last executing test programs:

50m2.187792658s ago: executing program 32 (id=858):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000040)={{0x1}})

45m22.417790069s ago: executing program 0 (id=2520):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e)

45m16.890636251s ago: executing program 0 (id=2536):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000500), 0x0, 0x0)
ioprio_get$pid(0x1, r0)
mkdir(0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000006c0)={0x4, 0x0, [{0x8080000, 0x5, &(0x7f0000000240)=""/5}, {0xffff1000, 0xb5, &(0x7f00000003c0)=""/181}, {0x4000, 0xb2, &(0x7f0000000600)=""/178}, {0x10000, 0x0, 0x0}]})

45m13.886229612s ago: executing program 0 (id=2543):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r5=>0x0})
sendto$packet(r3, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x800)

45m10.046073058s ago: executing program 0 (id=2549):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmat(0x0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r3, 0x1)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x0, @loopback, 0x7}}, 0x0, 0x0, 0x47, 0x0, "09be2271b78506e6dd938d324c415acd403a4480fd1afa34432bcdfa64d957e93efafd27ad06a6f589bb643f167cf0fcd370239aaa93f6ded3c5032c96ead0cdc68474d402ab73e482db7ec1e0a57489"}, 0xd8)
bind$inet6(r3, &(0x7f0000000a00)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffff1, @empty, 0x2}, 0x1c)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @empty, 0x9f}, 0x1c)

45m5.61775177s ago: executing program 0 (id=2556):
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r0 = socket$packet(0x11, 0x3, 0x300)
dup(r0)
fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
socket$netlink(0x10, 0x3, 0x4)
r1 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x3, 0x0, 0x3, 0x5, 0x2f, 0x7, 0x7, 0x5, 0xffe, 0x1, 0x0, 0x8500, 0x1003, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x3, 0x10, 0x0, 0x8, 0xe2df, 0x746f, 0x8, 0x5, 0x3, 0x0, 0x4, 0x8049]})

44m28.186284311s ago: executing program 33 (id=2556):
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
r0 = socket$packet(0x11, 0x3, 0x300)
dup(r0)
fcntl$dupfd(0xffffffffffffffff, 0x406, r0)
socket$netlink(0x10, 0x3, 0x4)
r1 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x3, 0x0, 0x3, 0x5, 0x2f, 0x7, 0x7, 0x5, 0xffe, 0x1, 0x0, 0x8500, 0x1003, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x3, 0x10, 0x0, 0x8, 0xe2df, 0x746f, 0x8, 0x5, 0x3, 0x0, 0x4, 0x8049]})

44m28.04797404s ago: executing program 34 (id=2557):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x4000000)
r5 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x3c, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x5}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_TYPE={0x5, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x10)

44m27.862305553s ago: executing program 35 (id=2554):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
close(0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newsa={0x160, 0x10, 0x713, 0x70bd26, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x1, 0x0, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x0, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74eeac053deb73fc018493cc121927a9bca207141b9a451c00aa"}}, @tfcpad={0x8, 0x16, 0x4}]}, 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

44m27.613239412s ago: executing program 36 (id=2553):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000900)={0x800, 0x2000000, 0xffffff48}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000ffff27bd7000fcdbdf2500000001", @ANYRES32=0x0, @ANYBLOB="100a0500231a05002c0012800b00010067726574617000001c0002800500130020000000080014000a00000005000a000000000004"], 0x50}, 0x1, 0x0, 0x0, 0x85}, 0x20040040)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)

44m27.403609631s ago: executing program 37 (id=2558):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x8, &(0x7f0000000100)=0xffffffff, 0x4)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r3, 0x852ac000)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x2, &(0x7f0000000080)=0x36, 0x4)
recvmmsg(r3, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002001, 0x0)

43m34.502662778s ago: executing program 7 (id=2581):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff0304"], 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r3, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0xbac00000}], 0x1, 0x2b, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4b)
setsockopt$inet6_int(r3, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
prctl$PR_SET_NO_NEW_PRIVS(0x34, 0x1)

