last executing test programs:

13.24741054s ago: executing program 4 (id=816):
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fc4c2608fd0b24019f3a010203010902240001000000000904000002c55bef000905ad1e000000000009050202"], 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = signalfd4(r0, &(0x7f0000000000)={[0xc]}, 0x8, 0x80400)
socket$can_j1939(0x1d, 0x2, 0x7)
socket(0x10, 0x803, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000880)={0x2020}, 0xffffffffffffff1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

12.396683669s ago: executing program 0 (id=821):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB="000000000000ffffffffffffffde000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x20, 0x20000000000000bb, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002280)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff47, 0x10, &(0x7f0000000340)={0x6, 0xb, 0x5, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdc)
r6 = dup(r5)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getitimer(0x2, &(0x7f0000000040))
ioctl$BTRFS_IOC_RM_DEV(r6, 0x5000940b, &(0x7f0000000a80)={{r4}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
read$FUSE(r8, &(0x7f0000000240)={0x2020}, 0x2020)
pread64(r8, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

10.514053326s ago: executing program 0 (id=825):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB="000000000000ffffffffffffffde000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x20, 0x20000000000000bb, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002280)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff47, 0x10, &(0x7f0000000340)={0x6, 0xb, 0x5, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdc)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x2, 0x5, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getitimer(0x2, &(0x7f0000000040))
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, &(0x7f0000000a80)={{r4}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
read$FUSE(r6, &(0x7f0000000240)={0x2020}, 0x2020)
pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

8.216269651s ago: executing program 0 (id=827):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
openat$kvm(0xffffff9c, 0x0, 0x480, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x12, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008510000001"], &(0x7f0000000000)='GPL\x00', 0x4, 0xeb, &(0x7f0000000080)=""/235, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x1000, 0x3f2f0fde)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000089}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
add_key(&(0x7f0000000140)='rxrpc\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x26)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x1ff)
fanotify_init(0x8, 0x800)

7.830921286s ago: executing program 0 (id=831):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xe)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0x6, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x5, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x7, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0x10, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x7695, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x400, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x8, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x80000002, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x0, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x8, 0x0, 0x60000000, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x800], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x7f, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x4c400000, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x603}], 0x1, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', <r3=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r7, &(0x7f0000000040)="e2", 0x918)
ioctl$TCGETS2(r1, 0x5434, 0x0)

7.750596879s ago: executing program 4 (id=832):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
io_setup(0x8, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x212e, 0x100, 0x3, 0x3de}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000180)=<r5=>0x0)
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[r6], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = socket(0x2c, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r7, &(0x7f0000003340), &(0x7f0000003380)=@tcp=r8}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r7, &(0x7f0000000340)}, 0x20)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x400000080001001, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

7.582803007s ago: executing program 1 (id=833):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="60000000000101040000000000000000020000002c0001801400018008000100e000000108000200acd2fac9bc1414000c000b8005000100000000000600034000040000180002801400018008000100e000040108000200e042cd010800074000000003035357f27f80"], 0x60}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$nvram(0xffffffffffffff9c, &(0x7f00000014c0), 0x40280, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
pselect6(0x40, &(0x7f0000000000)={0x3, 0x203, 0x8000000000000000, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x10000000}, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c)
r3 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x2000000000, 0x80001)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r3, 0xc1485544, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0xc, &(0x7f0000000fc0)=ANY=[@ANYBLOB="1800000000000000000000000000100085000000b5000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006c00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendto$inet6(r1, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000c80)='|', 0x1, 0xbcaf, 0x0, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_POST(r4, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
close(r4)

6.62053189s ago: executing program 4 (id=834):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000540), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001000000000000000000000022a5cfd43437ad6a74c19ac156b6faf4313b324586b9a4455226ea9885cc2912618016deba3b7d0a96a7ebbb7c986f56619478b6070c467e3b500e7a8c8a67d54abb3173e1e2c411ce7ba55b282699593bb63392dd5c7261c9e5caaf0d6c07b45167a4"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="05000000070000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}, 0x2}, 0x800)

5.889278473s ago: executing program 4 (id=837):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB="000000000000ffffffffffffffde000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x20, 0x20000000000000bb, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002280)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff47, 0x10, &(0x7f0000000340)={0x6, 0xb, 0x5, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdc)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x2, 0x5, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getitimer(0x2, &(0x7f0000000040))
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, &(0x7f0000000a80)={{}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
read$FUSE(r6, &(0x7f0000000240)={0x2020}, 0x2020)
pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

5.856231322s ago: executing program 0 (id=838):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]})
getresgid(&(0x7f0000002fc0), &(0x7f0000003000), &(0x7f0000003040))
r0 = syz_open_dev$vivid(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000180)={0x8, 0x1, 0x1, {0x9, @sliced={0xd0f, [0x0, 0xff, 0x8000, 0x1, 0x6, 0x6, 0x8, 0x89a, 0x1, 0x3, 0x80, 0x1, 0x1000, 0x2, 0x2, 0x0, 0x4, 0x4, 0x0, 0x3, 0x1ff, 0x5, 0x8, 0x81, 0x2, 0x2, 0x405, 0x3, 0x2, 0x5, 0xfffb, 0x2, 0x200, 0xfff5, 0x8, 0x2, 0x2, 0x5, 0x5, 0x7, 0x0, 0x7, 0x2, 0x2, 0xd, 0xa30, 0xa], 0x5}}, 0xffff})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r1, 0x80811501, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, &(0x7f0000000c80))
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc97c130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffdd6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76f186719d819164300"})
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, &(0x7f0000000180)="0f01df66ba210066ed0fc7370f01c3dde366baf80cb84836478fef66bafc0cb800980000ef66b857008ec866baa00066b8000066ef66b80b010f00d00f01f1", 0x3f}], 0x1, 0x56, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffffc}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001d40)=@newtaction={0x88c, 0x30, 0x1, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x4, 0x400, 0x10000, 0x0, 0xc2, 0x6, 0x4, 0x5a76, 0x9, 0x2, 0x7fff, 0x5, 0x8, 0xe1, 0xf, 0x6, 0x3, 0x0, 0x2, 0x7, 0x4, 0x4, 0x6, 0xfffffff8, 0xdfa, 0xa, 0x2, 0x6, 0x0, 0x0, 0x5, 0x0, 0x80000001, 0x3ff, 0x7, 0x3, 0x5, 0x0, 0x0, 0x8f, 0x4, 0x2, 0x1, 0x6, 0xffffffff, 0xf, 0x1, 0x8, 0x9, 0x4, 0x70, 0xd, 0x10, 0x5, 0x7, 0x9, 0x1, 0xb4, 0x5c6, 0x803f, 0xffffffff, 0x10001, 0xfffffff8, 0xffffffff, 0x12000, 0x1, 0x2, 0xf, 0x6, 0x9, 0x8, 0x8, 0x4, 0x9, 0x5, 0x2, 0x10001, 0x7fff, 0x10000, 0x200, 0x4, 0x8, 0x1, 0x2, 0x7, 0x7fff, 0x6, 0x0, 0x5, 0x3, 0x8, 0x2, 0x4, 0x80000001, 0xe00000, 0x5, 0x5, 0x5579c707, 0x5, 0x5, 0x0, 0xfffffff8, 0x2, 0xffff, 0x3, 0x8, 0x7, 0x0, 0x508, 0xffffffff, 0x7fff, 0x0, 0xfffffe00, 0x1, 0x400, 0x5, 0x6, 0x6, 0xfffffff8, 0xee2, 0xffffffff, 0x9b4, 0x1ff, 0x3, 0x8, 0xd, 0x9, 0x1, 0x71, 0x4, 0x1, 0x1, 0x10, 0x1, 0x3, 0x9, 0x6f, 0x7, 0x7, 0x3, 0x1000, 0x7, 0x1, 0x7, 0x3, 0x48c2, 0x1, 0xffff63f9, 0xffff, 0x2f, 0x8, 0x7, 0xfe5, 0x8001, 0x4, 0x8000, 0xeb57, 0x7, 0x9, 0x9, 0xffffff65, 0x97, 0x1, 0x7, 0x7, 0x307, 0x3800000, 0x6, 0x5, 0x54, 0x9, 0x9, 0x21d5, 0x6, 0x4, 0xa, 0xb, 0x959, 0xffffffff, 0x1ff, 0x314f, 0x2, 0xb, 0x10001, 0x1ff, 0x0, 0x3, 0x7, 0xa, 0x81, 0x9, 0x9, 0xffffffff, 0x4, 0x4, 0x5, 0xce6, 0x9, 0xfffffffc, 0x2, 0x2, 0x0, 0xd, 0x4, 0x7, 0x3, 0x6, 0x4a1d, 0x8, 0x3, 0x9, 0x3, 0x2, 0x0, 0x5, 0x3, 0x2, 0x8, 0x0, 0x4, 0x8, 0xff, 0x5bb, 0xa4c, 0x4, 0xff, 0x8000, 0x0, 0x8, 0x9, 0x5, 0x0, 0xaf2, 0x2, 0x1, 0x8, 0x36, 0x8, 0x6, 0x5, 0x0, 0x1f, 0x3, 0x1ff, 0x0, 0xd, 0x7, 0x2, 0x6, 0x4, 0x17cd, 0x1, 0xfff, 0xf, 0x400]}, @TCA_POLICE_RATE={0x404, 0x2, [0x20, 0x4, 0x4, 0x4, 0xba1f, 0x3, 0x1, 0x4, 0x1, 0x9, 0xfb, 0xffff, 0x4, 0x0, 0x4, 0x10001, 0xffff, 0x6, 0xa2f, 0x8000, 0x7, 0x1000, 0x9, 0xe, 0x4, 0x1, 0x7, 0x1, 0x55, 0x7, 0x8, 0x5, 0x4, 0x2, 0x3, 0x2, 0x8, 0x0, 0x10000, 0xaeae, 0xe, 0x6, 0x53, 0xfa, 0xd2be4f9, 0xf, 0x80000000, 0x2, 0xcc, 0x3, 0x3, 0x10000000, 0x800, 0x53e, 0x5, 0x2, 0x2, 0x2, 0x7, 0x11f, 0x1, 0x2, 0x8f5, 0x8, 0xff, 0x2, 0x9, 0x3, 0x3, 0x3ff, 0xcd, 0x3, 0x1000, 0x8, 0xfa, 0x401, 0xb3ec, 0x0, 0x2, 0xc5, 0x9, 0x5, 0x40, 0x3, 0x1, 0xfffffffe, 0x4, 0x9, 0x80000001, 0x91, 0x2, 0x5, 0x800, 0x5, 0x6, 0x8, 0x7, 0xffff, 0xfffffff9, 0x30, 0x4, 0x0, 0x7, 0xd5, 0x8000, 0xe6, 0x0, 0x2, 0x1, 0x40, 0x373, 0x6, 0x2, 0x7, 0x7, 0x4, 0x8, 0x5, 0x8000, 0x8, 0x4, 0x6, 0x1, 0x9, 0x7fff, 0xffffffc0, 0x0, 0x1, 0x9, 0x0, 0x2755, 0x2, 0x7ff, 0x9, 0x1, 0x3, 0x0, 0x7, 0x2e69, 0x200, 0x5, 0xc000, 0x101, 0x6, 0x3, 0x359, 0x591, 0xffa, 0xa, 0x8, 0x7f, 0x5, 0x3, 0x2, 0x2, 0x1, 0x6, 0x6, 0xd2b5906c, 0x3508, 0xabf, 0x3, 0xfffffffe, 0xfc, 0x8001, 0x5, 0x1ff, 0xffffff29, 0x9, 0x2, 0x0, 0x5, 0x0, 0x7fffffff, 0x9, 0x36b57a6e, 0x9, 0x79b, 0x7, 0x7, 0x7, 0x1, 0x5, 0x200, 0x5, 0xfffffffe, 0x9c, 0xfffffff2, 0x8000, 0x101, 0xd, 0x7f, 0xfffffff7, 0x8be, 0x7, 0xf, 0x81, 0xd0, 0x44d9, 0x9, 0x80, 0x5, 0x4, 0x5, 0x9, 0x6, 0x3, 0xa, 0x3, 0xffff, 0x80000000, 0xffff961a, 0x8001, 0xea6, 0x7, 0xb, 0x81, 0x7, 0x6, 0x4, 0xa, 0x7a, 0xe56, 0x1, 0x3, 0x9, 0x4, 0x3ff, 0x5, 0x5fa, 0x6, 0x80000000, 0x460, 0x7, 0x1, 0x2, 0x3ff, 0x1914e758, 0x9e7e, 0x6, 0xb, 0x8000, 0x2, 0xfe74, 0x8000, 0x2, 0x2, 0x6, 0xf, 0x6, 0x0, 0x3ff, 0x81, 0x3ff, 0x10000, 0x3]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x2, 0x90f8, 0x1, 0x3, {0x7, 0x1, 0x8, 0x7, 0x8, 0x9}, {0x8, 0x2, 0x3, 0x1000, 0x6, 0x101}, 0x2, 0x0, 0x8}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x88c}}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000001a0000000c00018008000100", @ANYRES32=r6], 0x20}}, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd010203010902"], 0x0)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000200)={"71f905403b66c31280c2cdc2497603ebd8a309ae6419fc91e97a9b3baaf4790ab0dc9f64e75ac37b2c034a73aa4f293c4fea952787d305d69d44f5a7d26423f3c2056f1b2181eeac75d73350011464248d83417e1ac5340e763fee71aca54b936d9dd4135dd1956efc1edca256eb18d325460461ee6ea6c84bdd4709d5fd3fee39609354e0e14414878ca632e53651e31eb905f4734d0709b0a0b3190775e66b2be4b494b0764d98bef2e8f028d374ff05fc6fc8c011927e116944217d5fded3787602a354e2f71d99bdbac7906399dcd23da64510fb7796b946eb99515e1aabc2aec161ab6d4e6d7af1b4f336c94a0d2341e8b5f3a6b34f61d526afec834bc10ef4edf946c9c2ec59b64732b37144f5d1287fa9ff2373cf8820b2837d7e2615ab1defd9b4931e4760967e0a85639de8453f16a99217abd7d5be0559ce092f67a66dec742aa4d9ec4664f667732624037ffc9c4002d1e8d450b94811a48c00583775d686c837eb186a49aa6793e8831d8201aeba6557b0ee4d2cd43d8adc89fe80fcdf6db0765a2f45a0e526a4089380e9e11eef1d9605aca95ffbcf34d3947ad067a34d7228e93922d7fea043476caa7015665ea7bf04465037a77c94243029e4ccb81d082f1d1d63282643303cb7363c810b680fad1a9019dec6820dcd78bdf92ad52e7f8eae666789b3d8d9a3d5e5a915aab3b74f918551a1cf01fc75f7b4025e76e4e94a1c47eb1274daa7ab31b431ee1763127d04b0f912ae4102a5c21563d1fc368c81a18bba9d3d16d10a2482387a123d9331b9624dda84ce915cbbe0556730171978337f9e8d0076380ab9408e2e0fc8d31fe8559aaa8956392c7595fd853cd8a7c6e469971e7c9288a878d8fb40243a9fc4c9d5930685555b0df334f92266951428d2ddf2989f7e8db418d8e816236640b54df7743a48b88ac8fb568658fd3f710b427a84dcb0fde399f821fd12e5be13a63660791048ab458edbda474528c32f3c2d01652dd9fd67acf75570e92ea68caef768fbaa32fc40702bf097cfd5ec4a54c1a21cc010acb95fb19777ff1e487c86985e071ba3ba4ebf0e00c95eaa5b2904e750773992f7d47175fdb1722736f57cc92db13033f239857ea92b33926b46099a9e6eb3d93fa49b8195520a170d3203175ad2a6378e75ecb6e631f9dbbeaae29f345401cdba97db6adf213e1c24becdc89555c53decfa84ccc7357b275592950b420ce2dc3dc87d2146be7c2e3bfc1a956c8a49a1f910afbe23f5eb19d9cebe0c296b11100ab8f9f5387410cbf8acc000a89bf8f16e88bc1bbf46d58a4e0b1aa1945c6ba1bcdfafcc7a522399ff1159e09333cdee548ae3f12f96d398aef5febea0aa2378dc93c8ac5edbf6ff8e1ae02b7b2d396a64daf0aa78524f56de1de6de3d09e1d1d704d4f114d1b5bff2824f016a02178f45804dd982"})

5.109950493s ago: executing program 3 (id=839):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x6}]}}}]}, 0x3c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000006940)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0}], 0x1, 0x0)
io_submit(0x0, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, 0xffffffffffffffff, &(0x7f0000000340), 0x2d}])
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x7, 0x4401b, 0xffffffffffffffff, 0x2b73a000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)={[{@dyn}]})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
close(r4)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000013006bcd9e3fe3dc6e48aa31086b870030000000ff000000160af365040014000d0002008bc3a0e640e5", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdc3, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x77)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c8}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8)

5.105405107s ago: executing program 2 (id=840):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x6}]}}}]}, 0x3c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000006940)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0}], 0x1, 0x0)
io_submit(0x0, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, 0xffffffffffffffff, &(0x7f0000000340), 0x2d}])
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x7, 0x4401b, 0xffffffffffffffff, 0x2b73a000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)={[{@dyn}]})
r3 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
close(r4)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="5c00000013006bcd9e3fe3dc6e48aa31086b870030000000ff000000160af365040014000d0002008bc3a0e640e5", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdc3, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x77)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0x0, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3c8}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8)

5.070856415s ago: executing program 1 (id=841):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
openat$kvm(0xffffff9c, 0x0, 0x480, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x12, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008510000001"], &(0x7f0000000000)='GPL\x00', 0x4, 0xeb, &(0x7f0000000080)=""/235, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x1000, 0x3f2f0fde)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000089}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
add_key(&(0x7f0000000140)='rxrpc\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x26)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x1ff)
fanotify_init(0x8, 0x800)

3.491766879s ago: executing program 1 (id=842):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x4, 0x0, 0xa6, 0x0, 0x5, 0x0, 0xfffffffffffffdfc}, {0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0xff, 0x2, 0x0, 0x800000000000000}, {0x0, 0x33, 0x3, 0x0, 0x4, 0x5, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4000000000000000}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000, 0x100})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.489690554s ago: executing program 3 (id=843):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000740), 0x5, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000180)={@any, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0xfffffffe, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}, {0xb, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x2004c084}, 0x40000d0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000cc0), r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000000)=ANY=[@ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf25250000000c0005000201aaaaaaaaaaaa05002b0000000000060006000100000008000200", @ANYRES32=r3], 0x38}}, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="d58efa6ef94f7e976b99def21dbdd03ac251cd2e064c5576dfd0e030bd75bca6506821682fdcec5ceb40aa8017d526ed06b472dc78bef51d8581a1659a8a6aed60a3666de7b93b55169ff0d5dcb6cb008207f5947465598b478dc39b7c6482d123213ded3adcf513821b23611718231f20e88c6f4deb49048811aa114b6dbe5773e90dff407006fd77fb529aef8627ed55b5e9", @ANYRES32, @ANYRESHEX], 0x4c}}, 0x4040884)

3.416501521s ago: executing program 2 (id=844):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)=0x801)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000080)=0x1)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000800)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000000000000000000d0a00000000000000000000060480"], &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0x8, 0x0, 0x0, @void, @value}, 0x28)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x230303, 0x0)
ioctl$SNDCTL_DSP_SETDUPLEX(r1, 0x5016, 0x0)

3.410774607s ago: executing program 4 (id=845):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0xcb7c52622f5977a0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x2a)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000000)={0x4, 0xf, 0x4, 0x68f9, 0x58, 0x7f, &(0x7f0000000440)="3a75e75ea3c81fd46062780b640ff50ac01bafbd8b4d747b7eecfb09e6f95d5186297b51ecafad24b12d21f33696d8f1587f90a51d60ea3c9d19c6a7e41aa2b64420edec16c369b67b4027c0e98fa6c7e2a5001812f08728"})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="180000000800000000"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
iopl(0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000400)='net/wireless\x00')
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000380)=0x6, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32], 0x24}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x8, @loopback}, 0xfffffffffffffe01)
sendmmsg(r5, &(0x7f0000000480), 0x0, 0x4004b00)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7ffffffa, 0x0, 0x0, 0x201, 0x0, 0x2, 0x4, 0x48})
r6 = open(&(0x7f0000000000)='./file0\x00', 0x828c0, 0x0)
fcntl$setlease(r6, 0x400, 0x1)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x20801, 0x0)
accept$inet6(r2, 0x0, &(0x7f0000000280))

