=0x106, 0x4)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x40, 0x5}, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(0xffffffffffffffff, 0x3ba0, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) (async)
syz_open_dev$vim2m(&(0x7f0000000280), 0x4, 0x2) (async)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x32314247, 0x0, 0x0, [{0x1}, {}, {}, {}, {}, {}, {0xbf13, 0x80000001}]}}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r1, 0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x11, &(0x7f0000000100)=0x106, 0x4) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x40, 0x5}, 0x0, 0x0, 0x0, 0x0}) (async)

2.456262825s ago: executing program 0 (id=6931):
dup(0xffffffffffffffff)
r0 = socket$inet6(0xa, 0x80003, 0x6)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x800000000000, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/warn_count', 0x0, 0x28)
finit_module(r1, 0x0, 0x6)
sendmmsg(r0, 0x0, 0x0, 0x0)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000200)={'8255\x00', [0x100, 0xfffffffd, 0x8001, 0x28, 0x8, 0x2, 0x7, 0x7, 0x101, 0x28bc, 0x0, 0x0, 0x5, 0x8, 0x3, 0x8, 0x2, 0x7, 0x8000000, 0x80000000, 0xffffffef, 0xb, 0x6, 0xffff, 0x3, 0x6, 0x460, 0xff, 0x2, 0x1000, 0x3, 0x4f]})
r3 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1, 0x2000)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r3, 0xc2604110, &(0x7f0000000980)={0x0, [[0x1fe, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x2000002, 0xffffff7d, 0x10001, 0x10000, 0x40000], [0x8002, 0x5, 0x0, 0x1, 0xfffffffd, 0x0, 0x2]], '\x00', [{0x9, 0x610cfd08}, {}, {0x0, 0x1efb660c}, {0x4}, {0x4}, {0x0, 0x3}, {0x8, 0x40}, {}, {}, {}, {0x0, 0x8}, {0x8000}], '\x00', 0x3f9, 0x0, 0x0, 0x0, 0x0, 0x2})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7, 0x80000000, 0x10005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}})
socket$key(0xf, 0x3, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)

2.31907679s ago: executing program 0 (id=6932):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg(r3, &(0x7f0000000400)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @empty}, 0x1, 0x4}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000001c0)="2931690b773dc560183b9deb9dbffc41ddc55fa46f03626bdb2a0449ead1023b5797869879c46892f2c88bcccf371396ba46944449e75d6075e611b57fd1443055ddadbe72ba959c8de0ded77ec1de841a4ac2c549e89727328c43a3d36c63c0a6", 0x61}, {&(0x7f0000000240)="2442f2c442e120b09c5f5433e101dfbebf", 0x11}, {&(0x7f0000000280)="8520e6830efa86f07412b51c587861bd77ea31590aca4c5177718f3157be493db112072cf76e68625166a88dc4a80daa5b3dff5c26613e120ffbbb4d78f35e29b529478c8fd6720e53390fde3c121eb73f6e687885e42bf2a732c9a779e207a858dd0694a2cebc9b29e13843dd8e38d7f076ac63f55a090b886eeb9aa8e92f1e7feae8bb6d6736aef3e734d1c259e5ff5f11f58c1202e64e13a9df5999319ba0fe377873e90f3163a785b8a7357d9bd16a6d15ebe92739fe559fb9b78f7356d688ab114731880414a4b1e14e8fcd92f2fbc82cc3fb9c37b05a0e2fc2f3cb7eeeb4cd3ef00f60277013", 0xe9}], 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="3000000000000000030100000050000037d26c84835041ca7ac75f878c08ad48f21ec94b428412059eb747000000000010000000000000000801000081879133"], 0x40}, 0x8040)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x301, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT={0x44, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x6c}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x201}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x33}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x73}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x87}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x3b}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xb4}, 0x1, 0x0, 0x0, 0x8804}, 0x10)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xc211, 0x1)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'ip6tnl0\x00', @local})
faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000080)={'ip_vti0\x00', &(0x7f00000001c0)=@ethtool_gstrings={0x1b, 0x7, 0x78, "8f3c19bb910191a0ece09380f640d1d3bd76e0938b59ce818a03c694f565aa385c1b16994656f7d9fa4566092f8bd9c4ae387f6519a446f0ef4d1980934656d73f075ecb80983d06a5194144ebf523f71e1f8aab1be193d500dd771a070c6eb7b5e91ba416af3f259f70439eef100eae061340e87b464dca"}})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a300000000050000000060a010400000000000000000500000008000b400000000028000480240001800b00010074756e6e656c0000140002800800e08d2a092dd282ec0240000000090900010073797a30"], 0xc4}}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x80200, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f00000000c0), 0x10)
sendmmsg$inet(r2, &(0x7f0000000100)=[{{0x0, 0xfffffffffffffe79, &(0x7f0000000e80), 0x1}}], 0x1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040221080207000000040000a118000200e020000100000e1208000f0100810401a80016ea1f000840032e5f54c92011148ed08734843c8802033d0803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r9, 0x401054d5, 0x0)
ioctl$TUNSETQUEUE(r9, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
ioctl$TUNSETQUEUE(r9, 0x400454d9, &(0x7f0000000140)={'veth0_macvtap\x00', 0xe00})
r11 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read(r11, &(0x7f00000000c0)=""/177, 0xb1)
read(r11, 0x0, 0x0)

1.852990098s ago: executing program 5 (id=6933):
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000440)={0x0, 0xd8a, "b398abe22632c06ffd913ee5cd6d7e79ff91f64702b20bc9358523cfb4e6be9124511693f3d54e0a376ebff20bcd092e33af52eae7dd7b707574b0a00174636af60a2fbad4bb41dfe924619542f084d63b12d4d064055b6ce767bf7a56eb59a85c48cda890e7d6399e12b64636a7c67fc2df1b40b4924f05c2b9d54971a91e42c0956a550c75c48a7ac6133fd3d56d180257db52d7fdb28cf0b1130686d347b4fbc9b9da93973916629ce723c8325678f257b6acadefbfde9e05d5dd5f8f71251be6fd92deaab066713c88df5235d0d4d315d887fcbc619d94c44ce5d0a822202ec980d74fe6cdfc10ff892f8648f6b7df5020bdb60e5b8dac599bd795dd1a060046e5f525b0bb6416bd8b8be0fb94ae9f71e4e5416574304028a32e38de49ee38451ee1016967b775b6efd95d24a5d2c4aa46365be45667cc91d6d8d6cb0e95e2026304c59f86cf8ab86b4e056d84e094998d1337149a8db7ba64276e6ddaf59918685282bbe9a37f0b767d49b789fd04bc3029aaad5fa81a7b9a31a86fce1a91696df98ce07fab639365f6f7ca6b59045ff6eb68fc00bf3bbb8a2ffe84e08b5af02f93fe57058567e3b244516b55e4c71cd210715c9b496dcf69547afa85fc7abc3a1ada78f3a55dd29c9a62ba7b6ec6e0b377bdfa7733cec8c6b5cc00a04f010cda4db2eed5dd2ba3969885779231d62ad39f84663417f3dcc6737841ec1cc2e76e0f35ee7913e5a44427d0bc3c8da2e3dcf89a760e04a6a22989749af6482423b4bb51f2fd06d0c8c0cf78b5c6b1e779c0e5e433a1b51703a12df379d94446de86ef48ea541f35bf1a09c67b794682a3d46a76a788db295126b169dd6037793f7bb345f883981ef5a03194ede6da878f5f6a048e851f29a3db2b640748ae4e1a4f24fef9b79616d96ea6ffb29e01cae35455d60851f5201434676a5b346264331acaa6a9dbeae39c50cd1f835a1b9d2ec1939959c3eded275e0830aa13b22c94c562f747953a5b24159ffc417948db96fdefad2a7eb65f321b0d4480fc3c043136bfec8285f1f9e2079a8b3918a3a7dd5fb14a657bc58e3fa91d6bcd2c8dfa90056737bd7c96b3daff8fa6cfb9df7378931bfef5cc1719ba81a3b641e257739f76baa34bdc7f412e817bbe456fc95efdabb078b29092ca1cae91789ad5f47b68510fccb22fb2b5a1332875ea30b894679c3dfea4770078d197b0e7e1827a8c6898f91a310b9f98b5dc07acfe8bffa85d25bd19ba28c4c0c223d810dedb1f1fa67061d46b45fbd6187c38500ad90d589450ab0955608428edb244710d4880032de719f45dd7dbad8b6339d5ef3bc8fbf14751de413692a447c4bf3afa78f4330581434f83fd43f864a5a7c0b9a7176f5dbe6f1057f0afb5f555be0fca5b0bb2498f89cf2cd6e249c52813d7afda019cfa1c9ebbed41c1ac8412051e6bc57394d6715d0850ebe2a94084fa88c1b1f3aacda177c3d306ea661d2f79892bcb349cae926e94f19b29eab655e35d32b0a837271633b51a7eab4807e34e7c5e9470d6384a5d9e4d8fbb3661b434090acbac1f4f07d57600c9228e7b14ac696206f29f0276d22b77b75da5bcf8676c236f245d6961336f2836b141c23e51a2a347b0235c1976af16c1f88c81929c8ed78fc398df8b559476215dff77456fb2294f1febdf8498955d74964342f679c0eb53ca24d8985ec17c38002cd43dcd163526b50877a58c4a62d95588447958ac21d50083937085d1d4a326e6d38f09ae0968f632bf82bc69c8ed0789239c5471aecc25ef069e66912022f6f77e2c936e0c113e35b6c4c34797d7255efd513188798762a155690ab7cb3dd80a0749b4a59c74de886f3099bf580d610e7cbd2bba0374a7ca999d3f9813a7fa5c05c49964596fb4da6de703b53b0c788e4fa16f8895023c4d35ea94c31a131efae07f20013598c63d24b63f93f3977dfd8d0bba7b23417a6b331e74c8f88ed1172760afa94e7ae3c4d323047f4ca877e0c33efc96116da6adce0d91293fa98b153b120a3664cb0b2beaef5807c428d7fe329fbb5ae2e1e387881c823c0d5eed67daf2dd5b4365e033bdd2b290cd1cd1b509dbe9cba234cf132e34be4772269a18ac1d8a368840f4a6f4f445f117d0793f620cdf148816c18a826b8c11ca4c16f43c680d61b92ed053d62093c368fccf825bb70183aad50d2f7c08a3047e2a7b6d22bc8c2c016dba682398b98eb40e353cafae0a6e4cb4e43c46df40f0af08c257643bcdf6160e26f059236d6c6ef5f1bf85199b493e5a0baef60ca3f0f7fcb9fda055c0db4d089612be93f2e4aefdbc5f7fdb08e1b3284393df9c791299ddfe9b2c0794e64757dd28fda1b366632179876d0bbde25af7b20ada07d91ffef8f17fc312bb5b2b8243dff82cacdfb9fbe0edc96f1c140111eb5a33c06558d1e6b75313df091d60d581e6fd5a48f9f46b04aa60425f01ca67c24994f142dbc67f5d94f35a7e8c1252582c2da5e4d4086bb31baa48ac61c64bd9d4324989bc1375cff185d2be0963a702a00f1b01ea86608f58ebb528f8b58453a8eb35e10ffc6928a4bf28ce37a95fdd84d4095205ddd4b3c0e67a68ad0102f14ed8a86a8e31dbf508ccb95d13d643e6a3bf024908deb692e5f3b8ac7bc23bfd2c8fc0b48e8e65ed6fec1887a85a7d90c273b9533ac81c5ab64ed1de3a62afaaeb7cc94abe218607c3a93380a45692b0b2c3785bd21ffbec7a5958c2975aee2177c63d3ac60e5d7d7e4b066f17510ed11ff1debd142b77864120339a515e67cf79c98cefc6f2d7f6c06cea7151adc74f1010725358f04fe3445ece5b2c5fda40b40472224088c6822c0a10ecae7bae2c966d99708e843e5f21d2f0f08ffab9002739bfce247e9480ee2eb47e112dd177c3c48a514de4eb730291402ca1eb472f8abd91580e4973c86a4bc8116b5e95b8117b9ec5ae2bce1e3180a9f4716b78730bb89350c52b77ec5fde71b1f1edf6a8e5431e9a815eaa1a5715accde52997ce680e4c141354f4aace4d011a66aa938ed44d22841d8a5ee84827ee9b317d67ad0cca16bed16444897c72dbfee0a81c17cd843557fecc57c2b672b3a2cd583acff69203690adbe15250b5264fd8a581df7b9a33a9a9bcff1d0298e74fae725cbcc82b94cfb410e5742696e10ee75af4798e0cbb719ec3ae37759b74cb257af05b2eac8a84ec36eeeb104bf2b4a2833d033e56b7d88662014def37c7f246a52db9069d46b86f8675bd22338e4c1b113d98f854e59e871f5e814a5d4ac98022182caa8329e223349b3e87e19a5e8d766c2d2ce4068a4d794e1d28adaacadbd320df4d02bd798c2d8962128cfe3607c4c4a5a0b09c675830de9396a88bd2783dc6cbda2fccdaaef62d9c9f2ad3b5318d2b38dd8410379a73e44d958476fad0eafe3b79092e328087b302a771f62545915bec81151d1b9ca6180470f7db88ffe2996af076eec488dac1608f6fd0c779103fdd8ff9dc0c47c06dc7460962a21213a3ad6e3b4fc2380ea96f091b1f8faa2b021f30827fcf97d16b9bc3f8751c709705e0f55757799324cb72e0a91c1922b82ba31ea6075da4e7226944680d8a0f90a5b4c97b917ee7e3e08099f6a7de4354774daae55a5ae4e60db6de56cddfaa83e1b7618543ab915f161fee34cf9c764871293d1cd681d37318e09c553dc7be67b721329f07461213fc7a283899594589ffb74ce6734bfeca8daa35037c8e30c0c4ebde607fc0e6edb1cdc14b279c0049b48a8f65811abf996a302de05674a078bcb6f66edc1e800e3c4f995e95e25865a30fb617cfdd5e4fa6e58251656791be0467a41565e347149277e3e1a9cd75f68b7ead0f11702233f419753b3db6f011dea8ecdb0eef613c6b3c154723c84ca5a177fb91bf6c4d96f6f296f7b7500d12d80eea46405134db5be80e9ef655c48dafd2642bae5646ebe781e5944ce9715c872236220f1238853a731f6ab8e630906f214efd253a3ae601e31881455550a01140793fb40f6bc95a334dc064b5399ffc6fc41cf7e26f3f968cba6200f41666a3a0d5c7a0c3b8c15e282c8f0adf4bfb6bf578e9788ea81361ecb1ef2be0ff73430654929fe2d27487afddc35098a06e58bd3fc3ff06e0456efb2b0c15a7bf19755f0db848a44e5bd8f111c73fe3eb0da5e99bfcf82a98ce2c64fc442871b67944f01173915b0be8b1b97181876c2b5563a518417cbe1326a728206eb4210a3cc166ae7ae9c06650cf944349f06e431c49bb2cfc12a963468a01c08c41f3b34ae01b8129c440f400999e638c1dfde168fe5a230762ddf74ce0cbdfea26f6385df89f4953ef3730084b76f1b55bc5f9b03a171c122e57d2a54d807c810dcaf9d33ede5c9dbf5d49e4550aff3711f08053c041c2f80f4be1d7651e2cc2dcd54c3e7ff2c71b968a063ab27735d77b22ac420ac146dd2445aada2aa2913a1a1970f0af347109685f728993fbe258ce6f3576c0edecafed83c8df2a6606aba3fb1b8125b942836f9066f6645c2ffaa88bef3042b27be43a1b17663b75474f8ffd4ba32fd788a2430b3d9548549d969d6efbb63091d684bf90259892e7bced0fb72cf0404205970263abc4f36974470ab56bbfc650cb2f95a85ad180fc749abd91e600d24029091b93b79f952360566e9a59565a97335007228f9ae51cf0c8f4aebce6d0a36f89eaa9f189c4c3ad89b79cecc3dca6ae5bc3116a2421c0b12e6c4cd6d85827f32a0190943ee263c7a04a596f9b4b396f1c0a0cf440d6ec02b6881e025961aa88034a43273cbf74bd2218a163fb11e31d7572dc75eebc970c82c0ed7e346440e456ef5dcae44d490d49204baae011fe329644a245736cac7c28ad1f0f47b73a2da0bf594d231378266a60dd9a18f1ead63965dfcffd831fbf2f"}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x7, 0x7fffffffffffe, 0x5, 0x4, 0x9, 0x7f, 0x800000000f4a, 0x100000000, 0xbdb], 0xc000, 0x4000})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x2, 0x0, 0x0, 0x0, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @none}, 0x8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.775443002s ago: executing program 0 (id=6934):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f00000000c0)=0x2, 0x4)
setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0) (async)
r2 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x2, 0x0, 0x44})
r3 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) (async)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r3})
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r4)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, &(0x7f0000000000)={0x0, 0x55, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="20000000131401010000000000000000080001"], 0x20}}, 0x24004010)

1.491933186s ago: executing program 5 (id=6935):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x101040, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x55, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x8, 0x0, 0x0, 0x3, 0x4, 0x0, 0x1ff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x9, 0x0, 0x0, 0x2}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x0, 0xfffffffffffffff8, 0x0, 0x0, 0x2404cb, 0x3, 0x100000000000000, 0xfffffffffffffff8, 0x0, 0x2, 0x2000000000003ff, 0x2], 0x0, 0x200306})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x4000000)

1.13372203s ago: executing program 6 (id=6936):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x7, 0x1, 0x801, 0x0, 0x0, {0x3, 0x0, 0x6}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x20040000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r2)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, 0x0, 0x4040040)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$GTP_CMD_NEWPDP(r3, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket(0x8, 0x3, 0x1)
syz_usb_connect(0x5, 0x27, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000094}, 0x0)
sendmsg$inet(r4, 0x0, 0x240040c4)
socket$kcm(0x10, 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1}, 0x40080)
recvmmsg(r6, &(0x7f0000007600)=[{{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000000040)=""/48, 0x30}, {&(0x7f00000014c0)=""/255, 0xff}, {0x0}], 0x3}, 0x5}], 0x1, 0x40000122, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r7], 0x7)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)

874.096288ms ago: executing program 1 (id=6937):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
memfd_create(0x0, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x480)
readahead(r2, 0x8000, 0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f00000002c0)={'wlan1\x00', @random="020000000200"})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[], 0x0)
r3 = syz_open_dev$audion(&(0x7f00000002c0), 0x3, 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
syz_open_dev$hiddev(&(0x7f0000000040), 0x9, 0x68141)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
fremovexattr(r3, &(0x7f00000000c0)=@random={'btrfs.', '/dev/ptmx\x00'})
read$eventfd(r4, &(0x7f0000000080), 0x51)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x4, 0x20, 0x9, "", [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0xfe, {{0x5}, {0x5, 0x24, 0x0, 0xfd}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x9, 0x1, 0x9}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x8, 0x2, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0xd, 0xa, 0x9}}}}}]}}]}}, &(0x7f0000000500)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x200, 0x40, 0x5b, 0x9, 0x40, 0x2}, 0x37, &(0x7f0000000200)={0x5, 0xf, 0x37, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x8, 0xa, 0x37}, @ss_container_id={0x14, 0x10, 0x4, 0x6c, "796329fdad673fb49c5a97f1b830f276"}, @ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x21, 0x2, 0x8, 0xf00f, 0x7fff, [0x30, 0xc000]}]}, 0x5, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x436}}, {0x9f, &(0x7f0000000300)=@string={0x9f, 0x3, "02ad3853c960aac504e33bd8c739820ec9c1e9aa8d02b91d51472affd910530a6753bfcac68a4002b4ae20334d14c1371c9c7bdf6510a871295d87053fc3270ef6ae9929378bff9f7e52544247915aa8287aeb2453ce47dd967966de45aaf7d0a4b619b0a2f7bb847f864e4ec89dd20a871378606f6af1878122d4bafe9d95a2d595d34003a9ebd3421b1d3b47d7f386bf363ed7f6cb5c2c094412ed4a"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x44e}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x1001}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x40d}}]})
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

