last executing test programs:

11m29.802917984s ago: executing program 4 (id=3554):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r2=>0x0})
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
close(0xffffffffffffffff)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x44, 0x9, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @local}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
bind$inet6(0xffffffffffffffff, &(0x7f0000000800)={0xa, 0x4e20, 0x4, @local, 0x1}, 0x1c)
listen(0xffffffffffffffff, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc048440}, 0x10)
sendmsg$xdp(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000380)={0x2c, 0x2, r2, 0x3d37a950}, 0x10, &(0x7f0000000780)=[{&(0x7f00000003c0)="c346651be73a9eff7c07ee790283c7d752f68e1b7bb4647a595358b851de2f11e562d046c7ed1621c97015aea29f18eb74", 0x31}, {&(0x7f00000005c0)="ac593ea9428ec9246633b39ad407011108e4c8838a49df14416a9578bc70e15e1762f1e90e972fa4567036d73d3185b133b382ddd90df50db1c90cd02c02dc57270888bf6e4e011915e3d32f73eebc6f0daa3776a71351c327ea51e997", 0x5d}, {&(0x7f0000000640)="519455c6619531e1eee60344cf8a62b23780e3a53ed3d0ee76e768944422252df17cd71db66826ac38cab481e255dfac3964b44030e664e310c0a96b5242755cef2f46be", 0x44}, {&(0x7f00000006c0)="09d5d077eb8aa5546ce40d0e", 0xc}, {&(0x7f0000000700)="f0d805259e0c8f00d0794aeee7cb150e9eef764f60d28d92b0731f93811d14aa77f0fea28877494356de553dc9facad15148b6b80eefa6017f6dd1e89a081286b55fa8c62d1f1fac8d56513055ab3cc26f13abfa5be576beb86d67ee9d5fae72165f6a6e609206894f438b8d516966e794e74214e1f67a", 0x77}], 0x5, 0x0, 0x0, 0x80}, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000091)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
syz_emit_ethernet(0x82, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@private}, {@dev}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r7, 0x40047438, &(0x7f0000000180)=""/246)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'sit0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x8}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0xc1}, 0x0)
memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x1)

11m29.623340829s ago: executing program 4 (id=3555):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x21, 0x2, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_linger(r3, 0x1, 0xd, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r4)
tkill(r4, 0x7)
wait4(r4, 0x0, 0x0, 0x0)
clock_gettime(0x6, &(0x7f0000000000))
prlimit64(r4, 0xa, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x4080000)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f0000000380)={0x8a001, 0x0, 0x12}, 0x18)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="100000001001000001"], 0x10}, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f00000003c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @llc={@snap={0xaa, 0x0, "b8", "2deb0d", 0xf8, "5f097cae4f4b6ab6eed000b633a602ea4c2acfc3f7e8679c1767d37116de5dae84987cf8917af4ff52c10a8b3252de475cb633a082576e80841897c741aaeb8c11585643891c730edbb86bbffc49fe4224bb9eb5fcc66e08653fd17b8c6ff3f82d78df17627e17c700c9497fb82c06d4f4f8751fe9ed0ebef3"}}}, 0x8f)

11m28.769483632s ago: executing program 4 (id=3558):
r0 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002940), 0x40000000000017d, 0x888)

11m28.632944063s ago: executing program 4 (id=3559):
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x123802, 0x0)
r1 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x81, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001600)=ANY=[@ANYBLOB="4000000043000100fefffffff8dbdf25027c000004004580280001801400d300000000000000000000800000000000010800de00", @ANYRES32, @ANYBLOB='\b\x00b\x00', @ANYRES32=0x0, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0xc044}, 0xc000)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x36, &(0x7f0000000540)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r6 = dup(r0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x39)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r1)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000080))
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
renameat(r6, &(0x7f0000000000)='./file0\x00', r6, &(0x7f0000000340)='./file0\x00')
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r1, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x14, r7, 0x200, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x44000880}, 0x10000881)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x3c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000040)={0x14, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000080)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0})

11m26.541938328s ago: executing program 4 (id=3572):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x101040, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x0)
sendto$inet6(r1, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x2ce9}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000200)={0x0, 0x9, 0x2ce8}, 0x8)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
unshare(0x26020480)
r4 = socket(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e20, 0x2003, @loopback, 0x40004}, 0x1c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregset(0x4205, r6, 0x1, &(0x7f00000001c0)={&(0x7f0000000000)="c945b941eb6a3f6dedf11f15", 0xc})
r7 = syz_open_procfs(r6, &(0x7f0000000280)='attr/exec\x00')
fchdir(r7)
sendmmsg$unix(r5, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x408d4}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004}}], 0x2, 0x40000004)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs_stats_percpu\x00')
sendfile(r4, r8, 0x0, 0xffffffff)
fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffa})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
rename(&(0x7f0000000140)='./file0\x00', &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
close(0x3)

11m25.353543642s ago: executing program 4 (id=3578):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000050000000000000005"], 0x50)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xfffffffe, 0x0, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x6, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x2, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0xffffffff, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x0, 0xff, 0x9, 0xa7, 0x12, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0x3, 0xfffffc00, 0x6, 0x4, 0x800008, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc01, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x9, 0x3, 0x0, 0x800, 0x2, 0x800008, 0x7ff, 0x1, 0x80000009, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0x7, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x2, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x1fd, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x7200, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x80000000, 0x6, 0x80000001, 0x3, 0x1, 0x9bc, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0x40000b, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0x4bf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x8600, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x3, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x0, 0x807, 0x1ff, 0x3, 0x400, 0xffffffff, 0x1040, 0x3, 0xfffffffa, 0x9a6, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x0, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/softlockup_count', 0x189080, 0x130)
io_setup(0x1, &(0x7f0000000400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f00000006c0)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x6, r4, &(0x7f0000000440)='H', 0x1, 0x9, 0x0, 0x0, r4}])
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='auxv\x00')
readv(r7, &(0x7f00000017c0)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newnexthop={0x1c, 0x68, 0x1, 0x100003, 0x7ffffffd, {0x0, 0x0, 0x2}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8018}, 0xc0)

11m10.039102817s ago: executing program 32 (id=3578):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000050000000000000005"], 0x50)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001f80)=@newqdisc={0x838, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x80c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0xfffffffe, 0x0, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0xffff, 0x7, 0x0, 0x2, 0x101, 0x6, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x2, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0xffffffff, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x0, 0xff, 0x9, 0xa7, 0x12, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0x3, 0xfffffc00, 0x6, 0x4, 0x800008, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc01, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x9, 0x3, 0x0, 0x800, 0x2, 0x800008, 0x7ff, 0x1, 0x80000009, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0x7, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x2, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x1fd, 0x2]}, @TCA_TBF_PTAB={0x404, 0x3, [0x8, 0x7200, 0xd, 0x400, 0x0, 0x3, 0x5, 0x10000, 0x7, 0x4, 0x81, 0x0, 0x8, 0x0, 0x9, 0x5, 0xc0000, 0x8001, 0x1, 0x2000, 0x1, 0x8da5, 0x1, 0x4, 0x2, 0x6, 0x58, 0x7, 0x6f, 0x8, 0x3, 0x4, 0x9, 0x1000, 0x4, 0x80000000, 0x6, 0x80000001, 0x3, 0x1, 0x9bc, 0x100, 0xa, 0xfff, 0x8, 0x9, 0x7, 0x7fffffff, 0xf4b3, 0x1, 0x0, 0x8, 0x8, 0x6, 0xd815, 0xfffffff9, 0x2, 0x401, 0x9, 0x36, 0xf, 0x74, 0xbbc, 0x9, 0x0, 0x6, 0x8, 0x5, 0x6, 0x40000b, 0x5, 0x5, 0x4e3, 0x200, 0x0, 0x9, 0x8001, 0x2, 0x1000, 0x7fffffff, 0x46a3, 0x6, 0x2, 0x1dd50645, 0x401, 0x5, 0x101, 0x4bf, 0x0, 0x9, 0x3, 0x65, 0xffffff13, 0x2, 0x30, 0x1a3f, 0x2, 0x389c, 0x4, 0x3, 0x3ff, 0x4, 0x4, 0x6, 0xf3bb, 0x1ff, 0x8, 0xf, 0xb, 0x401, 0x8600, 0x1000, 0x1, 0x8, 0x1, 0x7ff, 0x7fff, 0x8, 0x408, 0x3ff, 0x4, 0x1, 0xffff, 0x7fff, 0x2, 0x9, 0x1, 0xfff, 0x0, 0xfffffffe, 0x4, 0x0, 0x101, 0x78f0, 0xf, 0x7, 0x0, 0x3, 0xf1c7, 0x100, 0x3, 0x4, 0xfffffffe, 0xffffff7f, 0x3, 0x0, 0x6, 0xd, 0x3, 0xa, 0x8, 0x200, 0x0, 0x400, 0x9, 0x6, 0x132f, 0xaba3, 0x1, 0x3, 0x1, 0x5, 0x6f788000, 0xc, 0x1ff, 0x40, 0x8, 0x3, 0x2, 0x1, 0x0, 0x71, 0xb13, 0x4, 0xbc5, 0x0, 0x7, 0xffff, 0x100, 0x7b58, 0x0, 0x807, 0x1ff, 0x3, 0x400, 0xffffffff, 0x1040, 0x3, 0xfffffffa, 0x9a6, 0x8, 0x5, 0x1, 0x9, 0x3, 0x9, 0x7, 0x3, 0x1, 0x101, 0x2, 0x6, 0x598f, 0x5, 0x8e, 0x0, 0xa, 0x9, 0x1000, 0x8, 0xd00f, 0x2, 0x1, 0x6, 0x2a, 0x7, 0x100, 0x24e, 0xbd, 0x2, 0x2800000, 0x807, 0x0, 0x401, 0x6, 0x2, 0x9, 0x7039, 0x4, 0x1, 0x9, 0x1, 0xb18, 0x2, 0xfffffffe, 0x26e, 0x6, 0x5c, 0x8, 0x100, 0x3ff, 0x1, 0x0, 0xb, 0x10000, 0x8, 0x6, 0x2, 0x6, 0x7, 0x2, 0x7ff, 0x0, 0x4, 0x8001, 0x3]}]}}]}, 0x838}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/softlockup_count', 0x189080, 0x130)
io_setup(0x1, &(0x7f0000000400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f00000006c0)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x6, r4, &(0x7f0000000440)='H', 0x1, 0x9, 0x0, 0x0, r4}])
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='auxv\x00')
readv(r7, &(0x7f00000017c0)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newnexthop={0x1c, 0x68, 0x1, 0x100003, 0x7ffffffd, {0x0, 0x0, 0x2}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8018}, 0xc0)

8.448267517s ago: executing program 5 (id=6463):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)=':\x00.:\x00', 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
open(&(0x7f0000000000)='./file0\x00', 0x101000, 0x20)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r4, 0x4048aecb, &(0x7f00000034c0)=@svm={0x0, 0x1, 0x1080, {0xdddd1000}, {"ba8de5da17be0b8c334f7226e7cc54cce63e26819f3a08385411b1c96d2aff6be22514ce5789f4b4b297897a2614d6d9c838557a2fcda41a2e860c13182fa4bdbb9df7001541965dd06a7afa745255a8174c540912e8453c825b3c1ddba2caf08a7d6bf8a64cd2564e4aec8cb44c3cb264ccc4f9a3c7baae6ee4c7d4dd00780c8c75b251fb2ad220069bbb536e1fd7b5d9697fdbaef787af952cfdd290fd01e442d1ec495cd28fa502cd69391a2a8d25827820dfd0e6ec7fc8eebda8c60733832f0599375bf82243120243959108900dedf68fb582395e7329f74a835eb8e7c88aa740114f37503739c4963493fe0f20dd3d17713e7fd4f81a2f5236afdbd264af85094c23bc37b644c02bd81947b14815cf33420397aa24195e820b0662c82ea39e755c931f503a2786f3305b55ef5464bdcafbf4ee21304dea27f6327ae912f387fa8cd03800e48da4a63bfc307479b53b03175cf1a5f068ffcbea4304446104384f1e919396338222d11912845837b5b0575d6fcaa14b4315c969ced7c6ee51b833bdc5764e30c77807acaf364e9dfd40ca2bb26bb897a23315987d15d6a5f5c175156556f6603f43e3d5c17d1f4ad3cee56bbb5d326191007828264bd3875873fa8852c2f0e9829706d60016a988896f2ee51e75581e18404ed921fef85babb9b7aa53e2c0051cda5d012fdfec74520f351ace691257f420fb071e0e5b7e0de356aba319c6a97f00445c4008dfd0d20eb76dfa7c4b7601c80f705a37e597d94df38ea25be975fef20b90422cdf1a17d92fcc81032f6cea4437269ed4608e9924184a4bb6dfeb44a547c50dcfe7cb60ff34abc975b87734fb27040b4ab42e079b161bd5687ed83fda26b2b797d12ba02ab9ee599acbea4434ec3e4411f03b5dc97eafe6647f54e3cc8fef7da5b08e27a733628a69917cb6d38c20db54f4093bf540df6d49c888011d2d89ebd3beedf14acb88fdab9378bb7c60bf788c6eaac73ec78bb88db381ab7e8c2c7562fe38541c6c9d500d705ecd4a6be3d6792336fd3bc02a10f0955fbad493bdf9f8b3d1c42a9565a2db92553219aceeff30c42f453e5892ed5e0f15255d591631ac33def62ec2269190988e983da90b63748b0ed66c4512661dc05e78445ea078ea44d38d690376c701cf136d48756a4829f46ac157ea7e03d23a68318078ca25aef53eccb19556c91faffa1b97dbf7a0df3496506a4c5767012cfc375fd3404bbc93c9fe3ade19b2808c9737c1e52c1580c674c916864c0ea9d4f27138644894346554f828c5729d0794cc3e0bc3c26a67b7a4152134039a8b4e1e205d0e885150ceaa453e0c9cd112393088cd08718e2f35c22641695c1b94de169b8d957244d0c4235a1f9b375659d9f69675e75b043b514ff087d932149e3e37d7d5f61b1a24162076c7667395c8873893cf6c11d2cf9ea9933a3ffbbc983cd19816ef6e6c1e7a97fd2aaa13ef1fbfa0159d86806204348b52f0b615e8817a1a269e13a9210dfd147e05526388bf3bd89ec71e7f9f7045ef8c441456588807ebeecb4aa54a359d4679f772b9e8152a2e882d8897d8802c0321235c396f8fc82efb5ff31cff7fb007a507d746d4b3772dc546cf2d7731536c17f2c981759cf58a8943512758f49bdd4ef8e208503d16be37a85e031df4c3ff78117210287df3d97186d0d092513218a449cdfd795302831947611ad3057ed6455b59e2044feb790aaf80bf095f5bd6ecdf30c2f7e67f234a87ccda83340c21edd8ce829bd5adbcc326656500b4c978f623ea649ca51af40b63f5d2700f2e5115b6a7d3bc5d518955c15857e491bd8ff35ec23da75011f74ef9d567fadac842d6c5b662a1a2a16b1ea2cafbe3603d88a8be8e062359e047659282e9224443fb503f2f62541e1ef5ac3284177852420a1922aab632ebde39059bba49d60f64e385d2895f17f72a4f8ce243b9430b5f2332e349edca081e606ba46b57908a8d8673ea1a3d639411f07123e64818bc04e1d51a69918244af63d3ffae9a514d5f5d353977e5da8aa6473faf7384b1123390b00e673c2fd7770f704d7d70afc7e88382f0a135fea65039e2ed87add766cf7d1023750c6291e7223bf0db9540cfd424ec732c3e6ccbd9f15caecf600ee9880549b24b6c8930a2ecc886e9cfccb859df9a2a2785efebc33a5219ec47223fb9738f225378e6f68dda575d32e6871a53e3d15cbbded28666ac85e36b1a38bffe236272fc0dbc7a9837e106fdce3734b02d0f81f1a2a46191b71d5cae9c0e3965bac3b7b2c42adc56b2c4194357e616fbd545591d674f6ebd7650f409266851a7620e2fe6797fd79840ed1363a5be7897b114e8f9326f442344ff7f4e8c648e9f0b8bc64ea2fc9f6db0b78fa385b85dab9126e971c1198a309d2f1da5f8cfef94d854a7f25ffb04b92f75c7474b04de1554b30d48d7ccf806726f64697cef60ce8e8b593776e876d3157fb21affdf2ad3e66fdaa4eaa8581b71668d17348adcad221dce7b7c7b828a109abab1ec55d2e90116bcc373e97d09147298577c21fed1fd286728a1d8f16edd81b434bf4ca115ffcfe90458c7d16f9889d71d3c46e2f03fc3011fb2c451aab03451beef4e44e0ecfc31f498e269375c5e466bfe8301aca650f9e68d48bf569c1b132f1eac3d8b7a716a8a6f227c66ac741d7128e8a3a6ef330897c5b760660b70265c040131937d27c492871b2043b6e2b70f4606fb003f70a2ef1c8c508c88d7816971d1a789f04aba28a2c01b9419e23ba61bd8fa68c5b4d0a0a3adf7c43638e9677b0834d219abde060a5726534611b8818b5764024838fdfb12dfea597217dabbfa077de64278a5979b0afa66443966fa32bbe40ca800d86b272f58bbee7014276981e939e25b94b3550722cacac00d3e63fe89629a0f7ef9f34b608c7961ef0807430a8254edca9c2747282a51ca09610b261c1f252244f566e9aff4aa88646d5e0b1a07ddb2ef3f8c7e9e42065f03b2cdd9d74a2a9f479d7ec88555ffe2471537b7dce046d1787ed5780bfaa8b6085a525e65b11b9cc4e27165b056bd0aa704f9423b87774cefe6694b1d0deceedc4094c3ff54f6f024d24e02b45824bce086467ab62910c16145947e1d07a9e4851e77ab36624ca7fd7f537f17cd593326928d32d4d0ad1fd238ef126a6e142b4210d0ccaf96e149915786e1ef664159745e3f03ee151630312f6a57022f58f165671f88a7897108c648933a77aa1dd4dcecb39067763292719a84b160f5eb0c150df75816c28e894df3af5ac1513f910858434214dd15a75856c5ec51d2fbddcb6cf86711980dae2540859d1a3ea903e4094136f9028f00c72f9ebe05205b37a098f83ab83c24ab2d6cbb0f08afddc111f0089fc2d860e762bb86fbd19ac8983ac3373688da08aefa1957c6e6e87c5ceac8a6f373648004a01daa43d449df9527e34adb337a4a786ca1abbbf5ce413eadcb8fd9a4eb5027e5bcb5b83a10b66a28df0a47275d790aa7ee8d53d4ba23bd13a4cab536b1d3b6326ca2cfe5c44276a54e7a31d8c304b6b697ef507875de3a87461101602dbda6dc1872a625a549f869bb643b042e85b9204ebcbae48b06da5ad738c71297d42c316909aece918d597bf8c4aef92c2a033315487c75962ed47490152b2a306d6c90574bd5ad0763f81293b0a7445c1612a26b35b045c3ead598c573754d5411b345c04b7f045f7110fe17c42542a203686bee5ff67af3906f5f091ae1739a97b85f8373dddad370ea0074ee91015ce8dfe05606e6884bfbb8a0410742b8dcc8d34a216080f138b385bef6eec3139987c5fa070759377fd2440386ee64e2102d39b7f82049fefb2d45f07aa56723ce8b98c463843a0e3af3fe805f96e6276d2ff2897d67994d7c702b1765023066514d9899a3d15226a3cee97a9e91b6b84f0ff39c1fe20d5d6464ba7b1b091155561ee1782a1a27fe4962297faf351b6414efe6feb4ccdac28e6f8cf8d2826f295f3fd1ab85e9207c27c5b3eb092a987ea64bfc3b2227b2ea89c170e5445cc5c10b79ffc416393a3bef61d85752969ebd5b8d47420dc338e09eb54f3cb84e1bfebf5dd8fcd8fac32a213453fcb2a82b9c74357503f09fbfec6500a67d566130a40224e5ac0edd342f1964784343b7036f17044135a64258b98329c62498a819dbc68aed14cfbf7abe9a3c978e002ce8c6a2994ef498c50c7993b772ddfbc0a7a007bc5ba6730728f8dbbc3e35f919684084b5ed534a5f56d4d6d22dc2b8951ec1301b290be1434e82c9d95bf4be597695e655eeb644e6a69b0639f6cdc479c43103c77c9547dad8dc9fa211860bf5adfda67d039e2de35537b5b48a0889f75c78de1f97d58b08a094e64b8330c387b820fd16713d4d55cfe5bf9e6a02663a025c825d02932b729f28c9c448b6f645bdf37fb1561737bd5edf84e8ca93bc8e9acd4214ad95fec7a7c3e6780f26757f60b3d3eb8e420587c955b87aaf4cc060a158c677688a4b6c14551a3a743793828c61126fb53df7e48b3c9212770bf3ebfb60852aa6ac6b56871ca359c28c980ef66ded7acfad5f4fc3da35ab3baf53256f8bc90a043c548e40ff0a02177cf7dd344238c01cde1a51e1fb68c5bdb3248b1bc4296396435931e7a2d08e726fc9fb4efb8904664b6b613486354f9851e2816c0f1dab50f6bd9e1e266d4a3c7cbc285cd55e3c7f74b591d8d409e4938b2b72187c883e42672268f18f2bb334ea9e701fcaa7d0a8143c25561d051262e833f4ed096e95af150fa07b72b3a81808931df3516c75f9217639d0048c833f64c0089b1311602a81325ebba842ae677ac9d7f3afbc29126262d88a35337371e1a8e4a9bff2a497132b2604f01a6c66b97659de48a4c2b38bb1fe579e178a1fb894584498db1133cc76311f7a9d6a69caa192a956eecd6cb36fa33626d1f3967adab30db5cac576a8a7237ae50e89a7ed577fc1e4c13e0ef5dc137ba500b1806ede288236671d6c2bbc4e80fb60e109016a28fa33c86a983c85b2eb6bcb97b20b17e2d614867618360ae620cfc2cdde987ecb470fa96ba0e8bcca18b1dee027383c63c96491b9e3f27cde8ab39048198da593b29c3276918dc7793dc7615875ed7fbd3150e6d1dc8a588aa71ff760062042a989d35f5c4cf4fcb63b81aca975dc82584ef619e80a41fc4e156fa79e0a4b596e05429114fe57648796705ccdb6f0722550d2ce54fe9e6a026d7080b6a334696104a6d564e2e568fa0bc38e846ecdf378b661a5a656defe51262162604115fe514bc34a31296a89d511a46267fd25583c5fec6b9c626b7b17671d9fe11a0bf93a67e0a159077b3070783260bed5684df9d7885b29c95961f06995df74e813f06b8994a51c5b640f478b120ed8ecfcec66897f5d6f1703930dce8fc58d234b1a0e50c38e56237886cec0557afd7d31beee571119aea8f477fcca22b4f55c1f1570a60224ae97fd435edaf2794efb3d18c158dbffc8b9ebbfaf1b0d55d4c83fe8ceb9bb554d1c47eb8d11dd6f8fb2e9a2aeb9a77faf5309921adca9cbe9253105df2dac33985dc0d2d5221f543a2a36bd71eb8d81d37c21bf5517c12490b7556191f0f8a277693bc3c0207282e39fd728566b723c8579f185e46cbe6ca78d02eae7ca22d69fc8cc17cf55b3a4a2c4021d9a655d2374b25bc8457d5452cae2c6fd4beb1c157dfec544054c9b9010c3c3efa3f95984396d32a23461939ec6774bc22c417c4b0fb57a57b98e8020fe2d7d6c340364a6d8e9d2962ec2287c77a28e8e96bd774cca"}})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcf}]})
unshare(0x20020000)
syz_open_dev$radio(&(0x7f0000002100), 0x1, 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000008c0)=[{0x16}]})
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x0, 0x0, 0x1}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00')
fchdir(r5)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x5750c0}, 0x18)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
r8 = syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x442001)
ioctl$LOOP_SET_DIRECT_IO(r8, 0x4c08, 0x6)
sendmsg$NL80211_CMD_GET_STATION(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000040)=ANY=[@ANYBLOB="c16050240d1c4e", @ANYRES16=r1, @ANYRES32=r7], 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x44040014)