3.318034262s ago: executing program 3 (id=846):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x4040094)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x4, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0900000004000000060000000a"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10)

3.231684105s ago: executing program 2 (id=847):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xe)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0x6, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x5, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x7, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0x10, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x7695, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x400, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x8, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x80000002, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x0, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x8, 0x0, 0x60000000, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x800], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x7f, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x4c400000, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'bond0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x918)
ioctl$TCGETS2(r1, 0x5434, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

2.220327485s ago: executing program 3 (id=848):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0xe)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0x6, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x5, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x7, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0x10, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x7695, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x400, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x8, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x80000002, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x0, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x8, 0x0, 0x60000000, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x800], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x7f, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x4c400000, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x603}], 0x1, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', <r3=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000003c000000090a010400000000000000180100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008740000000c0a95c900000000000000000100000008000440000000000900010073797a300000000038000380340000800400018004000680140007800c000100636f756e7465720004000280140001800c0001"], 0xe4}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r7, &(0x7f0000000040)="e2", 0x918)
ioctl$TCGETS2(r1, 0x5434, 0x0)

2.111930326s ago: executing program 1 (id=849):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x200000d, 0x13, r2, 0x100000000)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'ip_vti0\x00', 0x0, 0x8000, 0x17, 0x6, 0xffffffff, {{0xf, 0x4, 0x0, 0x15, 0x3c, 0x65, 0x0, 0x1, 0x29, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x1c, 0x4f, 0x0, 0x7, [0x1, 0x2, 0xe, 0x6, 0x2, 0xfffffffe]}, @timestamp={0x44, 0x8, 0x8, 0x0, 0x7, [0xec85]}, @noop]}}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(0xffffffffffffffff, &(0x7f0000000880)=[{0x0}], 0x1, 0x295e, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x0, 0x5, 0xfeff, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x0, 0xfeff})
fallocate(r1, 0x1, 0xa, 0x20000)

1.9009418s ago: executing program 2 (id=850):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000540)={0x2c, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @binary="3170d5cb"}]}]}, 0x2c}], 0x1}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c0000800800"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880)

1.261604283s ago: executing program 3 (id=851):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r1) (async)
close(r1)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x53, 0x0, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x0) (async)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000100039040000000000000000000003e4", @ANYRES32=0x0, @ANYBLOB="65580000000000001c0012800f000100697036677265746170000000080002800400120008001f000400000073d5e0a6e3b169e20c20b2cdbbd1a4edb29ba45b9e0112151644c68a697d8154677345442fb333f60e"], 0x44}}, 0x1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000100039040000000000000000000003e4", @ANYRES32=0x0, @ANYBLOB="65580000000000001c0012800f000100697036677265746170000000080002800400120008001f000400000073d5e0a6e3b169e20c20b2cdbbd1a4edb29ba45b9e0112151644c68a697d8154677345442fb333f60e"], 0x44}}, 0x1)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r8, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', <r10=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) (async)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0)
r11 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) (async)
getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=@gettclass={0x24, 0x2a, 0x20, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x7ff8, 0xe}, {0xd, 0xb}, {0xb, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) (async)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newtfilter={0x934, 0x2c, 0x300, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r12, {0xe}, {}, {0x8, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x1bbbe}, @TCA_FLOW_MODE={0x8}]}}, @filter_kind_options=@f_u32={{0x8}, {0x8d0, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x8f}, @TCA_U32_SEL={0x344, 0x5, {0xc, 0xe8, 0x5, 0xcc, 0x8000, 0x8, 0xb, 0x7, [{0x0, 0x1, 0x6, 0x9}, {0xfff, 0x7ff, 0x0, 0x9}, {0x3, 0x2, 0xfffffffe, 0x6}, {0x27, 0x8, 0x6, 0x9}, {0x80000000, 0x6, 0x8, 0x1}, {0x3, 0x6, 0x5, 0xbd}, {0x4, 0x2, 0xd, 0x5}, {0x8000, 0x9, 0x5, 0x7}, {0x5, 0x5, 0xe34d, 0x10}, {0xfffffff9, 0x10001, 0x0, 0x10000}, {0x3ff, 0x0, 0x4, 0xe}, {0x3, 0x1, 0x6, 0x7ff}, {0xff, 0x101, 0x4, 0x101}, {0x8, 0xb, 0x2, 0x8001}, {0x2, 0x4, 0x8, 0x4}, {0x9, 0x43, 0x7fffffff, 0x1}, {0x3, 0x7ff, 0x8, 0x2}, {0x7fffffff, 0x8, 0x7, 0x2}, {0xffff, 0xffffff7f, 0x3, 0xd61}, {0x4, 0x3, 0xc, 0x6}, {0xd675, 0x10001, 0xfeb5, 0xffff}, {0x3, 0x0, 0x400, 0xfffffffd}, {0x9, 0xfffffff9, 0x5, 0xc49}, {0xfff, 0x71, 0x7, 0xef9}, {0x1, 0x3, 0x4, 0x7}, {0xffffffff, 0x200000, 0x80000001, 0xfffff000}, {0x80, 0x4, 0xfffff2ef}, {0xffffffff, 0x40, 0x4, 0x6}, {0x1, 0x10, 0x7ab3, 0x100}, {0x400, 0x6, 0xfffffff0, 0x6e0}, {0xbef1, 0x6, 0x24000000, 0xfa}, {0xfffffffb, 0x0, 0xffff1d60, 0x1}, {0x2, 0x1, 0x2, 0x40}, {0x3, 0x3, 0x2, 0x5}, {0x2, 0x2, 0x1, 0xf4}, {0x19, 0xfff, 0x3, 0x6}, {0x3ff, 0x5, 0x5}, {0x2, 0x7c5, 0x3, 0x5575}, {0x4, 0xfffffffd, 0x8, 0x7f}, {0x7fffffff, 0x9, 0x3, 0x80000001}, {0x4, 0x2, 0x2, 0xe}, {0x7c, 0x4, 0x8, 0x9}, {0x3, 0x8, 0x7ff, 0xc}, {0x8, 0x3, 0x3, 0x2}, {0xfd52, 0x4, 0xfdc4, 0x2}, {0x7, 0x3, 0x400, 0x8}, {0xb, 0x5, 0x4, 0x5}, {0x3, 0xfffffffd, 0x80000001, 0x4}, {0xfffffffe, 0x1, 0x9}, {0x3, 0x3, 0x5, 0xffff}, {0xffffffff, 0x7, 0xf, 0x4}]}}, @TCA_U32_INDEV={0x14, 0x8, 'pimreg0\x00'}, @TCA_U32_HASH={0x8, 0x2, 0x9}, @TCA_U32_SEL={0x564, 0x5, {0xc, 0x80, 0x5, 0x8, 0x3, 0xff, 0x1, 0x9, [{0x2, 0x8000, 0x2000000, 0xe7}, {0x3, 0x3, 0x100}, {0x200, 0x3, 0x6, 0x4}, {0x8, 0x3, 0x10001, 0x7fffffff}, {0x0, 0x4, 0x5, 0x3}, {0x4, 0x5, 0x7ff, 0x84}, {0x0, 0x2, 0x9, 0xffffffff}, {0x4, 0x8001, 0x20000, 0x2}, {0xffff, 0x5, 0x60, 0x10001}, {0x5, 0x1, 0x3, 0x8}, {0x9, 0x6, 0x3, 0x7}, {0xfffffffa, 0x6, 0x40}, {0x4, 0x9, 0x40, 0x8}, {0xa0b, 0xd4f4, 0x44000000, 0x8}, {0x2908, 0x6, 0x6, 0xfffffffa}, {0x8001, 0x9, 0x7, 0x6}, {0x2b, 0x2, 0x7, 0x3ff}, {0xf80c, 0x6f37, 0x9, 0xa}, {0xe9, 0x1, 0x2, 0x7ff}, {0x1, 0x7, 0x0, 0x6}, {0x8001, 0x400, 0x3, 0x2}, {0x2, 0xffffffff, 0x2, 0x4}, {0x5, 0xffffffff, 0x6}, {0x9, 0xfffffffc, 0x80000001, 0x40}, {0x1, 0x6, 0x5b5f, 0x4d8}, {0x14000, 0x1, 0xfffffff7, 0x9}, {0x400, 0xff, 0x6, 0x1}, {0x8001, 0x4, 0x2, 0x2}, {0x0, 0x81, 0x7fff, 0x200}, {0x9, 0x1000, 0x9, 0x15d}, {0x1, 0x7, 0x81, 0x4d}, {0x6, 0x7, 0x3, 0x3}, {0x2, 0x40, 0x74, 0x4}, {0x7, 0x0, 0x200, 0x26}, {0x1, 0xfffffffb, 0x9, 0x1fffe}, {0x7ff, 0x4, 0x2, 0x83b}, {0xfd, 0xbc, 0x10, 0x8}, {0x4, 0x8, 0x400, 0x7}, {0x6, 0x2, 0x7, 0x3}, {0x9, 0x5, 0x40}, {0x7, 0x76, 0x0, 0x6}, {0x5, 0x2, 0x19fb4c92, 0x200}, {0x5, 0x5, 0x5, 0x8fba}, {0x0, 0x8, 0x401, 0x8}, {0x9, 0x72, 0x3, 0x8}, {0x8001, 0x7, 0x2}, {0x0, 0x2ce, 0x2, 0x9}, {0x1, 0x7fff, 0x1e27000, 0x7}, {0x2, 0x8, 0x2, 0x9}, {0x4, 0x4, 0x2, 0x1ff}, {0x72, 0x3, 0x0, 0x4e00000}, {0x400, 0x125e, 0x6, 0x9}, {0x1, 0xac9, 0x1, 0x1}, {0x0, 0x6, 0xbe54, 0x980}, {0xfffffffb, 0x8, 0x5, 0x6}, {0x10000, 0x3, 0x6, 0x7}, {0x56d7f497, 0xfffffff8, 0xb8c8, 0x9}, {0x0, 0x745755dc, 0x1, 0x2}, {0xffffffff, 0x1, 0xe0e3, 0x9}, {0x80, 0xfffffffc, 0x165, 0x1}, {0x9c7, 0xfffff801, 0x7d1f, 0x8}, {0x3, 0x0, 0x7fffffff, 0x2329}, {0x39, 0x58b7, 0x6, 0xfffffffe}, {0x0, 0x9, 0xeaad, 0xeaf}, {0x5, 0x2, 0x1, 0x7}, {0x401, 0x8, 0x4611, 0x8001}, {0x1000, 0x5, 0x4, 0x1}, {0xe000000, 0xffff, 0x0, 0x1}, {0xb, 0xd06d, 0x80000001}, {0x48, 0xb61, 0x376238d, 0x2}, {0x1fe, 0x1, 0x10}, {0x3a, 0x40, 0x1564, 0x4}, {0xa, 0x50, 0x760, 0x9}, {0x4, 0x9, 0x5, 0x9}, {0x8, 0x6, 0x150, 0x50}, {0x0, 0x0, 0x100, 0x3d0}, {0x200, 0xba47, 0x0, 0x80000000}, {0x10001, 0x23e69e88, 0x10, 0x2}, {0x5, 0x8001, 0x8, 0x7}, {0x0, 0x3, 0x2, 0x4}, {0x6, 0xda2, 0xaa, 0x10000}, {0x90, 0xf02, 0x81, 0x8000000}, {0x3, 0x964, 0x10001, 0x3f257c25}, {0x7ff, 0x8, 0x0, 0x100}, {0x3, 0x7, 0x6, 0x9}]}}]}}, @TCA_CHAIN={0x8, 0xb, 0x3b}, @TCA_RATE={0x6, 0x5, {0x6, 0x9}}, @TCA_CHAIN={0x8, 0xb, 0x8001}]}, 0x934}, 0x1, 0x0, 0x0, 0x81}, 0x4000)

508.379749ms ago: executing program 2 (id=852):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000b0e0000000000000000800018150000", @ANYRES32, @ANYBLOB="0000000000000000b7080000030000087b8af8ff00b90000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x53, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003f40)=[{&(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)}], 0x1, &(0x7f0000000200)=[@init={0x18, 0x84, 0x0, {0xc71f, 0xfff, 0x8, 0xc4}}], 0x18, 0x48060}], 0x1, 0x200000d0)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, 0x0, &(0x7f0000000580))
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0xcd, &(0x7f0000000040), 0x5}, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x7fffffe, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0xffffffff}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
syz_clone3(&(0x7f0000000600)={0x20000000, 0x0, 0x0, 0x0, {0x3c}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r3, &(0x7f0000000180)={0x10, 0x0, r4}, 0x10)

472.633225ms ago: executing program 1 (id=853):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
openat$kvm(0xffffff9c, 0x0, 0x480, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x12, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000008510000001"], &(0x7f0000000000)='GPL\x00', 0x4, 0xeb, &(0x7f0000000080)=""/235, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
preadv(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x1000, 0x3f2f0fde)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000000089}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
add_key(&(0x7f0000000140)='rxrpc\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x26)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x1ff)
fanotify_init(0x8, 0x800)

458.955846ms ago: executing program 4 (id=854):
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="2cac87e7", @ANYRES16=0x0, @ANYBLOB="010026bd7000fcdbdf250a000000180004801300010062726f6164636173742d6c696e6b0000"], 0x2c}, 0x1, 0x0, 0x0, 0x40014}, 0x4028050)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f0000000740)={0x2, 0x1, 0x2, 0x8, 0x1d1, &(0x7f0000000340)="73b8b93e6d4c455c432105ec07ab65623d0fed63af74d446418e79eb9451c58ebd3258eda0cde76e5f6f663c12a59bbd93c3da3211cc9791ca85645772d1ea6759f16fa6f84418425006fd4595327b8d1434c74967edd199a49ef1e2d0de81d0e7d71aa43fca71fa7e4767cc413a08bf7a1fa08c6655f21f7e022fc800351bc40b80f778c432c0f683bdca118eea3ed34117c7dd049606acee62b96069480b69e0dd80875713ed7d0f8b314c470f7f002f8cdcf22ddef7d3e80f1559325f84200119be5b4e2bab26f46c651844ebc7e7dfe780cea0efdf6582aee934fb1faed1929c48003802a9a3675621cfeab55b2db721614fdef2ac88e36fb9764425ccbc5df18afe15d6d2bb9c85f33c4529dd4f033f7079627f5b7851907b6d1eea42fdc649de9e7a1fad4a5695d9e5567f699a7c5a9a8bfbb1ab9f17b6075069be28dc41cee2ce976eaa2bb33e27933922a7d2188f03821fd9055d193b4164c71e38c38b52db4cc1881de9d515c72daa674380974e3bd67ea1fc01c037cc0bef2d5b88f9580dfb4d52c8f0262e401b39995e6366dfc21d9ec7552fa04b6795ce9af54514aa06ee76c9e3e8ce31e4890ba2af164a589aced5a5fdce649527222ff62729a0a91e1c03ca67f270e162f5a4a591d5708aa3f6616ed017e7e7c69a1467f3277edba16bfbf4574f4a4c2194c58045f19805ce9e46cc97ff6b5a8c4f3d12b77489fa12c65d0f58906316b44d6ef824e1ecb52589f5c0dc2de4020e61d86622bafb7fe71b6127290e010291d9bea6c769459e2b6dbb991d1b379d37fe376ea7770692ef1389585a54a98561ea428ad74bceeaed0376f27f2ea86b191f8f15c11a8bd1ce71cf6536497e1e28480f2c8075d379b68ac196ce5e784f005c7f6ff600b2ef3cdca4660f5b712773dfb18aeaef4bd38b1ec7e5e492768a85b3ed2401b854d586bb62b70aa5369e91fdc74a280a7adcf46ddb47628886bf14b5678c7296ee64fdd99846a07b15cb62695d38b6a14940368472f6eae6f49faa622bbf6a9c5568036729226454d4b2f95485533b343e46b9a50201a145b204ac8bddd1ea25ce198d26b1344aa68b9ca7d35ebd13e70165ed40a554e3409f796fe6adf31825faab1073b4a0e7d19a4a1a524d9f4e02a17c4d870b418dacbdeb368df96c7759068d9e636f643c8472586c21b3929b5f9867e2cd0536e03ec462fba5100e46343d58e803d949ae1bb39ca85f496c64c45afb4b30f12ade87d9f98b4633522a47bfb11731aa6ee024f3513457dce809725b4d7b388d500627127978dd9dd9662cbd2ea2228c711098d09d1dbfd594f619485857a694671423e17702581b000eb45d5528b6f6f831389d4eedbe1cab0d0ae5293b7c7b944861b3e2d75196b8c0b0fa563b83d73ae6101435bbe4fb8923d07c1885a12f7e51059f3b47c8ef7a984f"})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000940)={'sit0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, {{0x5, 0x4, 0x0, 0x38, 0x14, 0x3, 0x0, 0x0, 0x0, 0x0, @broadcast, @loopback}}}})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x0, 0x6, 0x9, 0xe55, 0x6, 0x2, 0x40, 0x4, 0x0, 0x32a, 0xfffffffffffffffe, 0x7fffffffffffffff, 0x1, 0x539c, 0x9, 0x6a], 0x10000, 0x80010})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000280))
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000680)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r6}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="07000000040000000800000063"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0x28e, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1a000000, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000002c0)={0x3, 0x0, 0x0, 'queue1\x00', 0x8})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x3, 0x1, 0x1, 0xfffffffffffffffc, 0x2, 0x5, 0x9, 0x4, 0x2, 0x0, 0x2, 0x6, 0x4, 0x2], 0xf000, 0x82106})
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$TIOCMSET(r7, 0x5418, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

296.180797ms ago: executing program 0 (id=855):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000002340)={0xc, {"a2e3ad214fc752f91b2547f70e06d038e7ff7fc6e5539b3250078b089b39083872090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

189.22331ms ago: executing program 1 (id=856):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000740), 0x5, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000180)={@any, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0xfffffffe, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x4}, {0xffff, 0xffff}, {0xb, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x2004c084}, 0x40000d0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000cc0), r1)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000000)=ANY=[@ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf25250000000c0005000201aaaaaaaaaaaa05002b0000000000060006000100000008000200", @ANYRES32=r3], 0x38}}, 0x10)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="d58efa6ef94f7e976b99def21dbdd03ac251cd2e064c5576dfd0e030bd75bca6506821682fdcec5ceb40aa8017d526ed06b472dc78bef51d8581a1659a8a6aed60a3666de7b93b55169ff0d5dcb6cb008207f5947465598b478dc39b7c6482d123213ded3adcf513821b23611718231f20e88c6f4deb49048811aa114b6dbe5773e90dff407006fd77fb529aef8627ed55b5e9", @ANYRES32, @ANYRESHEX], 0x4c}}, 0x4040884)

120.79919ms ago: executing program 2 (id=857):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB="000000000000ffffffffffffffde000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x20, 0x20000000000000bb, &(0x7f00000000c0)=ANY=[@ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000002280)={0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff47, 0x10, &(0x7f0000000340)={0x6, 0xb, 0x5, 0x20000}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000108000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xdc)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x2, 0x5, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
getitimer(0x2, &(0x7f0000000040))
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, &(0x7f0000000a80)={{}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
read$FUSE(r6, &(0x7f0000000240)={0x2020}, 0x2020)
pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

