last executing test programs:

27m29.09031752s ago: executing program 0 (id=244):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018100004da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "eb3700", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2, 0x0, 0x0, 0x87}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "083ff2", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x4, 0x0, 0x9, {[@eol]}}}}}}}}, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000003380)={0x0, 0x4000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000000)={0x4000000})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r5 = syz_usb_connect(0x5, 0x9c7, &(0x7f0000000500)={{0x12, 0x1, 0x250, 0x7e, 0x4f, 0x6f, 0xff, 0x55f, 0xc440, 0x65ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9b5, 0x4, 0x40, 0x56, 0x80, 0x73, [{{0x9, 0x4, 0xe7, 0xd, 0x1, 0x38, 0x8f, 0x3, 0x7, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x5, 0x5, 0x3}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xf9, 0x2, 0xc4, 0x0, "", "5392"}]}], [{{0x9, 0x5, 0x0, 0x0, 0x20, 0x1, 0x10, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x2, 0x8}, @generic={0x41, 0x7, "811f8c4a1ef92a5c713aa053041d2d66f4a0420acb0d99c7c5cedb0f42854aa466922b12658ec60583ae49ce81107aecf71abbe4acf6385033fe23a91b903c"}]}}]}}, {{0x9, 0x4, 0x43, 0x9, 0x7, 0x30, 0x9e, 0x3d, 0x5a, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "1091cbf73e"}, {0x5, 0x24, 0x0, 0xbc}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xfffe, 0x100, 0x2}, [@obex={0x5, 0x24, 0x15, 0x5}]}], [{{0x9, 0x5, 0xd, 0x10, 0x200, 0xc, 0x7, 0xd4, [@generic={0xa4, 0x8, "04be60cd1ac592d37db312232b8e84777a96a2f5dc95e88d46131805126bf553cd6836f64d61e153ba565f993e59898ac0c813c1ff9cbc07f52e921f3317cab75a9b441eaf3dc6b303a174645898aac8025ec7d3407031dfe70984eb9b7bd1b3f4bebca57bda609f4f6831fc8ee4f97e917c6a817b004bdb472bd51bb1d118e156291a46485e1df19417af6973636b47f6526c9b4ffb74d5e060ebd9cbb126f33d8d"}, @uac_iso={0x7, 0x25, 0x1, 0xc1, 0xe, 0x2}]}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x4, 0x10, 0x4, [@generic={0xdd, 0x31, "a8924ca5d52086951f7e471d8f3356230a904bfa92f10412deef492c785c2c408f7ca846674122e6776b528062d220096ed1be91872bf2361e9186ef50977aaef0d88d7d505be27fb8f2bad921f51593a8e26383a7ac7b8dbc2e32b25cd2db49ec1bbd5d3b3c81652b7d0cbc0ee23eac685a490ba8e9477169c46c161b5137b70e63c60cf16327236f2aa5257a1fedbaae23cb13ebbb712df3fa814c78b41e8beb63aa606a92755b7aeb03b9a4acca918a253bb58db3702579ea153c42e05da001143767dadcbe80d4cdea7f48553028bafaa7939c01a21ea9ffb8"}, @generic={0x97, 0x11, "edc79dfa245375ed0510a890c41b3fa3f1ca20ed9b6384aff2dfbd0d979fddf09fc72c627197b4b46e22377cfba0a6b6f5c0655d5bf97197bf269dfca8ca3953c1bf6a0bc7ed07d65abe44536b70d428f5cd0044fd3fa3a05d1c2ece325a349dab0ff2c109f4b92ba88ec9feb901ff4a8f60d0ee5b1624eafe69bea521ffd3d2243317006e77995870d5170b5f8e8a768fca215fd0"}]}}, {{0x9, 0x5, 0x5, 0x12, 0x10, 0x3, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x10, 0x6edd}]}}, {{0x9, 0x5, 0x4, 0x8, 0x3ff, 0xff, 0xfa, 0x6, [@generic={0x10, 0x30, "6d1231b4659727360e5ee7ee68c8"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x6}]}}, {{0x9, 0x5, 0xd, 0xc, 0x20, 0x81, 0x0, 0x9, [@generic={0x7b, 0xf, "535cc498c5fd35821f1dcea4ae4bfed92a7ab99494915c027d2e6cec3935a64b4da420afe7650dd95e417932bfe2b0b14bcd65153829de5dc0c6d0cc01579bdc36d1ddd0ed08d63c9a41368cbe0a32ad6fb8414219a49aac760d2827bc57c786bf225517cb0604a7245c64a04c78bc23eb9a016edcdb58f31a"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x40, 0x67, 0x8, 0xfe, [@generic={0x21, 0x3b, "c80e03ccf5077ed507e88da20880a3553cef5eaa6984231399b9be5181dd23"}]}}, {{0x9, 0x5, 0xb, 0x1, 0x40, 0x1, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0xc11}]}}]}}, {{0x9, 0x4, 0xc4, 0x8, 0x4, 0xaf, 0x47, 0x56, 0x9, [@hid_hid={0x9, 0x21, 0x3a, 0x3, 0x1, {0x22, 0x53d}}], [{{0x9, 0x5, 0x2, 0x0, 0x400, 0x5a, 0x2, 0x7, [@generic={0xac, 0x2, "ade9050c8cd020ff17e5341b8414206cc86f042c9ede14ea4779dcf85e645bf064674a1bc73304229854d71e9cf2257559c6d14e832605261d289122c623466e7890f50fce186e4b52f24c8bd1cdf8c5aab53b99dcd307b1b53ccd17038dca061a06954d5880bfc82c02c0267423a17ac33d8e255454ba84d8010bb93bb2094806ed61aaedf0a5458c9f960ae87ca82d6fc710251e58d15a730d3e9325ab2c025f7200af5fb118ce78d3"}]}}, {{0x9, 0x5, 0x83, 0x3, 0x3ff, 0x8, 0xfa, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x5, 0x6}, @generic={0xd6, 0x8, "20b144242402d86f032faa399d134ac9e4853d68ae256ddd11e5d999099a0172ff31a66c3fafe69f1cccc9c463db4a6d6697ab9d0daf5aca8fe203af5cc560241582440bd627cbc1a76af2fe6a8b12007b6a0a558505f61fc35e5b2506424ca813b81c58d32593a1e086186ac9dbdeed507d03a3c297fdb38abfd78f71255a74a210e84e307b68018360e43c205abf2cfd5e705a872ac66bf1876319cacbfd39a69b4cf74e98d3f179d9c2cd00c54b55d073c99950150bde95a513f30beefcb70f05a28b18e31d72eff5133fd1dff613b9572407"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x0, 0x0, 0x80, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0x3}]}}, {{0x9, 0x5, 0x1, 0x13, 0x10, 0xff, 0x6, 0x8, [@generic={0x7e, 0x21, "c04ebe64ea7661f4ae4bc43c049f7893374f539a36955924e9a662ee71db01d3e8730cfd19c3ebcf780badea927198d22184eeb2e024d0eb2b46065932dd2e3c317940ee02a60d25f77fb42358ca48dc68ffb3fc65fda5860a9394beae4cc0acda73a6d52ed3d2e40a424678e7bd1f2494a0f5a3566101557b87151d"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x1}]}}]}}, {{0x9, 0x4, 0x63, 0xf, 0x7, 0xff, 0x6c, 0x83, 0x7f, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "c62c"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xe22, 0x5, 0x9, 0xac}, {0x6, 0x24, 0x1a, 0x1, 0x8}, [@acm={0x4, 0x24, 0x2, 0xb}, @mdlm={0x15, 0x24, 0x12, 0x5}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x2}, @acm={0x4, 0x24, 0x2, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x1}]}, @uac_control={{0xa, 0x24, 0x1, 0x401, 0x9}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x100, 0x4, 0x1, 0x200, 0xa}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x200, 0x4, 0x6, 0x5, 0x9, 0xf8}, @mixer_unit={0xb, 0x24, 0x4, 0x5, 0x0, "965547f351c8"}, @mixer_unit={0xa, 0x24, 0x4, 0x2, 0xf4, "3f3f83b523"}, @processing_unit={0xa, 0x24, 0x7, 0x6, 0x4, 0x9, "bd0f60"}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x0, 0x3, 0xf, 0xffff, 0xe, 0x3}]}], [{{0x9, 0x5, 0x81, 0x10, 0x10, 0x6, 0x0, 0x5, [@generic={0xed, 0x24, "cc27b4e33bc4c470390d5a48028c78d078c0e5b5e2649c362b865ab77dc48b49528d940be5ade12eab562f2cf6cdc7c1acabad78716d0b4fa6bd49b518058fcbc5f7c3f663d5dc811055e66df35f1b8c276e488ba07f9e4b46f244e93a4549566bc31d1d4d0fcec10283ac353cb29012e56beafc45bf6595d505793f8e00582b67693dddfc81e7b98b23e9f9984c773a379fe86c6318079b5fe5d402802d865b30343cfc34960b6a13e18e8becebc707605855040476bb957ebc3bf75016c469fd9fef93b03aa13fd57a236d10a52eae24ac964bec9cc954fc0a14a6f26f6191708a3c53e18ef76adbb67c"}]}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x5c, 0x1, 0x5, [@generic={0x84, 0x1e, "c7712fc8a260bbe5885b81a60d09a80430f74725c2a6de8d5e76e9a5840905ff5c39c68a0af851a0377d2de469e62865be99f7ce037e9351b3f349599a25a31e67d17e13e43f1338c7e71e45a2ed0a59d59586d8bee18a93a3928c4c08efcfa427c0acf3569a8b6429eefff8945bd200ce88b5fbfd638c0a01a19a8cd7c9337450fe"}, @generic={0x29, 0x23, "38a294aeb4dc726b1ffa61b562603755ca02bd0fc65620fadff9cba7e56a770e08b53b26f8be4b"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x8, 0x8, 0x6, 0x1b, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x9, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xff, 0x82b}]}}, {{0x9, 0x5, 0x2, 0x10, 0x0, 0x2, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xff, 0x5}]}}, {{0x9, 0x5, 0x4, 0x2, 0x20, 0x0, 0x1, 0xac, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xb, 0xfff9}]}}, {{0x9, 0x5, 0xd, 0x0, 0x200, 0x8, 0xc, 0x7, [@generic={0xff, 0xe, "16691bd5c7995e823a9e0ff561544ffa978f07f038ac812e352e5227b85e64e39cfaabb6a318e8200b1f9517237d8c2e085a757d5d7af3b281e55d5320f19f8acd3e90e4fbc76cabea06d0b1b916f144bc0a7d60448353b86c6d27462c56cb89ca81af04c2a513ea3e4512ec6ddf20f4dd5537b29a931afeb1c10e123b3dc5db2819a98a679c6c93c32d0020e0f7955b642fc69eeae79bf49df7329c286e818c9a3f9ab1b2e83e53b6af715bd42699ff1193675ebbdc06c43769eee0873ef4390ee32081e73f787d4c5d3bcd33a1d46632167ab16e59f78eb636b1d9be69813a18cb54e889e6b50da289829ed826dd886ec9048cc79ba32a5dedf9e99a"}]}}, {{0x9, 0x5, 0xf, 0xc, 0x10, 0x4, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x3}]}}]}}]}}]}}, &(0x7f00000000c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0xf2, 0x7, 0x5, 0xff, 0xd}, 0x1eb, &(0x7f0000001180)={0x5, 0xf, 0x1eb, 0x6, [@ptm_cap={0x3}, @generic={0xd4, 0x10, 0x8, "c7d947cd46bb50ce40f66f0cfa38857c0313e1ad07b9368ada7cbc5bf3282a1c52608a3ca90935f0f01448c5a494afb8d4b543d20b88a0f2ee5938096eec3c170470bccda223b4895117b427706a6a16f71f304e1dfee7516bdd2c68070021f65efe21dbb5b7170a52f8fe621645a4105173380db2e989bbd6879382f2bbc996f08553fda301459f0ca713160a1c84e1c5b4592636172ba80ba8847feec2edd3bc120af29c2b1d5e096e8ce8a6bf4dd11f5a9ad897961278d4c1df1f0403902058eb830d945d64470f759f821a6da03621"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "1863d22a2b07cc056c32ae07cbdc0bd9"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x6, 0x2, 0x2}, @generic={0xe9, 0x10, 0x4, "7c97e05c1eb7e56e4246ac888a5896b2214ec42ac1ae02502654c22decd80f4a41a3c5a9cf26e175f94c6d1509196ed95dddea802c5dee5d5e3c8ff2fb60388356654795b19c8b31336c25764d0d30f45aa76f68353db23b1326c662ae30463e10c9bab6b96b7b1599dd4d48b0d47c5a8dc5bfc59d520ba7492b9b8a84c631ab900ee9bf9a28dc7286f9ef561955c9a783edb1b87f0809d77696f49e4811beefa9d4db0e7590a9f468e451b38f975405d38dbc61f522ac15402065a60f4187e9ebaf82627d4c201b5e437df72ae0188f22f010d42f008ea4fd6e881d788f75a70e2fdde61502"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0x4, 0x8, 0x9, 0x43}]}, 0x1, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x429}}]})
syz_usb_control_io$uac1(r5, &(0x7f0000000440)={0xc, &(0x7f0000000340)={0x0, 0xa, 0x63, {0x63, 0x4, "7fd1fd87d1db3acb48dbdc262382d644316f5cbfd5501b885cc43b9efa78988367445f5ba53ecff619b3e123ad0f6a165a14bf3cc59978f1def8d40a3b27ee2ab9047ea9ab2020ffe82b33591fbed174ec445ef8d1f5d07572cc26dde5c96fc9fb"}}, &(0x7f00000003c0)={0x0, 0x3, 0x44, @string={0x44, 0x3, "cf30393d9be6ee631a72608c1636aa8f68db9230593964518fd46d095a208c9e065e095e08dd20f7f1d9f6c7fb8621d09c90d486f55327af427378ff74a414a336ab"}}}, &(0x7f0000001140)={0x24, &(0x7f0000000f00)={0x40, 0x31, 0x85, "e03539c1c1d19ee21f931119cf0d36b81479a5a159542a013565f512bd0d65e3018f9d064130981a5f256deb8709cebd1b818f15ff7c52eafca0bd334b8c4a2cfc38a9ae4a67fcfc91ae3187934f0473a0a40a10d5800f5eb3ffb06b45e716eba30565d314e14958d18aa2203c4831ad29083ff29e17ecd60bcd009d7c928f1915d6c1c024"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000fc0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000001000)={0x20, 0x81, 0x2, 'It'}, &(0x7f0000000140)=ANY=[@ANYBLOB="20820200e0ff51af6e465200b58e4f9d19a6dbadab4571dc95646f184d6451e08318e775e0c684a7bed0af2dbb727ccc23090bb8fb94c8aba9a19e364e8f8a68558b93d7131a22a784ccacb2c1b65f49fdfedc44"], &(0x7f0000001080)=ANY=[@ANYBLOB="b3a1816d7c1b7d"], &(0x7f00000001c0)=ANY=[@ANYBLOB="20d3790c821be288e1a5391ce3c310d09de902006d5e1e095466ea8daaf4638ac7d989ec0d66de321637"], &(0x7f0000001100)={0x20, 0x85, 0x3, "cdba57"}})
syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x14, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="002223000000a39df4e95c17b0ec827867e0cf4fff0b2b468b132702000000a3040000020026"], 0x0}, 0x0)

27m26.478033447s ago: executing program 0 (id=254):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000f00)={{0x12, 0x1, 0x0, 0x7c, 0xe7, 0xc8, 0x10, 0x4d8, 0xa30, 0xce47, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xd, 0xe6, 0x7a, 0x0, [], [{{0x9, 0x5, 0x4, 0x2}}, {{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f00000008c0)=@base={0xd, 0x2, 0x4, 0x4002, 0x0, 0xffffffffffffffff, 0x1e, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x11}, 0x48)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @IFLA_GRE_IKEY={0x8}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffffff08000600040000000800110009000000080002"], 0x5c}}, 0x0)
syz_open_dev$vim2m(0x0, 0x800, 0x2)
r6 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}})
socket$netlink(0x10, 0x3, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
ioctl$int_in(r7, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r7, 0xa, 0x12)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'\x00', 0x1})
io_setup(0x1ff, &(0x7f0000001540)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f00000007c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x401, r8, &(0x7f0000000440)="96", 0x1}])

27m21.217221766s ago: executing program 0 (id=266):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000200), 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r4, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
capget(0x0, &(0x7f00000001c0)={0x7, 0x1, 0x2e7, 0x8, 0x1, 0x86d7})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x503, 0x70bd28, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_INTVL={0xc, 0x21, 0x3}, @IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x3}]}}}]}, 0x50}}, 0x0)
sendto$inet(0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x10, 0x0, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r6)
syz_usb_connect(0x4, 0x24, &(0x7f0000000400)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r6, 0x4004550e, 0x0)
listen(0xffffffffffffffff, 0x0)
poll(0x0, 0x0, 0x7)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x34, r2, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

27m17.526928332s ago: executing program 0 (id=275):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000067c0)=[{{0x0, 0x0, &(0x7f0000002700)=[{0x0}], 0x1}}], 0x1, 0x8080)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x226)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r3=>0x0})
bind$can_raw(r0, &(0x7f00000005c0), 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000073118600000000008510000002000000850000007600000095000810000000009500a50500000000e2044545cfbd17576630"], 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x6}, 0x94)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x5, 0x80000000, 0x8], 0x0, 0x8340})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
read(r0, &(0x7f00000027c0)=""/4073, 0xfe9)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r7=>r0, {0xbe}}, './file0\x00'})
sendmsg$NFNL_MSG_CTHELPER_NEW(r7, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="680000000009010800000000000000000700000108000340000000010800064000000001080005400000000c0c00048008000140000000130800064000000000150006400000004faf6c00080006400000000008000640000000000800034000000009080005400000000a"], 0x68}, 0x1, 0x0, 0x0, 0xebbf8e75a2d7238b}, 0x20008010)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, 0x2d, 0x9, 0x70bd27, 0x0, {0x6}, [@typed={0x8, 0xa, 0x0, 0x0, @uid}]}, 0x1c}}, 0x84)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000040)=0x2, 0x4)
sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r3}, 0x10, &(0x7f0000000200)={&(0x7f00000007c0)=@can={{0x2, 0x0, 0x1, 0x1}, 0x1, 0x3f57955e7be81d83, 0x0, 0x0, "f97003b8750e5566"}, 0x10}}, 0x4000040)

27m16.911218709s ago: executing program 0 (id=277):
socket$inet6(0xa, 0x805, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$media(0x0, 0x0, 0x101d01)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_netfilter(r2, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
close(0x3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000006900030500000000000000000000000000000000be6b20189fe4fa6bc4e00f8875f58eb4e260f69cc99c06bf3e05f6522d7bd24f9ea0ad68ce4d14d671f89f"], 0x20}}, 0x0)

27m15.696004287s ago: executing program 0 (id=281):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000200)=0x10001, 0x4)
sendto$inet6(r0, &(0x7f0000000280)=':=', 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xb, @empty}, 0x1c)
r1 = socket(0x2b, 0x80801, 0x1)
set_mempolicy(0x2, 0x0, 0xf5)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f00000000c0)=0x5, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000e80)}], 0x1, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$alg(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
read$alg(r1, &(0x7f00000004c0)=""/4092, 0xffc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x400480, 0x3, 0x14}, 0x18)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000a0000000900010073797a300000000050000000030a010200000000000000000a0000000900010073797a30000000000900030073797a3100000000080007006e6174001c00048008000140000000000800024000000000080002400eb489d814000000020a010800000027f00000000000000114000000110001000f000000000000000000000a"], 0xac}}, 0x0)
socket(0x10, 0x2, 0x0)
syz_open_procfs(r5, &(0x7f0000000040)='net/vlan/config\x00')

27m14.700466724s ago: executing program 32 (id=281):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @empty, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000200)=0x10001, 0x4)
sendto$inet6(r0, &(0x7f0000000280)=':=', 0x2, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xb, @empty}, 0x1c)
r1 = socket(0x2b, 0x80801, 0x1)
set_mempolicy(0x2, 0x0, 0xf5)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f00000000c0)=0x5, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000e80)}], 0x1, 0x0, 0x0, 0x4090}, 0x0)
sendmsg$alg(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
read$alg(r1, &(0x7f00000004c0)=""/4092, 0xffc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', &(0x7f0000000440)={0x400480, 0x3, 0x14}, 0x18)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010100000000000000000a0000000900010073797a300000000050000000030a010200000000000000000a0000000900010073797a30000000000900030073797a3100000000080007006e6174001c00048008000140000000000800024000000000080002400eb489d814000000020a010800000027f00000000000000114000000110001000f000000000000000000000a"], 0xac}}, 0x0)
socket(0x10, 0x2, 0x0)
syz_open_procfs(r5, &(0x7f0000000040)='net/vlan/config\x00')

15m0.678408012s ago: executing program 4 (id=2596):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000b40)={0x2, 0xfffc, @loopback}, 0x10, 0x0}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000580)="ae", 0x1}], 0x1, 0x0, 0x0, 0x4000800}}], 0x1, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x601, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[0x0], &(0x7f0000000580)})

15m0.394738038s ago: executing program 4 (id=2600):
ioctl$SG_SET_TIMEOUT(0xffffffffffffffff, 0x2201, &(0x7f0000000000))
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x20000328)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000100)={0x1, 0xfffffffe}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x8031, 0xffffffffffffffff, 0x0)
recvmsg(r1, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x2)

15m0.082230835s ago: executing program 4 (id=2602):
r0 = syz_open_procfs(0x0, &(0x7f0000000340)='fd\x00')
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0x0, r0, 0x0, 0x5, &(0x7f00000002c0)='[&\'%\x00', <r1=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={r1}, 0x4)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="d4ac0f0000000000", @ANYRES32, @ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)

15m0.016472666s ago: executing program 4 (id=2603):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
bind$alg(r1, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000007500)=[{{0x0, 0x0, &(0x7f00000022c0)=[{0x0}, {0x0}, {&(0x7f0000001100)=""/76, 0x4c}], 0x3}, 0x3}], 0x1, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r4, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)=""/4096, 0x1000}, 0xbac00000}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r4, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000140)=@req={0x1000, 0x8, 0x2, 0x81}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e23, @multicast1}], 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x5, 0x10000)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0x80045515, &(0x7f0000000040)={0x5})
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0)

14m58.850098449s ago: executing program 4 (id=2607):
unshare(0x400)
r0 = openat$sysfs(0xffffff9c, 0x0, 0x100, 0x4)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000b80)=""/175, &(0x7f0000000c40)=0xaf)