564.067297ms ago: executing program 5 (id=6938):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x5b)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000007700)=[{0x0, 0x0, &(0x7f0000005f00)=[{&(0x7f0000000080)="9fb2f33703a92a600f2759c4985b6de15f853e64b9b72101c50a36616190f00dac082ce8d3b5bccc7d7672be4576ffb18c57", 0x32}, {&(0x7f00000002c0)="185c04fb5b4be3732e27e55b9ac419bb2ca6039ed21709d1a080b12f91ca434aa9591b16f719125b64ab43f7bba0a5659ed4b23688f561d93d9c67ceeac7dc19f2ef73e9854a758f68c822d0cc0175aecb5eaf45ecc1444a400d458f529f8dda1cf933ed883df3113bdd67dd5c0aeedf94f569c7af5ae0a63a921fe60eebd308060da4529058012608a41fe4c5b72c329eb8eaa8c3b8a564c309501374411af671e615a0b71fe8a96267409c14420b97e9e03eda513c663557358f28511241d22ca48cb426ff02631c139839ab28312e14b2ce613bab6e26", 0xd8}, {&(0x7f0000002180)="0cda9d0dc8643dfa6e00a40dab90f329c321c16058803ed91eef205f9c66a84b3d7de98430ef75b9fbb92209558d59871d80537f3397a549c4b497312f423cab03678fe830ada8ee94a41c2f6be66bf8931fbc23b600b518776e582f93a000e8244e0d67d1322ef26880647593629ef320e786146a70fe9c00552adad42399f123c98b323ff7a6ecefda40a58f221b6f956a455daff670537d7b3b5ea592ece97372a420ef5a3adbac5742ef676555cffd317ae946fde18522637e991bd0eb395d5832826276b59b1ace8caacb123e46e83ba7c2d6891d96552259a3ba2e2fe2dcf6e8bed5c89c7d04f10c08c73278461b889a1ec9729d0ae8aed2a6a4fcf70dae0f1a6b1c2ad2320e59f2d0faf263f1be78452468404e74efcee8fff3ab3bf0f0b9d535d134cdaf7e36e5303ee50b4e752f34fa26e56884fe5786dcaef4ab5cb4a169d4f50a7330d5bc994bed4975dc5df79f92925b0eb715ee69b58ad9c8cb7ed28375dbd8017b23aed0babf84aeadf15136e11d8efeab68da3fa9eb93132b4abc855e2dc775faf74b399d08fb09f48ce7e3465fe5fb44bf06e312460fd44a0060ad8f070912874a978d97c250d5e4a4131809bfc40d7163a1b81c2d03cc23b9c50d94db3671ca0b6cd90d01e3f2bb065ecee14ec126fb87dc13d6ebd958ce9987c882ded0bd0b1f93166bde97960c3ee6e5c852cb32642c5ed1b2435a515f54075ba324d617ef9b41aff8ae491cdcd3663b4d0ad4157bf6c7fe57940343776500933c954e56ef2c0fb692625aebd80432c46d1eb272a800bb9d1b877375349f87700626cb711caafe5ae9f9c18ce407dcd297e8a8d9d46b812ac01e336e82b6fa0468f6d0567cb8bafc14457d028bed3f33dcf619b11f6a430e6d2067cfeb2bdad566d09247fa658ae49437451a31ab9d3cb8f5d2113aaf8f7d68e045a70d5b1bd014f408d38fe9db364ff9b108686abc83648fbc218af6a2c62138c338f932b27bea3cedb676f1c8164c7ecbf7ed0b40da7804dad2711f3547ad319bd5168591910dd9f4ae15d5c782a2f90648ed38dfe577794f233b865bf1bbfdcb81097fe207d5228da6debc6f4d381898294f91cff0a2a0065c395319dacbc89a837a3406e89ec3c07030498271c96ad3492bb20dc26ac5b3e5ac1285b270c0913cc7ceedf19a35bb2f77990dc3644d00b991bc3aa53a79c3d55aca7da4fee6f1cf3af42248efc2bbdae82d5e5224b281242dfafb1f6da94544454ba0baefbf816ef244c2750411c4c9305650744c522cb6441a5fd5fc4c39164651eb679288e3a2cfd3157131c36803e6f648db6ab155210404fbad627002c0e97e5290c028c17d873aee325f3d91374438c65d85a5e6712a4b689398783b991f50317201df92f741a9909e083f7ad5c9bd58d350a93a8f61fd68d7f1f3d4386d1cb9dac8b2cd51494de66fec818cd66dd214f3b40cd2af261d98ecc6992ffe0a7f748b7b3ce5bbe3159f63ccd811d067a62d27dcafbb5589d903e7365feabbf80c5c585da3c2a1e3b37a90a13a83bf053f28f19107569d7baeb4b5436567205cd56bc006bf9f600d9818ddca1190b3719c7a76534802cda2a02f6f53c4d736d1af2bb6e627f6f88a2d8e37b5bcff34705501331c4aab597225092f93b6846dc9ebf36cfbc0c76056cc8b65fbc7bd55c144abd5615414c8a9aca6ac5ad99d3d6f682008f99d20d8d7ff0964a332c67f78a47a66d63e2b4d6ac76dca2879eeb0a28847347ded74d29c0521cf642bc035feaa35c5a947fac3a3dee54994da50b484583ac1b4955048eb7cce7dccf9c66422495209d37abb35bc06d14bfea8a216cd1098352b7844cce1d8988229b450a5f0d395c10a4733d2c623ef1768a7aa83f09deddb587784d1da1b6a11c02a0dff91c08efe5263ebb0d9c298f209f05ebe466131e4ef5c885f1d5eb589d8d00c45dccb23a4d89ee8eef1dc89ba7dd06dca068b76453fedcb7d02a889cd331334077f5321f521b97121ab98eff8fd69a1ab46f60772f3ad8773286016a4654ee5fb07d6ae58b9fc7a581c9072c5dfbf9d181f3ee9aabb52244fbcccf4956e15b4856bceba45bb7bc24dd3d31f770de9770cca195f692657ac1d922d3c71dbed421e07f3fc9386aaa3b9edfbda1d1b9d420786ea11c74e8ce9c997b850170cfdde37aacd34a4720ab7554de62930edcebab0e274da133195f7426faa38308890e0e74f936e1eda12e96e184a6c31fb644d6ff6214597a19d3e757c57c2f757e27d744049703d849306e5cf43f35c0495637b1c4a9a57b01fb534fdc031847395c7cc905a54e6f0c10cae7cb54b7c2208ce17c550579ee1be5acc03914056938fa1d47034b253f4fa4355560590c02d1ecf2c14dcac7e99e45b55d4252890338028a7eb6fe79979494b0221dc165a0acd6f42d07296b517585d87f1356d3cd670720eb49ab53df2bd1fc6f0eb3c485a464c86359784a16cb1744c7a610ad5330c1de861cb4c7bb3d1b01f439c5dcf285f5a0b09fa5ff8544e0af9867861d6e4d9f3044b32bf721c635593753d64aaf1aa3a4da0cbd52d4293e28e55564acd63b34d32545cdbb0515de36209dd7561a97740827096c7eb0b4fe48574391ad05cbb994c1a2ce7efde9b60e25462a056d2a89602cd7b0a25d2d5dbf2619dc0bf56cbfa85c46e536dd16b55713acf0b302c16ab94dd29907f5e358eee871537743173aebfeb5b1162e5159020f0f3a8a9fe3d1291725d0f0acb79cc1d70c11651eb3b1d60eca2dafee1849435186c173180913e6f081d53d7f602a96961d765ee2a16134b0df4166f5400474e647af0eb0d443a79992bdff42abe3b226f79b9705b8e4dccda568da65bded21fe46a5a083ed5b864df693e40293a45d87f5940c21e0e5b61e2b85219f5cea62789f83e409582f2124335dc7ac540b3115f6ad3d3c0a62fa61b5b1090a804e1b56174cd58b6dbbf184cb4c60207fd7b7590454e504eec9548766c2a4e95af09d2804e56356e9fc220362bf3367cc865f79aa47aad53b0e041cf011f7d2f8a2a28d88bcead8d107cddfa9e828503c9adc41b73ff93c00dfefb284b476b9248a3a638f34633d87fe3a4e030f2b3ff248a0d78b2ea008b7bb153dbe29a949dd25e9c61631d1be74eb63aab87f98b1e97b992f549f08bc7485dcfc95c03449802b1261eac5488f6f92ed89c6593f82daecc4adfa5d0837aae19aaad4b7ed4ee6e139127ff3ae68e2bbb61a886d4268ab633a7450dfa8d88677ca4d3c602b789753d66b495b34a8f8d502cd4796d69715256975cf73515b00890a6acf872ce38e507a3fc9bb22d190d2c653da0fc7c421d515b166c490165d4c321e4993079d3b71cbe12ed1577b0a9f79f42d5647e9ca0a9904be2243b0f61a30e52f59e1099d15bda35ff4f6b588efe800ca52e62101118807f23593261db43d139d54ed3e2e62cb7a191d4a90a01906e92ef3753ba76ce17e052c4a3ee72cbfdd0c720d14e6006de6f1909bda8227d7fcee5076d6978c4c03a212273e7e1d47aa9fff4cbf67308f461007a1da272dc3af85adc627927f0383b562085fba5b81933aec8790dbecfbc3e884ecfc18c408b07bc564a4dbb8b84523e512522ab8ca8048385b6ab1feb4b135d3f7b1fc7d685c1279df8ba33de9e3e1984de61a2d95e20ebe8c269b8a1bb124de2435aea812ad18cec9d8c7307761db60b0ebc67d907bbca46585b153c35c5707488d61d39a28a22d95ab4198f9c1752b034850b0ada5894ee5a4d42c733898922babd0174e6442e6f63504ce2bb4508d30f12883419db1c36d766f1c77af44c7c100e21f38f8500d755d15e5bbcfdf0e12396a04906dabc3ecd03c4494f6637883242b1920229c4fd9d9ab358a183e9c65c6e89644d80ee6237f794a19d4c09cfb08363becf192b84f894a438246861943b2ba06e048640c56eab1dce282b8189f904df49994a2661c79d98cb476f2889da4a73e01b6ea251f31cac58ece86f5a3873d8e6372ffd0ea44d64b1e09504e806c37d96a0e2c56b36fb6b59fd4b92a17bd88f7b75c3b4e3157036038060e3d15cf273942e765061db0ba0042f76579d993977c9828d90f0d10e8ebc8243c0fefdef53c10d698cd963cff2804431cb9c40c2d538df53c6fe60aca3da242abe9fd3c24ea821deb6fda84957f0df56f735ec1c3fed72bad89978f5b74ddde73e4de1e5d142d728b579ab0dee1c6da9136792cc8d408cdc3f3bda6dac5594318b729894e5c0e5f8c7d5976ef58e8da0d3551eeb6c0970f2af507349101420c1a53c318bc634f8a467fe67dec05cdab53d0b9f3dbb0e00f4bd9480e57935ae7bef24786bd0dc1a616bf8af28a4763b6078e632fdc8f2", 0xc16}], 0x3, 0x0, 0x0, 0x40000}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

445.303117ms ago: executing program 5 (id=6939):
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = fsopen(&(0x7f00000000c0)='autofs\x00', 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
setsockopt$sock_linger(r2, 0x1, 0x3d, &(0x7f00000000c0)={0xfffffffc, 0x2000008}, 0x8)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='\x00\x00', 0x0, r0)
write$tun(r0, &(0x7f0000000380)=ANY=[], 0xfdef)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000000200)={&(0x7f00000001c0)=[{0x50, 0x8001, 0x0, 0x0}], 0x1})
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r1, 0x0, 0x2)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r5, r5)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000740)={0x2, 0x4e20, @multicast2}, 0x10)
setpgid(0x0, r5)
fchdir(r4)
chdir(&(0x7f0000000080)='./file0\x00')

292.260313ms ago: executing program 0 (id=6940):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000001c0), 0xc4482, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000fe8000000000000000000000000000aae00000020000000000", @ANYRES32=r1, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001bd8ba659000000000000000000000000ac14147c9e77bded5391f67bd1346713354e4a2b6a0351709fdfc856a25fc52d75e04090d907000000b3f6f5bcbf480f0119d4176695eae357be793735e6"], 0xec}}, 0x0)
openat$cgroup_freezer_state(r0, &(0x7f0000000240), 0x2, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup/syz1\x00', 0x200002, 0x0)
fchdir(r2)
r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x2, 0x0, 0x0, 0xfe, "0062baad630400"})
r4 = syz_open_pts(r3, 0x80)
r5 = dup3(r4, r3, 0x80000)
read(r5, &(0x7f00000000c0)=""/226, 0xe2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000140)='adfs\x00', 0x80c402, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'tunl0\x00', <r8=>0x0})
sendto$packet(r7, &(0x7f00000002c0)="0503", 0x2, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r8, 0x1, 0x0, 0x6, @broadcast}, 0x14)
close(r6)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
r10 = dup(r9)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r10, 0x84, 0x72, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r10, 0x84, 0x1f, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x7, 0x7}, &(0x7f00000003c0)=0x90)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32], 0x30}}, 0x44151)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(0xffffffffffffffff, 0x0)

149.883244ms ago: executing program 0 (id=6941):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0)
fadvise64(r2, 0x9154, 0x8, 0x4) (async, rerun: 64)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (rerun: 64)
ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, 0x0) (async)
fsopen(&(0x7f0000000180)='vfat\x00', 0x0) (async)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1d) (async)
ioctl$CEC_ADAP_S_PHYS_ADDR(r1, 0x40026102, &(0x7f0000000000)=0xff8c) (async, rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)

0s ago: executing program 0 (id=6942):
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000bcb7f620e90f01d55023010203010902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0xae00)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000340)={0x1, 0x2, 0x5, {0x4, 0x2, 0x7, 0x7}})
syz_usb_connect$midi(0x0, 0x46, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x582, 0x156, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x34, 0x1, 0x1, 0x0, 0x80, 0x0, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x20, 0x4, [@ms_header={0x7, 0x24, 0x1, 0xd, 0x7}, @ms_header={0x7, 0x24, 0x1, 0x10, 0x7}], [{{0x9, 0x5, 0x3, 0x0, 0x8, 0xd, 0x1, 0xf7, {0xb, 0x25, 0x1, 0x7, "d45583cf479b49"}}}]}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x6, 0x3, 0xb, 0x10, 0x5}, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}, 0x7, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x80c}}, {0xbf, &(0x7f0000000280)=@string={0xbf, 0x3, "0d4f62b680165e2a389cd98eaf172c833b56db1bf130dec4119e4929f6f5f0fdb05c7c89336a38a4404ac724d7a08562fda54c605a8fd3e020e2c1ea4c16fbfd15d0650fa54d7d05a8ef52ad7a76a7ef791929a8c15fdc277d6715b2a9b83c0f2f546f861a66adcd6308039f010d6c8f11b116a52b57af8d85bb0c03f8cef8e8b6d73c53e0940f246fc742dbebc3866622f1974a7ae153677c567aa3bd89635f7158d64f51eccfbfb34b697aa5f030a76309046fcc766fb3d9385fbd96"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x44a}}, {0xc, &(0x7f0000000380)=@string={0xc, 0x3, "9c5fc9ee3ed0d02503c4"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x44e}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x810}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x445}}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000001c40)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000580)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x70, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x70}}, 0x0)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/79, 0x4f}], 0x1}, 0x40)
sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x1, 0x6, 0x301, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20008800)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000002fc0)=[{0x73, 0x3000, 0x4f, &(0x7f0000001e00)="9493a7233113093eec73af54be09820c14b172117bba4a2e1a565415007d09d6a57ebc0198f2f3bd46f3b2d88f7f43a64eccb888813a49a8e599d3a52975bdd7edfb87b651beac657fae41721cc985"}], 0x1})

kernel console output (not intermixed with test programs):

24021]  ? percpu_ref_get_many+0x19/0x140
[  960.580673][T24021]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  960.580695][T24021]  ? rcu_is_watching+0x15/0xb0
[  960.580717][T24021]  ? memcpy_and_pad+0x48/0x80
[  960.580742][T24021]  __vmalloc_node_noprof+0xc2/0x100
[  960.580761][T24021]  ? copy_process+0x837/0x43d0
[  960.580780][T24021]  ? copy_process+0x837/0x43d0
[  960.580804][T24021]  dup_task_struct+0x298/0x860
[  960.580825][T24021]  ? rt_spin_unlock+0x160/0x200
[  960.580846][T24021]  copy_process+0x837/0x43d0
[  960.580894][T24021]  ? __pfx_copy_process+0x10/0x10
[  960.580928][T24021]  vhost_task_create+0x1f9/0x380
[  960.580947][T24021]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  960.580969][T24021]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  960.580993][T24021]  ? __pfx_vhost_task_create+0x10/0x10
[  960.581018][T24021]  ? __pfx_vhost_task_fn+0x10/0x10
[  960.581040][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.581063][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.581086][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.581109][T24021]  ? mutex_lock_nested+0x152/0x1d0
[  960.581126][T24021]  ? kvm_mmu_post_init_vm+0x8f/0x2d0
[  960.581154][T24021]  kvm_mmu_post_init_vm+0x147/0x2d0
[  960.581180][T24021]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  960.581211][T24021]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  960.581232][T24021]  ? do_raw_spin_lock+0x12b/0x2f0
[  960.581259][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.581281][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.581303][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.581325][T24021]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  960.581350][T24021]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  960.581370][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.581392][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.581414][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.581436][T24021]  ? rt_write_unlock+0x190/0x230
[  960.581458][T24021]  kvm_vcpu_ioctl+0xa65/0xfe0
[  960.581493][T24021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  960.581532][T24021]  ? __fget_files+0x2a/0x420
[  960.581554][T24021]  ? __fget_files+0x2a/0x420
[  960.581571][T24021]  ? __fget_files+0x3a6/0x420
[  960.581588][T24021]  ? __fget_files+0x2a/0x420
[  960.581609][T24021]  ? bpf_lsm_file_ioctl+0x9/0x20
[  960.581632][T24021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  960.581654][T24021]  __se_sys_ioctl+0xff/0x170
[  960.581677][T24021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.581695][T24021]  do_syscall_64+0x174/0x580
[  960.581717][T24021]  ? trace_irq_disable+0x3b/0x140
[  960.581736][T24021]  ? clear_bhb_loop+0x40/0x90
[  960.581756][T24021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.581772][T24021] RIP: 0033:0x7fc2748bce59
[  960.581788][T24021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  960.581802][T24021] RSP: 002b:00007fc272af5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  960.581820][T24021] RAX: ffffffffffffffda RBX: 00007fc274b36090 RCX: 00007fc2748bce59
[  960.581832][T24021] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  960.581842][T24021] RBP: 00007fc272af5090 R08: 0000000000000000 R09: 0000000000000000
[  960.581852][T24021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  960.581862][T24021] R13: 00007fc274b36128 R14: 00007fc274b36090 R15: 00007fffea937188
[  960.581889][T24021]  </TASK>
[  960.581975][T24021] syz.5.6657: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  960.582028][T24021] CPU: 0 UID: 0 PID: 24021 Comm: syz.5.6657 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  960.582050][T24021] Tainted: [L]=SOFTLOCKUP
[  960.582056][T24021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  960.582065][T24021] Call Trace:
[  960.582072][T24021]  <TASK>
[  960.582078][T24021]  dump_stack_lvl+0xe8/0x150
[  960.582099][T24021]  warn_alloc+0x24c/0x270
[  960.582119][T24021]  ? kasan_quarantine_put+0xbb/0x1f0
[  960.582140][T24021]  ? __pfx_warn_alloc+0x10/0x10
[  960.582161][T24021]  ? __get_vm_area_node+0x211/0x300
[  960.582177][T24021]  ? __get_vm_area_node+0x13f/0x300
[  960.582195][T24021]  ? copy_process+0x837/0x43d0
[  960.582218][T24021]  ? __get_vm_area_node+0x211/0x300
[  960.582241][T24021]  __vmalloc_node_range_noprof+0x38f/0x1750
[  960.582259][T24021]  ? percpu_ref_get_many+0x19/0x140
[  960.582305][T24021]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  960.582327][T24021]  ? rcu_is_watching+0x15/0xb0
[  960.582349][T24021]  ? memcpy_and_pad+0x48/0x80
[  960.582375][T24021]  __vmalloc_node_noprof+0xc2/0x100
[  960.582393][T24021]  ? copy_process+0x837/0x43d0
[  960.582413][T24021]  ? copy_process+0x837/0x43d0
[  960.582438][T24021]  dup_task_struct+0x298/0x860
[  960.582459][T24021]  ? rt_spin_unlock+0x160/0x200
[  960.582489][T24021]  copy_process+0x837/0x43d0
[  960.582537][T24021]  ? __pfx_copy_process+0x10/0x10
[  960.582570][T24021]  vhost_task_create+0x1f9/0x380
[  960.582588][T24021]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  960.582611][T24021]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  960.582640][T24021]  ? __pfx_vhost_task_create+0x10/0x10
[  960.582664][T24021]  ? __pfx_vhost_task_fn+0x10/0x10
[  960.582686][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.582708][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.582730][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.582752][T24021]  ? mutex_lock_nested+0x152/0x1d0
[  960.582769][T24021]  ? kvm_mmu_post_init_vm+0x8f/0x2d0
[  960.582797][T24021]  kvm_mmu_post_init_vm+0x147/0x2d0
[  960.582823][T24021]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  960.582853][T24021]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  960.582874][T24021]  ? do_raw_spin_lock+0x12b/0x2f0