0s ago: executing program 3 (id=858):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x4040094)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x4, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0900000004000000060000000a"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10)

kernel console output (not intermixed with test programs):

ew high-speed USB device number 5 using dummy_hcd
[  210.653838][ T5826] usb 5-1: Using ep0 maxpacket: 32
[  211.079034][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.097665][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.107496][ T5826] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  211.137652][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.158904][ T5826] usb 5-1: config 0 descriptor??
[  211.171546][ T5826] hub 5-1:0.0: USB hub found
[  213.089785][ T7130] __nla_validate_parse: 1 callbacks suppressed
[  213.089805][ T7130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.335'.
[  213.207859][ T5874] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  213.313893][ T7138] netlink: 20 bytes leftover after parsing attributes in process `syz.0.338'.
[  213.323435][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.338'.
[  213.503154][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  213.592389][ T5826] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  213.679535][ T5874] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  213.962669][ T5826] usbhid 5-1:0.0: can't add hid device: -71
[  214.086842][ T5826] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  214.402659][ T5874] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  214.422044][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  214.452365][ T5874] usb 3-1: Product: syz
[  214.460639][ T5826] usb 5-1: USB disconnect, device number 5
[  214.478990][ T5874] usb 3-1: Manufacturer: syz
[  214.686853][ T5874] usb 3-1: SerialNumber: syz
[  215.367061][ T5874] usb 3-1: config 0 descriptor??
[  215.373075][ T7129] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  215.386572][ T5874] hub 3-1:0.0: bad descriptor, ignoring hub
[  215.392660][ T5874] hub 3-1:0.0: probe with driver hub failed with error -5
[  215.797808][ T7150] netlink: 20 bytes leftover after parsing attributes in process `syz.4.340'.
[  215.807704][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.340'.
[  215.938856][ T5826] usb 3-1: reset high-speed USB device number 11 using dummy_hcd
[  215.988502][ T5826] usb 3-1: device reset changed ep0 maxpacket size!
[  216.225706][ T5826] usb 3-1: USB disconnect, device number 11
[  216.760362][ T7153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.342'.
[  216.778804][ T7157] netlink: 368 bytes leftover after parsing attributes in process `syz.3.343'.
[  216.824540][ T5826] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  216.985491][ T7157] netlink: 368 bytes leftover after parsing attributes in process `syz.3.343'.
[  217.349810][ T5872] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  217.956255][ T5872] usb 2-1: Using ep0 maxpacket: 16
[  218.588967][ T5872] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  218.623323][ T5872] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  218.650096][ T5872] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0
[  218.660347][ T5872] usb 2-1: config 7 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  218.834763][ T5872] usb 2-1: config 7 interface 0 has no altsetting 0
[  219.189354][ T5872] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  219.207633][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.098652][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  220.111223][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  220.119664][ T5872] usbhid 2-1:7.0: can't add hid device: -71
[  220.125750][ T5872] usbhid 2-1:7.0: probe with driver usbhid failed with error -71
[  220.153467][ T5872] usb 2-1: USB disconnect, device number 12
[  220.304922][ T7189] netlink: 20 bytes leftover after parsing attributes in process `syz.0.351'.
[  220.314265][ T7189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.351'.
[  221.383368][   T30] audit: type=1326 audit(1746350623.369:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7194 comm="syz.3.354" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc506b8e969 code=0x0
[  222.062460][ T7210] netlink: 20 bytes leftover after parsing attributes in process `syz.0.357'.
[  222.071734][ T7210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.357'.
[  222.385024][ T7215] netlink: 32 bytes leftover after parsing attributes in process `syz.3.361'.
[  222.421780][ T7215] netlink: 20 bytes leftover after parsing attributes in process `syz.3.361'.
[  222.469712][ T5826] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  222.627854][ T5826] usb 1-1: Using ep0 maxpacket: 8
[  222.710112][   T30] audit: type=1326 audit(1746350624.689:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7216 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8864f8e969 code=0x7ffc0000
[  222.917195][   T30] audit: type=1326 audit(1746350624.699:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7216 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8864f8e969 code=0x7ffc0000
[  223.162412][ T5826] usb 1-1: unable to get BOS descriptor or descriptor too short
[  223.170750][ T7217] fuse: Bad value for 'fd'
[  223.266973][ T5826] usb 1-1: config 248 has an invalid interface number: 51 but max is 0
[  223.275559][ T5826] usb 1-1: config 248 has no interface number 0
[  223.305187][ T5826] usb 1-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=39.f0
[  223.336351][ T5826] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.345014][ T5826] usb 1-1: Product: syz
[  223.349395][ T5826] usb 1-1: Manufacturer: syz
[  223.354038][ T5826] usb 1-1: SerialNumber: syz
[  226.020797][ T7237] netlink: 20 bytes leftover after parsing attributes in process `syz.3.363'.
[  226.212799][ T7237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.363'.
[  227.032045][ T5826] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:248.51/input/input9
[  227.075339][ T5826] bcm5974 1-1:248.51: could not read from device
[  227.107397][ T5175] bcm5974 1-1:248.51: could not read from device
[  227.369621][ T5826] input: failed to attach handler mousedev to device input9, error: -5
[  227.530091][ T5175] bcm5974 1-1:248.51: could not read from device
[  227.537990][ T5826] usb 1-1: USB disconnect, device number 8
[  227.554361][ T5175] bcm5974 1-1:248.51: could not read from device
[  228.079416][ T7251] netlink: 20 bytes leftover after parsing attributes in process `syz.0.367'.
[  228.107670][ T7251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.367'.
[  229.606909][ T7263] netlink: 20 bytes leftover after parsing attributes in process `syz.2.369'.
[  229.616493][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'.
[  231.712288][ T7275] netlink: 32 bytes leftover after parsing attributes in process `syz.4.373'.
[  231.781621][ T7275] netlink: 20 bytes leftover after parsing attributes in process `syz.4.373'.
[  232.645092][ T7288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.374'.
[  232.680244][ T7288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.374'.
[  234.454053][ T7301] FAULT_INJECTION: forcing a failure.
[  234.454053][ T7301] name failslab, interval 1, probability 0, space 0, times 0
[  234.553986][ T7301] CPU: 1 UID: 0 PID: 7301 Comm: syz.4.380 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  234.554019][ T7301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  234.554032][ T7301] Call Trace:
[  234.554041][ T7301]  <TASK>
[  234.554050][ T7301]  dump_stack_lvl+0x189/0x250
[  234.554089][ T7301]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.554117][ T7301]  ? __pfx__printk+0x10/0x10
[  234.554151][ T7301]  ? __pfx___might_resched+0x10/0x10
[  234.554181][ T7301]  ? fs_reclaim_acquire+0x7d/0x100
[  234.554208][ T7301]  should_fail_ex+0x414/0x560
[  234.554247][ T7301]  should_failslab+0xa8/0x100
[  234.554280][ T7301]  __kmalloc_noprof+0xcb/0x4f0
[  234.554312][ T7301]  ? tomoyo_encode+0x28b/0x550
[  234.554343][ T7301]  tomoyo_encode+0x28b/0x550
[  234.554375][ T7301]  tomoyo_realpath_from_path+0x58d/0x5d0
[  234.554412][ T7301]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  234.554434][ T7301]  tomoyo_path_number_perm+0x1e8/0x5a0
[  234.554459][ T7301]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  234.554498][ T7301]  ? __lock_acquire+0xaac/0xd20
[  234.554545][ T7301]  ? __fget_files+0x2a/0x420
[  234.554581][ T7301]  ? __fget_files+0x3a0/0x420
[  234.554610][ T7301]  ? __fget_files+0x2a/0x420
[  234.554644][ T7301]  security_file_ioctl+0xcb/0x2d0
[  234.554669][ T7301]  __se_sys_ioctl+0x47/0x170
[  234.554697][ T7301]  do_syscall_64+0xf6/0x210
[  234.554722][ T7301]  ? clear_bhb_loop+0x45/0xa0
[  234.554748][ T7301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.554777][ T7301] RIP: 0033:0x7f8864f8e969
[  234.554795][ T7301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.554813][ T7301] RSP: 002b:00007f8865e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  234.554835][ T7301] RAX: ffffffffffffffda RBX: 00007f88651b5fa0 RCX: 00007f8864f8e969
[  234.554850][ T7301] RDX: 0000200000000340 RSI: 00000000c1105517 RDI: 0000000000000003
[  234.554864][ T7301] RBP: 00007f8865e8a090 R08: 0000000000000000 R09: 0000000000000000
[  234.554877][ T7301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  234.554889][ T7301] R13: 0000000000000000 R14: 00007f88651b5fa0 R15: 00007fff79fedcb8
[  234.554921][ T7301]  </TASK>
[  234.555255][ T7301] ERROR: Out of memory at tomoyo_realpath_from_path.
[  235.010051][ T7301] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  239.277942][ T7338] netlink: 32 bytes leftover after parsing attributes in process `syz.4.391'.
[  239.314848][ T7338] netlink: 20 bytes leftover after parsing attributes in process `syz.4.391'.
[  240.267786][ T2151] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  240.417689][ T2151] usb 3-1: Using ep0 maxpacket: 8
[  240.424983][ T2151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  240.452085][ T2151] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  240.490866][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.526637][ T2151] usb 3-1: config 0 descriptor??
[  240.588262][ T7359] netlink: 32 bytes leftover after parsing attributes in process `syz.4.398'.
[  240.600420][ T7359] netlink: 20 bytes leftover after parsing attributes in process `syz.4.398'.
[  241.365623][ T2151] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  242.941122][ T7374] netlink: 'syz.3.399': attribute type 10 has an invalid length.
[  242.949129][ T7374] batadv0: left allmulticast mode
[  242.967595][ T7374] 8021q: adding VLAN 0 to HW filter on device batadv0
[  242.992290][ T7374] batadv0: entered allmulticast mode
[  243.000890][ T7374] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  243.224413][ T7374] syz.3.399 (7374) used greatest stack depth: 19064 bytes left
[  243.449795][ T5874] usb 3-1: USB disconnect, device number 13
[  245.540034][ T5872] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  245.711504][ T7402] FAULT_INJECTION: forcing a failure.
[  245.711504][ T7402] name failslab, interval 1, probability 0, space 0, times 0
[  245.724275][ T7402] CPU: 1 UID: 0 PID: 7402 Comm: syz.4.410 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  245.724304][ T7402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  245.724329][ T7402] Call Trace:
[  245.724339][ T7402]  <TASK>
[  245.724348][ T7402]  dump_stack_lvl+0x189/0x250
[  245.724383][ T7402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.724411][ T7402]  ? __pfx__printk+0x10/0x10
[  245.724449][ T7402]  ? __pfx___might_resched+0x10/0x10
[  245.724477][ T7402]  ? fs_reclaim_acquire+0x7d/0x100
[  245.724504][ T7402]  should_fail_ex+0x414/0x560
[  245.724541][ T7402]  should_failslab+0xa8/0x100
[  245.724573][ T7402]  __kmalloc_cache_noprof+0x70/0x3d0
[  245.724603][ T7402]  ? io_ring_ctx_alloc+0x53/0xa30
[  245.724638][ T7402]  io_ring_ctx_alloc+0x53/0xa30
[  245.724667][ T7402]  ? io_uring_fill_params+0x3f9/0x7e0
[  245.724702][ T7402]  io_uring_create+0x130/0xb60
[  245.724740][ T7402]  __se_sys_io_uring_setup+0x264/0x270
[  245.724771][ T7402]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[  245.724819][ T7402]  ? do_syscall_64+0xba/0x210
[  245.724848][ T7402]  do_syscall_64+0xf6/0x210
[  245.724872][ T7402]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  245.724891][ T7402]  ? clear_bhb_loop+0x45/0xa0
[  245.724916][ T7402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.724936][ T7402] RIP: 0033:0x7f8864f8e969
[  245.724954][ T7402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.724972][ T7402] RSP: 002b:00007f8865e47fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[  245.724994][ T7402] RAX: ffffffffffffffda RBX: 00007f88651b6160 RCX: 00007f8864f8e969
[  245.725009][ T7402] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000239
[  245.725022][ T7402] RBP: 0000200000000300 R08: 0000000000000000 R09: 0000000000000000
[  245.725035][ T7402] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  245.725047][ T7402] R13: 0000200000000180 R14: 0000000000000239 R15: 0000000000000000
[  245.725078][ T7402]  </TASK>
[  246.707608][ T5872] usb 2-1: Using ep0 maxpacket: 32
[  246.977683][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  247.150964][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  247.185416][ T5872] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  247.243275][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.274286][ T5872] usb 2-1: config 0 descriptor??
[  247.300372][ T5872] hub 2-1:0.0: USB hub found
[  247.757154][ T7415] netlink: 52 bytes leftover after parsing attributes in process `syz.0.415'.
[  247.766428][ T7415] netlink: 52 bytes leftover after parsing attributes in process `syz.0.415'.
[  247.775475][ T7415] netlink: 52 bytes leftover after parsing attributes in process `syz.0.415'.
[  250.069736][ T5872] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  250.093065][ T7425] netlink: 'syz.2.416': attribute type 10 has an invalid length.
[  250.100763][ T5872] usbhid 2-1:0.0: can't add hid device: -71
[  250.107232][ T5872] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  250.118429][ T7425] syz_tun: entered promiscuous mode
[  250.123694][ T7425] syz_tun: left allmulticast mode
[  250.286623][ T5872] usb 2-1: USB disconnect, device number 13
[  250.341686][ T7425] syz_tun: entered allmulticast mode
[  250.366550][ T7433] netlink: 32 bytes leftover after parsing attributes in process `syz.0.419'.
[  250.389522][ T7425] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  250.405355][ T7433] netlink: 20 bytes leftover after parsing attributes in process `syz.0.419'.
[  253.692914][ T7468] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0.
[  255.418186][ T7486] netlink: 'syz.1.433': attribute type 10 has an invalid length.
[  255.486147][ T7492] netlink: 32 bytes leftover after parsing attributes in process `syz.3.435'.
[  255.519043][ T7492] netlink: 20 bytes leftover after parsing attributes in process `syz.3.435'.
[  255.931746][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.938448][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  256.969123][ T7495] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  256.975792][ T7495] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  257.001359][ T7495] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  257.007420][ T7495] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  257.013991][ T7495] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  257.065533][ T7508] FAULT_INJECTION: forcing a failure.
[  257.065533][ T7508] name failslab, interval 1, probability 0, space 0, times 0
[  257.118963][ T7508] CPU: 1 UID: 0 PID: 7508 Comm: syz.1.438 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  257.118993][ T7508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  257.119006][ T7508] Call Trace:
[  257.119014][ T7508]  <TASK>
[  257.119023][ T7508]  dump_stack_lvl+0x189/0x250
[  257.119059][ T7508]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.119086][ T7508]  ? __pfx__printk+0x10/0x10
[  257.119119][ T7508]  ? __pfx___might_resched+0x10/0x10
[  257.119147][ T7508]  ? fs_reclaim_acquire+0x7d/0x100
[  257.119173][ T7508]  should_fail_ex+0x414/0x560
[  257.119209][ T7508]  should_failslab+0xa8/0x100
[  257.119241][ T7508]  __kmalloc_noprof+0xcb/0x4f0
[  257.119269][ T7508]  ? tomoyo_encode+0x28b/0x550
[  257.119297][ T7508]  tomoyo_encode+0x28b/0x550
[  257.119328][ T7508]  tomoyo_realpath_from_path+0x58d/0x5d0
[  257.119365][ T7508]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  257.119385][ T7508]  tomoyo_path_number_perm+0x1e8/0x5a0
[  257.119409][ T7508]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  257.119456][ T7508]  ? __lock_acquire+0xaac/0xd20
[  257.119519][ T7508]  ? __fget_files+0x2a/0x420
[  257.119554][ T7508]  ? __fget_files+0x3a0/0x420
[  257.119582][ T7508]  ? __fget_files+0x2a/0x420
[  257.119617][ T7508]  security_file_ioctl+0xcb/0x2d0
[  257.119643][ T7508]  __se_sys_ioctl+0x47/0x170
[  257.119670][ T7508]  do_syscall_64+0xf6/0x210
[  257.119695][ T7508]  ? clear_bhb_loop+0x45/0xa0
[  257.119721][ T7508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.119741][ T7508] RIP: 0033:0x7f4a92d8e969
[  257.119759][ T7508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.119777][ T7508] RSP: 002b:00007f4a93be9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  257.119799][ T7508] RAX: ffffffffffffffda RBX: 00007f4a92fb6080 RCX: 00007f4a92d8e969
[  257.119814][ T7508] RDX: 0000200000000000 RSI: 00000000c06c4124 RDI: 0000000000000007
[  257.119827][ T7508] RBP: 00007f4a93be9090 R08: 0000000000000000 R09: 0000000000000000
[  257.119840][ T7508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.119852][ T7508] R13: 0000000000000001 R14: 00007f4a92fb6080 R15: 00007ffc54ccf2d8
[  257.119884][ T7508]  </TASK>
[  257.119907][ T7508] ERROR: Out of memory at tomoyo_realpath_from_path.
[  258.033066][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout
[  259.018991][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[  259.022578][ T5130] Bluetooth: hci4: command 0x0c1a tx timeout
[  259.025158][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  259.031427][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  259.635584][ T7529] lo: entered allmulticast mode
[  259.643316][ T7529] tunl0: entered allmulticast mode
[  259.651002][ T7529] gre0: entered allmulticast mode
[  259.728522][ T7529] gretap0: entered allmulticast mode
[  259.773244][ T7529] erspan0: entered allmulticast mode
[  259.813794][ T7529] ip_vti0: entered allmulticast mode
[  259.842875][ T7529] ip6_vti0: entered allmulticast mode
[  259.866262][ T7529] sit0: entered allmulticast mode
[  259.905093][ T7529] ip6tnl0: entered allmulticast mode
[  259.914376][ T7535] FAULT_INJECTION: forcing a failure.
[  259.914376][ T7535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.938019][ T7535] CPU: 1 UID: 0 PID: 7535 Comm: syz.0.445 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  259.938050][ T7535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  259.938063][ T7535] Call Trace:
[  259.938071][ T7535]  <TASK>
[  259.938080][ T7535]  dump_stack_lvl+0x189/0x250
[  259.938116][ T7535]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.938144][ T7535]  ? __pfx__printk+0x10/0x10
[  259.938189][ T7535]  should_fail_ex+0x414/0x560
[  259.938226][ T7535]  _copy_to_user+0x31/0xb0
[  259.938255][ T7535]  simple_read_from_buffer+0xe1/0x170
[  259.938299][ T7535]  proc_fail_nth_read+0x1df/0x250
[  259.938323][ T7535]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  259.938347][ T7535]  ? rw_verify_area+0x258/0x650
[  259.938372][ T7535]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  259.938393][ T7535]  vfs_read+0x1fd/0x980
[  259.938425][ T7535]  ? __pfx___mutex_lock+0x10/0x10
[  259.938449][ T7535]  ? __pfx_vfs_read+0x10/0x10
[  259.938476][ T7535]  ? __fget_files+0x2a/0x420
[  259.938511][ T7535]  ? __fget_files+0x3a0/0x420
[  259.938539][ T7535]  ? __fget_files+0x2a/0x420
[  259.938578][ T7535]  ksys_read+0x145/0x250
[  259.938602][ T7535]  ? rcu_is_watching+0x15/0xb0
[  259.938633][ T7535]  ? __pfx_ksys_read+0x10/0x10
[  259.938662][ T7535]  ? do_syscall_64+0xba/0x210
[  259.938689][ T7535]  do_syscall_64+0xf6/0x210
[  259.938713][ T7535]  ? clear_bhb_loop+0x45/0xa0
[  259.938739][ T7535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.938758][ T7535] RIP: 0033:0x7f7594b8d37c
[  259.938776][ T7535] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  259.938793][ T7535] RSP: 002b:00007f759590e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  259.938814][ T7535] RAX: ffffffffffffffda RBX: 00007f7594db6080 RCX: 00007f7594b8d37c