14m58.611769937s ago: executing program 4 (id=2608):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r0, 0x107, 0x7, 0x0, &(0x7f0000000040))
r1 = openat$dir(0xffffff9c, &(0x7f0000000000)='./bus\x00', 0x6200, 0x1)
move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x8080)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mknod$loop(0x0, 0x2, 0x1)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x77359400}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000001c0)="eafd148b55ff931bacd4004427e888cbd3ab0d93bef24d8abf9404b696674bba84bf7b627d1862dbf29d1d2bdcd9815703fb1961c105", 0x36}, {&(0x7f00000002c0)}, {&(0x7f0000002080)="39753faced86a96a4d04a2536cafa22478587d27cb79e00d1f180d2515e9473001af7e7b9113a6bb5036f2271c959e606521d6c33f9cad7745d2d76011d2e458303c0b30136a2da2ff0e2d2b845b75ceeb4b0b71ba549476913e11e1f1eff4e92060305091f66da78cdf5fa49124af60d0442623d52e6af26418bc6a6bc9e0d2f9c6c14d1d95c9b5614eb2dbf4b0422be2dd63a7b44dec37f2d2e46eb0b0c7093dd1afe75a34914f03abd48df92975d63885032eaed40f7ab3080cb7cf004e3ac8a8c1155f950217676452b56f62018c030ad529b9c9aef6ed5d7a8291c8aed9e3b4508d3ab03da09c859ff7b25c808ea47d7655517448d201346353353b3440a61584d4305c2d2707d582b633f225ab1b363024d5d2eb6944a0af8efa0d4680eb6226c98724734767347e5536d99c1c3fadc0a05497378bcca317a947c30d01968d586b5c72d46f0ab53eb25acda4a26255e4efb68bbe17fa79efc972da545745a2e2dbf3321c2c6a6ef2f95ee40ab7971a5e91e18ee140b3660ca2c465503f95654fb12a073fd2377074beb4331372d4ca69fbf63b8acdafcaf152223d5c4bd2c4e0cf4f7cdae8f413169c2e94dc9fd555962c452b3307eaf4129eb9d03e254d4e4e861d5de9cfdadc7c31122dcaaf1b5aedddbcdb84e33fac66db16d61ae3c5b630367e8b920f14a01ae01485f48fee7f6e832b4ec4633b302d518f996a7cbab8df1e52f72f85123397a69163253255316b84684b0801274cfd6b3efec6d1b8aff522716091806dfa3717d9b49205fb4de03e2b6216106492105845a6f38a739c5e9a8465ebec4042228d840a0aaba5d5c918cf5ebaece0cff811a1b09ede17a101d1755ff60b1c9dcd5c7815ffcdafc3caad55d33f3c44789408e3a5140c661595f0a488493277a68d293863c6b6616c288e4dd77f84a50ed18590998b44afdffa7d6524dd89dbddf576ad980c4897de369a23e4f26c2606f4078c237dfc0006a52822b2d2bfe64998a3c368300e69737124b588504de89747e7fbf3ffc475dca80a738690e532f2885a8b5802fdc1295ee4846ac285e1f90fcb90dc8e32609e66c8b8bc9dc80f0fbe267b0470a201bde78ef36171e28e1eea66a7df9deddb1647ca196a636f667a026dcd3f8bc9dc8ed8aeeb1f567fdee77dc8df878d75ba4cda1aee6803b396038ac3b4c6349808e9f1b00fcc38ed20a39658c8b84bb0c12aaaf975fd85c1c263852c03c75bba1548c5d7a461c93aaccc2bc769be95ea30d58c52d1c91aa770c3cecae17fc254ba27b5ea88dc1316d68e4fd4ed45645c43b9d785012147893ae3c12b53353bee9993ceb108233cd802caa6685102ef51eb79ba29cd40105ddb180053ec97da14175e9787b704f38626f3ec5d0913a8c673b8249b2cf45a87be5c55fb1b0f66d38edfd89f45fd5340b02444aa97e8a3d5c2a1f9ad615f52b798f8963d606c7b6487f7caabf4ebc388bc21ae77f6b929bdf0504404ecdc314cbf0a50fd93728eb948c8f403a69d4da31ccc561843e82351800cc5563a7e2f6b1ff9c8914ed4167cf528cf0668b3cc3ee4c355195d1e42ef50e80843a73e524a20b74a27bbedeba0e22cae12457dffad0ec0cec42bc99914690a6b373735e23735e3e3047cfbc491381014b8b5e8da7f39811b1370d40a36f018c23a4f73c85358f91bd3dff7f10a320cd2a7e3bb0e285832f463dbf114538f9a644411ff2f5875d0261f7d50cf9f14b52710fc0c7c55d56f21e3f901a4412aac4e3b1001366b2cb31c24c0cfc909329c477273ab78ff968fe1e695a65315b2895d3dc323862f1ea59af242a4303bb3f83b1d9154cb79bd8dff2260dd697b6a2d20ed5ec7abaad155c572e027c793316175f98d3c2a19e307f24cf193360496f0d3678a36838095a426e17146e5e57adef14ac1fd0411642fc4586edc06761a5bf187c2067cdb4ea2ead01dcdc144ad3876fca51921e1690b1ef10658dbc7b729f7c87ca8ed6528102d9b04b69375a341b957578db4c01fb2acc38c0a717edd132a0321b89b7082c445d0daa56c121fe2c9d1078761e9f7ee51e48c2aa8b234dc0647a4697dd08bde5ef82a37ab299b557108a5da39dc25a19890dd133b0075a108f9d917b3ed18a4390263bb555e68e097d71823170dfa7c88096a242c0dc209214893ba34b3e358bb351cd095eca8813a6661fffc89f9c40eecf432f51bb56d21085da2b1a692bde0ecba3bf280da01b4d7f2524ed19dbeb2ce8688ee3b4c56fda1eee8c3e87538030d5b5767c5e46e8f1864dd7733a4da4ebec9151ba886748c52a914b49c09fa6d24c5e9418e6ee407e673858e38fdfd1ae18a478bb195f13c62d8d665e1ebb909b2639512248fab2d9d66ca4b09317e287184270713826898f4d686f9d4b9e744fa98a28666a7ad1992b7edf78034d7dea2ef1d94bdfb2825710f5ad281a142160cd178cb8bdfe2ee4bc5a3168b915aa28ac2c34c1533078da93e88126ec009a5148ba2a473108959bde2b396ed6f34b7aad66df246772a1be64ae1776f06165067015b2e5e1a94b10503a1e28de6d8bb9727302324870dc54b659158715a20e38c3cc4d10ad1dc7e1e15daf78716b3a0d9ed5e7c1d2d293cc4d829bd7b85bae2729e4f9120d793c8704d67e85978571f98b4ae6d1a4e41ac533ceb0c95d93fcd9162fa50cfa0c2911ea6748e7129091dcd022e65abbb8ed265ad1f30608dc26ffb0852dabc130bebca9e02f049e8de05fa459a9aa8146313b7d4e94ae1ad585f99b7690c82f273b35af1da975d037e3fb2d79e19a0c29934db9933c945221ea8fc6fb06241f57124cb8a313b3b8dbf341d65ad3f83b4d6aa6af4b2083e9bbef5a7405539ef57ed5ee437f24831216ccd321ffd2182863a8d7a767d2419b2b405924f4380112840fb226eacca6f5e57fadd92aa0d623b20db556e80726e6c45d0e5ced259bf7af9166b269e6d7d12f2b0c19f78c446abd9d65736c9c8102b4fb5049543bde4fec40055e8ef36b8f70dc34c97ca5d542af9dc5c2a811acbb1338c3b69499b169b89a80d523874065ae82bc1c35815053dc1cbefc0581b202e0af5d708f5af3fac6f65c4b7fbf0cd1e4091f583f68d271310add9b262eb6682ecec6052ad5f7f17a47b77954b1defbcfc1629aed31193f67ec65c6ea577a05770a3049c182c8885c97fa861276cc6433dff3243fb62f83332d4fda2f01327f4967298b277d1cf2ee273113440bc3abdc42f7ace4869bb58efe1346b30c70218656765d4a563c92f9fcd44686dfd58f19057f4afe4017b3a4eb20b7c402d6cb17564cc555e35ec45296ca0f9850c03c80fcf92a91ae78dc607a254f3380d2d87b8073c6444ebd5d00596b80bccb73845e3fa8c718789340f19ab4b36605f3cce4874c5a8c62978e8dbffe0fd0d0f00a36dcab36b8c6e232361d40d9eaaaace263e7468869462e7e2bbe0e1cab8e031d4cfe4e2368513dc68e9343ded7576758800b23045151765badc81fa419abc63bda184a10fc0c7adc0c3f7b863a2e1f72e898d7924ffa2b256889c6dd1fd17a1a9753ea63301c3e816572e2dc79187fa89b33808841eb876031efc7300923afb05fa91b7324d20e632419a48fa7f216a921c5de7e4dbca5b2e0b4ad20f038eca8058173f03ee452562647a667731b32076998cc7a51225f6ed5e193c3db77bbb2ce592c97a94e1eac3f094605301c4a7c2beb60fe7e20a3f7b25ecda473c6a2e9a54ea263985c6710f5d7f0c362fe66aec4a754ad0f299b2750b3b19f701cfbd94c925076fb6296499c4316e61707b7b4573529986c54ce81c3acdfbac0c28bdc1d7ff13e04bdb0dc0b91316ab92c80b818ad37a26f36a11a1693e1d2c242d6e834c4d4afaa369425f9738ab7c5b656e974addedebabd6633769d14af0d8a83cdf594b51d13a04df7322785cc6ec1d46ab9f4c479be34170587b1ce629b85fa53a1ba8bcff1245cb87b0f8afd5ebf8bce8f25be36592cc388badb92f94186ede66a9460cbaf56ec1d9f567b97886a4e53b245db3583076caefe20cdc8de4f8f65e76ccd0c2080a5928c15bbb2d50de70519e7e44414b630fcc3701c9a0103c816bf2388457509d632e5c5a570a0e3e839402b9bfcb9d4ef511dca2e87a3488d7fa443e252ed16ed3002716b85a256d8133f8957a65a5a36e8e05652af36d74438a1406fcb46e5313efbf8fc034ba3aaf75c8146358cb20ac1357711ee363ca0def7b164501b027792b4db4757d8c60fcb6f811f510241b521d5e7735b88b5c09db61fe487a59cefac40c7670f49aa6cf7a53c2d1e63321e79a54034215a61ef2158f8283ccae", 0xbfe}, {0x0}], 0x4}}], 0x1, 0x240088d0)
sendto$inet(r5, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)

14m57.824788815s ago: executing program 33 (id=2608):
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r0, 0x107, 0x7, 0x0, &(0x7f0000000040))
r1 = openat$dir(0xffffff9c, &(0x7f0000000000)='./bus\x00', 0x6200, 0x1)
move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x8080)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mknod$loop(0x0, 0x2, 0x1)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000380)={{0x77359400}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8)
sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r5, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000001c0)="eafd148b55ff931bacd4004427e888cbd3ab0d93bef24d8abf9404b696674bba84bf7b627d1862dbf29d1d2bdcd9815703fb1961c105", 0x36}, {&(0x7f00000002c0)}, {&(0x7f0000002080)="39753faced86a96a4d04a2536cafa22478587d27cb79e00d1f180d2515e9473001af7e7b9113a6bb5036f2271c959e606521d6c33f9cad7745d2d76011d2e458303c0b30136a2da2ff0e2d2b845b75ceeb4b0b71ba549476913e11e1f1eff4e92060305091f66da78cdf5fa49124af60d0442623d52e6af26418bc6a6bc9e0d2f9c6c14d1d95c9b5614eb2dbf4b0422be2dd63a7b44dec37f2d2e46eb0b0c7093dd1afe75a34914f03abd48df92975d63885032eaed40f7ab3080cb7cf004e3ac8a8c1155f950217676452b56f62018c030ad529b9c9aef6ed5d7a8291c8aed9e3b4508d3ab03da09c859ff7b25c808ea47d7655517448d201346353353b3440a61584d4305c2d2707d582b633f225ab1b363024d5d2eb6944a0af8efa0d4680eb6226c98724734767347e5536d99c1c3fadc0a05497378bcca317a947c30d01968d586b5c72d46f0ab53eb25acda4a26255e4efb68bbe17fa79efc972da545745a2e2dbf3321c2c6a6ef2f95ee40ab7971a5e91e18ee140b3660ca2c465503f95654fb12a073fd2377074beb4331372d4ca69fbf63b8acdafcaf152223d5c4bd2c4e0cf4f7cdae8f413169c2e94dc9fd555962c452b3307eaf4129eb9d03e254d4e4e861d5de9cfdadc7c31122dcaaf1b5aedddbcdb84e33fac66db16d61ae3c5b630367e8b920f14a01ae01485f48fee7f6e832b4ec4633b302d518f996a7cbab8df1e52f72f85123397a69163253255316b84684b0801274cfd6b3efec6d1b8aff522716091806dfa3717d9b49205fb4de03e2b6216106492105845a6f38a739c5e9a8465ebec4042228d840a0aaba5d5c918cf5ebaece0cff811a1b09ede17a101d1755ff60b1c9dcd5c7815ffcdafc3caad55d33f3c44789408e3a5140c661595f0a488493277a68d293863c6b6616c288e4dd77f84a50ed18590998b44afdffa7d6524dd89dbddf576ad980c4897de369a23e4f26c2606f4078c237dfc0006a52822b2d2bfe64998a3c368300e69737124b588504de89747e7fbf3ffc475dca80a738690e532f2885a8b5802fdc1295ee4846ac285e1f90fcb90dc8e32609e66c8b8bc9dc80f0fbe267b0470a201bde78ef36171e28e1eea66a7df9deddb1647ca196a636f667a026dcd3f8bc9dc8ed8aeeb1f567fdee77dc8df878d75ba4cda1aee6803b396038ac3b4c6349808e9f1b00fcc38ed20a39658c8b84bb0c12aaaf975fd85c1c263852c03c75bba1548c5d7a461c93aaccc2bc769be95ea30d58c52d1c91aa770c3cecae17fc254ba27b5ea88dc1316d68e4fd4ed45645c43b9d785012147893ae3c12b53353bee9993ceb108233cd802caa6685102ef51eb79ba29cd40105ddb180053ec97da14175e9787b704f38626f3ec5d0913a8c673b8249b2cf45a87be5c55fb1b0f66d38edfd89f45fd5340b02444aa97e8a3d5c2a1f9ad615f52b798f8963d606c7b6487f7caabf4ebc388bc21ae77f6b929bdf0504404ecdc314cbf0a50fd93728eb948c8f403a69d4da31ccc561843e82351800cc5563a7e2f6b1ff9c8914ed4167cf528cf0668b3cc3ee4c355195d1e42ef50e80843a73e524a20b74a27bbedeba0e22cae12457dffad0ec0cec42bc99914690a6b373735e23735e3e3047cfbc491381014b8b5e8da7f39811b1370d40a36f018c23a4f73c85358f91bd3dff7f10a320cd2a7e3bb0e285832f463dbf114538f9a644411ff2f5875d0261f7d50cf9f14b52710fc0c7c55d56f21e3f901a4412aac4e3b1001366b2cb31c24c0cfc909329c477273ab78ff968fe1e695a65315b2895d3dc323862f1ea59af242a4303bb3f83b1d9154cb79bd8dff2260dd697b6a2d20ed5ec7abaad155c572e027c793316175f98d3c2a19e307f24cf193360496f0d3678a36838095a426e17146e5e57adef14ac1fd0411642fc4586edc06761a5bf187c2067cdb4ea2ead01dcdc144ad3876fca51921e1690b1ef10658dbc7b729f7c87ca8ed6528102d9b04b69375a341b957578db4c01fb2acc38c0a717edd132a0321b89b7082c445d0daa56c121fe2c9d1078761e9f7ee51e48c2aa8b234dc0647a4697dd08bde5ef82a37ab299b557108a5da39dc25a19890dd133b0075a108f9d917b3ed18a4390263bb555e68e097d71823170dfa7c88096a242c0dc209214893ba34b3e358bb351cd095eca8813a6661fffc89f9c40eecf432f51bb56d21085da2b1a692bde0ecba3bf280da01b4d7f2524ed19dbeb2ce8688ee3b4c56fda1eee8c3e87538030d5b5767c5e46e8f1864dd7733a4da4ebec9151ba886748c52a914b49c09fa6d24c5e9418e6ee407e673858e38fdfd1ae18a478bb195f13c62d8d665e1ebb909b2639512248fab2d9d66ca4b09317e287184270713826898f4d686f9d4b9e744fa98a28666a7ad1992b7edf78034d7dea2ef1d94bdfb2825710f5ad281a142160cd178cb8bdfe2ee4bc5a3168b915aa28ac2c34c1533078da93e88126ec009a5148ba2a473108959bde2b396ed6f34b7aad66df246772a1be64ae1776f06165067015b2e5e1a94b10503a1e28de6d8bb9727302324870dc54b659158715a20e38c3cc4d10ad1dc7e1e15daf78716b3a0d9ed5e7c1d2d293cc4d829bd7b85bae2729e4f9120d793c8704d67e85978571f98b4ae6d1a4e41ac533ceb0c95d93fcd9162fa50cfa0c2911ea6748e7129091dcd022e65abbb8ed265ad1f30608dc26ffb0852dabc130bebca9e02f049e8de05fa459a9aa8146313b7d4e94ae1ad585f99b7690c82f273b35af1da975d037e3fb2d79e19a0c29934db9933c945221ea8fc6fb06241f57124cb8a313b3b8dbf341d65ad3f83b4d6aa6af4b2083e9bbef5a7405539ef57ed5ee437f24831216ccd321ffd2182863a8d7a767d2419b2b405924f4380112840fb226eacca6f5e57fadd92aa0d623b20db556e80726e6c45d0e5ced259bf7af9166b269e6d7d12f2b0c19f78c446abd9d65736c9c8102b4fb5049543bde4fec40055e8ef36b8f70dc34c97ca5d542af9dc5c2a811acbb1338c3b69499b169b89a80d523874065ae82bc1c35815053dc1cbefc0581b202e0af5d708f5af3fac6f65c4b7fbf0cd1e4091f583f68d271310add9b262eb6682ecec6052ad5f7f17a47b77954b1defbcfc1629aed31193f67ec65c6ea577a05770a3049c182c8885c97fa861276cc6433dff3243fb62f83332d4fda2f01327f4967298b277d1cf2ee273113440bc3abdc42f7ace4869bb58efe1346b30c70218656765d4a563c92f9fcd44686dfd58f19057f4afe4017b3a4eb20b7c402d6cb17564cc555e35ec45296ca0f9850c03c80fcf92a91ae78dc607a254f3380d2d87b8073c6444ebd5d00596b80bccb73845e3fa8c718789340f19ab4b36605f3cce4874c5a8c62978e8dbffe0fd0d0f00a36dcab36b8c6e232361d40d9eaaaace263e7468869462e7e2bbe0e1cab8e031d4cfe4e2368513dc68e9343ded7576758800b23045151765badc81fa419abc63bda184a10fc0c7adc0c3f7b863a2e1f72e898d7924ffa2b256889c6dd1fd17a1a9753ea63301c3e816572e2dc79187fa89b33808841eb876031efc7300923afb05fa91b7324d20e632419a48fa7f216a921c5de7e4dbca5b2e0b4ad20f038eca8058173f03ee452562647a667731b32076998cc7a51225f6ed5e193c3db77bbb2ce592c97a94e1eac3f094605301c4a7c2beb60fe7e20a3f7b25ecda473c6a2e9a54ea263985c6710f5d7f0c362fe66aec4a754ad0f299b2750b3b19f701cfbd94c925076fb6296499c4316e61707b7b4573529986c54ce81c3acdfbac0c28bdc1d7ff13e04bdb0dc0b91316ab92c80b818ad37a26f36a11a1693e1d2c242d6e834c4d4afaa369425f9738ab7c5b656e974addedebabd6633769d14af0d8a83cdf594b51d13a04df7322785cc6ec1d46ab9f4c479be34170587b1ce629b85fa53a1ba8bcff1245cb87b0f8afd5ebf8bce8f25be36592cc388badb92f94186ede66a9460cbaf56ec1d9f567b97886a4e53b245db3583076caefe20cdc8de4f8f65e76ccd0c2080a5928c15bbb2d50de70519e7e44414b630fcc3701c9a0103c816bf2388457509d632e5c5a570a0e3e839402b9bfcb9d4ef511dca2e87a3488d7fa443e252ed16ed3002716b85a256d8133f8957a65a5a36e8e05652af36d74438a1406fcb46e5313efbf8fc034ba3aaf75c8146358cb20ac1357711ee363ca0def7b164501b027792b4db4757d8c60fcb6f811f510241b521d5e7735b88b5c09db61fe487a59cefac40c7670f49aa6cf7a53c2d1e63321e79a54034215a61ef2158f8283ccae", 0xbfe}, {0x0}], 0x4}}], 0x1, 0x240088d0)
sendto$inet(r5, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)

14m50.895870735s ago: executing program 1 (id=2635):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x7, 0x48200)
ioctl$MON_IOCQ_URB_LEN(r2, 0x9201)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000780)}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x25, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000009000000000000000400000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001852000000000000000000000000000085100000f7ffffff1831000001000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008520000004000000186500000a000000000000000500000018240000", @ANYRES32, @ANYBLOB="0000000004000000025700020600000018110000", @ANYRES32=0x1, @ANYBLOB="0020f85740710000b70200000000000085000000860000009500000000000000027f0900ca0c0000bf91000000000600b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x9, 0x61, &(0x7f0000000440)=""/97, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x2, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x3, 0x100}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000500)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000540)=[{0x0, 0x3, 0x3, 0xa}, {0x5, 0x3, 0x4, 0x3}, {0x1, 0x2, 0x1, 0xa}, {0x2, 0x2, 0x5, 0xa}, {0x5, 0x2, 0xf, 0x7}, {0x5, 0x4, 0x5}, {0x0, 0x2, 0x7, 0x5}], 0x10, 0x7}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000140)={<r5=>0xffffffffffffffff, 0xf, 0x4, 0xfffffffffffffffe})
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000100)=r5, 0x62)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
socket$packet(0x11, 0x2, 0x300)
socket(0x1000000010, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
r6 = socket(0x2, 0x800, 0x2)
sendmmsg$inet(r6, &(0x7f0000001d80)=[{{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000040)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x1, 0x48000)
r7 = openat$ppp(0xffffffffffffff9c, 0x0, 0x42000, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(r7, 0x40047451, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000680)={[0x1, 0x3b5f, 0x0, 0x3ff, 0x8, 0x8, 0x8, 0x174, 0x1, 0x3, 0xe, 0x4, 0x7, 0x9, 0x6, 0x2], 0x10000, 0x200744})
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, 0x0, 0x0)
unshare(0x42000000)