[  960.582900][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.582923][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.582945][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.582968][T24021]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  960.582992][T24021]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  960.583012][T24021]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  960.583034][T24021]  ? lockdep_hardirqs_on+0x7a/0x110
[  960.583055][T24021]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  960.583078][T24021]  ? rt_write_unlock+0x190/0x230
[  960.583099][T24021]  kvm_vcpu_ioctl+0xa65/0xfe0
[  960.583127][T24021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  960.583166][T24021]  ? __fget_files+0x2a/0x420
[  960.583187][T24021]  ? __fget_files+0x2a/0x420
[  960.583204][T24021]  ? __fget_files+0x3a6/0x420
[  960.583221][T24021]  ? __fget_files+0x2a/0x420
[  960.583242][T24021]  ? bpf_lsm_file_ioctl+0x9/0x20
[  960.583265][T24021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  960.583287][T24021]  __se_sys_ioctl+0xff/0x170
[  960.583309][T24021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.583327][T24021]  do_syscall_64+0x174/0x580
[  960.583348][T24021]  ? trace_irq_disable+0x3b/0x140
[  960.583366][T24021]  ? clear_bhb_loop+0x40/0x90
[  960.583386][T24021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.583402][T24021] RIP: 0033:0x7fc2748bce59
[  960.583416][T24021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  960.583430][T24021] RSP: 002b:00007fc272af5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  960.583446][T24021] RAX: ffffffffffffffda RBX: 00007fc274b36090 RCX: 00007fc2748bce59
[  960.583458][T24021] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  960.583477][T24021] RBP: 00007fc272af5090 R08: 0000000000000000 R09: 0000000000000000
[  960.583487][T24021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  960.583507][T24021] R13: 00007fc274b36128 R14: 00007fc274b36090 R15: 00007fffea937188
[  960.583548][T24021]  </TASK>
[  960.583555][T24021] Mem-Info:
[  960.583565][T24021] active_anon:23220 inactive_anon:1 isolated_anon:0
[  960.583565][T24021]  active_file:0 inactive_file:57793 isolated_file:0
[  960.583565][T24021]  unevictable:768 dirty:73 writeback:0
[  960.583565][T24021]  slab_reclaimable:7650 slab_unreclaimable:105858
[  960.583565][T24021]  mapped:26010 shmem:17740 pagetables:1380
[  960.583565][T24021]  sec_pagetables:0 bounce:0
[  960.583565][T24021]  kernel_misc_reclaimable:0
[  960.583565][T24021]  free:1292354 free_pcp:1329 free_cma:0
[  960.583608][T24021] Node 0 active_anon:92880kB inactive_anon:4kB active_file:0kB inactive_file:230832kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:104040kB dirty:288kB writeback:0kB shmem:69424kB kernel_stack:15256kB pagetables:5384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  960.583648][T24021] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:340kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  960.583686][T24021] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  960.583733][T24021] lowmem_reserve[]: 0 2492 2492 2492 2492
[  960.583759][T24021] Node 0 DMA32 free:1223516kB boost:0kB min:3912kB low:6436kB high:8960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:92880kB inactive_anon:4kB active_file:0kB inactive_file:230832kB unevictable:1536kB writepending:288kB zspages:0kB present:3129332kB managed:2551952kB mlocked:0kB bounce:0kB free_pcp:5308kB local_pcp:1460kB free_cma:0kB
[  960.583808][T24021] lowmem_reserve[]: 0 0 0 0 0
[  960.583833][T24021] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:856kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB
[  960.583877][T24021] lowmem_reserve[]: 0 0 0 0 0
[  960.583902][T24021] Node 1 Normal free:3930540kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:340kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  960.583949][T24021] lowmem_reserve[]: 0 0 0 0 0
[  960.583974][T24021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  960.584066][T24021] Node 0 DMA32: 1608*4kB (UME) 461*8kB (UME) 189*16kB (UME) 22*32kB (UME) 25*64kB (UME) 126*128kB (UME) 142*256kB (UME) 83*512kB (UME) 41*1024kB (UME) 17*2048kB (UME) 253*4096kB (UM) = 1223512kB
[  960.584186][T24021] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  960.584262][T24021] Node 1 Normal: 3*4kB (UM) 4*8kB (U) 6*16kB (U) 11*32kB (UM) 9*64kB (UM) 5*128kB (UM) 3*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 2*2048kB (M) 957*4096kB (M) = 3930540kB
[  960.584380][T24021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  960.584394][T24021] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  960.584407][T24021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  960.584420][T24021] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  960.584433][T24021] 75530 total pagecache pages
[  960.584439][T24021] 1 pages in swap cache
[  960.584446][T24021] Free swap  = 124992kB
[  960.584452][T24021] Total swap = 124996kB
[  960.584458][T24021] 2097051 pages RAM
[  960.584472][T24021] 0 pages HighMem/MovableOnly
[  960.584478][T24021] 427235 pages reserved
[  960.584484][T24021] 0 pages cma reserved
[  960.710163][ T5782] usb 1-1: Using ep0 maxpacket: 32
[  960.712695][ T5782] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  960.712719][ T5782] usb 1-1: config 0 has no interface number 0
[  960.712761][ T5782] usb 1-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  960.712782][ T5782] usb 1-1: config 0 interface 1 has no altsetting 0
[  960.724113][ T5782] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  960.724143][ T5782] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.724164][ T5782] usb 1-1: Product: syz
[  960.724178][ T5782] usb 1-1: Manufacturer: syz
[  960.724193][ T5782] usb 1-1: SerialNumber: syz
[  960.735428][ T5782] usb 1-1: config 0 descriptor??
[  960.985373][T12318] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  960.997950][ T5782] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  961.003763][ T5782] cx231xx 1-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4)
[  961.191285][ T5782] cx231xx 1-1:0.1: cx231xx_send_gpio_cmd: failed with status --110
[  961.205289][ T5782] cx231xx 1-1:0.1: cx231xx_send_gpio_cmd: failed with status --32
[  961.212249][ T5782] cx231xx 1-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  961.213555][ T5782] cx231xx 1-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  961.213910][   T60] Bluetooth: hci3: command tx timeout
[  961.213964][ T5782] cx231xx 1-1:0.1: cx231xx_send_gpio_cmd: failed with status --71
[  961.213984][ T5782] cx231xx 1-1:0.1: Failed to set devmode to analog: error: -71
[  961.592110][ T5782] i2c i2c-3: Added multiplexed i2c bus 5
[  961.639750][ T5782] i2c i2c-3: Added multiplexed i2c bus 6
[  961.640397][ T5782] cx231xx 1-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]!
[  961.640443][ T5782] cx231xx 1-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]!
[  962.021876][ T5782] cx231xx 1-1:0.1: probe with driver cx231xx failed with error -71
[  962.053537][ T5782] usb 1-1: USB disconnect, device number 117
[  962.149366][   T38] audit: type=1326 audit(1780433717.706:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24027 comm="syz.0.6660" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6a20e0ce59 code=0x0
[  962.788617][T12318] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  963.232167][T24071] FAULT_INJECTION: forcing a failure.
[  963.232167][T24071] name failslab, interval 1, probability 0, space 0, times 0
[  963.232192][T24071] CPU: 1 UID: 0 PID: 24071 Comm: syz.5.6676 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  963.232207][T24071] Tainted: [L]=SOFTLOCKUP
[  963.232212][T24071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  963.232219][T24071] Call Trace:
[  963.232224][T24071]  <TASK>
[  963.232229][T24071]  dump_stack_lvl+0xe8/0x150
[  963.232246][T24071]  should_fail_ex+0x46b/0x600
[  963.232266][T24071]  should_failslab+0xa8/0x100
[  963.232281][T24071]  __kmalloc_cache_noprof+0x84/0x690
[  963.232295][T24071]  ? xfrm_policy_inexact_insert_node+0xaab/0xbc0
[  963.232313][T24071]  xfrm_policy_inexact_insert_node+0xaab/0xbc0
[  963.232327][T24071]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  963.232339][T24071]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  963.232358][T24071]  xfrm_policy_inexact_alloc_chain+0x7d3/0xeb0
[  963.232374][T24071]  ? xfrm_policy_inexact_insert+0xc9/0x180
[  963.232389][T24071]  xfrm_policy_inexact_insert+0xc9/0x180
[  963.232402][T24071]  xfrm_policy_insert+0x12f/0x960
[  963.232413][T24071]  ? xfrm_policy_insert+0x9f/0x960
[  963.232428][T24071]  xfrm_add_policy+0x2e3/0x6c0
[  963.232444][T24071]  ? __pfx_xfrm_add_policy+0x10/0x10
[  963.232455][T24071]  ? apparmor_capable+0x126/0x170
[  963.232473][T24071]  ? __nla_parse+0x40/0x60
[  963.232486][T24071]  xfrm_user_rcv_msg+0x7ae/0xc40
[  963.232501][T24071]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  963.232533][T24071]  ? __lock_acquire+0x6b5/0x2d10
[  963.232550][T24071]  ? netlink_deliver_tap+0x19c/0x1b0
[  963.232564][T24071]  ? netlink_unicast+0x754/0x920
[  963.232577][T24071]  ? netlink_sendmsg+0x813/0xb40
[  963.232587][T24071]  ? sock_sendmsg_nosec+0x13a/0x180
[  963.232601][T24071]  ? ____sys_sendmsg+0x55c/0x870
[  963.232616][T24071]  ? ___sys_sendmsg+0x2a5/0x360
[  963.232630][T24071]  ? __x64_sys_sendmsg+0x1c3/0x2a0
[  963.232649][T24071]  netlink_rcv_skb+0x232/0x4b0
[  963.232665][T24071]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  963.232679][T24071]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  963.232701][T24071]  ? lockdep_hardirqs_on+0x7a/0x110
[  963.232718][T24071]  ? mutex_lock_nested+0x152/0x1d0
[  963.232730][T24071]  ? xfrm_netlink_rcv+0x6a/0x90
[  963.232744][T24071]  xfrm_netlink_rcv+0x79/0x90
[  963.232755][T24071]  netlink_unicast+0x780/0x920
[  963.232776][T24071]  netlink_sendmsg+0x813/0xb40
[  963.232792][T24071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  963.232804][T24071]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  963.232820][T24071]  ? aa_sock_msg_perm+0x122/0x200
[  963.232832][T24071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  963.232842][T24071]  sock_sendmsg_nosec+0x13a/0x180
[  963.232856][T24071]  ____sys_sendmsg+0x55c/0x870
[  963.232875][T24071]  ? __pfx_____sys_sendmsg+0x10/0x10
[  963.232897][T24071]  ? import_iovec+0x73/0xa0
[  963.232911][T24071]  ___sys_sendmsg+0x2a5/0x360
[  963.232926][T24071]  ? __lock_acquire+0x6b5/0x2d10
[  963.232941][T24071]  ? __pfx____sys_sendmsg+0x10/0x10
[  963.233000][T24071]  ? __fget_files+0x2a/0x420
[  963.233023][T24071]  ? __fget_files+0x3a6/0x420
[  963.233055][T24071]  __x64_sys_sendmsg+0x1c3/0x2a0
[  963.233078][T24071]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  963.233112][T24071]  ? __pfx_ksys_write+0x10/0x10
[  963.233132][T24071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.233144][T24071]  do_syscall_64+0x174/0x580
[  963.233159][T24071]  ? trace_irq_disable+0x3b/0x140
[  963.233171][T24071]  ? clear_bhb_loop+0x40/0x90
[  963.233184][T24071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.233195][T24071] RIP: 0033:0x7fc2748bce59
[  963.233206][T24071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  963.233215][T24071] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  963.233228][T24071] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  963.233236][T24071] RDX: 0000000020040014 RSI: 0000200000000100 RDI: 0000000000000003
[  963.233243][T24071] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  963.233249][T24071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  963.233256][T24071] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  963.233274][T24071]  </TASK>
[  963.279019][   T60] Bluetooth: hci3: command tx timeout
[  963.705078][T12318] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.188792][T24092] misc userio: Invalid payload size
[  964.208572][T12318] netdevsim netdevsim1  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.419927][T24094] FAULT_INJECTION: forcing a failure.
[  964.419927][T24094] name failslab, interval 1, probability 0, space 0, times 0
[  964.419959][T24094] CPU: 1 UID: 0 PID: 24094 Comm: syz.5.6686 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  964.419983][T24094] Tainted: [L]=SOFTLOCKUP
[  964.419989][T24094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  964.419999][T24094] Call Trace:
[  964.420006][T24094]  <TASK>
[  964.420013][T24094]  dump_stack_lvl+0xe8/0x150
[  964.420041][T24094]  should_fail_ex+0x46b/0x600
[  964.420071][T24094]  should_failslab+0xa8/0x100
[  964.420097][T24094]  __kmalloc_noprof+0xdf/0x7b0
[  964.420115][T24094]  ? tomoyo_encode+0x28b/0x550
[  964.420137][T24094]  tomoyo_encode+0x28b/0x550
[  964.420159][T24094]  tomoyo_realpath_from_path+0x58d/0x5d0
[  964.420179][T24094]  ? tomoyo_domain+0xd7/0x130
[  964.420201][T24094]  ? tomoyo_path_number_perm+0x219/0x630
[  964.420224][T24094]  tomoyo_path_number_perm+0x246/0x630
[  964.420253][T24094]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  964.420277][T24094]  ? __lock_acquire+0x6b5/0x2d10
[  964.420299][T24094]  ? do_raw_spin_lock+0x12b/0x2f0
[  964.420341][T24094]  ? __fget_files+0x2a/0x420
[  964.420366][T24094]  ? __fget_files+0x2a/0x420
[  964.420385][T24094]  ? __fget_files+0x3a6/0x420
[  964.420404][T24094]  ? __fget_files+0x2a/0x420
[  964.420430][T24094]  security_file_ioctl+0xc3/0x2a0
[  964.420458][T24094]  __se_sys_ioctl+0x47/0x170
[  964.420492][T24094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.420511][T24094]  do_syscall_64+0x174/0x580
[  964.420535][T24094]  ? trace_irq_disable+0x3b/0x140
[  964.420556][T24094]  ? clear_bhb_loop+0x40/0x90
[  964.420579][T24094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  964.420596][T24094] RIP: 0033:0x7fc2748bce59
[  964.420613][T24094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  964.420627][T24094] RSP: 002b:00007fc272af5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  964.420647][T24094] RAX: ffffffffffffffda RBX: 00007fc274b36090 RCX: 00007fc2748bce59
[  964.420661][T24094] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000b
[  964.420671][T24094] RBP: 00007fc272af5090 R08: 0000000000000000 R09: 0000000000000000
[  964.420683][T24094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  964.420694][T24094] R13: 00007fc274b36128 R14: 00007fc274b36090 R15: 00007fffea937188
[  964.420722][T24094]  </TASK>
[  964.422402][T24094] ERROR: Out of memory at tomoyo_realpath_from_path.
[  964.425491][T24094] kvm: MWAIT instruction emulated as NOP!
[  964.569511][T24100] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6688'.
[  964.731250][T23972] bridge0: port 1(bridge_slave_0) entered blocking state
[  964.731656][T23972] bridge0: port 1(bridge_slave_0) entered disabled state
[  964.731947][T23972] bridge_slave_0: entered allmulticast mode
[  964.734055][T23972] bridge_slave_0: entered promiscuous mode
[  964.738640][T23972] bridge0: port 2(bridge_slave_1) entered blocking state
[  964.743394][T23972] bridge0: port 2(bridge_slave_1) entered disabled state
[  964.743692][T23972] bridge_slave_1: entered allmulticast mode
[  964.747059][T23972] bridge_slave_1: entered promiscuous mode
[  964.809147][   T32] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[  964.826183][T23972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  964.838643][T23972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  964.877211][T23972] team0: Port device team_slave_0 added
[  964.882052][T23972] team0: Port device team_slave_1 added
[  964.967816][T24105] netlink: 'syz.6.6689': attribute type 21 has an invalid length.
[  964.983307][   T32] usb 1-1: Using ep0 maxpacket: 16
[  964.985126][   T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  964.985159][   T32] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  964.985183][   T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  964.985195][   T32] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  964.987380][   T32] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  964.987408][   T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  964.987423][   T32] usb 1-1: Product: syz
[  964.987433][   T32] usb 1-1: Manufacturer: syz
[  964.987441][   T32] usb 1-1: SerialNumber: syz
[  965.023692][   T32] usb 1-1: config 0 descriptor??
[  965.043310][T24100] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  965.071467][    C1] port100 1-1:0.0: NFC: Urb failure (status -71)
[  965.096593][   T32] port100 1-1:0.0: NFC: Could not get supported command types
[  965.208389][T24107] netlink: 'syz.6.6690': attribute type 1 has an invalid length.
[  965.224282][T23972] batman_adv: batadv0: Adding interface: batadv_slave_0
[  965.224300][T23972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  965.224324][T23972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  965.243226][T23972] batman_adv: batadv0: Adding interface: batadv_slave_1
[  965.243241][T23972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  965.243265][T23972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  965.367049][ T5782] usb 1-1: USB disconnect, device number 118
[  965.369268][   T60] Bluetooth: hci3: command tx timeout
[  965.555238][T23972] hsr_slave_0: entered promiscuous mode
[  965.556595][T23972] hsr_slave_1: entered promiscuous mode
[  965.557850][T23972] debugfs: 'hsr0' already exists in 'hsr'
[  965.557873][T23972] Cannot create hsr debugfs directory
[  965.827988][T24118] binder: 24117:24118 ioctl c0306201 200000000080 returned -14
[  965.846630][T24118] binder: 24117:24118 ioctl c0306201 2000000003c0 returned -14
[  965.847153][T24118] FAULT_INJECTION: forcing a failure.