43m33.267825071s ago: executing program 7 (id=2582):
socket$igmp(0x2, 0x3, 0x2)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x10000, 0x1, 0x6e}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

43m31.865657171s ago: executing program 7 (id=2583):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000300)='affs\x00', 0x1)
fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000100)='usrquota', &(0x7f00000002c0)='./file1\x00', 0xffffffffffffff9c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000b80)={0x1d, 0x0, 0x2, {0x0, 0xff, 0x1}, 0xfe}, 0x18)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r5, 0x8000, {0x1, 0xff}, 0x2}, 0x18)

43m30.737893561s ago: executing program 7 (id=2584):
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x80002, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000180)={0x3, 0x98f904, 0x3})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x13)
syz_open_dev$sndpcmp(0x0, 0x1, 0x2)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

43m29.668790657s ago: executing program 7 (id=2585):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000300)='affs\x00', 0x1)
fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000100)='usrquota', &(0x7f00000002c0)='./file1\x00', 0xffffffffffffff9c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000b80)={0x1d, r4, 0x2, {0x0, 0xff, 0x1}, 0xfe}, 0x18)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000080)={0x1d, r6, 0x8000, {0x1, 0xff}, 0x2}, 0x18)

43m28.473059706s ago: executing program 7 (id=2586):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x8000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000480)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000010000104000000000800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000001"], 0x20}}, 0x4000040)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x28, r5, 0x1, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0x6, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1011}, 0x2000c050)
fdatasync(r2)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="04df90ec1c36f2ad1f0ee95ff272470260bb6f5f9a0507f76819b37d835d987012d594f40027daad2dcbdaf56f6564dd078c16596e54e1cf074fd948ba3857", 0x3f)
ptrace$getregset(0x4205, r6, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000100)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x0, 0x0, &(0x7f0000000200)="e2", 0x1, 0x15, 0xe, 0x0, 0x0, 0x5, 0x0})

43m13.00092829s ago: executing program 38 (id=2586):
r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598904004ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dac00000000000000000000002000", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x8000)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000480)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x18, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}})
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0)
r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000010000104000000000800000000000000", @ANYRES32=0x0, @ANYBLOB="0000000001"], 0x20}}, 0x4000040)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x28, r5, 0x1, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x10, 0x2, 0x0, 0x1, [{0x6, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x1011}, 0x2000c050)
fdatasync(r2)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="04df90ec1c36f2ad1f0ee95ff272470260bb6f5f9a0507f76819b37d835d987012d594f40027daad2dcbdaf56f6564dd078c16596e54e1cf074fd948ba3857", 0x3f)
ptrace$getregset(0x4205, r6, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000100)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x0, 0x0, &(0x7f0000000200)="e2", 0x1, 0x15, 0xe, 0x0, 0x0, 0x5, 0x0})

41m30.103318335s ago: executing program 0 (id=2587):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sysfs$1(0x1, &(0x7f0000000380)='\x00')
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r2, 0x0, 0x0)
write$FUSE_ATTR(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5}, 0x2f)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x3, 0x1, 0x89, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x15, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

41m13.566494761s ago: executing program 39 (id=2587):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sysfs$1(0x1, &(0x7f0000000380)='\x00')
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r2, 0x0, 0x0)
write$FUSE_ATTR(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5}, 0x2f)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x3, 0x1, 0x89, 0xfffffffb})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x15, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6, 0x0, 0x0, 0x5}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xa, 0x9, 0x9}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

38m50.364984429s ago: executing program 8 (id=3358):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2a062, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fallocate(r0, 0x0, 0xfffffffffffffffd, 0x3)

38m48.898341675s ago: executing program 8 (id=3365):
capset(&(0x7f0000000380)={0x20071026}, &(0x7f00000003c0))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x15)

38m48.738246535s ago: executing program 8 (id=3366):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x2c, 0x3, "9ac420000461afb9fdd672bad09dfb78c7699c74e891a0c7fffffffffffffff50000000000000000"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xe, 0x1, 'IDLETIMER\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)

