last executing test programs:

13m48.723342561s ago: executing program 0 (id=4769):
syz_clone3(&(0x7f0000000240)={0x100000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, {0x3e}, &(0x7f0000000100)=""/94, 0x5e, &(0x7f0000000180)=""/102, &(0x7f0000000200)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x3}, 0x58)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000006c0)={&(0x7f00000002c0)={0x3f0, 0x15, 0x402, 0x70bd27, 0x25dfdbfd, {}, [@typed={0x8, 0xb3, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x20}}, @nested={0x4, 0x88}, @generic="a74238540475db835b42639855a5f96376cbd3ba3bc4926e9398b96236bcc35210c145c23b0a0fc1a3659a4b2e965ea066088a6d1a7124782f629abe59501f09cc81b873cc4d844df954d6c4cb3874f68fbc53db18b887b1a9b2921e45d9844b80e1fa15fdaf1da60698d8c73788e0979c2bacc8c51edf65a0500bd48e5be2dd580ddac21d959df277f138462db976a596afefd2f07af5864c41fce4941ff434e861d0fe7a1e", @nested={0x1a2, 0x27, 0x0, 0x1, [@generic="27c25282669f612872fc991f74fdfe1bb297647ca724f49fa18c17307c915172167f38b0d35e8afe0f8c137d87a324e720ba6044adacd80638cd16ca7125969645bd6eb1095bb7f536b2c8909e51d2bda645ea1597bde72d5fa535924e4d396749adcb", @generic="2ade006b8978dc28fe8f42d76abc4d6b9a25b50558a509216c5cca9cfba795e5ec3e42de5000a50f1007c82ba0f71e555060acc9c30d0405f4d398b693095d358c1d5b25a7c805202acdce66514d765bebdb9c5bd3889c35ed943453f051d71cd9ea951b27412f3c048c1be35106098de23233fd87c855efb66554a0d7b20a5f851c677d65e95a8ce812de4b0ad18bf58fca0991f1f86972c947726416778d366591accd58df8ea0fd02fc26391f00611697851aef2e018ffb9f2b", @nested={0x4, 0x113}, @nested={0x4, 0xca}, @generic="d804820390e597b2d78a37ddda7be59a7f105e5ca94ba67701dc40c74dd9f247b04876814d0f6ed9f2f48a43de40cba930e9bf90fc4499887269fb61d0db4cc83f7c2aaafa818f872bc52c8ef64cb396c8c708200c1f3ba6d7ed64a51212fb900fad7f3f568ba60938804b2de52fa36f6a4f3d5af848743a"]}, @generic="55891d94d8db659160d4e5e630bd21975fade349e2f8299f431593b672670880f4bb8e4abaa91efd3f5c8068a44c3b82520654490e6283b2d9edd107e1245154db74f4a5ad6801cb66fdb3841e14d5a48ddc71d96487c7f68f0a1d1066fd9c1a8d65f50b3b68c320db8bd96f0b36a4f267f7483bdc521835c868875353398eccaaa0100e84cc5788faf609f7c7ab25e62dec603ad4807eaff0cd16b943cc4e8008545c8f01c1846b9d29dea13d69394a7211bbae469233e574ea8116e82ae56b58fb25", @typed={0x8, 0xa5, 0x0, 0x0, @pid=r0}, @generic, @generic="a0f667788d8b6435bdb889a4a4a514010aaa769fcd4c4cce654692671e3dfc1d225081557327f005b704b53fc3c59aebab78a3b1aae6d1f4609e5ac172499e377bd6b905f804455f0b593de1fb3a46e24b0693fe8076fba47915d07b36671cb3740f6ff9b030771579a6c7f9bc1ae6e0e239e95093b742ce94310fc784a772e29567523e69a27a2f4d37f241a6b80c7b72e7d96fa00c3193fb9cf697aaa393cc82fe8791b4b6d72556d2041bf3e2c5675b4d1ed4791bd8e7e3fd8c"]}, 0x3f0}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008040) (async)
syz_usb_connect(0x0, 0x3f, &(0x7f0000003240)=ANY=[@ANYBLOB="1201000033bc1840861246202ec10000000109022d0001000040000904d80403ff04010009058f02400009000109050d00100005ba81090501"], 0x0)

13m47.124597834s ago: executing program 0 (id=4791):
socket$netlink(0x10, 0x3, 0x4)
socket(0x10, 0x803, 0x0)
syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x0, 0x4, 0x204}, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x2, 0xffffffffffffffff, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000300))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x110a, 0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

13m46.092492494s ago: executing program 0 (id=4792):
syz_emit_ethernet(0x2d8, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @generic={0x6, 0x6, "251c7b", 0x2a2, 0x11, 0xff, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {[@srh={0x2b, 0x6, 0x4, 0x3, 0x6, 0x48, 0x0, [@local, @private1={0xfc, 0x1, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x2f}]}, @dstopts={0x3b, 0x6, '\x00', [@hao={0xc9, 0x10, @private0}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x9}, @jumbo={0xc2, 0x4, 0xf}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @pad1]}, @dstopts={0x0, 0x7, '\x00', [@ra={0x5, 0x2, 0x6}, @ra={0x5, 0x2, 0x8000}, @jumbo={0xc2, 0x4, 0xffff}, @enc_lim={0x4, 0x1, 0x2}, @ra={0x5, 0x2, 0x83}, @jumbo={0xc2, 0x4, 0x6}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x3}, @padn={0x1, 0x1, [0x0]}, @hao={0xc9, 0x10, @mcast2}]}, @dstopts={0x29}, @srh={0x16, 0x8, 0x4, 0x4, 0xfa, 0x40, 0xf0, [@remote, @remote, @empty, @private1={0xfc, 0x1, '\x00', 0x1}]}, @hopopts={0x88, 0x0, '\x00', [@pad1]}, @fragment={0x28, 0x0, 0xc, 0x0, 0x0, 0x4, 0x67}, @srh={0x67, 0x12, 0x4, 0x9, 0xa7, 0x20, 0x800, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @private0, @ipv4={'\x00', '\xff\xff', @broadcast}, @ipv4={'\x00', '\xff\xff', @multicast2}, @loopback, @private0={0xfc, 0x0, '\x00', 0x1}, @private0]}], "31eae066d08ca3b7cfb4c67a97937eca3099480f2b939341c834cef0ec8dc31b78b8a9a66c3daf865cda835d63b23d8847cd742ada6f1ac9093e85e8d7c04880426e733fb649fdbaa9594d9ece78be170415eb528846e044f5fda7e319523a89e969f95c62e450978b1fb959166bddd339bbcb159c26643922fa49790c50d49905044d74066d04f8e10a71c3de7d1c4ebacd8d0f55498554089c9dcac63657fc178a9cf223efa78fa24caa2c613907a0c6a567c6513563d5e1f90b2c1fd2ac24cbf113d74efc2dccf350465c4fc254789b64dd4300742aedf66e11d6174646262562"}}}}}, 0x0)

13m45.952457911s ago: executing program 0 (id=4794):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/cpuinfo\x00', 0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r0, 0xffffffffffffffff, 0x0)

13m45.672360356s ago: executing program 0 (id=4800):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000000004032150e01000000000001090200010000c0000904000001030002000921000000012205000905810300000c0000"], 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x61, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4f, 0x1, 0x1, 0x3, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x7f, 0x2, 0x2, 0x6, 0x0, 0xb, {{0x6, 0x24, 0x6, 0x0, 0x0, "c7"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x3, 0x4, 0xe}, [@acm={0x4, 0x24, 0x2, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x9a, 0x7f, 0x7}, @mbim_extended={0x8, 0x24, 0x1c, 0x31a, 0x0, 0x2000}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x8, 0x6, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x11, 0x12, 0x4}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x201, 0x8e, 0x0, 0x1b, 0x10, 0xb}, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="050f050000c68a3e7d02b872af54ea476d8c5369396a9151102838c186d4213305b88e5a6849c6ddf0c7e9c9d640212bcc8211ea7aa9b1d9388b5595ef8a43b5c5d5288c0b800030a9f2bfa593de973fb28e1308fe8ada802a3937a98c6d72f62219b1a8c4003a9eca5e074b145626ecee24b549166ef78982b06ffb5c5d61544de5a0da5249505e845fdb16d673a657cbfa61c10844c861d7099ce6b02badd8a32ba6b8c93ed0b5d1c0cc15fb2a3968189b934917d1b622e45d195bca6c7630bc0e63447750cb922bb7ad78828ff35cac4c61ab89b37bb3cbe5d23f104401f74a738309bf6d653d44fd6d830c3391e70a639358e2ad407371147bb78f8666"], 0x8, [{0x93, &(0x7f0000000140)=@string={0x93, 0x3, "57e450293da574e4f588f52092e517ca0130fdc22b1dccc37421e274d37c85a432cde2a36a4f91823a52fdd907f78ebfb1d1793e382f38bcc7b95ed7bc7013e328a0d4a23e9d310a90d5aa3290c9fa55564462e654a63ef2da322b856ad702e7c726b41c4d094956e34173ffa9a88524c076ed5c90e9d57639191deeaff7ab3c0d6de930178b6a9d4681ae7954e934b654"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1801}}, {0xf4, &(0x7f0000000280)=@string={0xf4, 0x3, "663a50c331aebf77cc4633d2295a12a1b6e507072ab4bdb910c679a28ff24d1caa77cacdeb3c50be29ec2c129714090b1f8e24c88b289d4e20c7ad6c6bb669c9bbb0c7cd731800bc523aa4d6c3f561c7ed5bb619286f598caee34d27361a2755df3cde87a09e7cffd3d478d925c9ca7dff5594fb6eb9ed744220758a0f6cc50a5d8bd3ca6c6b373d38f6c8dd425575f95c93a5276c91cfd5a2fb1fe4eeb21ee2873fae1d5df8069f15caca095555c35a617f1b450cae923b992c60cd0dcd41d580a68413b0ea9e131ad2509d814e0b4661a089f952b690ba8ecd89073ee65757ac6a19af1c3a97cba076db55ea80b7750d3e"}}, {0xe2, &(0x7f0000000440)=@string={0xe2, 0x3, "1ae39baa7d4ef2861aff3aa2c33fce41564ecf4cf1e5f982dbbd2efe369285163fd35a334eeeddfdebdda27ef2ff51746260318d8579673702ee2d24bc22c717649cddb41381d26f9438d4efdfa51e4fc596eaed2da893dd7b7411f6dd4b0833e9761f954b803de059aa87e95440d1cab9b196a7b73e51c87e574bc56c744211b19e4b70360b4a075dca5b2920781fd6c1d4430444f294a5a485182cc1528dfd24df89172075abb9fb15e03851afb71a7d89e166cc89d5ce9bc4a406194c3efde058e7a74c30ad3a13839f258f2a0136875b2b1278970ffe3f98abc351d7250b"}}, {0x27, &(0x7f00000003c0)=@string={0x27, 0x3, "41b31ceee9cbef1b7c8c088e9496c418c7efb7d196e499526ce3f3f5a25ce7ee3912218c18"}}, {0x7, &(0x7f0000000540)=@string={0x7, 0x3, "beb54c7365"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x40e}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "8b0494fc"}]}}, 0x0}, 0x0)

13m43.85652531s ago: executing program 0 (id=4813):
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa6) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa6)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)=ANY=[@ANYBLOB="757372ca5e6f74615f696e6f64655f686172646c696d69743d702c00"])
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
io_cancel(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x798011ccc5908918, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffeffff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000200002008000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000dd020000000000000000000000000000000000000000000044010500ac14143b000000000000000000000000000004d22b00000000000000ac14140c000000000000000000000000000000000001ff00000000000000000000000000fc020000000000000000000000000000000000006c0000000000000064010102000000000000000000000000023500000400000000000000fcffffff0000000000000000000000000000000000000001000000003c00000002000000ffffffff0000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000000002b"], 0x1fc}}, 0x0) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000200002008000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000dd020000000000000000000000000000000000000000000044010500ac14143b000000000000000000000000000004d22b00000000000000ac14140c000000000000000000000000000000000001ff00000000000000000000000000fc020000000000000000000000000000000000006c0000000000000064010102000000000000000000000000023500000400000000000000fcffffff0000000000000000000000000000000000000001000000003c00000002000000ffffffff0000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000000002b"], 0x1fc}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r10=>0x0})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
write$binfmt_misc(r11, &(0x7f0000000100)='F', 0x1) (async)
write$binfmt_misc(r11, &(0x7f0000000100)='F', 0x1)
sendto$unix(r11, &(0x7f00000002c0)="092ab91e373cdf3c549bd449dc7d8741b97fc4a7525826c2bcf8433a17cdb7240313c8fb9c15179730c2ff472d31102afe64eff8e9e766f9901db351ecd1d25392978f9aac281e2052de3d2a0b59751a389fdf6d1af85d091ee053c38596f4ca0c47f20e09f6aa8fef0095e821f7b3f0ab1ebd34b31ed5bd50d5d19c339a2d5cd06a86831040ba70937c3165ab40f5519bcce304ab5a3839d4d5afedf72742441fe5774e61e9738d49fc9529b13cc9aec4c6ceb073e89f0f93298e774b6047afdbf40cde5f2e4a02d52a62e0caa5e4eacedc08c9584a942938bdb6e9d73a10cb964491d06c1f09dd81f4c31266bf040872094bf7d9a40b4b", 0xf8, 0xc000, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x2c, r9, 0x1, 0x2000000, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x8000) (async)
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x2c, r9, 0x1, 0x2000000, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x8000)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x48, r7, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x800)

13m28.834730393s ago: executing program 32 (id=4813):
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa6) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa6)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000080)=ANY=[@ANYBLOB="757372ca5e6f74615f696e6f64655f686172646c696d69743d702c00"])
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
io_cancel(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x798011ccc5908918, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffeffff}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10)
r5 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000200002008000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000dd020000000000000000000000000000000000000000000044010500ac14143b000000000000000000000000000004d22b00000000000000ac14140c000000000000000000000000000000000001ff00000000000000000000000000fc020000000000000000000000000000000000006c0000000000000064010102000000000000000000000000023500000400000000000000fcffffff0000000000000000000000000000000000000001000000003c00000002000000ffffffff0000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000000002b"], 0x1fc}}, 0x0) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc010000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000200002008000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000dd020000000000000000000000000000000000000000000044010500ac14143b000000000000000000000000000004d22b00000000000000ac14140c000000000000000000000000000000000001ff00000000000000000000000000fc020000000000000000000000000000000000006c0000000000000064010102000000000000000000000000023500000400000000000000fcffffff0000000000000000000000000000000000000001000000003c00000002000000ffffffff0000000000000000000000000000000001030000000000000000000000000000ff020000000000000000000000000001000000002b"], 0x1fc}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r10=>0x0})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
write$binfmt_misc(r11, &(0x7f0000000100)='F', 0x1) (async)
write$binfmt_misc(r11, &(0x7f0000000100)='F', 0x1)
sendto$unix(r11, &(0x7f00000002c0)="092ab91e373cdf3c549bd449dc7d8741b97fc4a7525826c2bcf8433a17cdb7240313c8fb9c15179730c2ff472d31102afe64eff8e9e766f9901db351ecd1d25392978f9aac281e2052de3d2a0b59751a389fdf6d1af85d091ee053c38596f4ca0c47f20e09f6aa8fef0095e821f7b3f0ab1ebd34b31ed5bd50d5d19c339a2d5cd06a86831040ba70937c3165ab40f5519bcce304ab5a3839d4d5afedf72742441fe5774e61e9738d49fc9529b13cc9aec4c6ceb073e89f0f93298e774b6047afdbf40cde5f2e4a02d52a62e0caa5e4eacedc08c9584a942938bdb6e9d73a10cb964491d06c1f09dd81f4c31266bf040872094bf7d9a40b4b", 0xf8, 0xc000, &(0x7f0000000480)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x2c, r9, 0x1, 0x2000000, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x8000) (async)
sendmsg$BATADV_CMD_SET_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x2c, r9, 0x1, 0x2000000, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xe}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x8000)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x48, r7, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x800)

4m20.335100249s ago: executing program 5 (id=7471):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r4 = accept(r3, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r4)
sendmsg$alg(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001e00)="0ec5719345004975e21958f863c92d4d0464dd8e4b1e1f4b1b269b88e0c0c56799d2c6c891027d87072363df2ecebd5d02c94ab8366d2ec5fcd440b24c1e69f03451ccd91947fe5824804d774d5f8d837c12832bdbaa9f5bff587591aae45aba5948a01620a11e251e40d39c202d1e420b4cd772be81e346ef1c22c92ae09367090b32ed5e696df7fa6b26b10f26524b3ad285424d8cdd36ef465696512a347900f65776", 0xa4}, {&(0x7f0000001ec0)="0c5a409a77decf2c0ebb2a8171aea3a3fb15d42a4e2586787a6e0831875de143596c0c2054e5a0a7a376f5a51b7a22ee1598a4cc14bdd02eadb3cc41bb716b252ecb78f475d88ff0172cf79f8139ec701c148cb8ce59929155ed8cfd", 0x5c}, {&(0x7f0000001f40)="36b21013e231de9e08cd552c4fca0e21bcad3196afa368af54784ab7057687da6b1283301cd76d156a4518745f149e4423d625d2633bee61a3a7061bf690fa54926786882c04f3ecbc20bd7225cafe696e79b5aa01c597a41314cc4ab7ae55253a267151ebb36834fb23f0b4", 0x6c}, {&(0x7f0000000040)="0f998c249600787a7848c233542d85", 0xf}], 0x4, 0x0, 0x0, 0x10}, 0x4000845)

4m18.520057744s ago: executing program 5 (id=7474):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@getneightbl={0x14, 0x42, 0x100, 0x70bd2d, 0x25dfdbfc, {}, ["", ""]}, 0x14}}, 0x40000)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000a40)='ns/user\x00')
ioctl$NS_GET_NSTYPE(r1, 0x8004b708, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0)

4m17.841076772s ago: executing program 5 (id=7478):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b8", 0x19)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xacccc1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000000)={0x10000, 0x100000})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'team0\x00', <r4=>0x0})
r5 = dup3(r1, r3, 0x0)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x441})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x2, 0x71, 0x10, 0xb6}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x14, 0x4, 0x3, 0xff, 0x0, r0, 0x7, '\x00', r4, r5, 0x4, 0x5}, 0x50)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
pidfd_send_signal(r8, 0x0, &(0x7f0000000640)={0x0, 0x0, 0xfffffffa}, 0x2)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007090073797a31000000000900030073797a32000000001400000011000100004a0190e16fcc875b87e7a2eceef621433b3f51e414b8dd022a4121fad837c4c60848676269488fdaf329157af25a8eee60a068bec944d60f237c63231473efae15d617a7f0ecb501f4003d64aad4eb682b3f", @ANYRESHEX=r6], 0x7c}, 0x1, 0x0, 0x0, 0x40004000}, 0x8840)
sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYRES8=r1], 0x64}, 0x1, 0x0, 0x0, 0x4040850}, 0x24000000)
sendmsg$NFT_BATCH(r9, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x14, 0xa, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40090)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff03276003008cb89e08f088a8", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d"], 0x0)

4m17.208656561s ago: executing program 4 (id=7479):
socket$l2tp(0x2, 0x2, 0x73)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x190, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x164, 0x4, 0x0, 0x1, [{0x160, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x150, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xb, 0x1, 'policy\x00'}, @NFTA_MATCH_INFO={0x138, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

4m15.892073244s ago: executing program 4 (id=7484):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r4 = accept(r3, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r4)
sendmsg$alg(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001e00)="0ec5719345004975e21958f863c92d4d0464dd8e4b1e1f4b1b269b88e0c0c56799d2c6c891027d87072363df2ecebd5d02c94ab8366d2ec5fcd440b24c1e69f03451ccd91947fe5824804d774d5f8d837c12832bdbaa9f5bff587591aae45aba5948a01620a11e251e40d39c202d1e420b4cd772be81e346ef1c22c92ae09367090b32ed5e696df7fa6b26b10f26524b3ad285424d8cdd36ef465696512a347900f65776", 0xa4}, {&(0x7f0000001ec0)="0c5a409a77decf2c0ebb2a8171aea3a3fb15d42a4e2586787a6e0831875de143596c0c2054e5a0a7a376f5a51b7a22ee1598a4cc14bdd02eadb3cc41bb716b252ecb78f475d88ff0172cf79f8139ec701c148cb8ce59929155ed8cfd", 0x5c}, {&(0x7f0000001f40)="36b21013e231de9e08cd552c4fca0e21bcad3196afa368af54784ab7057687da6b1283301cd76d156a4518745f149e4423d625d2633bee61a3a7061bf690fa54926786882c04f3ecbc20bd7225cafe696e79b5aa01c597a41314cc4ab7ae55253a267151ebb36834fb", 0x69}, {&(0x7f0000000040)="0f998c249600787a7848c233542d85", 0xf}], 0x4, 0x0, 0x0, 0x10}, 0x4000845)

4m14.48678674s ago: executing program 4 (id=7489):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x82000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket(0x840000000002, 0x3, 0xff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@empty, @dev={0xfe, 0x80, '\x00', 0xe}, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x1, 0x28c3, 0x5, 0x500, 0x100000001, 0x410001, r1})
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x40000012})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x5, 0x4, 0x2, 0x4}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r3], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f})

4m14.420435391s ago: executing program 5 (id=7490):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x80081)
r1 = socket$phonet(0x23, 0x2, 0x1)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4204, r2, 0x1, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000080))
r3 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r3, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0xd, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x4, 0x0, 0x6e6bb5, 0xa, {0x6, 0xc051e21a1adc028b, 0x2, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @loopback}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x6e6bbe, 0x0, {0x6, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in6=@private1}}, @sadb_lifetime={0x4, 0x4}]}, 0xd8}}, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2006, 0x118, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1000, 0x4, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "94ca3809"}]}}, 0x0}, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
landlock_create_ruleset(&(0x7f0000000040)={0xd351, 0x1}, 0xfffffffffffffdd9, 0x0)
r8 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0000001})
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')
r9 = syz_socket_connect_nvme_tcp()
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000180)={'vxcan0\x00'})
ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000340)={0x2, @raw_data="c4a4fb2de672e7e4645675afe25cb5451c6155121bb2d33c8307cf946c5da3a1735e1f40b6aedd11f5266156116d27a7c8e79a86a2b9c49ed46c2e5ac277dacc550c4512e4e4f0875feaedfec5749fc684f6c6a2920765ec3e76e5d8655dfa3cb5c79bf3e91ec040d2e956c515164fdbb06dbc181a27aea7b2c554ca7ad1b0d8832cd0e4944239ca52bdbee0193f19cdba720c8ad517ce636d0a129684301249038b50dd20312d5d3d7f28724a5285209c4a3e9c2cccb90483b77cf3168e8236537a475070571ab8"})

4m14.345515669s ago: executing program 4 (id=7491):
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x80081)
r0 = socket$phonet(0x23, 0x2, 0x1)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4204, r1, 0x1, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000080))
r2 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r2, &(0x7f0000000000), 0x10)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x2, 0xd, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x4, 0x0, 0x6e6bb5, 0xa, {0x6, 0xc051e21a1adc028b, 0x2, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @loopback}}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x6e6bbe, 0x0, {0x6, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in6=@private1}}, @sadb_lifetime={0x4, 0x4}]}, 0xd8}}, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2006, 0x118, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1000, 0x4, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xc, "94ca3809"}]}}, 0x0}, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
landlock_create_ruleset(&(0x7f0000000040)={0xd351, 0x1}, 0xfffffffffffffdd9, 0x0)
r7 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0xa0000001})
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')
r8 = syz_socket_connect_nvme_tcp()
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r9=>0x0})
bind$can_raw(r2, &(0x7f0000000200)={0x1d, r9}, 0x10)