7.039550588s ago: executing program 0 (id=6472):
set_mempolicy(0x4005, &(0x7f0000000040)=0x16, 0x6)
socket$inet(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0xee51f8e81ca5ea8b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
get_robust_list(0x0, &(0x7f0000000300)=0x0, &(0x7f0000000340))
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x3)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000080)=@req={0x20, &(0x7f0000001100)={'geneve1\x00', @ifru_mtu=0x404}})
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_G_TUNER(r3, 0xc054561d, &(0x7f0000000180)={0x0, "836d11f8a2f7337496bff2b4d43d400ebf870e7cf92542da0cbdf188dede83ee", 0x1, 0x80, 0x7ffffffb, 0x7, 0x1, 0x1, 0x0, 0x3})
syz_genetlink_get_family_id$tipc(&(0x7f00000010c0), 0xffffffffffffffff)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000001040))
capset(0x0, &(0x7f0000001080)={0xfffffffc, 0x1, 0x4007, 0x81, 0x12})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0145b0e, &(0x7f0000001280))
pselect6(0x40, &(0x7f00000000c0)={0x1, 0x10005, 0x1, 0xf27, 0x401, 0x7, 0x81, 0x8}, 0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000340)={0x0})
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x6a, 0x3, 0x0, &(0x7f0000001240))
syz_io_uring_setup(0x598a, &(0x7f0000001180)={0x0, 0x517, 0x40, 0x0, 0x1b}, &(0x7f0000001140), &(0x7f0000000140), 0x0)

7.036522619s ago: executing program 5 (id=6473):
r0 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x100, 0x81, 0x10}, 0x18)
ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000100)=""/75)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f01000000000000000000090582024000000000090559b1"], 0x0)

6.925012737s ago: executing program 2 (id=6474):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xed}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8983, &(0x7f0000000440)={0x8, 'veth0_to_bond\x00', {'vcan0\x00'}, 0x1})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000400)={0xfffc, 0x0, 0x3, 0xffff}, 0x8)
r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\\\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
sendto$inet6(r4, &(0x7f0000000040), 0x0, 0x94, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
r8 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r9 = socket$rxrpc(0x21, 0x2, 0xa)
recvmmsg(r9, &(0x7f00000030c0)=[{{&(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/94, 0x5e}, {&(0x7f0000000300)=""/14, 0xe}], 0x2}, 0x1548}, {{0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000000700)=""/102, 0x66}, 0x1}, {{&(0x7f0000000780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000800)=""/91, 0xffffffffffffff00}, {&(0x7f0000000880)=""/10, 0x14}, {&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/131, 0x83}], 0x4, &(0x7f00000019c0)=""/172, 0xac}, 0x4}, {{&(0x7f0000000380)=@nfc, 0x80, &(0x7f0000001bc0), 0x1}, 0x6}, {{&(0x7f0000001c40)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000001fc0), 0x0, &(0x7f0000002000)=""/62, 0x3e}, 0x10}, {{0x0, 0x0, &(0x7f0000002080)=[{&(0x7f0000002040)=""/61, 0x3d}], 0x1, &(0x7f00000020c0)=""/4096, 0x1000}, 0x8}], 0x6, 0x3, &(0x7f0000003180)={0x77359400})
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6c}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$HIDIOCSREPORT(r8, 0x400c4808, &(0x7f0000000080)={0x3, 0x200, 0x4})
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r10, 0x545c, 0x300)
sendmmsg$inet(r6, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f00000000c0)="b9cd14dd52f580a845", 0x9}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000080)=@gcm_128={{}, "9005451377480361", "bbad434d19477339418b5b79f10c141a", "dc717b03", "72f2ea1a3290afcc"}, 0x28)

5.872863384s ago: executing program 0 (id=6479):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000800)={'syztnl0\x00', 0x0})
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x40702)
ioctl$USBDEVFS_CONNECTINFO(r2, 0x80045505, &(0x7f0000002a40))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x1, <r5=>r3})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000004c0)={0x38, 0x0, 0x55, 0x80, 0x0, 0xb49, 0x200000000002, 0x7, 0x1a, 0xfffffffa}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40040)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a5c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000300003801c0000800c00018006000100d10300000c000440000000002df31ab30c000080080003400000000204000080140000001100010000000000000000000700000ac26ace305335312242b352734fc29a515106d04cea0e2579babea46c30300a9c28052b22f74c984fda6390fdb731ccf9ceeaf391abd9b62dca52cbfbea0df85d7497f055480fa7658a59097a3d31f094fd4df74970002699ef37044e80b892f9b7df"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f00000002c0))
io_setup(0x61, 0x0)
ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f0000000000))
dup2(0xffffffffffffffff, 0xffffffffffffffff)
io_submit(0x0, 0x0, &(0x7f0000000280))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r5, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, &(0x7f0000000200)=[0x0], &(0x7f00000003c0)=[0x0, 0x0], 0x0, 0xa3, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000480), &(0x7f0000000600), 0x8, 0xee, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)

5.821477333s ago: executing program 5 (id=6480):
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @random="ce3500590a7f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x2, 0x2, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "eed95425ef497343e285ee56ff9cd27f91306943185560d0", "424927f0b3a5b1a5bae583a55bca1d80986985716b5fe7237cbf62ea040ff7c4"}}}}}}, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@broadcast, @random="67eaa8fce250", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x25, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x4, 0x0, 0x11, 0x0, @gue={{0x1, 0x1, 0x2, 0x42, 0x0, @void}, "efc159f70f"}}}}}}, 0x0)

5.793530036s ago: executing program 5 (id=6481):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xed}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8983, &(0x7f0000000440)={0x8, 'veth0_to_bond\x00', {'vcan0\x00'}, 0x1})
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000400)={0xfffc, 0x0, 0x3, 0xffff}, 0x8)
r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\\\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
sendto$inet6(r4, &(0x7f0000000040), 0x0, 0x94, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
r8 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r9 = socket$rxrpc(0x21, 0x2, 0xa)
recvmmsg(r9, &(0x7f00000030c0)=[{{&(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000240)=""/94, 0x5e}, {&(0x7f0000000300)=""/14, 0xe}], 0x2}, 0x1548}, {{0x0, 0x0, &(0x7f00000006c0), 0x0, &(0x7f0000000700)=""/102, 0x66}, 0x1}, {{&(0x7f0000000780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000001980)=[{&(0x7f0000000800)=""/91, 0xffffffffffffff00}, {&(0x7f0000000880)=""/10, 0x14}, {&(0x7f00000008c0)=""/4096, 0x1000}, {&(0x7f0000000640)=""/131, 0x83}], 0x4, &(0x7f00000019c0)=""/172, 0xac}, 0x4}, {{&(0x7f0000000380)=@nfc, 0x80, &(0x7f0000001bc0), 0x1}, 0x6}, {{&(0x7f0000001c40)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000001fc0), 0x0, &(0x7f0000002000)=""/62, 0x3e}, 0x10}, {{0x0, 0x0, &(0x7f0000002080)=[{&(0x7f0000002040)=""/61, 0x3d}], 0x1, &(0x7f00000020c0)=""/4096, 0x1000}, 0x8}], 0x6, 0x3, &(0x7f0000003180)={0x77359400})
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6c}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$HIDIOCSREPORT(r8, 0x400c4808, &(0x7f0000000080)={0x3, 0x200, 0x4})
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r10, 0x545c, 0x300)
sendmmsg$inet(r6, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f00000000c0)="b9cd14dd52f580a845", 0x9}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000080)=@gcm_128={{}, "9005451377480361", "bbad434d19477339418b5b79f10c141a", "dc717b03", "72f2ea1a3290afcc"}, 0x28)

5.166855911s ago: executing program 1 (id=6482):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$char_usb(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000001180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xf7fffe0000000001, 0xfa13, 0xffffffff}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
syz_emit_ethernet(0x52, &(0x7f00000001c0)={@remote, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @dev={0xfe, 0x80, '\x00', 0x8}, @private2={0xfc, 0x2, '\x00', 0x1}, {[@hopopts={0x3c}], {{0x2c00, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}})
sendmsg$nl_generic(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
writev(r2, &(0x7f00000013c0), 0x0)
socket$kcm(0x21, 0x2, 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe)
pselect6(0x40, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x0, 0x800, 0x0, 0x8000100ffffe}, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r7, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r7, 0x1)
r8 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0xffffff7f, 0x80000000, 0x47504a50, 0x1, 0xc, [{0x9, 0x48256d1d}, {0x3, 0xb}, {0x400, 0x5}, {0x4, 0x9}, {0x8, 0x6}, {0x2, 0x1}, {0x9, 0x9}, {0x3ff, 0x5}], 0xe, 0x3, 0x4, 0x2, 0x6}})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, 0x0)

4.588738074s ago: executing program 3 (id=6483):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x0, 0x1}, {0x4f, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x2}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]})
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250)
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@local, @random="ce3500590a7f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x2, 0x2, 0x11, 0x0, @empty, @empty}, {0x4e23, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "eed95425ef497343e285ee56ff9cd27f91306943185560d0", "424927f0b3a5b1a5bae583a55bca1d80986985716b5fe7237cbf62ea040ff7c4"}}}}}}, 0x0)
syz_emit_ethernet(0x33, &(0x7f0000000140)={@broadcast, @random="67eaa8fce250", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x0, 0x25, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x4, 0x0, 0x11, 0x0, @gue={{0x1, 0x1, 0x2, 0x42, 0x0, @void}, "efc159f70f"}}}}}}, 0x0)

4.369079967s ago: executing program 3 (id=6484):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x30, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid}, @typed={0x8, 0x14, 0x0, 0x0, @uid}]}, @nested={0x4, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
unshare(0x24020400)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha384\x00'}, 0x58)
sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000001640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001600)={&(0x7f0000001b40)={0x298, r1, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x265}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x198, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}, @TIPC_NLA_NODE_ID={0x8d, 0x3, "2ecdd71bcef75d445d91c896a761e566559cd97e5f40b0aa866dc4ff0ba47d43c74bad440d20cd17e3e5928ce04b0610c0b78eacfa6608df1f670437a85420ebae96984093ffafc0147b96f55ba7e88b307739c15da25994a58df4830d757c0d1a57861e11b830aae2db44fdd6efd8d6cda5c3907dea4a97b7b81c3bf0d290aaee0ce6d38047367c8d"}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "1e19e10934fb23647b1049a16b3e4d2a3067192703114d23e23ce4fd"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xb3, 0x3, "3e7aef05d7a4281b33c76773a3ce68839b8e14b2afb690d676f1b2f3eecc47763e87e70998891b284730199b12d84c3e668874aece40b1f3b0520cf9c1567796ed8e8be229ff4434ba1ec8140d3467f5905a5c94b057e670f0e4a242aee439dcf9dd156e9f893abd94dec1c877b0cbf10e8f2ab245977a99978095ee2fd971121569a615e59916397e75854a39f615b5ec32231be8b944b61cd15ee7ada73ee37f7291862ccc89da3d27689415cb32"}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xdff9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffff232}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_NET={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xf}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x800}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6f79cc4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x41e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}]}, 0x298}, 0x1, 0x0, 0x0, 0x4000000}, 0xc000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet(0x2, 0x5, 0x0)
shutdown(r5, 0x0)
recvmmsg(r5, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@ipv4_newroute={0x30, 0x18, 0x35f32a6dfa748ddb, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1800}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @SEG6_LOCAL_IIF={0x8, 0x6, 0x7}}]}, 0x30}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904"], 0x0)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xd4, 0x0, 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
recvmmsg(r0, &(0x7f0000003540)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x29}, 0x1f8}, {{0x0, 0x0, 0x0}, 0x3bf}, {{0x0, 0x0, 0x0}, 0x800}, {{0x0, 0x0, &(0x7f0000003280)=[{&(0x7f0000001ac0)=""/107, 0x6b}, {&(0x7f0000000000)=""/131, 0x83}, {&(0x7f0000000300)=""/4097, 0x1001}, {&(0x7f0000002f80)=""/235, 0xeb}], 0x4}, 0x81}], 0x5e, 0x40010132, 0x0)

4.267623751s ago: executing program 0 (id=6485):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$char_usb(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000001180)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xf7fffe0000000001, 0xfa13, 0xffffffff}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
syz_emit_ethernet(0x62, &(0x7f00000001c0)={@remote, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x2c, 0x2c, 0x0, @dev={0xfe, 0x80, '\x00', 0x8}, @private2={0xfc, 0x2, '\x00', 0x1}, {[@hopopts={0x3c, 0x1, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x5, 0x40}}]}], {{0x2c00, 0x3, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
r5 = syz_open_dev$loop(0x0, 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}})
sendmsg$nl_generic(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
writev(r2, &(0x7f00000013c0), 0x0)
socket$kcm(0x21, 0x2, 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000180)={0x20, 0xff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x0, 0x93}, 0xe)
pselect6(0x40, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x0, 0x800, 0x0, 0x8000100ffffe}, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r7, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r7, 0x1)
r8 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0xffffff7f, 0x80000000, 0x47504a50, 0x1, 0xc, [{0x9, 0x48256d1d}, {0x3, 0xb}, {0x400, 0x5}, {0x4, 0x9}, {0x8, 0x6}, {0x2, 0x1}, {0x9, 0x9}, {0x3ff, 0x5}], 0xe, 0x3, 0x4, 0x2, 0x6}})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, 0x0)

3.820770331s ago: executing program 2 (id=6486):
r0 = socket$kcm(0x2d, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='limits\x00')
lseek(r1, 0x6, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, r2, 0x100, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x451}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x8a}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4004001)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0xf00, 0x0, 0x80}, 0xa, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x48d0}, 0x44044)

3.621560775s ago: executing program 2 (id=6487):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x38, r0, 0x801, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "7ee5d52ffd"}, @NL80211_KEY_DEFAULT={0x4}]}]}, 0x38}}, 0x0) (fail_nth: 5)

3.470126656s ago: executing program 1 (id=6488):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x2)

3.212167355s ago: executing program 0 (id=6489):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x40001}, 0x881)
r1 = dup(r0)
setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0x83, &(0x7f0000000140)=@assoc_value={0x0, 0x401}, 0x8)

3.112394773s ago: executing program 0 (id=6490):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
readv(r0, &(0x7f0000001440)=[{&(0x7f0000000040)=""/20, 0x14}], 0x1)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000000))

3.111938224s ago: executing program 2 (id=6491):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000002a40)={0x1, 0xe, &(0x7f0000000880)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0x0, 0x3b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x1}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0x10}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r3, 0x89f4, &(0x7f00000003c0)={'sit0\x00', &(0x7f00000002c0)={@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, 0x0, 0x60, 0x0, [{@local}, {@local}, {@broadcast}, {@multicast1}, {@local}, {@local}]}})
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000440)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8, "37ceecdd233affffff7f00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
socket(0x400000000010, 0x3, 0x0)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000002a00)={r0}, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000096c0)=[{{&(0x7f0000002840)=@phonet, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002b00)=""/76, 0x4c}], 0x1}, 0x8}, {{&(0x7f0000002bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000002c40)=""/196, 0xc4}, {&(0x7f0000002d40)=""/17, 0x11}, {&(0x7f0000002d80)=""/255, 0xff}, {&(0x7f0000002e80)=""/17, 0x11}, {&(0x7f0000002ec0)=""/126, 0xffffffffffffff1e}], 0x5, &(0x7f0000002f80)=""/67, 0x43}, 0x8}, {{&(0x7f0000003000)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000003280)=[{&(0x7f0000003080)=""/167, 0xa7}, {&(0x7f0000003140)=""/108, 0x6c}, {&(0x7f00000031c0)=""/173, 0xad}], 0x3, &(0x7f0000009780)=""/4106, 0x100a}, 0x3}, {{&(0x7f00000042c0)=@l2tp6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000008280)=[{&(0x7f0000004340)=""/60, 0x3c}, {&(0x7f0000004380)=""/202, 0xca}, {&(0x7f0000004480)=""/39, 0x27}, {&(0x7f00000044c0)=""/48, 0x30}, {&(0x7f0000004500)=""/173, 0xad}, {&(0x7f00000045c0)=""/124, 0x7c}, {&(0x7f0000007200)=""/4096, 0x1000}, {&(0x7f0000008200)=""/19, 0x13}, {&(0x7f0000008240)=""/1, 0x1}], 0x9}, 0x8}, {{&(0x7f0000008300), 0x80, &(0x7f00000095c0)=[{&(0x7f0000008380)=""/4096, 0x1000}, {&(0x7f0000009380)=""/99, 0x63}, {&(0x7f0000009400)=""/51, 0x33}, {&(0x7f0000009440)=""/152, 0x98}, {&(0x7f0000009500)=""/168, 0xa8}], 0x5, &(0x7f0000009600)=""/187, 0xbb}, 0x29c}], 0x5, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
r8 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
write$cgroup_subtree(r8, &(0x7f0000002940)=ANY=[], 0xfe33)
recvmsg(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/134, 0x86}, {&(0x7f0000000540)=""/155, 0x9b}, {&(0x7f0000000600)=""/243, 0xf3}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/223, 0xdf}, {&(0x7f0000001800)=""/4080, 0xff0}], 0x6}, 0x0)
syz_open_dev$loop(&(0x7f00000002c0), 0x40, 0x2de408181b0ddd7d)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r9, 0x5cd8, 0x0)
r10 = syz_open_procfs(0x0, &(0x7f0000000080)='net/netlink\x00')
read$FUSE(r10, &(0x7f00000051c0)={0x2020}, 0x2020)
pread64(r10, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
setns(0xffffffffffffffff, 0x0)
ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4038587a, &(0x7f00000028c0)={{<r11=>r6, &(0x7f0000002900)='5\x1cO\x9ec*&1>\x16\xbf\xe5E\xd0\xc0:P\x91\xc3>Cz\xf6\xa4\x19\x9d\x86\x82\xb9b\x1d\x89\x88}/\xf0\x8f\x1bj\xe5\x97\x04\xbb\x05\x7f\xc8\xf0', 0xc4082, &(0x7f0000000400)={@_ha_fsid={[0x7, 0x9]}, {0x0, 0x7, 0x40005, 0x7fffffffffffffff}}, 0x8002, &(0x7f0000002800), &(0x7f0000002940)=0x3}, {[0x10000, 0x3, 0x10003, 0x9]}, 0x8081, 0x7c, &(0x7f0000002980)=""/124})
setsockopt$inet_MCAST_JOIN_GROUP(r11, 0x0, 0x2a, &(0x7f0000000000)={0x75, {{0x2, 0x4e23, @empty}}}, 0x84)