14m46.744312869s ago: executing program 1 (id=2641):
r0 = socket(0x2, 0x3, 0x2)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
syz_clone(0x810200, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0))
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c0001801419ec606687000300fe8000000000000100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000800000000000000000000aa14000400fe8800000000002fa3000000000000010c0002800500010000000000080007400000000004000680"], 0x98}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0xb4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xb4}}, 0x0)
r6 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00'})
r8 = openat$cgroup_procs(r2, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, 0x0, &(0x7f0000000080)=0xfffffffffffffeae)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r1, 0xffffffffffffffff, 0x0, 0xfffffffffffffea3, &(0x7f0000000400)='cgrou0M\x9e\x9d2\xe6\x1fi\x19\x87&\xe9\xfd<\xfb\xaf{\x1e6\xb7ec\x97\xfc\x8d\x8b\xee\x94\x96\rkh*P\"\x94\xec\xceS9HQ\x9e\xb6\x11\x9c\x81\x9c\xa4\x1a>\xf3_\xed\xc0EA\xf4\x89\x8c$\xad\x9d\x17\xcbB\x83E\xfc\x8e\x0e\x0e\x98\x91L\xae\x060&{\xd3\xdd;YG\x83(\xcd\x1a\xffU\x12\x9ax\x94\xfd|B,\xe0\xc5\xe6M\xb2\xe87\xd4[:\xa3 \xcc\x7f\x00\x00\x00;\xfc\x9c\xc5\xb1\xca\xc7\xf2\xbfPt{\xd5\xfcBmPj\v\xc8\xbd\x13\xfc0\xe7o#\xceC\x8a\xf3\xb8{b\xfd\xb7\x8f\x17\''}, 0x30)
write$cgroup_pid(r8, &(0x7f00000001c0), 0x12)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0)

14m45.096797966s ago: executing program 1 (id=2643):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5d7fe44d5f0272890f24383fe450fb26ea7dcefadfa5e48e3bcf5693d"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000800020100"])
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)
r8 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/fs/binfmt_misc/syz3\x00', 0x2, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r11, 0xffffffffffffffff, 0x0)
ioctl$KVM_GET_PIT(r10, 0xc048ae65, &(0x7f00000000c0))
lseek(r8, 0x4000, 0x4)

14m43.153162098s ago: executing program 1 (id=2649):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
bind$alg(r1, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000007500)=[{{0x0, 0x0, &(0x7f00000022c0)=[{0x0}, {0x0}, {&(0x7f0000001100)=""/76, 0x4c}], 0x3}, 0x3}], 0x1, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r4, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)=""/4096, 0x1000}, 0xbac00000}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r4, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000140)=@req={0x1000, 0x8, 0x2, 0x81}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e23, @multicast1}], 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x5, 0x10000)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0x80045515, &(0x7f0000000040)={0x5})
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x7d0, {0x0, 0x6, "8cb02b", 0x0, 0x2f, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, [@srh={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2}]}}}}}}}, 0x0)

14m41.950631698s ago: executing program 1 (id=2652):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000004280), 0x41, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000042c0)=0x1)
ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000004300)={0x281, 0x1})

14m41.532037969s ago: executing program 1 (id=2653):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0xf0}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x94}}, 0x0)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0xc)
sendmsg$inet(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f00000003c0)="265222779d18a49711c46b6fde2199ce1ed4b60930b27806d92939ee256b16e3ba5e40d663500ac807410533f1cf1177cd57dd9dffafe91c9ae8e37ba864070c4f47a0979f10d566b4a856ac0701d3772752c25a387d0d322196c8796414576a1302c54d7907ad83ca625e4288c19e1dc562f294108b760542be07083b5c94ba4275cbc68db22bcdda68b6552fae54e0406fa141721f78e35fab440c9fdf3f114ae4a225db2ffdfe70b78fe8452622c4dec5173d794e802f910a9c1b34b4c4a013606152d9a43aba284ad00a0877b96cc61e2d7f13a2cbaa345fe75079413bf24d4601692fc42126d84dc64d3941f6dd47c6ca6e41", 0xf5}, {&(0x7f0000000140)="ee3be2683c0e7489e7f9147a4535d0020846a01e0c2ec89d50ba06a4e655a15c0703850462dd0f33144bf119ebf9854c074bb1a68fb8bf1b", 0x38}, {&(0x7f00000004c0)="e206617301fb8891b9a2ade805717f89f6dc34945c770f66f9fe6eed600c8f968337bd32f1831cb04cc506ed525cfb932c9d9df9354838b28a0b6ffd6759c54605dd5c02a59ceb9210efc19623d7740c5b459c78407f2e9f17fbb0d3a339d94016656b5b326208cab5303a2455edaa1c425908300214a9efddb381901de16bc153e7b0d9591a871f7d067b0d5c2d813d9d51d565271675db483cb4e011277a8a7187e6a405f2b9559a604a4f85daeea4a42d7ae31739d371799b29b7daa73c51a07760005ec4ef525175c4efdb87a4b2bc731aba21ca986c1cdad6e4ae5f20", 0xdf}], 0x3}, 0x4040404)
sendmmsg$inet_sctp(r2, 0x0, 0x0, 0x41)
ioctl$EVIOCGPHYS(r2, 0x80404507, &(0x7f0000000080)=""/98)

14m39.961750387s ago: executing program 34 (id=2653):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0xf0}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0xf}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x94}}, 0x0)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0xc)
sendmsg$inet(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000000180)=[{&(0x7f00000003c0)="265222779d18a49711c46b6fde2199ce1ed4b60930b27806d92939ee256b16e3ba5e40d663500ac807410533f1cf1177cd57dd9dffafe91c9ae8e37ba864070c4f47a0979f10d566b4a856ac0701d3772752c25a387d0d322196c8796414576a1302c54d7907ad83ca625e4288c19e1dc562f294108b760542be07083b5c94ba4275cbc68db22bcdda68b6552fae54e0406fa141721f78e35fab440c9fdf3f114ae4a225db2ffdfe70b78fe8452622c4dec5173d794e802f910a9c1b34b4c4a013606152d9a43aba284ad00a0877b96cc61e2d7f13a2cbaa345fe75079413bf24d4601692fc42126d84dc64d3941f6dd47c6ca6e41", 0xf5}, {&(0x7f0000000140)="ee3be2683c0e7489e7f9147a4535d0020846a01e0c2ec89d50ba06a4e655a15c0703850462dd0f33144bf119ebf9854c074bb1a68fb8bf1b", 0x38}, {&(0x7f00000004c0)="e206617301fb8891b9a2ade805717f89f6dc34945c770f66f9fe6eed600c8f968337bd32f1831cb04cc506ed525cfb932c9d9df9354838b28a0b6ffd6759c54605dd5c02a59ceb9210efc19623d7740c5b459c78407f2e9f17fbb0d3a339d94016656b5b326208cab5303a2455edaa1c425908300214a9efddb381901de16bc153e7b0d9591a871f7d067b0d5c2d813d9d51d565271675db483cb4e011277a8a7187e6a405f2b9559a604a4f85daeea4a42d7ae31739d371799b29b7daa73c51a07760005ec4ef525175c4efdb87a4b2bc731aba21ca986c1cdad6e4ae5f20", 0xdf}], 0x3}, 0x4040404)
sendmmsg$inet_sctp(r2, 0x0, 0x0, 0x41)
ioctl$EVIOCGPHYS(r2, 0x80404507, &(0x7f0000000080)=""/98)

5.427472807s ago: executing program 2 (id=5664):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5400000010fb097011000000fcdbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007550700300012800b00010062726964676500002000028005001900820000000500170000000000080014000180c20000000000"], 0x50}, 0x1, 0x0, 0x0, 0x48800}, 0x20008010)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0xff58)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x18, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x9, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f0000001180)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xb, "f6c78ea0"}]}}, 0x0}, 0x0)
syz_usb_ep_write(r5, 0x81, 0x47, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03")
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x1, 0x2, "dd5a"}, 0x0})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000180)="b9da020000b800980000ba000000000f30f30f1ee3c4e235bbf5660f2a9a00000000c4e151d01de21bd66dc7442400fdff0000c744240244ffffffc7442406000000000f011424360f00d8c74424000f000000c744240200700000c7442406000000000f011c24360f78418dc4e251dd5ea3", 0x72}], 0x1, 0x4, &(0x7f0000000300)=[@vmwrite={0x8, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff}, @cr4={0x1, 0x14}], 0x2)

4.654044954s ago: executing program 5 (id=5674):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="14000000020105000000000099f5927313d4"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

4.515164968s ago: executing program 5 (id=5675):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000004c0)={0x0, 0x1d, &(0x7f0000000040)={&(0x7f0000000000)={0x14, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x4000000)

4.119576956s ago: executing program 7 (id=5679):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x4007)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x2, 0x9}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0x1, 0xa, 0x7f, 0x7}, 0x20)

3.885008109s ago: executing program 3 (id=5681):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10)
alarm(0x7fff)

3.694881192s ago: executing program 3 (id=5682):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

3.359064695s ago: executing program 3 (id=5683):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00')
preadv(r3, &(0x7f0000001540)=[{&(0x7f0000000000)=""/100, 0x64}, {&(0x7f0000001600)=""/171, 0xab}], 0x2, 0x0, 0x0)

3.32495712s ago: executing program 2 (id=5684):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x86, &(0x7f0000000540)={@broadcast, @random="80cc03df2bac", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x64, 0x0, 0x0, 0x29, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x220, 0x0, 0x0, "bfd8a5dd2002c02142c4391100005efefd7f1a9aa8f6f3a6060ffc0e896f38da", "0b3d22b336984ffb47476e10c3ae64b1", {"bb3b2195c4b058706558a70864bef1f0", "524a72fc660b8cd26e095f24ab642591"}}}}}}}, 0x0)

2.158315302s ago: executing program 2 (id=5689):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000040)=0x101)

2.115808588s ago: executing program 5 (id=5690):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000280), &(0x7f00000006c0)='%pI4   \x00'}, 0x20)
unlink(0x0)

2.026459771s ago: executing program 6 (id=5691):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000480)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7ff, 0x0, 0x2}])
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x3f)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000036000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x49, &(0x7f00000000c0)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9120008c}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.996614549s ago: executing program 2 (id=5692):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
setgid(0x0)

1.985257803s ago: executing program 5 (id=5693):
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r0, 0x0, 0x24000004)
r6 = getpid()
syz_pidfd_open(r6, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)

1.814739504s ago: executing program 2 (id=5694):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x170)
fgetxattr(r3, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

1.682695862s ago: executing program 7 (id=5695):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000003c0)={0x5, {{0xa, 0x0, 0x0, @mcast1, 0x1000}}, 0x1}, 0x90)

1.604583451s ago: executing program 6 (id=5696):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

1.580090072s ago: executing program 7 (id=5697):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000021c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

1.431800503s ago: executing program 7 (id=5698):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x2, 0x0, 0x0, 0x4, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000880)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
syz_pidfd_open(r1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r3, @ANYRES16=r0], 0x0)

1.345618478s ago: executing program 3 (id=5699):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
setresuid(0x0, 0x0, 0x0)

1.299999966s ago: executing program 6 (id=5700):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

1.173651603s ago: executing program 6 (id=5701):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xe, @local, 0x7}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x10)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000002c0)={&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1, 0x0}, &(0x7f00000000c0)=0x40)

1.076470956s ago: executing program 3 (id=5702):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xa0b41, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000600), 0x280b40, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd63"], 0xfdef)

972.960356ms ago: executing program 6 (id=5703):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{}, 'syz1\x00', 0x10})
ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x51)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$evdev(&(0x7f0000000340), 0x3f, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000180)={0x51, 0xfffe, 0x0, {0x7}, {0x0, 0x800}, @period={0x5a, 0x3, 0x5, 0x0, 0x6, {0x76d, 0x9, 0x0, 0x7}, 0x0, 0x0}})

892.68579ms ago: executing program 3 (id=5704):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket(0x1e, 0x4, 0x0)

802.923062ms ago: executing program 2 (id=5705):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)

749.717677ms ago: executing program 6 (id=5706):
socket$packet(0x11, 0x3, 0x300)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @multicast2}}}})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @empty}}}})
io_submit(0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e21, 0x2, @empty, 0x4}, 0x1c)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0x103}, 0x1c)
r4 = fcntl$dupfd(r3, 0x406, r3)
read$FUSE(r4, &(0x7f0000004500)={0x2020}, 0x2020)
write$FUSE_INIT(r4, 0x0, 0x0)

395.35011ms ago: executing program 7 (id=5707):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0)

321.477893ms ago: executing program 5 (id=5708):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000004c0)='kmem_cache_free\x00', r3}, 0x18)
syz_emit_ethernet(0x0, 0x0, 0x0)
write$cgroup_devices(r0, &(0x7f0000000340)=ANY=[], 0xa)

210.58593ms ago: executing program 7 (id=5709):
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x88)
pipe2$9p(&(0x7f00000000c0), 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x94)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r4, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x8000004)

0s ago: executing program 5 (id=5710):
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068)

kernel console output (not intermixed with test programs):