4m10.802880758s ago: executing program 5 (id=7501):
unshare(0x600)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fstat(r0, &(0x7f0000000080))

4m9.811176401s ago: executing program 4 (id=7506):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, 0x0, 0x200000c0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="19000000040000000900000002"], 0x50)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000001ec0)={0x1, &(0x7f0000001e80)=[{0x0, 0x1000}]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mlockall(0x7)

4m9.776724115s ago: executing program 5 (id=7507):
socket$l2tp(0x2, 0x2, 0x73)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x190, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x164, 0x4, 0x0, 0x1, [{0x160, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x150, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xb, 0x1, 'policy\x00'}, @NFTA_MATCH_INFO={0x138, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

4m9.249590536s ago: executing program 33 (id=7507):
socket$l2tp(0x2, 0x2, 0x73)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x190, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x164, 0x4, 0x0, 0x1, [{0x160, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x150, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xb, 0x1, 'policy\x00'}, @NFTA_MATCH_INFO={0x138, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000"}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

4m7.352742021s ago: executing program 4 (id=7514):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r4 = accept(r3, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r4)
sendmsg$alg(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001e00)="0ec5719345004975e21958f863c92d4d0464dd8e4b1e1f4b1b269b88e0c0c56799d2c6c891027d87072363df2ecebd5d02c94ab8366d2ec5fcd440b24c1e69f03451ccd91947fe5824804d774d5f8d837c12832bdbaa9f5bff587591aae45aba5948a01620a11e251e40d39c202d1e420b4cd772be81e346ef1c22c92ae09367090b32ed5e696df7fa6b26b10f26524b3ad285424d8cdd36ef465696512a347900f65776", 0xa4}, {&(0x7f0000001ec0)="0c5a409a77decf2c0ebb2a8171aea3a3fb15d42a4e2586787a6e0831875de143596c0c2054e5a0a7a376f5a51b7a22ee1598a4cc14bdd02eadb3cc41bb716b252ecb78f475d88ff0172cf79f8139ec701c148cb8ce59929155ed8cfd", 0x5c}, {&(0x7f0000001f40)="36b21013e231de9e08cd552c4fca0e21bcad3196afa368af54784ab7057687da6b1283301cd76d156a4518745f149e4423d625d2633bee61a3a7061bf690fa54926786882c04f3ecbc20bd7225cafe696e79b5aa01c597a41314cc4ab7ae55253a267151ebb36834fb", 0x69}, {&(0x7f0000000040)="0f998c249600787a7848c233542d85", 0xf}], 0x4, 0x0, 0x0, 0x10}, 0x4000845)

4m6.696067783s ago: executing program 34 (id=7514):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="b7f2288d3aaea2bc0000def1260a00"/32, 0x20)
r4 = accept(r3, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), r4)
sendmsg$alg(r4, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001e00)="0ec5719345004975e21958f863c92d4d0464dd8e4b1e1f4b1b269b88e0c0c56799d2c6c891027d87072363df2ecebd5d02c94ab8366d2ec5fcd440b24c1e69f03451ccd91947fe5824804d774d5f8d837c12832bdbaa9f5bff587591aae45aba5948a01620a11e251e40d39c202d1e420b4cd772be81e346ef1c22c92ae09367090b32ed5e696df7fa6b26b10f26524b3ad285424d8cdd36ef465696512a347900f65776", 0xa4}, {&(0x7f0000001ec0)="0c5a409a77decf2c0ebb2a8171aea3a3fb15d42a4e2586787a6e0831875de143596c0c2054e5a0a7a376f5a51b7a22ee1598a4cc14bdd02eadb3cc41bb716b252ecb78f475d88ff0172cf79f8139ec701c148cb8ce59929155ed8cfd", 0x5c}, {&(0x7f0000001f40)="36b21013e231de9e08cd552c4fca0e21bcad3196afa368af54784ab7057687da6b1283301cd76d156a4518745f149e4423d625d2633bee61a3a7061bf690fa54926786882c04f3ecbc20bd7225cafe696e79b5aa01c597a41314cc4ab7ae55253a267151ebb36834fb", 0x69}, {&(0x7f0000000040)="0f998c249600787a7848c233542d85", 0xf}], 0x4, 0x0, 0x0, 0x10}, 0x4000845)

16.720655612s ago: executing program 1 (id=7806):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=ANY=[], 0xd0060)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_PROTOCOL(r3, 0x0, 0x812)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_80211_inject_frame(&(0x7f0000000540)=@broadcast, &(0x7f0000000580)=@data_frame={@msdu=@type01={{0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x3}, @broadcast, @from_mac, @device_a, {0x5, 0xb}}, @random="236a862d910c6d566b5cb28edbea7d66d7153e1af3183e39f9c33267ca7b6d8c81439a2081d399b01352182cd9f3ecb21d13ea19d892ab1958f67ecdd2885c543dee3a0e850286a2695fe7f4775876aff5c259d5ce021757266d848a61a79736b6811f48234ba969ded06bcdbcf30e17107bc0b9110b9ad776ad786c930233e1023dd4d38a26a0534dcd115e7d5e4b29c13c0ebd789df2bd1627f34428ff57c17aaeeaafd93ddc586e70b0f8170d64a0dfb202518f2647bdff54cca05d2a17015116ef1f2ec821ad6c60d63fc3a1823e42dfd623f1a02f55da55826ef06d5794440a0f45590c43a5d1989bf459688820259e94a0f393d65279f02c3766d88d7b92801a9c05ed39fd3fe00d0e7953795763566669702b2eb451a3868f894c274602e1fd52e957ec79d6d382072b77202fc8db940901773393250737463141eea67e2605d08a29ea7c08546d1e4a3ac72e112398b4292665276cb9c6d8e1eadf82db506c6b5324ba410088fb6e08230ca3fab5a3efb3035cde01c3f97f6b0e50f165ea4d5c25e5a16dfadd15df38957ffb0d50e0e30a0b41296acf3af3a8f07bcde939a2803418f8fcab1533bca64c4704643add98cd7670b00ac124b04953e3e3efe033b2623660b07b0aa85898ff40976aa131b33437ee7a6f66c24a12377116d852489da466887233ca9b646e5651b5a9bfc129e1d00642657d111e915f684d714472aea5561cdc74a9e6f337f1a317c4e3fbe055d6fd98181daaeee261de30927e786553ce3d0d4cab78c91e9a9a153bede907b28f1801e67bf9ab9a16a813a9628b3c14a6410c03eba2a11836eb0267449b61025a3203c053cd46f98cf1eb9997512ac1967dd1831e48a1c35f51b698196b6083925db30533efc6ea75b08ee794d525c24cb470311aefd37258c16e054f0325efd0fff96379abe76894e9bdea475f66e690adab8852c4b24c1f9f7090430f70824c6f1e692f9f94633e82fd85848301e476df4e81768fe0a3576af35fb09944bdfd0ed75ef4773c5acbe043d43f74bbd9d58a3b4881c540a95d603353e610c13a97249e9a260fc363c618cb64946f9a66bd2974b21575292cf5004700749602d4ed131c30404a431d4ff2f52db3032aa9768369f8ef5c6e9065a0210f69a2690683241763ce1a6936762fde1f4a324314f635e99a827053142337ceb13d037fcfeaf8bbfd3023097aa5b17e8381e0a04e3b5772e4cd61469972e355410001c256ef4ace740aaed2eeeaa65497956c54b8700b3386873b1b3d0aa4786a7b9ed69df6e0da776961211460fe40940a208e4ed94c074ed198f52230c3fae083fc888c4bb819644e2aa69d2ba17ac1fdaf62953d8d70a6649ea8b770e27db2297436054154e1127af5fbeff448d0deac0cbe2a5f6a09b474d4b0d1dac6ed93b5227fc61bfef50a82756e30242a4a6cf56744da3393cfb3cde3b50faaca7c05422d3c10d76d3335d7c6be7c0fd8ef273326f839359e8f27d998e2435ee65d965e67376197f1f3d0ba3a6ea6017c7873580746d08ff558e2fe3388c0872cd89de07414131a389a67aca001b37c70a91224eba8d5ecc76d64e4235afa1ebd75627f6235764bd4708f8fbc44a777a276d3ba66549193fd9679edd3cc6c8800e142819d1fe4d071f2af8033d531e61d4edaf6b7b27dde03e3c5190a7a5700636684306c22e981dd0d5b1b179181141b5d9232adbd1e091d3c38acf0ed05efe23a942c5d32f5f2f093a4952a881e68ffc912874f3783b9b186fc014d6853b1624e1fe1d2fb8f2958ce825f5c3c44bb97b135f21b081074c68647cf35c28dd095bb8d7c66ea904952fcff536147f492a75000884311b2f026eea9c4b76a16e603389fc178e4f5470cfd839e16f3ad23a1bb9c0b1a410decd2397595fbe3cc0734cf5f841942ddf52d8f7ff1c1974ed853906d0d7adbd13c8feab0ddd5cdf7b3c4711da927c096e809f8adaf2840a9ed13eb2965a90bacf9b5cc5febfd4caa4899b2e075246cd7b5ab606593560a439b661f2c75c4b21519ba0c741fd347f868b4cf8bdd75879d76990114e8238520087ee6e864d0ba5e41f3c2dabd61b00365695d5d93f404ad68d89146e67eded8ab437ad0018115a30126761adfb06792c2e06944b15eec2d649328ef5d2262c952f1f7593f7020d5db31a79f1b557e6d08b67834317aa854c88e2bd57275d2ed2f4a56b83cdffb271ebaf8609dfc19b8d6105a7975bf485207d138699fbfa75e5fb6e1e4ab7fa2436051c172574ee8cd74113571bf8ae05d0be2ddbcea042b08f751a1c4c6c8f37571c4e15d62a7d142195458d29a498bb23f70c4c1769b51dcd0a2eca444a160f5357830d146916b9f904baa49919d0ba39ded8587995aa44e26c00c0ae7bcf4fbcd0d8d5f991c16926f730400a189d8cd4db421b8152086c46912c7f377864a7464e3fee537431da3dd7ee0654b9a470632b1835196010928a6db3c17c3e88697aaff517f1ab3ea66d88d85fb6d2066e615f3d5f74eb5e24eb011bb60fc64"}, 0x71b)

14.976849603s ago: executing program 1 (id=7814):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
unshare(0x8000000)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0x10, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="00fc0000520300000700000000000000ec610e742150f90e8c31c41f713386c5d4ed7b465397ad077449a7fc5ab7e832f21c897efe26eb25c2e2572f5069237a21d9b1b5a37bc5a017bbb5eeaf7934aa443f8eb2fb7abf465f93d9f68f710ae87e98fa4b26222533a3712a468f1dd43f3cb19c978c960d27743f085bcec3e66ca8b10000000000fff3df9b0bd8ea7560d9ef991c506f7332f49388622d0eafc88f28295837e8d254c059074eed016b73676d950f3e46c7ddc8207d0fda7cbaa8b3611971a242fadddc5400"/214, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001000000000000e004020000b395ac5160fbdac3"], 0x48}, 0x1, 0x0, 0x0, 0x4000004}, 0x8001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}]}, 0x1c}}, 0x0)
setns(r2, 0x8020000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000000)={0x76dc, 0x0, 0xfffffff7, 0xfffffffc}, 0x10)
write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a", 0x11)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x7c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x5}]}, 0x7c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0x70}}, 0x0)
unshare(0x10030000)
r11 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xd, 0x28011, r11, 0x17b6000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

12.766786988s ago: executing program 1 (id=7824):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
mbind(&(0x7f0000a93000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000180)=0xfc67, 0x3, 0x2)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x30)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)

10.11912363s ago: executing program 1 (id=7835):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x0, 0xe}, 0x8)
sendto$inet6(r0, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000000)={0xa, 0x0, 0x6, @private1, 0x8}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x84, 0x42, 0x0, 0x0)

9.969375916s ago: executing program 3 (id=7836):
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0], 0x0, 0x1e, &(0x7f0000000300)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x97, 0x8, 0x8, &(0x7f0000000180)}}, 0x10)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7000000010000100000000180000000000000000", @ANYRES32=r2, @ANYBLOB="000000002f95abbe480012800e0001006970366772657461700000003400028008000100", @ANYRES32=r2, @ANYBLOB="14000600fe80000000000000000000000000000014000700ff"], 0x70}, 0x1, 0x0, 0x0, 0x20044841}, 0x0)
ptrace(0x4207, r0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r3)
r5 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r5, &(0x7f0000002780)={0x2020}, 0x5ecfb203)
read$FUSE(r5, &(0x7f00000047c0)={0x2020}, 0x2020)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000bc0)='rpc_pipefs\x00', 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4048aecb, &(0x7f0000000100)=ANY=[@ANYRES32=r6, @ANYRESOCT])
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000280)={0xffffffffffffffff, &(0x7f0000000200)="c41d"}, 0x20)
ioctl$KDDISABIO(r5, 0x4b37)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="310300200000000000440800000008000600", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x2406400c}, 0x0)
ptrace$pokeuser(0x6, r0, 0x5, 0xe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='mpol=interleave:7\n'])
mprotect(&(0x7f0000521000/0x4000)=nil, 0x4000, 0x1)

9.37841322s ago: executing program 2 (id=7841):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4)
listen(r0, 0x2)
socket$packet(0x11, 0x2, 0x300)
r1 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
r2 = dup(r1)
read(r2, &(0x7f0000000040), 0x0)
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0xf0f046})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff5000/0x9000)=nil})

9.292210223s ago: executing program 6 (id=7842):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02})
close(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003a00)=[{{0x0, 0x0, &(0x7f0000001600)}}], 0x1, 0xc0c0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

8.975227518s ago: executing program 2 (id=7843):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x34, 0x10, 0x2}]})

8.832473378s ago: executing program 2 (id=7844):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000080008000000000008000b"], 0x54}}, 0x0)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xb0, r1, 0x200, 0x70bd2c, 0xfc, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_virt_wifi\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip_vti0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xcf}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010102}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}]}, @IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x87}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x28, 0xc}}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20000081}, 0x40000)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060086dd0000100002"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

8.786833496s ago: executing program 7 (id=7845):
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
creat(0x0, 0x4a)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000ac0), 0x4000000000001dd, 0x40000)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000459000/0x7000)=nil)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
getdents(0xffffffffffffffff, 0x0, 0x0)
r5 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setns(r5, 0x66020000)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000001c0)='m', 0x1}])

8.608587219s ago: executing program 2 (id=7846):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x44050)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000100)={0x1, 0x1, 0x9, 0x3, 0x18, "4730c1a380f62a19"})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000fc0)={{r1}, &(0x7f0000000f40), &(0x7f0000000f80)}, 0x20)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24004045}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0x7, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r9)
socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

7.6379174s ago: executing program 3 (id=7847):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000300)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000040)={{r0}, 0x4, &(0x7f0000000000)=[0x3, 0x6, 0x35, 0x7], 0x2, 0x4})
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000100)={{}, {0xe, 0x1}, 0xbf00, 0xbf})
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x29, 0x8, 0x55610518, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4}}, 0x50)
lchown(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)

7.636800145s ago: executing program 7 (id=7848):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

7.573017613s ago: executing program 6 (id=7849):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r2=>0x0})
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000001c0)={0x2, <r4=>r0, 'id0\x00'})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000280)={0x20000008})
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x300000f, 0x12, r3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
bind$unix(r1, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001206970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x48044)

7.435661358s ago: executing program 3 (id=7850):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r2, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x30)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)

7.434679511s ago: executing program 7 (id=7851):
r0 = socket(0x0, 0x5, 0xfffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0x7, 0x4ce, 0x3, 0x9dff, 0xb, "800300eb00cbe600"})
write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000001c0)=0x8)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_buf(r4, 0x29, 0x1b, &(0x7f0000000740)="34255a98afc2ae1d6b6176d21f34634a1313c5cdfdb149c900cd6e36dc5d52810bbb6c038caa9f37cf3035ca83522408ade29da216d8637aab744b5cb9dc79aef105da641bde96b7819911aab07cd823911ebce1bc8c58b26eac8f87972a03a2a375c3", 0x63)
r5 = syz_io_uring_setup(0x67f9, &(0x7f0000000140)={0x0, 0xaee4, 0x800, 0x0, 0xbfdffffc}, &(0x7f0000000300)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
fstat(r0, &(0x7f0000000200))
io_setup(0x8, &(0x7f0000002740)=<r8=>0x0)
io_pgetevents(r8, 0x2, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000080)={0x0, 0x989680}, 0x0)
openat$smackfs_syslog(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40200, 0x2)
r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, r9, &(0x7f0000000100)={0x200240, 0x2c, 0x30}, &(0x7f00000001c0)='./file0\x00', 0x18, 0x0, 0x12345, {0x0, r10}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x1f, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8000000}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000440)='syzkaller\x00', 0x6, 0x6f, &(0x7f0000000480)=""/111, 0x40f00, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000500)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0xe, 0x81, 0x7fffffff}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000600)=[r3, r3], &(0x7f0000000640)=[{0x4, 0x1, 0x7, 0x3}, {0x1, 0x1, 0x2, 0x7}, {0x5, 0x1, 0xa, 0x1}], 0x10, 0x8}, 0x94)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="020200020d00000000000000000000000200080008000000fd00000000000000020001000000000000000500000000a0030006000000000002000000ac1414ff0000000000000000030005000000000002000000000000000000000000000000010014"], 0x68}, 0x1, 0x7}, 0x0)
io_uring_enter(r5, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)