3.110731357s ago: executing program 1 (id=6492):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)={0x34, 0x3e, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @pid}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x33}]}, @typed={0x8, 0x9, 0x0, 0x0, @fd=r0}]}, 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba3572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x1)
ioctl$LOOP_CTL_ADD(r1, 0x4c80, r2)

3.0374145s ago: executing program 0 (id=6493):
r0 = socket$inet(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r2=>0x0})
r3 = openat$urandom(0xffffff9c, &(0x7f0000003580), 0x80100, 0x0)
pread64(r3, 0x0, 0x0, 0xa)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000180)={r2, 0x1, 0x6}, 0x10)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000080)={r2, 0x3, 0x6, @random="7c6a97bead69"}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r4, &(0x7f0000002500)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001980)=""/96, 0x60}], 0x1, 0x0, 0x18}, 0x9}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000002280)=""/58, 0x3a}], 0x1, &(0x7f0000002300)=""/12, 0xc}, 0x90}], 0x2, 0x40002122, 0x0)
sendmsg$tipc(r4, &(0x7f0000000200)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000500)="e8", 0x1}], 0x1}, 0x4800)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000034709d405f0530c6acb60102030109021200fd000000000904"], 0x0)
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000700)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="400d010600001d"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r5, 0x0, &(0x7f00000008c0)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="40090700000050f1"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'vlan1\x00'})

2.953134435s ago: executing program 1 (id=6494):
r0 = syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0xe9f0, 0x13090, 0x0, 0x130}, 0x0, 0x0, &(0x7f0000000000))
pipe(&(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x10000008ebc, 0x0)
r3 = syz_clone(0x8000400, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
openat$kvm(0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r3, 0x0, 0x0)
ptrace$getregset(0x4204, r3, 0x2, 0x0)
landlock_restrict_self(r1, 0xa)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x4, 0x71, 0x2, 0x6, 0x3, 0x2, 0x1, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x3, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0x0, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0xa0009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0xb, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x101, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x200001f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x4, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x5, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x2, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c18, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x1394}}, 0x24000840)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000040)={0x18, 0x0, {0x4, @empty, 'gre0\x00'}}, 0x1e)
sendmmsg(r4, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0xb56e2e3f2d9728b3, 0x8, 0x8001, 0x0, 0x9, 0x100000003, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wlan0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000100001000000fcfffedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="5d5b00002a8900001c001a8018000a80140007002001000000000000000000000000000214003500677265300000000000000000000000000800040061000000"], 0x58}}, 0x0)
r7 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x100000000)
bind$inet(r7, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10)
syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1a7a40)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$P9_RCREATE(r8, &(0x7f0000000000)={0xffffffffffffff2b, 0x73, 0x1, {{0xe4, 0x3, 0x1}, 0x8}}, 0x18)

2.710658682s ago: executing program 5 (id=6495):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x0, 0x0)
lseek(r0, 0x0, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x0, 0x4, 0x2, 0x0, 0xfffffe0000000000, 0x80fa11, 0x8001}, 0x0)
pipe2$watch_queue(&(0x7f0000000140), 0x80)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x8000, 0x2, 0x180, 0x4, 0x10, 0x7, 0x50, 0x5, 0x2, 0x6, 0xfffffffffffffffe, 0x8000000000000000, 0xf4a, 0x406, 0xbdb], 0xffff1001, 0x4000})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0)
r5 = eventfd(0x80000001)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5})

2.094437357s ago: executing program 2 (id=6496):
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271a, 0x0, &(0x7f0000000080)=0xfffffffffffffdab)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0xf00, 0x0, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))
io_uring_enter(r2, 0x1, 0x6e6d, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x10)
r4 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0f0000}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)='3', 0x1}, {&(0x7f0000000180)=' E', 0x2}], 0x2)
r5 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x4c, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xac1e0100}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20004000}, 0x80)

2.057202s ago: executing program 1 (id=6497):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000480), 0xfffffffffffffffa, 0x1841)
writev(r2, &(0x7f0000000040)=[{&(0x7f0000000500)="9b7385220700000000000000e57c489b51b14b7aea6ef45d0c085cb7df42ccf49eabcf03d0e97bb857dbd8d553", 0x2d}, {&(0x7f0000000540)="53000000d073b0f3347edc854b4bc4db1e2e1302af076bb6c9909a18e554d5ecc9db5942dac6a182a0efc18289ba2d68f7e5121dc8db62a39389242ce69529ab9bb7aad26d928b530b9345c2ccce127c1405386bab9074b6", 0x58}], 0x2)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0xf9ba, 0x101)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r3 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0185648, &(0x7f00000001c0)={0x87b0000, 0x400, 0x7d, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0xafb55f22487b7594, 0x7, '\x00', @value64=0x7f}})

1.169080434s ago: executing program 2 (id=6498):
r0 = socket(0x2b, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400ff0160291d000905", @ANYRES8, @ANYBLOB="50a0"], 0x0)
syz_open_dev$audion(&(0x7f00000002c0), 0x3, 0x1)
close_range(r1, r0, 0x2)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket(0x28, 0x4, 0x5b0000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x14, 0x303000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_CHANNEL(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010027bd7000fedbdf254100000008000300", @ANYRES32=r5, @ANYBLOB="08e0c7c1d5df8eaa5cdc6c112e291df18af4a1318724e8149b0ab8bbfd19e973bb749134d7ec447ba256d7eb28f37c54913b53d50366c7747618098d0b561b2d9c98be69dd019f0eead393688a833260c77139171ab69fa01bd0db29c59a58158e9cab99827e868d851769535cdc1c37046a12031a76317fe48d44906579c6b66d13267238155a6036dc6b0f"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x4040004)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2})
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r6, 0x12, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r6, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write$P9_RGETLOCK(r7, &(0x7f00000002c0)=ANY=[], 0x200002e6)
fcntl$setpipe(r7, 0x407, 0x100000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x4048800}, 0x10)

1.123640486s ago: executing program 3 (id=6499):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
close(r0)
socket(0x1e, 0x5, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e23, @broadcast}, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000440)={0xa, 0x4e21, 0x0, @empty, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x28)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000340)=@ccm_128={{0x304}, "1f5fe89b3e65d0fd", "313a19ff4c7d278bf34b54168b154d15", "1e5a7ddb", "2fd978cbd6bf3b5d"}, 0x28)
setsockopt$inet6_tcp_int(r1, 0x11a, 0x4, &(0x7f0000000040), 0x44)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r4, &(0x7f0000001900)={0x0, 0x0, 0x0}, 0x20040000)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x30004001)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000)
mbind(&(0x7f0000582000/0x1000)=nil, 0x1000, 0x8003, &(0x7f0000000000)=0xd, 0xb, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
sendmsg$nl_generic(r5, 0x0, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000900)=ANY=[@ANYBLOB="44000000000801010000000000000000030000020900010073797a3100000000060002408809000014003fde97e6c68878f46e124bf53d97190480080007400000040608"], 0x44}, 0x1, 0x0, 0x0, 0x20024810}, 0x0)
sendmsg$nl_route(r6, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@dellink={0x34, 0x11, 0x1, 0x70bd26, 0x5dfdbff, {0x0, 0x0, 0x0, 0x0, 0xda23, 0x40000}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth0_vlan\x00'}]}, 0x34}, 0x1, 0x200000000000000, 0x0, 0x10}, 0x0)

914.47851ms ago: executing program 5 (id=6500):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000d042abd700000e8000000000000", @ANYRES32=0x0, @ANYBLOB="1422010000000300240012800900010062"], 0x44}, 0x1, 0x0, 0x0, 0x400c0}, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd24, 0x1, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x9, 0x7b2d2bff, 0x4, 0x2bfe, 0x6, 0x9, 0x3, 0x5, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r10, {0x0, 0xd}, {0xfff1, 0xb}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x1}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(0xffffffffffffffff, 0x3ba0, &(0x7f0000000000)={0x48, 0x9, 0x0, 0x0, 0x8000})
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r11, 0xae9a)
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000200)={[0x4, 0x20000000, 0x3, 0xfffffffffffffffc, 0x0, 0x0, 0x2004cb, 0x3, 0x40000000, 0x7ffffffffffffff8, 0x0, 0xfffffffffffff2a7, 0x2000000000003ff, 0x8], 0x0, 0x200306})
ioctl$KVM_NMI(r11, 0xae9a)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r12 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a70000000000090507", @ANYRES32], 0x0)
syz_usb_control_io(r12, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x0, 0x5, 0x1, 'O'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

310.015998ms ago: executing program 1 (id=6501):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x11)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r3 = fsopen(&(0x7f0000000100)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x20000, 0x7, 0x1}, 0x0, 0x0, &(0x7f0000000000))
syz_emit_ethernet(0x2a, 0x0, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000900)={0x0, @bt={0x8e, 0x81, 0x1, 0x1, 0x1, 0x7ff, 0x400, 0x5, 0x3, 0x7, 0x10000, 0x40, 0x1, 0x5, 0xc, 0x22, {0xcf, 0x10001}, 0x2, 0x7f}})
connect$inet6(r2, &(0x7f0000000480)={0xa, 0x4e24, 0x336, @mcast2, 0x5}, 0x1c)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
r5 = dup2(r2, r2)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000001c0)={@mcast1, 0x8000003, 0x1, 0xff, 0x11, 0x0, 0x400}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x2a}, 0x8000000, 0x1, 0x0, 0xc, 0x4}, 0x20)
sendmmsg$unix(r5, &(0x7f0000008380), 0x400000000000174, 0x4008890)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x200803, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
socket(0x10, 0x803, 0x0)
syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
close(0x3)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='numa_maps\x00')

298.804173ms ago: executing program 3 (id=6502):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x2)

88.606651ms ago: executing program 3 (id=6503):
r0 = openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0185648, &(0x7f00000001c0)={0x87b0000, 0x400, 0x7d, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0xafb55f22487b7594, 0x7, '\x00', @value64=0x7f}})

0s ago: executing program 3 (id=6504):
sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x14, 0x0, 0x300, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40000800)
syz_usb_connect(0x0, 0x5d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000551b8920b822276080c20102030109024b0001000000000904000000020a0000052406000005241d00000d240f01000200000000000200072414003824d0062413"], 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r0, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000540)={0x168, r1, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}, {@pci={{0x8}, {0x11}}, {0x1c}}]}, 0x168}, 0x1, 0x0, 0x0, 0x40080}, 0x814)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@dellink={0x28, 0x11, 0x1, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x20, 0x21160}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40040}, 0x20000084)

kernel console output (not intermixed with test programs):