[  965.847153][T24118] name failslab, interval 1, probability 0, space 0, times 0
[  965.847173][T24118] CPU: 1 UID: 0 PID: 24118 Comm: syz.5.6694 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  965.847189][T24118] Tainted: [L]=SOFTLOCKUP
[  965.847193][T24118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  965.847199][T24118] Call Trace:
[  965.847204][T24118]  <TASK>
[  965.847209][T24118]  dump_stack_lvl+0xe8/0x150
[  965.847226][T24118]  should_fail_ex+0x46b/0x600
[  965.847245][T24118]  should_failslab+0xa8/0x100
[  965.847260][T24118]  __kmalloc_noprof+0xdf/0x7b0
[  965.847273][T24118]  ? tomoyo_encode+0x28b/0x550
[  965.847288][T24118]  tomoyo_encode+0x28b/0x550
[  965.847303][T24118]  tomoyo_realpath_from_path+0x58d/0x5d0
[  965.847324][T24118]  ? tomoyo_path_number_perm+0x219/0x630
[  965.847341][T24118]  tomoyo_path_number_perm+0x246/0x630
[  965.847357][T24118]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  965.847373][T24118]  ? __lock_acquire+0x6b5/0x2d10
[  965.847387][T24118]  ? do_raw_spin_lock+0x12b/0x2f0
[  965.847413][T24118]  ? __fget_files+0x2a/0x420
[  965.847435][T24118]  ? __fget_files+0x2a/0x420
[  965.847446][T24118]  ? __fget_files+0x3a6/0x420
[  965.847457][T24118]  ? __fget_files+0x2a/0x420
[  965.847470][T24118]  security_file_ioctl+0xc3/0x2a0
[  965.847487][T24118]  __se_sys_ioctl+0x47/0x170
[  965.847507][T24118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.847528][T24118]  do_syscall_64+0x174/0x580
[  965.847554][T24118]  ? trace_irq_disable+0x3b/0x140
[  965.847577][T24118]  ? clear_bhb_loop+0x40/0x90
[  965.847597][T24118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  965.847615][T24118] RIP: 0033:0x7fc2748bce59
[  965.847632][T24118] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  965.847643][T24118] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  965.847656][T24118] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  965.847664][T24118] RDX: 00002000000000c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  965.847674][T24118] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  965.847686][T24118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  965.847698][T24118] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  965.847729][T24118]  </TASK>
[  965.847749][T24118] ERROR: Out of memory at tomoyo_realpath_from_path.
[  966.261207][T12318] bridge_slave_1: left allmulticast mode
[  966.261240][T12318] bridge_slave_1: left promiscuous mode
[  966.261513][T12318] bridge0: port 2(bridge_slave_1) entered disabled state
[  966.627765][T24139] FAULT_INJECTION: forcing a failure.
[  966.627765][T24139] name failslab, interval 1, probability 0, space 0, times 0
[  966.627797][T24139] CPU: 0 UID: 0 PID: 24139 Comm: syz.0.6700 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  966.627820][T24139] Tainted: [L]=SOFTLOCKUP
[  966.627826][T24139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  966.627835][T24139] Call Trace:
[  966.627842][T24139]  <TASK>
[  966.627849][T24139]  dump_stack_lvl+0xe8/0x150
[  966.627872][T24139]  should_fail_ex+0x46b/0x600
[  966.627904][T24139]  should_failslab+0xa8/0x100
[  966.627929][T24139]  __kmalloc_noprof+0xdf/0x7b0
[  966.627946][T24139]  ? tomoyo_encode+0x28b/0x550
[  966.627967][T24139]  tomoyo_encode+0x28b/0x550
[  966.627994][T24139]  tomoyo_realpath_from_path+0x58d/0x5d0
[  966.628018][T24139]  ? tomoyo_domain+0xd7/0x130
[  966.628044][T24139]  ? tomoyo_path_number_perm+0x219/0x630
[  966.628073][T24139]  tomoyo_path_number_perm+0x246/0x630
[  966.628101][T24139]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  966.628123][T24139]  ? __lock_acquire+0x6b5/0x2d10
[  966.628144][T24139]  ? do_raw_spin_lock+0x12b/0x2f0
[  966.628184][T24139]  ? __fget_files+0x2a/0x420
[  966.628205][T24139]  ? __fget_files+0x2a/0x420
[  966.628223][T24139]  ? __fget_files+0x3a6/0x420
[  966.628241][T24139]  ? __fget_files+0x2a/0x420
[  966.628264][T24139]  security_file_ioctl+0xc3/0x2a0
[  966.628306][T24139]  __se_sys_ioctl+0x47/0x170
[  966.628330][T24139]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.628352][T24139]  do_syscall_64+0x174/0x580
[  966.628379][T24139]  ? trace_irq_disable+0x3b/0x140
[  966.628399][T24139]  ? clear_bhb_loop+0x40/0x90
[  966.628422][T24139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  966.628440][T24139] RIP: 0033:0x7f6a20e0ce59
[  966.628458][T24139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  966.628474][T24139] RSP: 002b:00007f6a1f066028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  966.628495][T24139] RAX: ffffffffffffffda RBX: 00007f6a21085fa0 RCX: 00007f6a20e0ce59
[  966.628509][T24139] RDX: 0000200000000140 RSI: 000000004400ae8f RDI: 0000000000000006
[  966.628521][T24139] RBP: 00007f6a1f066090 R08: 0000000000000000 R09: 0000000000000000
[  966.628534][T24139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  966.628546][T24139] R13: 00007f6a21086038 R14: 00007f6a21085fa0 R15: 00007fffef314d18
[  966.628574][T24139]  </TASK>
[  966.628594][T24139] ERROR: Out of memory at tomoyo_realpath_from_path.
[  967.443987][   T60] Bluetooth: hci3: command tx timeout
[  967.701536][T24178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  967.702159][T24178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  967.910734][T12318] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  967.929024][ T5758] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[  967.979034][ T5763] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[  968.058985][ T5758] usb 6-1: device descriptor read/64, error -71
[  968.134953][ T5763] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  968.134981][ T5763] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  968.134999][ T5763] usb 1-1: config 0 has no interface number 0
[  968.137076][ T5763] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  968.137104][ T5763] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.137124][ T5763] usb 1-1: Product: syz
[  968.137136][ T5763] usb 1-1: Manufacturer: syz
[  968.137150][ T5763] usb 1-1: SerialNumber: syz
[  968.150045][ T5763] usb 1-1: config 0 descriptor??
[  968.193122][T12318] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  968.207104][ T5763] uvcvideo 1-1:0.64: probe with driver uvcvideo failed with error -22
[  968.279824][T12318] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  968.299104][ T5758] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  968.303417][T12318] bond0 (unregistering): Released all slaves
[  968.424893][T24180] sg_write: data in/out 394205/258 bytes for SCSI command 0x0-- guessing data in;
[  968.424893][T24180]    program syz.0.6713 not setting count and/or reply_len properly
[  968.439083][   T32] usb 1-1: USB disconnect, device number 119
[  968.472485][ T5758] usb 6-1: device descriptor read/64, error -71
[  968.512146][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[  968.579364][ T5758] usb usb6-port1: attempt power cycle
[  968.688476][T12318] tipc: Disabling bearer <eth:ipvlan0>
[  968.749117][T12318] tipc: Left network mode
[  968.919276][ T5758] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[  968.939869][ T5758] usb 6-1: device descriptor read/8, error -71
[  969.179413][ T5758] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  969.203909][ T5758] usb 6-1: device descriptor read/8, error -71
[  969.311857][ T5758] usb usb6-port1: unable to enumerate USB device
[  969.742785][T24206] ALSA: mixer_oss: invalid OSS volume 'ч²TlànmJÏÁv9ÎÕŽÜænrVÿçT'¥”±'
[  969.903373][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[  970.025576][T24208] CIFS mount error: No usable UNC path provided in device string!
[  970.025576][T24208] 
[  970.025598][T24208] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  970.260081][   T32] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[  970.469014][   T32] usb 1-1: Using ep0 maxpacket: 16
[  970.473353][   T32] usb 1-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  970.473388][   T32] usb 1-1: config 0 interface 0 has no altsetting 0
[  970.473422][   T32] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  970.473445][   T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.482964][   T32] usb 1-1: config 0 descriptor??
[  970.570249][T24210] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6719'.
[  970.931638][T24208] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  970.932485][T24208] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  971.171718][   T32] usbhid 1-1:0.0: can't add hid device: -71
[  971.171839][   T32] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  971.198234][   T32] usb 1-1: USB disconnect, device number 120
[  971.275447][T24228] netlink: 'syz.5.6728': attribute type 2 has an invalid length.
[  971.275466][T24228] netlink: 'syz.5.6728': attribute type 1 has an invalid length.
[  971.275477][T24228] netlink: 'syz.5.6728': attribute type 1 has an invalid length.
[  971.275488][T24228] netlink: 'syz.5.6728': attribute type 2 has an invalid length.
[  971.275499][T24228] netlink: 'syz.5.6728': attribute type 1 has an invalid length.
[  971.425815][T24238] FAULT_INJECTION: forcing a failure.
[  971.425815][T24238] name failslab, interval 1, probability 0, space 0, times 0
[  971.425839][T24238] CPU: 1 UID: 0 PID: 24238 Comm: syz.5.6730 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  971.425855][T24238] Tainted: [L]=SOFTLOCKUP
[  971.425859][T24238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  971.425866][T24238] Call Trace:
[  971.425871][T24238]  <TASK>
[  971.425876][T24238]  dump_stack_lvl+0xe8/0x150
[  971.425893][T24238]  should_fail_ex+0x46b/0x600
[  971.425912][T24238]  should_failslab+0xa8/0x100
[  971.425927][T24238]  __kmalloc_noprof+0xdf/0x7b0
[  971.425940][T24238]  ? __vb2_queue_alloc+0x29d/0x15a0
[  971.425956][T24238]  __vb2_queue_alloc+0x29d/0x15a0
[  971.425980][T24238]  vb2_core_create_bufs+0x782/0xe30
[  971.425992][T24238]  ? unwind_get_return_address+0x4d/0x90
[  971.426012][T24238]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  971.426028][T24238]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  971.426043][T24238]  vb2_create_bufs+0x593/0xa70
[  971.426054][T24238]  ? kasan_save_track+0x4f/0x80
[  971.426065][T24238]  ? kasan_save_track+0x3e/0x80
[  971.426079][T24238]  ? __pfx_vb2_create_bufs+0x10/0x10
[  971.426093][T24238]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  971.426108][T24238]  vb2_ioctl_create_bufs+0x288/0x3f0
[  971.426122][T24238]  v4l_create_bufs+0x18c/0x290
[  971.426136][T24238]  __video_do_ioctl+0xade/0xca0
[  971.426155][T24238]  ? __pfx___video_do_ioctl+0x10/0x10
[  971.426175][T24238]  video_usercopy+0x876/0x1450
[  971.426192][T24238]  ? __pfx___video_do_ioctl+0x10/0x10
[  971.426206][T24238]  ? __pfx_video_usercopy+0x10/0x10
[  971.426224][T24238]  ? __fget_files+0x2a/0x420
[  971.426238][T24238]  ? __fget_files+0x2a/0x420
[  971.426249][T24238]  ? __fget_files+0x3a6/0x420
[  971.426262][T24238]  v4l2_ioctl+0x190/0x1e0
[  971.426276][T24238]  ? __pfx_v4l2_ioctl+0x10/0x10
[  971.426288][T24238]  __se_sys_ioctl+0xff/0x170
[  971.426303][T24238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.426315][T24238]  do_syscall_64+0x174/0x580
[  971.426330][T24238]  ? trace_irq_disable+0x3b/0x140
[  971.426342][T24238]  ? clear_bhb_loop+0x40/0x90
[  971.426355][T24238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.426365][T24238] RIP: 0033:0x7fc2748bce59
[  971.426376][T24238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  971.426385][T24238] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  971.426404][T24238] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  971.426412][T24238] RDX: 0000200000000200 RSI: 00000000c100565c RDI: 0000000000000003
[  971.426419][T24238] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  971.426426][T24238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  971.426432][T24238] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  971.426480][T24238]  </TASK>
[  972.142790][T12318] hsr_slave_0: left promiscuous mode
[  972.218076][   T32] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  972.255313][T12318] hsr_slave_1: left promiscuous mode
[  972.256423][T12318] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  972.256449][T12318] batman_adv: batadv0: Removing interface: batadv_slave_0
[  972.303155][T12318] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  972.303183][T12318] batman_adv: batadv0: Removing interface: batadv_slave_1
[  972.388984][   T32] usb 1-1: Using ep0 maxpacket: 16
[  972.401971][   T32] usb 1-1: config 0 has no interfaces?
[  972.403585][   T32] usb 1-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  972.403614][   T32] usb 1-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0
[  972.403636][   T32] usb 1-1: Manufacturer: syz
[  972.452527][   T32] usb 1-1: config 0 descriptor??
[  972.594172][T24268] netlink: 240 bytes leftover after parsing attributes in process `syz.5.6737'.
[  972.595090][T24269] netlink: 240 bytes leftover after parsing attributes in process `syz.5.6737'.
[  972.614404][T12318] veth1_macvtap: left promiscuous mode
[  972.614505][T12318] veth0_macvtap: left promiscuous mode
[  972.614863][T12318] veth1_vlan: left promiscuous mode
[  972.614934][T12318] veth0_vlan: left promiscuous mode
[  973.529302][T24291] FAULT_INJECTION: forcing a failure.
[  973.529302][T24291] name failslab, interval 1, probability 0, space 0, times 0
[  973.529342][T24291] CPU: 0 UID: 0 PID: 24291 Comm: syz.5.6741 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  973.529369][T24291] Tainted: [L]=SOFTLOCKUP
[  973.529376][T24291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  973.529388][T24291] Call Trace:
[  973.529396][T24291]  <TASK>
[  973.529405][T24291]  dump_stack_lvl+0xe8/0x150
[  973.529436][T24291]  should_fail_ex+0x46b/0x600
[  973.529466][T24291]  should_failslab+0xa8/0x100
[  973.529494][T24291]  kmem_cache_alloc_noprof+0x87/0x680
[  973.529517][T24291]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  973.529543][T24291]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  973.529578][T24291]  mmu_topup_memory_caches+0x21/0x170
[  973.529603][T24291]  kvm_mmu_load+0x9d/0x2320
[  973.529624][T24291]  ? kvm_msr_allowed+0x9a/0x490
[  973.529651][T24291]  ? kvm_msr_allowed+0x9a/0x490
[  973.529673][T24291]  ? kvm_msr_allowed+0x3f4/0x490
[  973.529697][T24291]  ? kvm_msr_allowed+0x9a/0x490
[  973.529725][T24291]  ? kvm_apic_has_interrupt+0x73c/0x770
[  973.529755][T24291]  ? vmx_recalc_intercepts+0xec4/0x1b10
[  973.529790][T24291]  vcpu_run+0x5c68/0x7830
[  973.529874][T24291]  ? __pfx_vcpu_run+0x10/0x10
[  973.529892][T24291]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  973.529913][T24291]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  973.529946][T24291]  kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0
[  973.529978][T24291]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  973.529997][T24291]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  973.530021][T24291]  ? do_raw_spin_lock+0x12b/0x2f0
[  973.530052][T24291]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  973.530080][T24291]  ? lockdep_hardirqs_on+0x7a/0x110
[  973.530107][T24291]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  973.530134][T24291]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  973.530171][T24291]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  973.530195][T24291]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  973.530221][T24291]  ? lockdep_hardirqs_on+0x7a/0x110
[  973.530247][T24291]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  973.530272][T24291]  ? rt_write_unlock+0x190/0x230
[  973.530301][T24291]  kvm_vcpu_ioctl+0xa65/0xfe0
[  973.530333][T24291]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  973.530376][T24291]  ? __fget_files+0x2a/0x420
[  973.530399][T24291]  ? __fget_files+0x2a/0x420
[  973.530418][T24291]  ? __fget_files+0x3a6/0x420
[  973.530434][T24291]  ? __fget_files+0x2a/0x420
[  973.530453][T24291]  ? bpf_lsm_file_ioctl+0x9/0x20
[  973.530475][T24291]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  973.530496][T24291]  __se_sys_ioctl+0xff/0x170
[  973.530518][T24291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.530535][T24291]  do_syscall_64+0x174/0x580
[  973.530556][T24291]  ? trace_irq_disable+0x3b/0x140
[  973.530573][T24291]  ? clear_bhb_loop+0x40/0x90
[  973.530592][T24291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  973.530607][T24291] RIP: 0033:0x7fc2748bce59
[  973.530624][T24291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  973.530637][T24291] RSP: 002b:00007fc272af5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  973.530655][T24291] RAX: ffffffffffffffda RBX: 00007fc274b36090 RCX: 00007fc2748bce59
[  973.530667][T24291] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  973.530677][T24291] RBP: 00007fc272af5090 R08: 0000000000000000 R09: 0000000000000000
[  973.530687][T24291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  973.530696][T24291] R13: 00007fc274b36128 R14: 00007fc274b36090 R15: 00007fffea937188
[  973.530722][T24291]  </TASK>
[  974.133174][   T38] audit: type=1326 audit(1780433729.746:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24299 comm="syz.6.6744" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb76745ce59 code=0x0
[  974.329328][ T5618] usb 1-1: USB disconnect, device number 121
[  974.615549][T24310] FAULT_INJECTION: forcing a failure.
[  974.615549][T24310] name failslab, interval 1, probability 0, space 0, times 0
[  974.615573][T24310] CPU: 1 UID: 0 PID: 24310 Comm: syz.5.6748 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  974.615596][T24310] Tainted: [L]=SOFTLOCKUP
[  974.615600][T24310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  974.615607][T24310] Call Trace:
[  974.615616][T24310]  <TASK>
[  974.615621][T24310]  dump_stack_lvl+0xe8/0x150
[  974.615643][T24310]  should_fail_ex+0x46b/0x600
[  974.615662][T24310]  should_failslab+0xa8/0x100
[  974.615677][T24310]  kmem_cache_alloc_noprof+0x87/0x680
[  974.615695][T24310]  ? skb_clone+0x212/0x3a0
[  974.615711][T24310]  skb_clone+0x212/0x3a0
[  974.615723][T24310]  __netlink_deliver_tap+0x424/0x8b0
[  974.615750][T24310]  ? netlink_deliver_tap+0x2e/0x1b0
[  974.615766][T24310]  netlink_deliver_tap+0x19c/0x1b0
[  974.615783][T24310]  netlink_unicast+0x754/0x920
[  974.615807][T24310]  netlink_sendmsg+0x813/0xb40
[  974.615822][T24310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.615833][T24310]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  974.615850][T24310]  ? aa_sock_msg_perm+0x122/0x200
[  974.615862][T24310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.615876][T24310]  sock_sendmsg_nosec+0x13a/0x180
[  974.615890][T24310]  ____sys_sendmsg+0x55c/0x870
[  974.615908][T24310]  ? __pfx_____sys_sendmsg+0x10/0x10
[  974.615928][T24310]  ? import_iovec+0x73/0xa0
[  974.615961][T24310]  ___sys_sendmsg+0x2a5/0x360
[  974.615984][T24310]  ? __lock_acquire+0x6b5/0x2d10
[  974.616020][T24310]  ? __pfx____sys_sendmsg+0x10/0x10
[  974.616053][T24310]  ? __fget_files+0x2a/0x420
[  974.616065][T24310]  ? __fget_files+0x3a6/0x420
[  974.616085][T24310]  __x64_sys_sendmsg+0x1c3/0x2a0
[  974.616108][T24310]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  974.616132][T24310]  ? __pfx_ksys_write+0x10/0x10
[  974.616155][T24310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.616167][T24310]  do_syscall_64+0x174/0x580
[  974.616182][T24310]  ? trace_irq_disable+0x3b/0x140
[  974.616195][T24310]  ? clear_bhb_loop+0x40/0x90
[  974.616208][T24310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.616218][T24310] RIP: 0033:0x7fc2748bce59
[  974.616232][T24310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  974.616241][T24310] RSP: 002b:00007fc272af5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  974.616254][T24310] RAX: ffffffffffffffda RBX: 00007fc274b36090 RCX: 00007fc2748bce59
[  974.616262][T24310] RDX: 0000000020048054 RSI: 0000200000000000 RDI: 0000000000000006
[  974.616269][T24310] RBP: 00007fc272af5090 R08: 0000000000000000 R09: 0000000000000000
[  974.616280][T24310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  974.616286][T24310] R13: 00007fc274b36128 R14: 00007fc274b36090 R15: 00007fffea937188
[  974.616310][T24310]  </TASK>
[  974.619848][T12318] team0 (unregistering): Port device team_slave_1 removed
[  974.681447][T12318] team0 (unregistering): Port device team_slave_0 removed
[  975.221611][T24314] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6749'.