38m46.996443317s ago: executing program 8 (id=3370):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x3}, 0x1c)
syz_emit_ethernet(0x4e, &(0x7f0000001680)={@local, @local, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "6bbe4d", 0x18, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, {[], {0x4e20, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x2, 0x3}}}}}}}, 0x0)

38m45.673102306s ago: executing program 8 (id=3374):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x10)
symlink(&(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000002c0)='.\x02\x00')

38m45.511253581s ago: executing program 8 (id=3376):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newtaction={0x7c, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x68, 0x1, [@m_tunnel_key={0x38, 0x17, 0x0, 0x0, {{0xf}, {0x4}, {0x6, 0x6, "1388"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ife={0x2c, 0xe, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

38m30.209464207s ago: executing program 40 (id=3376):
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newtaction={0x7c, 0x1c, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x68, 0x1, [@m_tunnel_key={0x38, 0x17, 0x0, 0x0, {{0xf}, {0x4}, {0x6, 0x6, "1388"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ife={0x2c, 0xe, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

6m41.556434453s ago: executing program 3 (id=17481):
r0 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f00000000c0)) (fail_nth: 5)

6m41.451071107s ago: executing program 3 (id=17484):
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x5, 0x0, 0x0, &(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x8000000000000000})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r3 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
unshare(0x26020480)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
quotactl_fd$Q_SETINFO(r3, 0xffffffff80000601, 0xee01, &(0x7f0000000300)={0xffffffffffff8001, 0x7, 0x0, 0x7})
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
socket$unix(0x1, 0x1, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r6, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
listen(r6, 0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x200)
accept(r6, 0x0, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r5, 0x330f, 0x6)

6m39.72847262s ago: executing program 3 (id=17497):
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
ppoll(&(0x7f00000000c0)=[{r1, 0x2292}], 0x1, 0x0, 0x0, 0x0)
fcntl$setpipe(r0, 0x407, 0x8001a0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r4)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000009c0)={0x14, 0x2d, 0x9, 0x70bd26, 0x80000, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, 0x0, 0x0)

6m38.204478067s ago: executing program 3 (id=17507):
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/33, 0x21}, {&(0x7f0000000180)=""/206, 0xce}], 0x2, &(0x7f0000002640)=[{0x0}, {0x0, 0x500}, {&(0x7f0000002580)=""/147, 0x93}], 0x3, 0x0)

6m36.560547158s ago: executing program 3 (id=17512):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f00000002c0), 0x181001)
write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000064c0)={0xa, 0x4}, 0xc)
socket(0x15, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x4800)

6m36.38603678s ago: executing program 3 (id=17516):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000240), &(0x7f0000000380)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00012abd7000fcdbdf25020000008cb693513a601bcf23339530276bd2e8b20cacc9ee6a2a3e26a14b9968d065967992c30ec1664f3679aa383f68339d2b9055202a440fbf488dc46cad086a39c76625f63166367a4e30bc67b68439fefbd70d36dc5bba03b524f925454239c36b346e4e9b5307f481fb537c96e3604d5d48f5e06d7f3ec8f3325e43f67ce818cb0611e4895c33227dd324621ea92a9c7f27fe38ff52147e008d860e597497"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x810)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f00000002c0)={0xc})
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100000025000000560000002500000019000a000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

6m36.244668733s ago: executing program 9 (id=17517):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
quotactl$Q_SETQUOTA(0xffffffff80000801, 0x0, 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, 0x0)

6m32.888797422s ago: executing program 9 (id=17520):
r0 = socket(0x15, 0x5, 0x0)
getsockopt(r0, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000001ec0)={0x3c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xff}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40801}, 0x20000090)

6m32.256397593s ago: executing program 9 (id=17525):
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(r1, 0x204)
symlink(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0xc0, 0x10)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f0000000140), 0xf000}, {0x0}], 0x51)