x10/0x10
[ 1492.679459][T26910]  ? get_pid_task+0x20/0x1f0
[ 1492.679486][T26910]  ? get_pid_task+0x20/0x1f0
[ 1492.679509][T26910]  ? get_pid_task+0x20/0x1f0
[ 1492.679563][T26910]  ? __fget_files+0x2a/0x420
[ 1492.679589][T26910]  ? __fget_files+0x3a0/0x420
[ 1492.679626][T26910]  __sys_sendmsg+0x183/0x260
[ 1492.679659][T26910]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1492.679713][T26910]  __do_fast_syscall_32+0x229/0x6e0
[ 1492.679735][T26910]  ? do_fast_syscall_32+0x33/0x70
[ 1492.679753][T26910]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1492.679782][T26910]  ? asm_int80_emulation+0x1a/0x20
[ 1492.679810][T26910]  ? do_int80_emulation+0x286/0x530
[ 1492.679830][T26910]  ? trace_irq_disable+0x3b/0x140
[ 1492.679865][T26910]  do_fast_syscall_32+0x33/0x70
[ 1492.679886][T26910]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1492.679912][T26910] RIP: 0023:0xf709f01c
[ 1492.679932][T26910] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1492.679951][T26910] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1492.679974][T26910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1492.679989][T26910] RDX: 0000000004040000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1492.680002][T26910] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1492.680014][T26910] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1492.680026][T26910] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1492.680057][T26910]  </TASK>
[ 1493.072195][T26916] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6150'.
[ 1493.420473][T26933] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1493.449190][T11999] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1493.480920][T26933] netlink: 'syz.0.6154': attribute type 6 has an invalid length.
[ 1493.599840][T11999] usb 4-1: Using ep0 maxpacket: 16
[ 1493.614854][T11999] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[ 1493.630986][T11999] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1493.642798][T11999] usb 4-1: Product: syz
[ 1493.647330][T11999] usb 4-1: SerialNumber: syz
[ 1493.660916][T11999] usb 4-1: config 0 descriptor??
[ 1493.678329][T11999] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1493.688851][T11999] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[ 1493.700094][T26935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1493.712233][T11999] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1493.719502][T11999] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[ 1493.762205][T26935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1493.812802][T26935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1493.833032][T26935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1493.891338][T26923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6152'.
[ 1493.920202][ T5697] usb 4-1: USB disconnect, device number 32
[ 1494.289817][T11999] usb 2-1: new low-speed USB device number 83 using dummy_hcd
[ 1494.462695][T11999] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1494.483445][T11999] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[ 1494.506857][T11999] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1494.538259][T11999] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1494.567566][T11999] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1494.578114][T11999] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1494.588248][T11999] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1494.611209][T11999] usb 2-1: string descriptor 0 read error: -22
[ 1494.618439][T11999] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1494.627830][T11999] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1494.649835][T11999] usb 2-1: config 0 descriptor??
[ 1494.663373][T11999] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1494.675670][T11999] hub 2-1:0.0: probe with driver hub failed with error -5
[ 1494.700083][T11999] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input61
[ 1495.089431][T26947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6159'.
[ 1495.104032][T26947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6159'.
[ 1495.120889][T26955] loop2: detected capacity change from 0 to 7
[ 1495.212308][T26955] Dev loop2: unable to read RDB block 7
[ 1495.218327][T26955]  loop2: unable to read partition table
[ 1495.225241][T26955] loop2: partition table beyond EOD, truncated
[ 1495.231905][T26955] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[ 1495.254034][T26956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1495.266190][T26956] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1495.295436][T26956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6157'.
[ 1495.326990][T26956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6157'.
[ 1497.846817][T26978] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6168'.
[ 1498.658632][T26995] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1498.867645][T26998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1498.941010][T26998] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1499.310532][T11995] usb 2-1: USB disconnect, device number 83
[ 1499.405362][T27002] loop2: detected capacity change from 0 to 7
[ 1499.429738][T27002] Dev loop2: unable to read RDB block 7
[ 1499.436000][T27002]  loop2: unable to read partition table
[ 1499.444842][T27002] loop2: partition table beyond EOD, truncated
[ 1499.465996][T27002] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[ 1501.404507][T27024] FAULT_INJECTION: forcing a failure.
[ 1501.404507][T27024] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1501.418438][T27024] CPU: 1 UID: 0 PID: 27024 Comm: syz.3.6181 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1501.418471][T27024] Tainted: [L]=SOFTLOCKUP
[ 1501.418479][T27024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1501.418492][T27024] Call Trace:
[ 1501.418501][T27024]  <TASK>
[ 1501.418510][T27024]  dump_stack_lvl+0xe8/0x150
[ 1501.418541][T27024]  should_fail_ex+0x412/0x560
[ 1501.418574][T27024]  _copy_from_user+0x2d/0xb0
[ 1501.418608][T27024]  kstrtouint_from_user+0xd6/0x180
[ 1501.418637][T27024]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1501.418682][T27024]  proc_fail_nth_write+0x8e/0x210
[ 1501.418703][T27024]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1501.418733][T27024]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1501.418760][T27024]  vfs_write+0x29a/0xb90
[ 1501.418797][T27024]  ? __pfx_vfs_write+0x10/0x10
[ 1501.418820][T27024]  ? __fget_files+0x2a/0x420
[ 1501.418840][T27024]  ? __fget_files+0x3a0/0x420
[ 1501.418854][T27024]  ? __fget_files+0x2a/0x420
[ 1501.418874][T27024]  ksys_write+0x150/0x270
[ 1501.418893][T27024]  ? __pfx_ksys_write+0x10/0x10
[ 1501.418913][T27024]  ? asm_int80_emulation+0x1a/0x20
[ 1501.418929][T27024]  do_int80_emulation+0x181/0x530
[ 1501.418948][T27024]  ? trace_irq_disable+0x3b/0x140
[ 1501.418978][T27024]  ? asm_int80_emulation+0x1a/0x20
[ 1501.418996][T27024]  ? clear_bhb_loop+0x40/0x90
[ 1501.419016][T27024]  ? clear_bhb_loop+0x40/0x90
[ 1501.419040][T27024]  asm_int80_emulation+0x1a/0x20
[ 1501.419060][T27024] RIP: 0023:0xf71761ab
[ 1501.419080][T27024] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[ 1501.419106][T27024] RSP: 002b:00000000f54364bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[ 1501.419130][T27024] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54365d0
[ 1501.419145][T27024] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 1501.419156][T27024] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1501.419167][T27024] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1501.419178][T27024] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1501.419208][T27024]  </TASK>
[ 1501.970449][T27032] batadv0: invalid flags given to default FDB implementation
[ 1502.073496][T27040] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.6184' sets config #0
[ 1502.653523][T27046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6189'.
[ 1502.785686][T27048] syzkaller1: entered allmulticast mode
[ 1503.096936][T27057] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1503.149314][T27057] netlink: 'syz.0.6194': attribute type 6 has an invalid length.
[ 1504.799784][T27074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1504.862390][T27074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1505.006462][T27077] FAULT_INJECTION: forcing a failure.
[ 1505.006462][T27077] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1505.039095][T27077] CPU: 0 UID: 0 PID: 27077 Comm: syz.2.6201 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1505.039133][T27077] Tainted: [L]=SOFTLOCKUP
[ 1505.039141][T27077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1505.039154][T27077] Call Trace:
[ 1505.039163][T27077]  <TASK>
[ 1505.039172][T27077]  dump_stack_lvl+0xe8/0x150
[ 1505.039203][T27077]  should_fail_ex+0x412/0x560
[ 1505.039237][T27077]  _copy_from_user+0x2d/0xb0
[ 1505.039268][T27077]  sg_io+0x29f/0x890
[ 1505.039298][T27077]  scsi_ioctl+0x148b/0x2130
[ 1505.039327][T27077]  ? __pfx_scsi_ioctl+0x10/0x10
[ 1505.039404][T27077]  ? scsi_block_when_processing_errors+0x44f/0x540
[ 1505.039433][T27077]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[ 1505.039479][T27077]  sg_ioctl+0x112f/0x2220
[ 1505.039521][T27077]  ? __pfx_sg_ioctl+0x10/0x10
[ 1505.039554][T27077]  ? __fget_files+0x2a/0x420
[ 1505.039583][T27077]  ? __fget_files+0x3a0/0x420
[ 1505.039605][T27077]  ? __fget_files+0x2a/0x420
[ 1505.039633][T27077]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1505.039669][T27077]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 1505.039706][T27077]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1505.039740][T27077]  ? __fget_files+0x3a0/0x420
[ 1505.039773][T27077]  ? fput+0xa0/0xd0
[ 1505.039797][T27077]  ? ksys_write+0x242/0x270
[ 1505.039839][T27077]  __do_fast_syscall_32+0x229/0x6e0
[ 1505.039862][T27077]  ? do_fast_syscall_32+0x33/0x70
[ 1505.039882][T27077]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1505.039917][T27077]  ? asm_int80_emulation+0x1a/0x20
[ 1505.039939][T27077]  ? do_int80_emulation+0x286/0x530
[ 1505.039967][T27077]  ? trace_irq_disable+0x3b/0x140
[ 1505.040004][T27077]  do_fast_syscall_32+0x33/0x70
[ 1505.040026][T27077]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1505.040051][T27077] RIP: 0023:0xf7f9301c
[ 1505.040072][T27077] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1505.040089][T27077] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1505.040112][T27077] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000005393
[ 1505.040126][T27077] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1505.040140][T27077] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1505.040152][T27077] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1505.040165][T27077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1505.040195][T27077]  </TASK>
[ 1505.750274][ T5697] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[ 1505.899428][ T5697] usb 2-1: device descriptor read/64, error -71
[ 1506.156780][ T5697] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1506.309800][ T5697] usb 2-1: device descriptor read/64, error -71
[ 1506.445597][ T5697] usb usb2-port1: attempt power cycle
[ 1506.819080][ T5697] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1506.879929][ T5697] usb 2-1: device descriptor read/8, error -71
[ 1507.149094][ T5697] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1507.198904][T27094] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1507.257652][ T5697] usb 2-1: device descriptor read/8, error -71
[ 1507.336919][T27094] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1507.401539][ T5697] usb usb2-port1: unable to enumerate USB device
[ 1507.551520][T27094] netlink: 'syz.5.6207': attribute type 1 has an invalid length.
[ 1507.640557][T27094] netlink: 'syz.5.6207': attribute type 1 has an invalid length.
[ 1507.739059][ T5697] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1507.930669][ T5697] usb 4-1: Using ep0 maxpacket: 16
[ 1507.949675][ T5697] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1507.972547][ T5697] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1508.001778][ T5697] usb 4-1: New USB device found, idVendor=0bda, idProduct=4014, bcdDevice= 0.40
[ 1508.019178][ T5697] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.036094][ T5697] usb 4-1: Product: syz
[ 1508.045689][ T5697] usb 4-1: Manufacturer: syz
[ 1508.056154][ T5697] usb 4-1: SerialNumber: syz
[ 1508.221059][T27106] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.6210' sets config #0
[ 1509.574077][T27121] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1509.872352][T27130] netlink: 568 bytes leftover after parsing attributes in process `syz.5.6219'.
[ 1509.884134][T27130] FAULT_INJECTION: forcing a failure.
[ 1509.884134][T27130] name failslab, interval 1, probability 0, space 0, times 0
[ 1509.897249][T27130] CPU: 1 UID: 0 PID: 27130 Comm: syz.5.6219 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1509.897284][T27130] Tainted: [L]=SOFTLOCKUP
[ 1509.897293][T27130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1509.897311][T27130] Call Trace:
[ 1509.897319][T27130]  <TASK>
[ 1509.897329][T27130]  dump_stack_lvl+0xe8/0x150
[ 1509.897358][T27130]  should_fail_ex+0x412/0x560
[ 1509.897392][T27130]  should_failslab+0xa8/0x100
[ 1509.897426][T27130]  __kmalloc_cache_noprof+0x88/0x660
[ 1509.897457][T27130]  ? __snd_timer_user_ioctl+0x1ad3/0x44d0
[ 1509.897489][T27130]  __snd_timer_user_ioctl+0x1ad3/0x44d0
[ 1509.897520][T27130]  ? kasan_save_track+0x4f/0x80
[ 1509.897546][T27130]  ? kasan_save_track+0x3e/0x80
[ 1509.897596][T27130]  ? kasan_save_free_info+0x46/0x50
[ 1509.897619][T27130]  ? __kasan_slab_free+0x5c/0x80
[ 1509.897646][T27130]  ? kfree+0x1c5/0x640
[ 1509.897668][T27130]  ? tomoyo_path_number_perm+0x501/0x630
[ 1509.897699][T27130]  ? security_file_ioctl_compat+0xc3/0x2a0
[ 1509.897722][T27130]  ? __ia32_compat_sys_ioctl+0x139/0x950
[ 1509.897751][T27130]  ? __do_fast_syscall_32+0x229/0x6e0
[ 1509.897771][T27130]  ? do_fast_syscall_32+0x33/0x70
[ 1509.897790][T27130]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1509.897816][T27130]  ? __pfx___snd_timer_user_ioctl+0x10/0x10
[ 1509.897851][T27130]  ? __mutex_trylock_common+0x158/0x260
[ 1509.897882][T27130]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1509.897916][T27130]  ? trace_contention_end+0x3d/0x140
[ 1509.897957][T27130]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1509.897986][T27130]  ? snd_timer_user_ioctl_compat+0xe8/0xc30
[ 1509.898015][T27130]  ? __pfx___mutex_lock+0x10/0x10
[ 1509.898036][T27130]  ? tomoyo_path_number_perm+0x219/0x630
[ 1509.898068][T27130]  ? do_vfs_ioctl+0x1166/0x1530
[ 1509.898107][T27130]  snd_timer_user_ioctl_compat+0x48e/0xc30
[ 1509.898137][T27130]  ? __pfx_snd_timer_user_ioctl_compat+0x10/0x10
[ 1509.898194][T27130]  ? __fget_files+0x2a/0x420
[ 1509.898223][T27130]  ? __fget_files+0x3a0/0x420
[ 1509.898246][T27130]  ? __fget_files+0x2a/0x420
[ 1509.898274][T27130]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1509.898308][T27130]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 1509.898344][T27130]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1509.898381][T27130]  ? __fget_files+0x3a0/0x420
[ 1509.898411][T27130]  ? fput+0xa0/0xd0
[ 1509.898436][T27130]  ? ksys_write+0x242/0x270
[ 1509.898478][T27130]  __do_fast_syscall_32+0x229/0x6e0
[ 1509.898500][T27130]  ? do_fast_syscall_32+0x33/0x70
[ 1509.898518][T27130]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1509.898547][T27130]  ? asm_int80_emulation+0x1a/0x20
[ 1509.898566][T27130]  ? do_int80_emulation+0x286/0x530
[ 1509.898591][T27130]  do_fast_syscall_32+0x33/0x70
[ 1509.898613][T27130]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1509.898636][T27130] RIP: 0023:0xf709f01c
[ 1509.898657][T27130] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1509.898674][T27130] RSP: 002b:00000000f548d50c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1509.898752][T27130] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000040345410
[ 1509.898767][T27130] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[ 1509.898779][T27130] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1509.898791][T27130] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1509.898804][T27130] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1509.898836][T27130]  </TASK>
[ 1510.245209][T27128] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1510.254050][T27128] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1510.498080][ T5697] usb 4-1: 0:1 : does not exist
[ 1510.520754][T11999] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[ 1510.573629][ T5697] usb 4-1: USB disconnect, device number 33
[ 1510.605147][T25887] udevd[25887]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1510.690875][T11999] usb 2-1: Using ep0 maxpacket: 8
[ 1510.702086][T11999] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[ 1510.723400][T11999] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1510.742256][T11999] usb 2-1: Product: syz
[ 1510.751413][T11999] usb 2-1: Manufacturer: syz
[ 1510.756258][T11999] usb 2-1: SerialNumber: syz
[ 1510.770480][T11999] usb 2-1: config 0 descriptor??
[ 1510.821701][T27143] FAULT_INJECTION: forcing a failure.
[ 1510.821701][T27143] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1510.849027][T27143] CPU: 0 UID: 0 PID: 27143 Comm: syz.2.6223 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1510.849062][T27143] Tainted: [L]=SOFTLOCKUP
[ 1510.849069][T27143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1510.849081][T27143] Call Trace:
[ 1510.849090][T27143]  <TASK>
[ 1510.849099][T27143]  dump_stack_lvl+0xe8/0x150
[ 1510.849131][T27143]  should_fail_ex+0x412/0x560
[ 1510.849163][T27143]  _copy_to_user+0x31/0xb0
[ 1510.849196][T27143]  video_usercopy+0xe0a/0x1450
[ 1510.849226][T27143]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1510.849246][T27143]  ? __pfx_video_usercopy+0x10/0x10
[ 1510.849287][T27143]  ? __fget_files+0x2a/0x420
[ 1510.849314][T27143]  v4l2_ioctl+0x18d/0x1e0
[ 1510.849346][T27143]  v4l2_compat_ioctl32+0x1d7/0x280
[ 1510.849373][T27143]  __ia32_compat_sys_ioctl+0x5ea/0x950
[ 1510.849394][T27143]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1510.849415][T27143]  ? __fget_files+0x3a0/0x420
[ 1510.849445][T27143]  ? fput+0xa0/0xd0
[ 1510.849468][T27143]  ? ksys_write+0x242/0x270
[ 1510.849508][T27143]  __do_fast_syscall_32+0x229/0x6e0
[ 1510.849530][T27143]  ? do_fast_syscall_32+0x33/0x70
[ 1510.849547][T27143]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1510.849570][T27143]  ? asm_int80_emulation+0x1a/0x20
[ 1510.849582][T27143]  ? do_int80_emulation+0x286/0x530
[ 1510.849599][T27143]  ? trace_irq_disable+0x3b/0x140
[ 1510.849631][T27143]  do_fast_syscall_32+0x33/0x70
[ 1510.849651][T27143]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1510.849674][T27143] RIP: 0023:0xf7f9301c
[ 1510.849692][T27143] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1510.849703][T27143] RSP: 002b:00000000f543550c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1510.849718][T27143] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c008561c
[ 1510.849727][T27143] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1510.849735][T27143] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1510.849742][T27143] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1510.849754][T27143] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1510.849792][T27143]  </TASK>
[ 1510.979265][T11999] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1511.275603][T27149] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.6224' sets config #0
[ 1511.548029][T11999] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1511.564570][T11999] usb 2-1: USB disconnect, device number 88
[ 1511.778427][T27153] sit0: entered allmulticast mode
[ 1511.890229][T16141] wlan1: Trigger new scan to find an IBSS to join
[ 1512.718195][T27174] FAULT_INJECTION: forcing a failure.
[ 1512.718195][T27174] name failslab, interval 1, probability 0, space 0, times 0
[ 1512.734477][T27174] CPU: 0 UID: 0 PID: 27174 Comm: syz.0.6234 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1512.734517][T27174] Tainted: [L]=SOFTLOCKUP
[ 1512.734522][T27174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1512.734530][T27174] Call Trace:
[ 1512.734536][T27174]  <TASK>
[ 1512.734542][T27174]  dump_stack_lvl+0xe8/0x150
[ 1512.734562][T27174]  should_fail_ex+0x412/0x560
[ 1512.734583][T27174]  should_failslab+0xa8/0x100
[ 1512.734602][T27174]  ? skb_clone+0x212/0x3a0
[ 1512.734614][T27174]  kmem_cache_alloc_noprof+0x87/0x650
[ 1512.734631][T27174]  ? __netlink_lookup+0xc6/0x8b0
[ 1512.734652][T27174]  skb_clone+0x212/0x3a0
[ 1512.734666][T27174]  __netlink_deliver_tap+0x404/0x850
[ 1512.734694][T27174]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1512.734712][T27174]  netlink_deliver_tap+0x19c/0x1b0
[ 1512.734730][T27174]  netlink_unicast+0x730/0x8e0
[ 1512.734753][T27174]  netlink_sendmsg+0x813/0xb40
[ 1512.734776][T27174]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1512.734796][T27174]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1512.734815][T27174]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1512.734835][T27174]  ____sys_sendmsg+0x972/0x9f0
[ 1512.734867][T27174]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1512.734895][T27174]  ? kstrtoull+0x12f/0x1d0
[ 1512.734914][T27174]  ___sys_sendmsg+0x2a5/0x360
[ 1512.734932][T27174]  ? __lock_acquire+0x6b5/0x2cf0
[ 1512.734955][T27174]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1512.734975][T27174]  ? get_pid_task+0x20/0x1f0
[ 1512.734991][T27174]  ? get_pid_task+0x20/0x1f0
[ 1512.735005][T27174]  ? get_pid_task+0x20/0x1f0
[ 1512.735036][T27174]  ? __fget_files+0x2a/0x420
[ 1512.735050][T27174]  ? __fget_files+0x3a0/0x420
[ 1512.735071][T27174]  __sys_sendmsg+0x183/0x260
[ 1512.735090][T27174]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1512.735121][T27174]  __do_fast_syscall_32+0x229/0x6e0
[ 1512.735134][T27174]  ? do_fast_syscall_32+0x33/0x70
[ 1512.735146][T27174]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1512.735163][T27174]  ? asm_int80_emulation+0x1a/0x20
[ 1512.735175][T27174]  ? do_int80_emulation+0x286/0x530
[ 1512.735187][T27174]  ? trace_irq_disable+0x3b/0x140
[ 1512.735207][T27174]  do_fast_syscall_32+0x33/0x70
[ 1512.735219][T27174]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1512.735234][T27174] RIP: 0023:0xf7fc801c
[ 1512.735247][T27174] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1512.735258][T27174] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1512.735276][T27174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[ 1512.735290][T27174] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1512.735302][T27174] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1512.735314][T27174] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1512.735326][T27174] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1512.735356][T27174]  </TASK>
[ 1513.320422][T27166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6231'.
[ 1513.361363][T27166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6231'.
[ 1513.543141][T27186] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1513.666369][T27192] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.6239' sets config #0
[ 1514.341668][T27200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6244'.
[ 1514.363314][T27199] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1514.378381][T27200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6244'.
[ 1514.429629][T27199] netlink: 'syz.2.6243': attribute type 6 has an invalid length.
[ 1514.837686][T27209] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6247'.
[ 1515.074385][T27217] syzkaller1: entered allmulticast mode
[ 1515.148120][T27218] input: syz0 as /devices/virtual/input/input62
[ 1515.225461][T27220] fuse: Unknown parameter '00000000000000000000'
[ 1515.899965][ T3321] wlan1: Trigger new scan to find an IBSS to join
[ 1515.957674][T27228] FAULT_INJECTION: forcing a failure.
[ 1515.957674][T27228] name failslab, interval 1, probability 0, space 0, times 0
[ 1515.970551][T27228] CPU: 1 UID: 0 PID: 27228 Comm: syz.1.6254 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1515.970573][T27228] Tainted: [L]=SOFTLOCKUP
[ 1515.970577][T27228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1515.970586][T27228] Call Trace:
[ 1515.970591][T27228]  <TASK>
[ 1515.970597][T27228]  dump_stack_lvl+0xe8/0x150
[ 1515.970617][T27228]  should_fail_ex+0x412/0x560
[ 1515.970638][T27228]  should_failslab+0xa8/0x100
[ 1515.970661][T27228]  ? skb_clone+0x212/0x3a0
[ 1515.970673][T27228]  kmem_cache_alloc_noprof+0x87/0x650
[ 1515.970690][T27228]  ? __netlink_lookup+0xc6/0x8b0
[ 1515.970712][T27228]  skb_clone+0x212/0x3a0
[ 1515.970726][T27228]  __netlink_deliver_tap+0x404/0x850
[ 1515.970750][T27228]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1515.970776][T27228]  netlink_deliver_tap+0x19c/0x1b0