[  975.514908][ T5618] usb 1-1: new high-speed USB device number 122 using dummy_hcd
[  975.704914][ T5618] usb 1-1: Using ep0 maxpacket: 16
[  975.708087][ T5618] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  975.708114][ T5618] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  975.708127][ T5618] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  975.708139][ T5618] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  975.710610][ T5618] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  975.710638][ T5618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.710653][ T5618] usb 1-1: Product: syz
[  975.710660][ T5618] usb 1-1: Manufacturer: syz
[  975.710667][ T5618] usb 1-1: SerialNumber: syz
[  975.827565][ T5618] usb 1-1: config 0 descriptor??
[  975.833836][T24314] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  975.838219][T23972] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  975.915854][ T5618] port100 1-1:0.0: NFC: Could not get supported command types
[  975.924872][T23972] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  975.945973][T23972] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  975.972641][T23972] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  975.973655][T23972] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  976.016923][T23972] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  976.018017][T23972] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  976.113717][T23972] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  976.159462][ T5618] usb 1-1: USB disconnect, device number 122
[  976.365667][T24340] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6757'.
[  976.366118][T24341] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6757'.
[  976.555749][T24343] FAULT_INJECTION: forcing a failure.
[  976.555749][T24343] name failslab, interval 1, probability 0, space 0, times 0
[  976.555785][T24343] CPU: 1 UID: 0 PID: 24343 Comm: syz.5.6758 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  976.555812][T24343] Tainted: [L]=SOFTLOCKUP
[  976.555820][T24343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  976.555832][T24343] Call Trace:
[  976.555840][T24343]  <TASK>
[  976.555849][T24343]  dump_stack_lvl+0xe8/0x150
[  976.555880][T24343]  should_fail_ex+0x46b/0x600
[  976.555912][T24343]  should_failslab+0xa8/0x100
[  976.555940][T24343]  __kmalloc_noprof+0xdf/0x7b0
[  976.555964][T24343]  ? sock_kmalloc+0xd6/0x160
[  976.555982][T24343]  ? __local_bh_enable+0x1e1/0x2f0
[  976.556016][T24343]  sock_kmalloc+0xd6/0x160
[  976.556038][T24343]  af_alg_alloc_areq+0x99/0x200
[  976.556066][T24343]  skcipher_recvmsg+0x321/0x1140
[  976.556108][T24343]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  976.556133][T24343]  ? __lock_acquire+0x6b5/0x2d10
[  976.556161][T24343]  ? aa_sock_msg_perm+0x122/0x200
[  976.556181][T24343]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  976.556207][T24343]  sock_recvmsg_nosec+0x130/0x170
[  976.556234][T24343]  ____sys_recvmsg+0x23d/0x4f0
[  976.556262][T24343]  ? __pfx_____sys_recvmsg+0x10/0x10
[  976.556294][T24343]  ? import_iovec+0x73/0xa0
[  976.556317][T24343]  ___sys_recvmsg+0x215/0x590
[  976.556332][T24343]  ? get_pid_task+0x20/0x1f0
[  976.556352][T24343]  ? __pfx____sys_recvmsg+0x10/0x10
[  976.556365][T24343]  ? __fget_files+0x2a/0x420
[  976.556386][T24343]  ? __fget_files+0x3a6/0x420
[  976.556403][T24343]  __x64_sys_recvmsg+0x1c0/0x2a0
[  976.556423][T24343]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  976.556438][T24343]  ? __pfx_ksys_write+0x10/0x10
[  976.556457][T24343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.556468][T24343]  do_syscall_64+0x174/0x580
[  976.556484][T24343]  ? trace_irq_disable+0x3b/0x140
[  976.556499][T24343]  ? clear_bhb_loop+0x40/0x90
[  976.556520][T24343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.556539][T24343] RIP: 0033:0x7fc2748bce59
[  976.556558][T24343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  976.556568][T24343] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  976.556580][T24343] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  976.556588][T24343] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  976.556595][T24343] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  976.556602][T24343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  976.556608][T24343] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  976.556624][T24343]  </TASK>
[  976.582738][T23972] 8021q: adding VLAN 0 to HW filter on device bond0
[  976.824421][T23972] 8021q: adding VLAN 0 to HW filter on device team0
[  976.861505][ T3386] bridge0: port 1(bridge_slave_0) entered blocking state
[  976.861675][ T3386] bridge0: port 1(bridge_slave_0) entered forwarding state
[  976.925493][T24348] FAULT_INJECTION: forcing a failure.
[  976.925493][T24348] name failslab, interval 1, probability 0, space 0, times 0
[  976.925528][T24348] CPU: 1 UID: 0 PID: 24348 Comm: syz.0.6760 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  976.925556][T24348] Tainted: [L]=SOFTLOCKUP
[  976.925563][T24348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  976.925575][T24348] Call Trace:
[  976.925583][T24348]  <TASK>
[  976.925592][T24348]  dump_stack_lvl+0xe8/0x150
[  976.925620][T24348]  should_fail_ex+0x46b/0x600
[  976.925652][T24348]  ? __pfx_sock_alloc_inode+0x10/0x10
[  976.925675][T24348]  should_failslab+0xa8/0x100
[  976.925701][T24348]  ? __pfx_sock_alloc_inode+0x10/0x10
[  976.925721][T24348]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  976.925745][T24348]  ? sock_alloc_inode+0x2c/0x190
[  976.925770][T24348]  ? __pfx_sock_alloc_inode+0x10/0x10
[  976.925790][T24348]  sock_alloc_inode+0x2c/0x190
[  976.925813][T24348]  ? __pfx_sock_alloc_inode+0x10/0x10
[  976.925832][T24348]  alloc_inode+0x6a/0x1b0
[  976.925862][T24348]  __sock_create+0x11e/0x960
[  976.925894][T24348]  mptcp_subflow_create_socket+0xfb/0x800
[  976.925922][T24348]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  976.925945][T24348]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  976.925973][T24348]  ? lockdep_hardirqs_on+0x7a/0x110
[  976.926000][T24348]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  976.926030][T24348]  __mptcp_nmpc_sk+0x14e/0x790
[  976.926054][T24348]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  976.926085][T24348]  mptcp_sendmsg_fastopen+0xd4/0x580
[  976.926111][T24348]  mptcp_sendmsg+0x1b0c/0x1dc0
[  976.926160][T24348]  ? aa_sk_perm+0x703/0x950
[  976.926184][T24348]  ? __pfx_mptcp_sendmsg+0x10/0x10
[  976.926214][T24348]  ? inet_send_prepare+0xb3/0x270
[  976.926242][T24348]  ? inet6_sendmsg+0x101/0x120
[  976.926265][T24348]  ? __pfx_inet6_sendmsg+0x10/0x10
[  976.926286][T24348]  sock_sendmsg_nosec+0x90/0x180
[  976.926310][T24348]  ____sys_sendmsg+0x55c/0x870
[  976.926347][T24348]  ? __pfx_____sys_sendmsg+0x10/0x10
[  976.926383][T24348]  ? import_iovec+0x73/0xa0
[  976.926409][T24348]  ___sys_sendmsg+0x2a5/0x360
[  976.926435][T24348]  ? __lock_acquire+0x6b5/0x2d10
[  976.926463][T24348]  ? __pfx____sys_sendmsg+0x10/0x10
[  976.926524][T24348]  ? __fget_files+0x2a/0x420
[  976.926545][T24348]  ? __fget_files+0x3a6/0x420
[  976.926576][T24348]  __x64_sys_sendmsg+0x1c3/0x2a0
[  976.926607][T24348]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  976.926644][T24348]  ? __pfx_ksys_write+0x10/0x10
[  976.926668][T24348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.926697][T24348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.926717][T24348]  do_syscall_64+0x174/0x580
[  976.926744][T24348]  ? clear_bhb_loop+0x40/0x90
[  976.926768][T24348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.926786][T24348] RIP: 0033:0x7f6a20e0ce59
[  976.926805][T24348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  976.926821][T24348] RSP: 002b:00007f6a1f066028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  976.926842][T24348] RAX: ffffffffffffffda RBX: 00007f6a21085fa0 RCX: 00007f6a20e0ce59
[  976.926861][T24348] RDX: e07e872420dfefca RSI: 0000200000000780 RDI: 0000000000000004
[  976.926875][T24348] RBP: 00007f6a1f066090 R08: 0000000000000000 R09: 0000000000000000
[  976.926887][T24348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  976.926899][T24348] R13: 00007f6a21086038 R14: 00007f6a21085fa0 R15: 00007fffef314d18
[  976.926929][T24348]  </TASK>
[  976.928728][T24348] socket: no more sockets
[  977.050050][ T3386] bridge0: port 2(bridge_slave_1) entered blocking state
[  977.050233][ T3386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  977.705475][T24366] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6767'.
[  977.941172][ T5758] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  978.089031][ T5758] usb 1-1: Using ep0 maxpacket: 16
[  978.105636][ T5758] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  978.105671][ T5758] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  978.105697][ T5758] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  978.105719][ T5758] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  978.151136][ T5758] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  978.151167][ T5758] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  978.151187][ T5758] usb 1-1: Product: syz
[  978.151201][ T5758] usb 1-1: Manufacturer: syz
[  978.151217][ T5758] usb 1-1: SerialNumber: syz
[  978.197177][ T5758] usb 1-1: config 0 descriptor??
[  978.198227][T24366] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  978.223083][ T5758] port100 1-1:0.0: NFC: Could not get supported command types
[  978.443285][T23972] 8021q: adding VLAN 0 to HW filter on device batadv0
[  978.494181][ T5618] usb 1-1: USB disconnect, device number 123
[  978.659081][T23972] veth0_vlan: entered promiscuous mode
[  978.683201][T23972] veth1_vlan: entered promiscuous mode
[  978.834186][T23972] veth0_macvtap: entered promiscuous mode
[  978.855225][T23972] veth1_macvtap: entered promiscuous mode
[  978.907607][T23972] batman_adv: batadv0: Interface activated: batadv_slave_0
[  978.950803][T23972] batman_adv: batadv0: Interface activated: batadv_slave_1
[  978.994724][T12305] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  978.994984][T12305] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  978.995020][T12305] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  978.995054][T12305] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  979.290699][T24414] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6784'.
[  979.419882][T24415] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6784'.
[  979.457106][T24415] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6784'.
[  979.564081][T24415] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6784'.
[  980.627756][T12349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  980.627775][T12349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  980.836296][T12347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  980.836316][T12347] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  981.056915][T24448] FAULT_INJECTION: forcing a failure.
[  981.056915][T24448] name failslab, interval 1, probability 0, space 0, times 0
[  981.056950][T24448] CPU: 0 UID: 0 PID: 24448 Comm: syz.5.6800 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  981.056976][T24448] Tainted: [L]=SOFTLOCKUP
[  981.056984][T24448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  981.056995][T24448] Call Trace:
[  981.057003][T24448]  <TASK>
[  981.057012][T24448]  dump_stack_lvl+0xe8/0x150
[  981.057042][T24448]  should_fail_ex+0x46b/0x600
[  981.057075][T24448]  should_failslab+0xa8/0x100
[  981.057102][T24448]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  981.057125][T24448]  ? __alloc_skb+0x1d0/0x7d0
[  981.057150][T24448]  ? lockdep_hardirqs_on+0x7a/0x110
[  981.057183][T24448]  __alloc_skb+0x1d0/0x7d0
[  981.057214][T24448]  netlink_sendmsg+0x5d4/0xb40
[  981.057242][T24448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  981.057263][T24448]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  981.057293][T24448]  ? aa_sock_msg_perm+0x122/0x200
[  981.057315][T24448]  ? __pfx_netlink_sendmsg+0x10/0x10
[  981.057333][T24448]  sock_sendmsg_nosec+0x13a/0x180
[  981.057359][T24448]  ____sys_sendmsg+0x55c/0x870
[  981.057393][T24448]  ? __pfx_____sys_sendmsg+0x10/0x10
[  981.057432][T24448]  ? import_iovec+0x73/0xa0
[  981.057457][T24448]  ___sys_sendmsg+0x2a5/0x360
[  981.057491][T24448]  ? __lock_acquire+0x6b5/0x2d10
[  981.057518][T24448]  ? __pfx____sys_sendmsg+0x10/0x10
[  981.057574][T24448]  ? __fget_files+0x2a/0x420
[  981.057594][T24448]  ? __fget_files+0x3a6/0x420
[  981.057623][T24448]  __x64_sys_sendmsg+0x1c3/0x2a0
[  981.057650][T24448]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  981.057686][T24448]  ? __pfx_ksys_write+0x10/0x10
[  981.057720][T24448]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.057741][T24448]  do_syscall_64+0x174/0x580
[  981.057768][T24448]  ? trace_irq_disable+0x3b/0x140
[  981.057790][T24448]  ? clear_bhb_loop+0x40/0x90
[  981.057814][T24448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.057834][T24448] RIP: 0033:0x7fc2748bce59
[  981.057852][T24448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  981.057867][T24448] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  981.057888][T24448] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  981.057902][T24448] RDX: 0000000000008040 RSI: 0000200000000b40 RDI: 0000000000000003
[  981.057915][T24448] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  981.057927][T24448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  981.057939][T24448] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  981.057969][T24448]  </TASK>
[  981.799423][  T822] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  982.011622][  T822] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  982.011647][  T822] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  982.011669][  T822] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  982.011682][  T822] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  982.016030][  T822] usb 1-1: config 0 descriptor??
[  982.391688][T24502] FAULT_INJECTION: forcing a failure.
[  982.391688][T24502] name failslab, interval 1, probability 0, space 0, times 0
[  982.391724][T24502] CPU: 1 UID: 0 PID: 24502 Comm: syz.5.6822 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  982.391745][T24502] Tainted: [L]=SOFTLOCKUP
[  982.391749][T24502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  982.391756][T24502] Call Trace:
[  982.391761][T24502]  <TASK>
[  982.391767][T24502]  dump_stack_lvl+0xe8/0x150
[  982.391788][T24502]  should_fail_ex+0x46b/0x600
[  982.391821][T24502]  should_failslab+0xa8/0x100
[  982.391851][T24502]  __kmalloc_noprof+0xdf/0x7b0
[  982.391873][T24502]  ? mutex_rt_init_lockdep+0x66/0x80
[  982.391902][T24502]  ? security_task_alloc+0x4d/0x330
[  982.391923][T24502]  security_task_alloc+0x4d/0x330
[  982.391940][T24502]  copy_process+0x1c4c/0x43d0
[  982.391964][T24502]  ? copy_process+0xd4e/0x43d0
[  982.392011][T24502]  ? __pfx_copy_process+0x10/0x10
[  982.392053][T24502]  vhost_task_create+0x1f9/0x380
[  982.392076][T24502]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  982.392092][T24502]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  982.392108][T24502]  ? __pfx_vhost_task_create+0x10/0x10
[  982.392124][T24502]  ? __pfx_vhost_task_fn+0x10/0x10
[  982.392149][T24502]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  982.392179][T24502]  ? lockdep_hardirqs_on+0x7a/0x110
[  982.392215][T24502]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  982.392242][T24502]  ? mutex_lock_nested+0x152/0x1d0
[  982.392253][T24502]  ? kvm_mmu_post_init_vm+0x8f/0x2d0
[  982.392271][T24502]  kvm_mmu_post_init_vm+0x147/0x2d0
[  982.392289][T24502]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[  982.392324][T24502]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  982.392349][T24502]  ? do_raw_spin_lock+0x12b/0x2f0
[  982.392381][T24502]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  982.392408][T24502]  ? lockdep_hardirqs_on+0x7a/0x110
[  982.392423][T24502]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  982.392437][T24502]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  982.392452][T24502]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  982.392481][T24502]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  982.392509][T24502]  ? lockdep_hardirqs_on+0x7a/0x110
[  982.392537][T24502]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  982.392564][T24502]  ? rt_write_unlock+0x190/0x230
[  982.392583][T24502]  kvm_vcpu_ioctl+0xa65/0xfe0
[  982.392602][T24502]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  982.392631][T24502]  ? __fget_files+0x2a/0x420
[  982.392657][T24502]  ? __fget_files+0x2a/0x420
[  982.392677][T24502]  ? __fget_files+0x3a6/0x420
[  982.392697][T24502]  ? __fget_files+0x2a/0x420
[  982.392719][T24502]  ? bpf_lsm_file_ioctl+0x9/0x20
[  982.392744][T24502]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  982.392772][T24502]  __se_sys_ioctl+0xff/0x170
[  982.392801][T24502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.392822][T24502]  do_syscall_64+0x174/0x580
[  982.392850][T24502]  ? trace_irq_disable+0x3b/0x140
[  982.392872][T24502]  ? clear_bhb_loop+0x40/0x90
[  982.392896][T24502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.392909][T24502] RIP: 0033:0x7fc2748bce59
[  982.392921][T24502] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  982.392930][T24502] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  982.392943][T24502] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  982.392954][T24502] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  982.392966][T24502] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  982.392978][T24502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  982.392990][T24502] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  982.393022][T24502]  </TASK>
[  982.504326][  T822] hid-steam 0003:28DE:1142.0045: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  982.523659][T24504] FAULT_INJECTION: forcing a failure.