6m31.972317001s ago: executing program 9 (id=17528):
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, 0xffffffffffffffff, 0x0)
syz_clone(0x10028100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)="90f5eca62000f3c12c595e1661b508ef45753900facbb966d98b186e1de896ba304a3e4cc4df4e0d000000008000003f667722b871b703e45b7f032ba7dd4a4af9cb17")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6a"], &(0x7f0000000140)='GPL\x00'}, 0x94)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
close(r1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x59032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x80800, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000d80)=ANY=[@ANYBLOB="f10200007d00000005b001090000000000000000000000000000000000000000000000000000ffffffff00000000000000001b00046e6f6465767b65766f6f7e0539c6000500c953d93a8b92000000f700704a86cec602007dfa673effeb09b5351f5bde054000000000187b82008aa2002b595fcb14034354b9fd9e00277c8155981c2ae93de7e4b064a37faa3c62325bf80d4176cf1b6d4ec0eed9f9781f8f2ac29549995fafd223ea2eb88fec0018a615c38851fc1ed5495415566c1edf974b4055ffe27f0f10a72ab0cee7ac8be07be39578f0c53e184ab1f74ae516709fe09d8490ec16cb13e44631a9daab9e4cbaa3fce35863f72536a2ea7d6ce950c27a1254ff3eb1d887fa93ee89b9e8f27933ea793efead075a9fd09aee38c6d1e95686ce49a4d16528113ec35cca65e4ca35bbe342a37116f1c76947ea9cb62a682a086ae14cff676f1600cf46f3c26dd7c500f05ad85f2a70e6e9930e3c5db45a5500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x2f1)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r6, 0x83625fc5352ba305, 0xfffffffd, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004804}, 0x20000000)

6m31.004613072s ago: executing program 9 (id=17536):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000bc0)=@newlink={0x20, 0x10, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x893a, 0xc04e}}, 0x20}, 0x7ffffffe, 0x0, 0x0, 0x40801}, 0x4000000)

6m29.968568105s ago: executing program 9 (id=17540):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1})
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000016000000000800007f00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="d763996c0000000000000000fc00000000000000000000000000c3b40000"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000140)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r2, @ANYBLOB="00000000000000006100000a00000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202020631af8ff00000000bfa10000000000000701000015f3ffffb702000008000000b50200000000000085000000cb00000095ee000000000000628e8349ddaf492068bd28384da330899d54564110e0e20ddec4f6b458bc865540edb787da0c741da2118deb234b36ef6b9c6f6ce58d5c4200000000cd9b7b43f8a955fb0498c56878c4be0e3cdbdce4c1b0b1c12d5f116231fd535edfa6f94fb045664f34cff37561e19567f5c9cfcd853a843202a2cf5be1ab78baa201a5f3ef78e87eb068014446a34c62b7d33376ac4d29bc1fbb4970bb64dad1d7808f10f1fc5338377d063e0c70d52eed8f39a72612d3db2b5e0cddf1f4d46cb2c295dd85ed7a7da22bb7bd28a2b71f1d1ba9"], &(0x7f0000000000)='GPL\x00', 0x4, 0x26, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x3c}, 0x21)
select(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x53b}, 0x0, &(0x7f00000000c0), &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x18)
fadvise64(0xffffffffffffffff, 0x4000000000ffff, 0x5000005, 0x5)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)

6m20.172558075s ago: executing program 41 (id=17516):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000cd03000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0xedf0e51957efc755, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000240), &(0x7f0000000380)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$SEG6_CMD_DUMPHMAC(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00012abd7000fcdbdf25020000008cb693513a601bcf23339530276bd2e8b20cacc9ee6a2a3e26a14b9968d065967992c30ec1664f3679aa383f68339d2b9055202a440fbf488dc46cad086a39c76625f63166367a4e30bc67b68439fefbd70d36dc5bba03b524f925454239c36b346e4e9b5307f481fb537c96e3604d5d48f5e06d7f3ec8f3325e43f67ce818cb0611e4895c33227dd324621ea92a9c7f27fe38ff52147e008d860e597497"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x810)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f00000002c0)={0xc})
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100000025000000560000002500000019000a000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)