[ 1515.970794][T27228]  netlink_unicast+0x730/0x8e0
[ 1515.970816][T27228]  netlink_sendmsg+0x813/0xb40
[ 1515.970839][T27228]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1515.970859][T27228]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1515.970877][T27228]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1515.970896][T27228]  ____sys_sendmsg+0x972/0x9f0
[ 1515.970920][T27228]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1515.970940][T27228]  ? kstrtoull+0x12f/0x1d0
[ 1515.970968][T27228]  ___sys_sendmsg+0x2a5/0x360
[ 1515.970996][T27228]  ? get_pid_task+0x20/0x1f0
[ 1515.971027][T27228]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1515.971052][T27228]  ? get_pid_task+0x20/0x1f0
[ 1515.971067][T27228]  ? get_pid_task+0x20/0x1f0
[ 1515.971081][T27228]  ? get_pid_task+0x20/0x1f0
[ 1515.971113][T27228]  ? __pfx_vfs_write+0x10/0x10
[ 1515.971134][T27228]  __sys_sendmsg+0x183/0x260
[ 1515.971154][T27228]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1515.971184][T27228]  __do_fast_syscall_32+0x229/0x6e0
[ 1515.971197][T27228]  ? do_fast_syscall_32+0x33/0x70
[ 1515.971209][T27228]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1515.971227][T27228]  ? asm_int80_emulation+0x1a/0x20
[ 1515.971238][T27228]  ? do_int80_emulation+0x286/0x530
[ 1515.971249][T27228]  ? trace_irq_disable+0x3b/0x140
[ 1515.971270][T27228]  do_fast_syscall_32+0x33/0x70
[ 1515.971283][T27228]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1515.971298][T27228] RIP: 0023:0xf7f5801c
[ 1515.971311][T27228] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1515.971322][T27228] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1515.971337][T27228] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1515.971346][T27228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1515.971353][T27228] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1515.971360][T27228] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1515.971368][T27228] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1515.971385][T27228]  </TASK>
[ 1516.493836][T27236] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.6257' sets config #0
[ 1516.576652][T27238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1516.588256][T27238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1516.818564][T27238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1516.885542][T27238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1516.979324][ T3321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1517.707364][T27257] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6265'.
[ 1517.942218][T27262] input: syz0 as /devices/virtual/input/input63
[ 1518.175717][T27268] FAULT_INJECTION: forcing a failure.
[ 1518.175717][T27268] name failslab, interval 1, probability 0, space 0, times 0
[ 1518.193955][T27268] CPU: 1 UID: 0 PID: 27268 Comm: syz.2.6267 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1518.193999][T27268] Tainted: [L]=SOFTLOCKUP
[ 1518.194007][T27268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1518.194019][T27268] Call Trace:
[ 1518.194026][T27268]  <TASK>
[ 1518.194035][T27268]  dump_stack_lvl+0xe8/0x150
[ 1518.194065][T27268]  should_fail_ex+0x412/0x560
[ 1518.194096][T27268]  should_failslab+0xa8/0x100
[ 1518.194126][T27268]  ? skb_clone+0x212/0x3a0
[ 1518.194145][T27268]  kmem_cache_alloc_noprof+0x87/0x650
[ 1518.194174][T27268]  ? __netlink_lookup+0xc6/0x8b0
[ 1518.194209][T27268]  skb_clone+0x212/0x3a0
[ 1518.194231][T27268]  __netlink_deliver_tap+0x404/0x850
[ 1518.194272][T27268]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1518.194302][T27268]  netlink_deliver_tap+0x19c/0x1b0
[ 1518.194332][T27268]  netlink_unicast+0x730/0x8e0
[ 1518.194370][T27268]  netlink_sendmsg+0x813/0xb40
[ 1518.194409][T27268]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1518.194443][T27268]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1518.194470][T27268]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1518.194500][T27268]  ____sys_sendmsg+0x972/0x9f0
[ 1518.194536][T27268]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1518.194558][T27268]  ? kstrtoull+0x12f/0x1d0
[ 1518.194583][T27268]  ___sys_sendmsg+0x2a5/0x360
[ 1518.194600][T27268]  ? __lock_acquire+0x6b5/0x2cf0
[ 1518.194617][T27268]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1518.194637][T27268]  ? get_pid_task+0x20/0x1f0
[ 1518.194652][T27268]  ? get_pid_task+0x20/0x1f0
[ 1518.194666][T27268]  ? get_pid_task+0x20/0x1f0
[ 1518.194697][T27268]  ? __fget_files+0x2a/0x420
[ 1518.194713][T27268]  ? __fget_files+0x3a0/0x420
[ 1518.194735][T27268]  __sys_sendmsg+0x183/0x260
[ 1518.194755][T27268]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1518.194786][T27268]  __do_fast_syscall_32+0x229/0x6e0
[ 1518.194807][T27268]  ? do_fast_syscall_32+0x33/0x70
[ 1518.194825][T27268]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1518.194844][T27268]  ? asm_int80_emulation+0x1a/0x20
[ 1518.194855][T27268]  ? do_int80_emulation+0x286/0x530
[ 1518.194867][T27268]  ? trace_irq_disable+0x3b/0x140
[ 1518.194887][T27268]  do_fast_syscall_32+0x33/0x70
[ 1518.194900][T27268]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1518.194916][T27268] RIP: 0023:0xf7f9301c
[ 1518.194929][T27268] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1518.194940][T27268] RSP: 002b:00000000f543550c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1518.194957][T27268] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1518.194980][T27268] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1518.194992][T27268] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1518.195003][T27268] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1518.195015][T27268] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1518.195036][T27268]  </TASK>
[ 1518.197077][T27268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6267'.
[ 1518.200067][T11995] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1518.210017][T27268] openvswitch: netlink: IPv4 frag type 127 is out of range max 2
[ 1518.525071][T11995] usb 2-1: Using ep0 maxpacket: 8
[ 1518.533559][T11995] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1518.543805][T11995] usb 2-1: config 4 interface 0 has no altsetting 0
[ 1518.555198][T11995] usb 2-1: string descriptor 0 read error: -22
[ 1518.565949][T11995] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1518.575835][T11995] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1518.599903][T11995] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1518.628487][T11995] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1518.639461][T11995] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1518.646646][T11995] usb 2-1: media controller created
[ 1518.674809][T11995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1518.879444][T11995] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1518.923242][T11995] usb 2-1: USB disconnect, device number 89
[ 1519.015198][T27279] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1519.055805][T27279] netlink: 'syz.2.6273': attribute type 6 has an invalid length.
[ 1519.681546][T27286] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.6275' sets config #0
[ 1520.410190][ T5697] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1520.485540][T27292] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6276'.
[ 1520.501545][T27292] netlink: 100 bytes leftover after parsing attributes in process `syz.5.6276'.
[ 1520.589074][ T5697] usb 4-1: Using ep0 maxpacket: 8
[ 1520.596162][ T5697] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1520.605309][ T5697] usb 4-1: config 4 interface 0 has no altsetting 0
[ 1520.620910][T27295] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6278'.
[ 1520.620953][ T5697] usb 4-1: string descriptor 0 read error: -22
[ 1520.630277][T27295] openvswitch: netlink: Missing key (keys=c0, expected=200000)
[ 1520.637253][ T5697] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1520.669111][ T5697] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1520.691799][ T5697] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1520.705265][ T5697] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1520.725114][ T5697] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1520.736174][ T5697] usb 4-1: media controller created
[ 1520.763061][ T5697] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1520.925535][T27290] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6277'.
[ 1520.953811][T27290] fuse: Unknown parameter 'grou00000000000000000000'
[ 1521.034668][ T5697] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1521.135845][ T5697] usb 4-1: USB disconnect, device number 34
[ 1521.686288][T27298] syz.0.6279: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[ 1521.720725][T27298] CPU: 0 UID: 0 PID: 27298 Comm: syz.0.6279 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1521.720761][T27298] Tainted: [L]=SOFTLOCKUP
[ 1521.720769][T27298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1521.720783][T27298] Call Trace:
[ 1521.720793][T27298]  <TASK>
[ 1521.720803][T27298]  dump_stack_lvl+0xe8/0x150
[ 1521.720835][T27298]  warn_alloc+0x249/0x340
[ 1521.720869][T27298]  ? stack_trace_save+0xa9/0x100
[ 1521.720906][T27298]  ? __pfx_warn_alloc+0x10/0x10
[ 1521.720945][T27298]  ? kasan_save_track+0x4f/0x80
[ 1521.720973][T27298]  ? kasan_save_track+0x3e/0x80
[ 1521.720999][T27298]  ? __kasan_kmalloc+0x93/0xb0
[ 1521.721028][T27298]  ? __kmalloc_cache_noprof+0x31c/0x660
[ 1521.721057][T27298]  ? xskq_create+0x56/0x170
[ 1521.721085][T27298]  ? xsk_setsockopt+0x54c/0x990
[ 1521.721109][T27298]  ? do_sock_setsockopt+0x17c/0x1b0
[ 1521.721138][T27298]  ? __ia32_sys_setsockopt+0x13d/0x1b0
[ 1521.721168][T27298]  ? __do_fast_syscall_32+0x229/0x6e0
[ 1521.721194][T27298]  __vmalloc_node_range_noprof+0x132/0x1750
[ 1521.721258][T27298]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1521.721294][T27298]  ? __kasan_kmalloc+0x93/0xb0
[ 1521.721329][T27298]  vmalloc_user_noprof+0xad/0xe0
[ 1521.721359][T27298]  ? xskq_create+0xbf/0x170
[ 1521.721386][T27298]  xskq_create+0xbf/0x170
[ 1521.721415][T27298]  xsk_init_queue+0x8a/0xe0
[ 1521.721445][T27298]  xsk_setsockopt+0x54c/0x990
[ 1521.721475][T27298]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1521.721503][T27298]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1521.721532][T27298]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1521.721564][T27298]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1521.721593][T27298]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1521.721621][T27298]  do_sock_setsockopt+0x17c/0x1b0
[ 1521.721658][T27298]  __ia32_sys_setsockopt+0x13d/0x1b0
[ 1521.721706][T27298]  __do_fast_syscall_32+0x229/0x6e0
[ 1521.721728][T27298]  ? do_fast_syscall_32+0x33/0x70
[ 1521.721749][T27298]  ? irqentry_exit+0x10f/0x760
[ 1521.721781][T27298]  ? trace_irq_disable+0x3b/0x140
[ 1521.721815][T27298]  do_fast_syscall_32+0x33/0x70
[ 1521.721839][T27298]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1521.721865][T27298] RIP: 0023:0xf7fc801c
[ 1521.721886][T27298] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1521.721905][T27298] RSP: 002b:00000000f546550c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1521.721929][T27298] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 000000000000011b
[ 1521.721944][T27298] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000029
[ 1521.721957][T27298] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1521.721970][T27298] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1521.721984][T27298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1521.722017][T27298]  </TASK>
[ 1521.722027][T27298] Mem-Info:
[ 1522.082243][T27312] loop2: detected capacity change from 0 to 7
[ 1522.180996][T27298] active_anon:9243 inactive_anon:0 isolated_anon:0
[ 1522.180996][T27298]  active_file:22479 inactive_file:43106 isolated_file:0
[ 1522.180996][T27298]  unevictable:768 dirty:1769 writeback:0
[ 1522.180996][T27298]  slab_reclaimable:6718 slab_unreclaimable:101721
[ 1522.180996][T27298]  mapped:33065 shmem:1295 pagetables:1692
[ 1522.180996][T27298]  sec_pagetables:0 bounce:0
[ 1522.180996][T27298]  kernel_misc_reclaimable:0
[ 1522.180996][T27298]  free:1295158 free_pcp:6743 free_cma:0
[ 1522.184339][T27312] Dev loop2: unable to read RDB block 7
[ 1522.269186][T27312]  loop2: unable to read partition table
[ 1522.317965][T27298] Node 0 active_anon:36876kB inactive_anon:0kB active_file:89852kB inactive_file:172216kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132672kB dirty:7084kB writeback:0kB shmem:3648kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13348kB pagetables:6624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[ 1522.371901][T27298] Node 1 active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[ 1522.423582][T27298] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1522.468804][T27298] lowmem_reserve[]: 0 2492 2493 2493 2493
[ 1522.491322][T27298] Node 0 DMA32 free:1216860kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34876kB inactive_anon:0kB active_file:89852kB inactive_file:172216kB unevictable:1536kB writepending:7084kB zspages:0kB present:3129332kB managed:2552548kB mlocked:0kB bounce:0kB free_pcp:31236kB local_pcp:10824kB free_cma:0kB
[ 1522.537842][T27298] lowmem_reserve[]: 0 0 0 0 0
[ 1522.543988][T27298] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:668kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[ 1522.574460][T27298] lowmem_reserve[]: 0 0 0 0 0
[ 1522.581790][T27312] loop2: partition table beyond EOD, truncated
[ 1522.588238][T27312] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[ 1522.595195][T27298] Node 1 Normal free:3947548kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:64kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1522.700317][T27298] lowmem_reserve[]: 0 0 0 0 0
[ 1522.708162][T27298] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1522.722833][ T4995] Dev loop2: unable to read RDB block 7
[ 1522.728505][ T4995]  loop2: unable to read partition table
[ 1522.737148][ T4995] loop2: partition table beyond EOD, truncated
[ 1522.767623][T27298] Node 0 DMA32: 5819*4kB (UE) 5728*8kB (UME) 3953*16kB (UME) 1015*32kB (UME) 833*64kB (UME) 593*128kB (UME) 473*256kB (UME) 263*512kB (UME) 161*1024kB (UME) 13*2048kB (UME) 116*4096kB (UM) = 1216412kB
[ 1522.843236][T27298] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1522.862411][T27298] Node 1 Normal: 1*4kB (U) 11*8kB (UM) 4*16kB (U) 8*32kB (UM) 8*64kB (U) 3*128kB (UM) 3*256kB (UM) 4*512kB (UM) 1*1024kB (M) 1*2048kB (U) 962*4096kB (UM) = 3947548kB
[ 1522.903187][T27298] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1522.938651][T27298] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1522.970426][T27298] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1523.000733][T27298] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1523.043522][T27298] 67260 total pagecache pages
[ 1523.065761][T27298] 1 pages in swap cache
[ 1523.079034][T27298] Free swap  = 116804kB
[ 1523.103891][T27298] Total swap = 124996kB
[ 1523.123117][T27298] 2097051 pages RAM
[ 1523.138762][T27298] 0 pages HighMem/MovableOnly
[ 1523.154941][T27298] 427132 pages reserved
[ 1523.169572][T27298] 0 pages cma reserved
[ 1523.221957][ T4995] Dev loop2: unable to read RDB block 7
[ 1523.248535][ T4995]  loop2: unable to read partition table
[ 1523.289327][ T4995] loop2: partition table beyond EOD, truncated
[ 1523.457662][T27324] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.6288' sets config #0
[ 1524.421400][T27331] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6290'.
[ 1524.444957][T27341] FAULT_INJECTION: forcing a failure.
[ 1524.444957][T27341] name failslab, interval 1, probability 0, space 0, times 0
[ 1524.459680][T27341] CPU: 1 UID: 0 PID: 27341 Comm: syz.2.6292 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1524.459715][T27341] Tainted: [L]=SOFTLOCKUP
[ 1524.459722][T27341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1524.459734][T27341] Call Trace:
[ 1524.459743][T27341]  <TASK>
[ 1524.459751][T27341]  dump_stack_lvl+0xe8/0x150
[ 1524.459782][T27341]  should_fail_ex+0x412/0x560
[ 1524.459817][T27341]  should_failslab+0xa8/0x100
[ 1524.459850][T27341]  __kmalloc_noprof+0xe8/0x760
[ 1524.459880][T27341]  ? tomoyo_encode+0x28b/0x550
[ 1524.459914][T27341]  tomoyo_encode+0x28b/0x550
[ 1524.459958][T27341]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1524.459996][T27341]  ? tomoyo_path_number_perm+0x219/0x630
[ 1524.460022][T27341]  tomoyo_path_number_perm+0x246/0x630
[ 1524.460051][T27341]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1524.460078][T27341]  ? __lock_acquire+0x6b5/0x2cf0
[ 1524.460141][T27341]  ? __fget_files+0x2a/0x420
[ 1524.460169][T27341]  ? __fget_files+0x3a0/0x420
[ 1524.460191][T27341]  ? __fget_files+0x2a/0x420
[ 1524.460219][T27341]  security_file_ioctl_compat+0xc3/0x2a0
[ 1524.460247][T27341]  __ia32_compat_sys_ioctl+0x139/0x950
[ 1524.460284][T27341]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1524.460321][T27341]  ? __fget_files+0x3a0/0x420
[ 1524.460351][T27341]  ? fput+0xa0/0xd0
[ 1524.460375][T27341]  ? ksys_write+0x242/0x270
[ 1524.460413][T27341]  __do_fast_syscall_32+0x229/0x6e0
[ 1524.460433][T27341]  ? do_fast_syscall_32+0x33/0x70
[ 1524.460453][T27341]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1524.460482][T27341]  ? asm_int80_emulation+0x1a/0x20
[ 1524.460502][T27341]  ? do_int80_emulation+0x286/0x530
[ 1524.460522][T27341]  ? trace_irq_disable+0x3b/0x140
[ 1524.460556][T27341]  do_fast_syscall_32+0x33/0x70
[ 1524.460578][T27341]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1524.460602][T27341] RIP: 0023:0xf7f9301c
[ 1524.460621][T27341] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1524.460638][T27341] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1524.460659][T27341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000127a
[ 1524.460668][T27341] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[ 1524.460676][T27341] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1524.460683][T27341] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1524.460694][T27341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1524.460717][T27341]  </TASK>
[ 1524.460808][T27331] netlink: 100 bytes leftover after parsing attributes in process `syz.3.6290'.
[ 1524.472358][T27341] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1524.838907][T27302] syzkaller0: entered promiscuous mode
[ 1524.874354][T27302] syzkaller0: entered allmulticast mode
[ 1525.110202][T27348] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1525.152645][T27350] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1525.178133][T27350] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6296'.
[ 1525.201966][T27350] netlink: 'syz.0.6296': attribute type 1 has an invalid length.
[ 1525.219046][T27350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6296'.
[ 1525.283359][T27348] netlink: 'syz.2.6295': attribute type 6 has an invalid length.
[ 1525.807234][T27370] FAULT_INJECTION: forcing a failure.
[ 1525.807234][T27370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1525.823252][T27370] CPU: 1 UID: 0 PID: 27370 Comm: syz.1.6303 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1525.823281][T27370] Tainted: [L]=SOFTLOCKUP
[ 1525.823286][T27370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1525.823294][T27370] Call Trace:
[ 1525.823300][T27370]  <TASK>
[ 1525.823306][T27370]  dump_stack_lvl+0xe8/0x150
[ 1525.823326][T27370]  should_fail_ex+0x412/0x560
[ 1525.823348][T27370]  _copy_from_user+0x2d/0xb0
[ 1525.823367][T27370]  csum_and_copy_from_iter_full+0x1e7/0x1f00
[ 1525.823411][T27370]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[ 1525.823448][T27370]  ? rcu_is_watching+0x15/0xb0
[ 1525.823474][T27370]  ? trace_kmalloc+0x2a/0xf0
[ 1525.823499][T27370]  ip_generic_getfrag+0x149/0x2d0
[ 1525.823515][T27370]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1525.823529][T27370]  ? __alloc_skb+0x4e5/0x7d0
[ 1525.823545][T27370]  ? skb_put+0x11b/0x210
[ 1525.823563][T27370]  __ip_append_data+0x308b/0x3e40
[ 1525.823588][T27370]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1525.823614][T27370]  ? __pfx___ip_append_data+0x10/0x10
[ 1525.823628][T27370]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1525.823647][T27370]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1525.823666][T27370]  ip_append_data+0x10d/0x190
[ 1525.823684][T27370]  ? __pfx_ip_generic_getfrag+0x10/0x10
[ 1525.823699][T27370]  udp_sendmsg+0x4d9/0x21a0
[ 1525.823715][T27370]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1525.823737][T27370]  ? __lock_acquire+0x6b5/0x2cf0
[ 1525.823752][T27370]  ? __pfx_udp_sendmsg+0x10/0x10
[ 1525.823777][T27370]  ? aa_sk_perm+0x6d5/0x900
[ 1525.823797][T27370]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1525.823811][T27370]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 1525.823831][T27370]  ? __fget_files+0x3a0/0x420
[ 1525.823845][T27370]  ? sock_rps_record_flow+0x19/0x350
[ 1525.823858][T27370]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1525.823871][T27370]  ? inet_sendmsg+0x29c/0x370
[ 1525.823883][T27370]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1525.823900][T27370]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1525.823913][T27370]  __sys_sendto+0x5de/0x710
[ 1525.823939][T27370]  ? __pfx___sys_sendto+0x10/0x10
[ 1525.823969][T27370]  ? fput+0xa0/0xd0
[ 1525.823984][T27370]  ? ksys_write+0x242/0x270
[ 1525.824005][T27370]  __ia32_sys_sendto+0xdd/0x100
[ 1525.824024][T27370]  __do_fast_syscall_32+0x229/0x6e0
[ 1525.824038][T27370]  ? do_fast_syscall_32+0x33/0x70
[ 1525.824049][T27370]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1525.824066][T27370]  ? asm_int80_emulation+0x1a/0x20
[ 1525.824078][T27370]  ? do_int80_emulation+0x286/0x530
[ 1525.824089][T27370]  ? trace_irq_disable+0x3b/0x140
[ 1525.824110][T27370]  do_fast_syscall_32+0x33/0x70
[ 1525.824122][T27370]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1525.824137][T27370] RIP: 0023:0xf7f5801c
[ 1525.824150][T27370] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1525.824161][T27370] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[ 1525.824176][T27370] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[ 1525.824185][T27370] RDX: 000000000000fdbe RSI: 0000000004004084 RDI: 0000000000000000
[ 1525.824193][T27370] RBP: 0000000011000a00 R08: 0000000000000000 R09: 0000000000000000
[ 1525.824201][T27370] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1525.824208][T27370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1525.824226][T27370]  </TASK>
[ 1526.249121][T27371] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.6302' sets config #0
[ 1526.519107][  T995] usb 2-1: new full-speed USB device number 90 using dummy_hcd
[ 1526.691699][  T995] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1526.709488][  T995] usb 2-1: not running at top speed; connect to a high speed hub
[ 1526.734650][  T995] usb 2-1: New USB device found, idVendor=1235, idProduct=8204, bcdDevice= 0.40
[ 1526.760452][  T995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1526.789700][  T995] usb 2-1: Product: syz
[ 1526.794020][  T995] usb 2-1: Manufacturer: syz
[ 1526.798673][  T995] usb 2-1: SerialNumber: syz
[ 1526.946283][T27384] loop2: detected capacity change from 0 to 7
[ 1526.960237][T27384] Dev loop2: unable to read RDB block 7
[ 1526.966136][T27384]  loop2: AHDI p1 p2 p3
[ 1526.971184][T27384] loop2: partition table partially beyond EOD, truncated
[ 1526.990043][T27384] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1527.003220][T27384] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1527.099267][T27386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6305'.
[ 1527.118782][T27386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6305'.
[ 1527.131021][T27386] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6305'.
[ 1528.733597][T27402] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1528.756069][T27402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6314'.
[ 1528.782092][T27402] netlink: 'syz.3.6314': attribute type 1 has an invalid length.
[ 1528.803124][T27402] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6314'.
[ 1529.271568][T27418] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.6318' sets config #0
[ 1529.298878][  T995] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[ 1529.320772][  T995] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1529.364883][T27396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1529.404752][T27396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1529.423569][T27396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1529.435099][T27396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1529.487271][T27396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1529.512290][T27422] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6319'.
[ 1529.587054][  T995] usb 2-1: USB disconnect, device number 90