[  982.523659][T24504] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  982.523695][T24504] CPU: 0 UID: 0 PID: 24504 Comm: syz.1.6821 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  982.523722][T24504] Tainted: [L]=SOFTLOCKUP
[  982.523729][T24504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  982.523741][T24504] Call Trace:
[  982.523749][T24504]  <TASK>
[  982.523757][T24504]  dump_stack_lvl+0xe8/0x150
[  982.523786][T24504]  should_fail_ex+0x46b/0x600
[  982.523818][T24504]  _copy_to_user+0x31/0xb0
[  982.523843][T24504]  drm_ioctl+0x6e0/0xb80
[  982.523872][T24504]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  982.523905][T24504]  ? __pfx_drm_ioctl+0x10/0x10
[  982.523940][T24504]  ? __fget_files+0x2a/0x420
[  982.523973][T24504]  ? bpf_lsm_file_ioctl+0x9/0x20
[  982.524001][T24504]  ? __pfx_drm_ioctl+0x10/0x10
[  982.524025][T24504]  __se_sys_ioctl+0xff/0x170
[  982.524051][T24504]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.524072][T24504]  do_syscall_64+0x174/0x580
[  982.524100][T24504]  ? trace_irq_disable+0x3b/0x140
[  982.524121][T24504]  ? clear_bhb_loop+0x40/0x90
[  982.524143][T24504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.524162][T24504] RIP: 0033:0x7f8b15a2ce59
[  982.524181][T24504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  982.524197][T24504] RSP: 002b:00007f8b13c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  982.524218][T24504] RAX: ffffffffffffffda RBX: 00007f8b15ca5fa0 RCX: 00007f8b15a2ce59
[  982.524232][T24504] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000010
[  982.524245][T24504] RBP: 00007f8b13c7e090 R08: 0000000000000000 R09: 0000000000000000
[  982.524257][T24504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  982.524270][T24504] R13: 00007f8b15ca6038 R14: 00007f8b15ca5fa0 R15: 00007fffc47f0698
[  982.524299][T24504]  </TASK>
[  982.745529][ T5830] usb 1-1: USB disconnect, device number 124
[  983.184165][T24522] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  983.344931][T24531] FAULT_INJECTION: forcing a failure.
[  983.344931][T24531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  983.344955][T24531] CPU: 0 UID: 0 PID: 24531 Comm: syz.5.6834 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  983.344971][T24531] Tainted: [L]=SOFTLOCKUP
[  983.344976][T24531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  983.344982][T24531] Call Trace:
[  983.344987][T24531]  <TASK>
[  983.344992][T24531]  dump_stack_lvl+0xe8/0x150
[  983.345010][T24531]  should_fail_ex+0x46b/0x600
[  983.345029][T24531]  _copy_to_user+0x31/0xb0
[  983.345043][T24531]  drm_ioctl+0x6e0/0xb80
[  983.345059][T24531]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  983.345077][T24531]  ? __pfx_drm_ioctl+0x10/0x10
[  983.345096][T24531]  ? __fget_files+0x2a/0x420
[  983.345110][T24531]  ? bpf_lsm_file_ioctl+0x9/0x20
[  983.345126][T24531]  ? __pfx_drm_ioctl+0x10/0x10
[  983.345139][T24531]  __se_sys_ioctl+0xff/0x170
[  983.345154][T24531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.345165][T24531]  do_syscall_64+0x174/0x580
[  983.345181][T24531]  ? trace_irq_disable+0x3b/0x140
[  983.345201][T24531]  ? clear_bhb_loop+0x40/0x90
[  983.345214][T24531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.345224][T24531] RIP: 0033:0x7fc2748bce59
[  983.345236][T24531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  983.345246][T24531] RSP: 002b:00007fc272b16028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  983.345258][T24531] RAX: ffffffffffffffda RBX: 00007fc274b35fa0 RCX: 00007fc2748bce59
[  983.345270][T24531] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000011
[  983.345277][T24531] RBP: 00007fc272b16090 R08: 0000000000000000 R09: 0000000000000000
[  983.345283][T24531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  983.345290][T24531] R13: 00007fc274b36038 R14: 00007fc274b35fa0 R15: 00007fffea937188
[  983.345306][T24531]  </TASK>
[  983.845413][T24551] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6843'.
[  983.939068][ T5618] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  984.004245][T24559] input: syz1 as /devices/virtual/input/input78
[  984.081492][ T5782] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  984.099062][ T5618] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  984.099092][ T5618] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.131584][ T5618] usb 2-1: config 0 descriptor??
[  984.147435][ T5618] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  984.229173][ T5782] usb 1-1: Using ep0 maxpacket: 16
[  984.234530][ T5782] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  984.234565][ T5782] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  984.234591][ T5782] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  984.234613][ T5782] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  984.238563][ T5782] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  984.238581][ T5782] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.238598][ T5782] usb 1-1: Product: syz
[  984.238613][ T5782] usb 1-1: Manufacturer: syz
[  984.238628][ T5782] usb 1-1: SerialNumber: syz
[  984.261054][ T5782] usb 1-1: config 0 descriptor??
[  984.262003][T24551] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  984.351201][ T5782] port100 1-1:0.0: NFC: Could not get supported command types
[  984.739772][T24541] ./bus: Can't lookup blockdev
[  984.852656][ T5625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  984.854051][ T5618] usb 2-1: USB disconnect, device number 121
[  984.885829][ T5613] Bluetooth: hci3: command tx timeout
[  984.938429][ T5625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  984.986346][ T5625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  985.013179][ T5625] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  985.014973][ T5625] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  985.812827][ T5758] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  985.975724][ T5758] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  985.975758][ T5758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  985.975784][ T5758] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  985.975809][ T5758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  985.975835][ T5758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  985.978596][ T5758] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  985.978625][ T5758] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.978647][ T5758] usb 2-1: Product: syz
[  985.978662][ T5758] usb 2-1: Manufacturer: syz
[  985.978677][ T5758] usb 2-1: SerialNumber: syz
[  985.987795][ T5758] usb 2-1: config 0 descriptor??
[  986.019884][ T5758] iguanair 2-1:0.0: probe with driver iguanair failed with error -12
[  986.265169][ T5782] usb 2-1: USB disconnect, device number 122
[  986.648995][ T5782] usb 2-1: new full-speed USB device number 123 using dummy_hcd
[  986.676879][ T3386] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  986.823232][ T5782] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  986.823263][ T5782] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.823284][ T5782] usb 2-1: Product: syz
[  986.823300][ T5782] usb 2-1: Manufacturer: syz
[  986.823315][ T5782] usb 2-1: SerialNumber: syz
[  986.870494][ T5782] usb 2-1: config 0 descriptor??
[  986.884381][ T5782] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  987.017622][ T5618] usb 1-1: USB disconnect, device number 125
[  987.447694][   T60] Bluetooth: hci1: command tx timeout
[  987.499109][ T5618] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  987.511602][ T5782] gspca_stk1135: reg_w 0x3 err -71
[  987.512832][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.512848][ T5782] gspca_stk1135: Sensor write failed
[  987.512879][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.512888][ T5782] gspca_stk1135: Sensor write failed
[  987.512912][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.512920][ T5782] gspca_stk1135: Sensor read failed
[  987.512944][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.512954][ T5782] gspca_stk1135: Sensor read failed
[  987.512961][ T5782] gspca_stk1135: Detected sensor type unknown (0x0)
[  987.512993][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.513002][ T5782] gspca_stk1135: Sensor read failed
[  987.513055][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.513065][ T5782] gspca_stk1135: Sensor read failed
[  987.513088][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.513097][ T5782] gspca_stk1135: Sensor write failed
[  987.513123][ T5782] gspca_stk1135: serial bus timeout: status=0x00
[  987.513133][ T5782] gspca_stk1135: Sensor write failed
[  987.513215][ T5782] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[  987.699264][ T5782] usb 2-1: USB disconnect, device number 123
[  987.709090][ T5618] usb 1-1: Using ep0 maxpacket: 32
[  987.711561][ T5618] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=8c.92
[  987.711590][ T5618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.759968][ T5618] gspca_main: nw80x-2.14.0 probing 055f:d001
[  987.795218][ T3386] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.316132][ T3386] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.399634][ T5782] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  988.461162][T24566] bridge0: port 1(bridge_slave_0) entered blocking state
[  988.461477][T24566] bridge0: port 1(bridge_slave_0) entered disabled state
[  988.461721][T24566] bridge_slave_0: entered allmulticast mode
[  988.464099][T24566] bridge_slave_0: entered promiscuous mode
[  988.485975][T24566] bridge0: port 2(bridge_slave_1) entered blocking state
[  988.486912][T24566] bridge0: port 2(bridge_slave_1) entered disabled state
[  988.487392][T24566] bridge_slave_1: entered allmulticast mode
[  988.497526][T24566] bridge_slave_1: entered promiscuous mode
[  988.568935][ T5782] usb 2-1: Using ep0 maxpacket: 32
[  988.572033][ T5782] usb 2-1: config 0 has an invalid interface number: 119 but max is 0
[  988.572058][ T5782] usb 2-1: config 0 has no interface number 0
[  988.572101][ T5782] usb 2-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  988.572124][ T5782] usb 2-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  988.572151][ T5782] usb 2-1: config 0 interface 119 altsetting 0 endpoint 0x83 has invalid maxpacket 65307, setting to 1024
[  988.572177][ T5782] usb 2-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  988.572192][ T5782] usb 2-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  988.574476][ T5782] usb 2-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  988.574506][ T5782] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.574526][ T5782] usb 2-1: Product: syz
[  988.574541][ T5782] usb 2-1: Manufacturer: syz
[  988.574556][ T5782] usb 2-1: SerialNumber: syz
[  988.696832][ T5782] usb 2-1: config 0 descriptor??
[  988.698633][T24611] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  988.744175][ T5782] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.119/input/input80
[  988.764159][ T4959] usb 2-1: BOGUS urb xfer, pipe 1 != type 3
[  988.802869][    C0] bcm5974 2-1:0.119: trackpad urb failed: -1
[  988.989590][    C0] bcm5974 2-1:0.119: trackpad urb failed: -1
[  989.058692][ T5782] usb 2-1: USB disconnect, device number 124
[  989.058698][    C1] bcm5974 2-1:0.119: trackpad urb failed: -19
[  989.064618][ T3386] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  989.176520][ T5618] usb 1-1: USB disconnect, device number 126
[  989.353028][T24566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  989.358522][T24566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  989.418713][T24566] team0: Port device team_slave_0 added
[  989.424859][T24566] team0: Port device team_slave_1 added
[  989.464222][T24566] batman_adv: batadv0: Adding interface: batadv_slave_0
[  989.464232][T24566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  989.464247][T24566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  989.467297][T24566] batman_adv: batadv0: Adding interface: batadv_slave_1
[  989.467308][T24566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  989.467323][T24566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  989.528941][   T60] Bluetooth: hci1: command tx timeout
[  989.575715][T24566] hsr_slave_0: entered promiscuous mode
[  989.595275][T24566] hsr_slave_1: entered promiscuous mode
[  989.597311][T24566] debugfs: 'hsr0' already exists in 'hsr'
[  989.597335][T24566] Cannot create hsr debugfs directory
[  989.773212][T24614] bond0: entered promiscuous mode
[  989.773236][T24614] bond_slave_0: entered promiscuous mode
[  989.773550][T24614] bond_slave_1: entered promiscuous mode
[  989.773725][T24614] bond0: entered allmulticast mode
[  989.773741][T24614] bond_slave_0: entered allmulticast mode
[  989.773762][T24614] bond_slave_1: entered allmulticast mode
[  990.555713][T24629] FAULT_INJECTION: forcing a failure.
[  990.555713][T24629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  990.555754][T24629] CPU: 0 UID: 0 PID: 24629 Comm: syz.6.6863 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  990.555774][T24629] Tainted: [L]=SOFTLOCKUP
[  990.555779][T24629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  990.555788][T24629] Call Trace:
[  990.555795][T24629]  <TASK>
[  990.555802][T24629]  dump_stack_lvl+0xe8/0x150
[  990.555825][T24629]  should_fail_ex+0x46b/0x600
[  990.555850][T24629]  _copy_from_user+0x2d/0xb0
[  990.555868][T24629]  __ia32_sys_rt_sigreturn+0x379/0x8e0
[  990.555884][T24629]  ? __lock_acquire+0x6b5/0x2d10
[  990.555905][T24629]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[  990.555940][T24629]  ? __task_pid_nr_ns+0x28/0x470
[  990.555962][T24629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.555978][T24629]  do_syscall_64+0x174/0x580
[  990.556000][T24629]  ? clear_bhb_loop+0x40/0x90
[  990.556018][T24629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.556032][T24629] RIP: 0033:0x7fb7673fe1d9
[  990.556047][T24629] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25
[  990.556059][T24629] RSP: 002b:00007fb7656ada80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  990.556075][T24629] RAX: ffffffffffffffda RBX: 00007fb7676d5fa0 RCX: 00007fb7673fe1d9
[  990.556086][T24629] RDX: 00007fb7656ada80 RSI: 00007fb7656adbb0 RDI: 0000000000000021
[  990.556097][T24629] RBP: 00007fb7656ae090 R08: 0000000000000000 R09: 0000000000000003
[  990.556106][T24629] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
[  990.556115][T24629] R13: 00007fb7676d6038 R14: 00007fb7676d5fa0 R15: 00007ffcafcce908
[  990.556137][T24629]  </TASK>
[  991.019157][ T5618] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  991.211482][ T5618] usb 2-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  991.211511][ T5618] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 253
[  991.242638][ T5618] usb 2-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  991.242670][ T5618] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  991.242689][ T5618] usb 2-1: Product: syz
[  991.242704][ T5618] usb 2-1: Manufacturer: syz
[  991.242719][ T5618] usb 2-1: SerialNumber: syz
[  991.302524][ T5618] usb 2-1: config 0 descriptor??
[  991.318147][ T5618] gspca_main: sunplus-2.14.0 probing 055f:c630
[  991.601502][   T60] Bluetooth: hci1: command tx timeout
[  991.841924][ T5618] gspca_sunplus: reg_r err -110
[  991.842019][ T5618] sunplus 2-1:0.0: probe with driver sunplus failed with error -110
[  992.365228][ T3386] bridge_slave_1: left allmulticast mode
[  992.365265][ T3386] bridge_slave_1: left promiscuous mode
[  992.386296][ T3386] bridge0: port 2(bridge_slave_1) entered disabled state
[  992.444171][T24652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  992.444878][T24652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  992.541388][ T3386] bridge_slave_0: left allmulticast mode
[  992.541412][ T3386] bridge_slave_0: left promiscuous mode
[  992.541666][ T3386] bridge0: port 1(bridge_slave_0) entered disabled state
[  993.066314][ T1340] ieee802154 phy0 wpan0: encryption failed: -22
[  993.066374][ T1340] ieee802154 phy1 wpan1: encryption failed: -22
[  993.376983][ T3386] team0: Port device geneve1 removed
[  993.570000][ T3386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  993.649524][ T3386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  993.689226][   T60] Bluetooth: hci1: command tx timeout
[  993.709686][ T3386] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  993.731066][ T3386] bond0 (unregistering): Released all slaves
[  993.777958][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[  994.439297][ T3386] IPVS: stopping master sync thread 20604 ...
[  994.608371][T24665] input: syz0 as /devices/virtual/input/input81
[  994.836658][T24673] trusted_key: encrypted_key: insufficient parameters specified
[  994.848238][T24673] trusted_key: encrypted_key: insufficient parameters specified
[  994.893779][T24674] tipc: Started in network mode
[  994.893808][T24674] tipc: Node identity fe80000000000000000000000000002d, cluster identity 4711
[  994.895719][T24674] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  995.025217][ T5618] usb 2-1: USB disconnect, device number 125
[  995.070384][T24669] syzkaller1: entered promiscuous mode
[  995.070412][T24669] syzkaller1: entered allmulticast mode
[  995.900820][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[  996.036266][T24705] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6880'.
[  996.069041][   T32] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  996.218988][   T32] usb 1-1: Using ep0 maxpacket: 8
[  996.288264][   T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  996.288315][   T32] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  996.288339][   T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.322033][   T32] usb 1-1: config 0 descriptor??
[  996.605422][   T32] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  996.997652][ T5763] usb 1-1: USB disconnect, device number 127
[  996.997749][    C0] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  997.201697][T24728] FAULT_INJECTION: forcing a failure.
[  997.201697][T24728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  997.201727][T24728] CPU: 1 UID: 0 PID: 24728 Comm: syz.1.6882 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  997.201749][T24728] Tainted: [L]=SOFTLOCKUP
[  997.201756][T24728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  997.201765][T24728] Call Trace:
[  997.201772][T24728]  <TASK>
[  997.201779][T24728]  dump_stack_lvl+0xe8/0x150
[  997.201803][T24728]  should_fail_ex+0x46b/0x600
[  997.201831][T24728]  _copy_to_user+0x31/0xb0
[  997.201850][T24728]  simple_read_from_buffer+0xe1/0x170
[  997.201883][T24728]  proc_fail_nth_read+0x1be/0x230
[  997.201904][T24728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  997.201925][T24728]  ? rw_verify_area+0x2ac/0x4e0
[  997.201947][T24728]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  997.201967][T24728]  vfs_read+0x212/0xa80
[  997.201996][T24728]  ? __pfx_vfs_read+0x10/0x10
[  997.202020][T24728]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  997.202045][T24728]  ? lockdep_hardirqs_on+0x7a/0x110
[  997.202070][T24728]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  997.202089][T24728]  ? mutex_lock_nested+0x152/0x1d0
[  997.202104][T24728]  ? fdget_pos+0x252/0x320
[  997.202128][T24728]  ksys_read+0x156/0x270
[  997.202148][T24728]  ? __pfx_ksys_read+0x10/0x10
[  997.202172][T24728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.202188][T24728]  do_syscall_64+0x174/0x580
[  997.202209][T24728]  ? trace_irq_disable+0x3b/0x140
[  997.202226][T24728]  ? clear_bhb_loop+0x40/0x90
[  997.202244][T24728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.202259][T24728] RIP: 0033:0x7f8b159ed68e
[  997.202274][T24728] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  997.202287][T24728] RSP: 002b:00007f8b13c7dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  997.202306][T24728] RAX: ffffffffffffffda RBX: 00007f8b13c7e6c0 RCX: 00007f8b159ed68e
[  997.202318][T24728] RDX: 000000000000000f RSI: 00007f8b13c7e0a0 RDI: 0000000000000004
[  997.202327][T24728] RBP: 00007f8b13c7e090 R08: 0000000000000000 R09: 0000000000000000
[  997.202337][T24728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  997.202346][T24728] R13: 00007f8b15ca6038 R14: 00007f8b15ca5fa0 R15: 00007fffc47f0698
[  997.202371][T24728]  </TASK>
[  997.308634][T24726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6881'.
[  997.537710][T24731] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6883'.
[  997.620261][T24726] bridge_slave_1: left allmulticast mode
[  997.620287][T24726] bridge_slave_1: left promiscuous mode
[  997.620489][T24726] bridge0: port 2(bridge_slave_1) entered disabled state
[  997.740149][T24726] bridge_slave_0: left allmulticast mode
[  997.740174][T24726] bridge_slave_0: left promiscuous mode
[  997.740369][T24726] bridge0: port 1(bridge_slave_0) entered disabled state
[  997.921071][T24726] bond0: (slave bridge0): Releasing backup interface
[  998.140361][T24731] FAULT_INJECTION: forcing a failure.