[  259.938828][ T7535] RDX: 000000000000000f RSI: 00007f759590e0a0 RDI: 0000000000000006
[  259.938841][ T7535] RBP: 00007f759590e090 R08: 0000000000000000 R09: 0000000000000000
[  259.938853][ T7535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.938865][ T7535] R13: 0000000000000000 R14: 00007f7594db6080 R15: 00007ffe6a51a488
[  259.938897][ T7535]  </TASK>
[  259.941690][ T7538] netlink: 32 bytes leftover after parsing attributes in process `syz.4.448'.
[  260.186932][ T7529] ip6gre0: entered allmulticast mode
[  260.200929][ T7538] netlink: 20 bytes leftover after parsing attributes in process `syz.4.448'.
[  260.821863][ T7529] syz_tun: left promiscuous mode
[  260.826903][ T7529] syz_tun: entered allmulticast mode
[  260.894842][ T7529] ip6gretap0: entered allmulticast mode
[  261.043049][ T7529] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.050678][ T7529] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.096382][ T7529] bridge0: entered allmulticast mode
[  261.134806][ T7529] vcan0: entered allmulticast mode
[  261.144144][ T7529] bond0: entered allmulticast mode
[  261.152414][ T7529] bond_slave_0: entered allmulticast mode
[  261.160652][ T7529] bond_slave_1: entered allmulticast mode
[  261.202415][ T7529] team0: entered allmulticast mode
[  261.209528][ T7529] team_slave_0: entered allmulticast mode
[  261.215455][ T7529] team_slave_1: entered allmulticast mode
[  261.232934][ T7529] dummy0: entered allmulticast mode
[  261.250025][ T7529] nlmon0: entered allmulticast mode
[  261.258265][ T7529] caif0: entered allmulticast mode
[  261.265194][ T7529] batadv0: entered allmulticast mode
[  261.280473][ T7529] vxcan0: entered allmulticast mode
[  261.327847][ T5904] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  261.359690][ T7557] netlink: 20 bytes leftover after parsing attributes in process `syz.0.451'.
[  261.370129][ T7557] netlink: 4 bytes leftover after parsing attributes in process `syz.0.451'.
[  261.372054][ T7556] vivid-000: =================  START STATUS  =================
[  261.448950][ T7529] vxcan1: entered allmulticast mode
[  261.492846][ T7556] vivid-000: Generate PTS: true
[  261.513721][ T5904] usb 3-1: Using ep0 maxpacket: 8
[  261.550263][ T7529] veth0: entered allmulticast mode
[  261.860159][ T7529] veth1: entered allmulticast mode
[  261.866858][ T5904] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  261.885826][ T7556] vivid-000: Generate SCR: true
[  261.895122][ T7556] tpg source WxH: 320x180 (Y'CbCr)
[  261.910435][ T7529] wg0: entered allmulticast mode
[  261.920095][ T7529] wg1: entered allmulticast mode
[  261.926455][ T7556] tpg field: 1
[  261.928154][ T5904] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  261.934820][ T7556] tpg crop: (0,0)/320x180
[  261.943912][ T7556] tpg compose: (0,0)/320x180
[  261.954265][ T7556] tpg colorspace: 8
[  261.960900][ T7529] wg2: entered allmulticast mode
[  261.968246][ T7529] veth0_to_bridge: entered allmulticast mode
[  261.994675][ T7529] veth1_to_bridge: entered allmulticast mode
[  261.998218][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.006452][ T7556] tpg transfer function: 0/0
[  262.028446][ T7559] overlayfs: failed to resolve './file1': -2
[  262.038136][ T5904] usb 3-1: Product: syz
[  262.042457][ T5904] usb 3-1: Manufacturer: syz
[  262.056853][ T5904] usb 3-1: SerialNumber: syz
[  262.076034][ T7556] tpg Y'CbCr encoding: 0/0
[  262.087908][ T7556] tpg quantization: 0/0
[  262.092170][ T7556] tpg RGB range: 0/2
[  262.097380][ T7529] veth0_to_bond: entered allmulticast mode
[  262.098430][ T7556] vivid-000: ==================  END STATUS  ==================
[  262.127414][ T7529] veth1_to_bond: entered allmulticast mode
[  262.160593][ T7529] veth0_to_team: entered allmulticast mode
[  262.180253][ T7529] veth1_to_team: entered allmulticast mode
[  262.196879][ T7529] veth0_to_batadv: entered allmulticast mode
[  262.205753][ T7529] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.214828][ T7529] batadv_slave_0: entered allmulticast mode
[  262.228065][ T7529] veth1_to_batadv: entered allmulticast mode
[  262.238156][ T7529] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.246249][ T7529] batadv_slave_1: entered allmulticast mode
[  262.255945][ T7529] xfrm0: entered allmulticast mode
[  262.264173][ T7529] veth0_to_hsr: entered allmulticast mode
[  262.274908][ T7529] hsr_slave_0: entered allmulticast mode
[  262.294409][ T7529] veth1_to_hsr: entered allmulticast mode
[  262.304022][ T7529] hsr_slave_1: entered allmulticast mode
[  262.325773][ T7529] hsr0: entered allmulticast mode
[  262.332343][ T5904] usb 3-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  262.340923][ T5904] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  262.342212][ T7529] veth1_virt_wifi: entered allmulticast mode
[  262.362095][ T7529] veth0_virt_wifi: entered allmulticast mode
[  262.372450][ T7529] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  262.380192][ T5874] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  262.394660][ T7529] veth1_vlan: entered allmulticast mode
[  262.403811][ T7529] veth0_vlan: entered allmulticast mode
[  262.427105][ T7529] vlan0: entered allmulticast mode
[  262.432227][ T5904] usb 3-1: USB disconnect, device number 14
[  262.450773][ T7529] vlan1: entered allmulticast mode
[  262.456562][ T7529] macvlan0: entered allmulticast mode
[  262.474664][ T7529] macvlan1: entered allmulticast mode
[  262.487024][ T7529] ipvlan0: entered allmulticast mode
[  262.501940][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  262.502395][ T7529] ipvlan1: entered allmulticast mode
[  262.528416][ T7529] veth1_macvtap: entered allmulticast mode
[  262.537744][ T5874] usb 1-1: Using ep0 maxpacket: 8
[  262.545367][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  262.561888][ T7529] veth0_macvtap: entered allmulticast mode
[  262.571884][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  262.585254][ T5874] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  262.595619][ T7529] macvtap0: entered allmulticast mode
[  262.603766][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  262.615759][ T5874] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  262.616479][ T7529] macsec0: entered allmulticast mode
[  262.637784][ T5874] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  262.647103][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.656331][ T5874] usb 1-1: Product: syz
[  262.661540][ T5874] usb 1-1: Manufacturer: syz
[  262.666454][ T5874] usb 1-1: SerialNumber: syz
[  262.672861][ T7529] geneve0: entered allmulticast mode
[  262.684992][ T5874] usb 1-1: config 0 descriptor??
[  262.691187][ T7529] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.703896][ T7529] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.715365][ T7529] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.726002][ T7529] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  262.731625][ T5874] kvaser_usb 1-1:0.0: error -EMSGSIZE: Cannot get software info
[  262.746264][ T7529] geneve1: entered allmulticast mode
[  262.751844][ T5874] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  262.762133][ T7529] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  262.775763][ T7529] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[  262.796544][ T7529] netdevsim netdevsim1 netdevsim2: entered allmulticast mode
[  262.806450][ T7529] netdevsim netdevsim1 netdevsim3: entered allmulticast mode
[  262.831714][ T7529] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode
[  262.863584][ T7529] mac80211_hwsim hwsim11 
: entered allmulticast mode
[  262.886811][ T7551] netlink: 132 bytes leftover after parsing attributes in process `syz.4.452'.
[  263.027843][ T7563] netlink: 100 bytes leftover after parsing attributes in process `syz.2.454'.
[  263.094848][ T7564] netlink: 'syz.0.453': attribute type 10 has an invalid length.
[  263.102873][ T7564] netlink: 40 bytes leftover after parsing attributes in process `syz.0.453'.
[  263.113070][ T7564] geneve0: left allmulticast mode
[  263.131038][ T7564] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.140674][ T7564] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.158865][ T7564] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.167819][ T7564] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.201842][ T7564] geneve0: entered allmulticast mode
[  263.260563][ T7564] team0: Port device geneve0 added
[  263.350407][ T7564] xt_hashlimit: max too large, truncated to 1048576
[  265.262714][ T5130] Bluetooth: hci3: command 0x0c1a tx timeout
[  266.037414][ T7585] netlink: 32 bytes leftover after parsing attributes in process `syz.3.462'.
[  267.076780][ T5874] usb 1-1: USB disconnect, device number 9
[  267.077050][ T7585] netlink: 20 bytes leftover after parsing attributes in process `syz.3.462'.
[  267.713509][ T7586] netlink: 20 bytes leftover after parsing attributes in process `syz.4.459'.
[  267.722530][ T7586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.459'.
[  269.642115][ T7633] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.651452][ T7633] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.677870][ T7633] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.700300][ T7633] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  269.739219][ T7633] ip6gretap0: left promiscuous mode
[  270.177963][ T7633] macsec1: left promiscuous mode
[  270.515950][ T7633] macsec1: entered allmulticast mode
[  270.602503][ T7632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.475'.
[  270.697717][ T7635] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'.
[  271.664676][ T7652] netlink: 20 bytes leftover after parsing attributes in process `syz.1.478'.
[  271.707826][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.478'.
[  271.797993][ T5904] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  271.957755][ T5904] usb 5-1: config 128 has an invalid interface number: 239 but max is 0
[  271.968345][ T5904] usb 5-1: config 128 has no interface number 0
[  271.975339][ T5904] usb 5-1: config 128 interface 239 has no altsetting 0
[  272.011901][ T7657] FAULT_INJECTION: forcing a failure.
[  272.011901][ T7657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.017593][ T5904] usb 5-1: New USB device found, idVendor=0c45, idProduct=628e, bcdDevice=ac.44
[  272.114515][ T7657] CPU: 0 UID: 0 PID: 7657 Comm: syz.0.482 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  272.114545][ T7657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  272.114558][ T7657] Call Trace:
[  272.114566][ T7657]  <TASK>
[  272.114575][ T7657]  dump_stack_lvl+0x189/0x250
[  272.114611][ T7657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.114638][ T7657]  ? __pfx__printk+0x10/0x10
[  272.114690][ T7657]  should_fail_ex+0x414/0x560
[  272.114727][ T7657]  _copy_from_user+0x2d/0xb0
[  272.114754][ T7657]  __copy_msghdr+0x3c5/0x5b0
[  272.114784][ T7657]  ___sys_sendmsg+0x1a5/0x2a0
[  272.114812][ T7657]  ? __pfx____sys_sendmsg+0x10/0x10
[  272.114875][ T7657]  ? __fget_files+0x2a/0x420
[  272.114903][ T7657]  ? __fget_files+0x3a0/0x420
[  272.114945][ T7657]  __x64_sys_sendmsg+0x19b/0x260
[  272.114972][ T7657]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  272.115016][ T7657]  ? do_syscall_64+0xba/0x210
[  272.115043][ T7657]  do_syscall_64+0xf6/0x210
[  272.115066][ T7657]  ? asm_sysvec_call_function_single+0x1a/0x20
[  272.115087][ T7657]  ? clear_bhb_loop+0x45/0xa0
[  272.115111][ T7657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.115130][ T7657] RIP: 0033:0x7f7594b8e969
[  272.115148][ T7657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.115166][ T7657] RSP: 002b:00007f759592f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  272.115187][ T7657] RAX: ffffffffffffffda RBX: 00007f7594db5fa0 RCX: 00007f7594b8e969
[  272.115202][ T7657] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  272.115215][ T7657] RBP: 00007f759592f090 R08: 0000000000000000 R09: 0000000000000000
[  272.115227][ T7657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  272.115239][ T7657] R13: 0000000000000000 R14: 00007f7594db5fa0 R15: 00007ffe6a51a488
[  272.115270][ T7657]  </TASK>
[  272.118790][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.308097][ T5874] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  272.384735][ T5874] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  272.408291][ T7662] ref_ctr_offset mismatch. inode: 0x275 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x20000000000
[  273.274471][ T7676] netlink: 'syz.0.487': attribute type 10 has an invalid length.
[  273.282475][ T7676] batadv0: left allmulticast mode
[  273.299947][ T7676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.325380][ T7676] batadv0: entered allmulticast mode
[  273.333809][ T7676] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  274.102504][ T5874] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  274.190850][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'.
[  274.607582][ T5874] usb 2-1: Using ep0 maxpacket: 8
[  274.615124][ T5874] usb 2-1: unable to get BOS descriptor or descriptor too short
[  274.625177][ T5874] usb 2-1: config 248 has an invalid interface number: 51 but max is 0
[  274.638003][ T5874] usb 2-1: config 248 has no interface number 0
[  274.652487][ T5874] usb 2-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice=39.f0
[  274.665977][ T7689] batadv0.8: entered allmulticast mode
[  274.673314][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.696065][ T5874] usb 2-1: Product: syz
[  274.712971][ T5874] usb 2-1: Manufacturer: syz
[  274.724120][ T5874] usb 2-1: SerialNumber: syz
[  277.098193][ T7714] netlink: 20 bytes leftover after parsing attributes in process `syz.2.496'.
[  277.108654][ T7714] netlink: 4 bytes leftover after parsing attributes in process `syz.2.496'.
[  277.501085][ T5874] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:248.51/input/input10
[  277.579987][ T5874] bcm5974 2-1:248.51: could not read from device
[  277.587717][ T5904] usb 5-1: string descriptor 0 read error: -71
[  277.589892][ T5904] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628e
[  277.617740][ T7719] netlink: 20 bytes leftover after parsing attributes in process `syz.3.497'.
[  277.627499][ T7719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.497'.
[  278.058045][ T5175] bcm5974 2-1:248.51: could not read from device
[  278.067809][ T5904] gspca_sn9c20x: Write register 1000 failed -71
[  278.083416][ T5904] gspca_sn9c20x: Device initialization failed
[  278.107097][ T5904] gspca_sn9c20x 5-1:128.239: probe with driver gspca_sn9c20x failed with error -71
[  278.117261][ T5874] input: failed to attach handler mousedev to device input10, error: -5
[  278.150675][ T5175] bcm5974 2-1:248.51: could not read from device
[  278.160024][ T5904] usb 5-1: USB disconnect, device number 6
[  278.167659][ T5874] usb 2-1: USB disconnect, device number 14
[  278.940193][ T7729] netlink: 'syz.4.500': attribute type 10 has an invalid length.
[  280.973012][ T7744] netlink: 68 bytes leftover after parsing attributes in process `syz.0.505'.
[  281.534366][ T7746] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  281.541227][ T7746] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  281.573515][ T7746] vhci_hcd vhci_hcd.0: Device attached
[  281.598443][ T7748] vhci_hcd: cannot find a urb of seqnum 5 max seqnum 0
[  281.625779][ T3022] vhci_hcd: stop threads
[  281.646603][ T3022] vhci_hcd: release socket
[  281.817726][ T5874] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  282.468654][ T7743] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  282.477858][ T7743] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  282.490088][ T7743] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  282.496658][ T3022] vhci_hcd: disconnect device
[  282.501961][ T7743] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  282.508598][ T7743] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  282.763581][ T7773] netlink: 68 bytes leftover after parsing attributes in process `syz.0.511'.
[  283.238762][ T5872] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  283.248910][ T7773] FAULT_INJECTION: forcing a failure.
[  283.248910][ T7773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.262368][ T7773] CPU: 0 UID: 0 PID: 7773 Comm: syz.0.511 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  283.262398][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  283.262409][ T7773] Call Trace:
[  283.262418][ T7773]  <TASK>
[  283.262425][ T7773]  dump_stack_lvl+0x189/0x250
[  283.262451][ T7773]  ? irqentry_exit+0x74/0x90
[  283.262471][ T7773]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.262506][ T7773]  should_fail_ex+0x414/0x560
[  283.262536][ T7773]  _copy_from_user+0x2d/0xb0
[  283.262558][ T7773]  __copy_msghdr+0x3c5/0x5b0
[  283.262582][ T7773]  ___sys_sendmsg+0x1a5/0x2a0
[  283.262604][ T7773]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.262652][ T7773]  ? __fget_files+0x2a/0x420
[  283.262676][ T7773]  ? __fget_files+0x3a0/0x420
[  283.262708][ T7773]  __sys_sendmmsg+0x227/0x430
[  283.262732][ T7773]  ? __pfx___sys_sendmmsg+0x10/0x10
[  283.262760][ T7773]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  283.262794][ T7773]  ? rcu_is_watching+0x15/0xb0
[  283.262825][ T7773]  __x64_sys_sendmmsg+0xa0/0xc0
[  283.262847][ T7773]  do_syscall_64+0xf6/0x210
[  283.262867][ T7773]  ? clear_bhb_loop+0x45/0xa0
[  283.262886][ T7773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.262902][ T7773] RIP: 0033:0x7f7594b8e969
[  283.262918][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.262931][ T7773] RSP: 002b:00007f759590e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  283.262949][ T7773] RAX: ffffffffffffffda RBX: 00007f7594db6080 RCX: 00007f7594b8e969
[  283.262961][ T7773] RDX: 0000000000000001 RSI: 0000200000001940 RDI: 0000000000000006
[  283.262971][ T7773] RBP: 00007f759590e090 R08: 0000000000000000 R09: 0000000000000000
[  283.262987][ T7773] R10: 0000000000004004 R11: 0000000000000246 R12: 0000000000000001
[  283.262997][ T7773] R13: 0000000000000000 R14: 00007f7594db6080 R15: 00007ffe6a51a488
[  283.263022][ T7773]  </TASK>
[  283.557998][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  283.670930][ T7777] netlink: 32 bytes leftover after parsing attributes in process `syz.2.513'.
[  283.707805][ T5872] usb 2-1: Using ep0 maxpacket: 32
[  283.715298][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  283.741043][ T7777] netlink: 20 bytes leftover after parsing attributes in process `syz.2.513'.
[  283.765935][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.538748][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  284.544816][ T5130] Bluetooth: hci4: command 0x0c1a tx timeout
[  284.550920][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  284.556950][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  284.564005][ T5872] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  284.587686][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.599071][ T5872] usb 2-1: config 0 descriptor??
[  284.609330][ T5872] hub 2-1:0.0: USB hub found
[  286.751268][ T5872] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  286.769656][ T5872] usbhid 2-1:0.0: can't add hid device: -71
[  286.769920][ T7800] FAULT_INJECTION: forcing a failure.
[  286.769920][ T7800] name failslab, interval 1, probability 0, space 0, times 0
[  286.787788][ T5872] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  286.851282][ T7800] CPU: 0 UID: 0 PID: 7800 Comm: syz.4.520 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  286.851313][ T7800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  286.851326][ T7800] Call Trace:
[  286.851334][ T7800]  <TASK>
[  286.851342][ T7800]  dump_stack_lvl+0x189/0x250
[  286.851378][ T7800]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.851405][ T7800]  ? __pfx__printk+0x10/0x10
[  286.851439][ T7800]  ? __pfx___might_resched+0x10/0x10
[  286.851467][ T7800]  ? fs_reclaim_acquire+0x7d/0x100
[  286.851494][ T7800]  should_fail_ex+0x414/0x560
[  286.851531][ T7800]  should_failslab+0xa8/0x100
[  286.851562][ T7800]  __kmalloc_noprof+0xcb/0x4f0
[  286.851590][ T7800]  ? tomoyo_encode+0x28b/0x550
[  286.851619][ T7800]  tomoyo_encode+0x28b/0x550
[  286.851650][ T7800]  tomoyo_realpath_from_path+0x58d/0x5d0
[  286.851687][ T7800]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  286.851708][ T7800]  tomoyo_path_number_perm+0x1e8/0x5a0
[  286.851739][ T7800]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  286.851778][ T7800]  ? __lock_acquire+0xaac/0xd20
[  286.851825][ T7800]  ? __fget_files+0x2a/0x420
[  286.851860][ T7800]  ? __fget_files+0x3a0/0x420
[  286.851888][ T7800]  ? __fget_files+0x2a/0x420
[  286.851922][ T7800]  security_file_ioctl+0xcb/0x2d0
[  286.851947][ T7800]  __se_sys_ioctl+0x47/0x170
[  286.851975][ T7800]  do_syscall_64+0xf6/0x210