6m13.394483984s ago: executing program 42 (id=17540):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1})
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000016000000000800007f00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="d763996c0000000000000000fc00000000000000000000000000c3b40000"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000140)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r2, @ANYBLOB="00000000000000006100000a00000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202020631af8ff00000000bfa10000000000000701000015f3ffffb702000008000000b50200000000000085000000cb00000095ee000000000000628e8349ddaf492068bd28384da330899d54564110e0e20ddec4f6b458bc865540edb787da0c741da2118deb234b36ef6b9c6f6ce58d5c4200000000cd9b7b43f8a955fb0498c56878c4be0e3cdbdce4c1b0b1c12d5f116231fd535edfa6f94fb045664f34cff37561e19567f5c9cfcd853a843202a2cf5be1ab78baa201a5f3ef78e87eb068014446a34c62b7d33376ac4d29bc1fbb4970bb64dad1d7808f10f1fc5338377d063e0c70d52eed8f39a72612d3db2b5e0cddf1f4d46cb2c295dd85ed7a7da22bb7bd28a2b71f1d1ba9"], &(0x7f0000000000)='GPL\x00', 0x4, 0x26, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x3c}, 0x21)
select(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x53b}, 0x0, &(0x7f00000000c0), &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00'}, 0x18)
fadvise64(0xffffffffffffffff, 0x4000000000ffff, 0x5000005, 0x5)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)

19.173827655s ago: executing program 1 (id=19790):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109022400010000000009040000025c291d0009050900000000060009050ae5"], 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x5, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x5, 0x5, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x101, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
syz_usb_connect(0x0, 0x29c, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000841b7420da040d39bb2d0102030109028a020100000000090408f80af179fa020f24020205000d000cf67df8e6988f0724014004000009050c0340"], 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc580000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002c0003800c0000800800034000000002100000800c000180060001"], 0xbc}}, 0x40)

18.3047s ago: executing program 4 (id=19791):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000004000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
syz_open_procfs(0x0, &(0x7f0000000300)='net/xfrm_stat\x00')
r4 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x3, r4, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, r4)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a125c5baecd7e46618851e723e8ef1628f8e5c9fff1954ad6617c17f", 0x2a, 0x20000080, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000140)=0x6)
r6 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
fcntl$setstatus(r6, 0x4, 0x40000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)

17.070883637s ago: executing program 4 (id=19793):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)={0xb8, r1, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x1c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "189475fc2960789f"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "b66d7ae5fc51735e"}]}, @NL80211_ATTR_REKEY_DATA={0x4c, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e9fba490124a3fbf"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="e5a52a1f613f077876cdca01ef315176"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="4e0c2d741f2640ce7378883b05e84dc84c32581c6d357685"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "b2174cc58485bf6c"}]}, @NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x7fffffff}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="172238875ae04bf19aee30f876bb8874"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="50c406d8dde8f00719601ce85963ed42"}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x810}, 0x8000)

15.008358749s ago: executing program 1 (id=19797):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$unix(0x1, 0x1, 0x0)
unshare(0x26020480)
r2 = syz_open_procfs(0x0, 0x0)
move_mount(r2, 0x0, r2, 0x0, 0x177)
connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1}, 0x6e)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmsg(r3, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff}, 0x3f01)
sendmmsg$sock(r4, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x22, 0x5, 0x0, 0x4, 0x7, 0x0, 0x3, 0xfc, 0x0, 0xfc, 0x0, 0x0, 0x0, 0xff, 0x0, 0x45, [0x0, 0x1]}})
sendmmsg$inet(r5, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2c, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x3}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004941}, 0x400081c)