21896][T27893]  _copy_from_user+0x2d/0xb0
[ 1749.521908][T27893]  move_addr_to_kernel+0x7e/0x160
[ 1749.521922][T27893]  get_compat_msghdr+0x3bd/0x4a0
[ 1749.521942][T27893]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1749.521963][T27893]  ___sys_sendmsg+0x193/0x2a0
[ 1749.521975][T27893]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1749.522003][T27893]  ? __fget_files+0x2a/0x420
[ 1749.522011][T27893]  ? __fget_files+0x3a0/0x420
[ 1749.522025][T27893]  __sys_sendmsg+0x164/0x220
[ 1749.522037][T27893]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1749.522055][T27893]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1749.522077][T27893]  __do_fast_syscall_32+0xb6/0x2b0
[ 1749.522093][T27893]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1749.522108][T27893]  do_fast_syscall_32+0x34/0x80
[ 1749.522123][T27893]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1749.522136][T27893] RIP: 0023:0xf706e539
[ 1749.522146][T27893] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1749.522155][T27893] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1749.522166][T27893] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000700
[ 1749.522173][T27893] RDX: 000000000000c851 RSI: 0000000000000000 RDI: 0000000000000000
[ 1749.522180][T27893] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1749.522186][T27893] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1749.522193][T27893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1749.522207][T27893]  </TASK>
[ 1749.887567][T27901] program syz.2.5318 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1749.976149][T27904] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5316'.
[ 1750.195824][    C1] sd 0:0:1:0: [sda] tag#5956 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1750.206474][    C1] sd 0:0:1:0: [sda] tag#5956 CDB: Write(6) 0a 00 00 00 00 00
[ 1751.595665][ T5957] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1751.817488][ T5957] usb 6-1: Using ep0 maxpacket: 8
[ 1751.835179][ T5957] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1751.845199][ T5957] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1751.856050][ T5957] usb 6-1: Product: syz
[ 1751.862469][ T5957] usb 6-1: Manufacturer: syz
[ 1751.878472][ T5957] usb 6-1: SerialNumber: syz
[ 1751.899300][ T5957] usb 6-1: config 0 descriptor??
[ 1752.175045][ T5957] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1752.206410][T27945] FAULT_INJECTION: forcing a failure.
[ 1752.206410][T27945] name failslab, interval 1, probability 0, space 0, times 0
[ 1752.227027][T27945] CPU: 1 UID: 0 PID: 27945 Comm: syz.3.5332 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1752.227055][T27945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1752.227067][T27945] Call Trace:
[ 1752.227075][T27945]  <TASK>
[ 1752.227084][T27945]  dump_stack_lvl+0x189/0x250
[ 1752.227111][T27945]  ? __pfx____ratelimit+0x10/0x10
[ 1752.227137][T27945]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1752.227159][T27945]  ? __pfx__printk+0x10/0x10
[ 1752.227189][T27945]  ? __pfx___might_resched+0x10/0x10
[ 1752.227211][T27945]  should_fail_ex+0x414/0x560
[ 1752.227238][T27945]  should_failslab+0xa8/0x100
[ 1752.227263][T27945]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1752.227284][T27945]  ? __alloc_skb+0x112/0x2d0
[ 1752.227312][T27945]  __alloc_skb+0x112/0x2d0
[ 1752.227341][T27945]  netlink_sendmsg+0x5c6/0xb30
[ 1752.227376][T27945]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1752.227402][T27945]  ? __import_iovec+0x5d4/0x7f0
[ 1752.227420][T27945]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1752.227448][T27945]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1752.227468][T27945]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1752.227493][T27945]  __sock_sendmsg+0x21c/0x270
[ 1752.227518][T27945]  ____sys_sendmsg+0x505/0x830
[ 1752.227543][T27945]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1752.227576][T27945]  ___sys_sendmsg+0x21f/0x2a0
[ 1752.227597][T27945]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1752.227651][T27945]  ? __fget_files+0x2a/0x420
[ 1752.227667][T27945]  ? __fget_files+0x3a0/0x420
[ 1752.227693][T27945]  __sys_sendmsg+0x164/0x220
[ 1752.227713][T27945]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1752.227748][T27945]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1752.227774][T27945]  __do_fast_syscall_32+0xb6/0x2b0
[ 1752.227799][T27945]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1752.227834][T27945]  do_fast_syscall_32+0x34/0x80
[ 1752.227858][T27945]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1752.227879][T27945] RIP: 0023:0xf70ee539
[ 1752.227896][T27945] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1752.227912][T27945] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1752.227932][T27945] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[ 1752.227946][T27945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1752.227957][T27945] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1752.227968][T27945] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1752.227980][T27945] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1752.228007][T27945]  </TASK>
[ 1752.965937][T25785] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1752.984001][T27959] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5337'.
[ 1753.136338][T25785] usb 4-1: too many configurations: 13, using maximum allowed: 8
[ 1753.146788][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.153490][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.160670][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.167616][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.174174][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.182702][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.190359][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.197893][T25785] usb 4-1: config 0 has no interfaces?
[ 1753.207294][T25785] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1753.217903][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1753.227669][T25785] usb 4-1: Product: syz
[ 1753.232013][T25785] usb 4-1: Manufacturer: syz
[ 1753.237154][T25785] usb 4-1: SerialNumber: syz
[ 1753.250971][T27968] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5340'.
[ 1753.265855][T25785] usb 4-1: config 0 descriptor??
[ 1753.516842][T25785] usb 4-1: USB disconnect, device number 53
[ 1753.847673][ T5957] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1753.860265][ T5957] usb 6-1: USB disconnect, device number 20
[ 1753.966039][T25785] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1754.217097][T25785] usb 4-1: too many configurations: 13, using maximum allowed: 8
[ 1754.224030][T27978] tap0: tun_chr_ioctl cmd 2147767521
[ 1754.230208][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.233935][T27978] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5344'.
[ 1754.239271][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.252040][T27978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1754.261238][T27978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1754.272313][T27978] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5344'.
[ 1754.282581][T27978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1754.293170][T27978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1754.307015][T27978] netlink: 304 bytes leftover after parsing attributes in process `syz.6.5344'.
[ 1754.313610][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.372401][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.410803][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.429368][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.450016][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.460917][T25785] usb 4-1: config 0 has no interfaces?
[ 1754.512692][T25785] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1754.526553][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1754.534726][T25785] usb 4-1: Product: syz
[ 1754.541747][T25785] usb 4-1: Manufacturer: syz
[ 1754.547694][T25785] usb 4-1: SerialNumber: syz
[ 1754.596640][T25785] usb 4-1: config 0 descriptor??
[ 1754.718252][T27986] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5348'.
[ 1754.739372][T27986] netlink: 'syz.5.5348': attribute type 7 has an invalid length.
[ 1754.755525][T27986] netlink: 'syz.5.5348': attribute type 8 has an invalid length.
[ 1754.827277][T27986] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5348'.
[ 1754.848967][   T30] audit: type=1400 audit(1755025144.301:4347): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A2F2F0A023691010203010902 pid=27951 comm="syz.3.5335"
[ 1754.884898][T27990] FAULT_INJECTION: forcing a failure.
[ 1754.884898][T27990] name failslab, interval 1, probability 0, space 0, times 0
[ 1754.965456][T27990] CPU: 1 UID: 0 PID: 27990 Comm: syz.7.5349 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1754.965482][T27990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1754.965493][T27990] Call Trace:
[ 1754.965505][T27990]  <TASK>
[ 1754.965514][T27990]  dump_stack_lvl+0x189/0x250
[ 1754.965541][T27990]  ? __pfx____ratelimit+0x10/0x10
[ 1754.965575][T27990]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1754.965597][T27990]  ? __pfx__printk+0x10/0x10
[ 1754.965624][T27990]  ? __pfx___might_resched+0x10/0x10
[ 1754.965642][T27990]  ? fs_reclaim_acquire+0x7d/0x100
[ 1754.965673][T27990]  should_fail_ex+0x414/0x560
[ 1754.965702][T27990]  should_failslab+0xa8/0x100
[ 1754.965729][T27990]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1754.965752][T27990]  ? io_fgetxattr_prep+0x18f/0x290
[ 1754.965777][T27990]  io_fgetxattr_prep+0x18f/0x290
[ 1754.965801][T27990]  io_submit_sqes+0x8f6/0x1d10
[ 1754.965853][T27990]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1754.965897][T27990]  ? ksys_write+0x1cb/0x250
[ 1754.965922][T27990]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1754.965940][T27990]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1754.965963][T27990]  ? __pfx_vfs_write+0x10/0x10
[ 1754.965986][T27990]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1754.966012][T27990]  ? __fget_files+0x3a0/0x420
[ 1754.966036][T27990]  ? fput+0xa0/0xd0
[ 1754.966055][T27990]  ? ksys_write+0x22a/0x250
[ 1754.966087][T27990]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1754.966122][T27990]  __do_fast_syscall_32+0xb6/0x2b0
[ 1754.966147][T27990]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1754.966175][T27990]  do_fast_syscall_32+0x34/0x80
[ 1754.966199][T27990]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1754.966219][T27990] RIP: 0023:0xf7f06539
[ 1754.966236][T27990] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1754.966250][T27990] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1754.966270][T27990] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000047bc
[ 1754.966283][T27990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1754.966294][T27990] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1754.966305][T27990] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1754.966315][T27990] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1754.966342][T27990]  </TASK>
[ 1755.214520][T27992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1755.225413][T27992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1755.229979][T25785] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1755.382456][T25186] usb 4-1: USB disconnect, device number 54
[ 1755.395493][T25785] usb 6-1: Using ep0 maxpacket: 16
[ 1755.403834][T25785] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1755.413234][T25785] usb 6-1: config 129 has an invalid interface number: 156 but max is 1
[ 1755.425454][T25785] usb 6-1: config 129 contains an unexpected descriptor of type 0x2, skipping
[ 1755.434428][T25785] usb 6-1: config 129 has an invalid descriptor of length 185, skipping remainder of the config
[ 1755.445736][T25785] usb 6-1: config 129 has 1 interface, different from the descriptor's value: 2
[ 1755.454890][T25785] usb 6-1: config 129 has no interface number 0
[ 1755.461628][T25785] usb 6-1: config 129 interface 156 altsetting 210 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1755.475702][T25785] usb 6-1: config 129 interface 156 has no altsetting 0
[ 1755.505864][T25785] usb 6-1: New USB device found, idVendor=0408, idProduct=4030, bcdDevice=31.80
[ 1755.515041][T25785] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1755.535249][T25785] usb 6-1: Product: syz
[ 1755.544381][T25785] usb 6-1: Manufacturer: syz
[ 1755.555715][T25785] usb 6-1: SerialNumber: syz
[ 1755.720880][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5352'.
[ 1755.789026][T25785] usb 6-1: Found UVC 8.00 device syz (0408:4030)
[ 1755.795902][T25785] usb 6-1: No valid video chain found.
[ 1755.805720][T25785] usb 6-1: USB disconnect, device number 21
[ 1759.026600][T28046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1759.043092][T28046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1759.064553][T28046] FAULT_INJECTION: forcing a failure.
[ 1759.064553][T28046] name failslab, interval 1, probability 0, space 0, times 0
[ 1759.078219][T28046] CPU: 1 UID: 0 PID: 28046 Comm: syz.6.5363 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1759.078245][T28046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1759.078256][T28046] Call Trace:
[ 1759.078263][T28046]  <TASK>
[ 1759.078271][T28046]  dump_stack_lvl+0x189/0x250
[ 1759.078296][T28046]  ? __pfx____ratelimit+0x10/0x10
[ 1759.078320][T28046]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1759.078341][T28046]  ? __pfx__printk+0x10/0x10
[ 1759.078370][T28046]  ? __pfx___might_resched+0x10/0x10
[ 1759.078386][T28046]  ? fs_reclaim_acquire+0x7d/0x100
[ 1759.078415][T28046]  should_fail_ex+0x414/0x560
[ 1759.078443][T28046]  should_failslab+0xa8/0x100
[ 1759.078467][T28046]  __kmalloc_noprof+0xcb/0x4f0
[ 1759.078488][T28046]  ? kfree+0x4d/0x440
[ 1759.078506][T28046]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1759.078531][T28046]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1759.078551][T28046]  ? tomoyo_domain+0xd9/0x130
[ 1759.078575][T28046]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1759.078598][T28046]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1759.078622][T28046]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1759.078660][T28046]  ? __lock_acquire+0xab9/0xd20
[ 1759.078704][T28046]  ? __fget_files+0x2a/0x420
[ 1759.078723][T28046]  ? __fget_files+0x3a0/0x420
[ 1759.078737][T28046]  ? __fget_files+0x2a/0x420
[ 1759.078755][T28046]  security_file_ioctl_compat+0xcb/0x2d0
[ 1759.078778][T28046]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1759.078802][T28046]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1759.078822][T28046]  ? __fget_files+0x3a0/0x420
[ 1759.078844][T28046]  ? fput+0xa0/0xd0
[ 1759.078861][T28046]  ? ksys_write+0x22a/0x250
[ 1759.078891][T28046]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1759.078917][T28046]  __do_fast_syscall_32+0xb6/0x2b0
[ 1759.078941][T28046]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1759.078979][T28046]  do_fast_syscall_32+0x34/0x80
[ 1759.079000][T28046]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1759.079020][T28046] RIP: 0023:0xf70fe539
[ 1759.079035][T28046] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1759.079057][T28046] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1759.079076][T28046] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 0000000080084504
[ 1759.079089][T28046] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[ 1759.079100][T28046] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1759.079109][T28046] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1759.079119][T28046] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1759.079141][T28046]  </TASK>
[ 1759.079150][T28046] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1759.090755][T25186] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1759.525851][T25186] usb 4-1: Using ep0 maxpacket: 16
[ 1759.541050][T25186] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1759.549837][T25186] usb 4-1: config 0 has no interface number 0
[ 1759.556461][T25186] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 208, changing to 11
[ 1759.612511][T25186] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 25296, setting to 1024
[ 1759.630401][T25186] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1759.639930][T25186] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1759.659639][T25186] usb 4-1: Product: syz
[ 1759.665538][T25186] usb 4-1: SerialNumber: syz
[ 1759.694106][T25186] usb 4-1: config 0 descriptor??
[ 1759.712109][T25186] cm109 4-1:0.8: invalid payload size 1024, expected 4
[ 1759.725717][ T5957] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1759.731114][T25186] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input58
[ 1759.885749][ T5957] usb 6-1: Using ep0 maxpacket: 32
[ 1759.900637][ T5957] usb 6-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1759.912185][ T5957] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1759.919770][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.922671][ T5957] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1759.927182][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.945512][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.952745][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.960098][ T5957] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1759.960510][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.976566][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.984085][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.991299][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1759.998457][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1760.005626][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1760.017483][T25186] usb 4-1: USB disconnect, device number 55
[ 1760.023686][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1760.023847][ T5957] usb 6-1: config 0 descriptor??
[ 1760.048303][T25186] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1760.303867][T28053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5366'.
[ 1760.903757][ T5957] corsair-cpro 0003:1B1C:0C10.0021: unknown main item tag 0x0
[ 1760.914674][ T5957] corsair-cpro 0003:1B1C:0C10.0021: unknown main item tag 0x0
[ 1760.923184][ T5957] corsair-cpro 0003:1B1C:0C10.0021: unknown main item tag 0x0
[ 1760.932658][ T5957] corsair-cpro 0003:1B1C:0C10.0021: unknown main item tag 0x0
[ 1760.952522][T28061] netlink: 196 bytes leftover after parsing attributes in process `syz.3.5367'.
[ 1760.973667][T28061] netlink: 'syz.3.5367': attribute type 8 has an invalid length.
[ 1761.071320][ T5957] corsair-cpro 0003:1B1C:0C10.0021: unknown main item tag 0x0
[ 1761.080510][T28060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1761.090159][T28060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1761.103182][ T5957] corsair-cpro 0003:1B1C:0C10.0021: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.5-1/input0
[ 1761.381044][T28066] FAULT_INJECTION: forcing a failure.
[ 1761.381044][T28066] name failslab, interval 1, probability 0, space 0, times 0
[ 1761.399232][T28067] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5368'.
[ 1761.411755][T28066] CPU: 0 UID: 0 PID: 28066 Comm: syz.6.5369 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1761.411785][T28066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1761.411796][T28066] Call Trace:
[ 1761.411805][T28066]  <TASK>
[ 1761.411815][T28066]  dump_stack_lvl+0x189/0x250
[ 1761.411841][T28066]  ? __pfx____ratelimit+0x10/0x10
[ 1761.411864][T28066]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1761.411885][T28066]  ? __pfx__printk+0x10/0x10
[ 1761.411919][T28066]  ? __pfx___might_resched+0x10/0x10
[ 1761.411949][T28066]  should_fail_ex+0x414/0x560
[ 1761.412043][T28066]  should_failslab+0xa8/0x100
[ 1761.412074][T28066]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1761.412098][T28066]  ? __alloc_skb+0x112/0x2d0
[ 1761.412136][T28066]  __alloc_skb+0x112/0x2d0
[ 1761.412165][T28066]  netlink_sendmsg+0x5c6/0xb30
[ 1761.412200][T28066]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1761.412227][T28066]  ? __import_iovec+0x5d4/0x7f0
[ 1761.412247][T28066]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1761.412275][T28066]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1761.412297][T28066]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1761.412322][T28066]  __sock_sendmsg+0x21c/0x270
[ 1761.412351][T28066]  ____sys_sendmsg+0x505/0x830
[ 1761.412377][T28066]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1761.412415][T28066]  ___sys_sendmsg+0x21f/0x2a0
[ 1761.412434][T28066]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1761.412482][T28066]  ? __fget_files+0x2a/0x420
[ 1761.412498][T28066]  ? __fget_files+0x3a0/0x420
[ 1761.412521][T28066]  __sys_sendmsg+0x164/0x220
[ 1761.412538][T28066]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1761.412570][T28066]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1761.412596][T28066]  __do_fast_syscall_32+0xb6/0x2b0
[ 1761.412621][T28066]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1761.412647][T28066]  do_fast_syscall_32+0x34/0x80
[ 1761.412673][T28066]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1761.412768][T28066] RIP: 0023:0xf70fe539
[ 1761.412855][T28066] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1761.412872][T28066] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1761.412893][T28066] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000008000c2c0
[ 1761.412906][T28066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1761.412915][T28066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1761.412923][T28066] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1761.412932][T28066] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1761.412955][T28066]  </TASK>
[ 1761.683622][ T5957] corsair-cpro 0003:1B1C:0C10.0021: probe with driver corsair-cpro failed with error -110
[ 1761.707125][ T5957] usb 6-1: USB disconnect, device number 22
[ 1761.940672][T28070] FAULT_INJECTION: forcing a failure.
[ 1761.940672][T28070] name failslab, interval 1, probability 0, space 0, times 0
[ 1761.955082][T28070] CPU: 0 UID: 0 PID: 28070 Comm: syz.2.5370 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1761.955107][T28070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1761.955118][T28070] Call Trace:
[ 1761.955126][T28070]  <TASK>
[ 1761.955135][T28070]  dump_stack_lvl+0x189/0x250
[ 1761.955158][T28070]  ? __pfx____ratelimit+0x10/0x10
[ 1761.955177][T28070]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1761.955194][T28070]  ? __pfx__printk+0x10/0x10
[ 1761.955217][T28070]  ? __pfx___might_resched+0x10/0x10
[ 1761.955235][T28070]  should_fail_ex+0x414/0x560
[ 1761.955257][T28070]  should_failslab+0xa8/0x100
[ 1761.955279][T28070]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1761.955298][T28070]  ? __alloc_skb+0x112/0x2d0
[ 1761.955326][T28070]  __alloc_skb+0x112/0x2d0
[ 1761.955351][T28070]  netlink_sendmsg+0x5c6/0xb30
[ 1761.955383][T28070]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1761.955408][T28070]  ? __import_iovec+0x5d4/0x7f0
[ 1761.955426][T28070]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1761.955468][T28070]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1761.955488][T28070]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1761.955513][T28070]  __sock_sendmsg+0x21c/0x270
[ 1761.955537][T28070]  ____sys_sendmsg+0x505/0x830
[ 1761.955560][T28070]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1761.955590][T28070]  ___sys_sendmsg+0x21f/0x2a0
[ 1761.955608][T28070]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1761.955650][T28070]  ? __fget_files+0x2a/0x420
[ 1761.955662][T28070]  ? __fget_files+0x3a0/0x420
[ 1761.955682][T28070]  __sys_sendmsg+0x164/0x220
[ 1761.955697][T28070]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1761.955730][T28070]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1761.955751][T28070]  __do_fast_syscall_32+0xb6/0x2b0
[ 1761.955772][T28070]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1761.955792][T28070]  do_fast_syscall_32+0x34/0x80
[ 1761.955811][T28070]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1761.955829][T28070] RIP: 0023:0xf706e539
[ 1761.955842][T28070] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1761.955860][T28070] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1761.955876][T28070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[ 1761.955886][T28070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1761.955895][T28070] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1761.955903][T28070] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1761.955912][T28070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1761.955932][T28070]  </TASK>
[ 1762.241881][T28071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1762.275976][T28073] FAULT_INJECTION: forcing a failure.
[ 1762.275976][T28073] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1762.277999][T28071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1762.303625][T28073] CPU: 1 UID: 0 PID: 28073 Comm: syz.3.5372 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1762.303653][T28073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1762.303665][T28073] Call Trace:
[ 1762.303673][T28073]  <TASK>
[ 1762.303681][T28073]  dump_stack_lvl+0x189/0x250
[ 1762.303706][T28073]  ? __pfx____ratelimit+0x10/0x10
[ 1762.303730][T28073]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1762.303750][T28073]  ? __pfx__printk+0x10/0x10
[ 1762.303774][T28073]  ? __might_fault+0xb0/0x130
[ 1762.303807][T28073]  should_fail_ex+0x414/0x560
[ 1762.303833][T28073]  _copy_from_iter+0x1db/0x16f0
[ 1762.303861][T28073]  ? policy_nodemask+0x27c/0x720
[ 1762.303882][T28073]  ? __pfx__copy_from_iter+0x10/0x10
[ 1762.303905][T28073]  ? set_page_refcounted+0xa0/0x1e0
[ 1762.303929][T28073]  ? page_copy_sane+0x4e/0x280
[ 1762.303947][T28073]  copy_page_from_iter+0xdd/0x170
[ 1762.303969][T28073]  tun_get_user+0x1d7b/0x3e20
[ 1762.303994][T28073]  ? tun_get_user+0x6f6/0x3e20
[ 1762.304018][T28073]  ? aa_file_perm+0x44d/0x1550
[ 1762.304036][T28073]  ? __pfx_tun_get_user+0x10/0x10
[ 1762.304052][T28073]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1762.304084][T28073]  ? __lock_acquire+0xab9/0xd20
[ 1762.304113][T28073]  ? ref_tracker_alloc+0x318/0x460
[ 1762.304134][T28073]  ? __lock_acquire+0xab9/0xd20
[ 1762.304159][T28073]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1762.304187][T28073]  ? tun_get+0x1c/0x2f0
[ 1762.304208][T28073]  ? tun_get+0x1c/0x2f0
[ 1762.304224][T28073]  ? tun_get+0x1c/0x2f0
[ 1762.304244][T28073]  tun_chr_write_iter+0x113/0x200
[ 1762.304271][T28073]  vfs_write+0x5c6/0xb30
[ 1762.304298][T28073]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1762.304324][T28073]  ? __pfx_vfs_write+0x10/0x10
[ 1762.304355][T28073]  ? __fget_files+0x2a/0x420
[ 1762.304380][T28073]  ksys_write+0x145/0x250
[ 1762.304404][T28073]  ? __pfx_ksys_write+0x10/0x10
[ 1762.304429][T28073]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1762.304455][T28073]  __do_fast_syscall_32+0xb6/0x2b0
[ 1762.304480][T28073]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1762.304505][T28073]  do_fast_syscall_32+0x34/0x80
[ 1762.304529][T28073]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1762.304550][T28073] RIP: 0023:0xf70ee539
[ 1762.304566][T28073] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1762.304588][T28073] RSP: 002b:00000000f54de520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1762.304607][T28073] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000440