[  998.140361][T24731] name failslab, interval 1, probability 0, space 0, times 0
[  998.140394][T24731] CPU: 0 UID: 0 PID: 24731 Comm: syz.1.6883 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  998.140425][T24731] Tainted: [L]=SOFTLOCKUP
[  998.140432][T24731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  998.140444][T24731] Call Trace:
[  998.140450][T24731]  <TASK>
[  998.140457][T24731]  dump_stack_lvl+0xe8/0x150
[  998.140479][T24731]  should_fail_ex+0x46b/0x600
[  998.140504][T24731]  should_failslab+0xa8/0x100
[  998.140524][T24731]  __kmalloc_cache_noprof+0x84/0x690
[  998.140542][T24731]  ? ip_fib_metrics_init+0xbe/0x710
[  998.140567][T24731]  ip_fib_metrics_init+0xbe/0x710
[  998.140589][T24731]  ? rcu_is_watching+0x15/0xb0
[  998.140609][T24731]  ? __pfx_ip_fib_metrics_init+0x10/0x10
[  998.140631][T24731]  ? __kmalloc_noprof+0x408/0x7b0
[  998.140653][T24731]  fib_create_info+0x177a/0x31f0
[  998.140672][T24731]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  998.140693][T24731]  ? rt_mutex_slowunlock+0x1cb/0x300
[  998.140716][T24731]  ? pcpu_alloc_noprof+0xe31/0x1920
[  998.140743][T24731]  fib_table_insert+0xc8/0x1b50
[  998.140788][T24731]  ? fib_trie_table+0x142/0x1d0
[  998.140804][T24731]  ? fib_new_table+0x27f/0x2d0
[  998.140822][T24731]  inet_rtm_newroute+0x14f/0x250
[  998.140842][T24731]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  998.140874][T24731]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  998.140891][T24731]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  998.140912][T24731]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  998.140932][T24731]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  998.140949][T24731]  ? ref_tracker_free+0x673/0x820
[  998.140968][T24731]  ? __netlink_deliver_tap+0x636/0x8b0
[  998.140989][T24731]  ? netlink_deliver_tap+0x19c/0x1b0
[  998.141008][T24731]  ? netlink_unicast+0x754/0x920
[  998.141025][T24731]  ? netlink_sendmsg+0x813/0xb40
[  998.141037][T24731]  ? sock_sendmsg_nosec+0x13a/0x180
[  998.141053][T24731]  ? __sys_sendto+0x402/0x590
[  998.141070][T24731]  ? __x64_sys_sendto+0xde/0x100
[  998.141087][T24731]  ? do_syscall_64+0x174/0x580
[  998.141106][T24731]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.141128][T24731]  netlink_rcv_skb+0x232/0x4b0
[  998.141149][T24731]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  998.141169][T24731]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  998.141198][T24731]  ? netlink_deliver_tap+0x2e/0x1b0
[  998.141218][T24731]  ? netlink_deliver_tap+0x2e/0x1b0
[  998.141243][T24731]  netlink_unicast+0x780/0x920
[  998.141270][T24731]  netlink_sendmsg+0x813/0xb40
[  998.141290][T24731]  ? __pfx_netlink_sendmsg+0x10/0x10
[  998.141305][T24731]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  998.141324][T24731]  ? __fget_files+0x3a6/0x420
[  998.141340][T24731]  ? __fget_files+0x2a/0x420
[  998.141355][T24731]  ? aa_sock_msg_perm+0x122/0x200
[  998.141371][T24731]  ? __pfx_netlink_sendmsg+0x10/0x10
[  998.141384][T24731]  sock_sendmsg_nosec+0x13a/0x180
[  998.141403][T24731]  __sys_sendto+0x402/0x590
[  998.141431][T24731]  ? __pfx___sys_sendto+0x10/0x10
[  998.141470][T24731]  ? ksys_write+0x248/0x270
[  998.141491][T24731]  ? __pfx_ksys_write+0x10/0x10
[  998.141514][T24731]  __x64_sys_sendto+0xde/0x100
[  998.141533][T24731]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.141549][T24731]  do_syscall_64+0x174/0x580
[  998.141568][T24731]  ? trace_irq_disable+0x3b/0x140
[  998.141584][T24731]  ? clear_bhb_loop+0x40/0x90
[  998.141601][T24731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.141615][T24731] RIP: 0033:0x7f8b15a2ce59
[  998.141630][T24731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  998.141642][T24731] RSP: 002b:00007f8b13c7e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  998.141659][T24731] RAX: ffffffffffffffda RBX: 00007f8b15ca5fa0 RCX: 00007f8b15a2ce59
[  998.141670][T24731] RDX: 0000000000000078 RSI: 0000200000000000 RDI: 0000000000000003
[  998.141679][T24731] RBP: 00007f8b13c7e090 R08: 0000000000000000 R09: 0000000000000000
[  998.141688][T24731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  998.141696][T24731] R13: 00007f8b15ca6038 R14: 00007f8b15ca5fa0 R15: 00007fffc47f0698
[  998.141719][T24731]  </TASK>
[  998.551197][  T822] usb 2-1: new full-speed USB device number 126 using dummy_hcd
[  998.689050][ T3386] hsr_slave_0: left promiscuous mode
[  998.703881][  T822] usb 2-1: config 8 has an invalid interface number: 223 but max is 0
[  998.703909][  T822] usb 2-1: config 8 has an invalid descriptor of length 255, skipping remainder of the config
[  998.703929][  T822] usb 2-1: config 8 has no interface number 0
[  998.703973][  T822] usb 2-1: config 8 interface 223 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  998.706320][  T822] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  998.706347][  T822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.706366][  T822] usb 2-1: Product: syz
[  998.706380][  T822] usb 2-1: Manufacturer: syz
[  998.706395][  T822] usb 2-1: SerialNumber: syz
[  998.777294][ T3386] hsr_slave_1: left promiscuous mode
[  998.778458][ T3386] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  998.778475][ T3386] batman_adv: batadv0: Removing interface: batadv_slave_0
[  998.822231][ T3386] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  998.822258][ T3386] batman_adv: batadv0: Removing interface: batadv_slave_1
[  998.839012][ T5618] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  998.975054][  T822] usb 2-1: USB disconnect, device number 126
[  999.000718][ T5618] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  999.000759][ T5618] usb 1-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  999.000783][ T5618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.039144][ T5618] usb 1-1: config 0 descriptor??
[  999.067520][ T5618] smsusb:smsusb_probe: board id=8, interface number 0
[  999.067696][ T5618] smsusb:smsusb_probe: Device initialized with return code -19
[  999.139099][ T3386] veth1_macvtap: left promiscuous mode
[  999.167818][T24749] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  999.167877][T24749] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  999.208646][ T3386] veth0_macvtap: left promiscuous mode
[  999.211048][ T3386] veth1_vlan: left promiscuous mode
[  999.211240][ T3386] veth0_vlan: left promiscuous mode
[  999.262690][ T5618] usb 1-1: USB disconnect, device number 2
[  999.407174][T24757] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  999.846267][T24766] netlink: 84 bytes leftover after parsing attributes in process `syz.0.6891'.
[  999.846286][T24766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6891'.
[  999.941104][T24767] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6892'.
[ 1000.309127][ T5830] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1000.523272][ T5830] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1000.523307][ T5830] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1000.523346][ T5830] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 1000.523371][ T5830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1000.577243][ T5830] usb 1-1: config 0 descriptor??
[ 1000.630953][ T3386] team0 (unregistering): Port device team_slave_1 removed
[ 1000.691024][ T3386] team0 (unregistering): Port device team_slave_0 removed
[ 1001.252282][T24760] netdevsim netdevsim6: Direct firmware load for .. @ failed with error -2
[ 1001.252312][T24760] netdevsim netdevsim6: Falling back to sysfs fallback for: .. @
[ 1001.538963][ T5782] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1001.709297][ T5830] usbhid 1-1:0.0: can't add hid device: -71
[ 1001.709421][ T5830] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1001.730376][ T5782] usb 2-1: Using ep0 maxpacket: 32
[ 1001.736001][ T5782] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[ 1001.736029][ T5782] usb 2-1: config 0 has no interface number 0
[ 1001.740678][ T5782] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1001.740715][ T5782] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1001.740735][ T5782] usb 2-1: Product: syz
[ 1001.740754][ T5782] usb 2-1: Manufacturer: syz
[ 1001.740769][ T5782] usb 2-1: SerialNumber: syz
[ 1001.763339][ T5782] usb 2-1: config 0 descriptor??
[ 1001.805539][ T5830] usb 1-1: USB disconnect, device number 3
[ 1002.214937][ T5782] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1002.214979][ T5782] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1003.054220][T24566] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1003.071014][ T5782] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1003.071311][ T5782] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -61
[ 1003.125205][T24566] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1003.127507][T24566] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1003.162854][T24566] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1003.168048][T24566] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1003.202570][T24566] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1003.205428][T24566] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1003.275323][T24566] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1003.344204][ T5782] usb 2-1: USB disconnect, device number 127
[ 1003.827614][T24566] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1003.881951][T24566] 8021q: adding VLAN 0 to HW filter on device team0
[ 1003.915878][T12350] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1003.916020][T12350] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1003.957744][T12305] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.962640][T12305] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.352340][T24797] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6900'.
[ 1004.671132][T24566] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1004.808965][  T822] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1004.961662][T24566] veth0_vlan: entered promiscuous mode
[ 1004.994736][T24566] veth1_vlan: entered promiscuous mode
[ 1004.998985][  T822] usb 2-1: Using ep0 maxpacket: 16
[ 1005.000836][  T822] usb 2-1: config 0 has no interfaces?
[ 1005.001894][  T822] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[ 1005.001920][  T822] usb 2-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0
[ 1005.001941][  T822] usb 2-1: Manufacturer: syz
[ 1005.018476][  T822] usb 2-1: config 0 descriptor??
[ 1005.216373][T24566] veth0_macvtap: entered promiscuous mode
[ 1005.253088][  T822] usb 2-1: USB disconnect, device number 2
[ 1005.277919][T24566] veth1_macvtap: entered promiscuous mode
[ 1005.333366][T24831] ksmbd: Unknown IPC event: 1, ignore.
[ 1005.408119][T24828] hfs: unable to load iocharset "io#harset"
[ 1005.436901][T24566] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1005.498687][T24566] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1005.576599][T24835] FAULT_INJECTION: forcing a failure.
[ 1005.576599][T24835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1005.576634][T24835] CPU: 0 UID: 0 PID: 24835 Comm: syz.6.6906 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1005.576660][T24835] Tainted: [L]=SOFTLOCKUP
[ 1005.576667][T24835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1005.576680][T24835] Call Trace:
[ 1005.576688][T24835]  <TASK>
[ 1005.576696][T24835]  dump_stack_lvl+0xe8/0x150
[ 1005.576724][T24835]  should_fail_ex+0x46b/0x600
[ 1005.576756][T24835]  _copy_from_user+0x2d/0xb0
[ 1005.576780][T24835]  vmemdup_user+0x5e/0xd0
[ 1005.576800][T24835]  path_setxattrat+0x2c3/0x440
[ 1005.576838][T24835]  ? __pfx_path_setxattrat+0x10/0x10
[ 1005.576886][T24835]  ? ksys_write+0x248/0x270
[ 1005.576915][T24835]  ? __pfx_ksys_write+0x10/0x10
[ 1005.576945][T24835]  __x64_sys_fsetxattr+0xbc/0xe0
[ 1005.576970][T24835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.576991][T24835]  do_syscall_64+0x174/0x580
[ 1005.577018][T24835]  ? trace_irq_disable+0x3b/0x140
[ 1005.577041][T24835]  ? clear_bhb_loop+0x40/0x90
[ 1005.577063][T24835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.577082][T24835] RIP: 0033:0x7fb76745ce59
[ 1005.577099][T24835] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1005.577114][T24835] RSP: 002b:00007fb7656ae028 EFLAGS: 00000246 ORIG_RAX: 00000000000000be
[ 1005.577133][T24835] RAX: ffffffffffffffda RBX: 00007fb7676d5fa0 RCX: 00007fb76745ce59
[ 1005.577146][T24835] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000003
[ 1005.577158][T24835] RBP: 00007fb7656ae090 R08: 0000000000000000 R09: 0000000000000000
[ 1005.577169][T24835] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001
[ 1005.577180][T24835] R13: 00007fb7676d6038 R14: 00007fb7676d5fa0 R15: 00007ffcafcce908
[ 1005.577208][T24835]  </TASK>
[ 1005.577427][T12318] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.577700][T12318] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.577739][T12318] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.577773][T12318] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1005.822699][T24844] FAULT_INJECTION: forcing a failure.
[ 1005.822699][T24844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1005.822722][T24844] CPU: 0 UID: 0 PID: 24844 Comm: syz.1.6909 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1005.822741][T24844] Tainted: [L]=SOFTLOCKUP
[ 1005.822746][T24844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1005.822753][T24844] Call Trace:
[ 1005.822757][T24844]  <TASK>
[ 1005.822762][T24844]  dump_stack_lvl+0xe8/0x150
[ 1005.822780][T24844]  should_fail_ex+0x46b/0x600
[ 1005.822799][T24844]  _copy_from_user+0x2d/0xb0
[ 1005.822812][T24844]  memdup_user+0x5e/0xd0
[ 1005.822824][T24844]  msr_io+0x116/0x8b0
[ 1005.822837][T24844]  ? kvm_arch_vcpu_ioctl+0x12eb/0x2ff0
[ 1005.822850][T24844]  ? __pfx_do_get_msr+0x10/0x10
[ 1005.822861][T24844]  ? kvm_arch_vcpu_ioctl+0x12eb/0x2ff0
[ 1005.822874][T24844]  ? __pfx_msr_io+0x10/0x10
[ 1005.822887][T24844]  ? __srcu_check_read_flavor+0x10b/0x250
[ 1005.822902][T24844]  kvm_arch_vcpu_ioctl+0x1328/0x2ff0
[ 1005.822916][T24844]  ? kvm_arch_vcpu_ioctl+0x12eb/0x2ff0
[ 1005.822929][T24844]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1005.822942][T24844]  ? unwind_next_frame+0xa6/0x2550
[ 1005.822957][T24844]  ? is_bpf_text_address+0x26/0x2b0
[ 1005.822976][T24844]  ? is_bpf_text_address+0x26/0x2b0
[ 1005.822991][T24844]  ? is_bpf_text_address+0x292/0x2b0
[ 1005.823004][T24844]  ? is_bpf_text_address+0x26/0x2b0
[ 1005.823018][T24844]  ? kernel_text_address+0xa5/0xe0
[ 1005.823032][T24844]  ? __kernel_text_address+0xd/0x30
[ 1005.823044][T24844]  ? unwind_get_return_address+0x4d/0x90
[ 1005.823057][T24844]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1005.823069][T24844]  ? arch_stack_walk+0xfb/0x150
[ 1005.823089][T24844]  ? stack_trace_save+0xa9/0x100
[ 1005.823100][T24844]  ? __pfx_stack_trace_save+0x10/0x10
[ 1005.823110][T24844]  ? kasan_save_free_info+0x46/0x50
[ 1005.823127][T24844]  ? stack_depot_save_flags+0x33/0x810
[ 1005.823145][T24844]  ? kasan_save_track+0x4f/0x80
[ 1005.823155][T24844]  ? kasan_save_track+0x3e/0x80
[ 1005.823166][T24844]  ? kasan_save_free_info+0x46/0x50
[ 1005.823179][T24844]  ? __kasan_slab_free+0x5c/0x80
[ 1005.823190][T24844]  ? kfree+0x1c5/0x6c0
[ 1005.823201][T24844]  ? tomoyo_path_number_perm+0x501/0x630
[ 1005.823216][T24844]  ? security_file_ioctl+0xc3/0x2a0
[ 1005.823237][T24844]  ? __se_sys_ioctl+0x47/0x170
[ 1005.823251][T24844]  ? do_syscall_64+0x174/0x580
[ 1005.823266][T24844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.823286][T24844]  ? __lock_acquire+0x6b5/0x2d10
[ 1005.823319][T24844]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1005.823334][T24844]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1005.823349][T24844]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1005.823364][T24844]  ? _mutex_lock_killable+0x152/0x1d0
[ 1005.823375][T24844]  ? kvm_vcpu_ioctl+0x283/0xfe0
[ 1005.823392][T24844]  kvm_vcpu_ioctl+0x7e7/0xfe0
[ 1005.823409][T24844]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1005.823434][T24844]  ? __fget_files+0x2a/0x420
[ 1005.823448][T24844]  ? __fget_files+0x2a/0x420
[ 1005.823459][T24844]  ? __fget_files+0x3a6/0x420
[ 1005.823470][T24844]  ? __fget_files+0x2a/0x420
[ 1005.823483][T24844]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1005.823498][T24844]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1005.823513][T24844]  __se_sys_ioctl+0xff/0x170
[ 1005.823528][T24844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.823539][T24844]  do_syscall_64+0x174/0x580
[ 1005.823553][T24844]  ? trace_irq_disable+0x3b/0x140
[ 1005.823565][T24844]  ? clear_bhb_loop+0x40/0x90
[ 1005.823578][T24844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.823588][T24844] RIP: 0033:0x7f8b15a2ce59
[ 1005.823599][T24844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1005.823609][T24844] RSP: 002b:00007f8b13c7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1005.823621][T24844] RAX: ffffffffffffffda RBX: 00007f8b15ca5fa0 RCX: 00007f8b15a2ce59
[ 1005.823628][T24844] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[ 1005.823635][T24844] RBP: 00007f8b13c7e090 R08: 0000000000000000 R09: 0000000000000000
[ 1005.823642][T24844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1005.823649][T24844] R13: 00007f8b15ca6038 R14: 00007f8b15ca5fa0 R15: 00007fffc47f0698
[ 1005.823665][T24844]  </TASK>
[ 1006.222983][  T822] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[ 1006.404944][  T822] usb 1-1: Using ep0 maxpacket: 32
[ 1006.410824][  T822] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1006.410850][  T822] usb 1-1: config 0 has no interface number 0
[ 1006.415120][  T822] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1006.415149][  T822] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1006.415169][  T822] usb 1-1: Product: syz
[ 1006.415190][  T822] usb 1-1: Manufacturer: syz
[ 1006.415204][  T822] usb 1-1: SerialNumber: syz
[ 1006.532572][  T822] usb 1-1: config 0 descriptor??
[ 1006.973075][  T822] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1006.973109][  T822] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1007.398676][ T5618] libceph: connect (1)[c::]:6789 error -101
[ 1007.427406][ T5618] libceph: mon0 (1)[c::]:6789 connect error
[ 1007.445816][ T5618] libceph: connect (1)[c::]:6789 error -101
[ 1007.446107][ T5618] libceph: mon0 (1)[c::]:6789 connect error
[ 1007.704687][ T5618] libceph: connect (1)[c::]:6789 error -101
[ 1007.704907][ T5618] libceph: mon0 (1)[c::]:6789 connect error
[ 1007.806909][  T822] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1007.807154][  T822] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1007.896618][ T1299] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1007.896639][ T1299] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1007.916605][T24850] ceph: No mds server is up or the cluster is laggy
[ 1008.010150][   T32] usb 1-1: USB disconnect, device number 4
[ 1008.152759][ T1299] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1008.152780][ T1299] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1008.706502][T24865] netlink: 'syz.6.6915': attribute type 15 has an invalid length.
[ 1008.721711][T24868] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6917'.
[ 1008.920850][ T5758] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[ 1009.000861][T13465] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1009.091407][ T5758] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1009.091442][ T5758] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1009.091486][ T5758] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 1009.091499][ T5758] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.096934][ T5758] usb 6-1: config 0 descriptor??
[ 1009.149319][T13465] usb 1-1: Using ep0 maxpacket: 16
[ 1009.151320][T13465] usb 1-1: config 0 has no interfaces?
[ 1009.152609][T13465] usb 1-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[ 1009.152636][T13465] usb 1-1: New USB device strings: Mfr=34, Product=0, SerialNumber=0
[ 1009.152693][T13465] usb 1-1: Manufacturer: syz
[ 1009.158621][T13465] usb 1-1: config 0 descriptor??
[ 1009.268978][T18359] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1009.399020][T18359] usb 2-1: device descriptor read/64, error -71
[ 1009.416624][ T5618] usb 1-1: USB disconnect, device number 5
[ 1009.597693][ T5758] hid-steam 0003:28DE:1142.0046: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0
[ 1009.709046][T18359] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1009.711606][ T5618] usb 6-1: USB disconnect, device number 97
[ 1009.839091][T18359] usb 2-1: device descriptor read/64, error -71
[ 1009.952627][T18359] usb usb2-port1: attempt power cycle
[ 1010.008739][T24879] FAULT_INJECTION: forcing a failure.