6.695965653s ago: executing program 2 (id=7852):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000100)={'wg2\x00'})
openat$ttynull(0xffffffffffffff9c, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x4}, 0x18, 0x0}, 0x20000000)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f00000022c0)={{0x0, 0x0, 0x80, {0x0, 0x80af000}}, "cdb372b4dfe02964a59572ecc37526989e90f15cc175ae8c93ae45591f356c6884a1eb49a1ccc74c2260aded1979bfd746a27408d1220c39493a1d3b65f5306464393183b3b654e5237f83855fde05bc36e88baa2c07c6acd1e5d8c2b3736f1ec8fb98c1b5c20bae0c02c146f4182375c277e8647f577021416f8ba515ffa35cddd261d521df3e841a9179cda39879511c2e9ab06778ce9ffa6f2c9370d7af33bc74d16360a42aa2ced6433463ef4bbed671371e8eba18f2aa913f65ff1b5b35c7c67638ba4aaa64a717f556fe32f70ab1f227b75eaace9c63811a4abc99987e6c8964cfac90a0ca3384510dc63e3e3935540ce749bfa6a8785ee00fe862262ce28ff980e350a64be310b5f576ccfb5a2ba166b324b4bbe9f23030a79f16f20258d077d87f7b1e5b8ca402ce6e51b3236729fde5e6f96d7a94c8db3cc00fdab35e2544ebb424632bb9d82cbfb21146bfeb80e5f5e26ed89a6c521920b5c02cd9cf8063e1ef18919946124f64f749f5c2e3d603af2b7a2d2d24acb6ebe5f47b988dc50e690d9aea44fece3a353bae1b80dcae49c8cb6443978623b0ec80cd0feb0a134a51fdd2b1912a45c6ca41414273268c676bbef4ab3e2f7ac5e061d6dcf0041af2cc971a27b616444ae913033933ed4b1d89b96c8ee9edc86ee12d5917695796906d4822fb3a931df763e3a8e8893ae4749765bdbae4377ce47fb5e26890cb5178c03dd0df248bf35caf84f3cea3d778086065dbb0cd51ea04f28dd6ce80820fda0ffa3f33d38adb2d68d41db8ab27d4cad8b7abb026827738fb9c59d043199cd27c2bdf9711acb36926c730e216de7ad2de0326676916586ec8325f4b13735e34c4d60bd27e2fde3edc95dc59cb69c1dc25569da425488b6b6e9a63b17964ce1fa57bf2c7508ed199cf64a5cbc23b01cdf08b1ad4337f1b0aa02a6c137fb90e32fd7e204966170aa80fca868a45d496be7758c47f83760208793eb1600b6ebf4d1d2dcaa2b741f1c0b9f8844b9e68ec7f7123083c6926a1e95fe9b75f16064f213f69f8f1a97b66961279a6aa3498f146f7e517c2f5a9c0b0673b93dca4fe0c48d53c8f5f89bb7ab0476e00a13e020370077a55c28abccb585bcbdf29966a4db1c3ab0f3f58e54640032484e08072aac638b9c9dc9655a525e9016d9b24358ba477695875e3abd484ff3adb92069825841c3bd1870f708cc25288ee5cc4a6d7fab62eaa724a7acb4ee5952db977b4da11597891f5c5af6086ddf387deb19ce0995ba175f830c94b5adac04d8618a262b3059fe96d5b18690e5adf3e592ae77fed8214ef468d0cacdbbdb1712cff009e03146b57bab5b8302a5ed0f75f59c63877ad8fea5ec596c667ffc2337343e1726e79985bf7c663f8dca6ae731dd96486568d0c0e4c3a3860d7250e04373cc55018eda3ac9077cd2c5317df8992b548e34344ca97a9ed3b6f8bf1a97e060231657706c9e8ce8f03805b111d4bf1a559f4cf0822a20cd9ce06b56c5f051317e187d76a303af82d2053286d5d3cee381602170f5bb4036fb34c080992e9f7d509aa230935233dac608f533ae2a26c5e5710e6c2ed1bf61303cc3c47465791333dae385f91de77c3357fbedbbb64ae3b868ee90b98ab647fa0dcc85bfbab33058667b95106519c7ba80246f73391919fb575dedfe436fb190e828fd58ac25537a4ba5ef0a97c595ce67a740d1cfd84a05d3462d9203dd6ea94f60dc03a29c3c81aa25dce4b330fa7500234016373add8120018ea6b5fac8597fcc8404c793658db3277e2a7e042cb56420002922183f14af74d970dec12a781763c1d9d69cf664b065a9b09491b1ff043e9c9a2098975c17e82a5d06b9f1081c43a539669e95991d866f3105e0b327ab8659e23bf1b196603c7406221e47494b765a114077187295dfafc261ea9ad3064b3449c6e8ef5e2517f609995adf82710d6c23a83e06f61c8186017afa6b2de5b28082770edfc81ee72e46fd1365d0a7583e3609ce420e54cc7a2d57542b924c6c5c9c896d068912adf22a97b3547502d0181d2c69729c539921ab16c466ba6d1d518c3e787fb0e9f708c9a1bc6d428355f0a3bd574397a6f8eda6a1503854a1bd4004719db60a9b3fefe434464d9f2aaddf44ee98c503ac606b7d4d8bac4efa557a77fa5a31ed8c8b48cd1ee6e4e7731ffb273bf21838f4e0cb8eec8a2cbd8acd40c15fcc3959ec3b4ea86680fb1e65743acfc164c6ae830f81a00c83102085d6ae8c7b4424ee0e86673015d98449252de73a25bfbe1697ff06aecf299b2a0e7ce452ba6bcba6b6da2c494cf0ce51cbb555cc2a371bf5a595748486825b0798221f40d2c29396431d13a03248874b893c7880d3b87cf845858a31f68fe57b032e3e0204fd4fb23fd5b2357d8e4f6052dd058b3bf6cd913b4341446e62895d6a367e4233e25ef3aabfb7f35a7804938e3181b6f551ac4a947ff016a12dffb53e7101b6ee911fac7637b2786cf95a4611376d0ac7b1e61c763040550e0c00ddb39a11086e08941c518a5ebedcff2c9477f7be26ad4dc48d837b85d082b4a54c8ec3f1caff75f7fb8f1282df6c5b336c2e56c0f35d9c5dd38fc91001e950f5fb41b58a620a9ee5e6b001a637aad4ec9ffd09eb762fd0d1d8058ca0e544329ee8693547095264c46d9b716fe56ff991b28dc056caefb0d08c0c509ab0eafeffc280684f8654b18323eddff28b4e778a674b4d5b85df786bb12ca24e1980e56032d1d32eb472954eed24b99bbc404dc920e16d4f8e792d6fe581efa82420085955ab9716dc642b44e2a9215cdaaf3df4fa5ad66a26804ad87b7520c132fdb595ea560eb408b5d519cb31c2c6ed2a16fe971d7ca71b7530af7478f06509cc988b96b27dd3e667ce4b08ca685ae818527103addba74d71d094e7a58325658343b989a1d973fc9f1cfebe848c35279cfff728928f77af22430daee46cc9242fa4afe5197e6b42811396f9136fbd545826e020a910fa790acf9292472b7ee3b34723d6f56781d5c061be6e535e49bfcc292a1208645c730b6aadc94e56f05c6f8ca71c7fde81b687190accb75b08f131d61d6536cb3810eb2b6006336f700f1e6ea8104de9c9c6c9f4566a3783d253e3153e9550b91d547430bbe6dc23d31b930692f2a2c5b009fa44c416bfbe28e524ee6a2d0b016331037010fa882db5d35cfa359d1c7a173cf913e11b8888d0f37b75011f26ce9f97b132dd6f50cbf4bd7d1f9201c55ade10bdb4e2df4a3b35d2980bf8ee63b8091fed356f764c0bbcc95a91afeb4a2c1deb3fc0c44fa76d768fed87d737bb3380794e4b67932e7492e654cca53599a446664031ef83e6a6d5362d89eac11c767932f477201d2953b4bb6058f4a3baca2968719edbf41ca5da5be2efeb9bceb38e2f1394ff41d9e93ecc746175b8e5fa2f5bf903663cebc1266ca7a2f8c57340c1ef42e4fc8a85d76ce24237d16f1ac13d32bfd1121017e9a72ad3fb0e952a296ff9a79bdc5be6d8691696720d97daa7c27fb9489e47584c00c854779de5980490afbacad0d0774a7f13e424b0ea955a87b7e296a40eca7ab8f45ae76170da77fff6b554c50dcdc6a261e8ebb7d2f24583023d001ff218ec7844fb4640736f04e9f7d968aa74bef26f65eae961a4857a946d3b221818a798d65bf74f8c0ac1b4529e36183c49606890643573722d467f4c464e68069955e561ccfd4423c2a240cfbb96efb668844ba0a1ceb910ad4ef06cd0f13f7ffa85744bdd0dd16ca27f62179b3916868187421b6d9f9c698d6542a02d4c124373ce0f10cbbc6b9a18385d99519f06a24aa9a4f5560157880233ee8352f2e9de0ffa333bb50932587a70153a37f25263693b86dd6a61f7d1f40cac0f205b65fa2faa3098254fb084160c271addea6711ecae589870450b941db419bb27c8b597982b704ba0ea0189e7b5cd6b72e3529cd77e4a79c752f2f7af6aa43ec9eb0bbefc91a02a85871771189c1f9a0742e8e6fc2d71575e20631dee592f0ed44c9d8f6a22e7d7844445066ca5e8bb97dd5c2ca0365d7c33563ceca884e8e14ba21733c4d2415c1be9369298fbd616fd792bd767555aa2deec8f45e92e10fcc88079cf0093ca2e38adc797845548005a0660b5cbf6423d966ebdccb6ce9d5d476bfd562dff0dd1f8e576d424c0f5cbfe68a3a571e860e5665861a133bc8eb3d9838e9a88f18edb12dfec18a488ad1177ca22f6f763beee9c1e0dd61344997dbbc6de56800f15d2b04a4d83a0b79adb12c54aa7c418d8fd0c96b5797a003b8313d14093fdadd4b530233dd1176e86090e0cc5401d6f98529de8bb6094b8e2f02b53f562a4c115655dc2619811d8caade655b767a5d4fac6c10784bf5bb06e9f535fd1304f383e39bbc5ce58a5f2f9deb9af1d6df6b491fbcbb9053f9bc73da0ae2e815ae72aff41c71ab7adc71074dfa6906724f18b74a344f7911994ee8ee843fd991de053dd9fae152d02b4fe0818c6313aee7df2f32009221f6c2d0ef9b53b7c2e795d64dcae34e5fab88e6b112b935fa836c6868f72077c57a42a940d3c0a667f3d0b674a3de2aa8c3443748c3a5ac949f72ed49220a9cbf0896794f58e12b74a1d7c7bbf8bec7d8aa055855c34a6c25d6fddd22a73725ca3daf8e357b8173508be65d329a4b97820cdb1c7a98d222a839b4da2a33ac687ab4004f5e1d90be7dad53a50ab4d6bc04135e0a9f31af27dc75eae3b9e7fd7459455a4cdd7faf94c5fe701d66d2006719b9acb72db3c89ca61bddea7c0be7ec769ec1cbfae11a77f36a59966f042e5dd32ece56932b083f0cb68c92194c6a4ca0267186b5f3ebaa25f63b6a1b60a2a5c78b9b5b488962b2ce4854b51ab2bc001231b6be3fcdc5563b0950165da87745e387c1205ba818287a8cebfaae10ff461c2933d775c6cddaa936d1907e29b5b4e1ef0a000aafab5363dd692560a291a71f06552647144cac4884a8ae8f2dade616384eeafa54f84737d1613beb945faaa4a316ee2e2a3a094187b5edba42358e930c89bfeaf4620bada8aa6d6c8800d1b19548a308b8310a0b51c8ccc7db60aa2a04fd8b21769a32eded238f93f476b69a6548a8a17aee1d0c4476db41e4eba24d9351d3f98fac043f423ffead379b6cbfb05aaf705ff0dca6e5f6ba36d00d1bc98714a92c8ac1e7cbf441521c98e2b913dd7a5d8595e0479537029de96e2991652243fe3093594720a0538b1687711bf0bc46a1453ebe60c5d33bd798b66f19e69c90e55c2b68b62d1a759a3519630798dd4434fa658b013e28fe9befca82abc1f89a3b246f2fd44df84f88dab2792fc67b3ef2ef8eef84e441e2a7ff5a83e3784a5636a7d4775f5b3063d8e190bfcedcd8083d864d0cbb2fcca7af05cee2be552d89c801e760348dadf01ee4dbb9fb09d5b6c993ab9ac9ff7d5e1e104ab3a894f6cc9067ad64c5a97d3e12efd17820b3c07e4ce302a20fd4c5b5de8752bc4e609fbe9e6cebe713f309229883790ab6dffc22864f7b02fd9026a07299f8cf1e799acdd448428199165abf20eee23988cfcad773c7bc483f941f994c07f255e6cd72e7198f34bcbcbd801abb84e6e383d7bf6e217ee0281f4691beba5d17ef8bd59d7474540dda647ca3bdb8e280a2e6b7a7688bc677a25b2186b1e59e637737366733d75f02a597b7cabb18e75a1722d2327f4f2f101955ca88636ae97d5740ba61d7867c5141becd39f7fc5abb5b9614040995046c2ab369ac46c18159d5a3569df964e69e7686471ac756bf0515fee78904fe8fcec2096b5f3e", "8f9bea13d6c1793efefda669a3bfc1a1f2d2afea1c14a5b35aac4a522cce409cb88f5802ab78a0dc4ad9e13501a073e6fc60f1778eecc8a6f5299ba9f7dcdab9079dc269bb0d7bb287afa53a930cfb99ca80b3c23dd58d7a4d8ceadf2787fc4f8c638dcd55f8e962ef362db8ae2d407ea8f04c151b89947d52c901335b5ca070883017289368b02ae4676286906bf2f984ae3b2f4ce4d345ea814a725ef388f09b6b6dcc519515885e6e5062d9cd7e801d8a14b1c5b86c404a3bcfb968a48710eb7c451630b0e3895739f51e1379f25a9848fd01021cc53ab10691091090b2cad44133a51465c16c2257cdde467cdae5616e809ad2f3ca71a0b4ae46b5b62142b1d6f782c4286dbea20f02bae71821c1c956172806c55069c3e33f8811a31a44856a1d0521c3e81c12b6dcae2b0e5f006a9468614031c6ad977aa589e4076f55a5528d7b408fd429da83d78bc7dbb794b4117379334fb9167b872d0459a457ae425f768052a583f23ff60a29f11659756f40240b1939fb8b72c3fbe3963680fdcc09900ab387757c9146d223ccdfd5aa26682d39aee3e4b327748d02f82964c117fd480804952654de00db09934cd5c1786b35453f18515ec8f28ee9aee0bfd367eafdfccb54ed29fd08bbea75ed8b6a93c23cb337ae900ba89dcbb3d87191e1e56de67175572aa09f2eaa4fc1f31055b08ce99c30dadc63c743de7fc3e5e0511c98d6b37132f66f09577f6a5f9d113865830876d2f33887136d976525d195790184b7eeaf82169128911c37856b5e75db9999269b252f12d07c62236fac6835a3c13261c527d03d33df946ddfa40c85548ddb9179cf5d963246e215fa0f76472f9f24493aad8db71422f1d1c31a454980f2499294f858de9e8a4937f832b21104c843d084ba15466453f9fd830a1d7d5dbe801ef67c2d6ba52cefcaffa798dd47e9d1e94729956b62ccaf200ff3c32e41cabf86de920f74e1c9e00391909b622505388a3d297b4095f5aa3c17ef5e68c4b3ff18855fd13ff2fe3b1746155d149baaead01ce8d975730b235b1fca6a158f219d3256489d1421e9a008434ae4acc01e583a3145633bd217a6b74d4165fddc31499b6bde7341aad811e80ee6aefdb5aa993926b57d90c0098babdf172c2ec2fe85ba0b75bdc898ba9a2dc7383533b70f3eae8c5c91526a9d5aa99f4a91c9a4235b05558f9871f1e2254a2300e7bd5b4c0fa0bae78e00a53400ca2d1bd03f9d47c82a0e8a17519b53ab0274dd5fcab49ef76a567c156b947b38744657321da66d2983024a67adc00adcde04f35fc2cfeb39c0adcaa508ee7cb8b7a6b73b4deeba620538003f11f390d108c466a2058db84b122b62844f6aebf2d119ea050ba34a1152c439b4ee0491d9417398ec2b7154bdb39ffadb6385c52108f61cc0847cc8e499b3009b00ea000d1c84848c8213d82aa2c87d9c7b15fdf23454190b5c18f563985383a42c2d600155970c15cde8da2d14ef5908704966c286d59a5141bff15ed1e8b7c1252d8cbd641c70f8129ca870fa1235155cf642095b20d88de5c0a0ac6e8969c05996481d1e8e7f9cae627ad6cd374bffa2c8714c84e735384c4064c2e194f26ea16d3d99259cc394d2c4553578ad251c3fe2b88b316dd3533b644ec59390868fe5e7f79fa721ae8dd5ded8ceefaad3879b8c5577bb831079b44fab7db38f0b61d74ed192b2c61cfe6bed13049db2c6b85434e46194230ab022f7d74be00a844023b0e33cbf1d2b4d0ad3e61b950cd9801941fd8e5d4b90154ae9f173b42fcd658190758f21af8ff9086d4eb12bc3496bfecd99211c1048b3ce4dd25f0934d7f17d45f50084c4ef7c31625080a1c1cec43922d89d1945f675d980e8f2b374c198fb6e857d099c33aeececaac17ab9c12c343051e7dd2f8786883339dbc643af493745974a4da505844e0419dbddb4eca492713d006a5ff47d78dfac1642acab8caa7bda595b6b9532edf6da9ee99711822fabf8e8783dc8f156d1490f40ed6aedb4f97ce55269a2070b4aa3fc51ef22d9fa8342a03ef1b27831f83ade237f4344797eb29f9bbc6aced4005f4b379a1e0b060b4f9cbfce975b9bb2b53e1228c91753a7dfe6d67282d565c1ef42a15c1ff0d49f1128694336eaa277fd691de0748740241edb9250ab53e53523b2217fd4d554fe482c35d8ebdce8c2d053ea2b035a5e8f9ea2e683b24e418698e48b6bb8275c6938c61a6fcafb1f7c73a344db76bdc8cafb1a07000000e62e3d9b92ad50241ec0908d73255cb72ab5d144757a55c116343e6e6c61bb0999615ddca343e02a5e3438cc9f66b1619c4467b12e615918d2f27392977775c165530dc0059bb41bd6103e612ef5bcd7f2df54ab86a05836b0bb685c05e935da8dfe4144217603c6e4f703d8062af788c7acf61285baaf7c7043a0602fbe8d61daabcf07156f7ee60debca3787d1f4b60f39c341df2908bf7944a5753883626920f1e82eeb374409fa0b331053a9c6bd3ab48682d228ec04d7cb3eb94917d00bc97b46ec14f1681013969cda5ea2c95fa390b3d6422ce0ac242690fbf352d757c9fbc66d06b0e4578e43f032c5f033d54618d178ef0fabdb00108d23cae66bd4ce059709b01e5b8ffec5595865a1c77c0bd8a1f2cb5f13d2b49450b23d021f64247966fd07bee6538fb0565b7eb41489566bc066107a345d705335bc918fe2e3c4edc50872fd25933aaa908cd78eec4e414d46c035c734af8a5b8d47fe62a4a9c49da0cf6547cc8d6702a2468c8d6fbe0ec7d90888d0bf3a0c7c42507d0baf458ce087d4c7725f42edad430abf233b064186c111b4c1fc2861e74426a31d04e2ade9d7acd8f0ac376b712d1eb20175b93b6900291b5625f90276f0857af6b0d108ddb0d772f501e687196c7caafc90010403596a6b5735e28ec6363896c8719e6002dcea716038e7b773c250c98aae730a7f39d995d0c737ff6e29c7a548c69896355b73d50eff7f7a1238f66601d10e4ccc6fb5e924a59bb41da1eba811f5acb22e8bc3719f3568d0fdc0868b29df0727f5cd50290a1845e22d523cde3002560fef504bd2c9a291c7a81a4f2b5b8a015f379009e3e8baed5d35c4a03e09afd37d7fe9d86e86eb53701ae8016d5a19ce5e96e11549ba09e3c2a6700ea84796091f6ca47d4c68fb1e6f4448e1b72f6d4b8af491b635208b31356140db8134e5a1594e47c7ad68dcd2399f49731c60f5f6c101955d4c31275df3d4ce3207e8dc03b87cae229f1f1d09f0064ef7b0727f787efef0369222717129287a9b3a375e6aadd40b6fdaea3d43cd59febe098b7f80d72343bb147a20b22b5de8fbd32bf4ce64f3ad2510dad9c243327e7c706b06004d1cb82edcc113d74bb9cb820e360c9a8992b884a65234b93250f7ff8e7271983c6505cdf0524b5a8e60f8b3d86281a903ee62d3010d62a788d360182c1106486ee1673f5b7da5a2a154cbe53697305907f64140283f78b9b3b78d2a420586bbac1f72b4388258a0e7c1cc26048cbf3e47c593e9d3300e98931801efc3bdd0ed74e0d3b4f881c66b71a401d9719a1231394ffd04b35bb3c5dcc5ee18696e8327ef9f0f7d8ee218662ec6e747d5c009ba9462d0fba519be8f5f951a5bc077a6eaca928536f35e5929863357cc025fb80c5806d3b7a9f2645e1f6d3239bf763e9ff16fe6bf30d6139f2a117fa1db0d6d2c6aaecf1cacc1b28b24587c9bfd48e52f37651cc97c35d3dc3834b7f973213d0edefdf42a239da89bf1b735767f9e38119de3fd24dbdb34c38068888dc8ff11d19b1950772e283903ce51b1c13e86d58b283dc8f8a3c9456115b19a0561f3aa9c7eca553c4e5bfc20b5da4b32e607a57c2577ab2a65cedb2dd754a2363b37b138ea37e2e3546eea289da7475850e393e7331416bcf4ec75f0c6e654df1fc513e0dcc52ba57e9a128d148cf42d35fb9c7168c959e1ed6e4811fba1662c22194101a6d8787e037a35888117c854a2ef8f605076771ab5aefc8135cfa4c2a25680c6566e0fd19eee7cc86ece140efb6fab4200eabc09d834239abf5f48b46ea51797ee393693270da94c3e73859c01d1042e2eff0b1c4ed41ea560f38b8483d94b9dace687bbe8993fc4e2872b686bf299bb0dce34874d940fd2c36b5270aedd09e5e5a952d70f191e011c7e269219477fe8f5ded564f14fda6461b64d84ec32543a7ed663d8d27d8b8893942e0b7167f3f7b936f8f1fe623248d9815c5969f3a22f0fdefb527d9a870d7ece5430a9adcfee9eef05d235a0c87989965b20bad18c96d696e817c95693fec426ff81f1250e81c244058722243cb3e2df722ac46554a368a90a81206628fcc889cca832a8d4ed20188db0005b1b1c494e3dcce0622dd72ee35f4b4ac447909937bf67807344f5a629230752645aee6c70a885a80ea0e491fdef70648bfa0060ad78b122f2cc0637feb6c5754073d71326bb5a5c0b8c9890fffab1360d647d3a7b4e4bfb29c3162f311d7a1a41c3c5f739542ec723fff2c1e086dd79b1f22f3ff5a512e7ec7dfa54cc6883ae22b949139b1f029f8674ea97c5fb8125a3dafebddd524acdd1618c9f9b9fdf0ea659c4bd4b8da12cae75d1f5ae611b8fa7fd23ff0ff7dcf8a10540120d03d72db15d0775075c1c30ba7e6a07ee6633fa6fa396ca3a5799a7905db5d49e8e8ce00eb7a9af5f2c60749bc28c4b188054e21f44f28d2d1258326ae27a1b14d4704ffb93ff506bbf07e0e4e1bf2502fce11eeb83b9c491a68db0744a61ec449f5338c0b40d77ed16de2d935320bbd2cea2a164f26e7b619ddd81448009adeadfdcdead9df5a1c6da9aca64f373dfaf7cb940aac9f5eedb7a5d49eb74dc0e0819b05f328e9a4ddf3ef0a27cf01a853e02bc69970a32930c48509d726600dc7ee95e119d4cb28f87aa13b7ff846c338b5f9090586ff7bd983721d4a4b5a2e9a3e1495644483bf14861d524196f0d73265688794d6b3b4ce8b3f994c56a82a02a35aeaf9f79c08f5280a6ba0187eae965e412f14cb379869c997564b0a37349dc535882d5d4054d18bf44cbfccbdb8b377761096c974b3dde6a9dc767937bc3430a7fb614671e73ea867b4cd499f2581766510ad70811cda49b69b5afd380ae2ad43281e6640d4f20b2615f3c0b20f7d45c69a9cbbe7933776e07043b141664c059f1c6de17d44eed8b6242d6e8e8b3b86cff4306a9657e6d6f0c429f52138c6c5f7d155bc713432ca75bbf77c3a2c06e546474a7c327d10c46be64e6729643a9455420c48677a23c92f05e3e56f70100000000000000600739cd068305bb6aea50d5d1042f821e78f2942d603c46a1e4541756bac183b640935dffe8309e3e90a170ca3d126375a0177b1d94b72b622607af60a2cfb9b63464689237fcdbb752e89335aa96c615a59e39fcd89a3a39445e78fb5dd4912b16850863305496ca80974c3d39892a255f9a26b438662e6bc67e1d5115acff5bee940368df7e182ac1cc24331adb6e155ecfa1257d2f47a6b959f2bcf2dfbf86613c7761746ed85fd7e2a3c7c8602ee5143b100bd0a5026146becd255004fd8728bcfad605fad03e754ff1245e7716884e7e6898158ca4e9ba58cf09d8afe65fc18c2529b43a14e7eb7451b8072d68124be7b9133301d840191435de4704e2dda8ccfa87013f733aa10431faf7e46be7a391809af91e5e98d63c80a13c4b4fbb95b44ae5540f62f43036daef02b5dd404c0b08d46fa66fbdf0b4ed839494aa4c85194dac555e4061481c6717a3306700"})
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601060000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c000280080001407f"], 0x44}, 0x1, 0x0, 0x0, 0x10000007}, 0x240008c4)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
removexattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000140)=@random={'security.', '.\x00'})
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_RECVERR(r7, 0x114, 0x5, &(0x7f0000000040), 0x4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10190}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5}, @IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0xfc}]}}}]}, 0x44}}, 0x4004)

6.548772594s ago: executing program 1 (id=7853):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
eventfd2(0x7dc01731, 0x0)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, 0x0)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x138})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
madvise(&(0x7f0000130000/0xc00000)=nil, 0xc00000, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20040881}, 0x4001)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, 0xffffffffffffffff, 0x0)

6.126299608s ago: executing program 6 (id=7854):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000000)=0x80020000, 0x4)
socket$packet(0x11, 0x2, 0x300)
r1 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
r2 = dup(r1)
read(r2, &(0x7f0000000040), 0x0)
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0xf0f046})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ff5000/0x9000)=nil})

3.7361335s ago: executing program 1 (id=7855):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000010040b708"], 0x0, 0x8, 0x0, 0x0, 0x0, 0xa}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = gettid()
sigaltstack(&(0x7f0000000000)={0x0, 0x1}, 0x0)
rt_sigqueueinfo(r0, 0x21, &(0x7f00000002c0)={0x3d})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@typedef={0x3, 0x0, 0x0, 0xf, 0x2}]}}, 0x0, 0x26}, 0x28)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
r2 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x890b, &(0x7f0000000000)={r2})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f0000000ac0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="0200008001003220cbcbbdfc9251dfd267a167e9bfd8e088f62772"], 0x24, 0x0)

3.24507715s ago: executing program 2 (id=7856):
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000000)=0x7fffffff, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000c0000000800000040000000c0000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000001500000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c0000001a00010029bd70000000000002202000003d"], 0x2c}}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r4, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, &(0x7f0000000080), 0x0}, 0x20)
recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400})
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x0, 0x0, 0x3234564e, 0x0, 0x0, 0x0, 0x1, 0xfeedcafe, 0x3, 0x0, 0x0, 0x4}})
r6 = dup2(r0, r5)
ioctl$VIDIOC_QUERYCAP(r6, 0x80685600, &(0x7f0000000200))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000c113a3202a11010011d801020904530001058d9d00090582020002000400"], 0x0)