[  286.851999][ T7800]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  286.852019][ T7800]  ? clear_bhb_loop+0x45/0xa0
[  286.852044][ T7800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.852063][ T7800] RIP: 0033:0x7f8864f8e969
[  286.852080][ T7800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.852098][ T7800] RSP: 002b:00007f8865e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  286.852119][ T7800] RAX: ffffffffffffffda RBX: 00007f88651b5fa0 RCX: 00007f8864f8e969
[  286.852139][ T7800] RDX: 00002000000000c0 RSI: 00000000000007a5 RDI: 0000000000000003
[  286.852152][ T7800] RBP: 00007f8865e8a090 R08: 0000000000000000 R09: 0000000000000000
[  286.852164][ T7800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.852175][ T7800] R13: 0000000000000000 R14: 00007f88651b5fa0 R15: 00007fff79fedcb8
[  286.852207][ T7800]  </TASK>
[  286.852259][ T7800] ERROR: Out of memory at tomoyo_realpath_from_path.
[  287.085010][ T5872] usb 2-1: USB disconnect, device number 15
[  287.167733][ T5874] vhci_hcd: vhci_device speed not set
[  288.908220][ T7812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.523'.
[  289.073617][ T7827] netlink: 'syz.1.526': attribute type 10 has an invalid length.
[  289.081622][ T7827] batadv0: left allmulticast mode
[  289.100248][ T7827] 8021q: adding VLAN 0 to HW filter on device batadv0
[  289.126483][ T7827] batadv0: entered allmulticast mode
[  289.134814][ T7827] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  289.534658][ T5872] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  289.697602][ T5872] usb 5-1: Using ep0 maxpacket: 8
[  289.839891][ T7830] kAFS: unparsable volume name
[  290.688125][ T5872] usb 5-1: config 0 has an invalid interface number: 246 but max is 0
[  290.738053][ T5872] usb 5-1: config 0 has no interface number 0
[  290.754547][ T5872] usb 5-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  290.819201][ T5872] usb 5-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  290.854508][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.881586][ T5872] usb 5-1: Product: syz
[  290.897249][ T5872] usb 5-1: Manufacturer: syz
[  290.907359][ T5872] usb 5-1: SerialNumber: syz
[  290.938500][ T5872] usb 5-1: config 0 descriptor??
[  290.952252][ T7845] vivid-000: =================  START STATUS  =================
[  290.966392][ T7845] vivid-000: Generate PTS: true
[  290.976695][ T7845] vivid-000: Generate SCR: true
[  291.016609][ T7845] tpg source WxH: 320x180 (Y'CbCr)
[  291.063971][ T7845] tpg field: 1
[  291.085777][ T7845] tpg crop: (0,0)/320x180
[  291.107097][ T7845] tpg compose: (0,0)/320x180
[  291.126729][ T7845] tpg colorspace: 8
[  291.140207][ T7845] tpg transfer function: 0/0
[  291.146178][ T7845] tpg Y'CbCr encoding: 0/0
[  291.151348][ T7845] tpg quantization: 0/0
[  291.155782][ T7845] tpg RGB range: 0/2
[  291.160283][ T7845] vivid-000: ==================  END STATUS  ==================
[  291.182268][ T7851] netlink: 52 bytes leftover after parsing attributes in process `syz.0.532'.
[  291.242899][ T7852] syz_tun: left promiscuous mode
[  291.302704][ T5872] msi2500 5-1:0.246: Registered as swradio24
[  291.331928][ T5872] msi2500 5-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  291.394554][ T5872] usb 5-1: USB disconnect, device number 7
[  291.428512][ T2151] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  291.455487][ T7858] netlink: 'syz.4.534': attribute type 3 has an invalid length.
[  291.467484][ T7858] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.534'.
[  291.597640][ T2151] usb 1-1: Using ep0 maxpacket: 32
[  291.604929][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.617418][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.628078][ T2151] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  291.641259][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.669150][ T2151] usb 1-1: config 0 descriptor??
[  291.693999][ T2151] hub 1-1:0.0: USB hub found
[  291.789670][ T5872] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  292.053352][ T5872] usb 5-1: device descriptor read/64, error -71
[  292.854345][ T5872] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  293.017874][ T5872] usb 5-1: device descriptor read/64, error -71
[  293.054454][ T7869] FAULT_INJECTION: forcing a failure.
[  293.054454][ T7869] name failslab, interval 1, probability 0, space 0, times 0
[  293.078238][ T7869] CPU: 1 UID: 0 PID: 7869 Comm: syz.3.538 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  293.078273][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  293.078286][ T7869] Call Trace:
[  293.078294][ T7869]  <TASK>
[  293.078303][ T7869]  dump_stack_lvl+0x189/0x250
[  293.078339][ T7869]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.078367][ T7869]  ? __pfx__printk+0x10/0x10
[  293.078402][ T7869]  ? __pfx___might_resched+0x10/0x10
[  293.078435][ T7869]  should_fail_ex+0x414/0x560
[  293.078481][ T7869]  should_failslab+0xa8/0x100
[  293.078515][ T7869]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  293.078546][ T7869]  ? __alloc_skb+0x112/0x2d0
[  293.078573][ T7869]  __alloc_skb+0x112/0x2d0
[  293.078599][ T7869]  netlink_sendmsg+0x5c6/0xb30
[  293.078620][ T7869]  ? is_bpf_text_address+0x26/0x2b0
[  293.078655][ T7869]  ? __pfx_netlink_sendmsg+0x10/0x10
[  293.078685][ T7869]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  293.078705][ T7869]  ? __pfx_netlink_sendmsg+0x10/0x10
[  293.078727][ T7869]  __sock_sendmsg+0x219/0x270
[  293.078761][ T7869]  ____sys_sendmsg+0x505/0x830
[  293.078793][ T7869]  ? __pfx_____sys_sendmsg+0x10/0x10
[  293.078827][ T7869]  ? import_iovec+0x74/0xa0
[  293.078858][ T7869]  ___sys_sendmsg+0x21f/0x2a0
[  293.078885][ T7869]  ? __pfx____sys_sendmsg+0x10/0x10
[  293.078947][ T7869]  ? __fget_files+0x2a/0x420
[  293.078977][ T7869]  ? __fget_files+0x3a0/0x420
[  293.079017][ T7869]  __x64_sys_sendmsg+0x19b/0x260
[  293.079046][ T7869]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  293.079087][ T7869]  ? do_syscall_64+0xba/0x210
[  293.079114][ T7869]  do_syscall_64+0xf6/0x210
[  293.079138][ T7869]  ? clear_bhb_loop+0x45/0xa0
[  293.079163][ T7869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.079182][ T7869] RIP: 0033:0x7fc506b8e969
[  293.079200][ T7869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.079217][ T7869] RSP: 002b:00007fc507911038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  293.079239][ T7869] RAX: ffffffffffffffda RBX: 00007fc506db5fa0 RCX: 00007fc506b8e969
[  293.079254][ T7869] RDX: 000000000000c080 RSI: 0000200000000000 RDI: 0000000000000003
[  293.079267][ T7869] RBP: 00007fc507911090 R08: 0000000000000000 R09: 0000000000000000
[  293.079279][ T7869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.079291][ T7869] R13: 0000000000000000 R14: 00007fc506db5fa0 R15: 00007ffc76092ae8
[  293.079346][ T7869]  </TASK>
[  293.327358][ T5872] usb usb5-port1: attempt power cycle
[  293.681530][ T5872] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  293.769125][ T5872] usb 5-1: device descriptor read/8, error -71
[  294.118461][ T5872] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  294.168330][ T5872] usb 5-1: device descriptor read/8, error -71
[  294.248224][ T2151] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  294.288817][ T5872] usb usb5-port1: unable to enumerate USB device
[  294.525681][ T2151] usbhid 1-1:0.0: can't add hid device: -71
[  294.564124][ T2151] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  295.098598][ T2151] usb 1-1: USB disconnect, device number 10
[  295.274070][ T7892] kAFS: unparsable volume name
[  295.682169][ T7895] pimreg: entered allmulticast mode
[  296.580647][ T7914] netlink: 20 bytes leftover after parsing attributes in process `syz.3.547'.
[  296.679479][ T7914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.547'.
[  297.489076][ T7924] netlink: 72 bytes leftover after parsing attributes in process `syz.1.553'.
[  297.577089][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.552'.
[  297.747787][ T5874] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  297.767627][ T2151] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  298.059072][ T2151] usb 4-1: Using ep0 maxpacket: 8
[  298.081598][ T5874] usb 2-1: Using ep0 maxpacket: 32
[  298.083722][ T2151] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  298.155654][ T2151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  298.210195][ T2151] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  298.257626][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.260498][ T2151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  298.297725][ T5874] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.301275][ T2151] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  298.381996][ T5874] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  298.390127][ T2151] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  298.400959][ T2151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.417776][ T2151] usb 4-1: Product: syz
[  298.432346][ T2151] usb 4-1: Manufacturer: syz
[  298.437001][ T2151] usb 4-1: SerialNumber: syz
[  298.437568][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.475233][ T2151] usb 4-1: config 0 descriptor??
[  298.500925][ T2151] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info
[  298.510546][ T5874] usb 2-1: config 0 descriptor??
[  298.526084][ T2151] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  298.536571][ T5874] hub 2-1:0.0: USB hub found
[  299.295452][ T7929] netlink: 'syz.3.555': attribute type 10 has an invalid length.
[  299.304357][ T7929] netlink: 40 bytes leftover after parsing attributes in process `syz.3.555'.
[  299.318496][ T7929] geneve0: left allmulticast mode
[  299.334211][ T7929] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  299.344582][ T7929] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  299.355492][ T7929] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  299.364696][ T7929] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  299.414026][ T7929] geneve0: entered allmulticast mode
[  299.428927][ T7929] team0: Port device geneve0 added
[  300.463041][ T7945] FAULT_INJECTION: forcing a failure.
[  300.463041][ T7945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  300.498247][ T5874] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  300.528529][ T7945] CPU: 0 UID: 0 PID: 7945 Comm: syz.0.559 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  300.528561][ T7945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  300.528573][ T7945] Call Trace:
[  300.528581][ T7945]  <TASK>
[  300.528590][ T7945]  dump_stack_lvl+0x189/0x250
[  300.528625][ T7945]  ? __lock_acquire+0xaac/0xd20
[  300.528655][ T7945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.528681][ T7945]  ? __pfx__printk+0x10/0x10
[  300.528712][ T7945]  ? __might_fault+0xb0/0x130
[  300.528754][ T7945]  should_fail_ex+0x414/0x560
[  300.528791][ T7945]  _copy_from_user+0x2d/0xb0
[  300.528819][ T7945]  ___sys_sendmsg+0x158/0x2a0
[  300.528848][ T7945]  ? __pfx____sys_sendmsg+0x10/0x10
[  300.528912][ T7945]  ? __fget_files+0x2a/0x420
[  300.528947][ T7945]  ? __fget_files+0x3a0/0x420
[  300.528989][ T7945]  __x64_sys_sendmsg+0x19b/0x260
[  300.529017][ T7945]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  300.529060][ T7945]  ? do_syscall_64+0xba/0x210
[  300.529088][ T7945]  do_syscall_64+0xf6/0x210
[  300.529112][ T7945]  ? clear_bhb_loop+0x45/0xa0
[  300.529137][ T7945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.529157][ T7945] RIP: 0033:0x7f7594b8e969
[  300.529175][ T7945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.529193][ T7945] RSP: 002b:00007f759592f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  300.529214][ T7945] RAX: ffffffffffffffda RBX: 00007f7594db5fa0 RCX: 00007f7594b8e969
[  300.529229][ T7945] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000003
[  300.529242][ T7945] RBP: 00007f759592f090 R08: 0000000000000000 R09: 0000000000000000
[  300.529255][ T7945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.529267][ T7945] R13: 0000000000000000 R14: 00007f7594db5fa0 R15: 00007ffe6a51a488
[  300.529298][ T7945]  </TASK>
[  301.060981][ T5874] usbhid 2-1:0.0: can't add hid device: -71
[  301.168378][ T5874] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  301.504348][ T5874] usb 2-1: USB disconnect, device number 16
[  302.546972][ T7955] netlink: 'syz.1.562': attribute type 2 has an invalid length.
[  302.562452][  T975] usb 4-1: USB disconnect, device number 16
[  303.218364][ T5838] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  303.902368][ T7973] batadv_slave_0: left promiscuous mode
[  303.925244][ T7973] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  303.949857][ T7973] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  304.376300][ T7973] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  304.398871][ T7976] netlink: 20 bytes leftover after parsing attributes in process `syz.0.566'.
[  304.407990][ T7976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.566'.
[  304.418438][ T7973] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  304.931662][ T7981] netlink: 132 bytes leftover after parsing attributes in process `syz.2.568'.
[  305.661245][ T7973] batadv0.8: entered allmulticast mode
[  305.919146][ T7988] netlink: 32 bytes leftover after parsing attributes in process `syz.4.572'.
[  306.011539][ T7988] netlink: 20 bytes leftover after parsing attributes in process `syz.4.572'.
[  306.211404][ T7984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.570'.
[  308.281694][ T8012] netlink: 'syz.2.579': attribute type 2 has an invalid length.
[  308.486598][ T8016] netlink: 32 bytes leftover after parsing attributes in process `syz.1.581'.
[  308.509822][ T8016] netlink: 20 bytes leftover after parsing attributes in process `syz.1.581'.
[  309.273142][ T5838] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  310.460873][ T8040] netlink: 32 bytes leftover after parsing attributes in process `syz.0.588'.
[  310.470101][ T8040] netlink: 20 bytes leftover after parsing attributes in process `syz.0.588'.
[  310.600421][ T8043] netlink: 72 bytes leftover after parsing attributes in process `syz.3.586'.
[  315.310570][ T8079] netlink: 16 bytes leftover after parsing attributes in process `syz.0.596'.
[  317.779535][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.785890][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  322.324842][ T8089] netlink: 32 bytes leftover after parsing attributes in process `syz.0.601'.
[  323.288804][ T8089] netlink: 20 bytes leftover after parsing attributes in process `syz.0.601'.
[  324.062436][ T8099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  325.513296][ T8112] program syz.1.605 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  325.526140][ T8113] 9pnet_fd: Insufficient options for proto=fd
[  325.732543][ T8120] erofs (device nullb0): cannot find valid erofs superblock
[  326.427811][ T5838] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  327.285952][ T8133] netlink: 16 bytes leftover after parsing attributes in process `syz.3.611'.
[  327.982555][ T8114] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  327.989018][ T8114] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  327.995082][ T8114] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  328.001262][ T8114] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  328.007276][ T8114] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  328.142787][ T8141] netlink: 32 bytes leftover after parsing attributes in process `syz.0.616'.
[  328.166411][ T8141] netlink: 20 bytes leftover after parsing attributes in process `syz.0.616'.
[  328.338146][ T2151] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  328.345963][ T5903] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  328.568020][ T2151] usb 3-1: Using ep0 maxpacket: 16
[  328.597731][ T5903] usb 4-1: Using ep0 maxpacket: 8
[  328.664084][ T2151] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  328.702171][ T5903] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  328.766046][ T2151] usb 3-1: config 0 has no interface number 0
[  328.832238][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  328.860413][ T2151] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  328.960635][ T5903] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  329.018695][ T2151] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  329.036764][ T5903] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  329.052550][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  329.065111][ T5903] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  329.075449][ T2151] usb 3-1: Product: syz
[  329.086640][ T2151] usb 3-1: SerialNumber: syz
[  329.102120][ T5130] Bluetooth: hci0: command 0x0c1a tx timeout
[  329.112125][ T5903] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  329.169818][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.589119][ T2151] usb 3-1: config 0 descriptor??
[  329.595871][ T5903] usb 4-1: Product: syz
[  329.608977][ T2151] cm109 3-1:0.8: invalid payload size 208, expected 4
[  329.620018][ T5903] usb 4-1: Manufacturer: syz
[  329.624675][ T5903] usb 4-1: SerialNumber: syz
[  329.636452][ T2151] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input11
[  329.658161][ T8154] FAULT_INJECTION: forcing a failure.
[  329.658161][ T8154] name failslab, interval 1, probability 0, space 0, times 0
[  329.659438][ T5903] usb 4-1: config 0 descriptor??
[  329.703609][ T5903] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info
[  329.715332][ T8154] CPU: 0 UID: 0 PID: 8154 Comm: syz.0.619 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  329.715363][ T8154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  329.715382][ T8154] Call Trace:
[  329.715389][ T8154]  <TASK>
[  329.715400][ T8154]  dump_stack_lvl+0x189/0x250
[  329.715433][ T8154]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.715459][ T8154]  ? __pfx__printk+0x10/0x10
[  329.715496][ T8154]  ? __pfx___might_resched+0x10/0x10
[  329.715530][ T8154]  should_fail_ex+0x414/0x560
[  329.715568][ T8154]  should_failslab+0xa8/0x100
[  329.715601][ T8154]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  329.715632][ T8154]  ? __alloc_skb+0x112/0x2d0
[  329.715658][ T8154]  __alloc_skb+0x112/0x2d0
[  329.715685][ T8154]  netlink_sendmsg+0x5c6/0xb30
[  329.715705][ T8154]  ? is_bpf_text_address+0x26/0x2b0
[  329.715740][ T8154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.715770][ T8154]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  329.715791][ T8154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.715812][ T8154]  __sock_sendmsg+0x219/0x270
[  329.715846][ T8154]  ____sys_sendmsg+0x505/0x830
[  329.715876][ T8154]  ? __pfx_____sys_sendmsg+0x10/0x10
[  329.715911][ T8154]  ? import_iovec+0x74/0xa0
[  329.715941][ T8154]  ___sys_sendmsg+0x21f/0x2a0
[  329.715968][ T8154]  ? __pfx____sys_sendmsg+0x10/0x10
[  329.716030][ T8154]  ? __fget_files+0x2a/0x420
[  329.716060][ T8154]  ? __fget_files+0x3a0/0x420
[  329.716100][ T8154]  __x64_sys_sendmsg+0x19b/0x260
[  329.716129][ T8154]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  329.716172][ T8154]  ? do_syscall_64+0xba/0x210
[  329.716200][ T8154]  do_syscall_64+0xf6/0x210
[  329.716225][ T8154]  ? clear_bhb_loop+0x45/0xa0
[  329.716249][ T8154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.716269][ T8154] RIP: 0033:0x7f7594b8e969
[  329.716295][ T8154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.716312][ T8154] RSP: 002b:00007f759592f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.716335][ T8154] RAX: ffffffffffffffda RBX: 00007f7594db5fa0 RCX: 00007f7594b8e969
[  329.716350][ T8154] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  329.716362][ T8154] RBP: 00007f759592f090 R08: 0000000000000000 R09: 0000000000000000
[  329.716375][ T8154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.716387][ T8154] R13: 0000000000000000 R14: 00007f7594db5fa0 R15: 00007ffe6a51a488
[  329.716418][ T8154]  </TASK>
[  329.971158][ T5903] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  330.076336][ T5130] Bluetooth: hci3: command 0x0c1a tx timeout
[  330.076357][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout
[  330.082562][ T5130] Bluetooth: hci2: command 0x0c1a tx timeout
[  330.082631][ T5130] Bluetooth: hci1: command 0x0c1a tx timeout
[  331.213241][    C1] cm109 3-1:0.8: cm109_urb_irq_callback: urb status -71
[  331.220629][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.227845][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.235138][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.242350][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.249568][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.257703][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.264970][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.272274][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.279441][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.286616][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[  331.294317][ T5903] usb 3-1: USB disconnect, device number 15