[ 1762.304619][T28073] RDX: 00000000000003b6 RSI: 00000000f7454ff4 RDI: 0000000000000000
[ 1762.304630][T28073] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1762.304641][T28073] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1762.304652][T28073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1762.304677][T28073]  </TASK>
[ 1762.777105][T28092] netlink: 92 bytes leftover after parsing attributes in process `syz.3.5375'.
[ 1762.787258][T28092] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5375'.
[ 1763.111998][T28103] netlink: 'syz.3.5379': attribute type 1 has an invalid length.
[ 1763.121634][T28103] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.5379'.
[ 1763.194699][T28104] fuse: root generation should be zero
[ 1763.575577][ T5957] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1763.725557][ T5957] usb 3-1: device descriptor read/64, error -71
[ 1764.025561][ T5957] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1764.372301][ T5957] usb 3-1: device descriptor read/64, error -71
[ 1764.458580][T28128] FAULT_INJECTION: forcing a failure.
[ 1764.458580][T28128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1764.493030][T28128] CPU: 0 UID: 0 PID: 28128 Comm: syz.3.5384 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1764.493052][T28128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1764.493060][T28128] Call Trace:
[ 1764.493065][T28128]  <TASK>
[ 1764.493071][T28128]  dump_stack_lvl+0x189/0x250
[ 1764.493088][T28128]  ? __pfx____ratelimit+0x10/0x10
[ 1764.493103][T28128]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1764.493115][T28128]  ? __pfx__printk+0x10/0x10
[ 1764.493135][T28128]  should_fail_ex+0x414/0x560
[ 1764.493152][T28128]  _copy_to_user+0x31/0xb0
[ 1764.493170][T28128]  simple_read_from_buffer+0xe1/0x170
[ 1764.493188][T28128]  proc_fail_nth_read+0x1b3/0x220
[ 1764.493202][T28128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1764.493215][T28128]  ? rw_verify_area+0x2a6/0x4d0
[ 1764.493228][T28128]  ? __lock_acquire+0xab9/0xd20
[ 1764.493242][T28128]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1764.493254][T28128]  vfs_read+0x200/0xa30
[ 1764.493266][T28128]  ? fdget_pos+0x247/0x320
[ 1764.493277][T28128]  ? __pfx___mutex_lock+0x10/0x10
[ 1764.493292][T28128]  ? __pfx_vfs_read+0x10/0x10
[ 1764.493306][T28128]  ? __fget_files+0x2a/0x420
[ 1764.493318][T28128]  ? __fget_files+0x3a0/0x420
[ 1764.493326][T28128]  ? __fget_files+0x2a/0x420
[ 1764.493340][T28128]  ksys_read+0x145/0x250
[ 1764.493356][T28128]  ? __pfx_ksys_read+0x10/0x10
[ 1764.493371][T28128]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1764.493387][T28128]  __do_fast_syscall_32+0xb6/0x2b0
[ 1764.493402][T28128]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1764.493422][T28128]  do_fast_syscall_32+0x34/0x80
[ 1764.493436][T28128]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1764.493449][T28128] RIP: 0023:0xf70ee539
[ 1764.493459][T28128] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1764.493468][T28128] RSP: 002b:00000000f54de590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1764.493480][T28128] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54de620
[ 1764.493487][T28128] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[ 1764.493493][T28128] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1764.493499][T28128] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1764.493505][T28128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1764.493520][T28128]  </TASK>
[ 1764.496298][ T5957] usb usb3-port1: attempt power cycle
[ 1764.993931][T28131] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1765.034912][T28124] tipc: Resetting bearer <eth:syzkaller0>
[ 1765.405680][ T5957] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1765.466809][ T5957] usb 3-1: device descriptor read/8, error -71
[ 1765.526451][T28123] tipc: Disabling bearer <eth:syzkaller0>
[ 1765.715483][ T5957] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1765.735985][ T5957] usb 3-1: device descriptor read/8, error -71
[ 1766.384218][ T5957] usb usb3-port1: unable to enumerate USB device
[ 1767.399877][T28158] syz.6.5390: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1767.435050][T28158] CPU: 0 UID: 0 PID: 28158 Comm: syz.6.5390 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1767.435088][T28158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1767.435098][T28158] Call Trace:
[ 1767.435106][T28158]  <TASK>
[ 1767.435114][T28158]  dump_stack_lvl+0x189/0x250
[ 1767.435145][T28158]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1767.435167][T28158]  ? __pfx__printk+0x10/0x10
[ 1767.435188][T28158]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1767.435210][T28158]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1767.435234][T28158]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1767.435266][T28158]  warn_alloc+0x214/0x310
[ 1767.435300][T28158]  ? __pfx_warn_alloc+0x10/0x10
[ 1767.435336][T28158]  ? __get_vm_area_node+0x28f/0x300
[ 1767.435358][T28158]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1767.435378][T28158]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1767.435433][T28158]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1767.435464][T28158]  ? __kasan_kmalloc+0x93/0xb0
[ 1767.435491][T28158]  vmalloc_user_noprof+0xad/0xf0
[ 1767.435516][T28158]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1767.435534][T28158]  vb2_vmalloc_alloc+0xef/0x340
[ 1767.435552][T28158]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1767.435571][T28158]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1767.435623][T28158]  vb2_core_reqbufs+0xc31/0x1420
[ 1767.435667][T28158]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1767.435689][T28158]  ? vb2_verify_memory_type+0x1fc/0x570
[ 1767.435717][T28158]  ? vb2_reqbufs+0x3a9/0x630
[ 1767.435749][T28158]  v4l2_m2m_ioctl_reqbufs+0x10d/0x200
[ 1767.435774][T28158]  __video_do_ioctl+0xc98/0xdb0
[ 1767.435801][T28158]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1767.435833][T28158]  video_usercopy+0x86e/0x14f0
[ 1767.435862][T28158]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1767.435879][T28158]  ? __pfx_video_usercopy+0x10/0x10
[ 1767.435916][T28158]  ? __fget_files+0x2a/0x420
[ 1767.435937][T28158]  v4l2_ioctl+0x18a/0x1e0
[ 1767.435966][T28158]  v4l2_compat_ioctl32+0x1d7/0x260
[ 1767.435994][T28158]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1767.436019][T28158]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1767.436048][T28158]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1767.436098][T28158]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1767.436125][T28158]  __do_fast_syscall_32+0xb6/0x2b0
[ 1767.436151][T28158]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1767.436178][T28158]  do_fast_syscall_32+0x34/0x80
[ 1767.436203][T28158]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1767.436225][T28158] RIP: 0023:0xf70fe539
[ 1767.436242][T28158] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1767.436258][T28158] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1767.436278][T28158] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0145608
[ 1767.436292][T28158] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1767.436303][T28158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1767.436314][T28158] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1767.436322][T28158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1767.436343][T28158]  </TASK>
[ 1767.748876][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1767.781947][T28158] Mem-Info:
[ 1767.785610][T28158] active_anon:7678 inactive_anon:0 isolated_anon:0
[ 1767.785610][T28158]  active_file:24774 inactive_file:4336 isolated_file:0
[ 1767.785610][T28158]  unevictable:768 dirty:583 writeback:0
[ 1767.785610][T28158]  slab_reclaimable:6467 slab_unreclaimable:107645
[ 1767.785610][T28158]  mapped:33657 shmem:1394 pagetables:1803
[ 1767.785610][T28158]  sec_pagetables:0 bounce:0
[ 1767.785610][T28158]  kernel_misc_reclaimable:0
[ 1767.785610][T28158]  free:1302564 free_pcp:11335 free_cma:0
[ 1767.904243][T28158] Node 0 active_anon:30712kB inactive_anon:0kB active_file:99052kB inactive_file:17204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:134384kB dirty:2328kB writeback:0kB shmem:4040kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13308kB pagetables:7180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1767.938285][T28158] Node 1 active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:44kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1767.969967][T28158] Node 0 DMA free:15356kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1768.000000][ T5959] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1768.003462][T28158] lowmem_reserve[]: 0 2497 2499 2499 2499
[ 1768.021365][T28158] Node 0 DMA32 free:1298336kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30772kB inactive_anon:0kB active_file:98900kB inactive_file:15924kB unevictable:1536kB writepending:2328kB present:3129332kB managed:2557484kB mlocked:0kB bounce:0kB free_pcp:37564kB local_pcp:18748kB free_cma:0kB
[ 1768.101884][T25785] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[ 1768.127091][T28158] lowmem_reserve[]: 0 0 1 1 1
[ 1768.132189][T28158] Node 0 Normal free:20kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:140kB inactive_anon:0kB active_file:152kB inactive_file:1280kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:52kB local_pcp:24kB free_cma:0kB
[ 1768.204842][T28158] lowmem_reserve[]: 0 0
[ 1768.205037][ T5959] usb 6-1: New USB device found, idVendor=14cd, idProduct=6116, bcdDevice= 1.60
[ 1768.305804][ T5959] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.338027][T25785] usb 4-1: not running at top speed; connect to a high speed hub
[ 1768.345837][T28158]  0 0 0
[ 1768.352202][T25785] usb 4-1: config 95 has an invalid interface number: 1 but max is 0
[ 1768.361147][T25785] usb 4-1: config 95 has no interface number 0
[ 1768.377444][ T5959] usb 6-1: config 0 descriptor??
[ 1768.401326][T25785] usb 4-1: config 95 interface 1 has no altsetting 0
[ 1768.491900][T28158] Node 1 Normal free:3896544kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:44kB inactive_file:140kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:7528kB local_pcp:3064kB free_cma:0kB
[ 1768.579949][ T5959] ums-cypress 6-1:0.0: USB Mass Storage device detected
[ 1768.588842][T25785] usb 4-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f
[ 1768.624055][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1768.642678][T28158] lowmem_reserve[]: 0 0 0 0 0
[ 1768.718889][T28158] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[ 1768.752418][T28158] Node 0 DMA32: 1134*4kB (ME) 687*8kB (ME) 401*16kB (ME) 393*32kB (ME) 239*64kB (UME) 119*128kB (UME) 53*256kB (UME) 17*512kB (ME) 12*1024kB (M) 2*2048kB (UM) 292*4096kB (M) = 1294240kB
[ 1768.764124][T25785] usb 4-1: Product: syz
[ 1768.812308][T25785] usb 4-1: Manufacturer: syz
[ 1768.833483][T25785] usb 4-1: SerialNumber: syz
[ 1768.835226][ T5959] usb 6-1: USB disconnect, device number 23
[ 1768.875663][T28158] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 1768.891709][T28158] Node 1 Normal: 2*4kB (UM) 6*8kB (UME) 25*16kB (UME) 264*32kB (UME) 122*64kB (UME) 40*128kB (UME) 16*256kB (UME) 2*512kB (UM) 3*1024kB (ME) 2*2048kB (UE) 943*4096kB (M) = 3896648kB
[ 1768.946010][T28158] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1768.968137][T28158] Node 0 hugepages_total=4 hugepages_free=0 hugepages_surp=2 hugepages_size=2048kB
[ 1768.978260][T28158] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1768.999003][T28158] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1769.085593][T28158] 30541 total pagecache pages
[ 1769.110413][T28184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1769.120441][T28184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1769.140219][T28158] 0 pages in swap cache
[ 1769.192856][T28158] Free swap  = 124996kB
[ 1769.211913][T28158] Total swap = 124996kB
[ 1769.247685][T28158] 2097051 pages RAM
[ 1769.272198][T28158] 0 pages HighMem/MovableOnly
[ 1769.325501][T28158] 425654 pages reserved
[ 1769.367573][T28158] 0 pages cma reserved
[ 1771.191409][T28198] fuse: Bad value for 'group_id'
[ 1771.231495][T28198] fuse: Bad value for 'group_id'
[ 1771.435990][T28203] FAULT_INJECTION: forcing a failure.
[ 1771.435990][T28203] name failslab, interval 1, probability 0, space 0, times 0
[ 1771.522141][T28203] CPU: 1 UID: 0 PID: 28203 Comm: syz.2.5402 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1771.522169][T28203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1771.522185][T28203] Call Trace:
[ 1771.522192][T28203]  <TASK>
[ 1771.522201][T28203]  dump_stack_lvl+0x189/0x250
[ 1771.522230][T28203]  ? __pfx____ratelimit+0x10/0x10
[ 1771.522253][T28203]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1771.522275][T28203]  ? __pfx__printk+0x10/0x10
[ 1771.522302][T28203]  ? __pfx___might_resched+0x10/0x10
[ 1771.522320][T28203]  ? fs_reclaim_acquire+0x7d/0x100
[ 1771.522351][T28203]  should_fail_ex+0x414/0x560
[ 1771.522379][T28203]  should_failslab+0xa8/0x100
[ 1771.522406][T28203]  __kmalloc_noprof+0xcb/0x4f0
[ 1771.522428][T28203]  ? tomoyo_encode+0x28b/0x550
[ 1771.522452][T28203]  tomoyo_encode+0x28b/0x550
[ 1771.522476][T28203]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1771.522497][T28203]  ? tomoyo_domain+0xd9/0x130
[ 1771.522521][T28203]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1771.522545][T28203]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1771.522572][T28203]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1771.522614][T28203]  ? __lock_acquire+0xab9/0xd20
[ 1771.522659][T28203]  ? __fget_files+0x2a/0x420
[ 1771.522680][T28203]  ? __fget_files+0x3a0/0x420
[ 1771.522696][T28203]  ? __fget_files+0x2a/0x420
[ 1771.522729][T28203]  security_file_ioctl_compat+0xcb/0x2d0
[ 1771.522755][T28203]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1771.522781][T28203]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1771.522804][T28203]  ? __fget_files+0x3a0/0x420
[ 1771.522827][T28203]  ? fput+0xa0/0xd0
[ 1771.522846][T28203]  ? ksys_write+0x22a/0x250
[ 1771.522878][T28203]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1771.522905][T28203]  __do_fast_syscall_32+0xb6/0x2b0
[ 1771.522930][T28203]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1771.522957][T28203]  do_fast_syscall_32+0x34/0x80
[ 1771.522982][T28203]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1771.523003][T28203] RIP: 0023:0xf706e539
[ 1771.523019][T28203] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1771.523035][T28203] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1771.523055][T28203] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008914
[ 1771.523068][T28203] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[ 1771.523080][T28203] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1771.523091][T28203] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1771.523103][T28203] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1771.523131][T28203]  </TASK>
[ 1771.523222][T28203] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1772.035738][T25785] usb 4-1: USB disconnect, device number 56
[ 1772.102389][T28213] ALSA: mixer_oss: invalid OSS volume ''
[ 1772.118141][T28213] ALSA: mixer_oss: invalid OSS volume ''
[ 1772.384758][ T6944] udevd[6944]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1773.296065][ T5957] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1773.413489][T28239] input: syz0 as /devices/virtual/input/input59
[ 1773.465863][ T5957] usb 3-1: Using ep0 maxpacket: 8
[ 1773.535391][ T5957] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[ 1773.614344][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1773.623424][ T5957] usb 3-1: Product: syz
[ 1773.670305][ T5957] usb 3-1: Manufacturer: syz
[ 1773.676894][ T5957] usb 3-1: SerialNumber: syz
[ 1773.711016][ T5957] usb 3-1: config 0 descriptor??
[ 1773.914915][T28250] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5414'.
[ 1773.945012][ T5957] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1773.961045][   T30] audit: type=1326 audit(1755025163.411:4348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28227 comm="syz.2.5409" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x0
[ 1774.597958][T28254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1774.625897][T28254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1775.069598][T28260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1775.119172][T28260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1775.173418][T28260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1775.217554][T28260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1775.548824][T28260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1775.619213][T28260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1775.711480][T28260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1775.748235][T28260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1776.016820][ T5957] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1776.143397][ T5957] usb 3-1: USB disconnect, device number 30
[ 1776.338862][T28272] FAULT_INJECTION: forcing a failure.
[ 1776.338862][T28272] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.356912][T28272] CPU: 0 UID: 0 PID: 28272 Comm: syz.2.5421 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1776.356942][T28272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1776.356954][T28272] Call Trace:
[ 1776.356961][T28272]  <TASK>
[ 1776.356970][T28272]  dump_stack_lvl+0x189/0x250
[ 1776.356997][T28272]  ? __pfx____ratelimit+0x10/0x10
[ 1776.357021][T28272]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1776.357042][T28272]  ? __pfx__printk+0x10/0x10
[ 1776.357070][T28272]  ? __pfx___might_resched+0x10/0x10
[ 1776.357088][T28272]  ? fs_reclaim_acquire+0x7d/0x100
[ 1776.357119][T28272]  should_fail_ex+0x414/0x560
[ 1776.357148][T28272]  should_failslab+0xa8/0x100
[ 1776.357174][T28272]  __kmalloc_noprof+0xcb/0x4f0
[ 1776.357197][T28272]  ? tomoyo_encode+0x28b/0x550
[ 1776.357220][T28272]  tomoyo_encode+0x28b/0x550
[ 1776.357244][T28272]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1776.357265][T28272]  ? tomoyo_domain+0xd9/0x130
[ 1776.357289][T28272]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1776.357313][T28272]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1776.357340][T28272]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1776.357383][T28272]  ? __lock_acquire+0xab9/0xd20
[ 1776.357428][T28272]  ? __fget_files+0x2a/0x420
[ 1776.357450][T28272]  ? __fget_files+0x3a0/0x420
[ 1776.357465][T28272]  ? __fget_files+0x2a/0x420
[ 1776.357486][T28272]  security_file_ioctl_compat+0xcb/0x2d0
[ 1776.357512][T28272]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1776.357546][T28272]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1776.357569][T28272]  ? __fget_files+0x3a0/0x420
[ 1776.357593][T28272]  ? fput+0xa0/0xd0
[ 1776.357612][T28272]  ? ksys_write+0x22a/0x250
[ 1776.357645][T28272]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.357672][T28272]  __do_fast_syscall_32+0xb6/0x2b0
[ 1776.357698][T28272]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.357725][T28272]  do_fast_syscall_32+0x34/0x80
[ 1776.357750][T28272]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1776.357771][T28272] RIP: 0023:0xf706e539
[ 1776.357796][T28272] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1776.357811][T28272] RSP: 002b:00000000f543d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1776.357832][T28272] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008936
[ 1776.357845][T28272] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1776.357857][T28272] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1776.357869][T28272] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1776.357880][T28272] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1776.357909][T28272]  </TASK>
[ 1776.357931][T28272] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1776.810103][T28276] FAULT_INJECTION: forcing a failure.
[ 1776.810103][T28276] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.823127][T28276] CPU: 0 UID: 0 PID: 28276 Comm: syz.5.5424 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1776.823156][T28276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1776.823167][T28276] Call Trace:
[ 1776.823176][T28276]  <TASK>
[ 1776.823184][T28276]  dump_stack_lvl+0x189/0x250
[ 1776.823211][T28276]  ? __pfx____ratelimit+0x10/0x10
[ 1776.823246][T28276]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1776.823268][T28276]  ? __pfx__printk+0x10/0x10
[ 1776.823296][T28276]  ? __pfx___might_resched+0x10/0x10
[ 1776.823319][T28276]  should_fail_ex+0x414/0x560
[ 1776.823346][T28276]  should_failslab+0xa8/0x100
[ 1776.823373][T28276]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1776.823398][T28276]  ? __alloc_skb+0x112/0x2d0
[ 1776.823426][T28276]  __alloc_skb+0x112/0x2d0
[ 1776.823455][T28276]  netlink_sendmsg+0x5c6/0xb30
[ 1776.823489][T28276]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.823516][T28276]  ? __import_iovec+0x5d4/0x7f0
[ 1776.823535][T28276]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1776.823565][T28276]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1776.823584][T28276]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.823608][T28276]  __sock_sendmsg+0x21c/0x270
[ 1776.823632][T28276]  ____sys_sendmsg+0x505/0x830
[ 1776.823653][T28276]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1776.823685][T28276]  ___sys_sendmsg+0x21f/0x2a0
[ 1776.823705][T28276]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1776.823758][T28276]  ? __fget_files+0x2a/0x420
[ 1776.823774][T28276]  ? __fget_files+0x3a0/0x420
[ 1776.823801][T28276]  __sys_sendmsg+0x164/0x220
[ 1776.823821][T28276]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1776.823855][T28276]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.823883][T28276]  __do_fast_syscall_32+0xb6/0x2b0
[ 1776.823907][T28276]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.823934][T28276]  do_fast_syscall_32+0x34/0x80
[ 1776.823958][T28276]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1776.823979][T28276] RIP: 0023:0xf709e539
[ 1776.823995][T28276] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1776.824011][T28276] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1776.824030][T28276] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1776.824043][T28276] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1776.824054][T28276] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1776.824065][T28276] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1776.824076][T28276] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1776.824104][T28276]  </TASK>
[ 1777.717553][T28295] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[ 1777.916985][T28297] ptrace attach of "./syz-executor exec"[18384] was attempted by "./syz-executor exec"[28297]
[ 1778.449602][T28300] program syz.7.5431 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1778.548299][T28301] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5431'.
[ 1778.665699][    C1] sd 0:0:1:0: [sda] tag#6010 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1778.676429][    C1] sd 0:0:1:0: [sda] tag#6010 CDB: Write(6) 0a 00 00 00 00 00
[ 1778.758560][T28305] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5432'.
[ 1779.311901][T28311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5434'.
[ 1779.322074][T28311] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5434'.
[ 1779.337629][T28313] netlink: 196 bytes leftover after parsing attributes in process `syz.7.5433'.
[ 1779.425750][T28313] netlink: 'syz.7.5433': attribute type 8 has an invalid length.
[ 1779.708742][T25785] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1779.925456][T25785] usb 4-1: Using ep0 maxpacket: 32
[ 1779.940484][T25785] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1780.344830][T25785] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[ 1780.405388][T25785] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[ 1780.449822][T25785] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1780.470548][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1780.491419][T25785] usb 4-1: Product: ؜㬖㲺眓慦
[ 1780.506063][T25785] usb 4-1: Manufacturer: ᥠ㈙邛飊뿪ㄪ㆟咫缃历陸隽野븜䧠뎿을팅ố빒ޯ鰌移䙷㑳桓㻇៵씙֨〱剃넖鬮ࡦ硫祐涐횶胳픱칖㺲㼮ቇƹ뾴뫀웁홿楘俄좳鱟☄䫔큢壱旓市
[ 1780.602525][T25785] usb 4-1: SerialNumber: syz
[ 1782.198494][T25785] cdc_ncm 4-1:1.0: bind() failure
[ 1782.281476][T25785] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1782.305611][T25785] cdc_ncm 4-1:1.1: bind() failure
[ 1782.348798][T25785] usb 4-1: USB disconnect, device number 57
[ 1783.034724][T28365] fuse: Unknown parameter 'rootmode00000000000000000040000'
[ 1783.063472][T28368] netlink: 'syz.6.5450': attribute type 21 has an invalid length.
[ 1783.071642][T28368] netlink: 'syz.6.5450': attribute type 1 has an invalid length.
[ 1783.080097][T28368] netlink: 16098 bytes leftover after parsing attributes in process `syz.6.5450'.
[ 1783.184050][T28370] FAULT_INJECTION: forcing a failure.
[ 1783.184050][T28370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1783.198789][T28370] CPU: 0 UID: 0 PID: 28370 Comm: syz.5.5451 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1783.198817][T28370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1783.198830][T28370] Call Trace:
[ 1783.198839][T28370]  <TASK>
[ 1783.198847][T28370]  dump_stack_lvl+0x189/0x250
[ 1783.198874][T28370]  ? __pfx____ratelimit+0x10/0x10
[ 1783.198899][T28370]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1783.198921][T28370]  ? __pfx__printk+0x10/0x10
[ 1783.198945][T28370]  ? __might_fault+0xb0/0x130
[ 1783.198980][T28370]  should_fail_ex+0x414/0x560
[ 1783.199009][T28370]  _copy_from_user+0x2d/0xb0
[ 1783.199030][T28370]  memdup_user+0x5e/0xd0
[ 1783.199051][T28370]  strndup_user+0x68/0xd0
[ 1783.199069][T28370]  __se_sys_mount+0x9c/0x410
[ 1783.199094][T28370]  ? ksys_write+0x22a/0x250
[ 1783.199117][T28370]  ? __pfx___se_sys_mount+0x10/0x10
[ 1783.199146][T28370]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1783.199168][T28370]  ? __ia32_sys_mount+0x20/0xc0
[ 1783.199195][T28370]  __do_fast_syscall_32+0xb6/0x2b0
[ 1783.199221][T28370]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1783.199248][T28370]  do_fast_syscall_32+0x34/0x80
[ 1783.199278][T28370]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1783.199300][T28370] RIP: 0023:0xf709e539
[ 1783.199317][T28370] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1783.199333][T28370] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[ 1783.199354][T28370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000100
[ 1783.199367][T28370] RDX: 0000000080002100 RSI: 000000000280449c RDI: 0000000080002140
[ 1783.199380][T28370] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1783.199392][T28370] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1783.199404][T28370] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1783.199432][T28370]  </TASK>
[ 1783.588103][T28372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5452'.
[ 1783.816368][T28382] FAULT_INJECTION: forcing a failure.
[ 1783.816368][T28382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1783.863271][T28382] CPU: 1 UID: 0 PID: 28382 Comm: syz.3.5455 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1783.863299][T28382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1783.863310][T28382] Call Trace:
[ 1783.863319][T28382]  <TASK>
[ 1783.863328][T28382]  dump_stack_lvl+0x189/0x250
[ 1783.863355][T28382]  ? __pfx____ratelimit+0x10/0x10