3.067877206s ago: executing program 6 (id=7857):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=ANY=[], 0xd0060)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_PROTOCOL(r3, 0x0, 0x812)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_80211_inject_frame(&(0x7f0000000540)=@broadcast, &(0x7f0000000580)=@data_frame={@msdu=@type01={{0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x3}, @broadcast, @from_mac, @device_a, {0x5, 0xb}}, @random="236a862d910c6d566b5cb28edbea7d66d7153e1af3183e39f9c33267ca7b6d8c81439a2081d399b01352182cd9f3ecb21d13ea19d892ab1958f67ecdd2885c543dee3a0e850286a2695fe7f4775876aff5c259d5ce021757266d848a61a79736b6811f48234ba969ded06bcdbcf30e17107bc0b9110b9ad776ad786c930233e1023dd4d38a26a0534dcd115e7d5e4b29c13c0ebd789df2bd1627f34428ff57c17aaeeaafd93ddc586e70b0f8170d64a0dfb202518f2647bdff54cca05d2a17015116ef1f2ec821ad6c60d63fc3a1823e42dfd623f1a02f55da55826ef06d5794440a0f45590c43a5d1989bf459688820259e94a0f393d65279f02c3766d88d7b92801a9c05ed39fd3fe00d0e7953795763566669702b2eb451a3868f894c274602e1fd52e957ec79d6d382072b77202fc8db940901773393250737463141eea67e2605d08a29ea7c08546d1e4a3ac72e112398b4292665276cb9c6d8e1eadf82db506c6b5324ba410088fb6e08230ca3fab5a3efb3035cde01c3f97f6b0e50f165ea4d5c25e5a16dfadd15df38957ffb0d50e0e30a0b41296acf3af3a8f07bcde939a2803418f8fcab1533bca64c4704643add98cd7670b00ac124b04953e3e3efe033b2623660b07b0aa85898ff40976aa131b33437ee7a6f66c24a12377116d852489da466887233ca9b646e5651b5a9bfc129e1d00642657d111e915f684d714472aea5561cdc74a9e6f337f1a317c4e3fbe055d6fd98181daaeee261de30927e786553ce3d0d4cab78c91e9a9a153bede907b28f1801e67bf9ab9a16a813a9628b3c14a6410c03eba2a11836eb0267449b61025a3203c053cd46f98cf1eb9997512ac1967dd1831e48a1c35f51b698196b6083925db30533efc6ea75b08ee794d525c24cb470311aefd37258c16e054f0325efd0fff96379abe76894e9bdea475f66e690adab8852c4b24c1f9f7090430f70824c6f1e692f9f94633e82fd85848301e476df4e81768fe0a3576af35fb09944bdfd0ed75ef4773c5acbe043d43f74bbd9d58a3b4881c540a95d603353e610c13a97249e9a260fc363c618cb64946f9a66bd2974b21575292cf5004700749602d4ed131c30404a431d4ff2f52db3032aa9768369f8ef5c6e9065a0210f69a2690683241763ce1a6936762fde1f4a324314f635e99a827053142337ceb13d037fcfeaf8bbfd3023097aa5b17e8381e0a04e3b5772e4cd61469972e355410001c256ef4ace740aaed2eeeaa65497956c54b8700b3386873b1b3d0aa4786a7b9ed69df6e0da776961211460fe40940a208e4ed94c074ed198f52230c3fae083fc888c4bb819644e2aa69d2ba17ac1fdaf62953d8d70a6649ea8b770e27db2297436054154e1127af5fbeff448d0deac0cbe2a5f6a09b474d4b0d1dac6ed93b5227fc61bfef50a82756e30242a4a6cf56744da3393cfb3cde3b50faaca7c05422d3c10d76d3335d7c6be7c0fd8ef273326f839359e8f27d998e2435ee65d965e67376197f1f3d0ba3a6ea6017c7873580746d08ff558e2fe3388c0872cd89de07414131a389a67aca001b37c70a91224eba8d5ecc76d64e4235afa1ebd75627f6235764bd4708f8fbc44a777a276d3ba66549193fd9679edd3cc6c8800e142819d1fe4d071f2af8033d531e61d4edaf6b7b27dde03e3c5190a7a5700636684306c22e981dd0d5b1b179181141b5d9232adbd1e091d3c38acf0ed05efe23a942c5d32f5f2f093a4952a881e68ffc912874f3783b9b186fc014d6853b1624e1fe1d2fb8f2958ce825f5c3c44bb97b135f21b081074c68647cf35c28dd095bb8d7c66ea904952fcff536147f492a75000884311b2f026eea9c4b76a16e603389fc178e4f5470cfd839e16f3ad23a1bb9c0b1a410decd2397595fbe3cc0734cf5f841942ddf52d8f7ff1c1974ed853906d0d7adbd13c8feab0ddd5cdf7b3c4711da927c096e809f8adaf2840a9ed13eb2965a90bacf9b5cc5febfd4caa4899b2e075246cd7b5ab606593560a439b661f2c75c4b21519ba0c741fd347f868b4cf8bdd75879d76990114e8238520087ee6e864d0ba5e41f3c2dabd61b00365695d5d93f404ad68d89146e67eded8ab437ad0018115a30126761adfb06792c2e06944b15eec2d649328ef5d2262c952f1f7593f7020d5db31a79f1b557e6d08b67834317aa854c88e2bd57275d2ed2f4a56b83cdffb271ebaf8609dfc19b8d6105a7975bf485207d138699fbfa75e5fb6e1e4ab7fa2436051c172574ee8cd74113571bf8ae05d0be2ddbcea042b08f751a1c4c6c8f37571c4e15d62a7d142195458d29a498bb23f70c4c1769b51dcd0a2eca444a160f5357830d146916b9f904baa49919d0ba39ded8587995aa44e26c00c0ae7bcf4fbcd0d8d5f991c16926f730400a189d8cd4db421b8152086c46912c7f377864a7464e3fee537431da3dd7ee0654b9a470632b1835196010928a6db3c17c3e88697aaff517f1ab3ea66d88d85fb6d2066e615f3d5f74eb5e24eb011bb60fc64"}, 0x71b)

2.987364154s ago: executing program 7 (id=7858):
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000040)={@mcast2}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000037c0), 0x0, 0x2040000, &(0x7f0000003700)={0x77359400})

2.952095001s ago: executing program 3 (id=7859):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02})
close(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003a00)=[{{0x0, 0x0, &(0x7f0000001600)}}], 0x1, 0xc0c0)
preadv(r1, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/124, 0x3}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

1.492688845s ago: executing program 7 (id=7860):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee01, 0x0)
keyctl$setperm(0x5, r1, 0x604310a)
keyctl$get_security(0x11, r1, 0x0, 0x0)
pwritev(r0, &(0x7f00000000c0), 0x0, 0x0, 0x0)

1.430438035s ago: executing program 3 (id=7861):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

1.307888931s ago: executing program 6 (id=7862):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
listen(r1, 0x9)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r2, &(0x7f00000000c0)="ab", 0xfffd, 0xc1, &(0x7f0000000280)={0x2, 0x4e22, @loopback}, 0x10)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)=ANY=[@ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x48000}, 0x40)

1.180681042s ago: executing program 7 (id=7863):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x0, 0xe}, 0x8)
sendto$inet6(r0, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000000)={0xa, 0x0, 0x6, @private1, 0x8}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x84, 0x42, 0x0, 0x0)

86.412208ms ago: executing program 3 (id=7864):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
eventfd2(0x7dc01731, 0x0)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, 0x0)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x16, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20400, 0x38)
fsopen(&(0x7f0000000100)='selinuxfs\x00', 0x0)
getdents64(r2, &(0x7f0000000240)=""/113, 0x71)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f0000000300)={{0x1000000, 0x4003}, {0x0, 0xd}, 0x8, 0x6})
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x138})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000, 0x3})
madvise(&(0x7f0000130000/0xc00000)=nil, 0xc00000, 0x4)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x20040881}, 0x20044005)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, 0xffffffffffffffff, 0x0)

0s ago: executing program 6 (id=7865):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000060000000000000000ffdbdf2500000000", @ANYRES32=r0, @ANYBLOB="83040500000000002000128008000100736974001409028008000200ac1b7a8874b38549cbf99251"], 0x40}, 0x1, 0x0, 0x0, 0x9000}, 0x4040004)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={0x1, &(0x7f0000000000)="1f4665ff1623b7cd3288efa54ef451a3882aa56c3424866bf27f1637e068ba0dbecc38a51951895c3facd9fb2e2d5a573829c9acdd9bad310824c6c911afd571ce6b8f66f9fba96007d8c41cfb471452e6f8c235feec8443ef36eca43f9aef40a313c8afa7b47d4b11223d9e1e9d9656612d4cb26325bf83f007fd181d2e3a3380d64e773f7130555a5323521ab2410fa69f", &(0x7f0000000480)=""/4096, 0x4}, 0x20)

kernel console output (not intermixed with test programs):