[  331.300314][    C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  331.361114][ T5903] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  331.431902][  T975] usb 4-1: USB disconnect, device number 17
[  332.887611][  T975] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  333.116366][ T8185] netlink: 16 bytes leftover after parsing attributes in process `syz.2.626'.
[  333.735718][  T975] usb 4-1: Using ep0 maxpacket: 8
[  333.788120][  T975] usb 4-1: config 0 has an invalid interface descriptor of length 8, skipping
[  333.997556][  T975] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  334.177578][  T975] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  334.250605][  T975] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  334.267560][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.299849][  T975] usb 4-1: Product: syz
[  334.316084][  T975] usb 4-1: Manufacturer: syz
[  334.337553][  T975] usb 4-1: SerialNumber: syz
[  334.856063][  T975] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  335.046139][ T8196] netlink: 'syz.2.630': attribute type 10 has an invalid length.
[  335.054139][ T8196] batadv0: left allmulticast mode
[  335.060800][ T8196] 8021q: adding VLAN 0 to HW filter on device batadv0
[  335.070140][ T8196] batadv0: entered allmulticast mode
[  335.075767][ T8196] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  335.235540][  T975] usb 4-1: no configuration chosen from 1 choice
[  335.309727][  T975] usb 4-1: USB disconnect, device number 18
[  335.506515][ T8204] syz.2.632: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  335.506967][ T8204] CPU: 0 UID: 0 PID: 8204 Comm: syz.2.632 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  335.506995][ T8204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  335.507008][ T8204] Call Trace:
[  335.507016][ T8204]  <TASK>
[  335.507025][ T8204]  dump_stack_lvl+0x189/0x250
[  335.507063][ T8204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.507092][ T8204]  ? __pfx__printk+0x10/0x10
[  335.507132][ T8204]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  335.507166][ T8204]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  335.507200][ T8204]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  335.507235][ T8204]  warn_alloc+0x214/0x310
[  335.507262][ T8204]  ? __pfx_warn_alloc+0x10/0x10
[  335.507282][ T8204]  ? kasan_save_track+0x4f/0x80
[  335.507309][ T8204]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  335.507338][ T8204]  ? xskq_create+0x56/0x170
[  335.507362][ T8204]  ? __x64_sys_setsockopt+0x18b/0x220
[  335.507386][ T8204]  ? do_syscall_64+0xf6/0x210
[  335.507409][ T8204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.507442][ T8204]  __vmalloc_node_range_noprof+0x125/0x12c0
[  335.507501][ T8204]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  335.507524][ T8204]  ? __kasan_kmalloc+0x93/0xb0
[  335.507557][ T8204]  vmalloc_user_noprof+0x74/0x80
[  335.507577][ T8204]  ? xskq_create+0xbf/0x170
[  335.507596][ T8204]  xskq_create+0xbf/0x170
[  335.507621][ T8204]  xsk_init_queue+0xb0/0x110
[  335.507645][ T8204]  xsk_setsockopt+0x43f/0x710
[  335.507668][ T8204]  ? __pfx_xsk_setsockopt+0x10/0x10
[  335.507690][ T8204]  ? __lock_acquire+0xaac/0xd20
[  335.507724][ T8204]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  335.507745][ T8204]  ? __pfx_xsk_setsockopt+0x10/0x10
[  335.507767][ T8204]  do_sock_setsockopt+0x257/0x3e0
[  335.507794][ T8204]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  335.507815][ T8204]  ? __fget_files+0x2a/0x420
[  335.507850][ T8204]  ? __fget_files+0x3a0/0x420
[  335.507880][ T8204]  ? __fget_files+0x2a/0x420
[  335.507919][ T8204]  __x64_sys_setsockopt+0x18b/0x220
[  335.507951][ T8204]  do_syscall_64+0xf6/0x210
[  335.507976][ T8204]  ? clear_bhb_loop+0x45/0xa0
[  335.508001][ T8204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.508021][ T8204] RIP: 0033:0x7f3db038e969
[  335.508040][ T8204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.508057][ T8204] RSP: 002b:00007f3db11e9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  335.508076][ T8204] RAX: ffffffffffffffda RBX: 00007f3db05b6080 RCX: 00007f3db038e969
[  335.508091][ T8204] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  335.508112][ T8204] RBP: 00007f3db0410ab1 R08: 0000000000000052 R09: 0000000000000000
[  335.508125][ T8204] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  335.508139][ T8204] R13: 0000000000000001 R14: 00007f3db05b6080 R15: 00007fff6d1b7eb8
[  335.508172][ T8204]  </TASK>
[  335.513864][ T8204] Mem-Info:
[  335.513885][ T8204] active_anon:307 inactive_anon:7519 isolated_anon:0
[  335.513885][ T8204]  active_file:5418 inactive_file:38035 isolated_file:0
[  335.513885][ T8204]  unevictable:768 dirty:302 writeback:0
[  335.513885][ T8204]  slab_reclaimable:10638 slab_unreclaimable:100092
[  335.513885][ T8204]  mapped:32756 shmem:4287 pagetables:901
[  335.513885][ T8204]  sec_pagetables:0 bounce:0
[  335.513885][ T8204]  kernel_misc_reclaimable:0
[  335.513885][ T8204]  free:1337031 free_pcp:807 free_cma:0
[  335.513945][ T8204] Node 0 active_anon:1228kB inactive_anon:30076kB active_file:21596kB inactive_file:152140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131024kB dirty:1204kB writeback:0kB shmem:15612kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11048kB pagetables:3604kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  335.514006][ T8204] Node 1 active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  335.514061][ T8204] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  335.514141][ T8204] lowmem_reserve[]: 0 2504 2504 2504 2504
[  335.514191][ T8204] Node 0 DMA32 free:1418848kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:1224kB inactive_anon:30072kB active_file:21512kB inactive_file:152128kB unevictable:1536kB writepending:1204kB present:3129332kB managed:2564600kB mlocked:0kB bounce:0kB free_pcp:3188kB local_pcp:1804kB free_cma:0kB
[  335.514255][ T8204] lowmem_reserve[]: 0 0 0 0 0
[  335.514301][ T8204] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:4kB active_file:84kB inactive_file:12kB unevictable:0kB writepending:0kB present:1048580kB managed:112kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  335.514359][ T8204] lowmem_reserve[]: 0 0 0 0 0
[  335.514405][ T8204] Node 1 Normal free:3913916kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:76kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  335.514465][ T8204] lowmem_reserve[]: 0 0 0 0 0
[  335.514514][ T8204] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  335.514696][ T8204] Node 0 DMA32: 116*4kB (UM) 310*8kB (ME) 198*16kB (ME) 189*32kB (UME) 120*64kB (UME) 13*128kB (UME) 6*256kB (UM) 12*512kB (UME) 7*1024kB (UME) 3*2048kB (UM) 336*4096kB (UM) = 1418752kB
[  335.514904][ T8204] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  335.515025][ T8204] Node 1 Normal: 227*4kB (UM) 52*8kB (UM) 39*16kB (UME) 231*32kB (UME) 99*64kB (UME) 33*128kB (UME) 19*256kB (UME) 12*512kB (UME) 4*1024kB (UME) 6*2048kB (UE) 944*4096kB (M) = 3913916kB
[  335.515236][ T8204] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  335.515255][ T8204] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  335.515273][ T8204] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  335.515291][ T8204] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  335.515309][ T8204] 47712 total pagecache pages
[  335.515323][ T8204] 0 pages in swap cache
[  335.515332][ T8204] Free swap  = 124996kB
[  335.515341][ T8204] Total swap = 124996kB
[  335.515351][ T8204] 2097051 pages RAM
[  335.515360][ T8204] 0 pages HighMem/MovableOnly
[  335.515369][ T8204] 424242 pages reserved
[  335.515378][ T8204] 0 pages cma reserved
[  335.541623][ T8203] netlink: 'syz.1.633': attribute type 2 has an invalid length.
[  335.992015][ T5838] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  336.627835][ T8215] random: crng reseeded on system resumption
[  336.641649][  T975] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  336.917079][  T975] usb 4-1: Using ep0 maxpacket: 8
[  337.237650][  T975] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  337.237689][  T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  337.237713][  T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  337.237739][  T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  337.237762][  T975] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  337.242428][  T975] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  337.242461][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.242484][  T975] usb 4-1: Product: syz
[  337.242501][  T975] usb 4-1: Manufacturer: syz
[  337.242517][  T975] usb 4-1: SerialNumber: syz
[  337.245560][  T975] usb 4-1: config 0 descriptor??
[  337.249473][  T975] kvaser_usb 4-1:0.0: error -EMSGSIZE: Cannot get software info
[  337.808298][  T975] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -90
[  338.176748][ T8222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.638'.
[  342.231521][  T975] usb 4-1: USB disconnect, device number 19
[  343.145634][ T8242] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  344.480162][ T8262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.649'.
[  345.482595][ T8265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.651'.
[  345.808433][ T2151] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  346.006407][  T975] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  346.058456][ T5872] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  346.227613][  T975] usb 5-1: Using ep0 maxpacket: 8
[  346.230467][ T2151] usb 2-1: config 0 has an invalid interface number: 113 but max is 0
[  346.254068][  T975] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  346.261683][ T2151] usb 2-1: config 0 has no interface number 0
[  346.274673][  T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  346.294627][  T975] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  346.308031][ T2151] usb 2-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  346.335901][  T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  346.340785][ T2151] usb 2-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  346.365457][ T2151] usb 2-1: config 0 interface 113 has no altsetting 0
[  346.367943][  T975] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  346.457588][ T5872] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  346.479164][ T5872] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  346.480324][ T2151] usb 2-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  346.520237][ T2151] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.579012][ T2151] usb 2-1: Product: syz
[  346.830892][ T2151] usb 2-1: Manufacturer: syz
[  346.972713][  T975] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  346.974452][ T2151] usb 2-1: SerialNumber: syz
[  347.004977][ T5872] usb 1-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  347.017736][  T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.026230][  T975] usb 5-1: Product: syz
[  347.028527][ T2151] usb 2-1: config 0 descriptor??
[  347.035632][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.045475][ T2151] pn533_usb 2-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[  347.055613][  T975] usb 5-1: Manufacturer: syz
[  347.066149][ T5872] usb 1-1: Product: syz
[  347.070885][  T975] usb 5-1: SerialNumber: syz
[  347.084616][ T5872] usb 1-1: Manufacturer: syz
[  347.249982][ T5872] usb 1-1: SerialNumber: syz
[  347.258085][  T975] usb 5-1: config 0 descriptor??
[  347.264684][ T5872] usb 1-1: config 0 descriptor??
[  347.300177][  T975] kvaser_usb 5-1:0.0: error -EMSGSIZE: Cannot get software info
[  347.400811][ T8268] FAULT_INJECTION: forcing a failure.
[  347.400811][ T8268] name failslab, interval 1, probability 0, space 0, times 0
[  347.413508][ T8268] CPU: 1 UID: 0 PID: 8268 Comm: syz.1.653 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  347.413528][ T8268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  347.413538][ T8268] Call Trace:
[  347.413546][ T8268]  <TASK>
[  347.413553][ T8268]  dump_stack_lvl+0x189/0x250
[  347.413581][ T8268]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.413600][ T8268]  ? __pfx__printk+0x10/0x10
[  347.413628][ T8268]  ? __ip_dev_find+0x444/0x4e0
[  347.413646][ T8268]  should_fail_ex+0x414/0x560
[  347.413674][ T8268]  should_failslab+0xa8/0x100
[  347.413698][ T8268]  kmem_cache_alloc_noprof+0x73/0x3c0
[  347.413719][ T8268]  ? dst_alloc+0x105/0x170
[  347.413742][ T8268]  dst_alloc+0x105/0x170
[  347.413759][ T8268]  ? ip_check_mc_rcu+0x400/0x680
[  347.413777][ T8268]  ip_route_output_key_hash_rcu+0x140d/0x2330
[  347.413804][ T8268]  ? ip_route_output_key_hash+0xde/0x2e0
[  347.413823][ T8268]  ip_route_output_key_hash+0x1b9/0x2e0
[  347.413844][ T8268]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  347.413875][ T8268]  ip_route_output_flow+0x2a/0x150
[  347.413891][ T8268]  ? security_sk_classify_flow+0x70/0x180
[  347.413908][ T8268]  udp_sendmsg+0x13dd/0x22e0
[  347.413941][ T8268]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  347.413960][ T8268]  ? __pfx_udp_sendmsg+0x10/0x10
[  347.413982][ T8268]  ? smack_socket_sendmsg+0x1a7/0x520
[  347.414004][ T8268]  ? __lock_acquire+0xaac/0xd20
[  347.414035][ T8268]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  347.414057][ T8268]  ? sock_rps_record_flow+0x19/0x400
[  347.414078][ T8268]  ? inet_sendmsg+0x29c/0x370
[  347.414096][ T8268]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  347.414114][ T8268]  __sock_sendmsg+0x19c/0x270
[  347.414139][ T8268]  ____sys_sendmsg+0x52d/0x830
[  347.414162][ T8268]  ? __pfx_____sys_sendmsg+0x10/0x10
[  347.414200][ T8268]  ? import_iovec+0x74/0xa0
[  347.414222][ T8268]  ___sys_sendmsg+0x21f/0x2a0
[  347.414244][ T8268]  ? __pfx____sys_sendmsg+0x10/0x10
[  347.414290][ T8268]  ? __fget_files+0x2a/0x420
[  347.414311][ T8268]  ? __fget_files+0x3a0/0x420
[  347.414341][ T8268]  __sys_sendmmsg+0x227/0x430
[  347.414364][ T8268]  ? __pfx___sys_sendmmsg+0x10/0x10
[  347.414389][ T8268]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  347.414421][ T8268]  ? ksys_write+0x1f0/0x250
[  347.414449][ T8268]  __x64_sys_sendmmsg+0xa0/0xc0
[  347.414469][ T8268]  do_syscall_64+0xf6/0x210
[  347.414487][ T8268]  ? clear_bhb_loop+0x45/0xa0
[  347.414510][ T8268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.414525][ T8268] RIP: 0033:0x7f4a92d8e969
[  347.414539][ T8268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.414551][ T8268] RSP: 002b:00007f4a93c0a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  347.414567][ T8268] RAX: ffffffffffffffda RBX: 00007f4a92fb5fa0 RCX: 00007f4a92d8e969
[  347.414578][ T8268] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000008
[  347.414587][ T8268] RBP: 00007f4a93c0a090 R08: 0000000000000000 R09: 0000000000000000
[  347.414596][ T8268] R10: 0000000000000bb8 R11: 0000000000000246 R12: 0000000000000001
[  347.414605][ T8268] R13: 0000000000000000 R14: 00007f4a92fb5fa0 R15: 00007ffc54ccf2d8
[  347.414628][ T8268]  </TASK>
[  348.196797][ T2151] usb 2-1: USB disconnect, device number 17
[  348.607377][  T975] kvaser_usb 5-1:0.0: probe with driver kvaser_usb failed with error -90
[  349.698923][  T975] usb 1-1: USB disconnect, device number 11
[  351.177173][ T5872] usb 5-1: USB disconnect, device number 12
[  351.380686][ T8297] netlink: 32 bytes leftover after parsing attributes in process `syz.2.661'.
[  351.413923][ T8297] netlink: 20 bytes leftover after parsing attributes in process `syz.2.661'.
[  351.824353][ T8306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.663'.
[  352.952167][ T8308] netlink: 16 bytes leftover after parsing attributes in process `syz.0.664'.
[  354.887855][ T2151] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  355.089154][ T2151] usb 1-1: Using ep0 maxpacket: 8
[  355.194348][ T2151] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  355.299061][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  355.369334][ T2151] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  355.393478][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  355.451211][ T2151] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  355.489377][ T2151] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  355.517376][ T2151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.533517][ T2151] usb 1-1: Product: syz
[  355.559438][ T2151] usb 1-1: Manufacturer: syz
[  355.566113][ T2151] usb 1-1: SerialNumber: syz
[  355.583561][ T8343] netlink: 'syz.4.676': attribute type 2 has an invalid length.
[  355.610978][ T2151] usb 1-1: config 0 descriptor??
[  355.638000][ T2151] kvaser_usb 1-1:0.0: error -EMSGSIZE: Cannot get software info
[  355.676307][ T2151] kvaser_usb 1-1:0.0: probe with driver kvaser_usb failed with error -90
[  356.092658][ T5838] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  357.095208][ T8351] netlink: 'syz.0.671': attribute type 10 has an invalid length.
[  357.103126][ T8351] netlink: 40 bytes leftover after parsing attributes in process `syz.0.671'.
[  359.561988][  T975] usb 1-1: USB disconnect, device number 12
[  360.168656][ T8369] FAULT_INJECTION: forcing a failure.
[  360.168656][ T8369] name failslab, interval 1, probability 0, space 0, times 0
[  360.215742][ T8369] CPU: 1 UID: 0 PID: 8369 Comm: syz.4.682 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  360.215772][ T8369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  360.215785][ T8369] Call Trace:
[  360.215793][ T8369]  <TASK>
[  360.215801][ T8369]  dump_stack_lvl+0x189/0x250
[  360.215835][ T8369]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.215862][ T8369]  ? __pfx__printk+0x10/0x10
[  360.215895][ T8369]  ? __pfx___might_resched+0x10/0x10
[  360.215925][ T8369]  ? fs_reclaim_acquire+0x7d/0x100
[  360.215949][ T8369]  should_fail_ex+0x414/0x560
[  360.215983][ T8369]  should_failslab+0xa8/0x100
[  360.216015][ T8369]  __kmalloc_noprof+0xcb/0x4f0
[  360.216041][ T8369]  ? tomoyo_encode+0x28b/0x550
[  360.216070][ T8369]  tomoyo_encode+0x28b/0x550
[  360.216100][ T8369]  tomoyo_realpath_from_path+0x58d/0x5d0
[  360.216127][ T8369]  ? tomoyo_domain+0xda/0x130
[  360.216156][ T8369]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  360.216175][ T8369]  tomoyo_path_number_perm+0x1e8/0x5a0
[  360.216198][ T8369]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  360.216236][ T8369]  ? __lock_acquire+0xaac/0xd20
[  360.216281][ T8369]  ? __fget_files+0x2a/0x420
[  360.216316][ T8369]  ? __fget_files+0x3a0/0x420
[  360.216343][ T8369]  ? __fget_files+0x2a/0x420
[  360.216376][ T8369]  security_file_ioctl+0xcb/0x2d0
[  360.216401][ T8369]  __se_sys_ioctl+0x47/0x170
[  360.216428][ T8369]  do_syscall_64+0xf6/0x210
[  360.216452][ T8369]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  360.216472][ T8369]  ? clear_bhb_loop+0x45/0xa0
[  360.216496][ T8369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.216525][ T8369] RIP: 0033:0x7f8864f8e969
[  360.216544][ T8369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.216561][ T8369] RSP: 002b:00007f8865e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  360.216581][ T8369] RAX: ffffffffffffffda RBX: 00007f88651b5fa0 RCX: 00007f8864f8e969
[  360.216597][ T8369] RDX: 0000200000000240 RSI: 00000000c008ae88 RDI: 0000000000000005
[  360.216609][ T8369] RBP: 00007f8865e8a090 R08: 0000000000000000 R09: 0000000000000000
[  360.216622][ T8369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.216633][ T8369] R13: 0000000000000000 R14: 00007f88651b5fa0 R15: 00007fff79fedcb8
[  360.216663][ T8369]  </TASK>
[  360.217073][ T8369] ERROR: Out of memory at tomoyo_realpath_from_path.
[  363.736922][ T8392] netlink: 'syz.2.689': attribute type 2 has an invalid length.
[  363.774561][ T8395] netlink: 32 bytes leftover after parsing attributes in process `syz.3.691'.
[  363.783698][ T8395] netlink: 20 bytes leftover after parsing attributes in process `syz.3.691'.
[  363.990078][ T5838] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  364.075956][ T8402] netlink: 8 bytes leftover after parsing attributes in process `syz.4.692'.
[  364.557864][ T5872] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  364.740087][ T5872] usb 2-1: Using ep0 maxpacket: 8
[  364.765796][ T5872] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  364.784908][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  364.795494][ T5872] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  364.808844][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  364.836278][ T5872] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  364.914380][ T5872] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  364.924462][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.933266][ T5872] usb 2-1: Product: syz