[ 1783.863379][T28382]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1783.863400][T28382]  ? __pfx__printk+0x10/0x10
[ 1783.863424][T28382]  ? __might_fault+0xb0/0x130
[ 1783.863468][T28382]  should_fail_ex+0x414/0x560
[ 1783.863497][T28382]  _copy_from_user+0x2d/0xb0
[ 1783.863518][T28382]  kstrtouint_from_user+0xc4/0x170
[ 1783.863546][T28382]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1783.863588][T28382]  proc_fail_nth_write+0x88/0x200
[ 1783.863610][T28382]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1783.863636][T28382]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1783.863659][T28382]  vfs_write+0x27b/0xb30
[ 1783.863691][T28382]  ? __pfx_vfs_write+0x10/0x10
[ 1783.863715][T28382]  ? __fget_files+0x2a/0x420
[ 1783.863736][T28382]  ? __fget_files+0x3a0/0x420
[ 1783.863751][T28382]  ? __fget_files+0x2a/0x420
[ 1783.863778][T28382]  ksys_write+0x145/0x250
[ 1783.863803][T28382]  ? __pfx_ksys_write+0x10/0x10
[ 1783.863829][T28382]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1783.863856][T28382]  __do_fast_syscall_32+0xb6/0x2b0
[ 1783.863880][T28382]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1783.863906][T28382]  do_fast_syscall_32+0x34/0x80
[ 1783.863929][T28382]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1783.863950][T28382] RIP: 0023:0xf70ee539
[ 1783.863966][T28382] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1783.863981][T28382] RSP: 002b:00000000f54de590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1783.864000][T28382] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54de620
[ 1783.864013][T28382] RDX: 0000000000000001 RSI: 00000000f7454ff4 RDI: 0000000000000000
[ 1783.864028][T28382] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1783.864039][T28382] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1783.864050][T28382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1783.864077][T28382]  </TASK>
[ 1784.170283][T28385] FAULT_INJECTION: forcing a failure.
[ 1784.170283][T28385] name failslab, interval 1, probability 0, space 0, times 0
[ 1784.213098][T28385] CPU: 0 UID: 0 PID: 28385 Comm: syz.6.5456 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1784.213127][T28385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1784.213139][T28385] Call Trace:
[ 1784.213146][T28385]  <TASK>
[ 1784.213155][T28385]  dump_stack_lvl+0x189/0x250
[ 1784.213183][T28385]  ? __pfx____ratelimit+0x10/0x10
[ 1784.213207][T28385]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1784.213237][T28385]  ? __pfx__printk+0x10/0x10
[ 1784.213266][T28385]  ? __pfx___might_resched+0x10/0x10
[ 1784.213289][T28385]  should_fail_ex+0x414/0x560
[ 1784.213317][T28385]  should_failslab+0xa8/0x100
[ 1784.213344][T28385]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1784.213369][T28385]  ? __alloc_skb+0x112/0x2d0
[ 1784.213398][T28385]  __alloc_skb+0x112/0x2d0
[ 1784.213438][T28385]  netlink_sendmsg+0x5c6/0xb30
[ 1784.213473][T28385]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1784.213500][T28385]  ? __import_iovec+0x5d4/0x7f0
[ 1784.213519][T28385]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1784.213547][T28385]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1784.213567][T28385]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1784.213592][T28385]  __sock_sendmsg+0x21c/0x270
[ 1784.213618][T28385]  ____sys_sendmsg+0x505/0x830
[ 1784.213643][T28385]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1784.213675][T28385]  ___sys_sendmsg+0x21f/0x2a0
[ 1784.213696][T28385]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1784.213749][T28385]  ? __fget_files+0x2a/0x420
[ 1784.213765][T28385]  ? __fget_files+0x3a0/0x420
[ 1784.213791][T28385]  __sys_sendmsg+0x164/0x220
[ 1784.213812][T28385]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1784.213846][T28385]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1784.213872][T28385]  __do_fast_syscall_32+0xb6/0x2b0
[ 1784.213897][T28385]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1784.213924][T28385]  do_fast_syscall_32+0x34/0x80
[ 1784.213948][T28385]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1784.213970][T28385] RIP: 0023:0xf70fe539
[ 1784.213987][T28385] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1784.214003][T28385] RSP: 002b:00000000f54ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1784.214023][T28385] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[ 1784.214036][T28385] RDX: 0000000000040840 RSI: 0000000000000000 RDI: 0000000000000000
[ 1784.214047][T28385] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1784.214058][T28385] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1784.214070][T28385] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1784.214100][T28385]  </TASK>
[ 1784.622533][T28391] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5459'.
[ 1784.743314][T28397] tty tty25: ldisc open failed (-12), clearing slot 24
[ 1785.056618][T25186] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1785.309569][T25186] usb 6-1: Using ep0 maxpacket: 32
[ 1785.322306][T25186] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1785.331059][T25186] usb 6-1: config 0 has no interface number 0
[ 1785.356509][T28426] dvmrp0: entered allmulticast mode
[ 1785.459533][T28427] netlink: 'syz.6.5467': attribute type 2 has an invalid length.
[ 1785.584645][T25186] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1785.615602][T25186] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1785.710805][T25186] usb 6-1: Product: syz
[ 1785.955453][T25186] usb 6-1: Manufacturer: syz
[ 1786.180671][T25186] usb 6-1: SerialNumber: syz
[ 1786.226699][T25186] usb 6-1: config 0 descriptor??
[ 1786.233954][T25186] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1786.253660][T25186] usb 6-1: selecting invalid altsetting 1
[ 1786.282128][T25186] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1786.328461][T25186] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1786.386160][T25186] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1786.417128][T25186] usb 6-1: media controller created
[ 1786.629911][T25186] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1786.786282][T25186] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1786.848394][T25186] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1786.859397][T25186] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1787.496501][T25186] usb 6-1: USB disconnect, device number 24
[ 1789.129302][T28468] netlink: 20 bytes leftover after parsing attributes in process `syz.7.5477'.
[ 1789.368535][T28470] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5476'.
[ 1791.068097][T28498] netlink: 'syz.2.5488': attribute type 29 has an invalid length.
[ 1791.118748][T28498] netlink: 'syz.2.5488': attribute type 29 has an invalid length.
[ 1791.137164][T28500] FAULT_INJECTION: forcing a failure.
[ 1791.137164][T28500] name failslab, interval 1, probability 0, space 0, times 0
[ 1791.172713][T28500] CPU: 1 UID: 0 PID: 28500 Comm: syz.3.5487 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1791.172741][T28500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1791.172752][T28500] Call Trace:
[ 1791.172761][T28500]  <TASK>
[ 1791.172770][T28500]  dump_stack_lvl+0x189/0x250
[ 1791.172797][T28500]  ? __pfx____ratelimit+0x10/0x10
[ 1791.172822][T28500]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1791.172843][T28500]  ? __pfx__printk+0x10/0x10
[ 1791.172873][T28500]  ? __pfx___might_resched+0x10/0x10
[ 1791.172895][T28500]  should_fail_ex+0x414/0x560
[ 1791.172923][T28500]  should_failslab+0xa8/0x100
[ 1791.172950][T28500]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1791.172974][T28500]  ? __alloc_skb+0x112/0x2d0
[ 1791.173016][T28500]  __alloc_skb+0x112/0x2d0
[ 1791.173045][T28500]  netlink_sendmsg+0x5c6/0xb30
[ 1791.173080][T28500]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1791.173107][T28500]  ? __import_iovec+0x5d4/0x7f0
[ 1791.173126][T28500]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1791.173154][T28500]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1791.173174][T28500]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1791.173200][T28500]  __sock_sendmsg+0x21c/0x270
[ 1791.173225][T28500]  ____sys_sendmsg+0x505/0x830
[ 1791.173250][T28500]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1791.173284][T28500]  ___sys_sendmsg+0x21f/0x2a0
[ 1791.173305][T28500]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1791.173358][T28500]  ? __fget_files+0x2a/0x420
[ 1791.173375][T28500]  ? __fget_files+0x3a0/0x420
[ 1791.173401][T28500]  __sys_sendmsg+0x164/0x220
[ 1791.173422][T28500]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1791.173456][T28500]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1791.173484][T28500]  __do_fast_syscall_32+0xb6/0x2b0
[ 1791.173509][T28500]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1791.173536][T28500]  do_fast_syscall_32+0x34/0x80
[ 1791.173561][T28500]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1791.173583][T28500] RIP: 0023:0xf70ee539
[ 1791.173599][T28500] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1791.173615][T28500] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1791.173635][T28500] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000680
[ 1791.173647][T28500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1791.173657][T28500] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1791.173668][T28500] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1791.173679][T28500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1791.173703][T28500]  </TASK>
[ 1791.563764][T28506] program syz.2.5491 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1791.791599][T28509] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5491'.
[ 1791.900141][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.906990][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.913554][    C1] sd 0:0:1:0: [sda] tag#5964 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1791.924057][    C1] sd 0:0:1:0: [sda] tag#5964 CDB: Write(6) 0a 00 00 00 00 00
[ 1791.991696][T25785] usb 4-1: new full-speed USB device number 58 using dummy_hcd
[ 1792.162605][T25785] usb 4-1: config 0 has an invalid descriptor of length 89, skipping remainder of the config
[ 1792.186280][T25785] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[ 1792.296302][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1792.329076][T28520] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5493'.
[ 1792.350493][T25785] usb 4-1: Product: syz
[ 1792.354888][T25785] usb 4-1: Manufacturer: syz
[ 1792.377070][T25785] usb 4-1: SerialNumber: syz
[ 1792.395289][T25785] usb 4-1: config 0 descriptor??
[ 1792.650321][T25785] usb 4-1: bad CDC descriptors
[ 1792.688194][T25785] usb 4-1: unsupported MDLM descriptors
[ 1793.088619][T25785] usb 4-1: USB disconnect, device number 58
[ 1795.118968][T28562] netlink: 72 bytes leftover after parsing attributes in process `syz.2.5501'.
[ 1795.129564][T28562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5501'.
[ 1795.181203][T28562] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5501'.
[ 1795.667155][T28570] netlink: 'syz.6.5508': attribute type 1 has an invalid length.
[ 1795.722428][T28574] FAULT_INJECTION: forcing a failure.
[ 1795.722428][T28574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1795.749311][T28574] CPU: 1 UID: 0 PID: 28574 Comm: syz.5.5509 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1795.749338][T28574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1795.749348][T28574] Call Trace:
[ 1795.749355][T28574]  <TASK>
[ 1795.749363][T28574]  dump_stack_lvl+0x189/0x250
[ 1795.749389][T28574]  ? __pfx____ratelimit+0x10/0x10
[ 1795.749412][T28574]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1795.749432][T28574]  ? __pfx__printk+0x10/0x10
[ 1795.749455][T28574]  ? __might_fault+0xb0/0x130
[ 1795.749488][T28574]  should_fail_ex+0x414/0x560
[ 1795.749516][T28574]  _copy_from_iter+0x1db/0x16f0
[ 1795.749545][T28574]  ? policy_nodemask+0x27c/0x720
[ 1795.749568][T28574]  ? __pfx__copy_from_iter+0x10/0x10
[ 1795.749601][T28574]  ? set_page_refcounted+0xa0/0x1e0
[ 1795.749623][T28574]  ? page_copy_sane+0x4e/0x280
[ 1795.749641][T28574]  copy_page_from_iter+0xdd/0x170
[ 1795.749662][T28574]  tun_get_user+0x1d7b/0x3e20
[ 1795.749686][T28574]  ? tun_get_user+0x6f6/0x3e20
[ 1795.749711][T28574]  ? aa_file_perm+0x44d/0x1550
[ 1795.749728][T28574]  ? __pfx_tun_get_user+0x10/0x10
[ 1795.749742][T28574]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1795.749775][T28574]  ? __lock_acquire+0xab9/0xd20
[ 1795.749802][T28574]  ? ref_tracker_alloc+0x318/0x460
[ 1795.749823][T28574]  ? __lock_acquire+0xab9/0xd20
[ 1795.749848][T28574]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1795.749877][T28574]  ? tun_get+0x1c/0x2f0
[ 1795.749898][T28574]  ? tun_get+0x1c/0x2f0
[ 1795.749914][T28574]  ? tun_get+0x1c/0x2f0
[ 1795.749935][T28574]  tun_chr_write_iter+0x113/0x200
[ 1795.749963][T28574]  vfs_write+0x5c6/0xb30
[ 1795.749989][T28574]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1795.750013][T28574]  ? __pfx_vfs_write+0x10/0x10
[ 1795.750043][T28574]  ? __fget_files+0x2a/0x420
[ 1795.750067][T28574]  ksys_write+0x145/0x250
[ 1795.750092][T28574]  ? __pfx_ksys_write+0x10/0x10
[ 1795.750116][T28574]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1795.750142][T28574]  __do_fast_syscall_32+0xb6/0x2b0
[ 1795.750167][T28574]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1795.750193][T28574]  do_fast_syscall_32+0x34/0x80
[ 1795.750218][T28574]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1795.750240][T28574] RIP: 0023:0xf709e539
[ 1795.750257][T28574] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1795.750273][T28574] RSP: 002b:00000000f548e520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1795.750293][T28574] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000140
[ 1795.750306][T28574] RDX: 000000000000003e RSI: 00000000f7404ff4 RDI: 0000000000000000
[ 1795.750319][T28574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1795.750330][T28574] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1795.750341][T28574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1795.750367][T28574]  </TASK>
[ 1796.537828][  T979] usb 7-1: USB disconnect, device number 45
[ 1797.326284][T28591] FAULT_INJECTION: forcing a failure.
[ 1797.326284][T28591] name failslab, interval 1, probability 0, space 0, times 0
[ 1797.393126][T28591] CPU: 0 UID: 0 PID: 28591 Comm: syz.2.5513 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1797.393154][T28591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1797.393166][T28591] Call Trace:
[ 1797.393173][T28591]  <TASK>
[ 1797.393182][T28591]  dump_stack_lvl+0x189/0x250
[ 1797.393215][T28591]  ? __pfx____ratelimit+0x10/0x10
[ 1797.393240][T28591]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1797.393260][T28591]  ? __pfx__printk+0x10/0x10
[ 1797.393289][T28591]  ? __pfx___might_resched+0x10/0x10
[ 1797.393311][T28591]  should_fail_ex+0x414/0x560
[ 1797.393338][T28591]  should_failslab+0xa8/0x100
[ 1797.393364][T28591]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1797.393388][T28591]  ? __alloc_skb+0x112/0x2d0
[ 1797.393417][T28591]  __alloc_skb+0x112/0x2d0
[ 1797.393444][T28591]  netlink_sendmsg+0x5c6/0xb30
[ 1797.393478][T28591]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1797.393503][T28591]  ? __import_iovec+0x5d4/0x7f0
[ 1797.393521][T28591]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1797.393546][T28591]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1797.393564][T28591]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1797.393585][T28591]  __sock_sendmsg+0x21c/0x270
[ 1797.393609][T28591]  ____sys_sendmsg+0x505/0x830
[ 1797.393633][T28591]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1797.393667][T28591]  ___sys_sendmsg+0x21f/0x2a0
[ 1797.393686][T28591]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1797.393737][T28591]  ? __fget_files+0x2a/0x420
[ 1797.393754][T28591]  ? __fget_files+0x3a0/0x420
[ 1797.393779][T28591]  __sys_sendmsg+0x164/0x220
[ 1797.393798][T28591]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1797.393828][T28591]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1797.393853][T28591]  __do_fast_syscall_32+0xb6/0x2b0
[ 1797.393878][T28591]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1797.393902][T28591]  do_fast_syscall_32+0x34/0x80
[ 1797.393925][T28591]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1797.393944][T28591] RIP: 0023:0xf706e539
[ 1797.393960][T28591] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1797.393975][T28591] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1797.393995][T28591] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[ 1797.394007][T28591] RDX: 0000000024054000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1797.394018][T28591] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1797.394029][T28591] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1797.394040][T28591] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1797.394066][T28591]  </TASK>
[ 1797.916853][T28597] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1797.929417][T28597] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1797.949175][T28597] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1797.989685][T28597] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1798.001630][T28597] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1798.376373][T28607] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5514'.
[ 1798.422943][T28607] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5514'.
[ 1798.504602][T28607] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5514'.
[ 1798.580914][   T49] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1799.282238][   T49] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1799.454951][T28621] usb usb8: usbfs: process 28621 (syz.7.5520) did not claim interface 0 before use
[ 1799.543002][   T49] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1799.667525][T28625] netlink: 21 bytes leftover after parsing attributes in process `syz.7.5523'.
[ 1799.682512][   T49] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1799.845553][T25785] usb 4-1: new full-speed USB device number 59 using dummy_hcd
[ 1800.010706][T25785] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1800.035437][T25785] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1800.057371][T11379] Bluetooth: hci3: command tx timeout
[ 1800.074983][T25785] usb 4-1: Product: syz
[ 1800.115655][T25785] usb 4-1: Manufacturer: syz
[ 1800.156223][T25785] usb 4-1: SerialNumber: syz
[ 1800.176229][T28601] chnl_net:caif_netlink_parms(): no params data found
[ 1800.188729][T28632] netlink: 'syz.2.5524': attribute type 8 has an invalid length.
[ 1800.189948][T25785] usb 4-1: config 0 descriptor??
[ 1800.324282][   T49] dummy0: left allmulticast mode
[ 1800.348414][   T49] bridge0: port 3(dummy0) entered disabled state
[ 1800.383022][   T49] bridge_slave_1: left allmulticast mode
[ 1800.400943][   T49] bridge_slave_1: left promiscuous mode
[ 1800.406487][T28634] FAULT_INJECTION: forcing a failure.
[ 1800.406487][T28634] name failslab, interval 1, probability 0, space 0, times 0
[ 1800.415640][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1800.441094][T28634] CPU: 1 UID: 0 PID: 28634 Comm: syz.2.5525 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1800.441120][T28634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1800.441139][T28634] Call Trace:
[ 1800.441147][T28634]  <TASK>
[ 1800.441156][T28634]  dump_stack_lvl+0x189/0x250
[ 1800.441186][T28634]  ? __pfx____ratelimit+0x10/0x10
[ 1800.441211][T28634]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1800.441238][T28634]  ? __pfx__printk+0x10/0x10
[ 1800.441269][T28634]  ? __pfx___might_resched+0x10/0x10
[ 1800.441292][T28634]  should_fail_ex+0x414/0x560
[ 1800.441320][T28634]  should_failslab+0xa8/0x100
[ 1800.441347][T28634]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1800.441372][T28634]  ? __alloc_skb+0x112/0x2d0
[ 1800.441401][T28634]  __alloc_skb+0x112/0x2d0
[ 1800.441429][T28634]  netlink_sendmsg+0x5c6/0xb30
[ 1800.441462][T28634]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1800.441489][T28634]  ? __import_iovec+0x5d4/0x7f0
[ 1800.441507][T28634]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1800.441535][T28634]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1800.441555][T28634]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1800.441582][T28634]  __sock_sendmsg+0x21c/0x270
[ 1800.441606][T28634]  ____sys_sendmsg+0x505/0x830
[ 1800.441639][T28634]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1800.441675][T28634]  ___sys_sendmsg+0x21f/0x2a0
[ 1800.441696][T28634]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1800.441750][T28634]  ? __fget_files+0x2a/0x420
[ 1800.441767][T28634]  ? __fget_files+0x3a0/0x420
[ 1800.441793][T28634]  __sys_sendmsg+0x164/0x220
[ 1800.441815][T28634]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1800.441850][T28634]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1800.441876][T28634]  __do_fast_syscall_32+0xb6/0x2b0
[ 1800.441901][T28634]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1800.441927][T28634]  do_fast_syscall_32+0x34/0x80
[ 1800.441951][T28634]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1800.441973][T28634] RIP: 0023:0xf706e539
[ 1800.441990][T28634] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1800.442006][T28634] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1800.442026][T28634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1800.442039][T28634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1800.442051][T28634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1800.442062][T28634] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1800.442073][T28634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1800.442100][T28634]  </TASK>
[ 1800.718998][   T49] bridge_slave_0: left allmulticast mode
[ 1800.724948][   T49] bridge_slave_0: left promiscuous mode
[ 1800.732824][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1801.121086][T28640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5526'.
[ 1801.399584][   T49] dvmrp0 (unregistering): left allmulticast mode
[ 1801.493090][   T49] team0: Port device bridge0 removed
[ 1801.905615][T25785] airspy 4-1:0.0: usb_control_msg() failed -110 request 0a
[ 1801.913600][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1801.915102][T25785] airspy 4-1:0.0: Could not detect board
[ 1801.929213][T25785] airspy 4-1:0.0: probe with driver airspy failed with error -110
[ 1801.943639][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1801.962448][   T49] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1801.977212][   T49] bond0 (unregistering): Released all slaves
[ 1802.000700][T28636] veth0_macvtap: left promiscuous mode
[ 1802.007033][T28636] macvtap0: entered promiscuous mode
[ 1802.023139][T28640] vlan2: entered allmulticast mode
[ 1802.058832][T28640] bridge0: port 5(vlan2) entered blocking state
[ 1802.078648][T28640] bridge0: port 5(vlan2) entered disabled state
[ 1802.090908][T28640] vlan2: entered promiscuous mode
[ 1802.136496][T11379] Bluetooth: hci3: command tx timeout
[ 1802.223590][   T49] tipc: Left network mode
[ 1802.400563][T28652] program syz.5.5528 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1802.497725][T28601] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1802.519915][T28657] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5528'.
[ 1802.535620][T28601] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1802.546825][T28601] bridge_slave_0: entered allmulticast mode
[ 1802.565416][T28601] bridge_slave_0: entered promiscuous mode
[ 1802.585248][T28601] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1802.605657][T28601] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1802.617776][T28601] bridge_slave_1: entered allmulticast mode
[ 1802.626457][T28601] bridge_slave_1: entered promiscuous mode
[ 1802.635884][    C1] sd 0:0:1:0: [sda] tag#5966 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1802.646658][    C1] sd 0:0:1:0: [sda] tag#5966 CDB: Write(6) 0a 00 00 00 00 00
[ 1802.682329][ T5959] usb 4-1: USB disconnect, device number 59
[ 1803.406905][T28601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1803.456226][T28679] FAULT_INJECTION: forcing a failure.
[ 1803.456226][T28679] name failslab, interval 1, probability 0, space 0, times 0
[ 1803.489848][T28601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1803.494681][T28679] CPU: 0 UID: 0 PID: 28679 Comm: syz.7.5533 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1803.494709][T28679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1803.494721][T28679] Call Trace:
[ 1803.494730][T28679]  <TASK>
[ 1803.494739][T28679]  dump_stack_lvl+0x189/0x250
[ 1803.494766][T28679]  ? __pfx____ratelimit+0x10/0x10
[ 1803.494789][T28679]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1803.494809][T28679]  ? __pfx__printk+0x10/0x10
[ 1803.494838][T28679]  ? __pfx___might_resched+0x10/0x10
[ 1803.494860][T28679]  should_fail_ex+0x414/0x560
[ 1803.494887][T28679]  should_failslab+0xa8/0x100
[ 1803.494917][T28679]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1803.494942][T28679]  ? __alloc_skb+0x112/0x2d0
[ 1803.494970][T28679]  __alloc_skb+0x112/0x2d0
[ 1803.494997][T28679]  netlink_sendmsg+0x5c6/0xb30
[ 1803.495031][T28679]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1803.495058][T28679]  ? __import_iovec+0x5d4/0x7f0
[ 1803.495075][T28679]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1803.495104][T28679]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1803.495123][T28679]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1803.495147][T28679]  __sock_sendmsg+0x21c/0x270
[ 1803.495185][T28679]  ____sys_sendmsg+0x505/0x830
[ 1803.495209][T28679]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1803.495242][T28679]  ___sys_sendmsg+0x21f/0x2a0
[ 1803.495262][T28679]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1803.495318][T28679]  ? __fget_files+0x2a/0x420
[ 1803.495334][T28679]  ? __fget_files+0x3a0/0x420
[ 1803.495359][T28679]  __sys_sendmsg+0x164/0x220
[ 1803.495379][T28679]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1803.495411][T28679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1803.495437][T28679]  __do_fast_syscall_32+0xb6/0x2b0
[ 1803.495462][T28679]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1803.495488][T28679]  do_fast_syscall_32+0x34/0x80
[ 1803.495512][T28679]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1803.495534][T28679] RIP: 0023:0xf7f06539
[ 1803.495550][T28679] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1803.495574][T28679] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1803.495594][T28679] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1803.495607][T28679] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1803.495617][T28679] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1803.495627][T28679] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1803.495638][T28679] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1803.495750][T28679]  </TASK>
[ 1803.906513][   T49] hsr_slave_0: left promiscuous mode
[ 1803.915420][   T30] audit: type=1326 audit(1755025193.361:4349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.075281][   T49] hsr_slave_1: left promiscuous mode
[ 1804.085744][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1804.100884][   T30] audit: type=1326 audit(1755025193.361:4350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.113647][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1804.150914][T28694] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5537'.