0][T26857]  should_fail_ex+0x46c/0x600
[ 1691.303640][T26857]  _copy_from_user+0x2d/0xb0
[ 1691.303660][T26857]  __x64_sys_signalfd+0xec/0x170
[ 1691.303679][T26857]  ? __pfx___x64_sys_signalfd+0x10/0x10
[ 1691.303698][T26857]  ? __secure_computing+0xe2/0x2a0
[ 1691.303726][T26857]  do_syscall_64+0xfa/0xfa0
[ 1691.303747][T26857]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1691.303768][T26857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1691.303786][T26857]  ? clear_bhb_loop+0x60/0xb0
[ 1691.303808][T26857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1691.303825][T26857] RIP: 0033:0x7fced26eefc9
[ 1691.303843][T26857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1691.303859][T26857] RSP: 002b:00007fced094e038 EFLAGS: 00000246 ORIG_RAX: 000000000000011a
[ 1691.303879][T26857] RAX: ffffffffffffffda RBX: 00007fced2945fa0 RCX: 00007fced26eefc9
[ 1691.303893][T26857] RDX: 0000000000000008 RSI: 0000200000000000 RDI: ffffffffffffffff
[ 1691.303905][T26857] RBP: 00007fced094e090 R08: 0000000000000000 R09: 0000000000000000
[ 1691.303917][T26857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1691.303929][T26857] R13: 00007fced2946038 R14: 00007fced2945fa0 R15: 00007fff59b50158
[ 1691.303962][T26857]  </TASK>
[ 1691.400448][T26862] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1691.491126][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1693.112261][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1693.741988][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1695.039635][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1695.692812][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1695.835430][T26922] FAULT_INJECTION: forcing a failure.
[ 1695.835430][T26922] name failslab, interval 1, probability 0, space 0, times 0
[ 1695.835475][T26922] CPU: 0 UID: 0 PID: 26922 Comm: syz.4.7464 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1695.835497][T26922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1695.835508][T26922] Call Trace:
[ 1695.835516][T26922]  <TASK>
[ 1695.835524][T26922]  dump_stack_lvl+0x189/0x250
[ 1695.835551][T26922]  ? __pfx____ratelimit+0x10/0x10
[ 1695.835565][T26922]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1695.835579][T26922]  ? __pfx__printk+0x10/0x10
[ 1695.835594][T26922]  ? __pfx___might_resched+0x10/0x10
[ 1695.835606][T26922]  ? fs_reclaim_acquire+0x7d/0x100
[ 1695.835623][T26922]  should_fail_ex+0x46c/0x600
[ 1695.835639][T26922]  ? __alloc_skb+0x112/0x2d0
[ 1695.835649][T26922]  should_failslab+0xa8/0x100
[ 1695.835663][T26922]  ? __alloc_skb+0x112/0x2d0
[ 1695.835671][T26922]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1695.835685][T26922]  ? netlink_autobind+0xdb/0x300
[ 1695.835699][T26922]  __alloc_skb+0x112/0x2d0
[ 1695.835711][T26922]  netlink_sendmsg+0x5c6/0xb30
[ 1695.835727][T26922]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1695.835742][T26922]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1695.835756][T26922]  __sock_sendmsg+0x21c/0x270
[ 1695.835772][T26922]  sock_write_iter+0x27f/0x370
[ 1695.835786][T26922]  ? __pfx_sock_write_iter+0x10/0x10
[ 1695.835797][T26922]  ? __might_fault+0xb0/0x130
[ 1695.835823][T26922]  do_iter_readv_writev+0x635/0x8d0
[ 1695.835841][T26922]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1695.835852][T26922]  ? __pv_queued_spin_lock_slowpath+0xa05/0xb60
[ 1695.835872][T26922]  ? rw_verify_area+0x25b/0x4e0
[ 1695.835885][T26922]  vfs_writev+0x323/0x970
[ 1695.835902][T26922]  ? __lock_acquire+0xab9/0xd20
[ 1695.835917][T26922]  ? __pfx_vfs_writev+0x10/0x10
[ 1695.835939][T26922]  ? __fget_files+0x2a/0x420
[ 1695.835956][T26922]  ? __fget_files+0x3a6/0x420
[ 1695.835968][T26922]  ? __fget_files+0x2a/0x420
[ 1695.835986][T26922]  do_writev+0x153/0x2d0
[ 1695.836001][T26922]  ? __pfx_do_writev+0x10/0x10
[ 1695.836017][T26922]  ? do_syscall_64+0xbe/0xfa0
[ 1695.836033][T26922]  do_syscall_64+0xfa/0xfa0
[ 1695.836045][T26922]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1695.836054][T26922]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1695.836064][T26922]  ? clear_bhb_loop+0x60/0xb0
[ 1695.836076][T26922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1695.836086][T26922] RIP: 0033:0x7f716ee9efc9
[ 1695.836095][T26922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1695.836104][T26922] RSP: 002b:00007f716d0e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1695.836116][T26922] RAX: ffffffffffffffda RBX: 00007f716f0f6090 RCX: 00007f716ee9efc9
[ 1695.836123][T26922] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004
[ 1695.836130][T26922] RBP: 00007f716d0e5090 R08: 0000000000000000 R09: 0000000000000000
[ 1695.836136][T26922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1695.836142][T26922] R13: 00007f716f0f6128 R14: 00007f716f0f6090 R15: 00007ffdba4f0398
[ 1695.836159][T26922]  </TASK>
[ 1696.941112][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1698.328085][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1698.705258][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1698.780689][T26535] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[ 1698.930823][T26535] usb 3-1: Using ep0 maxpacket: 32
[ 1698.935275][T26535] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[ 1698.935301][T26535] usb 3-1: config 0 has no interface number 0
[ 1698.960294][T26535] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1698.960323][T26535] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1698.960344][T26535] usb 3-1: Product: syz
[ 1698.960358][T26535] usb 3-1: Manufacturer: syz
[ 1698.960372][T26535] usb 3-1: SerialNumber: syz
[ 1699.000278][T26535] usb 3-1: config 0 descriptor??
[ 1699.013527][T26535] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1699.143259][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1699.237763][T26535] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1699.260278][T26535] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1699.630827][T26945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1699.631259][T26945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1699.632269][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1699.638996][T25873] usb 3-1: USB disconnect, device number 40
[ 1699.661355][T25873] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1699.681487][T25873] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1699.682170][T25873] quatech2 3-1:0.51: device disconnected
[ 1699.691323][ T5964] usb 6-1: new high-speed USB device number 71 using dummy_hcd
[ 1700.041340][ T5964] usb 6-1: device descriptor read/64, error -71
[ 1700.582945][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1700.645368][T26967] FAULT_INJECTION: forcing a failure.
[ 1700.645368][T26967] name failslab, interval 1, probability 0, space 0, times 0
[ 1700.645400][T26967] CPU: 1 UID: 0 PID: 26967 Comm: syz.1.7481 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1700.645422][T26967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1700.645433][T26967] Call Trace:
[ 1700.645441][T26967]  <TASK>
[ 1700.645450][T26967]  dump_stack_lvl+0x189/0x250
[ 1700.645481][T26967]  ? __pfx____ratelimit+0x10/0x10
[ 1700.645502][T26967]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1700.645527][T26967]  ? __pfx__printk+0x10/0x10
[ 1700.645554][T26967]  ? __pfx___might_resched+0x10/0x10
[ 1700.645578][T26967]  should_fail_ex+0x46c/0x600
[ 1700.645608][T26967]  should_failslab+0xa8/0x100
[ 1700.645634][T26967]  __kmalloc_noprof+0xcc/0x7d0
[ 1700.645657][T26967]  ? kfree+0x51/0x950
[ 1700.645674][T26967]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1700.645705][T26967]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1700.645728][T26967]  ? tomoyo_domain+0xda/0x130
[ 1700.645755][T26967]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1700.645780][T26967]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1700.645815][T26967]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1700.645845][T26967]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1700.645868][T26967]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1700.645920][T26967]  ? __fget_files+0x2a/0x420
[ 1700.645948][T26967]  ? __fget_files+0x3a6/0x420
[ 1700.645970][T26967]  ? __fget_files+0x2a/0x420
[ 1700.645996][T26967]  security_file_ioctl+0xcb/0x2d0
[ 1700.646018][T26967]  __se_sys_ioctl+0x47/0x170
[ 1700.646042][T26967]  do_syscall_64+0xfa/0xfa0
[ 1700.646062][T26967]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1700.646083][T26967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1700.646101][T26967]  ? clear_bhb_loop+0x60/0xb0
[ 1700.646124][T26967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1700.646141][T26967] RIP: 0033:0x7f6d280eefc9
[ 1700.646159][T26967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1700.646175][T26967] RSP: 002b:00007f6d2634e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1700.646195][T26967] RAX: ffffffffffffffda RBX: 00007f6d28345fa0 RCX: 00007f6d280eefc9
[ 1700.646209][T26967] RDX: 0000200000000000 RSI: 00000000000089fb RDI: 0000000000000004
[ 1700.646222][T26967] RBP: 00007f6d2634e090 R08: 0000000000000000 R09: 0000000000000000
[ 1700.646234][T26967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1700.646245][T26967] R13: 00007f6d28346038 R14: 00007f6d28345fa0 R15: 00007fff383a0998
[ 1700.646278][T26967]  </TASK>
[ 1700.646286][T26967] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1700.680881][ T5964] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 1700.707011][T26969] netlink: 'syz.1.7482': attribute type 1 has an invalid length.
[ 1700.707032][T26969] netlink: 'syz.1.7482': attribute type 1 has an invalid length.
[ 1700.829449][ T5964] usb 6-1: device descriptor read/64, error -71
[ 1700.932611][ T5964] usb usb6-port1: attempt power cycle
[ 1700.990730][T25873] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1701.026988][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1701.180611][T25873] usb 2-1: Using ep0 maxpacket: 8
[ 1701.186421][T25873] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[ 1701.186450][T25873] usb 2-1: config 179 has no interface number 0
[ 1701.186499][T25873] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1701.186526][T25873] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1701.186553][T25873] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11
[ 1701.186579][T25873] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024
[ 1701.186605][T25873] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1701.186648][T25873] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1701.186671][T25873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1701.203242][T26969] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1701.203525][T26969] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1701.588608][T26984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1702.030864][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1702.385504][ T5964] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 1702.385833][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1702.409958][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1702.410029][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1702.410459][T25873] usb 2-1: USB disconnect, device number 49
[ 1702.431258][ T5964] usb 6-1: device descriptor read/8, error -71
[ 1702.867503][T27001] FAULT_INJECTION: forcing a failure.
[ 1702.867503][T27001] name failslab, interval 1, probability 0, space 0, times 0
[ 1702.867535][T27001] CPU: 1 UID: 0 PID: 27001 Comm: syz.2.7493 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1702.867557][T27001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1702.867569][T27001] Call Trace:
[ 1702.867577][T27001]  <TASK>
[ 1702.867593][T27001]  dump_stack_lvl+0x189/0x250
[ 1702.867622][T27001]  ? __pfx____ratelimit+0x10/0x10
[ 1702.867645][T27001]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1702.867669][T27001]  ? __pfx__printk+0x10/0x10
[ 1702.867696][T27001]  ? __pfx___might_resched+0x10/0x10
[ 1702.867716][T27001]  ? fs_reclaim_acquire+0x7d/0x100
[ 1702.867744][T27001]  should_fail_ex+0x46c/0x600
[ 1702.867772][T27001]  ? __alloc_skb+0x112/0x2d0
[ 1702.867789][T27001]  should_failslab+0xa8/0x100
[ 1702.867814][T27001]  ? __alloc_skb+0x112/0x2d0
[ 1702.867829][T27001]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1702.867861][T27001]  __alloc_skb+0x112/0x2d0
[ 1702.867884][T27001]  alloc_skb_with_frags+0xca/0x890
[ 1702.867910][T27001]  ? try_to_take_rt_mutex+0x840/0xb00
[ 1702.867937][T27001]  sock_alloc_send_pskb+0x859/0x990
[ 1702.867979][T27001]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1702.868006][T27001]  ? dev_get_by_index+0x22/0x2e0
[ 1702.868028][T27001]  ? dev_get_by_index+0x22/0x2e0
[ 1702.868058][T27001]  packet_sendmsg+0x33a0/0x5080
[ 1702.868114][T27001]  ? smack_socket_sendmsg+0x1fa/0x520
[ 1702.868138][T27001]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1702.868164][T27001]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1702.868191][T27001]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1702.868218][T27001]  ? __lock_acquire+0xab9/0xd20
[ 1702.868243][T27001]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1702.868265][T27001]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1702.868283][T27001]  __sock_sendmsg+0x21c/0x270
[ 1702.868311][T27001]  ____sys_sendmsg+0x508/0x820
[ 1702.868338][T27001]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1702.868369][T27001]  ? import_iovec+0x74/0xa0
[ 1702.868392][T27001]  ___sys_sendmsg+0x21f/0x2a0
[ 1702.868415][T27001]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1702.868474][T27001]  ? __fget_files+0x2a/0x420
[ 1702.868496][T27001]  ? __fget_files+0x3a6/0x420
[ 1702.868530][T27001]  __x64_sys_sendmsg+0x1a1/0x260
[ 1702.868553][T27001]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1702.868589][T27001]  ? __pfx_ksys_write+0x10/0x10
[ 1702.868615][T27001]  ? do_syscall_64+0xbe/0xfa0
[ 1702.868641][T27001]  do_syscall_64+0xfa/0xfa0
[ 1702.868661][T27001]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1702.868681][T27001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.868700][T27001]  ? clear_bhb_loop+0x60/0xb0
[ 1702.868722][T27001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1702.868739][T27001] RIP: 0033:0x7fced26eefc9
[ 1702.868756][T27001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1702.868771][T27001] RSP: 002b:00007fced094e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1702.868790][T27001] RAX: ffffffffffffffda RBX: 00007fced2945fa0 RCX: 00007fced26eefc9
[ 1702.868804][T27001] RDX: 0000000020000080 RSI: 0000200000000300 RDI: 0000000000000003
[ 1702.868816][T27001] RBP: 00007fced094e090 R08: 0000000000000000 R09: 0000000000000000
[ 1702.868828][T27001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1702.868838][T27001] R13: 00007fced2946038 R14: 00007fced2945fa0 R15: 00007fff59b50158
[ 1702.868871][T27001]  </TASK>
[ 1702.930699][ T5964] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 1702.995363][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1703.027951][ T5964] usb 6-1: Using ep0 maxpacket: 16
[ 1703.048267][ T5964] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1703.048530][ T5964] usb 6-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1703.048554][ T5964] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1703.426373][T25873] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[ 1703.454691][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1703.542280][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1704.096586][ T5964] usb 6-1: config 0 descriptor??
[ 1704.250915][T25873] usb 5-1: Using ep0 maxpacket: 16
[ 1704.254974][T25873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1704.255079][T25873] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1704.255104][T25873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1704.296653][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1704.328519][T25873] usb 5-1: config 0 descriptor??
[ 1704.695479][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1704.769534][ T5964] hkems 0003:2006:0118.001A: collection stack underflow
[ 1704.769628][ T5964] hkems 0003:2006:0118.001A: item 0 4 0 12 parsing failed
[ 1704.787842][ T5964] hkems 0003:2006:0118.001A: parse failed
[ 1704.787914][ T5964] hkems 0003:2006:0118.001A: probe with driver hkems failed with error -22
[ 1705.142480][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1705.162839][T25873] hkems 0003:2006:0118.001B: collection stack underflow
[ 1705.162880][T25873] hkems 0003:2006:0118.001B: item 0 4 0 12 parsing failed
[ 1705.163681][T25873] hkems 0003:2006:0118.001B: parse failed
[ 1705.163752][T25873] hkems 0003:2006:0118.001B: probe with driver hkems failed with error -22
[ 1705.483091][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1705.531657][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1705.784595][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1706.111767][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1706.138653][T16815] usb 6-1: USB disconnect, device number 74
[ 1706.497086][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1706.578921][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1706.603796][T25873] usb 5-1: USB disconnect, device number 117
[ 1706.846068][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1706.856811][T27041] FAULT_INJECTION: forcing a failure.
[ 1706.856811][T27041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1706.856858][T27041] CPU: 0 UID: 0 PID: 27041 Comm: syz.2.7503 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1706.856879][T27041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1706.856890][T27041] Call Trace:
[ 1706.856898][T27041]  <TASK>
[ 1706.856906][T27041]  dump_stack_lvl+0x189/0x250
[ 1706.856936][T27041]  ? __pfx____ratelimit+0x10/0x10
[ 1706.856958][T27041]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1706.856982][T27041]  ? __pfx__printk+0x10/0x10
[ 1706.857004][T27041]  ? __might_fault+0xb0/0x130
[ 1706.857038][T27041]  should_fail_ex+0x46c/0x600
[ 1706.857067][T27041]  _copy_from_user+0x2d/0xb0
[ 1706.857086][T27041]  snd_seq_event_dup+0x467/0x780
[ 1706.857130][T27041]  snd_seq_client_enqueue_event+0x32b/0x4d0
[ 1706.857159][T27041]  ? __pfx_snd_seq_client_enqueue_event+0x10/0x10
[ 1706.857191][T27041]  snd_seq_write+0x5d0/0x820
[ 1706.857232][T27041]  ? __pfx_snd_seq_write+0x10/0x10
[ 1706.857253][T27041]  ? do_raw_spin_lock+0x121/0x290
[ 1706.857280][T27041]  ? rw_verify_area+0x25b/0x4e0
[ 1706.857300][T27041]  ? __lock_acquire+0xab9/0xd20
[ 1706.857320][T27041]  ? __pfx_snd_seq_write+0x10/0x10
[ 1706.857344][T27041]  vfs_write+0x287/0xb40
[ 1706.857374][T27041]  ? __pfx_vfs_write+0x10/0x10
[ 1706.857396][T27041]  ? __fget_files+0x2a/0x420
[ 1706.857421][T27041]  ? __fget_files+0x2a/0x420
[ 1706.857442][T27041]  ? __fget_files+0x3a6/0x420
[ 1706.857462][T27041]  ? __fget_files+0x2a/0x420
[ 1706.857493][T27041]  ksys_write+0x14b/0x260
[ 1706.857516][T27041]  ? __pfx_ksys_write+0x10/0x10
[ 1706.857540][T27041]  ? do_syscall_64+0xbe/0xfa0
[ 1706.857566][T27041]  do_syscall_64+0xfa/0xfa0
[ 1706.857585][T27041]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1706.857606][T27041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1706.857623][T27041]  ? clear_bhb_loop+0x60/0xb0
[ 1706.857645][T27041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1706.857663][T27041] RIP: 0033:0x7fced26eefc9
[ 1706.857680][T27041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1706.857696][T27041] RSP: 002b:00007fced092d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1706.857715][T27041] RAX: ffffffffffffffda RBX: 00007fced2946090 RCX: 00007fced26eefc9
[ 1706.857728][T27041] RDX: 000000000000ffc8 RSI: 0000200000000000 RDI: 0000000000000003
[ 1706.857740][T27041] RBP: 00007fced092d090 R08: 0000000000000000 R09: 0000000000000000
[ 1706.857751][T27041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1706.857763][T27041] R13: 00007fced2946128 R14: 00007fced2946090 R15: 00007fff59b50158
[ 1706.857793][T27041]  </TASK>
[ 1707.499196][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1707.590956][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1707.855690][T27055] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7510'.
[ 1708.003889][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1708.732428][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1708.924538][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1709.393078][ T6972] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1709.421300][ T6972] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1709.430982][ T6972] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1709.435763][ T6972] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1709.436378][ T6972] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1709.936139][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1710.034782][ T1307] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1710.454067][ T1307] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1710.461009][T27079] FAULT_INJECTION: forcing a failure.
[ 1710.461009][T27079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1710.461041][T27079] CPU: 1 UID: 0 PID: 27079 Comm: syz.1.7520 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1710.461063][T27079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1710.461074][T27079] Call Trace:
[ 1710.461082][T27079]  <TASK>
[ 1710.461091][T27079]  dump_stack_lvl+0x189/0x250
[ 1710.461119][T27079]  ? __pfx____ratelimit+0x10/0x10
[ 1710.461141][T27079]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1710.461164][T27079]  ? __pfx__printk+0x10/0x10
[ 1710.461201][T27079]  should_fail_ex+0x46c/0x600
[ 1710.461230][T27079]  _copy_to_user+0x31/0xb0
[ 1710.461251][T27079]  simple_read_from_buffer+0xe1/0x170
[ 1710.461280][T27079]  proc_fail_nth_read+0x1b6/0x220
[ 1710.461302][T27079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1710.461325][T27079]  ? rw_verify_area+0x2ac/0x4e0
[ 1710.461345][T27079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1710.461364][T27079]  vfs_read+0x206/0xa30
[ 1710.461394][T27079]  ? __pfx_vfs_read+0x10/0x10
[ 1710.461411][T27079]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1710.461439][T27079]  ? mutex_lock_nested+0x154/0x1d0
[ 1710.461455][T27079]  ? fdget_pos+0x253/0x320
[ 1710.461486][T27079]  ksys_read+0x14b/0x260
[ 1710.461509][T27079]  ? __pfx_ksys_read+0x10/0x10
[ 1710.461533][T27079]  ? do_syscall_64+0xbe/0xfa0
[ 1710.461558][T27079]  do_syscall_64+0xfa/0xfa0
[ 1710.461577][T27079]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1710.461597][T27079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1710.461615][T27079]  ? clear_bhb_loop+0x60/0xb0
[ 1710.461637][T27079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1710.461653][T27079] RIP: 0033:0x7f6d280ed9dc
[ 1710.461669][T27079] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1710.461684][T27079] RSP: 002b:00007f6d2634e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1710.461702][T27079] RAX: ffffffffffffffda RBX: 00007f6d28345fa0 RCX: 00007f6d280ed9dc
[ 1710.461716][T27079] RDX: 000000000000000f RSI: 00007f6d2634e0a0 RDI: 0000000000000004
[ 1710.461727][T27079] RBP: 00007f6d2634e090 R08: 0000000000000000 R09: 0000000000000000
[ 1710.461739][T27079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1710.461750][T27079] R13: 00007f6d28346038 R14: 00007f6d28345fa0 R15: 00007fff383a0998
[ 1710.461782][T27079]  </TASK>
[ 1711.017050][   T37] kauditd_printk_skb: 53 callbacks suppressed
[ 1711.017068][   T37] audit: type=1326 audit(1761547504.873:4082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.017127][   T37] audit: type=1326 audit(1761547504.873:4083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.046118][   T37] audit: type=1326 audit(1761547504.903:4084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.046168][   T37] audit: type=1326 audit(1761547504.903:4085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.046207][   T37] audit: type=1326 audit(1761547504.903:4086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.159911][   T37] audit: type=1326 audit(1761547505.013:4087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.173208][   T37] audit: type=1326 audit(1761547505.033:4088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.173261][   T37] audit: type=1326 audit(1761547505.033:4089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.184757][   T37] audit: type=1326 audit(1761547505.043:4090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.184809][   T37] audit: type=1326 audit(1761547505.043:4091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27090 comm="syz.3.7522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8def9fefc9 code=0x7ffc0000
[ 1711.353172][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1711.436120][ T6972] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1711.450182][ T6972] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1711.467869][ T6972] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1711.477916][ T6972] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1711.478848][ T6972] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1711.499660][ T1307] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1711.649933][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1711.651124][T25525] Bluetooth: hci1: command tx timeout
[ 1711.723935][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1711.934431][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1711.958096][ T1307] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1712.672468][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1712.786823][T27125] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1713.258272][ T1307] bridge_slave_1: left allmulticast mode
[ 1713.258302][ T1307] bridge_slave_1: left promiscuous mode
[ 1713.258556][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1713.569476][T25525] Bluetooth: hci3: command tx timeout
[ 1713.605715][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1713.892464][T25525] Bluetooth: hci1: command tx timeout
[ 1714.598354][ T1307] bridge_slave_0: left allmulticast mode
[ 1714.598399][ T1307] bridge_slave_0: left promiscuous mode
[ 1714.598689][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1714.919607][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1714.951192][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1715.148582][T27139] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1715.515994][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1715.610633][T25525] Bluetooth: hci3: command tx timeout
[ 1715.930608][T25525] Bluetooth: hci1: command tx timeout
[ 1716.030719][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.106964][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.227415][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.300900][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.382409][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.458330][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.553876][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.618288][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.680755][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1716.819741][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.086384][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.228585][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.500294][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.544715][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.595050][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.654164][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.714059][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.721194][T25525] Bluetooth: hci3: command tx timeout
[ 1717.846243][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1717.945130][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.002993][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.010720][ T6972] Bluetooth: hci1: command tx timeout
[ 1718.185367][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1718.241364][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1718.263635][ T1307] bond0 (unregistering): Released all slaves
[ 1718.308431][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.354142][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.405611][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.515846][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.578357][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.634925][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.683349][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.796015][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1718.965424][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.014535][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.174449][ T1307] bond1 (unregistering): Released all slaves
[ 1719.296695][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.359287][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.361818][T27094] chnl_net:caif_netlink_parms(): no params data found
[ 1719.431202][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.434411][ T1307] tipc: Left network mode
[ 1719.434905][T27065] chnl_net:caif_netlink_parms(): no params data found
[ 1719.574113][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.657006][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1719.785097][ T6972] Bluetooth: hci3: command tx timeout
[ 1720.206517][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1720.845482][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1721.067806][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1721.776858][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1722.025833][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1722.241953][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1722.825089][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1723.025865][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1723.448620][ T5964] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1723.633522][ T5964] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1723.635080][ T5964] usb 3-1: config 6 has an invalid interface number: 200 but max is 0
[ 1723.635104][ T5964] usb 3-1: config 6 has no interface number 0
[ 1723.635156][ T5964] usb 3-1: config 6 interface 200 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1723.635180][ T5964] usb 3-1: config 6 interface 200 has no altsetting 0
[ 1723.638372][ T5964] usb 3-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[ 1723.638398][ T5964] usb 3-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[ 1723.638418][ T5964] usb 3-1: Product: syz
[ 1723.638434][ T5964] usb 3-1: Manufacturer: syz
[ 1723.638448][ T5964] usb 3-1: SerialNumber: syz
[ 1723.725945][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1723.865578][T27220] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1724.032284][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1724.249676][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1724.389526][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1724.616344][ T5964] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[ 1724.617007][ T5964] dvb-usb: bulk message failed: -8 (3/0)
[ 1724.630140][ T5964] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1724.631278][ T5964] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[ 1724.631334][ T5964] usb 3-1: media controller created
[ 1724.655295][ T5964] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1724.672336][ T5964] dvb-usb: bulk message failed: -8 (6/0)
[ 1724.672741][ T5964] dvb-usb: bulk message failed: -8 (6/0)
[ 1724.672858][ T5964] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[ 1724.676874][ T5964] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input64
[ 1724.679816][ T5964] dvb-usb: schedule remote query interval to 150 msecs.
[ 1724.679835][ T5964] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[ 1724.683915][ T5964] usb 3-1: USB disconnect, device number 41
[ 1724.779036][T27094] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1724.779261][T27094] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1724.779499][T27094] bridge_slave_0: entered allmulticast mode
[ 1724.803366][T27094] bridge_slave_0: entered promiscuous mode
[ 1724.868552][ T5964] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[ 1724.927111][T27094] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1724.927215][T27094] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1724.927438][T27094] bridge_slave_1: entered allmulticast mode