[ 1010.008739][T24879] name failslab, interval 1, probability 0, space 0, times 0
[ 1010.008763][T24879] CPU: 0 UID: 0 PID: 24879 Comm: syz.0.6921 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1010.008778][T24879] Tainted: [L]=SOFTLOCKUP
[ 1010.008785][T24879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1010.008796][T24879] Call Trace:
[ 1010.008804][T24879]  <TASK>
[ 1010.008812][T24879]  dump_stack_lvl+0xe8/0x150
[ 1010.008841][T24879]  should_fail_ex+0x46b/0x600
[ 1010.008872][T24879]  should_failslab+0xa8/0x100
[ 1010.008899][T24879]  __kmalloc_noprof+0xdf/0x7b0
[ 1010.008919][T24879]  ? kfree+0x4d/0x6c0
[ 1010.008930][T24879]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1010.008947][T24879]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1010.008960][T24879]  ? tomoyo_domain+0xd7/0x130
[ 1010.008980][T24879]  ? tomoyo_path_number_perm+0x219/0x630
[ 1010.008997][T24879]  tomoyo_path_number_perm+0x246/0x630
[ 1010.009014][T24879]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1010.009029][T24879]  ? __lock_acquire+0x6b5/0x2d10
[ 1010.009044][T24879]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1010.009070][T24879]  ? __fget_files+0x2a/0x420
[ 1010.009084][T24879]  ? __fget_files+0x2a/0x420
[ 1010.009095][T24879]  ? __fget_files+0x3a6/0x420
[ 1010.009107][T24879]  ? __fget_files+0x2a/0x420
[ 1010.009121][T24879]  security_file_ioctl+0xc3/0x2a0
[ 1010.009138][T24879]  __se_sys_ioctl+0x47/0x170
[ 1010.009159][T24879]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.009181][T24879]  do_syscall_64+0x174/0x580
[ 1010.009208][T24879]  ? trace_irq_disable+0x3b/0x140
[ 1010.009236][T24879]  ? clear_bhb_loop+0x40/0x90
[ 1010.009257][T24879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.009268][T24879] RIP: 0033:0x7f6a20e0ce59
[ 1010.009279][T24879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1010.009289][T24879] RSP: 002b:00007f6a1f066028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1010.009301][T24879] RAX: ffffffffffffffda RBX: 00007f6a21085fa0 RCX: 00007f6a20e0ce59
[ 1010.009309][T24879] RDX: 0000200000000040 RSI: 00000000c028aa05 RDI: 0000000000000003
[ 1010.009316][T24879] RBP: 00007f6a1f066090 R08: 0000000000000000 R09: 0000000000000000
[ 1010.009323][T24879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1010.009330][T24879] R13: 00007f6a21086038 R14: 00007f6a21085fa0 R15: 00007fffef314d18
[ 1010.009346][T24879]  </TASK>
[ 1010.011585][T24879] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1010.176284][T24882] FAULT_INJECTION: forcing a failure.
[ 1010.176284][T24882] name failslab, interval 1, probability 0, space 0, times 0
[ 1010.176320][T24882] CPU: 0 UID: 0 PID: 24882 Comm: syz.0.6922 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1010.176346][T24882] Tainted: [L]=SOFTLOCKUP
[ 1010.176354][T24882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1010.176366][T24882] Call Trace:
[ 1010.176374][T24882]  <TASK>
[ 1010.176383][T24882]  dump_stack_lvl+0xe8/0x150
[ 1010.176413][T24882]  should_fail_ex+0x46b/0x600
[ 1010.176447][T24882]  should_failslab+0xa8/0x100
[ 1010.176473][T24882]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1010.176496][T24882]  ? alloc_io_context+0x27/0x2a0
[ 1010.176529][T24882]  alloc_io_context+0x27/0x2a0
[ 1010.176558][T24882]  __copy_io+0xab/0x1c0
[ 1010.176587][T24882]  copy_process+0x1eee/0x43d0
[ 1010.176622][T24882]  ? copy_process+0xd4e/0x43d0
[ 1010.176667][T24882]  ? __pfx_copy_process+0x10/0x10
[ 1010.176707][T24882]  vhost_task_create+0x1f9/0x380
[ 1010.176736][T24882]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1010.176763][T24882]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1010.176791][T24882]  ? __pfx_vhost_task_create+0x10/0x10
[ 1010.176820][T24882]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1010.176844][T24882]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1010.176874][T24882]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1010.176902][T24882]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1010.176929][T24882]  ? mutex_lock_nested+0x152/0x1d0
[ 1010.176952][T24882]  ? kvm_mmu_post_init_vm+0x8f/0x2d0
[ 1010.176985][T24882]  kvm_mmu_post_init_vm+0x147/0x2d0
[ 1010.177015][T24882]  kvm_arch_vcpu_ioctl_run+0x106/0x20d0
[ 1010.177050][T24882]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1010.177075][T24882]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1010.177106][T24882]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1010.177133][T24882]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1010.177158][T24882]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1010.177185][T24882]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1010.177214][T24882]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1010.177238][T24882]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1010.177265][T24882]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1010.177291][T24882]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1010.177318][T24882]  ? rt_write_unlock+0x190/0x230
[ 1010.177344][T24882]  kvm_vcpu_ioctl+0xa65/0xfe0
[ 1010.177376][T24882]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1010.177423][T24882]  ? __fget_files+0x2a/0x420
[ 1010.177447][T24882]  ? __fget_files+0x2a/0x420
[ 1010.177468][T24882]  ? __fget_files+0x3a6/0x420
[ 1010.177488][T24882]  ? __fget_files+0x2a/0x420
[ 1010.177513][T24882]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1010.177540][T24882]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1010.177567][T24882]  __se_sys_ioctl+0xff/0x170
[ 1010.177595][T24882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.177616][T24882]  do_syscall_64+0x174/0x580
[ 1010.177642][T24882]  ? trace_irq_disable+0x3b/0x140
[ 1010.177663][T24882]  ? clear_bhb_loop+0x40/0x90
[ 1010.177687][T24882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1010.177706][T24882] RIP: 0033:0x7f6a20e0ce59
[ 1010.177730][T24882] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1010.177747][T24882] RSP: 002b:00007f6a1f045028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1010.177768][T24882] RAX: ffffffffffffffda RBX: 00007f6a21086090 RCX: 00007f6a20e0ce59
[ 1010.177782][T24882] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1010.177795][T24882] RBP: 00007f6a1f045090 R08: 0000000000000000 R09: 0000000000000000
[ 1010.177808][T24882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1010.177820][T24882] R13: 00007f6a21086128 R14: 00007f6a21086090 R15: 00007fffef314d18
[ 1010.177850][T24882]  </TASK>
[ 1010.289553][T18359] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1010.312354][T18359] usb 2-1: device descriptor read/8, error -71
[ 1010.658982][T18359] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1010.679878][T18359] usb 2-1: device descriptor read/8, error -71
[ 1010.789280][T18359] usb usb2-port1: unable to enumerate USB device
[ 1011.368986][ T5830] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1011.449812][ T5618] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[ 1011.529154][ T5830] usb 1-1: Using ep0 maxpacket: 32
[ 1011.531038][ T5830] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1011.531063][ T5830] usb 1-1: config 0 has no interface number 0
[ 1011.533250][ T5830] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1011.533278][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1011.533298][ T5830] usb 1-1: Product: syz
[ 1011.533312][ T5830] usb 1-1: Manufacturer: syz
[ 1011.533326][ T5830] usb 1-1: SerialNumber: syz
[ 1011.536845][ T5830] usb 1-1: config 0 descriptor??
[ 1011.596195][ T5618] usb 6-1: device descriptor read/64, error -71
[ 1011.839008][ T5618] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[ 1011.943341][ T5830] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1011.943364][ T5830] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1011.988985][ T5618] usb 6-1: device descriptor read/64, error -71
[ 1012.104654][ T5618] usb usb6-port1: attempt power cycle
[ 1012.459031][ T5618] usb 6-1: new high-speed USB device number 100 using dummy_hcd
[ 1012.480588][ T5618] usb 6-1: device descriptor read/8, error -71
[ 1012.519005][T18359] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1012.674762][T18359] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1012.674819][T18359] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1012.674843][T18359] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.683657][T18359] usb 2-1: config 0 descriptor??
[ 1012.690426][T18359] pwc: Askey VC010 type 2 USB webcam detected.
[ 1012.755497][ T5830] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1012.755808][ T5830] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[ 1012.769028][ T5618] usb 6-1: new high-speed USB device number 101 using dummy_hcd
[ 1012.790005][ T5618] usb 6-1: device descriptor read/8, error -71
[ 1012.899544][ T5618] usb usb6-port1: unable to enumerate USB device
[ 1012.958359][T13465] usb 1-1: USB disconnect, device number 6
[ 1013.512110][T24902] netlink: 'syz.0.6930': attribute type 21 has an invalid length.
[ 1013.512204][T24902] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6930'.
[ 1013.512273][T24902] netlink: 3 bytes leftover after parsing attributes in process `syz.0.6930'.
[ 1013.607423][T24904] comedi comedi4: comedi_config --init_data is deprecated
[ 1013.971062][T24910] netlink: 'syz.0.6932': attribute type 2 has an invalid length.
[ 1013.971084][T24910] netlink: 'syz.0.6932': attribute type 8 has an invalid length.
[ 1013.971097][T24910] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6932'.
[ 1014.346437][T24913] kvm: kvm [24912]: vcpu0, guest rIP: 0x208 Unhandled WRMSR(0xc2) = 0x600000000a7
[ 1014.549046][ T5830] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1014.676859][T24918] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1014.712489][ T5830] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1014.712525][ T5830] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1014.712548][ T5830] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1014.712592][ T5830] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1014.712615][ T5830] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.765775][ T5830] usb 1-1: config 0 descriptor??
[ 1015.184657][ T5830] plantronics 0003:047F:FFFF.0047: reserved main item tag 0xd
[ 1015.186362][T18359] pwc: recv_control_msg error -71 req 02 val 2b00
[ 1015.187694][T18359] pwc: recv_control_msg error -71 req 02 val 2700
[ 1015.188147][T18359] pwc: recv_control_msg error -71 req 02 val 2c00
[ 1015.188627][T18359] pwc: recv_control_msg error -71 req 04 val 1000
[ 1015.191339][T18359] pwc: recv_control_msg error -71 req 04 val 1300
[ 1015.193009][T18359] pwc: recv_control_msg error -71 req 04 val 1400
[ 1015.195044][T18359] pwc: recv_control_msg error -71 req 02 val 2000
[ 1015.195525][T18359] pwc: recv_control_msg error -71 req 02 val 2100
[ 1015.196077][T18359] pwc: recv_control_msg error -71 req 04 val 1500
[ 1015.196602][T18359] pwc: recv_control_msg error -71 req 02 val 2500
[ 1015.197766][T18359] pwc: recv_control_msg error -71 req 02 val 2400
[ 1015.198229][T18359] pwc: recv_control_msg error -71 req 02 val 2600
[ 1015.199599][T18359] pwc: recv_control_msg error -71 req 02 val 2900
[ 1015.200053][T18359] pwc: recv_control_msg error -71 req 02 val 2800
[ 1015.202551][T18359] pwc: recv_control_msg error -71 req 04 val 1100
[ 1015.203342][T18359] pwc: recv_control_msg error -71 req 04 val 1200
[ 1015.282302][T18359] pwc: Registered as video103.
[ 1015.292775][T18359] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input84
[ 1015.305084][T18359] usb 2-1: USB disconnect, device number 7
[ 1015.359690][ T5830] plantronics 0003:047F:FFFF.0047: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1015.770364][ T5782] usb 1-1: USB disconnect, device number 7
[ 1015.837964][T24936] netlink: 156 bytes leftover after parsing attributes in process `syz.0.6940'.
[ 1015.888969][T18359] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[ 1015.919628][ T5763] usb 6-1: new full-speed USB device number 102 using dummy_hcd
[ 1016.018953][T18359] usb 2-1: device descriptor read/64, error -71
[ 1016.072777][ T5763] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1016.072795][ T5763] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1016.072827][ T5763] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1016.072840][ T5763] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1016.075947][ T5763] usb 6-1: config 0 descriptor??
[ 1016.093780][ T5763] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1016.093829][ T5763] dvb-usb: bulk message failed: -22 (3/0)
[ 1016.112004][ T5763] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1016.112890][ T5763] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1016.112942][ T5763] usb 6-1: media controller created
[ 1016.115500][ T5763] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1016.132125][ T5763] dvb-usb: bulk message failed: -22 (6/0)
[ 1016.132296][ T5763] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1016.137566][ T5763] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input85
[ 1016.142005][ T5763] dvb-usb: schedule remote query interval to 150 msecs.
[ 1016.142028][ T5763] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1016.259066][T18359] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[ 1016.304131][ T5763] dvb-usb: bulk message failed: -22 (1/0)
[ 1016.304177][ T5763] dvb-usb: error while querying for an remote control event.
[ 1016.319204][ T5830] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[ 1016.388981][T18359] usb 2-1: device descriptor read/64, error -71
[ 1016.458947][ T5763] dvb-usb: bulk message failed: -22 (1/0)
[ 1016.458975][ T5763] dvb-usb: error while querying for an remote control event.
[ 1016.473376][ T5830] usb 1-1: Using ep0 maxpacket: 32
[ 1016.496694][ T5830] usb 1-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[ 1016.496727][ T5830] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.496748][ T5830] usb 1-1: Product: syz
[ 1016.496763][ [ 1016.496763][ T5830] usb 1-1: Manufacturer: syz
[ 1016.496778][ T5830] usb 1-1: SerialNumber: syz
[ 1016.504172][T18359] usb usb2-port1: attempt power cycle
[ 1016.521462][ T5763] BUG: unable to handle page fault for address: ffffc90013e3d010
[ 1016.521481][ T5763] #PF: supervisor read access in kernel mode
[ 1016.521492][ T5763] #PF: error_code(0x0000) - not-present page
[ 1016.521502][ T5763] PGD 13fed4067 P4D 13fed4067 PUD 1bad7067 PMD 324cc067 PTE 0
[ 1016.521538][ T5763] Oops: Oops: 0000 [#1] SMP KASAN PTI
[ 1016.521707][ T5763] CPU: 0 UID: 0 PID: 5763 Comm: kworker/0:6 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1016.521734][ T5763] Tainted: [L]=SOFTLOCKUP
[ 1016.521742][ T5763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1016.521754][ T5763] Workqueue: usb_hub_wq hub_event
[ 1016.521777][ T5763] RIP: 0010:kcov_remote_start+0x2a1/0x710
[ 1016.521845][ T5763] Code: a1 8d 4c 8b b8 c8 b2 9a 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 e0 8c 22 8e 4d 8b 3f 49 81 ff e0 8c 22 8e 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 11 f7 fd 02 84 c0 74 0e 49 8b 07 49
[ 1016.521864][ T5763] RSP: 0018:ffffc90005807828 EFLAGS: 00010283
[ 1016.521880][ T5763] RAX: 0000000000000000 RBX: ffff888025fabe00 RCX: 0000000000000000
[ 1016.521894][ T5763] RDX: 00000000146a8c00 RSI: 0000000000000001 RDI: ffffffff8bac2120
[ 1016.521907][ T5763] RBP: 0000000000100000 R08: ffffffff8b3cba20 R09: ffffffff8e1cac60
[ 1016.521922][ T5763] R10: dffffc0000000000 R11: fffffbfff1f5d99f R12: 0000000000000002
[ 1016.521935][ T5763] R13: 0000000000000001 R14: ffff88802bf68a00 R15: ffffc90013e3d000
[ 1016.521949][ T5763] FS:  0000000000000000(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000
[ 1016.521966][ T5763] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1016.521979][ T5763] CR2: ffffc90013e3d010 CR3: 0000000028e12000 CR4: 00000000003526f0
[ 1016.521995][ T5763] Call Trace:
[ 1016.522002][ T5763]  <TASK>
[ 1016.522011][ T5763]  hub_event+0x150/0x4f60
[ 1016.522030][ T5763]  ? ktime_get+0x45/0x220
[ 1016.522052][ T5763]  ? __lock_acquire+0x6b5/0x2d10
[ 1016.522073][ T5763]  ? look_up_lock_class+0x57/0x110
[ 1016.522101][ T5763]  ? lapic_next_event+0x11/0x20
[ 1016.522123][ T5763]  ? clockevents_program_event+0x491/0x630
[ 1016.522149][ T5763]  ? __lock_acquire+0x6b5/0x2d10
[ 1016.522176][ T5763]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1016.522195][ T5763]  ? __pfx_hub_event+0x10/0x10
[ 1016.522213][ T5763]  ? process_one_work+0x8be/0x1630
[ 1016.522243][ T5763]  ? process_one_work+0x8be/0x1630
[ 1016.522266][ T5763]  process_one_work+0x98b/0x1630
[ 1016.522299][ T5763]  ? __pfx_process_one_work+0x10/0x10
[ 1016.522322][ T5763]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1016.522345][ T5763]  worker_thread+0xb49/0x1140
[ 1016.522374][ T5763]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1016.522405][ T5763]  kthread+0x388/0x470
[ 1016.522425][ T5763]  ? __pfx_worker_thread+0x10/0x10
[ 1016.522450][ T5763]  ? __pfx_kthread+0x10/0x10
[ 1016.522469][ T5763]  ret_from_fork+0x514/0xb70
[ 1016.522492][ T5763]  ? __pfx_ret_from_fork+0x10/0x10
[ 1016.522513][ T5763]  ? __switch_to+0xc79/0x1410
[ 1016.522531][ T5763]  ? __pfx_kthread+0x10/0x10
[ 1016.522551][ T5763]  ret_from_fork_asm+0x1a/0x30
[ 1016.522579][ T5763]  </TASK>
[ 1016.522593][ T5763] Modules linked in:
[ 1016.522612][ T5763] CR2: ffffc90013e3d010
[ 1016.522627][ T5763] ---[ end trace 0000000000000000 ]---
[ 1016.522642][ T5763] RIP: 0010:kcov_remote_start+0x2a1/0x710
[ 1016.522662][ T5763] Code: a1 8d 4c 8b b8 c8 b2 9a 92 bd 00 00 04 00 eb 4f 41 8b ae a4 00 00 00 49 c7 c7 e0 8c 22 8e 4d 8b 3f 49 81 ff e0 8c 22 8e 74 4c <41> 39 6f 10 75 ee 4c 89 ff e8 11 f7 fd 02 84 c0 74 0e 49 8b 07 49
[ 1016.522677][ T5763] RSP: 0018:ffffc90005807828 EFLAGS: 00010283
[ 1016.522693][ T5763] RAX: 0000000000000000 RBX: ffff888025fabe00 RCX: 0000000000000000
[ 1016.522705][ T5763] RDX: 00000000146a8c00 RSI: 0000000000000001 RDI: ffffffff8bac2120
[ 1016.522719][ T5763] RBP: 0000000000100000 R08: ffffffff8b3cba20 R09: ffffffff8e1cac60
[ 1016.522733][ T5763] R10: dffffc0000000000 R11: fffffbfff1f5d99f R12: 0000000000000002
[ 1016.522746][ T5763] R13: 0000000000000001 R14: ffff88802bf68a00 R15: ffffc90013e3d000
[ 1016.522759][ T5763] FS:  0000000000000000(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000
[ 1016.522775][ T5763] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1016.522788][ T5763] CR2: ffffc90013e3d010 CR3: 0000000028e12000 CR4: 00000000003526f0
[ 1016.522847][ T5763] Kernel panic - not syncing: Fatal exception
[ 1016.523105][ T5763] Kernel Offset: disabled