[ 1804.175018][   T30] audit: type=1326 audit(1755025193.401:4351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.215522][T11379] Bluetooth: hci3: command tx timeout
[ 1804.232367][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1804.265665][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1804.324124][   T49] veth1_macvtap: left promiscuous mode
[ 1804.340167][T25785] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1804.368199][   T49] veth0_macvtap: left promiscuous mode
[ 1804.372597][   T30] audit: type=1326 audit(1755025193.401:4352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.408942][   T49] veth1_vlan: left promiscuous mode
[ 1804.414439][   T49] veth0_vlan: left promiscuous mode
[ 1804.472130][   T30] audit: type=1326 audit(1755025193.401:4353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=107 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.506969][   T30] audit: type=1326 audit(1755025193.401:4354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.545040][T25785] usb 3-1: config 0 has no interfaces?
[ 1804.562016][T25785] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1804.573231][T25785] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1804.595150][T25785] usb 3-1: Product: syz
[ 1804.599660][T25785] usb 3-1: Manufacturer: syz
[ 1804.604502][T25785] usb 3-1: SerialNumber: syz
[ 1804.614528][   T30] audit: type=1326 audit(1755025193.401:4355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.650844][T25785] usb 3-1: config 0 descriptor??
[ 1804.669820][   T30] audit: type=1326 audit(1755025193.401:4356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.883485][   T30] audit: type=1326 audit(1755025193.401:4357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1804.960313][   T30] audit: type=1326 audit(1755025193.401:4358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28685 comm="syz.2.5536" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e539 code=0x7ffc0000
[ 1806.268036][   T49] team0 (unregistering): Port device team_slave_1 removed
[ 1806.301030][T11379] Bluetooth: hci3: command tx timeout
[ 1806.375271][   T49] team0 (unregistering): Port device team_slave_0 removed
[ 1806.517776][T28717] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5542'.
[ 1807.326403][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.356649][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.398488][  T979] usb 3-1: USB disconnect, device number 31
[ 1807.413486][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.429904][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.450492][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.477698][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.498474][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.522231][T28719] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5543'.
[ 1807.620260][T28601] team0: Port device team_slave_0 added
[ 1807.690148][T28601] team0: Port device team_slave_1 added
[ 1807.934239][T28601] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1807.966361][T28601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1808.019612][T28601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1808.048358][T28601] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1808.098024][T28601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1808.245569][T28601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1808.709405][   T49] IPVS: stop unused estimator thread 0...
[ 1808.748878][T28601] hsr_slave_0: entered promiscuous mode
[ 1808.782058][T28601] hsr_slave_1: entered promiscuous mode
[ 1808.810511][T28601] debugfs: 'hsr0' already exists in 'hsr'
[ 1808.829670][T28601] Cannot create hsr debugfs directory
[ 1809.689209][T28778] FAULT_INJECTION: forcing a failure.
[ 1809.689209][T28778] name failslab, interval 1, probability 0, space 0, times 0
[ 1809.718045][T28778] CPU: 0 UID: 0 PID: 28778 Comm: syz.2.5556 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1809.718077][T28778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1809.718088][T28778] Call Trace:
[ 1809.718097][T28778]  <TASK>
[ 1809.718106][T28778]  dump_stack_lvl+0x189/0x250
[ 1809.718134][T28778]  ? __pfx____ratelimit+0x10/0x10
[ 1809.718158][T28778]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1809.718178][T28778]  ? __pfx__printk+0x10/0x10
[ 1809.718207][T28778]  ? __pfx___might_resched+0x10/0x10
[ 1809.718230][T28778]  should_fail_ex+0x414/0x560
[ 1809.718258][T28778]  should_failslab+0xa8/0x100
[ 1809.718284][T28778]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1809.718309][T28778]  ? __alloc_skb+0x112/0x2d0
[ 1809.718337][T28778]  __alloc_skb+0x112/0x2d0
[ 1809.718366][T28778]  netlink_sendmsg+0x5c6/0xb30
[ 1809.718401][T28778]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1809.718429][T28778]  ? __import_iovec+0x5d4/0x7f0
[ 1809.718448][T28778]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1809.718476][T28778]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1809.718495][T28778]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1809.718521][T28778]  __sock_sendmsg+0x21c/0x270
[ 1809.718546][T28778]  ____sys_sendmsg+0x505/0x830
[ 1809.718571][T28778]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1809.718605][T28778]  ___sys_sendmsg+0x21f/0x2a0
[ 1809.718627][T28778]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1809.718680][T28778]  ? __fget_files+0x2a/0x420
[ 1809.718697][T28778]  ? __fget_files+0x3a0/0x420
[ 1809.718723][T28778]  __sys_sendmsg+0x164/0x220
[ 1809.718744][T28778]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1809.718779][T28778]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1809.718806][T28778]  __do_fast_syscall_32+0xb6/0x2b0
[ 1809.718832][T28778]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1809.718859][T28778]  do_fast_syscall_32+0x34/0x80
[ 1809.718884][T28778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1809.718905][T28778] RIP: 0023:0xf706e539
[ 1809.718934][T28778] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1809.718949][T28778] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1809.718970][T28778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[ 1809.718983][T28778] RDX: 0000000000008004 RSI: 0000000000000000 RDI: 0000000000000000
[ 1809.718995][T28778] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1809.719005][T28778] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1809.719017][T28778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1809.719044][T28778]  </TASK>
[ 1810.322159][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x4
[ 1810.330840][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x2
[ 1810.339065][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.395134][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.406714][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.415743][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.424536][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.433550][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.956565][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.969567][T25159] hid-generic 0000:3000000:0000.0022: unknown main item tag 0x0
[ 1810.990276][T25159] hid-generic 0000:3000000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[ 1811.356446][T28803] __nla_validate_parse: 42 callbacks suppressed
[ 1811.356469][T28803] netlink: 21 bytes leftover after parsing attributes in process `syz.7.5562'.
[ 1811.499499][T28799] fido_id[28799]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1811.922675][T28601] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1811.974708][T28821] bridge_slave_0: left allmulticast mode
[ 1811.985510][T28821] bridge_slave_0: left promiscuous mode
[ 1811.999942][T28821] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1812.012253][T28821] bridge_slave_1: left allmulticast mode
[ 1812.135796][T28821] bridge_slave_1: left promiscuous mode
[ 1812.155722][T28821] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1812.258728][T28821] bond0: (slave bond_slave_0): Releasing backup interface
[ 1812.304800][T28821] bond0: (slave bond_slave_1): Releasing backup interface
[ 1812.407911][T28821] team0: Port device team_slave_0 removed
[ 1812.547562][T28821] team0: Port device team_slave_1 removed
[ 1812.564800][T28821] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1812.579062][T28821] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1812.671540][T28821] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1812.715444][T28821] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1812.833453][T28601] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1812.917222][T28601] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1812.971674][T28601] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1813.324129][T28601] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1813.466767][T28601] 8021q: adding VLAN 0 to HW filter on device team0
[ 1813.529130][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1813.537248][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1813.664019][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1813.671397][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1813.870790][T28851] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5570'.
[ 1814.093939][T28601] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1814.210964][T28867] netlink: 337 bytes leftover after parsing attributes in process `syz.2.5573'.
[ 1814.332449][T28868] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5572'.
[ 1814.353712][T28601] veth0_vlan: entered promiscuous mode
[ 1814.476477][T28601] veth1_vlan: entered promiscuous mode
[ 1814.675824][T28878] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5574'.
[ 1814.858276][T28601] veth0_macvtap: entered promiscuous mode
[ 1814.895373][T28601] veth1_macvtap: entered promiscuous mode
[ 1815.171513][T28601] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1815.231798][T28601] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1815.475862][   T49] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1815.528207][   T49] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1815.617141][   T49] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1815.715757][   T49] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1816.147169][ T3022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1816.223853][ T3022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1816.532476][ T3022] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1816.596427][ T3022] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1816.734475][T28903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5581'.
[ 1816.964509][T28911] FAULT_INJECTION: forcing a failure.
[ 1816.964509][T28911] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1817.026759][T28911] CPU: 1 UID: 0 PID: 28911 Comm: syz.6.5510 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1817.026787][T28911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1817.026798][T28911] Call Trace:
[ 1817.026806][T28911]  <TASK>
[ 1817.026815][T28911]  dump_stack_lvl+0x189/0x250
[ 1817.026840][T28911]  ? __pfx____ratelimit+0x10/0x10
[ 1817.026863][T28911]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1817.026884][T28911]  ? __pfx__printk+0x10/0x10
[ 1817.026908][T28911]  ? __might_fault+0xb0/0x130
[ 1817.026946][T28911]  should_fail_ex+0x414/0x560
[ 1817.026974][T28911]  _copy_from_user+0x2d/0xb0
[ 1817.026995][T28911]  sctp_setsockopt+0x19f/0x1200
[ 1817.027020][T28911]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1817.027046][T28911]  do_sock_setsockopt+0x17c/0x1b0
[ 1817.027077][T28911]  __ia32_sys_setsockopt+0x13f/0x1b0
[ 1817.027106][T28911]  __do_fast_syscall_32+0xb6/0x2b0
[ 1817.027132][T28911]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1817.027159][T28911]  do_fast_syscall_32+0x34/0x80
[ 1817.027183][T28911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1817.027204][T28911] RIP: 0023:0xf70de539
[ 1817.027221][T28911] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1817.027236][T28911] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1817.027256][T28911] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000084
[ 1817.027269][T28911] RDX: 0000000000000009 RSI: 0000000080000600 RDI: 000000000000009c
[ 1817.027280][T28911] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1817.027291][T28911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1817.027302][T28911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1817.027328][T28911]  </TASK>
[ 1817.217366][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1818.048577][  T979] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1818.195835][  T979] usb 3-1: Using ep0 maxpacket: 8
[ 1818.205839][  T979] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1818.214844][  T979] usb 3-1: config 4 interface 0 has no altsetting 0
[ 1818.224952][  T979] usb 3-1: string descriptor 0 read error: -22
[ 1818.231821][  T979] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1818.242445][  T979] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1818.280004][  T979] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1818.313000][  T979] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1818.403581][  T979] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1818.413886][  T979] usb 3-1: media controller created
[ 1818.504834][  T979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1818.731899][T28942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5589'.
[ 1819.686657][  T979] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1820.207942][  T979] usb 3-1: USB disconnect, device number 32
[ 1820.520006][T28962] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5595'.
[ 1821.037833][  T979] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1821.185642][  T979] usb 3-1: device descriptor read/64, error -71
[ 1821.429769][  T979] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1821.595440][  T979] usb 3-1: device descriptor read/64, error -71
[ 1821.749426][  T979] usb usb3-port1: attempt power cycle
[ 1822.185511][  T979] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1822.367343][  T979] usb 3-1: device descriptor read/8, error -71
[ 1822.715569][  T979] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1822.736221][  T979] usb 3-1: device descriptor read/8, error -71
[ 1822.865621][ T5957] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 1822.875208][  T979] usb usb3-port1: unable to enumerate USB device
[ 1822.991444][T29002] netlink: 196 bytes leftover after parsing attributes in process `syz.5.5604'.
[ 1823.005952][T29002] netlink: 'syz.5.5604': attribute type 8 has an invalid length.
[ 1823.136899][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1823.149243][ T5957] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1823.164389][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1823.523927][ T5957] usb 4-1: config 0 descriptor??
[ 1824.027749][ T5957] usbhid 4-1:0.0: can't add hid device: -71
[ 1824.034034][ T5957] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1824.058233][ T5957] usb 4-1: USB disconnect, device number 60
[ 1824.747987][ T5957] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 1824.925737][ T5957] usb 4-1: Using ep0 maxpacket: 16
[ 1824.929105][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1824.929152][ T5957] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1824.929176][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1824.955215][ T5957] usb 4-1: config 0 descriptor??
[ 1825.175772][T25159] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1825.369392][ T5957] kye 0003:0458:5016.0023: control desc unexpectedly large
[ 1825.389131][T25159] usb 6-1: Using ep0 maxpacket: 8
[ 1825.435656][ T5957] input: HID 0458:5016 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5016.0023/input/input61
[ 1825.471303][T25159] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1825.538595][ T5957] input: HID 0458:5016 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5016.0023/input/input62
[ 1825.596398][T25159] usb 6-1: config 4 interface 0 has no altsetting 0
[ 1825.618537][T25159] usb 6-1: string descriptor 0 read error: -22
[ 1825.643895][T25159] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1825.735949][T25159] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1825.792045][ T5957] kye 0003:0458:5016.0023: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.3-1/input0
[ 1825.933778][T25159] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1826.005695][T25159] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1826.129495][T25159] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1826.164008][T25159] usb 6-1: media controller created
[ 1826.360891][T25159] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1826.712219][T29041] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5611'.
[ 1826.756632][T18543] usb 7-1: new low-speed USB device number 46 using dummy_hcd
[ 1826.988229][T18543] usb 7-1: config 0 has no interfaces?
[ 1827.115637][T18543] usb 7-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[ 1827.194917][T25159] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1827.232737][T18543] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1827.264933][T18543] usb 7-1: config 0 descriptor??
[ 1827.343899][T25159] usb 6-1: USB disconnect, device number 25
[ 1827.527772][T29039] FAULT_INJECTION: forcing a failure.
[ 1827.527772][T29039] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1827.542687][T29039] CPU: 1 UID: 0 PID: 29039 Comm: syz.6.5612 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1827.542716][T29039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1827.542728][T29039] Call Trace:
[ 1827.542736][T29039]  <TASK>
[ 1827.542745][T29039]  dump_stack_lvl+0x189/0x250
[ 1827.542775][T29039]  ? __pfx____ratelimit+0x10/0x10
[ 1827.542799][T29039]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1827.542820][T29039]  ? __pfx__printk+0x10/0x10
[ 1827.542844][T29039]  ? __might_fault+0xb0/0x130
[ 1827.542878][T29039]  should_fail_ex+0x414/0x560
[ 1827.542902][T29039]  _copy_from_user+0x2d/0xb0
[ 1827.542924][T29039]  get_compat_msghdr+0xad/0x4a0
[ 1827.542956][T29039]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1827.542995][T29039]  ___sys_sendmsg+0x193/0x2a0
[ 1827.543017][T29039]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1827.543071][T29039]  ? __fget_files+0x2a/0x420
[ 1827.543087][T29039]  ? __fget_files+0x3a0/0x420
[ 1827.543113][T29039]  __sys_sendmsg+0x164/0x220
[ 1827.543134][T29039]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1827.543168][T29039]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1827.543329][T29039]  __do_fast_syscall_32+0xb6/0x2b0
[ 1827.543358][T29039]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1827.543385][T29039]  do_fast_syscall_32+0x34/0x80
[ 1827.543416][T29039]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1827.543441][T29039] RIP: 0023:0xf70de539
[ 1827.543457][T29039] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1827.543472][T29039] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1827.543500][T29039] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[ 1827.543516][T29039] RDX: 000000000000c080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1827.543528][T29039] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1827.543539][T29039] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1827.543551][T29039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1827.543578][T29039]  </TASK>
[ 1827.787976][ T5942] usb 4-1: USB disconnect, device number 61
[ 1827.942142][T18543] usb 7-1: USB disconnect, device number 46
[ 1829.936961][ T5957] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1830.145471][ T5957] usb 6-1: Using ep0 maxpacket: 32
[ 1830.161407][ T5957] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1830.199546][ T5957] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1830.244353][ T5957] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1830.253005][ T5957] usb 6-1: Product: syz
[ 1830.258938][ T5957] usb 6-1: Manufacturer: syz
[ 1830.265466][ T5957] usb 6-1: SerialNumber: syz
[ 1830.293606][ T5957] usb 6-1: config 0 descriptor??
[ 1830.314309][ T5957] quatech2 6-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[ 1830.887914][ T5957] usb 6-1: qt2_setup_urbs - submit read urb failed -8
[ 1830.940695][ T5957] quatech2 6-1:0.0: probe with driver quatech2 failed with error -8
[ 1831.234181][ T5957] usb 6-1: USB disconnect, device number 26
[ 1831.605450][ T5942] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1831.659888][ T5957] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1831.800327][ T5942] usb 4-1: Using ep0 maxpacket: 16
[ 1832.176347][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1832.215669][ T5942] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[ 1832.241042][ T5942] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023
[ 1832.296615][ T5957] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1832.307812][ T5957] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1832.319632][ T5957] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1832.336356][ T5957] usb 6-1: config 0 descriptor??
[ 1832.398069][ T5942] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 1832.427682][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1832.506478][ T5942] usb 4-1: Product: syz
[ 1832.512955][ T5942] usb 4-1: Manufacturer: syz
[ 1832.547768][ T5942] usb 4-1: SerialNumber: syz
[ 1832.570950][ T5942] usb 4-1: config 0 descriptor??
[ 1832.620103][T29107] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1832.646108][ T5957] usbhid 6-1:0.0: can't add hid device: -71
[ 1832.668029][ T5957] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1832.682522][ T5942] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[ 1832.727569][ T5942] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[ 1832.736297][ T5957] usb 6-1: USB disconnect, device number 27
[ 1832.753190][ T5942] mcba_usb 4-1:0.0 can0: failed tx_urb -90
[ 1832.783086][ T5942] mcba_usb 4-1:0.0 can0: Failed to send cmd (169)
[ 1832.805557][ T5942] mcba_usb 4-1:0.0: Microchip CAN BUS Analyzer connected
[ 1833.188197][ T5957] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1833.291753][T25159] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1833.439070][ T5957] usb 6-1: Using ep0 maxpacket: 16
[ 1833.446270][ T5957] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1833.455513][T25159] usb 7-1: Using ep0 maxpacket: 16
[ 1833.468361][T25159] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1833.479691][T25159] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1833.488808][T25159] usb 7-1: Product: syz
[ 1833.563349][T25159] usb 7-1: Manufacturer: syz
[ 1833.568961][ T5957] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1833.581337][T25159] usb 7-1: SerialNumber: syz
[ 1833.588834][ T5957] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1833.608145][T25159] r8152-cfgselector 7-1: Unknown version 0x0000
[ 1833.623899][T25159] r8152-cfgselector 7-1: config 0 descriptor??
[ 1833.644079][ T5957] usb 6-1: config 0 descriptor??
[ 1834.199445][T29123] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1834.204752][T29123] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1834.204782][T29123] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1834.204813][T29123] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1834.241137][T25186] r8152-cfgselector 7-1: USB disconnect, device number 47
[ 1834.488051][ T5957] kye 0003:0458:5016.0024: control desc unexpectedly large
[ 1834.554377][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1834.556345][ T5957] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.0024/input/input63
[ 1834.660894][ T5957] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.0024/input/input64
[ 1834.684128][ T5957] kye 0003:0458:5016.0024: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.5-1/input0
[ 1834.936633][ T5957] usb 4-1: USB disconnect, device number 62
[ 1834.938805][ T5957] mcba_usb 4-1:0.0 can0: device disconnected
[ 1834.990203][T29127] FAULT_INJECTION: forcing a failure.
[ 1834.990203][T29127] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1834.990258][T29127] CPU: 0 UID: 0 PID: 29127 Comm: syz.5.5627 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1834.990281][T29127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1834.990291][T29127] Call Trace:
[ 1834.990299][T29127]  <TASK>
[ 1834.990308][T29127]  dump_stack_lvl+0x189/0x250
[ 1834.990334][T29127]  ? __pfx____ratelimit+0x10/0x10
[ 1834.990365][T29127]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1834.990387][T29127]  ? __pfx__printk+0x10/0x10
[ 1834.990424][T29127]  should_fail_ex+0x414/0x560
[ 1834.990453][T29127]  _copy_to_user+0x31/0xb0
[ 1834.990475][T29127]  simple_read_from_buffer+0xe1/0x170
[ 1834.990506][T29127]  proc_fail_nth_read+0x1b3/0x220
[ 1834.990530][T29127]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1834.990552][T29127]  ? rw_verify_area+0x2a6/0x4d0
[ 1834.990570][T29127]  ? __lock_acquire+0xab9/0xd20
[ 1834.990591][T29127]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1834.990610][T29127]  vfs_read+0x200/0xa30
[ 1834.990631][T29127]  ? fdget_pos+0x247/0x320
[ 1834.990650][T29127]  ? __pfx___mutex_lock+0x10/0x10
[ 1834.990673][T29127]  ? __pfx_vfs_read+0x10/0x10
[ 1834.990708][T29127]  ? __fget_files+0x2a/0x420
[ 1834.990728][T29127]  ? __fget_files+0x3a0/0x420
[ 1834.990743][T29127]  ? __fget_files+0x2a/0x420
[ 1834.990768][T29127]  ksys_read+0x145/0x250
[ 1834.990792][T29127]  ? __pfx_ksys_read+0x10/0x10
[ 1834.990817][T29127]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1834.990841][T29127]  __do_fast_syscall_32+0xb6/0x2b0
[ 1834.990864][T29127]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1834.990889][T29127]  do_fast_syscall_32+0x34/0x80
[ 1834.990911][T29127]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1834.990932][T29127] RIP: 0023:0xf709e539
[ 1834.990948][T29127] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1834.990964][T29127] RSP: 002b:00000000f546d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1834.990983][T29127] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f546d620
[ 1834.990994][T29127] RDX: 000000000000000f RSI: 00000000f7404ff4 RDI: 0000000000000000
[ 1834.991005][T29127] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1834.991020][T29127] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1834.991031][T29127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1834.991059][T29127]  </TASK>
[ 1834.996368][T29104] Can't find ip_set type haSh:ip
[ 1835.246723][T16548] usb 6-1: USB disconnect, device number 28
[ 1835.311809][T29128] fido_id[29128]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[ 1835.548482][T29143] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[ 1838.705516][T16548] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1838.869757][T16548] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1838.891207][T29250] 8021q: VLANs not supported on ip6tnl0
[ 1838.899274][T16548] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1838.899835][T29251] binder: 29249:29251 ioctl 400c620e 800005c0 returned -22
[ 1838.916205][T16548] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1838.945684][T16548] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1838.973605][T16548] usb 3-1: config 0 descriptor??
[ 1839.071771][T29255] loop7: detected capacity change from 0 to 7
[ 1839.085094][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.095480][    C0] buffer_io_error: 1006 callbacks suppressed