[ 1724.929214][T27094] bridge_slave_1: entered promiscuous mode
[ 1724.942519][T27065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1724.942645][T27065] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1724.943214][T27065] bridge_slave_0: entered allmulticast mode
[ 1724.945980][T27065] bridge_slave_0: entered promiscuous mode
[ 1725.081928][ T1307] hsr_slave_0: left promiscuous mode
[ 1725.120735][ T1307] hsr_slave_1: left promiscuous mode
[ 1725.121483][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1725.121499][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1725.144696][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1725.144723][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1725.348636][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1725.393439][ T1307] veth1_macvtap: left promiscuous mode
[ 1725.393506][ T1307] veth0_macvtap: left promiscuous mode
[ 1725.393653][ T1307] veth1_vlan: left promiscuous mode
[ 1725.393755][ T1307] veth0_vlan: left promiscuous mode
[ 1725.949687][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.230415][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.411628][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.506354][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.611994][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.857708][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1726.919107][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.040334][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.103254][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.195521][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.257924][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.367393][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.417160][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.560819][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.839027][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1727.900572][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.097544][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.161125][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.227401][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.401154][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.476430][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.541542][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.614972][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.664218][ T1307] team0 (unregistering): Port device team_slave_1 removed
[ 1728.786254][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1728.918316][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.001162][ T1307] team0 (unregistering): Port device team_slave_0 removed
[ 1729.040185][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.137865][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.236003][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.302338][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.394651][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.469465][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.546101][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.624128][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.666498][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.720031][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.787339][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1729.882316][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.017007][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.085594][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.127423][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.319555][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.445620][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.515470][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.515568][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.516063][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.639264][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.823135][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.900960][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.047461][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.201759][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.332896][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.396620][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.455632][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.524554][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.586591][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.708352][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.964479][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.031340][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.231012][T27065] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1732.231118][T27065] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1732.231328][T27065] bridge_slave_1: entered allmulticast mode
[ 1732.232898][T27065] bridge_slave_1: entered promiscuous mode
[ 1732.357362][   T37] kauditd_printk_skb: 27 callbacks suppressed
[ 1732.357380][   T37] audit: type=1326 audit(1761547526.213:4119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.357720][   T37] audit: type=1326 audit(1761547526.213:4120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.370422][   T37] audit: type=1326 audit(1761547526.223:4121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.372112][   T37] audit: type=1326 audit(1761547526.223:4122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.372157][   T37] audit: type=1326 audit(1761547526.223:4123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.372537][   T37] audit: type=1326 audit(1761547526.233:4124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.373150][   T37] audit: type=1326 audit(1761547526.233:4125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.374052][   T37] audit: type=1326 audit(1761547526.233:4126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.374428][   T37] audit: type=1326 audit(1761547526.233:4127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.380597][   T37] audit: type=1326 audit(1761547526.233:4128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27240 comm="syz.1.7562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d280eefc9 code=0x7ffc0000
[ 1732.633966][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.642280][T27094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1732.663453][T27247] bridge1: entered promiscuous mode
[ 1732.663480][T27247] bridge1: entered allmulticast mode
[ 1732.720340][T27247] team0: Port device bridge1 added
[ 1732.876380][T27094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1732.877338][ T6972] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 1732.910678][T25873] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1732.923057][T27065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1733.026600][T27065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1733.073067][T25873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1733.073101][T25873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1733.073122][T25873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1733.073136][T25873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1733.075481][T25873] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1733.075507][T25873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1733.075518][T25873] usb 2-1: Product: syz
[ 1733.075525][T25873] usb 2-1: Manufacturer: syz
[ 1733.075533][T25873] usb 2-1: SerialNumber: syz
[ 1733.078754][T25873] usb 2-1: config 0 descriptor??
[ 1733.110628][T16815] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[ 1733.230103][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1733.301042][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1733.306729][T16815] usb 3-1: Using ep0 maxpacket: 32
[ 1733.322029][T16815] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1733.322056][T16815] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1733.322078][T16815] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1733.322136][T16815] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1733.322157][T16815] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1733.322182][T16815] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1733.322224][T16815] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1733.322246][T16815] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1733.327908][T16815] usb 3-1: config 0 descriptor??
[ 1733.419032][T27094] team0: Port device team_slave_0 added
[ 1733.440395][T25873] adutux 2-1:0.0: Could not retrieve serial number
[ 1733.440598][T25873] adutux 2-1:0.0: probe with driver adutux failed with error -5
[ 1733.639427][T16815] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1733.656159][T16815] usb 3-1: USB disconnect, device number 42
[ 1733.667837][T16815] usblp0: removed
[ 1733.679104][T27247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1733.679538][T27247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1733.715980][T21801] usb 2-1: USB disconnect, device number 50
[ 1733.785127][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1733.812230][T27094] team0: Port device team_slave_1 added
[ 1733.817385][T27065] team0: Port device team_slave_0 added
[ 1733.872904][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1733.970054][T27065] team0: Port device team_slave_1 added
[ 1734.202221][T25873] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[ 1734.224140][T27094] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1734.224156][T27094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.224182][T27094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1734.331042][T25873] usb 3-1: device descriptor read/64, error -71
[ 1734.348126][T27094] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1734.348143][T27094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.348168][T27094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1734.352774][T27065] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1734.352789][T27065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.352815][T27065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1734.376186][T27065] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1734.376203][T27065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.376229][T27065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1734.579988][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1735.074062][T25873] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[ 1735.670717][T25873] usb 3-1: device descriptor read/64, error -71
[ 1735.721758][T27264] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1735.782620][T25873] usb usb3-port1: attempt power cycle
[ 1735.808083][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1735.826969][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1736.240584][T21801] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1736.355261][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1736.387783][T27094] hsr_slave_0: entered promiscuous mode
[ 1736.388642][T27094] hsr_slave_1: entered promiscuous mode
[ 1736.389390][T27094] debugfs: 'hsr0' already exists in 'hsr'
[ 1736.389407][T27094] Cannot create hsr debugfs directory
[ 1736.412609][T21801] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1736.576715][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1737.042095][T21801] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[ 1737.042136][T21801] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1737.092586][T21801] usb 2-1: config 0 descriptor??
[ 1737.291835][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1737.446514][T27065] hsr_slave_0: entered promiscuous mode
[ 1737.447860][T27065] hsr_slave_1: entered promiscuous mode
[ 1737.448997][T27065] debugfs: 'hsr0' already exists in 'hsr'
[ 1737.449024][T27065] Cannot create hsr debugfs directory
[ 1737.564496][T21801] lenovo 0003:17EF:6047.001C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[ 1737.976151][T21801] lenovo 0003:17EF:6047.001C: Failed to switch middle button: -71
[ 1737.976721][T21801] lenovo 0003:17EF:6047.001C: Fn-lock setting failed: -71
[ 1737.977397][T21801] lenovo 0003:17EF:6047.001C: Sensitivity setting failed: -71
[ 1738.016916][T21801] usb 2-1: USB disconnect, device number 51
[ 1738.252211][T27293] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1738.356654][T27298] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1738.411121][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1738.459121][ T1307] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1738.676137][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1738.998332][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1739.547432][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1739.589093][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1739.929838][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1740.177322][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1740.684534][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1740.927979][ T1307] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1741.380792][T26535] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1741.514622][ T1307] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1741.531323][T26535] usb 2-1: device descriptor read/64, error -71
[ 1741.771189][T26535] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1741.851656][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1741.886903][ T1307] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1741.910673][T26535] usb 2-1: device descriptor read/64, error -71
[ 1742.020945][T26535] usb usb2-port1: attempt power cycle
[ 1742.584885][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1742.586187][T26535] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1742.631668][T26535] usb 2-1: device descriptor read/8, error -71
[ 1742.634414][T27094] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1743.605600][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1743.622555][T27094] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1743.664802][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1743.750663][T26535] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1743.771669][T26535] usb 2-1: device descriptor read/8, error -71
[ 1743.881236][T26535] usb usb2-port1: unable to enumerate USB device
[ 1744.085160][ T1307] bridge_slave_1: left allmulticast mode
[ 1744.085188][ T1307] bridge_slave_1: left promiscuous mode
[ 1744.085432][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1744.169816][T27338] Process accounting resumed
[ 1744.182211][ T1307] bridge_slave_0: left allmulticast mode
[ 1744.182236][ T1307] bridge_slave_0: left promiscuous mode
[ 1744.182489][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1744.249982][T27342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7593'.
[ 1744.250004][T27342] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7593'.
[ 1744.250028][T27342] netlink: 'syz.1.7593': attribute type 12 has an invalid length.
[ 1744.592255][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1744.624420][ T5970] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1744.763854][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1744.771086][ T5970] usb 2-1: device descriptor read/64, error -71
[ 1744.860158][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1744.881778][T27349] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1744.932183][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1744.996564][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1745.010669][ T5970] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1745.273053][ T5970] usb 2-1: device descriptor read/64, error -71
[ 1745.342597][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1745.423201][ T5970] usb usb2-port1: attempt power cycle
[ 1745.477128][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1745.528289][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1745.580693][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1745.770651][ T5970] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1745.793128][ T5970] usb 2-1: device descriptor read/8, error -71
[ 1745.917364][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1746.141179][ T5970] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1746.162087][ T5970] usb 2-1: device descriptor read/8, error -71
[ 1746.301252][ T5970] usb usb2-port1: unable to enumerate USB device
[ 1746.415051][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1746.664430][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1746.981478][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1747.041457][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1747.063290][ T1307] bond0 (unregistering): Released all slaves
[ 1747.101098][T27094] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1747.172492][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.180666][T27094] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1747.457028][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.521818][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.604304][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1747.889061][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1748.040635][T25873] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1748.170609][T25873] usb 2-1: device descriptor read/64, error -71
[ 1748.177306][T27379] overlayfs: failed to clone lowerpath
[ 1748.211786][T27065] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1748.242218][T27380] overlayfs: failed to clone upperpath
[ 1748.422670][T25873] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1748.431952][T27065] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1748.550580][T25873] usb 2-1: device descriptor read/64, error -71
[ 1748.661169][T25873] usb usb2-port1: attempt power cycle
[ 1748.776713][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1749.353158][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1749.819533][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1750.054773][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1750.103542][T25873] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1750.131501][T25873] usb 2-1: device descriptor read/8, error -71
[ 1750.198600][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1750.359665][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1750.514955][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1751.120620][T25873] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1751.235930][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1751.291224][T25873] usb 2-1: device descriptor read/8, error -71
[ 1751.298358][T27065] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1751.401270][T25873] usb usb2-port1: unable to enumerate USB device
[ 1751.438314][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1751.468819][T27065] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1751.623679][ T1307] hsr_slave_0: left promiscuous mode
[ 1751.670981][ T1307] hsr_slave_1: left promiscuous mode
[ 1751.672045][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1751.672070][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1751.705564][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1751.705591][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1751.823616][T26535] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1751.859670][ T1307] veth1_macvtap: left promiscuous mode
[ 1751.859742][ T1307] veth0_macvtap: left promiscuous mode
[ 1751.859886][ T1307] veth1_vlan: left promiscuous mode
[ 1751.859987][ T1307] veth0_vlan: left promiscuous mode
[ 1751.998289][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1752.020573][T26535] usb 3-1: Using ep0 maxpacket: 16
[ 1752.026092][T26535] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1752.026142][T26535] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[ 1752.026166][T26535] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1752.067742][T26535] usb 3-1: config 0 descriptor??
[ 1752.494238][T26535] hkems 0003:2006:0118.001D: collection stack underflow
[ 1752.494273][T26535] hkems 0003:2006:0118.001D: item 0 4 0 12 parsing failed
[ 1752.495052][T26535] hkems 0003:2006:0118.001D: parse failed
[ 1752.495123][T26535] hkems 0003:2006:0118.001D: probe with driver hkems failed with error -22
[ 1752.657542][   T37] kauditd_printk_skb: 21 callbacks suppressed
[ 1752.657560][   T37] audit: type=1800 audit(1761547546.513:4150): pid=27424 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.7615" name="nullb0" dev="tmpfs" ino=1077 res=0 errno=0
[ 1752.939167][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1752.995004][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.062576][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.446570][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.568078][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.618974][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.786080][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.843063][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.919718][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1753.983001][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1754.049138][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1754.470885][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1754.600893][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1754.858945][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1754.923497][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.045806][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.221650][ T1307] team0 (unregistering): Port device team_slave_1 removed
[ 1755.259303][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.326973][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.408914][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.454122][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.521122][ T1307] team0 (unregistering): Port device team_slave_0 removed
[ 1755.636472][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.745603][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.817814][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.929873][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.051507][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.105872][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.178839][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.234628][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.290872][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.407999][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.475135][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.593513][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.673153][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.841576][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1756.979374][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.109395][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.252598][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.594809][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.653979][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.766607][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.905532][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.968653][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.146888][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.170613][T27425] Bluetooth: hci4: command 0x0406 tx timeout
[ 1758.208882][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.373319][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.497430][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.700912][T25873] usb 3-1: USB disconnect, device number 46
[ 1758.839669][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.040553][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.172560][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.200368][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.249412][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.390300][T27094] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1759.451506][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.535368][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.611266][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.674778][T27094] 8021q: adding VLAN 0 to HW filter on device team0
[ 1759.680777][T25873] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[ 1759.738617][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.806697][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1759.806840][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1759.807406][T27444] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7620'.
[ 1759.810655][T25873] usb 3-1: device descriptor read/64, error -71
[ 1759.814658][T27065] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1759.900308][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.925586][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1759.929089][ T6486] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1759.985991][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1760.073952][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1760.077157][T27065] 8021q: adding VLAN 0 to HW filter on device team0
[ 1760.080117][T25873] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1760.110375][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1760.118679][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1760.167531][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1760.167672][ T6486] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1760.210579][T25873] usb 3-1: device descriptor read/64, error -71
[ 1760.210684][   T37] audit: type=1800 audit(1761547554.063:4151): pid=27455 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.7625" name="nullb0" dev="tmpfs" ino=1077 res=0 errno=0
[ 1760.313962][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1760.321776][T25873] usb usb3-port1: attempt power cycle
[ 1760.552925][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1760.645694][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1760.918917][T27065] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1761.272468][T25873] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1761.297061][T25873] usb 3-1: device descriptor read/8, error -71
[ 1761.342439][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1761.530663][T25873] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1761.551368][T25873] usb 3-1: device descriptor read/8, error -71
[ 1761.583941][T27094] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1761.661148][T25873] usb usb3-port1: unable to enumerate USB device
[ 1761.737622][T27065] veth0_vlan: entered promiscuous mode
[ 1761.774401][T27065] veth1_vlan: entered promiscuous mode
[ 1761.842559][T27065] veth0_macvtap: entered promiscuous mode
[ 1761.847156][T27065] veth1_macvtap: entered promiscuous mode
[ 1761.919739][T27065] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1761.950152][T27065] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1761.967674][ T6254] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1761.967902][ T6254] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1761.967939][ T6254] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1761.967973][ T6254] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1762.138303][T27498] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1762.398080][T16057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1762.398102][T16057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1762.577574][ T6254] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1762.577594][ T6254] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1762.924151][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1762.951419][T27094] veth0_vlan: entered promiscuous mode
[ 1763.023636][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.509690][T27094] veth1_vlan: entered promiscuous mode
[ 1763.699614][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.749572][T27094] veth0_macvtap: entered promiscuous mode
[ 1763.776466][T27094] veth1_macvtap: entered promiscuous mode
[ 1763.869463][T27094] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1763.904862][T27094] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1763.930343][ T6275] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1763.948281][ T6275] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1763.949807][ T6275] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1763.951047][ T6275] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1764.166917][T27516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1764.167343][T27516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1765.089365][ T5970] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1765.631064][ T5970] usb 7-1: Using ep0 maxpacket: 16
[ 1765.779342][ T5970] usb 7-1: config 0 has an invalid interface number: 18 but max is 0
[ 1765.779370][ T5970] usb 7-1: config 0 has no interface number 0
[ 1765.779407][ T5970] usb 7-1: config 0 interface 18 has no altsetting 0
[ 1766.398787][ T5970] usb 7-1: New USB device found, idVendor=55aa, idProduct=a103, bcdDevice=7a.1a
[ 1766.398820][ T5970] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1766.398839][ T5970] usb 7-1: Product: syz
[ 1766.398853][ T5970] usb 7-1: Manufacturer: syz
[ 1766.398867][ T5970] usb 7-1: SerialNumber: syz
[ 1767.199116][ T5970] usb 7-1: config 0 descriptor??
[ 1767.436814][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1767.436835][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1767.493819][ T5970] usb 7-1: can't set config #0, error -71
[ 1767.527860][ T5970] usb 7-1: USB disconnect, device number 2
[ 1767.613841][T27524] tmpfs: Unknown parameter '00000000000000000000'
[ 1767.669529][T27526] FAULT_INJECTION: forcing a failure.
[ 1767.669529][T27526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1767.669562][T27526] CPU: 1 UID: 0 PID: 27526 Comm: syz.2.7639 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1767.669584][T27526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1767.669596][T27526] Call Trace:
[ 1767.669604][T27526]  <TASK>
[ 1767.669612][T27526]  dump_stack_lvl+0x189/0x250
[ 1767.669642][T27526]  ? __pfx____ratelimit+0x10/0x10
[ 1767.669665][T27526]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1767.669689][T27526]  ? __pfx__printk+0x10/0x10
[ 1767.669711][T27526]  ? __might_fault+0xb0/0x130
[ 1767.669746][T27526]  should_fail_ex+0x46c/0x600
[ 1767.669776][T27526]  _copy_from_user+0x2d/0xb0
[ 1767.669796][T27526]  sock_do_ioctl+0x182/0x300
[ 1767.669823][T27526]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1767.669853][T27526]  ? __asan_memset+0x22/0x50
[ 1767.669873][T27526]  ? smack_file_ioctl+0x24d/0x340
[ 1767.669902][T27526]  sock_ioctl+0x579/0x790
[ 1767.669927][T27526]  ? __pfx_sock_ioctl+0x10/0x10
[ 1767.669953][T27526]  ? __fget_files+0x3a6/0x420
[ 1767.669975][T27526]  ? __fget_files+0x2a/0x420
[ 1767.670002][T27526]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1767.670019][T27526]  ? __pfx_sock_ioctl+0x10/0x10
[ 1767.670041][T27526]  __se_sys_ioctl+0xff/0x170
[ 1767.670064][T27526]  do_syscall_64+0xfa/0xfa0
[ 1767.670084][T27526]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1767.670105][T27526]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.670123][T27526]  ? clear_bhb_loop+0x60/0xb0
[ 1767.670145][T27526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.670163][T27526] RIP: 0033:0x7fced26eefc9
[ 1767.670180][T27526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1767.670196][T27526] RSP: 002b:00007fced094e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1767.670216][T27526] RAX: ffffffffffffffda RBX: 00007fced2945fa0 RCX: 00007fced26eefc9
[ 1767.670230][T27526] RDX: 0000200000000180 RSI: 0000000000008946 RDI: 0000000000000004
[ 1767.670242][T27526] RBP: 00007fced094e090 R08: 0000000000000000 R09: 0000000000000000
[ 1767.670254][T27526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1767.670266][T27526] R13: 00007fced2946038 R14: 00007fced2945fa0 R15: 00007fff59b50158
[ 1767.670299][T27526]  </TASK>