[  364.946062][ T5872] usb 2-1: Manufacturer: syz
[  364.955937][ T5872] usb 2-1: SerialNumber: syz
[  364.970825][ T5872] usb 2-1: config 0 descriptor??
[  364.978349][ T5872] kvaser_usb 2-1:0.0: error -EMSGSIZE: Cannot get software info
[  364.987374][ T5872] kvaser_usb 2-1:0.0: probe with driver kvaser_usb failed with error -90
[  365.150348][ T8422] FAULT_INJECTION: forcing a failure.
[  365.150348][ T8422] name failslab, interval 1, probability 0, space 0, times 0
[  365.264463][ T8423] netlink: 'syz.1.694': attribute type 10 has an invalid length.
[  365.272496][ T8423] netlink: 40 bytes leftover after parsing attributes in process `syz.1.694'.
[  365.282059][ T8423] geneve0: left allmulticast mode
[  365.294247][ T8423] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  365.303343][ T8423] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  365.312623][ T8423] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  365.321938][ T8423] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  365.347912][ T8423] geneve0: entered allmulticast mode
[  365.357602][ T8423] team0: Port device geneve0 added
[  365.977241][ T8422] CPU: 1 UID: 0 PID: 8422 Comm: syz.2.699 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  365.977272][ T8422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  365.977285][ T8422] Call Trace:
[  365.977294][ T8422]  <TASK>
[  365.977303][ T8422]  dump_stack_lvl+0x189/0x250
[  365.977340][ T8422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.977375][ T8422]  ? __pfx__printk+0x10/0x10
[  365.977412][ T8422]  ? __pfx___might_resched+0x10/0x10
[  365.977447][ T8422]  should_fail_ex+0x414/0x560
[  365.977487][ T8422]  should_failslab+0xa8/0x100
[  365.977518][ T8422]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  365.977548][ T8422]  ? __alloc_skb+0x112/0x2d0
[  365.977573][ T8422]  __alloc_skb+0x112/0x2d0
[  365.977598][ T8422]  netlink_sendmsg+0x5c6/0xb30
[  365.977618][ T8422]  ? is_bpf_text_address+0x26/0x2b0
[  365.977653][ T8422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.977683][ T8422]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  365.977704][ T8422]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.977727][ T8422]  __sock_sendmsg+0x219/0x270
[  365.977762][ T8422]  ____sys_sendmsg+0x505/0x830
[  365.977793][ T8422]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.977829][ T8422]  ? import_iovec+0x74/0xa0
[  365.977860][ T8422]  ___sys_sendmsg+0x21f/0x2a0
[  365.977888][ T8422]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.977951][ T8422]  ? __fget_files+0x2a/0x420
[  365.977981][ T8422]  ? __fget_files+0x3a0/0x420
[  365.978023][ T8422]  __x64_sys_sendmsg+0x19b/0x260
[  365.978052][ T8422]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  365.978095][ T8422]  ? do_syscall_64+0xba/0x210
[  365.978125][ T8422]  do_syscall_64+0xf6/0x210
[  365.978149][ T8422]  ? clear_bhb_loop+0x45/0xa0
[  365.978174][ T8422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.978194][ T8422] RIP: 0033:0x7f3db038e969
[  365.978212][ T8422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.978229][ T8422] RSP: 002b:00007f3db120a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.978251][ T8422] RAX: ffffffffffffffda RBX: 00007f3db05b5fa0 RCX: 00007f3db038e969
[  365.978267][ T8422] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  365.978280][ T8422] RBP: 00007f3db120a090 R08: 0000000000000000 R09: 0000000000000000
[  365.978292][ T8422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.978304][ T8422] R13: 0000000000000000 R14: 00007f3db05b5fa0 R15: 00007fff6d1b7eb8
[  365.978335][ T8422]  </TASK>
[  366.735439][ T8426] kAFS: unparsable volume name
[  367.330519][ T2151] usb 2-1: USB disconnect, device number 18
[  367.552587][ T8433] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'.
[  367.663079][ T8439] netlink: 'syz.0.706': attribute type 4 has an invalid length.
[  367.670908][ T8439] netlink: 32 bytes leftover after parsing attributes in process `syz.0.706'.
[  367.682165][ T5838] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  367.878398][ T2151] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  368.129312][ T2151] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.141817][ T2151] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  368.152001][ T2151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.165134][ T2151] usb 2-1: config 0 descriptor??
[  368.912174][ T2151] pwc: Askey VC010 type 2 USB webcam detected.
[  369.141620][ T2151] pwc: recv_control_msg error -32 req 02 val 2b00
[  369.151548][ T2151] pwc: recv_control_msg error -32 req 02 val 2700
[  369.175459][ T2151] pwc: recv_control_msg error -32 req 02 val 2c00
[  369.259101][ T2151] pwc: recv_control_msg error -32 req 04 val 1000
[  369.299104][ T2151] pwc: recv_control_msg error -32 req 04 val 1300
[  369.432661][ T2151] pwc: recv_control_msg error -32 req 04 val 1400
[  369.468173][ T2151] pwc: recv_control_msg error -32 req 02 val 2000
[  369.685347][ T2151] pwc: recv_control_msg error -71 req 04 val 1500
[  369.695174][ T2151] pwc: recv_control_msg error -71 req 02 val 2500
[  369.906410][ T8454] process 'syz.4.709' launched './file0' with NULL argv: empty string added
[  369.954388][ T2151] pwc: recv_control_msg error -71 req 02 val 2400
[  369.984005][ T2151] pwc: recv_control_msg error -71 req 02 val 2600
[  370.051937][ T2151] pwc: recv_control_msg error -71 req 02 val 2900
[  370.070178][ T8455] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  370.108015][ T8455] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  370.117237][ T8455] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  370.140776][ T2151] pwc: recv_control_msg error -71 req 02 val 2800
[  370.149226][ T8455] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  370.155681][ T2151] pwc: recv_control_msg error -71 req 04 val 1100
[  370.163049][ T8455] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  370.341173][ T2151] pwc: recv_control_msg error -71 req 04 val 1200
[  370.408048][ T2151] pwc: Registered as video103.
[  370.425944][ T2151] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input12
[  370.468990][ T8464] veth0_to_batadv: left allmulticast mode
[  370.542815][   T30] audit: type=1326 audit(2000000060.800:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  370.583459][ T2151] usb 2-1: USB disconnect, device number 19
[  370.617680][   T30] audit: type=1326 audit(2000000060.800:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  370.817976][   T30] audit: type=1326 audit(2000000060.800:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  370.841422][   T30] audit: type=1326 audit(2000000060.800:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  371.486946][   T30] audit: type=1326 audit(2000000060.800:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  371.517609][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  371.524996][ T8470] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.657762][   T30] audit: type=1326 audit(2000000060.800:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  371.677593][ T8470] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.702034][ T8470] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.702806][   T30] audit: type=1326 audit(2000000060.800:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  371.732563][ T8470] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  371.775232][   T30] audit: type=1326 audit(2000000060.800:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  371.912340][ T8470] batadv0.8: entered allmulticast mode
[  372.282068][ T5832] Bluetooth: hci3: command 0x0c1a tx timeout
[  372.283004][   T30] audit: type=1326 audit(2000000060.800:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  372.288210][ T5832] Bluetooth: hci4: command 0x0c1a tx timeout
[  372.288252][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout
[  372.288288][ T5832] Bluetooth: hci1: command 0x0c1a tx timeout
[  372.407340][   T30] audit: type=1326 audit(2000000060.800:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.0.712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f7594b8e969 code=0x7ffc0000
[  372.610523][ T8486] kAFS: unparsable volume name
[  373.168886][ T8464] 8021q: adding VLAN 0 to HW filter on device bond1
[  373.234899][ T8490] FAULT_INJECTION: forcing a failure.
[  373.234899][ T8490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  373.248159][ T8490] CPU: 0 UID: 0 PID: 8490 Comm: syz.1.718 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  373.248187][ T8490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  373.248199][ T8490] Call Trace:
[  373.248208][ T8490]  <TASK>
[  373.248216][ T8490]  dump_stack_lvl+0x189/0x250
[  373.248251][ T8490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.248278][ T8490]  ? __pfx__printk+0x10/0x10
[  373.248322][ T8490]  should_fail_ex+0x414/0x560
[  373.248358][ T8490]  strncpy_from_user+0x36/0x290
[  373.248394][ T8490]  getname_flags+0xf3/0x540
[  373.248412][ T8490]  __x64_sys_mknod+0x79/0xa0
[  373.248431][ T8490]  do_syscall_64+0xf6/0x210
[  373.248449][ T8490]  ? clear_bhb_loop+0x45/0xa0
[  373.248467][ T8490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.248481][ T8490] RIP: 0033:0x7f4a92d8e969
[  373.248494][ T8490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.248506][ T8490] RSP: 002b:00007f4a93c0a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  373.248521][ T8490] RAX: ffffffffffffffda RBX: 00007f4a92fb5fa0 RCX: 00007f4a92d8e969
[  373.248532][ T8490] RDX: 0000000000000702 RSI: 0000000000006000 RDI: 0000200000000000
[  373.248541][ T8490] RBP: 00007f4a93c0a090 R08: 0000000000000000 R09: 0000000000000000
[  373.248550][ T8490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.248558][ T8490] R13: 0000000000000000 R14: 00007f4a92fb5fa0 R15: 00007ffc54ccf2d8
[  373.248580][ T8490]  </TASK>
[  373.412356][ T8464] bond1: entered allmulticast mode
[  373.417951][ T8464] bond0: (slave bond1): Enslaving as an active interface with an up link
[  373.572298][ T5903] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  373.662148][ T8495] FAULT_INJECTION: forcing a failure.
[  373.662148][ T8495] name failslab, interval 1, probability 0, space 0, times 0
[  373.678012][ T8495] CPU: 0 UID: 0 PID: 8495 Comm: syz.4.719 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  373.678040][ T8495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  373.678050][ T8495] Call Trace:
[  373.678056][ T8495]  <TASK>
[  373.678063][ T8495]  dump_stack_lvl+0x189/0x250
[  373.678090][ T8495]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.678110][ T8495]  ? __pfx__printk+0x10/0x10
[  373.678135][ T8495]  ? __pfx___might_resched+0x10/0x10
[  373.678157][ T8495]  ? fs_reclaim_acquire+0x7d/0x100
[  373.678176][ T8495]  should_fail_ex+0x414/0x560
[  373.678202][ T8495]  should_failslab+0xa8/0x100
[  373.678225][ T8495]  __kmalloc_noprof+0xcb/0x4f0
[  373.678246][ T8495]  ? tomoyo_encode+0x28b/0x550
[  373.678268][ T8495]  tomoyo_encode+0x28b/0x550
[  373.678292][ T8495]  tomoyo_realpath_from_path+0x58d/0x5d0
[  373.678312][ T8495]  ? tomoyo_domain+0xda/0x130
[  373.678334][ T8495]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  373.678349][ T8495]  tomoyo_path_number_perm+0x1e8/0x5a0
[  373.678366][ T8495]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  373.678393][ T8495]  ? __lock_acquire+0xaac/0xd20
[  373.678426][ T8495]  ? __fget_files+0x2a/0x420
[  373.678451][ T8495]  ? __fget_files+0x3a0/0x420
[  373.678471][ T8495]  ? __fget_files+0x2a/0x420
[  373.678495][ T8495]  security_file_ioctl+0xcb/0x2d0
[  373.678514][ T8495]  __se_sys_ioctl+0x47/0x170
[  373.678534][ T8495]  do_syscall_64+0xf6/0x210
[  373.678552][ T8495]  ? clear_bhb_loop+0x45/0xa0
[  373.678570][ T8495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.678584][ T8495] RIP: 0033:0x7f8864f8e969
[  373.678597][ T8495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.678610][ T8495] RSP: 002b:00007f8865e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  373.678625][ T8495] RAX: ffffffffffffffda RBX: 00007f88651b6080 RCX: 00007f8864f8e969
[  373.678636][ T8495] RDX: 0000200000000040 RSI: 000000008004ae98 RDI: 0000000000000005
[  373.678645][ T8495] RBP: 00007f8865e69090 R08: 0000000000000000 R09: 0000000000000000
[  373.678654][ T8495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.678662][ T8495] R13: 0000000000000000 R14: 00007f88651b6080 R15: 00007fff79fedcb8
[  373.678685][ T8495]  </TASK>
[  373.678706][ T8495] ERROR: Out of memory at tomoyo_realpath_from_path.
[  373.933355][ T5903] usb 1-1: device descriptor read/64, error -71
[  374.086914][ T8504] netlink: 32 bytes leftover after parsing attributes in process `syz.4.723'.
[  374.098624][ T8504] netlink: 20 bytes leftover after parsing attributes in process `syz.4.723'.
[  374.187692][ T5903] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  374.706082][ T8512] netlink: 32 bytes leftover after parsing attributes in process `syz.0.724'.
[  374.719694][ T8512] netlink: 20 bytes leftover after parsing attributes in process `syz.0.724'.
[  375.289313][ T8517] capability: warning: `syz.3.725' uses 32-bit capabilities (legacy support in use)
[  375.857236][ T8534] batadv0.8: entered allmulticast mode
[  375.991007][ T8539] netlink: 20 bytes leftover after parsing attributes in process `syz.4.731'.
[  376.000950][ T8539] netlink: 4 bytes leftover after parsing attributes in process `syz.4.731'.
[  377.047918][ T5872] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  378.227853][ T5872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  378.240278][ T5872] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  378.406308][ T5872] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  379.072171][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  379.081042][ T5872] usb 4-1: SerialNumber: syz
[  379.102528][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  379.109314][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  379.340393][ T8569] netlink: 16 bytes leftover after parsing attributes in process `syz.4.738'.
[  379.674822][ T5872] usb 4-1: 0:2 : does not exist
[  379.798439][ T5872] usb 4-1: USB disconnect, device number 20
[  380.268063][ T8578] kAFS: unparsable volume name
[  380.973207][ T8139] udevd[8139]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.935460][ T8588] netlink: 'syz.2.745': attribute type 2 has an invalid length.
[  382.509512][ T5832] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  385.528497][ T8616] netlink: 20 bytes leftover after parsing attributes in process `syz.4.752'.
[  385.537605][ T8616] netlink: 4 bytes leftover after parsing attributes in process `syz.4.752'.
[  386.267602][ T8627] netlink: 32 bytes leftover after parsing attributes in process `syz.3.756'.
[  386.290077][ T8627] netlink: 20 bytes leftover after parsing attributes in process `syz.3.756'.
[  387.951345][ T8643] netlink: 'syz.3.761': attribute type 10 has an invalid length.
[  387.959410][ T8643] syz_tun: entered promiscuous mode
[  390.553557][ T8650] team0 (unregistering): Port device team_slave_0 removed
[  390.668733][ T8650] team0 (unregistering): Port device team_slave_1 removed
[  390.859589][ T8650] team0 (unregistering): Port device geneve0 removed
[  391.783053][ T8668] netlink: 20 bytes leftover after parsing attributes in process `syz.1.768'.
[  391.797746][ T8678] netlink: 32 bytes leftover after parsing attributes in process `syz.0.771'.
[  391.807871][ T8668] netlink: 4 bytes leftover after parsing attributes in process `syz.1.768'.
[  391.817201][ T8678] netlink: 20 bytes leftover after parsing attributes in process `syz.0.771'.
[  391.980523][ T8681] netlink: 'syz.4.773': attribute type 10 has an invalid length.
[  391.990682][ T8681] syz_tun: entered promiscuous mode
[  391.995948][ T8681] syz_tun: left allmulticast mode
[  392.017391][ T8681] syz_tun: entered allmulticast mode
[  392.049630][ T8681] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  393.428354][ T8693] netlink: 'syz.4.774': attribute type 21 has an invalid length.
[  393.436204][ T8693] netlink: 132 bytes leftover after parsing attributes in process `syz.4.774'.
[  395.113655][ T8721] netlink: 'syz.3.780': attribute type 10 has an invalid length.
[  396.183105][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  396.183125][   T30] audit: type=1326 audit(2000000013.070:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.274746][   T30] audit: type=1326 audit(2000000013.110:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.327265][   T30] audit: type=1326 audit(2000000013.120:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.420834][ T8732] netlink: 'syz.3.786': attribute type 12 has an invalid length.
[  396.453041][   T30] audit: type=1326 audit(2000000013.120:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.477125][   T30] audit: type=1326 audit(2000000013.120:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.501814][ T8732] netlink: 'syz.3.786': attribute type 29 has an invalid length.
[  396.521590][ T8732] netlink: 148 bytes leftover after parsing attributes in process `syz.3.786'.
[  396.545590][   T30] audit: type=1326 audit(2000000013.120:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  396.596813][ T8743] FAULT_INJECTION: forcing a failure.
[  396.596813][ T8743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.842901][ T8732] netlink: 'syz.3.786': attribute type 1 has an invalid length.
[  396.884420][   T30] audit: type=1326 audit(2000000013.120:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  397.175147][ T8743] CPU: 0 UID: 0 PID: 8743 Comm: syz.4.789 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  397.175180][ T8743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  397.175194][ T8743] Call Trace:
[  397.175202][ T8743]  <TASK>
[  397.175212][ T8743]  dump_stack_lvl+0x189/0x250
[  397.175248][ T8743]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.175275][ T8743]  ? __pfx__printk+0x10/0x10
[  397.175330][ T8743]  should_fail_ex+0x414/0x560
[  397.175367][ T8743]  _copy_from_user+0x2d/0xb0
[  397.175395][ T8743]  sctp_setsockopt+0x19f/0x1200
[  397.175425][ T8743]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  397.175448][ T8743]  do_sock_setsockopt+0x257/0x3e0
[  397.175476][ T8743]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  397.175497][ T8743]  ? __fget_files+0x2a/0x420
[  397.175532][ T8743]  ? __fget_files+0x3a0/0x420
[  397.175560][ T8743]  ? __fget_files+0x2a/0x420
[  397.175598][ T8743]  __x64_sys_setsockopt+0x18b/0x220
[  397.175629][ T8743]  do_syscall_64+0xf6/0x210
[  397.175655][ T8743]  ? clear_bhb_loop+0x45/0xa0
[  397.175680][ T8743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.175699][ T8743] RIP: 0033:0x7f8864f8e969
[  397.175718][ T8743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.175736][ T8743] RSP: 002b:00007f8865e69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  397.175757][ T8743] RAX: ffffffffffffffda RBX: 00007f88651b6080 RCX: 00007f8864f8e969
[  397.175772][ T8743] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003
[  397.175784][ T8743] RBP: 00007f8865e69090 R08: 000000000000009c R09: 0000000000000000
[  397.175796][ T8743] R10: 0000200000000a00 R11: 0000000000000246 R12: 0000000000000001
[  397.175809][ T8743] R13: 0000000000000001 R14: 00007f88651b6080 R15: 00007fff79fedcb8
[  397.175840][ T8743]  </TASK>
[  397.367414][   T30] audit: type=1326 audit(2000000013.120:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  397.389275][   T30] audit: type=1326 audit(2000000013.120:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc506b8d2d0 code=0x7ffc0000
[  397.410661][   T30] audit: type=1326 audit(2000000013.120:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8725 comm="syz.3.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc506b8e969 code=0x7ffc0000
[  397.432676][ T8734] veth0_to_batadv: entered allmulticast mode
[  399.841787][ T8769] netlink: 24 bytes leftover after parsing attributes in process `syz.3.795'.
[  400.804194][ T8778] FAULT_INJECTION: forcing a failure.
[  400.804194][ T8778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.817540][ T8778] CPU: 0 UID: 0 PID: 8778 Comm: syz.3.799 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  400.817569][ T8778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  400.817582][ T8778] Call Trace:
[  400.817590][ T8778]  <TASK>
[  400.817599][ T8778]  dump_stack_lvl+0x189/0x250
[  400.817635][ T8778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.817663][ T8778]  ? __pfx__printk+0x10/0x10
[  400.817707][ T8778]  should_fail_ex+0x414/0x560
[  400.817744][ T8778]  strncpy_from_user+0x36/0x290
[  400.817779][ T8778]  getname_flags+0xf3/0x540
[  400.817803][ T8778]  __x64_sys_mkdirat+0x7a/0xa0