[ 1839.095501][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.115274][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.125637][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.146568][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.156912][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.166727][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.177066][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.191479][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.201851][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.211673][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.222169][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.230846][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.241288][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.249948][ T6944] ldm_validate_partition_table(): Disk read failed.
[ 1839.265005][    C0] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.275289][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.283572][    C1] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.293891][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.312224][    C1] critical medium error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1839.322516][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1839.330738][ T6944] Dev loop7: unable to read RDB block 0
[ 1839.340540][ T6944]  loop7: unable to read partition table
[ 1839.365945][ T6944] loop7: partition table beyond EOD, truncated
[ 1839.393861][T29255] ldm_validate_partition_table(): Disk read failed.
[ 1839.408969][T29255] Dev loop7: unable to read RDB block 0
[ 1839.433230][T29255]  loop7: unable to read partition table
[ 1839.443657][T16548] cp2112 0003:10C4:EA90.0025: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[ 1839.467031][T29255] loop7: partition table beyond EOD, truncated
[ 1839.486959][T29255] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1839.511529][T29265] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5678'.
[ 1839.551987][ T5233] ldm_validate_partition_table(): Disk read failed.
[ 1839.584599][ T5233] Dev loop7: unable to read RDB block 0
[ 1839.602782][ T5233]  loop7: unable to read partition table
[ 1839.620245][T29238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1839.635797][ T5233] loop7: partition table beyond EOD, truncated
[ 1839.649388][T29238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1839.698095][T16548] cp2112 0003:10C4:EA90.0025: error requesting version
[ 1839.728310][T16548] cp2112 0003:10C4:EA90.0025: probe with driver cp2112 failed with error -71
[ 1839.806917][T16548] usb 3-1: USB disconnect, device number 37
[ 1839.857002][   T30] kauditd_printk_skb: 16 callbacks suppressed
[ 1839.857022][   T30] audit: type=1326 audit(1755025229.311:4375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1839.900722][   T30] audit: type=1326 audit(1755025229.311:4376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1839.981873][   T30] audit: type=1326 audit(1755025229.341:4377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.045889][   T30] audit: type=1326 audit(1755025229.341:4378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.094731][   T30] audit: type=1326 audit(1755025229.341:4379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.135782][T29280] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5682'.
[ 1840.149475][   T30] audit: type=1326 audit(1755025229.351:4380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.269838][   T30] audit: type=1326 audit(1755025229.351:4381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.352892][   T30] audit: type=1326 audit(1755025229.351:4382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.433861][   T30] audit: type=1326 audit(1755025229.351:4383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1840.467826][   T30] audit: type=1326 audit(1755025229.351:4384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29273 comm="syz.6.5680" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[ 1841.585739][T29298] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5688'.
[ 1842.258987][T16548] hid_parser_main: 6 callbacks suppressed
[ 1842.259008][T16548] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[ 1842.314281][T16548] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1842.509349][T29321] fido_id[29321]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1842.863854][T29335] input: syz1 as /devices/virtual/input/input65
[ 1843.617608][T29348] ip6gre1: entered allmulticast mode
[ 1843.827008][T29352] 
[ 1843.829383][T29352] =====================================================
[ 1843.836322][T29352] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1843.843972][T29352] 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 Not tainted
[ 1843.851093][T29352] -----------------------------------------------------
[ 1843.858119][T29352] syz.5.5710/29352 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1843.865848][T29352] ffff8880202b2b40 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0
[ 1843.874838][T29352] 
[ 1843.874838][T29352] and this task is already holding:
[ 1843.882303][T29352] ffff88805c4f6028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 1843.892170][T29352] which would create a new lock dependency:
[ 1843.898076][T29352]  (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3}
[ 1843.906365][T29352] 
[ 1843.906365][T29352] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1843.915911][T29352]  (&dev->event_lock#2){..-.}-{3:3}
[ 1843.915955][T29352] 
[ 1843.915955][T29352] ... which became SOFTIRQ-irq-safe at:
[ 1843.928870][T29352]   lock_acquire+0x120/0x360
[ 1843.933483][T29352]   _raw_spin_lock_irqsave+0xa7/0xf0
[ 1843.938788][T29352]   input_event+0x76/0xe0
[ 1843.943154][T29352]   powermate_irq+0x156/0x390
[ 1843.947863][T29352]   __usb_hcd_giveback_urb+0x41a/0x690
[ 1843.953350][T29352]   dummy_timer+0x862/0x4550
[ 1843.957969][T29352]   __hrtimer_run_queues+0x52c/0xc60
[ 1843.963358][T29352]   hrtimer_run_softirq+0x187/0x2b0
[ 1843.968656][T29352]   handle_softirqs+0x283/0x870
[ 1843.973524][T29352]   __irq_exit_rcu+0xca/0x1f0
[ 1843.978509][T29352]   irq_exit_rcu+0x9/0x30
[ 1843.982855][T29352]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1843.988680][T29352]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1843.994765][T29352]   __sanitizer_cov_trace_const_cmp8+0x31/0x90
[ 1844.000942][T29352]   handle_mm_fault+0x2f8/0x8e0
[ 1844.005902][T29352]   __get_user_pages+0x1699/0x2ce0
[ 1844.011034][T29352]   populate_vma_page_range+0x29f/0x3a0
[ 1844.016609][T29352]   __mm_populate+0x24c/0x380
[ 1844.021305][T29352]   vm_mmap_pgoff+0x387/0x4d0
[ 1844.026098][T29352]   __do_fast_syscall_32+0xb6/0x2b0
[ 1844.031413][T29352]   do_fast_syscall_32+0x34/0x80
[ 1844.036462][T29352]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1844.042942][T29352] 
[ 1844.042942][T29352] to a SOFTIRQ-irq-unsafe lock:
[ 1844.049972][T29352]  (tasklist_lock){.+.+}-{3:3}
[ 1844.050009][T29352] 
[ 1844.050009][T29352] ... which became SOFTIRQ-irq-unsafe at:
[ 1844.062827][T29352] ...
[ 1844.062840][T29352]   lock_acquire+0x120/0x360
[ 1844.070042][T29352]   _raw_read_lock+0x36/0x50
[ 1844.074660][T29352]   __do_wait+0xde/0x740
[ 1844.079102][T29352]   do_wait+0x1f8/0x520
[ 1844.083448][T29352]   kernel_wait+0xab/0x170
[ 1844.087886][T29352]   call_usermodehelper_exec_work+0xbe/0x230
[ 1844.094017][T29352]   process_scheduled_works+0xade/0x17b0
[ 1844.100291][T29352]   worker_thread+0x8a0/0xda0
[ 1844.105200][T29352]   kthread+0x70e/0x8a0
[ 1844.109459][T29352]   ret_from_fork+0x3f9/0x770
[ 1844.114187][T29352]   ret_from_fork_asm+0x1a/0x30
[ 1844.119060][T29352] 
[ 1844.119060][T29352] other info that might help us debug this:
[ 1844.119060][T29352] 
[ 1844.129739][T29352] Chain exists of:
[ 1844.129739][T29352]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[ 1844.129739][T29352] 
[ 1844.143428][T29352]  Possible interrupt unsafe locking scenario:
[ 1844.143428][T29352] 
[ 1844.151759][T29352]        CPU0                    CPU1
[ 1844.157131][T29352]        ----                    ----
[ 1844.162688][T29352]   lock(tasklist_lock);
[ 1844.167040][T29352]                                local_irq_disable();
[ 1844.173977][T29352]                                lock(&dev->event_lock#2);
[ 1844.181192][T29352]                                lock(&client->buffer_lock);
[ 1844.188672][T29352]   <Interrupt>
[ 1844.192133][T29352]     lock(&dev->event_lock#2);
[ 1844.197006][T29352] 
[ 1844.197006][T29352]  *** DEADLOCK ***
[ 1844.197006][T29352] 
[ 1844.205161][T29352] 7 locks held by syz.5.5710/29352:
[ 1844.210656][T29352]  #0: ffff88814733f118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480
[ 1844.220061][T29352]  #1: ffff888146eab230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340
[ 1844.230446][T29352]  #2: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340
[ 1844.240124][T29352]  #3: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890
[ 1844.249726][T29352]  #4: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340
[ 1844.259141][T29352]  #5: ffff88805c4f6028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0
[ 1844.269419][T29352]  #6: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0
[ 1844.278635][T29352] 
[ 1844.278635][T29352] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1844.289025][T29352]  -> (&dev->event_lock#2){..-.}-{3:3} {
[ 1844.294668][T29352]     IN-SOFTIRQ-W at:
[ 1844.298723][T29352]                       lock_acquire+0x120/0x360
[ 1844.305128][T29352]                       _raw_spin_lock_irqsave+0xa7/0xf0
[ 1844.312136][T29352]                       input_event+0x76/0xe0
[ 1844.318296][T29352]                       powermate_irq+0x156/0x390
[ 1844.324698][T29352]                       __usb_hcd_giveback_urb+0x41a/0x690
[ 1844.331984][T29352]                       dummy_timer+0x862/0x4550
[ 1844.338300][T29352]                       __hrtimer_run_queues+0x52c/0xc60
[ 1844.345568][T29352]                       hrtimer_run_softirq+0x187/0x2b0
[ 1844.352581][T29352]                       handle_softirqs+0x283/0x870
[ 1844.359159][T29352]                       __irq_exit_rcu+0xca/0x1f0
[ 1844.365675][T29352]                       irq_exit_rcu+0x9/0x30
[ 1844.371761][T29352]                       sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1844.379322][T29352]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1844.387123][T29352]                       __sanitizer_cov_trace_const_cmp8+0x31/0x90
[ 1844.395368][T29352]                       handle_mm_fault+0x2f8/0x8e0
[ 1844.401992][T29352]                       __get_user_pages+0x1699/0x2ce0
[ 1844.408947][T29352]                       populate_vma_page_range+0x29f/0x3a0
[ 1844.416510][T29352]                       __mm_populate+0x24c/0x380
[ 1844.423012][T29352]                       vm_mmap_pgoff+0x387/0x4d0
[ 1844.429411][T29352]                       __do_fast_syscall_32+0xb6/0x2b0
[ 1844.436337][T29352]                       do_fast_syscall_32+0x34/0x80
[ 1844.443100][T29352]                       entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1844.451237][T29352]     INITIAL USE at:
[ 1844.455221][T29352]                      lock_acquire+0x120/0x360
[ 1844.461538][T29352]                      _raw_spin_lock_irqsave+0xa7/0xf0
[ 1844.468467][T29352]                      input_inject_event+0xa5/0x340
[ 1844.475135][T29352]                      kbd_led_trigger_activate+0xbc/0x100
[ 1844.482323][T29352]                      led_trigger_set+0x52a/0x950
[ 1844.489008][T29352]                      led_trigger_set_default+0x260/0x2a0
[ 1844.496202][T29352]                      led_classdev_register_ext+0x73d/0x930
[ 1844.503587][T29352]                      input_leds_connect+0x517/0x790
[ 1844.510531][T29352]                      input_register_device+0xd00/0x1140
[ 1844.517891][T29352]                      atkbd_connect+0x72e/0xa00
[ 1844.524254][T29352]                      serio_driver_probe+0x7f/0xd0
[ 1844.531044][T29352]                      really_probe+0x26d/0x9e0
[ 1844.537497][T29352]                      __driver_probe_device+0x18c/0x2f0
[ 1844.544508][T29352]                      driver_probe_device+0x4f/0x430
[ 1844.551275][T29352]                      __driver_attach+0x452/0x700
[ 1844.557806][T29352]                      bus_for_each_dev+0x233/0x2b0
[ 1844.564386][T29352]                      serio_handle_event+0x1f9/0x8d0
[ 1844.571140][T29352]                      process_scheduled_works+0xade/0x17b0
[ 1844.578613][T29352]                      worker_thread+0x8a0/0xda0
[ 1844.584926][T29352]                      kthread+0x70e/0x8a0
[ 1844.590722][T29352]                      ret_from_fork+0x3f9/0x770
[ 1844.597143][T29352]                      ret_from_fork_asm+0x1a/0x30
[ 1844.603669][T29352]   }
[ 1844.606437][T29352]   ... key      at: [<ffffffff99e29f00>] input_allocate_device.__key.5+0x0/0x20
[ 1844.615677][T29352] -> (&client->buffer_lock){....}-{3:3} {
[ 1844.621419][T29352]    INITIAL USE at:
[ 1844.625313][T29352]                    lock_acquire+0x120/0x360
[ 1844.631568][T29352]                    _raw_spin_lock_irqsave+0xa7/0xf0
[ 1844.638465][T29352]                    evdev_ioctl_handler+0x1969/0x1f10
[ 1844.645324][T29352]                    __ia32_compat_sys_ioctl+0x543/0x840
[ 1844.652340][T29352]                    __do_fast_syscall_32+0xb6/0x2b0
[ 1844.659182][T29352]                    do_fast_syscall_32+0x34/0x80
[ 1844.665611][T29352]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1844.673676][T29352]  }
[ 1844.676163][T29352]  ... key      at: [<ffffffff99e2a1a0>] evdev_open.__key.25+0x0/0x20
[ 1844.684387][T29352]  ... acquired at:
[ 1844.688169][T29352]    lock_acquire+0x120/0x360
[ 1844.692852][T29352]    _raw_spin_lock+0x2e/0x40
[ 1844.697517][T29352]    evdev_pass_values+0xb9/0xbd0
[ 1844.702562][T29352]    evdev_events+0x1e6/0x340
[ 1844.707224][T29352]    input_pass_values+0x285/0x890
[ 1844.712336][T29352]    input_event_dispose+0x330/0x6b0
[ 1844.717607][T29352]    input_inject_event+0x1dd/0x340
[ 1844.722789][T29352]    evdev_write+0x2fc/0x480
[ 1844.727542][T29352]    vfs_write+0x27b/0xb30
[ 1844.732121][T29352]    ksys_write+0x145/0x250
[ 1844.736625][T29352]    __do_fast_syscall_32+0xb6/0x2b0
[ 1844.741985][T29352]    do_fast_syscall_32+0x34/0x80
[ 1844.746998][T29352]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1844.753490][T29352] 
[ 1844.755801][T29352] 
[ 1844.755801][T29352] the dependencies between the lock to be acquired
[ 1844.755810][T29352]  and SOFTIRQ-irq-unsafe lock:
[ 1844.769578][T29352]   -> (tasklist_lock){.+.+}-{3:3} {
[ 1844.774886][T29352]      HARDIRQ-ON-R at:
[ 1844.779041][T29352]                         lock_acquire+0x120/0x360
[ 1844.785635][T29352]                         _raw_read_lock+0x36/0x50
[ 1844.792145][T29352]                         __do_wait+0xde/0x740
[ 1844.798287][T29352]                         do_wait+0x1f8/0x520
[ 1844.804341][T29352]                         kernel_wait+0xab/0x170
[ 1844.810654][T29352]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1844.818536][T29352]                         process_scheduled_works+0xade/0x17b0
[ 1844.826147][T29352]                         worker_thread+0x8a0/0xda0
[ 1844.832724][T29352]                         kthread+0x70e/0x8a0
[ 1844.838970][T29352]                         ret_from_fork+0x3f9/0x770
[ 1844.845563][T29352]                         ret_from_fork_asm+0x1a/0x30
[ 1844.852758][T29352]      SOFTIRQ-ON-R at:
[ 1844.856909][T29352]                         lock_acquire+0x120/0x360
[ 1844.863416][T29352]                         _raw_read_lock+0x36/0x50
[ 1844.869914][T29352]                         __do_wait+0xde/0x740
[ 1844.876062][T29352]                         do_wait+0x1f8/0x520
[ 1844.882128][T29352]                         kernel_wait+0xab/0x170
[ 1844.888448][T29352]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1844.896331][T29352]                         process_scheduled_works+0xade/0x17b0
[ 1844.903863][T29352]                         worker_thread+0x8a0/0xda0
[ 1844.910610][T29352]                         kthread+0x70e/0x8a0
[ 1844.916749][T29352]                         ret_from_fork+0x3f9/0x770
[ 1844.923412][T29352]                         ret_from_fork_asm+0x1a/0x30
[ 1844.930249][T29352]      INITIAL USE at:
[ 1844.934307][T29352]                        lock_acquire+0x120/0x360
[ 1844.940725][T29352]                        _raw_write_lock_irq+0xa2/0xf0
[ 1844.947582][T29352]                        copy_process+0x224f/0x3c00
[ 1844.954158][T29352]                        kernel_clone+0x21e/0x840
[ 1844.960922][T29352]                        user_mode_thread+0xdd/0x140
[ 1844.967671][T29352]                        rest_init+0x23/0x300
[ 1844.973737][T29352]                        start_kernel+0x3a9/0x410
[ 1844.980144][T29352]                        x86_64_start_reservations+0x24/0x30
[ 1844.987503][T29352]                        x86_64_start_kernel+0x143/0x1c0
[ 1844.994514][T29352]                        common_startup_64+0x13e/0x147
[ 1845.001356][T29352]      INITIAL READ USE at:
[ 1845.005842][T29352]                             lock_acquire+0x120/0x360
[ 1845.012865][T29352]                             _raw_read_lock+0x36/0x50
[ 1845.019708][T29352]                             __do_wait+0xde/0x740
[ 1845.026537][T29352]                             do_wait+0x1f8/0x520
[ 1845.033196][T29352]                             kernel_wait+0xab/0x170
[ 1845.039904][T29352]                             call_usermodehelper_exec_work+0xbe/0x230
[ 1845.048154][T29352]                             process_scheduled_works+0xade/0x17b0
[ 1845.056232][T29352]                             worker_thread+0x8a0/0xda0
[ 1845.063237][T29352]                             kthread+0x70e/0x8a0
[ 1845.069741][T29352]                             ret_from_fork+0x3f9/0x770
[ 1845.076691][T29352]                             ret_from_fork_asm+0x1a/0x30
[ 1845.083828][T29352]    }
[ 1845.086591][T29352]    ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[ 1845.094749][T29352]    ... acquired at:
[ 1845.098817][T29352]    lock_acquire+0x120/0x360
[ 1845.103508][T29352]    _raw_read_lock+0x36/0x50
[ 1845.108290][T29352]    send_sigio+0x101/0x370
[ 1845.112885][T29352]    kill_fasync+0x24d/0x4d0
[ 1845.117522][T29352]    lease_break_callback+0x26/0x30
[ 1845.122827][T29352]    __break_lease+0x6a2/0x1620
[ 1845.127666][T29352]    vfs_truncate+0x428/0x520
[ 1845.132334][T29352]    do_sys_truncate+0xdb/0x190
[ 1845.137196][T29352]    __ia32_compat_sys_truncate+0x5b/0x70
[ 1845.142911][T29352]    __do_fast_syscall_32+0xb6/0x2b0
[ 1845.148282][T29352]    do_fast_syscall_32+0x34/0x80
[ 1845.153319][T29352]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.159822][T29352] 
[ 1845.162132][T29352]  -> (&f_owner->lock){....}-{3:3} {
[ 1845.167416][T29352]     INITIAL USE at:
[ 1845.171561][T29352]                      lock_acquire+0x120/0x360
[ 1845.177805][T29352]                      _raw_write_lock_irq+0xa2/0xf0
[ 1845.184477][T29352]                      __f_setown+0x67/0x370
[ 1845.190447][T29352]                      generic_setlease+0xd60/0x1240
[ 1845.197199][T29352]                      fcntl_setlease+0x3a2/0x4c0
[ 1845.203601][T29352]                      do_fcntl+0x6a9/0x1910
[ 1845.209589][T29352]                      do_compat_fcntl64+0x477/0x720
[ 1845.216248][T29352]                      __do_fast_syscall_32+0xb6/0x2b0
[ 1845.223183][T29352]                      do_fast_syscall_32+0x34/0x80
[ 1845.229939][T29352]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.238087][T29352]     INITIAL READ USE at:
[ 1845.242511][T29352]                           lock_acquire+0x120/0x360
[ 1845.249221][T29352]                           _raw_read_lock_irqsave+0xaf/0x100
[ 1845.256862][T29352]                           send_sigio+0x38/0x370
[ 1845.263298][T29352]                           kill_fasync+0x24d/0x4d0
[ 1845.269900][T29352]                           lease_break_callback+0x26/0x30
[ 1845.277091][T29352]                           __break_lease+0x6a2/0x1620
[ 1845.283958][T29352]                           vfs_truncate+0x428/0x520
[ 1845.290766][T29352]                           do_sys_truncate+0xdb/0x190
[ 1845.297715][T29352]                           __ia32_compat_sys_truncate+0x5b/0x70
[ 1845.305443][T29352]                           __do_fast_syscall_32+0xb6/0x2b0
[ 1845.312855][T29352]                           do_fast_syscall_32+0x34/0x80
[ 1845.320045][T29352]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.328533][T29352]   }
[ 1845.331107][T29352]   ... key      at: [<ffffffff99b2af60>] file_f_owner_allocate.__key+0x0/0x20
[ 1845.340206][T29352]   ... acquired at:
[ 1845.344106][T29352]    lock_acquire+0x120/0x360
[ 1845.348867][T29352]    _raw_read_lock_irqsave+0xaf/0x100
[ 1845.354317][T29352]    send_sigio+0x38/0x370
[ 1845.358720][T29352]    kill_fasync+0x24d/0x4d0
[ 1845.363325][T29352]    lease_break_callback+0x26/0x30
[ 1845.368527][T29352]    __break_lease+0x6a2/0x1620
[ 1845.373363][T29352]    vfs_truncate+0x428/0x520
[ 1845.378028][T29352]    do_sys_truncate+0xdb/0x190
[ 1845.382871][T29352]    __ia32_compat_sys_truncate+0x5b/0x70
[ 1845.388680][T29352]    __do_fast_syscall_32+0xb6/0x2b0
[ 1845.394138][T29352]    do_fast_syscall_32+0x34/0x80
[ 1845.399417][T29352]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.405913][T29352] 
[ 1845.408256][T29352] -> (&new->fa_lock){....}-{3:3} {
[ 1845.413634][T29352]    INITIAL USE at:
[ 1845.417708][T29352]                    lock_acquire+0x120/0x360
[ 1845.423766][T29352]                    _raw_write_lock_irq+0xa2/0xf0
[ 1845.430449][T29352]                    fasync_remove_entry+0xf1/0x1c0
[ 1845.437039][T29352]                    lease_modify+0x1ca/0x3c0
[ 1845.443098][T29352]                    locks_remove_file+0x4bf/0xea0
[ 1845.449678][T29352]                    __fput+0x3ab/0xa70
[ 1845.455251][T29352]                    task_work_run+0x1d4/0x260
[ 1845.461482][T29352]                    do_exit+0x6b5/0x2300
[ 1845.467281][T29352]                    do_group_exit+0x21c/0x2d0
[ 1845.473683][T29352]                    get_signal+0x1286/0x1340
[ 1845.479824][T29352]                    arch_do_signal_or_restart+0x9a/0x750
[ 1845.487017][T29352]                    exit_to_user_mode_loop+0x75/0x110
[ 1845.494211][T29352]                    do_int80_emulation+0x2a0/0x390
[ 1845.500792][T29352]                    asm_int80_emulation+0x1a/0x20
[ 1845.507381][T29352]    INITIAL READ USE at:
[ 1845.511699][T29352]                         lock_acquire+0x120/0x360
[ 1845.518201][T29352]                         _raw_read_lock_irqsave+0xaf/0x100
[ 1845.525559][T29352]                         kill_fasync+0x199/0x4d0
[ 1845.531959][T29352]                         lease_break_callback+0x26/0x30
[ 1845.538967][T29352]                         __break_lease+0x6a2/0x1620
[ 1845.545722][T29352]                         vfs_truncate+0x428/0x520
[ 1845.552239][T29352]                         do_sys_truncate+0xdb/0x190
[ 1845.559394][T29352]                         __ia32_compat_sys_truncate+0x5b/0x70
[ 1845.567120][T29352]                         __do_fast_syscall_32+0xb6/0x2b0
[ 1845.574323][T29352]                         do_fast_syscall_32+0x34/0x80
[ 1845.581250][T29352]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.589667][T29352]  }
[ 1845.592199][T29352]  ... key      at: [<ffffffff99b2af80>] fasync_insert_entry.__key+0x0/0x20
[ 1845.600870][T29352]  ... acquired at:
[ 1845.604654][T29352]    lock_acquire+0x120/0x360
[ 1845.609401][T29352]    _raw_read_lock_irqsave+0xaf/0x100
[ 1845.614986][T29352]    kill_fasync+0x199/0x4d0
[ 1845.619754][T29352]    evdev_pass_values+0x627/0xbd0
[ 1845.624967][T29352]    evdev_events+0x1e6/0x340
[ 1845.629728][T29352]    input_pass_values+0x285/0x890
[ 1845.634832][T29352]    input_event_dispose+0x330/0x6b0
[ 1845.640190][T29352]    input_inject_event+0x1dd/0x340
[ 1845.645378][T29352]    evdev_write+0x2fc/0x480
[ 1845.649976][T29352]    vfs_write+0x27b/0xb30
[ 1845.654614][T29352]    ksys_write+0x145/0x250
[ 1845.659106][T29352]    __do_fast_syscall_32+0xb6/0x2b0
[ 1845.664386][T29352]    do_fast_syscall_32+0x34/0x80
[ 1845.669399][T29352]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.675885][T29352] 
[ 1845.678210][T29352] 
[ 1845.678210][T29352] stack backtrace:
[ 1845.684084][T29352] CPU: 0 UID: 0 PID: 29352 Comm: syz.5.5710 Not tainted 6.17.0-rc1-syzkaller-00004-g53e760d89498 #0 PREEMPT(full) 
[ 1845.684103][T29352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1845.684112][T29352] Call Trace:
[ 1845.684121][T29352]  <TASK>
[ 1845.684129][T29352]  dump_stack_lvl+0x189/0x250
[ 1845.684150][T29352]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1845.684166][T29352]  ? __pfx__printk+0x10/0x10
[ 1845.684188][T29352]  validate_chain+0x1f05/0x2140
[ 1845.684211][T29352]  __lock_acquire+0xab9/0xd20
[ 1845.684233][T29352]  ? kill_fasync+0x199/0x4d0
[ 1845.684248][T29352]  lock_acquire+0x120/0x360
[ 1845.684267][T29352]  ? kill_fasync+0x199/0x4d0
[ 1845.684286][T29352]  _raw_read_lock_irqsave+0xaf/0x100
[ 1845.684304][T29352]  ? kill_fasync+0x199/0x4d0
[ 1845.684319][T29352]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[ 1845.684338][T29352]  ? do_raw_spin_lock+0x121/0x290
[ 1845.684359][T29352]  kill_fasync+0x199/0x4d0
[ 1845.684383][T29352]  ? kill_fasync+0x53/0x4d0
[ 1845.684400][T29352]  evdev_pass_values+0x627/0xbd0
[ 1845.684428][T29352]  ? evdev_pass_values+0x5a1/0xbd0
[ 1845.684452][T29352]  evdev_events+0x1e6/0x340
[ 1845.684475][T29352]  ? evdev_events+0x79/0x340
[ 1845.684500][T29352]  ? input_pass_values+0x8d/0x890
[ 1845.684523][T29352]  input_pass_values+0x285/0x890
[ 1845.684550][T29352]  ? input_handle_event+0x70c/0xf30
[ 1845.684571][T29352]  input_event_dispose+0x330/0x6b0
[ 1845.684593][T29352]  input_inject_event+0x1dd/0x340
[ 1845.684614][T29352]  ? input_inject_event+0xb6/0x340
[ 1845.684635][T29352]  evdev_write+0x2fc/0x480
[ 1845.684657][T29352]  ? __pfx_evdev_write+0x10/0x10
[ 1845.684677][T29352]  ? bpf_lsm_file_permission+0x9/0x20
[ 1845.684695][T29352]  ? security_file_permission+0x75/0x290
[ 1845.684714][T29352]  ? rw_verify_area+0x255/0x4d0
[ 1845.684731][T29352]  ? __lock_acquire+0xab9/0xd20
[ 1845.684750][T29352]  ? __pfx_evdev_write+0x10/0x10
[ 1845.684770][T29352]  vfs_write+0x27b/0xb30
[ 1845.684790][T29352]  ? __pfx_vfs_write+0x10/0x10
[ 1845.684807][T29352]  ? __fget_files+0x2a/0x420
[ 1845.684820][T29352]  ? __fget_files+0x2a/0x420
[ 1845.684832][T29352]  ? __fget_files+0x3a0/0x420
[ 1845.684843][T29352]  ? __fget_files+0x2a/0x420
[ 1845.684858][T29352]  ksys_write+0x145/0x250
[ 1845.684876][T29352]  ? __pfx_ksys_write+0x10/0x10
[ 1845.684895][T29352]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1845.684915][T29352]  __do_fast_syscall_32+0xb6/0x2b0
[ 1845.684935][T29352]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1845.684954][T29352]  do_fast_syscall_32+0x34/0x80
[ 1845.684974][T29352]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1845.684991][T29352] RIP: 0023:0xf709e539
[ 1845.685005][T29352] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1845.685019][T29352] RSP: 002b:00000000f548e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1845.685036][T29352] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000040
[ 1845.685047][T29352] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000
[ 1845.685056][T29352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1845.685064][T29352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1845.685073][T29352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1845.685087][T29352]  </TASK>
[ 1853.347694][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.354190][ T1302] ieee802154 phy1 wpan1: encryption failed: -22