[ 1767.878194][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1767.986650][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.100139][T20501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1768.100159][T20501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1768.296143][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.675830][ T5970] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1768.811110][ T5970] usb 3-1: device descriptor read/64, error -71
[ 1768.941974][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1769.063850][ T5970] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1769.250657][ T5970] usb 3-1: device descriptor read/64, error -71
[ 1769.335748][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1769.361130][ T5970] usb usb3-port1: attempt power cycle
[ 1769.365768][T27542] tipc: Started in network mode
[ 1769.365809][T27542] tipc: Node identity e2f0056c1ba8, cluster identity 4711
[ 1769.366017][T27542] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1769.366983][T27542] syzkaller0: entered promiscuous mode
[ 1769.367004][T27542] syzkaller0: entered allmulticast mode
[ 1769.426575][T27547] FAULT_INJECTION: forcing a failure.
[ 1769.426575][T27547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1769.426596][T27547] CPU: 0 UID: 0 PID: 27547 Comm: syz.7.7516 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1769.426609][T27547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1769.426616][T27547] Call Trace:
[ 1769.426621][T27547]  <TASK>
[ 1769.426625][T27547]  dump_stack_lvl+0x189/0x250
[ 1769.426652][T27547]  ? __pfx____ratelimit+0x10/0x10
[ 1769.426673][T27547]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1769.426696][T27547]  ? __pfx__printk+0x10/0x10
[ 1769.426730][T27547]  should_fail_ex+0x46c/0x600
[ 1769.426759][T27547]  _copy_to_user+0x31/0xb0
[ 1769.426779][T27547]  copy_to_sockptr+0x5e/0xa0
[ 1769.426792][T27547]  do_ipv6_getsockopt+0x13ec/0x2300
[ 1769.426810][T27547]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[ 1769.426835][T27547]  ? get_pid_task+0x20/0x1f0
[ 1769.426859][T27547]  ? __lock_acquire+0xab9/0xd20
[ 1769.426880][T27547]  ipv6_getsockopt+0xbd/0x290
[ 1769.426897][T27547]  ? __pfx_ipv6_getsockopt+0x10/0x10
[ 1769.426911][T27547]  ? sock_common_getsockopt+0x2d/0xb0
[ 1769.426925][T27547]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1769.426939][T27547]  do_sock_getsockopt+0x372/0x450
[ 1769.426953][T27547]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1769.426963][T27547]  ? do_syscall_64+0xa0/0xfa0
[ 1769.426976][T27547]  ? __fget_files+0x2a/0x420
[ 1769.426989][T27547]  ? __fget_files+0x3a6/0x420
[ 1769.427002][T27547]  ? __fget_files+0x2a/0x420
[ 1769.427019][T27547]  __x64_sys_getsockopt+0x1ab/0x250
[ 1769.427029][T27547]  ? do_syscall_64+0xa0/0xfa0
[ 1769.427042][T27547]  ? do_syscall_64+0xa0/0xfa0
[ 1769.427055][T27547]  do_syscall_64+0xfa/0xfa0
[ 1769.427066][T27547]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1769.427079][T27547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.427089][T27547]  ? clear_bhb_loop+0x60/0xb0
[ 1769.427100][T27547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.427110][T27547] RIP: 0033:0x7f59289eefc9
[ 1769.427120][T27547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1769.427129][T27547] RSP: 002b:00007f5926c56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1769.427146][T27547] RAX: ffffffffffffffda RBX: 00007f5928c45fa0 RCX: 00007f59289eefc9
[ 1769.427154][T27547] RDX: 0000000000000006 RSI: 0000000000000029 RDI: 0000000000000003
[ 1769.427160][T27547] RBP: 00007f5926c56090 R08: 0000200000000080 R09: 0000000000000000
[ 1769.427167][T27547] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[ 1769.427173][T27547] R13: 00007f5928c46038 R14: 00007f5928c45fa0 R15: 00007ffe237a8f88
[ 1769.427190][T27547]  </TASK>
[ 1769.573247][T27549] netlink: 128 bytes leftover after parsing attributes in process `syz.7.7647'.
[ 1769.573316][T27549] netlink: 'syz.7.7647': attribute type 5 has an invalid length.
[ 1769.781515][ T5970] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1769.811414][ T5970] usb 3-1: device descriptor read/8, error -71
[ 1770.065598][ T5970] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1770.126952][ T5970] usb 3-1: device descriptor read/8, error -71
[ 1770.232436][ T5970] usb usb3-port1: unable to enumerate USB device
[ 1770.280851][T27551] tipc: Resetting bearer <eth:syzkaller0>
[ 1770.382490][T27541] tipc: Resetting bearer <eth:syzkaller0>
[ 1770.520614][T26535] tipc: Node number set to 4183295340
[ 1771.082565][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1771.566204][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1771.583672][T27562] FAULT_INJECTION: forcing a failure.
[ 1771.583672][T27562] name failslab, interval 1, probability 0, space 0, times 0
[ 1771.583705][T27562] CPU: 1 UID: 0 PID: 27562 Comm: syz.7.7649 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1771.583735][T27562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1771.583746][T27562] Call Trace:
[ 1771.583754][T27562]  <TASK>
[ 1771.583763][T27562]  dump_stack_lvl+0x189/0x250
[ 1771.583793][T27562]  ? __pfx____ratelimit+0x10/0x10
[ 1771.583816][T27562]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1771.583840][T27562]  ? __pfx__printk+0x10/0x10
[ 1771.583868][T27562]  ? __pfx___might_resched+0x10/0x10
[ 1771.583893][T27562]  should_fail_ex+0x46c/0x600
[ 1771.583921][T27562]  should_failslab+0xa8/0x100
[ 1771.583948][T27562]  __kmalloc_noprof+0xcc/0x7d0
[ 1771.583969][T27562]  ? kfree+0x51/0x950
[ 1771.583985][T27562]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1771.584013][T27562]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1771.584036][T27562]  ? tomoyo_domain+0xda/0x130
[ 1771.584063][T27562]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1771.584088][T27562]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1771.584116][T27562]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1771.584146][T27562]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1771.584170][T27562]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1771.584223][T27562]  ? __fget_files+0x2a/0x420
[ 1771.584250][T27562]  ? __fget_files+0x3a6/0x420
[ 1771.584272][T27562]  ? __fget_files+0x2a/0x420
[ 1771.584299][T27562]  security_file_ioctl+0xcb/0x2d0
[ 1771.584320][T27562]  __se_sys_ioctl+0x47/0x170
[ 1771.584343][T27562]  do_syscall_64+0xfa/0xfa0
[ 1771.584363][T27562]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1771.584384][T27562]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1771.584403][T27562]  ? clear_bhb_loop+0x60/0xb0
[ 1771.584425][T27562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1771.584442][T27562] RIP: 0033:0x7f59289eefc9
[ 1771.584459][T27562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1771.584474][T27562] RSP: 002b:00007f5926c56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1771.584493][T27562] RAX: ffffffffffffffda RBX: 00007f5928c45fa0 RCX: 00007f59289eefc9
[ 1771.584507][T27562] RDX: 0000000000000000 RSI: 00000000c0189379 RDI: 0000000000000003
[ 1771.584519][T27562] RBP: 00007f5926c56090 R08: 0000000000000000 R09: 0000000000000000
[ 1771.584530][T27562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1771.584541][T27562] R13: 00007f5928c46038 R14: 00007f5928c45fa0 R15: 00007ffe237a8f88
[ 1771.584576][T27562]  </TASK>
[ 1771.584583][T27562] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1771.704435][T27541] tipc: Disabling bearer <eth:syzkaller0>
[ 1771.830566][T25873] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1771.983561][T25873] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1771.983596][T25873] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1771.983635][T25873] usb 7-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 1771.983659][T25873] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1771.989569][T25873] usb 7-1: config 0 descriptor??
[ 1772.378787][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1772.558079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1772.613271][T27579] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1772.652992][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1772.741795][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1772.986566][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1773.033068][T25873] samsung 0003:0419:0600.001E: unknown main item tag 0x0
[ 1773.033108][T25873] samsung 0003:0419:0600.001E: unknown main item tag 0x0
[ 1773.060883][T25873] samsung 0003:0419:0600.001E: hidraw0: USB HID v0.80 Device [HID 0419:0600] on usb-dummy_hcd.6-1/input0
[ 1773.298953][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1773.476329][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1773.669670][T27592] FAULT_INJECTION: forcing a failure.
[ 1773.669670][T27592] name failslab, interval 1, probability 0, space 0, times 0
[ 1773.669702][T27592] CPU: 1 UID: 0 PID: 27592 Comm: syz.7.7659 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1773.669721][T27592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1773.669732][T27592] Call Trace:
[ 1773.669741][T27592]  <TASK>
[ 1773.669749][T27592]  dump_stack_lvl+0x189/0x250
[ 1773.669779][T27592]  ? __pfx____ratelimit+0x10/0x10
[ 1773.669800][T27592]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1773.669824][T27592]  ? __pfx__printk+0x10/0x10
[ 1773.669849][T27592]  ? __pfx___might_resched+0x10/0x10
[ 1773.669868][T27592]  ? fs_reclaim_acquire+0x7d/0x100
[ 1773.669895][T27592]  should_fail_ex+0x46c/0x600
[ 1773.669922][T27592]  ? sock_alloc_inode+0x28/0xc0
[ 1773.669944][T27592]  should_failslab+0xa8/0x100
[ 1773.669969][T27592]  ? sock_alloc_inode+0x28/0xc0
[ 1773.669989][T27592]  kmem_cache_alloc_lru_noprof+0x74/0x6b0
[ 1773.670010][T27592]  ? __lock_acquire+0xab9/0xd20
[ 1773.670038][T27592]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1773.670060][T27592]  sock_alloc_inode+0x28/0xc0
[ 1773.670082][T27592]  alloc_inode+0x6a/0x1b0
[ 1773.670106][T27592]  do_accept+0x117/0x680
[ 1773.670124][T27592]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1773.670148][T27592]  ? __pfx_do_accept+0x10/0x10
[ 1773.670187][T27592]  __sys_accept4+0x11c/0x1c0
[ 1773.670208][T27592]  ? __pfx___sys_accept4+0x10/0x10
[ 1773.670223][T27592]  ? ksys_write+0x230/0x260
[ 1773.670247][T27592]  ? __pfx_ksys_write+0x10/0x10
[ 1773.670273][T27592]  __x64_sys_accept4+0x9a/0xb0
[ 1773.670293][T27592]  do_syscall_64+0xfa/0xfa0
[ 1773.670314][T27592]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1773.670334][T27592]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1773.670352][T27592]  ? clear_bhb_loop+0x60/0xb0
[ 1773.670374][T27592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1773.670392][T27592] RIP: 0033:0x7f59289eefc9
[ 1773.670409][T27592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1773.670424][T27592] RSP: 002b:00007f5926c56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1773.670448][T27592] RAX: ffffffffffffffda RBX: 00007f5928c45fa0 RCX: 00007f59289eefc9
[ 1773.670460][T27592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1773.670470][T27592] RBP: 00007f5926c56090 R08: 0000000000000000 R09: 0000000000000000
[ 1773.670488][T27592] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[ 1773.670499][T27592] R13: 00007f5928c46038 R14: 00007f5928c45fa0 R15: 00007ffe237a8f88
[ 1773.670529][T27592]  </TASK>
[ 1773.730553][  T995] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[ 1773.943006][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1773.943040][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1773.945336][  T995] usb 2-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b
[ 1773.945363][  T995] usb 2-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0
[ 1773.945383][  T995] usb 2-1: Manufacturer: syz
[ 1773.997737][  T995] usb 2-1: config 0 descriptor??
[ 1774.286725][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1775.024588][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1775.161515][  T995] usbhid 2-1:0.0: can't add hid device: -71
[ 1775.161736][  T995] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1775.193775][  T995] usb 2-1: USB disconnect, device number 64
[ 1775.476272][   T37] audit: type=1326 audit(1761547569.333:4152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476331][   T37] audit: type=1326 audit(1761547569.333:4153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476360][   T37] audit: type=1326 audit(1761547569.333:4154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476382][   T37] audit: type=1326 audit(1761547569.333:4155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=40000003 syscall=15 compat=1 ip=0x200000000006 code=0x7ffc0000
[ 1775.476404][   T37] audit: type=1326 audit(1761547569.333:4156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476428][   T37] audit: type=1326 audit(1761547569.333:4157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476451][   T37] audit: type=1326 audit(1761547569.333:4158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f59289eda7f code=0x7ffc0000
[ 1775.476473][   T37] audit: type=1326 audit(1761547569.333:4159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476496][   T37] audit: type=1326 audit(1761547569.333:4160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1775.476518][   T37] audit: type=1326 audit(1761547569.333:4161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27606 comm="syz.7.7662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f59289eefc9 code=0x7ffc0000
[ 1776.174617][T27616] netlink: 'syz.1.7664': attribute type 1 has an invalid length.
[ 1776.288123][ T5970] usb 7-1: USB disconnect, device number 3
[ 1776.437140][T27617] bridge2: entered allmulticast mode
[ 1776.478630][T27617] team0: Port device bridge2 added
[ 1777.383926][T27640] FAULT_INJECTION: forcing a failure.
[ 1777.383926][T27640] name failslab, interval 1, probability 0, space 0, times 0
[ 1777.383958][T27640] CPU: 1 UID: 0 PID: 27640 Comm: syz.7.7673 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1777.383979][T27640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1777.383990][T27640] Call Trace:
[ 1777.383998][T27640]  <TASK>
[ 1777.384007][T27640]  dump_stack_lvl+0x189/0x250
[ 1777.384035][T27640]  ? __pfx____ratelimit+0x10/0x10
[ 1777.384056][T27640]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1777.384080][T27640]  ? __pfx__printk+0x10/0x10
[ 1777.384116][T27640]  ? __pfx___might_resched+0x10/0x10
[ 1777.384139][T27640]  should_fail_ex+0x46c/0x600
[ 1777.384173][T27640]  should_failslab+0xa8/0x100
[ 1777.384197][T27640]  __kmalloc_noprof+0xcc/0x7d0
[ 1777.384219][T27640]  ? kfree+0x51/0x950
[ 1777.384235][T27640]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1777.384262][T27640]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1777.384284][T27640]  ? tomoyo_domain+0xda/0x130
[ 1777.384312][T27640]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1777.384336][T27640]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1777.384364][T27640]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1777.384393][T27640]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1777.384415][T27640]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1777.384468][T27640]  ? __fget_files+0x2a/0x420
[ 1777.384497][T27640]  ? __fget_files+0x3a6/0x420
[ 1777.384518][T27640]  ? __fget_files+0x2a/0x420
[ 1777.384545][T27640]  security_file_ioctl+0xcb/0x2d0
[ 1777.384566][T27640]  __se_sys_ioctl+0x47/0x170
[ 1777.384590][T27640]  do_syscall_64+0xfa/0xfa0
[ 1777.384611][T27640]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1777.384632][T27640]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1777.384650][T27640]  ? clear_bhb_loop+0x60/0xb0
[ 1777.384672][T27640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1777.384689][T27640] RIP: 0033:0x7f59289eefc9
[ 1777.384706][T27640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1777.384721][T27640] RSP: 002b:00007f5926c56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1777.384741][T27640] RAX: ffffffffffffffda RBX: 00007f5928c45fa0 RCX: 00007f59289eefc9
[ 1777.384755][T27640] RDX: 0000000000000000 RSI: 00000000000007b2 RDI: 0000000000000003
[ 1777.384766][T27640] RBP: 00007f5926c56090 R08: 0000000000000000 R09: 0000000000000000
[ 1777.384778][T27640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1777.384789][T27640] R13: 00007f5928c46038 R14: 00007f5928c45fa0 R15: 00007ffe237a8f88
[ 1777.384823][T27640]  </TASK>
[ 1777.384831][T27640] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1777.722816][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1778.263205][ T5964] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1778.282327][T27662] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7682'.
[ 1778.422957][ T5964] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1778.422990][ T5964] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1778.423029][ T5964] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[ 1778.423051][ T5964] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1778.430008][ T5964] usb 3-1: config 0 descriptor??
[ 1778.695467][T27670] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1778.858459][ T5964] samsung 0003:0419:0600.001F: unknown main item tag 0x0
[ 1778.858503][ T5964] samsung 0003:0419:0600.001F: unknown main item tag 0x0
[ 1778.881364][ T5964] samsung 0003:0419:0600.001F: hidraw0: USB HID v0.80 Device [HID 0419:0600] on usb-dummy_hcd.2-1/input0
[ 1779.101400][T27686] netlink: 84 bytes leftover after parsing attributes in process `syz.7.7691'.
[ 1779.252898][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1780.007768][T27707] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1780.255877][T27710] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1780.257096][T27710] syzkaller0: entered promiscuous mode
[ 1780.257119][T27710] syzkaller0: entered allmulticast mode
[ 1780.355992][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1780.754633][T27718] tipc: Resetting bearer <eth:syzkaller0>
[ 1780.802937][T27709] tipc: Resetting bearer <eth:syzkaller0>
[ 1780.975521][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1781.138877][T27709] tipc: Disabling bearer <eth:syzkaller0>
[ 1781.233540][T27726] FAULT_INJECTION: forcing a failure.
[ 1781.233540][T27726] name failslab, interval 1, probability 0, space 0, times 0
[ 1781.233593][T27726] CPU: 1 UID: 0 PID: 27726 Comm: syz.7.7703 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1781.233615][T27726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1781.233627][T27726] Call Trace:
[ 1781.233635][T27726]  <TASK>
[ 1781.233644][T27726]  dump_stack_lvl+0x189/0x250
[ 1781.233674][T27726]  ? __pfx____ratelimit+0x10/0x10
[ 1781.233697][T27726]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1781.233721][T27726]  ? __pfx__printk+0x10/0x10
[ 1781.233756][T27726]  ? __pfx___might_resched+0x10/0x10
[ 1781.233781][T27726]  should_fail_ex+0x46c/0x600
[ 1781.233811][T27726]  should_failslab+0xa8/0x100
[ 1781.233837][T27726]  __kmalloc_noprof+0xcc/0x7d0
[ 1781.233860][T27726]  ? copy_splice_read+0x143/0xa60
[ 1781.233888][T27726]  copy_splice_read+0x143/0xa60
[ 1781.233918][T27726]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1781.233941][T27726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1781.233964][T27726]  ? __pfx_copy_splice_read+0x10/0x10
[ 1781.233985][T27726]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1781.234006][T27726]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1781.234040][T27726]  ? wait_for_space+0x248/0x2d0
[ 1781.234070][T27726]  ? __pfx_copy_splice_read+0x10/0x10
[ 1781.234092][T27726]  splice_file_to_pipe+0x27f/0x450
[ 1781.234121][T27726]  do_splice+0xdd8/0x1680
[ 1781.234163][T27726]  ? __fget_files+0x2a/0x420
[ 1781.234191][T27726]  ? __pfx_do_splice+0x10/0x10
[ 1781.234225][T27726]  __se_sys_splice+0x2e1/0x460
[ 1781.234255][T27726]  ? __pfx___se_sys_splice+0x10/0x10
[ 1781.234278][T27726]  ? __secure_computing+0xe2/0x2a0
[ 1781.234299][T27726]  ? __x64_sys_splice+0x21/0xf0
[ 1781.234326][T27726]  do_syscall_64+0xfa/0xfa0
[ 1781.234346][T27726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1781.234367][T27726]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1781.234385][T27726]  ? clear_bhb_loop+0x60/0xb0
[ 1781.234408][T27726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1781.234425][T27726] RIP: 0033:0x7f59289eefc9
[ 1781.234442][T27726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1781.234458][T27726] RSP: 002b:00007f5926c56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 1781.234478][T27726] RAX: ffffffffffffffda RBX: 00007f5928c45fa0 RCX: 00007f59289eefc9
[ 1781.234492][T27726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1781.234504][T27726] RBP: 00007f5926c56090 R08: 000000007ffff000 R09: 0000000000000001
[ 1781.234517][T27726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1781.234528][T27726] R13: 00007f5928c46038 R14: 00007f5928c45fa0 R15: 00007ffe237a8f88
[ 1781.234561][T27726]  </TASK>
[ 1782.156681][T27740] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1782.446782][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1782.679602][  T992] usb 3-1: USB disconnect, device number 55
[ 1783.221042][ T5964] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1783.641373][ T5964] usb 2-1: device descriptor read/64, error -71
[ 1784.267926][ T5964] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1784.400577][ T5964] usb 2-1: device descriptor read/64, error -71
[ 1784.425664][T27768] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1784.511058][ T5964] usb usb2-port1: attempt power cycle
[ 1784.860568][ T5964] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1785.022439][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1785.024519][T26535] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1785.062084][ T5964] usb 2-1: device descriptor read/8, error -71
[ 1785.332123][ T5964] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 1785.358118][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1785.493355][T26535] usb 3-1: Using ep0 maxpacket: 32
[ 1785.720299][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1785.815108][T26535] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1785.815136][T26535] usb 3-1: config 0 has no interfaces?
[ 1785.818186][T26535] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1785.818213][T26535] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1785.818232][T26535] usb 3-1: Product: syz
[ 1785.818247][T26535] usb 3-1: Manufacturer: syz
[ 1785.818262][T26535] usb 3-1: SerialNumber: syz
[ 1785.965373][T26535] usb 3-1: config 0 descriptor??
[ 1786.165800][ T5964] usb 2-1: device descriptor read/8, error -71
[ 1786.281349][ T5964] usb usb2-port1: unable to enumerate USB device
[ 1786.645068][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1786.685553][T27791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1786.685998][T27791] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1787.102406][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1787.571327][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1787.949096][   T37] kauditd_printk_skb: 1 callbacks suppressed
[ 1787.949113][   T37] audit: type=1800 audit(1761547581.803:4163): pid=27795 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.7729" name="nullb0" dev="tmpfs" ino=1077 res=0 errno=0
[ 1787.967998][T26535] usb 3-1: USB disconnect, device number 56
[ 1788.333987][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1788.473832][T16815] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 1789.039628][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1789.249807][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1789.348471][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1789.459919][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1789.816426][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1790.743846][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1790.746152][T16815] usb 2-1: device descriptor read/64, error -71
[ 1791.020617][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1791.071948][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1791.080594][T16815] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1791.191114][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1791.475167][ T5970] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1791.830642][ T5970] usb 7-1: Using ep0 maxpacket: 32
[ 1791.833232][ T5970] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1791.833257][ T5970] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1791.833277][ T5970] usb 7-1: config 0 has no interface number 0
[ 1791.833325][ T5970] usb 7-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1791.863728][ T5970] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1791.863758][ T5970] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1791.863778][ T5970] usb 7-1: Product: syz
[ 1791.863793][ T5970] usb 7-1: Manufacturer: syz
[ 1791.863807][ T5970] usb 7-1: SerialNumber: syz
[ 1791.915328][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1791.940661][T16815] usb 2-1: device descriptor read/64, error -71
[ 1791.976168][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.976238][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.031424][ T5970] usb 7-1: config 0 descriptor??
[ 1792.043667][ T5970] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1792.266216][ T5970] usb 7-1: qt2_setup_urbs - submit read urb failed -8
[ 1792.266475][ T5970] quatech2 7-1:0.51: probe with driver quatech2 failed with error -8
[ 1792.291640][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1792.330391][T16815] usb usb2-port1: attempt power cycle
[ 1792.426519][T27847] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1792.937916][T27834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1792.938369][T27834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1792.963140][ T5970] usb 7-1: USB disconnect, device number 4
[ 1793.026297][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1793.104042][T27846] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1793.186065][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1793.389451][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1794.374214][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1794.670213][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1794.939186][T27875] FAULT_INJECTION: forcing a failure.
[ 1794.939186][T27875] name failslab, interval 1, probability 0, space 0, times 0
[ 1794.939220][T27875] CPU: 1 UID: 0 PID: 27875 Comm: syz.2.7756 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1794.939242][T27875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1794.939254][T27875] Call Trace:
[ 1794.939263][T27875]  <TASK>
[ 1794.939271][T27875]  dump_stack_lvl+0x189/0x250
[ 1794.939301][T27875]  ? __pfx____ratelimit+0x10/0x10
[ 1794.939323][T27875]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1794.939347][T27875]  ? __pfx__printk+0x10/0x10
[ 1794.939375][T27875]  ? __pfx___might_resched+0x10/0x10
[ 1794.939395][T27875]  ? fs_reclaim_acquire+0x7d/0x100
[ 1794.939423][T27875]  should_fail_ex+0x46c/0x600
[ 1794.939451][T27875]  ? __alloc_skb+0x112/0x2d0
[ 1794.939468][T27875]  should_failslab+0xa8/0x100
[ 1794.939492][T27875]  ? __alloc_skb+0x112/0x2d0
[ 1794.939507][T27875]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 1794.939530][T27875]  ? __lock_acquire+0xab9/0xd20
[ 1794.939558][T27875]  __alloc_skb+0x112/0x2d0
[ 1794.939590][T27875]  alloc_skb_with_frags+0xca/0x890
[ 1794.939625][T27875]  sock_alloc_send_pskb+0x859/0x990
[ 1794.939667][T27875]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1794.939695][T27875]  ? dev_get_by_index+0x22/0x2e0
[ 1794.939717][T27875]  ? dev_get_by_index+0x22/0x2e0
[ 1794.939747][T27875]  packet_sendmsg+0x33a0/0x5080
[ 1794.939783][T27875]  ? __might_fault+0xb0/0x130
[ 1794.939809][T27875]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1794.939844][T27875]  ? smack_socket_sendmsg+0x1fa/0x520
[ 1794.939867][T27875]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1794.939891][T27875]  ? __lock_acquire+0xab9/0xd20
[ 1794.939913][T27875]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1794.939939][T27875]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1794.939972][T27875]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1794.939994][T27875]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1794.940013][T27875]  __sock_sendmsg+0x21c/0x270
[ 1794.940041][T27875]  __sys_sendto+0x3c7/0x520
[ 1794.940063][T27875]  ? __pfx___sys_sendto+0x10/0x10
[ 1794.940109][T27875]  ? ksys_write+0x230/0x260
[ 1794.940134][T27875]  ? __pfx_ksys_write+0x10/0x10
[ 1794.940159][T27875]  __x64_sys_sendto+0xde/0x100
[ 1794.940182][T27875]  do_syscall_64+0xfa/0xfa0
[ 1794.940203][T27875]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1794.940224][T27875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1794.940242][T27875]  ? clear_bhb_loop+0x60/0xb0
[ 1794.940265][T27875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1794.940282][T27875] RIP: 0033:0x7fced26eefc9
[ 1794.940299][T27875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1794.940315][T27875] RSP: 002b:00007fced094e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1794.940334][T27875] RAX: ffffffffffffffda RBX: 00007fced2945fa0 RCX: 00007fced26eefc9
[ 1794.940348][T27875] RDX: 0000000000000020 RSI: 0000200000000100 RDI: 0000000000000003
[ 1794.940361][T27875] RBP: 00007fced094e090 R08: 0000200000000300 R09: 0000000000000014
[ 1794.940373][T27875] R10: 0000000024000801 R11: 0000000000000246 R12: 0000000000000001
[ 1794.940385][T27875] R13: 00007fced2946038 R14: 00007fced2945fa0 R15: 00007fff59b50158
[ 1794.940419][T27875]  </TASK>
[ 1795.017916][T27878] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1795.313447][T27882] syzkaller1: entered promiscuous mode
[ 1795.313474][T27882] syzkaller1: entered allmulticast mode
[ 1795.366080][ T5964] usb 2-1: new full-speed USB device number 72 using dummy_hcd
[ 1795.525151][ T5964] usb 2-1: config 0 has no interfaces?
[ 1795.527434][ T5964] usb 2-1: New USB device found, idVendor=1c9e, idProduct=7605, bcdDevice=8d.e7
[ 1795.527455][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1795.527466][ T5964] usb 2-1: Product: syz
[ 1795.527473][ T5964] usb 2-1: Manufacturer: syz
[ 1795.527481][ T5964] usb 2-1: SerialNumber: syz
[ 1795.531238][ T5964] usb 2-1: config 0 descriptor??
[ 1795.630144][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1795.647115][T27901] 9pnet_fd: Insufficient options for proto=fd
[ 1795.740781][T27899] tipc: Started in network mode
[ 1795.740801][T27899] tipc: Node identity ac14140f, cluster identity 4711
[ 1795.744838][T27899] tipc: New replicast peer: 255.255.255.255
[ 1795.751209][T27899] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1795.751317][T27900] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7763'.
[ 1795.751334][T27900] tipc: Disabling bearer <udp:syz2>
[ 1795.810575][T25873] usb 2-1: USB disconnect, device number 72
[ 1795.920730][ T5964] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[ 1796.083061][ T5964] usb 8-1: config 0 has an invalid interface number: 112 but max is 0
[ 1796.083088][ T5964] usb 8-1: config 0 has no interface number 0
[ 1796.083163][ T5964] usb 8-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6
[ 1796.083187][ T5964] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1796.097465][ T5964] usb 8-1: config 0 descriptor??
[ 1796.109046][ T5964] usb-storage 8-1:0.112: USB Mass Storage device detected
[ 1796.323709][T27903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1796.324126][T27903] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1796.467213][ T5964] IPVS: starting estimator thread 0...
[ 1796.506976][T27924] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[ 1796.550718][T27929] IPVS: using max 14 ests per chain, 33600 per kthread
[ 1796.845507][T27932] netlink: zone id is out of range
[ 1796.848551][T27934] FAULT_INJECTION: forcing a failure.
[ 1796.848551][T27934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1796.848573][T27934] CPU: 0 UID: 0 PID: 27934 Comm: syz.1.7771 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1796.848585][T27934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1796.848592][T27934] Call Trace:
[ 1796.848596][T27934]  <TASK>
[ 1796.848601][T27934]  dump_stack_lvl+0x189/0x250
[ 1796.848620][T27934]  ? __pfx____ratelimit+0x10/0x10
[ 1796.848633][T27934]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1796.848648][T27934]  ? __pfx__printk+0x10/0x10
[ 1796.848666][T27934]  should_fail_ex+0x46c/0x600