[  400.817831][ T8778]  do_syscall_64+0xf6/0x210
[  400.817856][ T8778]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  400.817877][ T8778]  ? clear_bhb_loop+0x45/0xa0
[  400.817901][ T8778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.817921][ T8778] RIP: 0033:0x7fc506b8e969
[  400.817940][ T8778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.817957][ T8778] RSP: 002b:00007fc5049d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
[  400.817979][ T8778] RAX: ffffffffffffffda RBX: 00007fc506db6160 RCX: 00007fc506b8e969
[  400.817994][ T8778] RDX: 00000000000001ff RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  400.818008][ T8778] RBP: 00007fc5049d5090 R08: 0000000000000000 R09: 0000000000000000
[  400.818020][ T8778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.818033][ T8778] R13: 0000000000000000 R14: 00007fc506db6160 R15: 00007ffc76092ae8
[  400.818071][ T8778]  </TASK>
[  401.959491][ T8786] FAULT_INJECTION: forcing a failure.
[  401.959491][ T8786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  401.980132][ T8786] CPU: 1 UID: 0 PID: 8786 Comm: syz.0.802 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  401.980161][ T8786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  401.980174][ T8786] Call Trace:
[  401.980181][ T8786]  <TASK>
[  401.980190][ T8786]  dump_stack_lvl+0x189/0x250
[  401.980220][ T8786]  ? __lock_acquire+0xaac/0xd20
[  401.980247][ T8786]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.980285][ T8786]  ? __pfx__printk+0x10/0x10
[  401.980314][ T8786]  ? __might_fault+0xb0/0x130
[  401.980354][ T8786]  should_fail_ex+0x414/0x560
[  401.980390][ T8786]  _copy_from_user+0x2d/0xb0
[  401.980416][ T8786]  sctp_getsockopt_auth_supported+0xb5/0x520
[  401.980450][ T8786]  ? __pfx_sctp_getsockopt_auth_supported+0x10/0x10
[  401.980489][ T8786]  sctp_getsockopt+0x6cc/0xb60
[  401.980520][ T8786]  do_sock_getsockopt+0x35d/0x650
[  401.980548][ T8786]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  401.980570][ T8786]  ? do_syscall_64+0x40/0x210
[  401.980591][ T8786]  ? __fget_files+0x2a/0x420
[  401.980619][ T8786]  ? __fget_files+0x3a0/0x420
[  401.980646][ T8786]  ? __fget_files+0x2a/0x420
[  401.980681][ T8786]  __x64_sys_getsockopt+0x1a5/0x250
[  401.980704][ T8786]  ? do_syscall_64+0x40/0x210
[  401.980727][ T8786]  ? do_syscall_64+0x40/0x210
[  401.980752][ T8786]  do_syscall_64+0xf6/0x210
[  401.980775][ T8786]  ? clear_bhb_loop+0x45/0xa0
[  401.980798][ T8786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.980817][ T8786] RIP: 0033:0x7f7594b8e969
[  401.980834][ T8786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.980850][ T8786] RSP: 002b:00007f759592f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  401.980871][ T8786] RAX: ffffffffffffffda RBX: 00007f7594db5fa0 RCX: 00007f7594b8e969
[  401.980885][ T8786] RDX: 0000000000000081 RSI: 0000000000000084 RDI: 0000000000000003
[  401.980896][ T8786] RBP: 00007f759592f090 R08: 00002000000000c0 R09: 0000000000000000
[  401.980908][ T8786] R10: 0000200000001280 R11: 0000000000000246 R12: 0000000000000001
[  401.980921][ T8786] R13: 0000000000000000 R14: 00007f7594db5fa0 R15: 00007ffe6a51a488
[  401.980950][ T8786]  </TASK>
[  401.986347][ T8787] syz_tun: left promiscuous mode
[  402.347633][ T2151] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  402.787765][ T2151] usb 3-1: Using ep0 maxpacket: 16
[  402.842866][ T2151] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  402.887733][ T2151] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  402.895928][ T2151] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  402.959739][ T2151] usb 3-1: config 0 has an invalid interface number: 125 but max is 1
[  402.991936][ T2151] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  403.022514][ T2151] usb 3-1: config 0 has no interface number 0
[  403.040574][ T2151] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  403.758609][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  403.788368][   T30] audit: type=1400 audit(2000000020.190:94): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=8799 comm="syz.4.805" path="socket:[20241]" dev="sockfs" ino=20241
[  403.832767][ T2151] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  403.987631][ T2151] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  404.407687][ T2151] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  404.461678][ T2151] usb 3-1: config 0 interface 125 has no altsetting 0
[  404.715189][ T2151] usb 3-1: config 0 interface 125 has no altsetting 2
[  404.745709][ T2151] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  405.574617][ T8812] netlink: 124 bytes leftover after parsing attributes in process `syz.1.809'.
[  405.705916][ T2151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.724249][ T2151] usb 3-1: Product: syz
[  405.731599][ T2151] usb 3-1: Manufacturer: syz
[  405.736258][ T2151] usb 3-1: SerialNumber: syz
[  405.748765][ T2151] usb 3-1: config 0 descriptor??
[  406.492014][ T2151] usb 3-1: selecting invalid altsetting 2
[  406.764057][ T8830] tipc: Started in network mode
[  406.769013][ T8830] tipc: Node identity 00000000000040000000000000000001, cluster identity 4711
[  406.778088][ T8830] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  406.788794][ T8832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.812'.
[  407.051148][    C1] usb 3-1: async_complete: urb error -71
[  407.057081][    C1] usb 3-1: async_complete: urb error -71
[  407.062851][    C1] usb 3-1: async_complete: urb error -71
[  407.068581][    C1] usb 3-1: async_complete: urb error -71
[  407.116251][ T2151] get_1284_register: usb error -71
[  407.131133][ T2151] uss720 3-1:0.125: probe with driver uss720 failed with error -71
[  407.165303][ T2151] usb 3-1: USB disconnect, device number 16
[  407.357703][ T5903] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  407.407769][ T5904] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  407.838651][ T5904] usb 5-1: Using ep0 maxpacket: 8
[  407.900767][ T5904] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  407.914804][ T5903] usb 4-1: config 1 interface 0 altsetting 226 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[  408.241128][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  408.267764][ T5903] usb 4-1: config 1 interface 0 altsetting 226 endpoint 0x82 is Bulk; changing to Interrupt
[  408.320487][ T5904] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  408.347549][ T5903] usb 4-1: config 1 interface 0 altsetting 226 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  408.404520][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  408.421367][ T5903] usb 4-1: config 1 interface 0 has no altsetting 0
[  408.428624][ T5904] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  408.441881][ T5904] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  408.452046][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.514300][ T5903] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  408.608215][ T5904] usb 5-1: Product: syz
[  408.612507][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.627327][ T5904] usb 5-1: Manufacturer: syz
[  408.641252][ T5904] usb 5-1: SerialNumber: syz
[  408.646181][ T5903] usb 4-1: Product: ᐁ
[  408.728365][ T8857] netlink: 124 bytes leftover after parsing attributes in process `syz.1.822'.
[  409.299495][ T5903] usb 4-1: Manufacturer: Й
[  409.314975][ T5904] usb 5-1: config 0 descriptor??
[  409.329378][ T8835] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  409.336698][ T8835] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  409.433609][ T5904] kvaser_usb 5-1:0.0: error -EMSGSIZE: Cannot get software info
[  409.446144][ T8835] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  409.452605][ T5904] kvaser_usb 5-1:0.0: probe with driver kvaser_usb failed with error -90
[  409.644498][ T8862] netlink: 'syz.2.823': attribute type 4 has an invalid length.
[  409.656577][ T8862] netlink: 32 bytes leftover after parsing attributes in process `syz.2.823'.
[  409.700494][ T5832] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  409.812282][ T8866] netlink: 'syz.4.816': attribute type 10 has an invalid length.
[  409.828035][ T8866] netlink: 40 bytes leftover after parsing attributes in process `syz.4.816'.
[  409.836993][ T8866] geneve0: left allmulticast mode
[  409.849915][ T8866] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  409.859266][ T8866] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  409.868424][ T8866] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  409.877660][ T8866] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  409.908707][ T8866] geneve0: entered allmulticast mode
[  409.920847][ T8866] team0: Port device geneve0 added
[  410.904164][ T5903] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  412.017430][ T5903] usb 4-1: USB disconnect, device number 21
[  412.256478][ T5904] usb 5-1: USB disconnect, device number 13
[  413.533298][ T8886] netlink: 20 bytes leftover after parsing attributes in process `syz.0.831'.
[  413.546101][ T8886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.831'.
[  413.678934][ T8892] netlink: 32 bytes leftover after parsing attributes in process `syz.1.833'.
[  413.794300][ T8892] netlink: 20 bytes leftover after parsing attributes in process `syz.1.833'.
[  414.292123][ T8902] netlink: 124 bytes leftover after parsing attributes in process `syz.2.835'.
[  415.077441][ T8909] syz_tun: left promiscuous mode
[  415.147852][ T8909] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.554481][ T8909] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.918948][ T8909] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.512509][ T8909] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.829122][  T975] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  417.339277][  T975] usb 1-1: config 0 has no interfaces?
[  417.380557][  T975] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  417.418373][ T8938] netlink: 20 bytes leftover after parsing attributes in process `syz.2.847'.
[  417.428467][ T8938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.847'.
[  417.563396][  T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.841039][  T975] usb 1-1: Product: syz
[  417.857630][  T975] usb 1-1: Manufacturer: syz
[  417.862393][  T975] usb 1-1: SerialNumber: syz
[  417.893178][  T975] usb 1-1: config 0 descriptor??
[  418.093899][ T8944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.848'.
[  418.103950][ T8944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.848'.
[  418.174647][ T5904] usb 1-1: USB disconnect, device number 15
[  418.777284][ T8934] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  418.785897][ T8934] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  418.800484][ T8934] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  418.810370][ T8934] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  418.889171][ T8952] netlink: 96 bytes leftover after parsing attributes in process `syz.2.850'.
[  418.898338][ T8952] netlink: 96 bytes leftover after parsing attributes in process `syz.2.850'.
[  419.443224][ T8934] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  419.659683][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout
[  420.034428][ T8959] ------------[ cut here ]------------
[  420.040483][ T8959] WARNING: CPU: 1 PID: 8959 at ./include/linux/memcontrol.h:361 folio_memcg+0x1a8/0x310
[  420.050382][ T8959] Modules linked in:
[  420.054586][ T8959] CPU: 1 UID: 0 PID: 8959 Comm: syz.4.854 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  420.066761][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  420.076975][ T8959] RIP: 0010:folio_memcg+0x1a8/0x310
[  420.082298][ T8959] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cd 1a 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 69 fe ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  420.102036][ T8959] RSP: 0018:ffffc900040df270 EFLAGS: 00010287
[  420.108249][ T8959] RAX: ffffffff8204c0f7 RBX: 0000000000000000 RCX: 0000000000080000
[  420.116271][ T8959] RDX: ffffc9000c8ec000 RSI: 0000000000033f11 RDI: 0000000000033f12
[  420.124356][ T8959] RBP: 0000000000000000 R08: ffffea0001745f87 R09: 1ffffd40002e8bf0
[  420.132472][ T8959] R10: dffffc0000000000 R11: fffff940002e8bf1 R12: ffffea0001745fb0
[  420.140748][ T8959] R13: dffffc0000000000 R14: ffff888034bb2e00 R15: 0000000000000002
[  420.148810][ T8959] FS:  00007f8865e8a6c0(0000) GS:ffff8881261ff000(0000) knlGS:0000000000000000
[  420.157888][ T8959] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  420.163184][ T8966] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  420.164496][ T8959] CR2: 0000000000000000 CR3: 000000002f68c000 CR4: 00000000003526f0
[  420.164536][ T8959] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  420.189552][ T8959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  420.197604][ T8959] Call Trace:
[  420.200924][ T8959]  <TASK>
[  420.203897][ T8959]  workingset_activation+0x5f/0x4a0
[  420.209240][ T8959]  ? folio_mark_accessed+0x371/0x4a0
[  420.214588][ T8959]  folio_mark_accessed+0x3b5/0x4a0
[  420.219882][ T8959]  kvm_release_page_clean+0x9a/0xe0
[  420.225134][ T8959]  kvm_tdp_page_fault+0x2dd/0x370
[  420.230262][ T8959]  kvm_mmu_do_page_fault+0x2c5/0x640
[  420.235619][ T8959]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  420.241631][ T8959]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  420.247231][ T8959]  ? __pfx_current_save_fsgs+0x10/0x10
[  420.252786][ T8959]  kvm_mmu_page_fault+0x22f/0xb70
[  420.257949][ T8959]  ? __pfx_handle_ept_violation+0x10/0x10
[  420.263727][ T8959]  vmx_handle_exit+0x103b/0x1850
[  420.268806][ T8959]  ? vcpu_run+0x34f6/0x6b20
[  420.273386][ T8959]  vcpu_run+0x41c3/0x6b20
[  420.277870][ T8959]  ? vcpu_run+0x34f6/0x6b20
[  420.282491][ T8959]  ? __pfx_vcpu_run+0x10/0x10
[  420.287217][ T8959]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  420.293061][ T8959]  ? rcu_is_watching+0x15/0xb0
[  420.297949][ T8959]  kvm_arch_vcpu_ioctl_run+0xfca/0x1940
[  420.303562][ T8959]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  420.309403][ T8959]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  420.315451][ T8959]  ? rcu_is_watching+0x15/0xb0
[  420.320363][ T8959]  ? trace_contention_end+0x39/0x120
[  420.325691][ T8959]  ? look_up_lock_class+0x74/0x170
[  420.331015][ T8959]  ? register_lock_class+0x51/0x320
[  420.336289][ T8959]  ? __lock_acquire+0xaac/0xd20
[  420.341287][ T8959]  kvm_vcpu_ioctl+0x95a/0xe90
[  420.346022][ T8959]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.351319][ T8959]  ? __lock_acquire+0xaac/0xd20
[  420.356242][ T8959]  ? __asan_memset+0x22/0x50
[  420.360973][ T8959]  ? smack_file_ioctl+0x302/0x340
[  420.366060][ T8959]  ? __pfx_smack_file_ioctl+0x10/0x10
[  420.371563][ T8959]  ? __fget_files+0x3a0/0x420
[  420.376294][ T8959]  ? __fget_files+0x2a/0x420
[  420.381007][ T8959]  ? bpf_lsm_file_ioctl+0x9/0x20
[  420.386000][ T8959]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.391318][ T8959]  __se_sys_ioctl+0xf9/0x170
[  420.395965][ T8959]  do_syscall_64+0xf6/0x210
[  420.400673][ T8959]  ? clear_bhb_loop+0x45/0xa0
[  420.405407][ T8959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.411406][ T8959] RIP: 0033:0x7f8864f8e969
[  420.415854][ T8959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.435574][ T8959] RSP: 002b:00007f8865e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  420.444074][ T8959] RAX: ffffffffffffffda RBX: 00007f88651b5fa0 RCX: 00007f8864f8e969
[  420.452170][ T8959] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  420.460526][ T8959] RBP: 00007f8865010ab1 R08: 0000000000000000 R09: 0000000000000000
[  420.468773][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  420.476795][ T8959] R13: 0000000000000000 R14: 00007f88651b5fa0 R15: 00007fff79fedcb8
[  420.484892][ T8959]  </TASK>
[  420.488040][ T8959] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  420.495351][ T8959] CPU: 1 UID: 0 PID: 8959 Comm: syz.4.854 Not tainted 6.15.0-rc4-syzkaller-00291-g2a239ffbebb5 #0 PREEMPT(full) 
[  420.507269][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  420.517349][ T8959] Call Trace:
[  420.520669][ T8959]  <TASK>
[  420.523639][ T8959]  dump_stack_lvl+0x99/0x250
[  420.528278][ T8959]  ? __asan_memcpy+0x40/0x70
[  420.532925][ T8959]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.538181][ T8959]  ? __pfx__printk+0x10/0x10
[  420.542844][ T8959]  panic+0x2db/0x790
[  420.546800][ T8959]  ? __pfx_panic+0x10/0x10
[  420.551284][ T8959]  __warn+0x31b/0x4b0
[  420.555320][ T8959]  ? folio_memcg+0x1a8/0x310
[  420.559958][ T8959]  ? folio_memcg+0x1a8/0x310
[  420.564601][ T8959]  report_bug+0x2be/0x4f0
[  420.568973][ T8959]  ? folio_memcg+0x1a8/0x310
[  420.573616][ T8959]  ? folio_memcg+0x1a8/0x310
[  420.578249][ T8959]  ? folio_memcg+0x1aa/0x310
[  420.582870][ T8959]  handle_bug+0x84/0x160
[  420.587192][ T8959]  exc_invalid_op+0x1a/0x50
[  420.591720][ T8959]  asm_exc_invalid_op+0x1a/0x20
[  420.596582][ T8959] RIP: 0010:folio_memcg+0x1a8/0x310
[  420.601797][ T8959] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cd 1a 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 69 fe ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  420.621601][ T8959] RSP: 0018:ffffc900040df270 EFLAGS: 00010287
[  420.627688][ T8959] RAX: ffffffff8204c0f7 RBX: 0000000000000000 RCX: 0000000000080000
[  420.635669][ T8959] RDX: ffffc9000c8ec000 RSI: 0000000000033f11 RDI: 0000000000033f12
[  420.643667][ T8959] RBP: 0000000000000000 R08: ffffea0001745f87 R09: 1ffffd40002e8bf0
[  420.651651][ T8959] R10: dffffc0000000000 R11: fffff940002e8bf1 R12: ffffea0001745fb0
[  420.659634][ T8959] R13: dffffc0000000000 R14: ffff888034bb2e00 R15: 0000000000000002
[  420.667633][ T8959]  ? folio_memcg+0x1a7/0x310
[  420.672256][ T8959]  workingset_activation+0x5f/0x4a0
[  420.677473][ T8959]  ? folio_mark_accessed+0x371/0x4a0
[  420.682809][ T8959]  folio_mark_accessed+0x3b5/0x4a0
[  420.687964][ T8959]  kvm_release_page_clean+0x9a/0xe0
[  420.693202][ T8959]  kvm_tdp_page_fault+0x2dd/0x370
[  420.698282][ T8959]  kvm_mmu_do_page_fault+0x2c5/0x640
[  420.703600][ T8959]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  420.709439][ T8959]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  420.715002][ T8959]  ? __pfx_current_save_fsgs+0x10/0x10
[  420.720486][ T8959]  kvm_mmu_page_fault+0x22f/0xb70
[  420.725542][ T8959]  ? __pfx_handle_ept_violation+0x10/0x10
[  420.731308][ T8959]  vmx_handle_exit+0x103b/0x1850
[  420.736262][ T8959]  ? vcpu_run+0x34f6/0x6b20
[  420.740796][ T8959]  vcpu_run+0x41c3/0x6b20
[  420.745151][ T8959]  ? vcpu_run+0x34f6/0x6b20
[  420.749721][ T8959]  ? __pfx_vcpu_run+0x10/0x10
[  420.754420][ T8959]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  420.760162][ T8959]  ? rcu_is_watching+0x15/0xb0
[  420.764976][ T8959]  kvm_arch_vcpu_ioctl_run+0xfca/0x1940
[  420.770547][ T8959]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  420.776314][ T8959]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  420.782319][ T8959]  ? rcu_is_watching+0x15/0xb0
[  420.787188][ T8959]  ? trace_contention_end+0x39/0x120
[  420.792481][ T8959]  ? look_up_lock_class+0x74/0x170
[  420.797606][ T8959]  ? register_lock_class+0x51/0x320
[  420.802823][ T8959]  ? __lock_acquire+0xaac/0xd20
[  420.807726][ T8959]  kvm_vcpu_ioctl+0x95a/0xe90
[  420.812463][ T8959]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.817694][ T8959]  ? __lock_acquire+0xaac/0xd20
[  420.822576][ T8959]  ? __asan_memset+0x22/0x50
[  420.827197][ T8959]  ? smack_file_ioctl+0x302/0x340
[  420.832252][ T8959]  ? __pfx_smack_file_ioctl+0x10/0x10
[  420.837658][ T8959]  ? __fget_files+0x3a0/0x420
[  420.842353][ T8959]  ? __fget_files+0x2a/0x420
[  420.846963][ T8959]  ? bpf_lsm_file_ioctl+0x9/0x20
[  420.851914][ T8959]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.857128][ T8959]  __se_sys_ioctl+0xf9/0x170
[  420.861737][ T8959]  do_syscall_64+0xf6/0x210
[  420.866253][ T8959]  ? clear_bhb_loop+0x45/0xa0
[  420.870986][ T8959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.876897][ T8959] RIP: 0033:0x7f8864f8e969
[  420.881327][ T8959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.900947][ T8959] RSP: 002b:00007f8865e8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  420.909402][ T8959] RAX: ffffffffffffffda RBX: 00007f88651b5fa0 RCX: 00007f8864f8e969
[  420.917384][ T8959] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  420.925387][ T8959] RBP: 00007f8865010ab1 R08: 0000000000000000 R09: 0000000000000000
[  420.933381][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  420.941369][ T8959] R13: 0000000000000000 R14: 00007f88651b5fa0 R15: 00007fff79fedcb8
[  420.949380][ T8959]  </TASK>
[  420.952691][ T8959] Kernel Offset: disabled
[  420.957114][ T8959] Rebooting in 86400 seconds..