[ 1529.664632][T27396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1529.684827][T25887] udevd[25887]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1529.985886][   T30] audit: type=1326 audit(1779434391.338:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.057667][   T30] audit: type=1326 audit(1779434391.368:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.125110][    C1] sd 0:0:1:0: [sda] tag#3574 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1530.135584][    C1] sd 0:0:1:0: [sda] tag#3574 CDB: Write(6) 0a 00 00 00 00 00 00 01 00 00 00 00
[ 1530.214774][   T30] audit: type=1326 audit(1779434391.368:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.286208][T27432] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1530.325119][T27432] netlink: 'syz.3.6322': attribute type 6 has an invalid length.
[ 1530.450536][   T30] audit: type=1326 audit(1779434391.368:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=448 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.521939][   T30] audit: type=1326 audit(1779434391.368:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.569071][   T10] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 1530.627017][   T30] audit: type=1326 audit(1779434391.368:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.720657][   T30] audit: type=1326 audit(1779434391.368:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.774340][   T10] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1530.787583][   T10] usb 4-1: config 0 descriptor has 1 excess byte, ignoring
[ 1530.807604][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1530.818361][   T30] audit: type=1326 audit(1779434391.368:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.845726][   T10] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1530.856654][   T10] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1530.865728][   T10] usb 4-1: Manufacturer: syz
[ 1530.883379][   T30] audit: type=1326 audit(1779434391.368:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1530.912043][   T10] usb 4-1: config 0 descriptor??
[ 1530.928804][   T10] igorplugusb 4-1:0.0: incorrect number of endpoints
[ 1530.938142][   T30] audit: type=1326 audit(1779434391.368:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27423 comm="syz.3.6320" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1531.668605][T27442] netlink: 100 bytes leftover after parsing attributes in process `syz.1.6325'.
[ 1531.695918][T27442] netlink: 100 bytes leftover after parsing attributes in process `syz.1.6325'.
[ 1531.896287][T27455] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[ 1532.341657][T27465] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.6333' sets config #0
[ 1532.944557][T27471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1532.956166][T27471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1532.968754][T27471] program syz.5.6335 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1533.246494][T12013] usb 4-1: USB disconnect, device number 35
[ 1533.487866][T27483] netlink: 76 bytes leftover after parsing attributes in process `syz.1.6338'.
[ 1533.509888][T27483] netlink: 76 bytes leftover after parsing attributes in process `syz.1.6338'.
[ 1535.119127][   T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 1535.144503][T27500] loop2: detected capacity change from 0 to 7
[ 1535.281112][T27500] Dev loop2: unable to read RDB block 7
[ 1535.294603][T27500]  loop2: AHDI p1 p2 p3
[ 1535.305638][T27500] loop2: partition table partially beyond EOD, truncated
[ 1535.332275][T27500] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1535.344959][T27500] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1535.383187][T27512] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.6347' sets config #0
[ 1535.406863][   T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1535.441882][   T10] usb 4-1: config 0 has no interface number 0
[ 1535.473839][   T10] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1535.517542][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1535.567944][   T10] usb 4-1: Product: syz
[ 1535.601311][   T10] usb 4-1: Manufacturer: syz
[ 1535.635897][   T10] usb 4-1: SerialNumber: syz
[ 1535.698493][   T10] usb 4-1: config 0 descriptor??
[ 1536.068299][T27515] syzkaller0: entered promiscuous mode
[ 1536.089829][T27515] syzkaller0: entered allmulticast mode
[ 1536.141023][T27495] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6344'.
[ 1536.165836][T27495] netlink: 45 bytes leftover after parsing attributes in process `syz.3.6344'.
[ 1536.487096][T27518] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1536.557535][   T10] dvb_usb_ec168 4-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[ 1536.618210][   T10] usb 4-1: USB disconnect, device number 36
[ 1536.829203][T11999] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1536.991533][T11999] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1537.016682][T11999] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 1537.035264][T11999] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1537.059928][T11999] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1537.073342][T11999] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1537.094796][T11999] usb 2-1: Manufacturer: syz
[ 1537.117281][T11999] usb 2-1: config 0 descriptor??
[ 1537.136655][T11999] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 1537.194611][   T30] kauditd_printk_skb: 47 callbacks suppressed
[ 1537.194631][   T30] audit: type=1326 audit(1779434398.548:1761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.229362][   T30] audit: type=1326 audit(1779434398.558:1762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.254343][T27537] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1537.292573][   T30] audit: type=1326 audit(1779434398.578:1763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=277 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.346074][   T30] audit: type=1326 audit(1779434398.638:1764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.383704][   T30] audit: type=1326 audit(1779434398.638:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.428401][   T30] audit: type=1326 audit(1779434398.638:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.500450][   T30] audit: type=1326 audit(1779434398.648:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1537.563741][   T30] audit: type=1326 audit(1779434398.648:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27534 comm="syz.3.6356" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7401c code=0x7ffc0000
[ 1538.086556][T27561] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.6360' sets config #0
[ 1539.420199][   T10] usb 2-1: USB disconnect, device number 91
[ 1539.478873][T27583] syzkaller0: entered promiscuous mode
[ 1539.496631][T27583] syzkaller0: entered allmulticast mode
[ 1541.359421][T11999] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 1541.471013][T27610] sit0: entered allmulticast mode
[ 1541.551259][T11999] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 1541.576506][T11999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1541.596849][T11999] usb 4-1: Product: syz
[ 1541.608971][T11999] usb 4-1: Manufacturer: syz
[ 1541.616058][T11999] usb 4-1: SerialNumber: syz
[ 1541.628867][T11999] usb 4-1: config 0 descriptor??
[ 1541.644940][T11999] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1541.660655][T11999] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1541.871354][T11999] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[ 1541.884928][T11999] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1541.898791][T11999] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[ 1541.911744][T11999] usb 4-1: media controller created
[ 1541.932622][T11999] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1542.007530][T11999] DVB: Unable to find symbol dib7000p_attach()
[ 1542.013842][T11999] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[ 1542.090887][T11999] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1542.098852][T11999] Registered IR keymap rc-empty
[ 1542.116787][T11999] dvb-usb: could not initialize remote control.
[ 1542.140957][T11999] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[ 1542.278513][T27625] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1542.311266][T27611] input: syz0 as /devices/virtual/input/input64
[ 1542.332607][T27625] netlink: 'syz.1.6378': attribute type 6 has an invalid length.
[ 1542.579047][  T995] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[ 1542.628452][T27629] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1542.758461][   T10] IPVS: starting estimator thread 0...
[ 1542.772074][  T995] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1542.808439][  T995] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 1542.869394][T27633] IPVS: using max 47 ests per chain, 112800 per kthread
[ 1542.882691][  T995] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1542.894631][  T995] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1542.904652][  T995] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1542.923747][  T995] usb 2-1: Manufacturer: syz
[ 1542.938560][  T995] usb 2-1: config 0 descriptor??
[ 1543.026602][  T995] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 1543.171717][T27638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1543.228574][T27638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1543.504611][T27643] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6383'.
[ 1544.085632][T27648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1544.182409][T27648] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1544.220728][T27656] input: syz0 as /devices/virtual/input/input66
[ 1544.267435][T27648] binder: 27647:27648 ioctl 40284504 80000040 returned -22
[ 1544.287097][   T30] audit: type=1326 audit(1779434405.638:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.344708][   T30] audit: type=1326 audit(1779434405.638:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.383598][   T30] audit: type=1326 audit(1779434405.698:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.466855][   T30] audit: type=1326 audit(1779434405.698:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.518668][   T30] audit: type=1326 audit(1779434405.698:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.604754][   T30] audit: type=1326 audit(1779434405.698:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=427 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.693875][   T30] audit: type=1326 audit(1779434405.698:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.794701][   T30] audit: type=1326 audit(1779434405.698:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.891892][   T30] audit: type=1326 audit(1779434405.698:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=427 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1544.966704][   T30] audit: type=1326 audit(1779434405.698:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27654 comm="syz.2.6386" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f9301c code=0x7ffc0000
[ 1545.038526][T27663] bridge0: entered promiscuous mode
[ 1545.057205][T27663] bridge0: entered allmulticast mode
[ 1545.080128][   T10] usb 2-1: USB disconnect, device number 92
[ 1545.161650][T27663] team0: Port device bridge0 added
[ 1545.200531][T27664] bridge0: port 1(team0) entered blocking state
[ 1545.221242][T27664] bridge0: port 1(team0) entered disabled state
[ 1545.246599][T27664] team0: entered allmulticast mode
[ 1545.265452][T27664] team_slave_0: entered allmulticast mode
[ 1545.285781][T27664] team_slave_1: entered allmulticast mode
[ 1545.387631][T27664] team0: left allmulticast mode
[ 1545.407432][T27664] team_slave_0: left allmulticast mode
[ 1545.430902][T27664] team_slave_1: left allmulticast mode
[ 1545.639783][T27677] FAULT_INJECTION: forcing a failure.
[ 1545.639783][T27677] name failslab, interval 1, probability 0, space 0, times 0
[ 1545.655607][T27677] CPU: 0 UID: 0 PID: 27677 Comm: syz.3.6392 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1545.655641][T27677] Tainted: [L]=SOFTLOCKUP
[ 1545.655648][T27677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1545.655660][T27677] Call Trace:
[ 1545.655669][T27677]  <TASK>
[ 1545.655678][T27677]  dump_stack_lvl+0xe8/0x150
[ 1545.655708][T27677]  should_fail_ex+0x412/0x560
[ 1545.655741][T27677]  should_failslab+0xa8/0x100
[ 1545.655769][T27677]  ? skb_clone+0x212/0x3a0
[ 1545.655792][T27677]  kmem_cache_alloc_noprof+0x87/0x650
[ 1545.655810][T27677]  ? __netlink_lookup+0xc6/0x8b0
[ 1545.655832][T27677]  skb_clone+0x212/0x3a0
[ 1545.655854][T27677]  __netlink_deliver_tap+0x404/0x850
[ 1545.655895][T27677]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1545.655924][T27677]  netlink_deliver_tap+0x19c/0x1b0
[ 1545.655947][T27677]  netlink_unicast+0x730/0x8e0
[ 1545.655969][T27677]  netlink_sendmsg+0x813/0xb40
[ 1545.655992][T27677]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1545.656023][T27677]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1545.656052][T27677]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1545.656082][T27677]  ____sys_sendmsg+0x972/0x9f0
[ 1545.656116][T27677]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1545.656149][T27677]  ? kstrtoull+0x12f/0x1d0
[ 1545.656191][T27677]  ___sys_sendmsg+0x2a5/0x360
[ 1545.656218][T27677]  ? __lock_acquire+0x6b5/0x2cf0
[ 1545.656243][T27677]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1545.656263][T27677]  ? get_pid_task+0x20/0x1f0
[ 1545.656278][T27677]  ? get_pid_task+0x20/0x1f0
[ 1545.656292][T27677]  ? get_pid_task+0x20/0x1f0
[ 1545.656341][T27677]  ? __fget_files+0x2a/0x420
[ 1545.656364][T27677]  ? __fget_files+0x3a0/0x420
[ 1545.656398][T27677]  __sys_sendmsg+0x183/0x260
[ 1545.656418][T27677]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1545.656449][T27677]  __do_fast_syscall_32+0x229/0x6e0
[ 1545.656476][T27677]  ? do_fast_syscall_32+0x33/0x70
[ 1545.656496][T27677]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1545.656522][T27677]  ? asm_int80_emulation+0x1a/0x20
[ 1545.656540][T27677]  ? do_int80_emulation+0x286/0x530
[ 1545.656603][T27677]  ? trace_irq_disable+0x3b/0x140
[ 1545.656647][T27677]  do_fast_syscall_32+0x33/0x70
[ 1545.656672][T27677]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1545.656696][T27677] RIP: 0023:0xf7f7401c
[ 1545.656716][T27677] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1545.656733][T27677] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1545.656753][T27677] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[ 1545.656773][T27677] RDX: 0000000000000880 RSI: 0000000000000000 RDI: 0000000000000000
[ 1545.656783][T27677] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1545.656791][T27677] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1545.656798][T27677] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1545.656817][T27677]  </TASK>
[ 1546.186269][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.193419][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.262545][T27674] input: syz0 as /devices/virtual/input/input67
[ 1546.529295][T27684] FAULT_INJECTION: forcing a failure.
[ 1546.529295][T27684] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.544252][T27684] CPU: 1 UID: 0 PID: 27684 Comm: syz.3.6393 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1546.544287][T27684] Tainted: [L]=SOFTLOCKUP
[ 1546.544295][T27684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1546.544308][T27684] Call Trace:
[ 1546.544317][T27684]  <TASK>
[ 1546.544327][T27684]  dump_stack_lvl+0xe8/0x150
[ 1546.544357][T27684]  should_fail_ex+0x412/0x560
[ 1546.544392][T27684]  should_failslab+0xa8/0x100
[ 1546.544426][T27684]  __kmalloc_noprof+0xe8/0x760
[ 1546.544453][T27684]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1546.544487][T27684]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1546.544529][T27684]  tomoyo_check_open_permission+0x229/0x470
[ 1546.544554][T27684]  ? tomoyo_check_open_permission+0x1d3/0x470
[ 1546.544577][T27684]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1546.544602][T27684]  ? __asan_memset+0x22/0x50
[ 1546.544655][T27684]  ? mnt_get_write_access+0x66/0x280
[ 1546.544693][T27684]  security_file_open+0xa9/0x240
[ 1546.544719][T27684]  do_dentry_open+0x384/0x14e0
[ 1546.544748][T27684]  ? vfs_open+0x31/0x340
[ 1546.544776][T27684]  vfs_open+0x3b/0x340
[ 1546.544809][T27684]  ? path_openat+0x2df0/0x3860
[ 1546.544841][T27684]  path_openat+0x2e08/0x3860
[ 1546.544885][T27684]  ? __pfx_stack_trace_save+0x10/0x10
[ 1546.544918][T27684]  ? stack_depot_save_flags+0x33/0x810
[ 1546.544957][T27684]  ? __pfx_path_openat+0x10/0x10
[ 1546.544984][T27684]  ? __ia32_sys_creat+0x8f/0xc0
[ 1546.545016][T27684]  ? __lock_acquire+0x6b5/0x2cf0
[ 1546.545053][T27684]  do_file_open+0x23e/0x4a0
[ 1546.545090][T27684]  ? __pfx_do_file_open+0x10/0x10
[ 1546.545145][T27684]  ? _raw_spin_unlock+0x28/0x50
[ 1546.545175][T27684]  ? alloc_fd+0x64b/0x6c0
[ 1546.545212][T27684]  do_sys_openat2+0x113/0x200
[ 1546.545241][T27684]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1546.545271][T27684]  ? ksys_write+0x242/0x270
[ 1546.545307][T27684]  __ia32_sys_creat+0x8f/0xc0
[ 1546.545338][T27684]  __do_fast_syscall_32+0x229/0x6e0
[ 1546.545360][T27684]  ? do_fast_syscall_32+0x33/0x70
[ 1546.545380][T27684]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1546.545410][T27684]  ? asm_int80_emulation+0x1a/0x20
[ 1546.545432][T27684]  ? do_int80_emulation+0x286/0x530
[ 1546.545451][T27684]  ? trace_irq_disable+0x3b/0x140
[ 1546.545487][T27684]  do_fast_syscall_32+0x33/0x70
[ 1546.545508][T27684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1546.545533][T27684] RIP: 0023:0xf7f7401c
[ 1546.545553][T27684] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1546.545571][T27684] RSP: 002b:00000000f541550c EFLAGS: 00000206 ORIG_RAX: 0000000000000008
[ 1546.545593][T27684] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000034
[ 1546.545607][T27684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1546.545620][T27684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1546.545632][T27684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1546.545644][T27684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1546.545678][T27684]  </TASK>
[ 1546.891281][T27684] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1547.381041][T11999] IPVS: starting estimator thread 0...
[ 1547.449862][T27703] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6398'.
[ 1547.489054][T27700] IPVS: using max 47 ests per chain, 112800 per kthread
[ 1547.586548][T27701] input: syz0 as /devices/virtual/input/input68
[ 1548.206257][T27709] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1548.382473][T27709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1548.428665][T27709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1548.527881][T27720] FAULT_INJECTION: forcing a failure.
[ 1548.527881][T27720] name failslab, interval 1, probability 0, space 0, times 0
[ 1548.543820][T27720] CPU: 1 UID: 0 PID: 27720 Comm: syz.3.6405 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1548.543844][T27720] Tainted: [L]=SOFTLOCKUP
[ 1548.543849][T27720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1548.543857][T27720] Call Trace:
[ 1548.543864][T27720]  <TASK>
[ 1548.543871][T27720]  dump_stack_lvl+0xe8/0x150
[ 1548.543890][T27720]  should_fail_ex+0x412/0x560
[ 1548.543912][T27720]  should_failslab+0xa8/0x100
[ 1548.543932][T27720]  __kmalloc_noprof+0xe8/0x760
[ 1548.543949][T27720]  ? ___neigh_create+0x6d5/0x2250
[ 1548.543967][T27720]  ___neigh_create+0x6d5/0x2250
[ 1548.543983][T27720]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1548.544004][T27720]  ? kfree+0x1c5/0x640
[ 1548.544018][T27720]  ? pskb_expand_head+0x458/0x1390
[ 1548.544036][T27720]  ip_neigh_gw4+0x289/0x3b0
[ 1548.544052][T27720]  ? __pfx_ip_neigh_gw4+0x10/0x10
[ 1548.544071][T27720]  ? ip_finish_output2+0x3c2/0x1070
[ 1548.544083][T27720]  ip_finish_output2+0x4e5/0x1070
[ 1548.544096][T27720]  ? ip_skb_dst_mtu+0x80b/0xa50
[ 1548.544111][T27720]  ? ip_finish_output+0x40e/0x530
[ 1548.544125][T27720]  ip_output+0x29f/0x450
[ 1548.544138][T27720]  ? ip_output+0x5b/0x450
[ 1548.544149][T27720]  ? __ip_queue_xmit+0x5c/0x1bb0
[ 1548.544161][T27720]  __ip_queue_xmit+0x116a/0x1bb0
[ 1548.544175][T27720]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1548.544194][T27720]  ? __ip_queue_xmit+0x5c/0x1bb0
[ 1548.544209][T27720]  l2tp_xmit_skb+0x102c/0x17e0
[ 1548.544233][T27720]  ? pppol2tp_sendmsg+0x3f0/0x5f0
[ 1548.544248][T27720]  pppol2tp_sendmsg+0x40a/0x5f0
[ 1548.544275][T27720]  ____sys_sendmsg+0x972/0x9f0
[ 1548.544299][T27720]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1548.544326][T27720]  ___sys_sendmsg+0x2a5/0x360
[ 1548.544344][T27720]  ? __lock_acquire+0x6b5/0x2cf0
[ 1548.544359][T27720]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1548.544380][T27720]  ? kstrtoull+0x12f/0x1d0
[ 1548.544409][T27720]  ? __fget_files+0x2a/0x420
[ 1548.544424][T27720]  ? __fget_files+0x3a0/0x420
[ 1548.544444][T27720]  __sys_sendmmsg+0x2e7/0x4e0
[ 1548.544473][T27720]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1548.544506][T27720]  ? fput+0xa0/0xd0
[ 1548.544521][T27720]  ? ksys_write+0x242/0x270
[ 1548.544542][T27720]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1548.544564][T27720]  __do_fast_syscall_32+0x229/0x6e0
[ 1548.544580][T27720]  ? do_fast_syscall_32+0x33/0x70
[ 1548.544597][T27720]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1548.544625][T27720]  ? asm_int80_emulation+0x1a/0x20
[ 1548.544644][T27720]  ? do_int80_emulation+0x286/0x530
[ 1548.544662][T27720]  ? trace_irq_disable+0x3b/0x140
[ 1548.544687][T27720]  do_fast_syscall_32+0x33/0x70
[ 1548.544700][T27720]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1548.544718][T27720] RIP: 0023:0xf7f7401c
[ 1548.544732][T27720] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1548.544743][T27720] RSP: 002b:00000000f543650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1548.544758][T27720] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000008000cd40
[ 1548.544767][T27720] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 1548.544775][T27720] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1548.544782][T27720] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1548.544789][T27720] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1548.544807][T27720]  </TASK>
[ 1549.169998][T16141] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1549.281309][T11995] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[ 1549.307043][T27730] loop2: detected capacity change from 0 to 7
[ 1549.417603][T27730] Dev loop2: unable to read RDB block 7
[ 1549.424327][T27730]  loop2: AHDI p1 p2 p3
[ 1549.433869][T27730] loop2: partition table partially beyond EOD, truncated
[ 1549.497384][T27733] netlink: 44 bytes leftover after parsing attributes in process `syz.2.6409'.
[ 1549.509327][T27730] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1549.519742][T27733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6409'.
[ 1549.547570][T11995] usb 2-1: Using ep0 maxpacket: 32
[ 1549.575663][T27730] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1549.588328][T11995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1549.681572][T11995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1549.738574][T11995] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1549.794095][T11995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1549.840747][T11995] usb 2-1: config 0 descriptor??
[ 1549.871600][T11995] hub 2-1:0.0: USB hub found
[ 1550.077718][T11995] hub 2-1:0.0: 1 port detected
[ 1550.826267][T27751] netlink: 444 bytes leftover after parsing attributes in process `syz.3.6412'.
[ 1550.855238][T27751] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6412'.
[ 1550.980382][T27754] FAULT_INJECTION: forcing a failure.
[ 1550.980382][T27754] name failslab, interval 1, probability 0, space 0, times 0
[ 1551.030437][T27754] CPU: 1 UID: 0 PID: 27754 Comm: syz.0.6413 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1551.030488][T27754] Tainted: [L]=SOFTLOCKUP
[ 1551.030496][T27754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1551.030508][T27754] Call Trace:
[ 1551.030517][T27754]  <TASK>
[ 1551.030527][T27754]  dump_stack_lvl+0xe8/0x150
[ 1551.030553][T27754]  should_fail_ex+0x412/0x560
[ 1551.030574][T27754]  should_failslab+0xa8/0x100
[ 1551.030596][T27754]  __kmalloc_cache_noprof+0x88/0x660
[ 1551.030621][T27754]  ? netlink_lookup+0x30/0x200
[ 1551.030647][T27754]  ? genl_family_rcv_msg_attrs_parse+0xe9/0x2f0
[ 1551.030670][T27754]  ? genl_start+0x1c9/0x6c0
[ 1551.030696][T27754]  genl_start+0x1c9/0x6c0
[ 1551.030713][T27754]  ? netlink_lookup+0x30/0x200
[ 1551.030733][T27754]  __netlink_dump_start+0x469/0x7e0
[ 1551.030756][T27754]  genl_family_rcv_msg_dumpit+0x213/0x310
[ 1551.030781][T27754]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1551.030803][T27754]  ? genl_get_cmd+0x82e/0x960
[ 1551.030829][T27754]  ? __pfx_genl_start+0x10/0x10