[ 1796.848683][T27934]  _copy_from_user+0x2d/0xb0
[ 1796.848695][T27934]  vmemdup_user+0x5e/0xd0
[ 1796.848707][T27934]  map_get_next_key+0x1c9/0x630
[ 1796.848723][T27934]  ? bpf_lsm_bpf+0x9/0x20
[ 1796.848732][T27934]  ? security_bpf+0x7e/0x300
[ 1796.848744][T27934]  __sys_bpf+0x63d/0x860
[ 1796.848758][T27934]  ? __pfx___sys_bpf+0x10/0x10
[ 1796.848770][T27934]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1796.848789][T27934]  ? ksys_write+0x230/0x260
[ 1796.848802][T27934]  ? __pfx_ksys_write+0x10/0x10
[ 1796.848821][T27934]  __x64_sys_bpf+0x7c/0x90
[ 1796.848834][T27934]  do_syscall_64+0xfa/0xfa0
[ 1796.848846][T27934]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1796.848858][T27934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1796.848867][T27934]  ? clear_bhb_loop+0x60/0xb0
[ 1796.848879][T27934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1796.848889][T27934] RIP: 0033:0x7f6d280eefc9
[ 1796.848899][T27934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1796.848908][T27934] RSP: 002b:00007f6d2634e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1796.848920][T27934] RAX: ffffffffffffffda RBX: 00007f6d28345fa0 RCX: 00007f6d280eefc9
[ 1796.848927][T27934] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000004
[ 1796.848934][T27934] RBP: 00007f6d2634e090 R08: 0000000000000000 R09: 0000000000000000
[ 1796.848940][T27934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1796.848946][T27934] R13: 00007f6d28346038 R14: 00007f6d28345fa0 R15: 00007fff383a0998
[ 1796.848963][T27934]  </TASK>
[ 1797.239150][ T5970] usb 8-1: USB disconnect, device number 2
[ 1797.258298][T27937] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 1797.559245][T27944] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1798.231999][T27964] overlayfs: conflicting lowerdir path
[ 1798.333845][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1834.974240][T27971] Bluetooth: hci3: command 0x0406 tx timeout
[ 1834.974983][T27971] Bluetooth: hci1: command 0x0406 tx timeout
[ 1853.376881][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.376979][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1914.822877][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.822949][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1934.808915][T27987] binder: 27984:27987 ioctl d000943e 200000110280 returned -22
[ 1934.810059][T27987] binder: 27984:27987 ioctl d000943d 200000112340 returned -22
[ 1934.814537][T27987] binder: 27984:27987 ioctl 81f8943c 200000114340 returned -22
[ 1934.814959][T27987] binder: 27984:27987 ioctl d0009411 200000114740 returned -22
[ 1934.815262][T27987] binder: 27984:27987 ioctl 81f8943c 200000115740 returned -22
[ 1934.815651][T27987] binder: 27984:27987 ioctl d000943d 200000115b40 returned -22
[ 1935.001283][   T37] audit: type=1800 audit(1761547728.753:4164): pid=27993 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.7785" name="nullb0" dev="tmpfs" ino=1077 res=0 errno=0
[ 1935.077843][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1935.133753][T28005] binder: 27984:28005 ioctl 400c620e 0 returned -14
[ 1935.225718][T28006] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1935.506828][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1935.703111][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1935.905598][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1935.995290][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1936.210772][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1936.361655][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1936.675064][T28021] FAULT_INJECTION: forcing a failure.
[ 1936.675064][T28021] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1936.675099][T28021] CPU: 0 UID: 0 PID: 28021 Comm: syz.1.7791 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1936.675119][T28021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1936.675131][T28021] Call Trace:
[ 1936.675139][T28021]  <TASK>
[ 1936.675148][T28021]  dump_stack_lvl+0x189/0x250
[ 1936.675177][T28021]  ? __pfx____ratelimit+0x10/0x10
[ 1936.675199][T28021]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1936.675222][T28021]  ? __pfx__printk+0x10/0x10
[ 1936.675253][T28021]  should_fail_ex+0x46c/0x600
[ 1936.675272][T28021]  _copy_to_user+0x31/0xb0
[ 1936.675284][T28021]  ucma_migrate_id+0x83d/0x990
[ 1936.675307][T28021]  ? __pfx_ucma_migrate_id+0x10/0x10
[ 1936.675330][T28021]  ucma_write+0x252/0x2f0
[ 1936.675344][T28021]  ? __pfx_ucma_write+0x10/0x10
[ 1936.675359][T28021]  ? rw_verify_area+0x25b/0x4e0
[ 1936.675377][T28021]  ? __lock_acquire+0xab9/0xd20
[ 1936.675389][T28021]  ? __pfx_ucma_write+0x10/0x10
[ 1936.675403][T28021]  vfs_write+0x287/0xb40
[ 1936.675419][T28021]  ? __pfx_vfs_write+0x10/0x10
[ 1936.675432][T28021]  ? __fget_files+0x2a/0x420
[ 1936.675447][T28021]  ? __fget_files+0x2a/0x420
[ 1936.675459][T28021]  ? __fget_files+0x3a6/0x420
[ 1936.675471][T28021]  ? __fget_files+0x2a/0x420
[ 1936.675490][T28021]  ksys_write+0x14b/0x260
[ 1936.675503][T28021]  ? __pfx_ksys_write+0x10/0x10
[ 1936.675517][T28021]  ? do_syscall_64+0xbe/0xfa0
[ 1936.675532][T28021]  do_syscall_64+0xfa/0xfa0
[ 1936.675544][T28021]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1936.675556][T28021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1936.675566][T28021]  ? clear_bhb_loop+0x60/0xb0
[ 1936.675579][T28021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1936.675588][T28021] RIP: 0033:0x7f6d280eefc9
[ 1936.675598][T28021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1936.675608][T28021] RSP: 002b:00007f6d2630c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1936.675620][T28021] RAX: ffffffffffffffda RBX: 00007f6d28346180 RCX: 00007f6d280eefc9
[ 1936.675628][T28021] RDX: 0000000000000018 RSI: 0000200000000280 RDI: 0000000000000006
[ 1936.675635][T28021] RBP: 00007f6d2630c090 R08: 0000000000000000 R09: 0000000000000000
[ 1936.675641][T28021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1936.675648][T28021] R13: 00007f6d28346218 R14: 00007f6d28346180 R15: 00007fff383a0998
[ 1936.675666][T28021]  </TASK>
[ 1936.780566][T16815] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1937.030472][T16815] usb 7-1: Using ep0 maxpacket: 32
[ 1937.034471][T16815] usb 7-1: config 0 has an invalid interface number: 244 but max is 0
[ 1937.034498][T16815] usb 7-1: config 0 has no interface number 0
[ 1937.034532][T16815] usb 7-1: config 0 interface 244 has no altsetting 0
[ 1937.293689][T16815] usb 7-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[ 1937.293720][T16815] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1937.293740][T16815] usb 7-1: Product: syz
[ 1937.293755][T16815] usb 7-1: Manufacturer: syz
[ 1937.293770][T16815] usb 7-1: SerialNumber: syz
[ 1937.372088][T16815] usb 7-1: config 0 descriptor??
[ 1937.459484][T16815] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort found
[ 1937.653983][T28026] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1937.740800][T16815] snd_usb_toneport 7-1:0.244: set_interface failed
[ 1937.741151][T16815] snd_usb_toneport 7-1:0.244: Line 6 GuitarPort now disconnected
[ 1937.741320][T16815] snd_usb_toneport 7-1:0.244: probe with driver snd_usb_toneport failed with error -71
[ 1937.780134][T16815] usb 7-1: USB disconnect, device number 5
[ 1938.793347][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1938.925994][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1939.407973][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1939.410777][ T5964] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1939.448693][T28044] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1939.583431][ T5964] usb 3-1: Using ep0 maxpacket: 32
[ 1939.589082][ T5964] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1939.589120][ T5964] usb 3-1: can't read configurations, error -61
[ 1939.720786][ T5964] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1939.890524][ T5964] usb 3-1: Using ep0 maxpacket: 32
[ 1939.892979][ T5964] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1939.893003][ T5964] usb 3-1: can't read configurations, error -61
[ 1939.893412][ T5964] usb usb3-port1: attempt power cycle
[ 1939.976496][T28059] netlink: 'syz.6.7803': attribute type 1 has an invalid length.
[ 1940.001660][T28063] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1940.041920][T28059] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1940.127887][T28064] bond1: (slave ip6gretap1): making interface the new active one
[ 1940.191649][T28064] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[ 1940.192376][T28059] netlink: 48 bytes leftover after parsing attributes in process `syz.6.7803'.
[ 1940.230644][ T5964] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1940.251409][ T5964] usb 3-1: Using ep0 maxpacket: 32
[ 1940.253469][ T5964] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1940.253491][ T5964] usb 3-1: can't read configurations, error -61
[ 1940.388272][T28070] FAULT_INJECTION: forcing a failure.
[ 1940.388272][T28070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1940.388293][T28070] CPU: 0 UID: 0 PID: 28070 Comm: syz.6.7807 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1940.388306][T28070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1940.388312][T28070] Call Trace:
[ 1940.388317][T28070]  <TASK>
[ 1940.388322][T28070]  dump_stack_lvl+0x189/0x250
[ 1940.388341][T28070]  ? __pfx____ratelimit+0x10/0x10
[ 1940.388354][T28070]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1940.388368][T28070]  ? __pfx__printk+0x10/0x10
[ 1940.388381][T28070]  ? __might_fault+0xb0/0x130
[ 1940.388401][T28070]  should_fail_ex+0x46c/0x600
[ 1940.388417][T28070]  _copy_from_user+0x2d/0xb0
[ 1940.388435][T28070]  inet6_ioctl+0x180/0x280
[ 1940.388457][T28070]  ? __pfx_inet6_ioctl+0x10/0x10
[ 1940.388488][T28070]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1940.388515][T28070]  sock_do_ioctl+0xdc/0x300
[ 1940.388540][T28070]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1940.388566][T28070]  ? __asan_memset+0x22/0x50
[ 1940.388578][T28070]  ? smack_file_ioctl+0x24d/0x340
[ 1940.388595][T28070]  sock_ioctl+0x579/0x790
[ 1940.388608][T28070]  ? __pfx_sock_ioctl+0x10/0x10
[ 1940.388623][T28070]  ? __fget_files+0x3a6/0x420
[ 1940.388636][T28070]  ? __fget_files+0x2a/0x420
[ 1940.388651][T28070]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1940.388660][T28070]  ? __pfx_sock_ioctl+0x10/0x10
[ 1940.388673][T28070]  __se_sys_ioctl+0xff/0x170
[ 1940.388685][T28070]  do_syscall_64+0xfa/0xfa0
[ 1940.388702][T28070]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1940.388724][T28070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1940.388741][T28070]  ? clear_bhb_loop+0x60/0xb0
[ 1940.388761][T28070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1940.388786][T28070] RIP: 0033:0x7f26fe84efc9
[ 1940.388802][T28070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1940.388817][T28070] RSP: 002b:00007f26fcaae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1940.388835][T28070] RAX: ffffffffffffffda RBX: 00007f26feaa5fa0 RCX: 00007f26fe84efc9
[ 1940.388848][T28070] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000003
[ 1940.388860][T28070] RBP: 00007f26fcaae090 R08: 0000000000000000 R09: 0000000000000000
[ 1940.388872][T28070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1940.388882][T28070] R13: 00007f26feaa6038 R14: 00007f26feaa5fa0 R15: 00007ffd3fdc35b8
[ 1940.388914][T28070]  </TASK>
[ 1940.483078][T28072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1941.254148][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1941.445572][ T5964] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1941.461249][ T5964] usb 3-1: Using ep0 maxpacket: 32
[ 1941.464144][ T5964] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1941.464180][ T5964] usb 3-1: can't read configurations, error -61
[ 1941.464873][ T5964] usb usb3-port1: unable to enumerate USB device
[ 1941.669792][T28081] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1941.730572][ T5964] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1941.799583][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1942.249198][ T5964] usb 7-1: Using ep0 maxpacket: 32
[ 1942.556971][ T5964] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1942.557006][ T5964] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1942.557029][ T5964] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1942.557055][ T5964] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1942.557081][ T5964] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1942.560653][ T5964] usb 7-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1942.560682][ T5964] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1942.560703][ T5964] usb 7-1: Product: syz
[ 1942.560718][ T5964] usb 7-1: Manufacturer: syz
[ 1942.560733][ T5964] usb 7-1: SerialNumber: syz
[ 1942.655956][ T5964] usb 7-1: config 0 descriptor??
[ 1942.657179][T28074] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1942.688389][ T5964] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input65
[ 1942.748396][ T5151] xpad 7-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1942.868155][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1943.014734][T28093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7814'.
[ 1943.017491][T28097] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7816'.
[ 1943.017529][T28097] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7816'.
[ 1943.227670][ T5151] xpad 7-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1943.332551][T28102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7817'.
[ 1943.358700][ T5151] xpad 7-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[ 1943.364032][    C0] xpad 7-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1
[ 1943.421738][ T5964] usb 7-1: USB disconnect, device number 6
[ 1943.790619][ T5970] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1943.950460][ T5970] usb 8-1: Using ep0 maxpacket: 32
[ 1943.969575][ T5970] usb 8-1: config 0 has an invalid interface number: 51 but max is 0
[ 1943.969610][ T5970] usb 8-1: config 0 has no interface number 0
[ 1943.989745][ T5970] usb 8-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1943.989778][ T5970] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1943.989798][ T5970] usb 8-1: Product: syz
[ 1943.989812][ T5970] usb 8-1: Manufacturer: syz
[ 1943.989826][ T5970] usb 8-1: SerialNumber: syz
[ 1944.035339][ T5970] usb 8-1: config 0 descriptor??
[ 1944.049829][ T5970] quatech2 8-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1944.226629][T28102] tmpfs: Bad value for 'mpol'
[ 1944.273132][ T5970] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1944.296424][T28120] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:20001
[ 1944.296874][ T5970] usb 8-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1944.310756][T16815] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1944.539756][T16815] usb 7-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[ 1944.539789][T16815] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1944.539809][T16815] usb 7-1: Product: syz
[ 1944.539822][T16815] usb 7-1: Manufacturer: syz
[ 1944.539836][T16815] usb 7-1: SerialNumber: syz
[ 1944.600572][T16815] usb 7-1: config 0 descriptor??
[ 1944.608082][T16815] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1944.608122][T16815] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1944.617127][T16815] f81232 7-1:0.0: f81534a converter detected
[ 1944.712367][T28106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1944.714328][T28106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1944.716356][    C1] usb 8-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1944.744522][ T5970] usb 8-1: USB disconnect, device number 3
[ 1944.772041][ T5970] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1944.806561][ T5970] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1944.809003][ T5970] quatech2 8-1:0.51: device disconnected
[ 1944.965238][T28130] 9pnet_fd: Insufficient options for proto=fd
[ 1945.001637][T16815] f81534a ttyUSB2: f81232_set_register failed status: -71
[ 1945.001673][T16815] f81534a ttyUSB2: probe with driver f81534a failed with error -5
[ 1945.044909][T16815] usb 7-1: USB disconnect, device number 7
[ 1945.059611][T16815] f81232 7-1:0.0: device disconnected
[ 1945.821280][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1946.032512][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1946.465348][T28139] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7828'.
[ 1946.465381][T28139] netlink: 20 bytes leftover after parsing attributes in process `syz.7.7828'.
[ 1947.131781][T28161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7836'.
[ 1947.287543][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1948.245601][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1948.279477][T28186] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 1948.298150][T28161] tmpfs: Bad value for 'mpol'
[ 1948.301958][ T5964] IPVS: starting estimator thread 0...
[ 1948.448786][T28188] IPVS: using max 9 ests per chain, 21600 per kthread
[ 1949.014401][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1949.332215][T28192] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1949.333651][T28192] syzkaller0: entered promiscuous mode
[ 1949.333675][T28192] syzkaller0: entered allmulticast mode
[ 1949.442609][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1949.548663][T28192] tipc: Resetting bearer <eth:syzkaller0>
[ 1949.582007][T28191] tipc: Resetting bearer <eth:syzkaller0>
[ 1949.627392][T28199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7849'.
[ 1949.843627][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1949.921831][T28191] tipc: Disabling bearer <eth:syzkaller0>
[ 1950.215627][T28199] netlink: 'syz.6.7849': attribute type 2 has an invalid length.
[ 1950.594042][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1950.738249][T28217] geneve2: entered promiscuous mode
[ 1950.936662][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1951.036892][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1951.249180][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1951.578931][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1952.206974][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1953.145455][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1953.587406][T28214] Set syz1 is full, maxelem 65536 reached
[ 1953.660731][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1954.443472][T28235] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1955.436740][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1955.633609][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1955.712566][  T992] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1955.860780][  T992] usb 3-1: Using ep0 maxpacket: 32
[ 1955.874730][  T992] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1955.874768][  T992] usb 3-1: can't read configurations, error -61
[ 1956.007845][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1956.245125][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1956.516189][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1956.828456][  T992] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1956.980562][  T992] usb 3-1: Using ep0 maxpacket: 32
[ 1957.344850][  T992] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1957.344889][  T992] usb 3-1: can't read configurations, error -71
[ 1957.368759][  T992] usb usb3-port1: attempt power cycle
[ 1957.384216][T28254] overlayfs: failed to clone lowerpath
[ 1957.388474][  T992] ==================================================================
[ 1957.388491][  T992] BUG: KASAN: slab-use-after-free in rtlock_slowlock_locked+0x3793/0x4010
[ 1957.388526][  T992] Read of size 8 at addr ffff8880779d48f0 by task kworker/0:2/992
[ 1957.388542][  T992] 
[ 1957.388554][  T992] CPU: 0 UID: 0 PID: 992 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1957.388576][  T992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1957.388591][  T992] Workqueue: usb_hub_wq hub_event
[ 1957.388614][  T992] Call Trace:
[ 1957.388623][  T992]  <TASK>
[ 1957.388631][  T992]  dump_stack_lvl+0x189/0x250
[ 1957.388661][  T992]  ? __kasan_check_byte+0x12/0x40
[ 1957.388689][  T992]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1957.388714][  T992]  ? lock_release+0x4b/0x3e0
[ 1957.388741][  T992]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1957.388769][  T992]  print_report+0xca/0x240
[ 1957.388795][  T992]  ? rtlock_slowlock_locked+0x3793/0x4010
[ 1957.388815][  T992]  kasan_report+0x118/0x150
[ 1957.388843][  T992]  ? rtlock_slowlock_locked+0x3793/0x4010
[ 1957.388869][  T992]  rtlock_slowlock_locked+0x3793/0x4010
[ 1957.388891][  T992]  ? unwind_next_frame+0xa5/0x2390
[ 1957.388919][  T992]  ? __lock_acquire+0xab9/0xd20
[ 1957.388947][  T992]  ? rtlock_slowlock_locked+0x286/0x4010
[ 1957.388967][  T992]  ? do_raw_spin_lock+0x121/0x290
[ 1957.388992][  T992]  ? __pfx_rtlock_slowlock_locked+0x10/0x10
[ 1957.389017][  T992]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1957.389041][  T992]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1957.389063][  T992]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1957.389089][  T992]  rt_spin_lock+0x158/0x3e0
[ 1957.389109][  T992]  ? __pfx_rt_spin_lock+0x10/0x10
[ 1957.389127][  T992]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1957.389148][  T992]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1957.389168][  T992]  raw_queue_event+0x39/0x2e0
[ 1957.389191][  T992]  gadget_disconnect+0x51/0xc0
[ 1957.389212][  T992]  set_link_state+0xc0a/0x1220
[ 1957.389238][  T992]  dummy_hub_control+0x9ac/0x1760
[ 1957.389274][  T992]  usb_hcd_submit_urb+0xde9/0x1a80
[ 1957.389305][  T992]  usb_start_wait_urb+0x114/0x4c0
[ 1957.389327][  T992]  ? __pfx_usb_start_wait_urb+0x10/0x10
[ 1957.389356][  T992]  usb_control_msg+0x232/0x3e0
[ 1957.389387][  T992]  hub_event+0x2cd1/0x4a20
[ 1957.389431][  T992]  ? __pfx_hub_event+0x10/0x10
[ 1957.389450][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.389477][  T992]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1957.389502][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.389524][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.389548][  T992]  process_scheduled_works+0xae1/0x17b0
[ 1957.389586][  T992]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1957.389618][  T992]  worker_thread+0x8a0/0xda0
[ 1957.389653][  T992]  kthread+0x711/0x8a0
[ 1957.389682][  T992]  ? __pfx_worker_thread+0x10/0x10
[ 1957.389705][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.389730][  T992]  ? rt_spin_unlock+0x150/0x200
[ 1957.389752][  T992]  ? rt_spin_unlock+0x161/0x200
[ 1957.389770][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.389799][  T992]  ret_from_fork+0x4bc/0x870
[ 1957.389823][  T992]  ? __pfx_ret_from_fork+0x10/0x10
[ 1957.389850][  T992]  ? __switch_to_asm+0x39/0x70
[ 1957.389869][  T992]  ? __switch_to_asm+0x33/0x70
[ 1957.389887][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.389914][  T992]  ret_from_fork_asm+0x1a/0x30
[ 1957.389942][  T992]  </TASK>
[ 1957.389951][  T992] 
[ 1957.389965][  T992] Allocated by task 28238:
[ 1957.389981][  T992]  kasan_save_track+0x3e/0x80
[ 1957.390003][  T992]  __kasan_kmalloc+0x93/0xb0
[ 1957.390025][  T992]  __kmalloc_cache_noprof+0x1ef/0x6c0
[ 1957.390048][  T992]  raw_open+0x8d/0x530
[ 1957.390064][  T992]  misc_open+0x2de/0x350
[ 1957.390080][  T992]  chrdev_open+0x4cf/0x5e0
[ 1957.390104][  T992]  do_dentry_open+0x9b1/0x1350
[ 1957.390131][  T992]  vfs_open+0x3b/0x350
[ 1957.390145][  T992]  path_openat+0x2ef1/0x3840
[ 1957.390164][  T992]  do_filp_open+0x1fa/0x410
[ 1957.390182][  T992]  do_sys_openat2+0x121/0x1c0
[ 1957.390198][  T992]  __x64_sys_openat+0x138/0x170
[ 1957.390215][  T992]  do_syscall_64+0xfa/0xfa0
[ 1957.390236][  T992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1957.390261][  T992] 
[ 1957.390266][  T992] Freed by task 28238:
[ 1957.390275][  T992]  kasan_save_track+0x3e/0x80
[ 1957.390296][  T992]  __kasan_save_free_info+0x46/0x50
[ 1957.390315][  T992]  __kasan_slab_free+0x5c/0x80
[ 1957.390337][  T992]  kfree+0x197/0x950
[ 1957.390359][  T992]  raw_release+0x191/0x260
[ 1957.390374][  T992]  __fput+0[ 1957.390374][  T992]  __fput+0x45b/0xa80
[ 1957.390387][  T992]  task_work_run+0x1d4/0x260
[ 1957.390402][  T992]  do_exit+0x6b5/0x2300
[ 1957.390427][  T992]  do_group_exit+0x21c/0x2d0
[ 1957.390441][  T992]  get_signal+0x125d/0x1310
[ 1957.390460][  T992]  arch_do_signal_or_restart+0xa0/0x790
[ 1957.390478][  T992]  exit_to_user_mode_loop+0x72/0x130
[ 1957.390501][  T992]  do_syscall_64+0x2bd/0xfa0
[ 1957.390523][  T992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1957.390541][  T992] 
[ 1957.390546][  T992] The buggy address belongs to the object at ffff8880779d4000
[ 1957.390546][  T992]  which belongs to the cache kmalloc-4k of size 4096
[ 1957.390565][  T992] The buggy address is located 2288 bytes inside of
[ 1957.390565][  T992]  freed 4096-byte region [ffff8880779d4000, ffff8880779d5000)
[ 1957.390587][  T992] 
[ 1957.390592][  T992] The buggy address belongs to the physical page:
[ 1957.390603][  T992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x779d0
[ 1957.390622][  T992] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1957.390640][  T992] flags: 0x80000000000040(head|node=0|zone=1)
[ 1957.390656][  T992] page_type: f5(slab)
[ 1957.390675][  T992] raw: 0080000000000040 ffff88813ff27140 ffffea00013ece00 dead000000000002
[ 1957.390693][  T992] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 1957.390711][  T992] head: 0080000000000040 ffff88813ff27140 ffffea00013ece00 dead000000000002
[ 1957.390728][  T992] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 1957.390746][  T992] head: 0080000000000003 ffffea0001de7401 00000000ffffffff 00000000ffffffff
[ 1957.390764][  T992] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 1957.390775][  T992] page dumped because: kasan: bad access detected
[ 1957.390792][  T992] page_owner tracks the page as allocated
[ 1957.390800][  T992] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6486, tgid 6486 (kworker/u8:26), ts 1929773495808, free_ts 1909544217357
[ 1957.390853][  T992]  post_alloc_hook+0x240/0x2a0
[ 1957.390876][  T992]  get_page_from_freelist+0x28c0/0x2960
[ 1957.390904][  T992]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1957.390930][  T992]  alloc_pages_mpol+0xd1/0x380
[ 1957.390956][  T992]  allocate_slab+0x96/0x350
[ 1957.390974][  T992]  ___slab_alloc+0xb12/0x13f0
[ 1957.390989][  T992]  __slab_alloc+0xc6/0x1f0
[ 1957.391003][  T992]  __kmalloc_node_track_caller_noprof+0x2a8/0x7e0
[ 1957.391028][  T992]  kmalloc_reserve+0x136/0x290
[ 1957.391046][  T992]  __alloc_skb+0x142/0x2d0
[ 1957.391062][  T992]  nsim_dev_trap_report_work+0x29f/0xbc0
[ 1957.391084][  T992]  process_scheduled_works+0xae1/0x17b0
[ 1957.391106][  T992]  worker_thread+0x8a0/0xda0
[ 1957.391127][  T992]  kthread+0x711/0x8a0
[ 1957.391151][  T992]  ret_from_fork+0x4bc/0x870
[ 1957.391170][  T992]  ret_from_fork_asm+0x1a/0x30
[ 1957.391188][  T992] page last free pid 5460 tgid 5460 stack trace:
[ 1957.391199][  T992]  __free_frozen_pages+0xfb6/0x1140
[ 1957.391221][  T992]  __put_partials+0x149/0x170
[ 1957.391237][  T992]  __slab_free+0x29e/0x370
[ 1957.391262][  T992]  qlist_free_all+0x97/0x140
[ 1957.391282][  T992]  kasan_quarantine_reduce+0x148/0x160
[ 1957.391303][  T992]  __kasan_slab_alloc+0x22/0x80
[ 1957.391326][  T992]  __kmalloc_noprof+0x1e1/0x7d0
[ 1957.391348][  T992]  tomoyo_encode+0x28b/0x550
[ 1957.391367][  T992]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1957.391388][  T992]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1957.391414][  T992]  security_file_ioctl+0xcb/0x2d0
[ 1957.391430][  T992]  __se_sys_ioctl+0x47/0x170
[ 1957.391448][  T992]  do_syscall_64+0xfa/0xfa0
[ 1957.391469][  T992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1957.391488][  T992] 
[ 1957.391493][  T992] Memory state around the buggy address:
[ 1957.391504][  T992]  ffff8880779d4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1957.391517][  T992]  ffff8880779d4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1957.391530][  T992] >ffff8880779d4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1957.391539][  T992]                                                              ^
[ 1957.391550][  T992]  ffff8880779d4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1957.391563][  T992]  ffff8880779d4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1957.391571][  T992] ==================================================================
[ 1957.845030][  T992] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1957.845052][  T992] CPU: 0 UID: 0 PID: 992 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1957.845078][  T992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1957.845092][  T992] Workqueue: usb_hub_wq hub_event
[ 1957.845119][  T992] Call Trace:
[ 1957.845128][  T992]  <TASK>
[ 1957.845138][  T992]  dump_stack_lvl+0x99/0x250
[ 1957.845170][  T992]  ? __asan_memcpy+0x40/0x70
[ 1957.845194][  T992]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1957.845223][  T992]  ? __pfx__printk+0x10/0x10
[ 1957.845253][  T992]  vpanic+0x237/0x6d0
[ 1957.845278][  T992]  ? __pfx_vpanic+0x10/0x10
[ 1957.845296][  T992]  ? preempt_schedule+0xae/0xc0
[ 1957.845320][  T992]  ? __pfx_preempt_schedule+0x10/0x10
[ 1957.845345][  T992]  panic+0xb9/0xc0
[ 1957.845363][  T992]  ? __pfx_panic+0x10/0x10
[ 1957.845384][  T992]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1957.845413][  T992]  ? rtlock_slowlock_locked+0x3793/0x4010
[ 1957.845434][  T992]  check_panic_on_warn+0x89/0xb0
[ 1957.845453][  T992]  ? rtlock_slowlock_locked+0x3793/0x4010
[ 1957.845474][  T992]  end_report+0x78/0x160
[ 1957.845500][  T992]  kasan_report+0x129/0x150
[ 1957.845528][  T992]  ? rtlock_slowlock_locked+0x3793/0x4010
[ 1957.845553][  T992]  rtlock_slowlock_locked+0x3793/0x4010
[ 1957.845574][  T992]  ? unwind_next_frame+0xa5/0x2390
[ 1957.845606][  T992]  ? __lock_acquire+0xab9/0xd20
[ 1957.845635][  T992]  ? rtlock_slowlock_locked+0x286/0x4010
[ 1957.845655][  T992]  ? do_raw_spin_lock+0x121/0x290
[ 1957.845681][  T992]  ? __pfx_rtlock_slowlock_locked+0x10/0x10
[ 1957.845708][  T992]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1957.845733][  T992]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1957.845758][  T992]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1957.845786][  T992]  rt_spin_lock+0x158/0x3e0
[ 1957.845808][  T992]  ? __pfx_rt_spin_lock+0x10/0x10
[ 1957.845826][  T992]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1957.845850][  T992]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1957.845872][  T992]  raw_queue_event+0x39/0x2e0
[ 1957.845896][  T992]  gadget_disconnect+0x51/0xc0
[ 1957.845917][  T992]  set_link_state+0xc0a/0x1220
[ 1957.845944][  T992]  dummy_hub_control+0x9ac/0x1760
[ 1957.845970][  T992]  usb_hcd_submit_urb+0xde9/0x1a80
[ 1957.845999][  T992]  usb_start_wait_urb+0x114/0x4c0
[ 1957.846021][  T992]  ? __pfx_usb_start_wait_urb+0x10/0x10
[ 1957.846049][  T992]  usb_control_msg+0x232/0x3e0
[ 1957.846078][  T992]  hub_event+0x2cd1/0x4a20
[ 1957.846122][  T992]  ? __pfx_hub_event+0x10/0x10
[ 1957.846143][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.846171][  T992]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1957.846195][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.846218][  T992]  ? process_scheduled_works+0x9ef/0x17b0
[ 1957.846243][  T992]  process_scheduled_works+0xae1/0x17b0
[ 1957.846287][  T992]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1957.846319][  T992]  worker_thread+0x8a0/0xda0
[ 1957.846355][  T992]  kthread+0x711/0x8a0
[ 1957.846383][  T992]  ? __pfx_worker_thread+0x10/0x10
[ 1957.846407][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.846432][  T992]  ? rt_spin_unlock+0x150/0x200
[ 1957.846454][  T992]  ? rt_spin_unlock+0x161/0x200
[ 1957.846473][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.846500][  T992]  ret_from_fork+0x4bc/0x870
[ 1957.846524][  T992]  ? __pfx_ret_from_fork+0x10/0x10
[ 1957.846550][  T992]  ? __switch_to_asm+0x39/0x70
[ 1957.846569][  T992]  ? __switch_to_asm+0x33/0x70
[ 1957.846588][  T992]  ? __pfx_kthread+0x10/0x10
[ 1957.846616][  T992]  ret_from_fork_asm+0x1a/0x30
[ 1957.846644][  T992]  </TASK>
[ 1957.846913][  T992] Kernel Offset: disabled