[ 1551.030848][T27754]  ? __pfx_genl_dumpit+0x10/0x10
[ 1551.030866][T27754]  ? __pfx_genl_done+0x10/0x10
[ 1551.030889][T27754]  genl_rcv_msg+0x5e8/0x7a0
[ 1551.030907][T27754]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1551.030920][T27754]  ? __pfx_nl80211_dump_station+0x10/0x10
[ 1551.030951][T27754]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1551.030977][T27754]  ? __asan_memcpy+0x40/0x70
[ 1551.031000][T27754]  ? __skb_clone+0x63/0x7a0
[ 1551.031032][T27754]  netlink_rcv_skb+0x232/0x4b0
[ 1551.031050][T27754]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1551.031065][T27754]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1551.031101][T27754]  ? down_read+0x270/0x2e0
[ 1551.031121][T27754]  ? genl_rcv+0xd/0x40
[ 1551.031143][T27754]  genl_rcv+0x28/0x40
[ 1551.031163][T27754]  netlink_unicast+0x75c/0x8e0
[ 1551.031201][T27754]  netlink_sendmsg+0x813/0xb40
[ 1551.031242][T27754]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1551.031273][T27754]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1551.031302][T27754]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1551.031334][T27754]  ____sys_sendmsg+0x972/0x9f0
[ 1551.031374][T27754]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1551.031409][T27754]  ? kstrtoull+0x12f/0x1d0
[ 1551.031453][T27754]  ___sys_sendmsg+0x2a5/0x360
[ 1551.031482][T27754]  ? __lock_acquire+0x6b5/0x2cf0
[ 1551.031510][T27754]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1551.031537][T27754]  ? get_pid_task+0x20/0x1f0
[ 1551.031557][T27754]  ? get_pid_task+0x20/0x1f0
[ 1551.031579][T27754]  ? get_pid_task+0x20/0x1f0
[ 1551.031623][T27754]  ? __fget_files+0x2a/0x420
[ 1551.031642][T27754]  ? __fget_files+0x3a0/0x420
[ 1551.031671][T27754]  __sys_sendmsg+0x183/0x260
[ 1551.031697][T27754]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1551.031745][T27754]  __do_fast_syscall_32+0x229/0x6e0
[ 1551.031762][T27754]  ? do_fast_syscall_32+0x33/0x70
[ 1551.031777][T27754]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1551.031800][T27754]  ? asm_int80_emulation+0x1a/0x20
[ 1551.031815][T27754]  ? do_int80_emulation+0x286/0x530
[ 1551.031830][T27754]  ? trace_irq_disable+0x3b/0x140
[ 1551.031859][T27754]  do_fast_syscall_32+0x33/0x70
[ 1551.031878][T27754]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1551.031898][T27754] RIP: 0023:0xf7fc801c
[ 1551.031913][T27754] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1551.031928][T27754] RSP: 002b:00000000f548650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1551.031945][T27754] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[ 1551.031957][T27754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1551.031967][T27754] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1551.031976][T27754] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1551.031985][T27754] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1551.032016][T27754]  </TASK>
[ 1551.833373][T11995] hub 2-1:0.0: hub_ext_port_status failed (err = -32)
[ 1552.199558][ T5697] usb 2-1: USB disconnect, device number 93
[ 1552.415626][T12095] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1552.434851][T12095] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1552.446246][T12095] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1552.448794][T27764] fuse: Unknown parameter '0x0000000000000006'
[ 1552.474991][T12095] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1552.483052][T12095] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1552.564942][T27764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6418'.
[ 1552.574586][T27764] netlink: 'syz.3.6418': attribute type 1 has an invalid length.
[ 1552.582613][T27764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6418'.
[ 1552.630282][T27772] FAULT_INJECTION: forcing a failure.
[ 1552.630282][T27772] name failslab, interval 1, probability 0, space 0, times 0
[ 1552.650583][T27772] CPU: 1 UID: 0 PID: 27772 Comm: syz.1.6419 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1552.650616][T27772] Tainted: [L]=SOFTLOCKUP
[ 1552.650624][T27772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1552.650637][T27772] Call Trace:
[ 1552.650645][T27772]  <TASK>
[ 1552.650654][T27772]  dump_stack_lvl+0xe8/0x150
[ 1552.650685][T27772]  should_fail_ex+0x412/0x560
[ 1552.650718][T27772]  should_failslab+0xa8/0x100
[ 1552.650750][T27772]  __kmalloc_cache_noprof+0x88/0x660
[ 1552.650777][T27772]  ? __pfx_stack_trace_save+0x10/0x10
[ 1552.650806][T27772]  ? rtnl_newlink+0x136/0x1bb0
[ 1552.650837][T27772]  rtnl_newlink+0x136/0x1bb0
[ 1552.650863][T27772]  ? kasan_save_track+0x3e/0x80
[ 1552.650886][T27772]  ? kasan_save_free_info+0x46/0x50
[ 1552.650908][T27772]  ? __kasan_slab_free+0x5c/0x80
[ 1552.650934][T27772]  ? dev_hard_start_xmit+0x2cd/0x830
[ 1552.650962][T27772]  ? __dev_queue_xmit+0x14d9/0x3950
[ 1552.650981][T27772]  ? __netlink_deliver_tap+0x5ad/0x850
[ 1552.651008][T27772]  ? netlink_deliver_tap+0x19c/0x1b0
[ 1552.651034][T27772]  ? netlink_unicast+0x730/0x8e0
[ 1552.651055][T27772]  ? netlink_sendmsg+0x813/0xb40
[ 1552.651083][T27772]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1552.651106][T27772]  ? do_fast_syscall_32+0x33/0x70
[ 1552.651126][T27772]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1552.651187][T27772]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1552.651214][T27772]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1552.651245][T27772]  ? nlmon_xmit+0xb0/0x100
[ 1552.651268][T27772]  ? kmem_cache_free+0x182/0x650
[ 1552.651307][T27772]  ? __lock_acquire+0x6b5/0x2cf0
[ 1552.651335][T27772]  ? __dev_queue_xmit+0x2b6/0x3950
[ 1552.651358][T27772]  ? __local_bh_enable_ip+0xd0/0x130
[ 1552.651379][T27772]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1552.651410][T27772]  ? __dev_queue_xmit+0x2b6/0x3950
[ 1552.651428][T27772]  ? __local_bh_enable_ip+0xd0/0x130
[ 1552.651446][T27772]  ? __dev_queue_xmit+0x2b6/0x3950
[ 1552.651473][T27772]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1552.651527][T27772]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1552.651551][T27772]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1552.651580][T27772]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1552.651605][T27772]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1552.651629][T27772]  ? ref_tracker_free+0x693/0x840
[ 1552.651660][T27772]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1552.651685][T27772]  ? __asan_memcpy+0x40/0x70
[ 1552.651709][T27772]  ? __skb_clone+0x63/0x7a0
[ 1552.651747][T27772]  netlink_rcv_skb+0x232/0x4b0
[ 1552.651777][T27772]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1552.651805][T27772]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1552.651847][T27772]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1552.651875][T27772]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1552.651907][T27772]  netlink_unicast+0x75c/0x8e0
[ 1552.651941][T27772]  netlink_sendmsg+0x813/0xb40
[ 1552.651977][T27772]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1552.652006][T27772]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1552.652033][T27772]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1552.652064][T27772]  ____sys_sendmsg+0x972/0x9f0
[ 1552.652099][T27772]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1552.652133][T27772]  ? kstrtoull+0x12f/0x1d0
[ 1552.652165][T27772]  ___sys_sendmsg+0x2a5/0x360
[ 1552.652191][T27772]  ? __lock_acquire+0x6b5/0x2cf0
[ 1552.652216][T27772]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1552.652245][T27772]  ? get_pid_task+0x20/0x1f0
[ 1552.652270][T27772]  ? get_pid_task+0x20/0x1f0
[ 1552.652293][T27772]  ? get_pid_task+0x20/0x1f0
[ 1552.652342][T27772]  ? __fget_files+0x2a/0x420
[ 1552.652365][T27772]  ? __fget_files+0x3a0/0x420
[ 1552.652398][T27772]  __sys_sendmsg+0x183/0x260
[ 1552.652429][T27772]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1552.652482][T27772]  __do_fast_syscall_32+0x229/0x6e0
[ 1552.652515][T27772]  ? do_fast_syscall_32+0x33/0x70
[ 1552.652533][T27772]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1552.652562][T27772]  ? asm_int80_emulation+0x1a/0x20
[ 1552.652583][T27772]  ? do_int80_emulation+0x286/0x530
[ 1552.652602][T27772]  ? trace_irq_disable+0x3b/0x140
[ 1552.652635][T27772]  do_fast_syscall_32+0x33/0x70
[ 1552.652657][T27772]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1552.652681][T27772] RIP: 0023:0xf7f5801c
[ 1552.652702][T27772] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1552.652721][T27772] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1552.652744][T27772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000940
[ 1552.652758][T27772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1552.652771][T27772] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1552.652784][T27772] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1552.652797][T27772] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1552.652827][T27772]  </TASK>
[ 1553.248589][T27777] FAULT_INJECTION: forcing a failure.
[ 1553.248589][T27777] name failslab, interval 1, probability 0, space 0, times 0
[ 1553.325596][T27777] CPU: 0 UID: 0 PID: 27777 Comm: syz.1.6422 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1553.325632][T27777] Tainted: [L]=SOFTLOCKUP
[ 1553.325640][T27777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1553.325653][T27777] Call Trace:
[ 1553.325661][T27777]  <TASK>
[ 1553.325670][T27777]  dump_stack_lvl+0xe8/0x150
[ 1553.325701][T27777]  should_fail_ex+0x412/0x560
[ 1553.325731][T27777]  ? sock_alloc_inode+0x2c/0x190
[ 1553.325765][T27777]  should_failslab+0xa8/0x100
[ 1553.325798][T27777]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 1553.325829][T27777]  ? format_decode+0x5a3/0xe10
[ 1553.325856][T27777]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1553.325878][T27777]  sock_alloc_inode+0x2c/0x190
[ 1553.325901][T27777]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1553.325923][T27777]  alloc_inode+0x6a/0x1b0
[ 1553.325948][T27777]  __sock_create+0x12d/0x9d0
[ 1553.325984][T27777]  mptcp_subflow_create_socket+0xfb/0x800
[ 1553.326008][T27777]  ? aa_label_sk_perm+0x532/0x6e0
[ 1553.326038][T27777]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1553.326065][T27777]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1553.326088][T27777]  ? look_up_lock_class+0x57/0x110
[ 1553.326123][T27777]  __mptcp_nmpc_sk+0x155/0x790
[ 1553.326147][T27777]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1553.326174][T27777]  ? __pfx_tomoyo_check_inet_address+0x10/0x10
[ 1553.326208][T27777]  mptcp_connect+0x71/0x830
[ 1553.326239][T27777]  __inet_stream_connect+0x25a/0xdd0
[ 1553.326268][T27777]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1553.326295][T27777]  ? lock_sock_nested+0x6a/0x100
[ 1553.326320][T27777]  ? __pfx___inet_stream_connect+0x10/0x10
[ 1553.326345][T27777]  ? inet_stream_connect+0x51/0xa0
[ 1553.326368][T27777]  ? __local_bh_enable_ip+0xd0/0x130
[ 1553.326394][T27777]  inet_stream_connect+0x66/0xa0
[ 1553.326418][T27777]  __sys_connect+0x312/0x450
[ 1553.326446][T27777]  ? __pfx___sys_connect+0x10/0x10
[ 1553.326493][T27777]  __ia32_sys_connect+0x7a/0x90
[ 1553.326521][T27777]  __do_fast_syscall_32+0x229/0x6e0
[ 1553.326542][T27777]  ? do_fast_syscall_32+0x33/0x70
[ 1553.326564][T27777]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1553.326592][T27777]  ? asm_int80_emulation+0x1a/0x20
[ 1553.326610][T27777]  ? do_int80_emulation+0x286/0x530
[ 1553.326628][T27777]  ? trace_irq_disable+0x3b/0x140
[ 1553.326661][T27777]  do_fast_syscall_32+0x33/0x70
[ 1553.326681][T27777]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1553.326705][T27777] RIP: 0023:0xf7f5801c
[ 1553.326724][T27777] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1553.326751][T27777] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[ 1553.326774][T27777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[ 1553.326788][T27777] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[ 1553.326800][T27777] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1553.326813][T27777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1553.326825][T27777] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1553.326856][T27777]  </TASK>
[ 1553.328439][T27777] socket: no more sockets
[ 1554.027465][T18773] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1554.044194][T27791] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1554.048662][T27789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1554.065084][T27789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1554.420753][T11995] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1554.432589][T18773] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1554.529064][T12095] Bluetooth: hci3: command tx timeout
[ 1554.581253][T11995] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1554.593571][T11995] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 1554.611773][T11995] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1554.631861][T11995] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1554.654649][T11995] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1554.676140][T11995] usb 2-1: Manufacturer: syz
[ 1554.695635][T11995] usb 2-1: config 0 descriptor??
[ 1554.714224][T11995] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 1554.862538][T27798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6426'.
[ 1554.884286][T27798] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6426'.
[ 1554.901245][T27798] netlink: 80 bytes leftover after parsing attributes in process `syz.2.6426'.
[ 1555.032297][T18773] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.500221][T18773] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1555.691869][T27769] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1555.720216][T27769] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1555.741246][T27769] bridge_slave_0: entered allmulticast mode
[ 1555.764140][T27769] bridge_slave_0: entered promiscuous mode
[ 1555.782833][T27769] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1555.797776][T27769] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1555.811081][T27769] bridge_slave_1: entered allmulticast mode
[ 1555.852487][T27769] bridge_slave_1: entered promiscuous mode
[ 1556.111721][T27769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1556.231481][T27769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1556.404935][T27769] team0: Port device team_slave_0 added
[ 1556.461202][T27769] team0: Port device team_slave_1 added
[ 1556.609068][T12095] Bluetooth: hci3: command tx timeout
[ 1556.981120][T12013] usb 2-1: USB disconnect, device number 94
[ 1557.135045][T27821] FAULT_INJECTION: forcing a failure.
[ 1557.135045][T27821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1557.150989][T27821] CPU: 1 UID: 0 PID: 27821 Comm: syz.1.6430 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1557.151024][T27821] Tainted: [L]=SOFTLOCKUP
[ 1557.151032][T27821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1557.151044][T27821] Call Trace:
[ 1557.151053][T27821]  <TASK>
[ 1557.151061][T27821]  dump_stack_lvl+0xe8/0x150
[ 1557.151091][T27821]  should_fail_ex+0x412/0x560
[ 1557.151125][T27821]  _copy_from_iter+0x1d3/0x1670
[ 1557.151157][T27821]  ? sock_alloc_send_pskb+0x896/0x990
[ 1557.151183][T27821]  ? __pfx__copy_from_iter+0x10/0x10
[ 1557.151219][T27821]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1557.151245][T27821]  skb_copy_datagram_from_iter+0xf5/0x710
[ 1557.151268][T27821]  ? dev_get_by_index+0x22/0x2e0
[ 1557.151290][T27821]  ? skb_put+0x11b/0x210
[ 1557.151321][T27821]  packet_sendmsg+0x35b1/0x4fb0
[ 1557.151359][T27821]  ? __lock_acquire+0x6b5/0x2cf0
[ 1557.151385][T27821]  ? __lock_acquire+0x6b5/0x2cf0
[ 1557.151416][T27821]  ? __lock_acquire+0x6b5/0x2cf0
[ 1557.151454][T27821]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1557.151483][T27821]  ? aa_sk_perm+0x6d5/0x900
[ 1557.151517][T27821]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1557.151541][T27821]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 1557.151574][T27821]  ? __import_iovec+0x5d4/0x7e0
[ 1557.151605][T27821]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1557.151636][T27821]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1557.151667][T27821]  ____sys_sendmsg+0x972/0x9f0
[ 1557.151708][T27821]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1557.151752][T27821]  ? kstrtoull+0x12f/0x1d0
[ 1557.151786][T27821]  ___sys_sendmsg+0x2a5/0x360
[ 1557.151813][T27821]  ? __lock_acquire+0x6b5/0x2cf0
[ 1557.151839][T27821]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1557.151869][T27821]  ? get_pid_task+0x20/0x1f0
[ 1557.151894][T27821]  ? get_pid_task+0x20/0x1f0
[ 1557.151917][T27821]  ? get_pid_task+0x20/0x1f0
[ 1557.151969][T27821]  ? __fget_files+0x2a/0x420
[ 1557.151992][T27821]  ? __fget_files+0x3a0/0x420
[ 1557.152025][T27821]  __sys_sendmsg+0x183/0x260
[ 1557.152059][T27821]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1557.152110][T27821]  __do_fast_syscall_32+0x229/0x6e0
[ 1557.152132][T27821]  ? do_fast_syscall_32+0x33/0x70
[ 1557.152150][T27821]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1557.152178][T27821]  ? asm_int80_emulation+0x1a/0x20
[ 1557.152198][T27821]  ? do_int80_emulation+0x286/0x530
[ 1557.152217][T27821]  ? trace_irq_disable+0x3b/0x140
[ 1557.152250][T27821]  do_fast_syscall_32+0x33/0x70
[ 1557.152270][T27821]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1557.152295][T27821] RIP: 0023:0xf7f5801c
[ 1557.152315][T27821] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1557.152332][T27821] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1557.152355][T27821] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000b00
[ 1557.152369][T27821] RDX: 0000000000004084 RSI: 0000000000000000 RDI: 0000000000000000
[ 1557.152381][T27821] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1557.152393][T27821] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1557.152406][T27821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1557.152435][T27821]  </TASK>
[ 1557.777568][T18773] team0: Port device bridge0 removed
[ 1557.829286][T18773] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1557.841636][T18773] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1557.856541][T18773] bond0 (unregistering): Released all slaves
[ 1557.878162][T18773] bond1 (unregistering): Released all slaves
[ 1558.082449][T27769] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1558.107756][T27769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1558.240908][T27769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1558.289558][T18773] tipc: Disabling bearer <udp:syz0>
[ 1558.357008][T18773] tipc: Left network mode
[ 1558.370006][T27769] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1558.398899][T27769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1558.429061][T27769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1558.513575][ T5290] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1558.614750][T27838] fuse: Unknown parameter '0x0000000000000006'
[ 1558.652389][T27838] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6433'.
[ 1558.693742][T12095] Bluetooth: hci3: command tx timeout
[ 1558.699825][T27838] netlink: 'syz.3.6433': attribute type 1 has an invalid length.
[ 1558.717804][T27838] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6433'.
[ 1558.847627][T27769] hsr_slave_0: entered promiscuous mode
[ 1558.878404][T27769] hsr_slave_1: entered promiscuous mode
[ 1558.898320][T27769] debugfs: 'hsr0' already exists in 'hsr'
[ 1558.918654][T27769] Cannot create hsr debugfs directory
[ 1559.114725][T27849] syzkaller0: entered promiscuous mode
[ 1559.127737][T27849] syzkaller0: entered allmulticast mode
[ 1560.037561][T27864] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1560.421022][T27864] netlink: 'syz.1.6439': attribute type 6 has an invalid length.
[ 1560.457662][   T10] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1560.666407][   T10] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1560.683686][   T10] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 1560.710804][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1560.732405][   T10] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1560.766161][   T10] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1560.774270][T12095] Bluetooth: hci3: command tx timeout
[ 1560.827977][ T5290] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1560.830707][   T10] usb 2-1: Manufacturer: syz
[ 1560.848070][T27873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1560.883842][   T10] usb 2-1: config 0 descriptor??
[ 1560.936477][   T10] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 1560.995609][T18773] hsr_slave_0: left promiscuous mode
[ 1561.004297][T27874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6441'.
[ 1561.015593][T18773] hsr_slave_1: left promiscuous mode
[ 1561.023926][T18773] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1561.034038][T18773] batadv0: mtu less than device minimum
[ 1561.045224][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.058705][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.070716][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.082800][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.094936][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.107007][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.119312][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.131535][T18773] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1561.167167][T18773] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1561.178214][T18773] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1561.219922][T18773] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1561.229673][T18773] batman_adv: batadv0: Interface deactivated: dummy0
[ 1561.236571][T18773] batman_adv: batadv0: Removing interface: dummy0
[ 1561.258186][T18773] veth1_macvtap: left promiscuous mode
[ 1561.264325][T18773] veth0_macvtap: left promiscuous mode
[ 1561.653598][T18773] team0 (unregistering): Port device team_slave_1 removed
[ 1561.700675][T18773] team0 (unregistering): Port device team_slave_0 removed
[ 1562.871748][T18773] IPVS: stop unused estimator thread 0...
[ 1563.020176][  T995] usb 2-1: USB disconnect, device number 95
[ 1563.576552][T27769] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1563.593290][T27769] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1563.611195][T27913] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[ 1563.637778][T27769] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1563.674576][T27769] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1563.700728][T27769] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1563.743428][T27769] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1563.785657][T27909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1563.797948][T27769] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1563.803202][T27909] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1563.845728][T27769] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1563.969559][T27909] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6447'.
[ 1564.068164][T27928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6451'.
[ 1564.091691][T27928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1564.101507][T27928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1564.147859][T27932] FAULT_INJECTION: forcing a failure.
[ 1564.147859][T27932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1564.163125][T27769] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1564.164002][T27932] CPU: 1 UID: 0 PID: 27932 Comm: syz.1.6452 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1564.164032][T27932] Tainted: [L]=SOFTLOCKUP
[ 1564.164039][T27932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1564.164050][T27932] Call Trace:
[ 1564.164058][T27932]  <TASK>
[ 1564.164065][T27932]  dump_stack_lvl+0xe8/0x150
[ 1564.164093][T27932]  should_fail_ex+0x412/0x560
[ 1564.164123][T27932]  _copy_from_user+0x2d/0xb0
[ 1564.164151][T27932]  get_compat_msghdr+0xb3/0x4c0
[ 1564.164186][T27932]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1564.164226][T27932]  ___sys_sendmsg+0x201/0x360
[ 1564.164259][T27932]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1564.164295][T27932]  ? do_user_addr_fault+0xbad/0x1340
[ 1564.164330][T27932]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1564.164389][T27932]  __sys_sendmmsg+0x2e7/0x4e0
[ 1564.164421][T27932]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1564.164473][T27932]  ? fput+0xa0/0xd0
[ 1564.164495][T27932]  ? ksys_write+0x242/0x270
[ 1564.164528][T27932]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1564.164558][T27932]  __do_fast_syscall_32+0x229/0x6e0
[ 1564.164577][T27932]  ? do_fast_syscall_32+0x33/0x70
[ 1564.164594][T27932]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1564.164627][T27932]  ? asm_int80_emulation+0x1a/0x20
[ 1564.164646][T27932]  ? do_int80_emulation+0x286/0x530
[ 1564.164663][T27932]  ? trace_irq_disable+0x3b/0x140
[ 1564.164693][T27932]  do_fast_syscall_32+0x33/0x70
[ 1564.164711][T27932]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1564.164734][T27932] RIP: 0023:0xf7f5801c
[ 1564.164751][T27932] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1564.164767][T27932] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1564.164788][T27932] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080007fc0
[ 1564.164801][T27932] RDX: 000000000800001d RSI: 0000000000000810 RDI: 0000000000000000
[ 1564.164813][T27932] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1564.164824][T27932] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1564.164835][T27932] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1564.164862][T27932]  </TASK>
[ 1564.430494][T27769] 8021q: adding VLAN 0 to HW filter on device team0
[ 1564.466758][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1564.474078][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1564.546007][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1564.553305][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1564.761531][T27769] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1564.887517][T27769] veth0_vlan: entered promiscuous mode
[ 1564.904312][T27769] veth1_vlan: entered promiscuous mode
[ 1564.962186][T27769] veth0_macvtap: entered promiscuous mode
[ 1564.982793][T27769] veth1_macvtap: entered promiscuous mode
[ 1565.019814][T27769] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1565.054326][T27769] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1565.083136][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1565.098730][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1565.114444][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1565.124975][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1565.766933][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1565.795398][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1565.853198][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1565.876223][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1565.954417][T27968] net_ratelimit: 31 callbacks suppressed
[ 1565.954440][T27968] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1565.989448][  T995] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1566.056484][T27968] netlink: 'syz.2.6457': attribute type 6 has an invalid length.
[ 1566.191453][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1566.204293][  T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1566.215265][  T995] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1566.237172][T27975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1566.245796][  T995] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1566.255208][T27976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1566.255554][T27975] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1566.268512][T27976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1566.271631][  T995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1566.298376][  T995] usb 2-1: config 0 descriptor??
[ 1566.502565][T27984] loop4: detected capacity change from 0 to 1
[ 1566.515844][T27984] Dev loop4: unable to read RDB block 1
[ 1566.535052][T27984]  loop4: unable to read partition table
[ 1566.544600][T27984] loop4: partition table beyond EOD, truncated
[ 1566.555221][T27984] loop_reread_partitions: partition scan of loop4 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1566.562034][T27985] Cannot find add_set index 0 as target
[ 1567.793925][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1567.793948][   T30] audit: type=1326 audit(1779434429.138:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27995 comm="syz.5.6463" exe="/root/ci-upstream-kasan-gce-386/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709f01c code=0x0
[ 1568.348673][T28013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1568.369920][T28013] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1568.398768][T28013] tls_set_device_offload_rx: netdev not found
[ 1568.467364][T28017] FAULT_INJECTION: forcing a failure.
[ 1568.467364][T28017] name failslab, interval 1, probability 0, space 0, times 0
[ 1568.480276][T28017] CPU: 0 UID: 0 PID: 28017 Comm: syz.0.6468 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1568.480299][T28017] Tainted: [L]=SOFTLOCKUP
[ 1568.480304][T28017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1568.480312][T28017] Call Trace:
[ 1568.480323][T28017]  <TASK>
[ 1568.480332][T28017]  dump_stack_lvl+0xe8/0x150
[ 1568.480362][T28017]  should_fail_ex+0x412/0x560
[ 1568.480396][T28017]  should_failslab+0xa8/0x100
[ 1568.480443][T28017]  __kmalloc_noprof+0xe8/0x760
[ 1568.480467][T28017]  ? tomoyo_encode+0x28b/0x550
[ 1568.480492][T28017]  tomoyo_encode+0x28b/0x550
[ 1568.480526][T28017]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1568.480564][T28017]  ? tomoyo_path_number_perm+0x219/0x630
[ 1568.480587][T28017]  tomoyo_path_number_perm+0x246/0x630
[ 1568.480604][T28017]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1568.480619][T28017]  ? __lock_acquire+0x6b5/0x2cf0
[ 1568.480663][T28017]  ? __fget_files+0x2a/0x420
[ 1568.480692][T28017]  ? __fget_files+0x3a0/0x420
[ 1568.480714][T28017]  ? __fget_files+0x2a/0x420
[ 1568.480741][T28017]  security_file_ioctl_compat+0xc3/0x2a0
[ 1568.480760][T28017]  __ia32_compat_sys_ioctl+0x139/0x950
[ 1568.480781][T28017]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1568.480803][T28017]  ? __fget_files+0x3a0/0x420
[ 1568.480833][T28017]  ? fput+0xa0/0xd0
[ 1568.480856][T28017]  ? ksys_write+0x242/0x270
[ 1568.480896][T28017]  __do_fast_syscall_32+0x229/0x6e0
[ 1568.480911][T28017]  ? do_fast_syscall_32+0x33/0x70
[ 1568.480923][T28017]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1568.480941][T28017]  ? asm_int80_emulation+0x1a/0x20
[ 1568.480952][T28017]  ? do_int80_emulation+0x286/0x530
[ 1568.480967][T28017]  ? trace_irq_disable+0x3b/0x140
[ 1568.480999][T28017]  do_fast_syscall_32+0x33/0x70
[ 1568.481019][T28017]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1568.481043][T28017] RIP: 0023:0xf7f2801c
[ 1568.481060][T28017] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1568.481071][T28017] RSP: 002b:00000000f53e650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1568.481086][T28017] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008108551b
[ 1568.481095][T28017] RDX: 0000000080002600 RSI: 0000000000000000 RDI: 0000000000000000
[ 1568.481103][T28017] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1568.481110][T28017] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1568.481121][T28017] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1568.481152][T28017]  </TASK>
[ 1568.481182][T28017] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1568.773639][  T995] usbhid 2-1:0.0: can't add hid device: -71
[ 1568.796755][  T995] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1568.817664][  T995] usb 2-1: USB disconnect, device number 96
[ 1569.198643][T28033] FAULT_INJECTION: forcing a failure.
[ 1569.198643][T28033] name failslab, interval 1, probability 0, space 0, times 0
[ 1569.213467][T28033] CPU: 0 UID: 0 PID: 28033 Comm: syz.1.6476 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1569.213508][T28033] Tainted: [L]=SOFTLOCKUP
[ 1569.213516][T28033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1569.213529][T28033] Call Trace:
[ 1569.213538][T28033]  <TASK>
[ 1569.213547][T28033]  dump_stack_lvl+0xe8/0x150
[ 1569.213578][T28033]  should_fail_ex+0x412/0x560
[ 1569.213608][T28033]  ? __d_alloc+0x37/0x6f0
[ 1569.213637][T28033]  should_failslab+0xa8/0x100
[ 1569.213670][T28033]  kmem_cache_alloc_lru_noprof+0x87/0x640
[ 1569.213711][T28033]  __d_alloc+0x37/0x6f0
[ 1569.213744][T28033]  d_alloc+0x4b/0x190
[ 1569.213768][T28033]  ? lookup_one_qstr_excl+0xc4/0x360
[ 1569.213799][T28033]  lookup_one_qstr_excl+0xd8/0x360
[ 1569.213832][T28033]  __start_renaming+0x1db/0x410
[ 1569.213872][T28033]  filename_renameat2+0x38c/0x9c0
[ 1569.213912][T28033]  ? __pfx_filename_renameat2+0x10/0x10
[ 1569.213949][T28033]  ? strncpy_from_user+0x150/0x2b0
[ 1569.213980][T28033]  ? do_getname+0x151/0x250
[ 1569.214008][T28033]  __se_sys_rename+0x55/0x2c0
[ 1569.214037][T28033]  __do_fast_syscall_32+0x229/0x6e0
[ 1569.214060][T28033]  ? do_fast_syscall_32+0x33/0x70
[ 1569.214079][T28033]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1569.214110][T28033]  ? asm_int80_emulation+0x1a/0x20
[ 1569.214131][T28033]  ? do_int80_emulation+0x286/0x530
[ 1569.214149][T28033]  ? trace_irq_disable+0x3b/0x140
[ 1569.214186][T28033]  do_fast_syscall_32+0x33/0x70
[ 1569.214208][T28033]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1569.214233][T28033] RIP: 0023:0xf7f5801c
[ 1569.214254][T28033] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1569.214273][T28033] RSP: 002b:00000000f541650c EFLAGS: 00000206 ORIG_RAX: 0000000000000026
[ 1569.214296][T28033] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000080000240
[ 1569.214311][T28033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1569.214324][T28033] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1569.214336][T28033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1569.214348][T28033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1569.214391][T28033]  </TASK>
[ 1569.458676][T28035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1569.471814][T28035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1569.859153][  T995] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1570.009092][  T995] usb 2-1: Using ep0 maxpacket: 8
[ 1570.018204][  T995] usb 2-1: New USB device found, idVendor=0582, idProduct=015b, bcdDevice= 0.40
[ 1570.028237][  T995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1570.036563][  T995] usb 2-1: Product: syz
[ 1570.040969][  T995] usb 2-1: Manufacturer: syz
[ 1570.045577][  T995] usb 2-1: SerialNumber: syz
[ 1570.248592][T28046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1570.260082][T28046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1570.288411][T28048] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.6479' sets config #0
[ 1570.314540][  T995] usb 2-1: USB disconnect, device number 97
[ 1571.033925][T28053] loop2: detected capacity change from 0 to 7
[ 1571.055381][T28053] Dev loop2: unable to read RDB block 7
[ 1571.062926][T28053]  loop2: AHDI p1 p2 p3
[ 1571.067601][T28053] loop2: partition table partially beyond EOD, truncated
[ 1571.079652][T28053] loop2: p1 start 1818582900 is beyond EOD, truncated
[ 1571.087839][T28053] loop2: p3 start 335544320 is beyond EOD, truncated
[ 1571.687866][T28058] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1571.757897][T28058] netlink: 'syz.3.6484': attribute type 6 has an invalid length.
[ 1571.793231][T28058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1571.818419][T28058] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1572.402124][T28068] FAULT_INJECTION: forcing a failure.
[ 1572.402124][T28068] name failslab, interval 1, probability 0, space 0, times 0
[ 1572.426404][T28068] CPU: 0 UID: 0 PID: 28068 Comm: syz.2.6487 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1572.426441][T28068] Tainted: [L]=SOFTLOCKUP
[ 1572.426450][T28068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1572.426462][T28068] Call Trace:
[ 1572.426472][T28068]  <TASK>
[ 1572.426482][T28068]  dump_stack_lvl+0xe8/0x150
[ 1572.426518][T28068]  should_fail_ex+0x412/0x560
[ 1572.426554][T28068]  should_failslab+0xa8/0x100
[ 1572.426586][T28068]  ? skb_clone+0x212/0x3a0
[ 1572.426606][T28068]  kmem_cache_alloc_noprof+0x87/0x650
[ 1572.426634][T28068]  ? __netlink_lookup+0xc6/0x8b0
[ 1572.426672][T28068]  skb_clone+0x212/0x3a0
[ 1572.426696][T28068]  __netlink_deliver_tap+0x404/0x850
[ 1572.426739][T28068]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1572.426768][T28068]  netlink_deliver_tap+0x19c/0x1b0
[ 1572.426798][T28068]  netlink_unicast+0x730/0x8e0
[ 1572.426837][T28068]  netlink_sendmsg+0x813/0xb40
[ 1572.426878][T28068]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1572.426914][T28068]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1572.426946][T28068]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1572.426979][T28068]  ____sys_sendmsg+0x972/0x9f0
[ 1572.427021][T28068]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1572.427058][T28068]  ? kstrtoull+0x12f/0x1d0
[ 1572.427093][T28068]  ___sys_sendmsg+0x2a5/0x360
[ 1572.427123][T28068]  ? __lock_acquire+0x6b5/0x2cf0
[ 1572.427152][T28068]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1572.427186][T28068]  ? get_pid_task+0x20/0x1f0
[ 1572.427213][T28068]  ? get_pid_task+0x20/0x1f0
[ 1572.427236][T28068]  ? get_pid_task+0x20/0x1f0
[ 1572.427288][T28068]  ? __fget_files+0x2a/0x420
[ 1572.427322][T28068]  ? __fget_files+0x3a0/0x420
[ 1572.427359][T28068]  __sys_sendmsg+0x183/0x260
[ 1572.427393][T28068]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1572.427447][T28068]  __do_fast_syscall_32+0x229/0x6e0
[ 1572.427470][T28068]  ? do_fast_syscall_32+0x33/0x70
[ 1572.427489][T28068]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1572.427519][T28068]  ? asm_int80_emulation+0x1a/0x20
[ 1572.427540][T28068]  ? do_int80_emulation+0x286/0x530
[ 1572.427557][T28068]  ? trace_irq_disable+0x3b/0x140
[ 1572.427590][T28068]  do_fast_syscall_32+0x33/0x70
[ 1572.427612][T28068]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1572.427639][T28068] RIP: 0023:0xf7f9301c
[ 1572.427660][T28068] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
[ 1572.427679][T28068] RSP: 002b:00000000f545650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1572.427703][T28068] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[ 1572.427719][T28068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1572.427732][T28068] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1572.427744][T28068] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1572.427757][T28068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1572.427790][T28068]  </TASK>
[ 1572.998151][T28079] syz_tun: entered promiscuous mode
[ 1574.435751][T28099] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.6496'.
[ 1575.678197][T28107] tipc: Started in network mode
[ 1575.706523][T28107] tipc: Node identity 5e5b8db0a1e5, cluster identity 4711
[ 1575.728809][T28107] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1575.737223][T28108] syzkaller0: entered promiscuous mode
[ 1575.743169][T28108] syzkaller0: entered allmulticast mode
[ 1575.791448][T28107] tipc: Resetting bearer <eth:syzkaller0>
[ 1575.824802][T28107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1575.901407][T28107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1576.022940][T28106] tipc: Resetting bearer <eth:syzkaller0>
[ 1576.058688][   T31] INFO: task kworker/1:0:24620 blocked for more than 143 seconds.
[ 1576.069969][   T31]       Tainted: G             L      syzkaller #0
[ 1576.077193][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1576.093673][   T31] task:kworker/1:0     state:D stack:21304 pid:24620 tgid:24620 ppid:2      task_flags:0x4288060 flags:0x00080000
[ 1576.106314][   T31] Workqueue: usb_hub_wq hub_event
[ 1576.111945][   T31] Call Trace:
[ 1576.115498][   T31]  <TASK>
[ 1576.118737][   T31]  __schedule+0x1821/0x5740
[ 1576.124465][   T31]  ? __pfx___schedule+0x10/0x10
[ 1576.126332][T28120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1576.147373][   T31]  ? schedule+0x90/0x360
[ 1576.153645][   T31]  schedule+0x164/0x360
[ 1576.154097][T28120] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1576.176413][   T31]  schedule_timeout+0xc3/0x2c0
[ 1576.181929][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1576.188359][   T31]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1576.194093][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1576.202079][   T31]  ? wait_for_completion+0x274/0x5e0
[ 1576.207687][   T31]  wait_for_completion+0x2cc/0x5e0
[ 1576.216125][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1576.222581][   T31]  i2c_del_adapter+0x5c0/0x790
[ 1576.228065][   T31]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1576.239510][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[ 1576.245115][   T31]  ? kfree+0x1c5/0x640
[ 1576.255137][   T31]  dvb_usb_i2c_exit+0x64/0xb0
[ 1576.265239][   T31]  dvb_usb_device_exit+0x1cb/0x360
[ 1576.275376][   T31]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[ 1576.282250][   T31]  ? usb_disable_interface+0x31d/0x350
[ 1576.295622][   T31]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1576.302058][   T31]  usb_unbind_interface+0x26e/0x910
[ 1576.315878][   T31]  ? kernfs_remove_by_name_ns+0x101/0x140
[ 1576.326020][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[ 1576.334228][   T31]  device_release_driver_internal+0x4d9/0x870
[ 1576.341378][   T31]  bus_remove_device+0x455/0x570
[ 1576.346611][   T31]  ? __pfx_bus_remove_device+0x10/0x10
[ 1576.356470][   T31]  ? kernfs_remove_by_name_ns+0x101/0x140
[ 1576.366600][   T31]  device_del+0x527/0x8f0
[ 1576.372777][   T31]  ? __pfx_device_del+0x10/0x10
[ 1576.382868][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1576.388141][   T31]  usb_disable_device+0x3d4/0x8d0
[ 1576.397003][   T31]  usb_disconnect+0x32f/0x990
[ 1576.407129][   T31]  hub_event+0x1cc9/0x4f30
[ 1576.413234][   T31]  ? __pfx_hub_event+0x10/0x10
[ 1576.424444][   T31]  ? process_scheduled_works+0xa70/0x1860
[ 1576.431293][   T31]  ? process_scheduled_works+0xa70/0x1860
[ 1576.437508][   T31]  ? process_scheduled_works+0xa70/0x1860
[ 1576.447651][   T31]  process_scheduled_works+0xb5d/0x1860
[ 1576.453606][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1576.464836][   T31]  ? assign_work+0x3d5/0x5e0
[ 1576.470135][   T31]  worker_thread+0xa53/0xfc0
[ 1576.475798][   T31]  kthread+0x389/0x470
[ 1576.481442][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1576.488133][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.493134][   T31]  ret_from_fork+0x514/0xb70
[ 1576.500155][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1576.506068][   T31]  ? load_gs_index+0x97/0xc0
[ 1576.511177][   T31]  ? __switch_to+0xc79/0x1410
[ 1576.515965][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.521237][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1576.526119][   T31]  </TASK>
[ 1576.530814][   T31] 
[ 1576.530814][   T31] Showing all locks held in the system:
[ 1576.541431][T28106] tipc: Disabling bearer <eth:syzkaller0>
[ 1576.547269][   T31] 1 lock held by khungtaskd/31:
[ 1576.553408][   T31]  #0: ffffffff8e95cca0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1576.571119][   T31] 2 locks held by getty/5384:
[ 1576.578043][   T31]  #0: ffff8880367810a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1576.588397][   T31]  #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0
[ 1576.598855][   T31] 5 locks held by kworker/1:0/24620:
[ 1576.609189][   T31]  #0: ffff888021ea1d40 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860
[ 1576.638979][   T31]  #1: ffffc9000556fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860
[ 1576.662879][   T31]  #2: ffff88802b0e21d8 (&dev->mutex){....}-{4:4}, at: hub_event+0x17f/0x4f30
[ 1576.683195][   T31]  #3: ffff888022f291d8 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x990
[ 1576.710323][   T31]  #4: ffff888022f2e1a0 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x870
[ 1576.722015][   T31] 2 locks held by syz.0.6493/28083:
[ 1576.727286][   T31]  #0: ffff888079983840 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1576.737677][   T31]  #1: ffffffff8fdd1300 (rtnl_mutex){+.+.}-{4:4}, at: packet_release+0x45a/0xd10
[ 1576.747333][   T31] 2 locks held by syz.5.6500/28106:
[ 1576.752712][   T31]  #0: ffffffff8fdd1300 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 1576.761838][   T31]  #1: ffffffff8e962fa8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2d0/0x770
[ 1576.773980][   T31] 2 locks held by syz.1.6501/28118:
[ 1576.781048][   T31]  #0: ffff88807724be40 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1576.791442][   T31]  #1: ffffffff8e962fa8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[ 1576.802710][   T31] 
[ 1576.807742][   T31] =============================================
[ 1576.807742][   T31] 
[ 1576.830749][   T31] NMI backtrace for cpu 1
[ 1576.830767][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1576.830785][   T31] Tainted: [L]=SOFTLOCKUP
[ 1576.830790][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1576.830798][   T31] Call Trace:
[ 1576.830803][   T31]  <TASK>
[ 1576.830810][   T31]  dump_stack_lvl+0xe8/0x150
[ 1576.830834][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[ 1576.830851][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1576.830865][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1576.830882][   T31]  sys_info+0x135/0x170
[ 1576.830895][   T31]  watchdog+0xfd3/0x1030
[ 1576.830917][   T31]  ? watchdog+0x1c9/0x1030
[ 1576.830938][   T31]  kthread+0x389/0x470
[ 1576.830964][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1576.830987][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.831004][   T31]  ret_from_fork+0x514/0xb70
[ 1576.831019][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1576.831031][   T31]  ? __switch_to+0xc79/0x1410
[ 1576.831051][   T31]  ? __pfx_kthread+0x10/0x10
[ 1576.831067][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1576.831090][   T31]  </TASK>
[ 1576.831108][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1576.947567][    C0] NMI backtrace for cpu 0
[ 1576.947589][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1576.947611][    C0] Tainted: [L]=SOFTLOCKUP
[ 1576.947618][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1576.947628][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1576.947657][    C0] Code: 7b 7d 02 e9 93 f7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 21 20 00 fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[ 1576.947672][    C0] RSP: 0018:ffffffff8e607dc0 EFLAGS: 00000246
[ 1576.947688][    C0] RAX: 00000000014d7f4d RBX: ffffffff819a958a RCX: 0000000080000001
[ 1576.947701][    C0] RDX: 0000000000000001 RSI: ffffffff8dfacd5d RDI: ffffffff8c28b660
[ 1576.947713][    C0] RBP: ffffffff8e607eb0 R08: ffff8880b86339db R09: 1ffff110170c673b
[ 1576.947725][    C0] R10: dffffc0000000000 R11: ffffed10170c673c R12: 0000000000000000
[ 1576.947736][    C0] R13: 1ffffffff1cd25d8 R14: 0000000000000000 R15: 1ffffffff1cd25d8
[ 1576.947748][    C0] FS:  0000000000000000(0000) GS:ffff888125287000(0000) knlGS:0000000000000000
[ 1576.947762][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1576.947773][    C0] CR2: 00000000f7408108 CR3: 0000000074486000 CR4: 00000000003526f0
[ 1576.947789][    C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000002
[ 1576.947800][    C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1576.947817][    C0] Call Trace:
[ 1576.947824][    C0]  <TASK>
[ 1576.947831][    C0]  default_idle+0x9/0x20
[ 1576.947848][    C0]  default_idle_call+0x72/0xb0
[ 1576.947865][    C0]  do_idle+0x36a/0x5f0
[ 1576.947887][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1576.947909][    C0]  cpu_startup_entry+0x43/0x60
[ 1576.947927][    C0]  rest_init+0x2de/0x300
[ 1576.947945][    C0]  start_kernel+0x38a/0x3e0
[ 1576.948039][    C0]  x86_64_start_reservations+0x24/0x30
[ 1576.948057][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1576.948074][    C0]  common_startup_64+0x13e/0x147
[ 1576.948101][    C0]  </TASK>
[ 1577.151497][T28083] syz_tun: left promiscuous mode
[ 1577.151510][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1577.163321][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1577.173992][   T31] Tainted: [L]=SOFTLOCKUP
[ 1577.178314][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1577.188374][   T31] Call Trace:
[ 1577.191669][   T31]  <TASK>
[ 1577.194616][   T31]  vpanic+0x56c/0xa60
[ 1577.198610][   T31]  ? __pfx___schedule+0x10/0x10
[ 1577.203466][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1577.207992][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f4/0x300
[ 1577.214147][   T31]  panic+0xc5/0xd0
[ 1577.217963][   T31]  ? __pfx_panic+0x10/0x10
[ 1577.222400][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1577.227788][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1577.233947][   T31]  watchdog+0x102c/0x1030
[ 1577.238369][   T31]  ? watchdog+0x1c9/0x1030
[ 1577.242799][   T31]  kthread+0x389/0x470
[ 1577.246872][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1577.251548][   T31]  ? __pfx_kthread+0x10/0x10
[ 1577.256146][   T31]  ret_from_fork+0x514/0xb70
[ 1577.260746][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1577.265886][   T31]  ? __switch_to+0xc79/0x1410
[ 1577.270605][   T31]  ? __pfx_kthread+0x10/0x10
[ 1577.275663][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1577.280463][   T31]  </TASK>
[ 1577.284235][   T31] Kernel Offset: disabled
[ 1577.288572][   T31] Rebooting in 86400 seconds..