8.659638887s ago: executing program 1 (id=19802):
syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, 0xffffffffffffffff, 0x0)
syz_clone(0x10028100, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)="90f5eca62000f3c12c595e1661b508ef45753900facbb966d98b186e1de896ba304a3e4cc4df4e0d000000008000003f667722b871b703e45b7f032ba7dd4a4af9cb17")
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f0000002b80)="b2", 0x1}], 0x1}, 0x4000)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r3, r2})
close(r1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x59032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x80800, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000d80)=ANY=[@ANYBLOB="f10200007d00000005b001090000000000000000000000000000000000000000000000000000ffffffff00000000000000001b00046e6f6465767b65766f6f7e0539c6000500c953d93a8b92000000f700704a86cec602007dfa673effeb09b5351f5bde054000000000187b82008aa2002b595fcb14034354b9fd9e00277c8155981c2ae93de7e4b064a37faa3c62325bf80d4176cf1b6d4ec0eed9f9781f8f2ac29549995fafd223ea2eb88fec0018a615c38851fc1ed5495415566c1edf974b4055ffe27f0f10a72ab0cee7ac8be07be39578f0c53e184ab1f74ae516709fe09d8490ec16cb13e44631a9daab9e4cbaa3fce35863f72536a2ea7d6ce950c27a1254ff3eb1d887fa93ee89b9e8f27933ea793efead075a9fd09aee38c6d1e95686ce49a4d16528113ec35cca65e4ca35bbe342a37116f1c76947ea9cb62a682a086ae14cff676f1600cf46f3c26dd7c500f05ad85f2a70e6e9930e3c5db45a5500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df24", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x2f1)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r6, 0x83625fc5352ba305, 0xfffffffd, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004804}, 0x20000000)

8.618305665s ago: executing program 4 (id=19804):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
shutdown(r0, 0x0)

8.442166569s ago: executing program 4 (id=19808):
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00'})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

7.531828609s ago: executing program 2 (id=19811):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000600)={r0}, 0xc)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1a, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)

7.46545985s ago: executing program 4 (id=19812):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0xffffff, 0x0, 0x3}, 0x10)
write(r0, &(0x7f0000000000)="1b0000001a005f0214f9f1070009040081000000002c0000000000", 0x1b)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x5, &(0x7f0000000100)=0x1)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000a40)={{0x12, 0x1, 0x201, 0x3b, 0xa1, 0xc5, 0x8, 0x46d, 0x8d7, 0x48b4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe84, 0x1, 0x5, 0x4, 0xb0, 0xb, [{{0x9, 0x4, 0xe7, 0x4, 0x0, 0xc7, 0x41, 0x48, 0x4, [@hid_hid={0x0, 0x21, 0xfff, 0x7, 0x1, {0x22, 0x6d9}}], [{{0x9, 0x5, 0x2, 0x10, 0x400, 0x4c, 0x7, 0x2}}]}}, {{0x9, 0x4, 0x11, 0x2, 0x0, 0xed, 0x35, 0xe4, 0x8, [@generic={0x0, 0x22, "e2e12c74815a8647593514e63877947231efde9792655d968ea3205b20af6fe4870fd7056df94056e3f4e22ad1014d1ba21a21faff6aa3bf8607b74cdc448ba970a93c69c231d41bd0a2f899bc1469b51cd45f59ec8824ed99a98e80d4d33a156739b27c5cd1228229e49f0649b998bc308e684b15eed24f237666178dc8c96aeadaf42bd4d930df0afda860b72eee0398d0318ff3a4ab78"}], [{{0x9, 0x5, 0xa, 0x2, 0x40, 0xa, 0x5, 0x88}}, {{0x9, 0x5, 0x80, 0x0, 0x3ef, 0x2, 0x1, 0x7, [@uac_iso={0x0, 0x25, 0x1, 0x0, 0x6b, 0x866a}, @generic={0x0, 0x8, "96c59982089ad0149ea121bd9ca5def8936932843c009bc7ca8d47fb1e8fff1385"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0x7, 0x9, 0x8, [@uac_iso={0x0, 0x25, 0x1, 0x181, 0x4, 0x7}, @uac_iso={0x0, 0x25, 0x1, 0x80, 0x9, 0xfffb}]}}, {{0x9, 0x5, 0xe, 0x0, 0x20, 0x0, 0x2, 0x5, [@uac_iso={0x0, 0x25, 0x1, 0x2, 0x9, 0x3400}, @generic={0x0, 0x31, "521bd88f2e40688ac86e3f69fd895ee2e9b90dcd040db0c721c1670114c7b744d2d968c6f621dc57a72a47d4aaa8ba6cffe5fc673490c004b5b3d92ae080b203687776b3d68a274c9a10563b4f256476895bcc133fed7ee599c9b8b809839cfb2a7c5001c39a64cac68526497e5501c317188f0719c18fd16b6ba26070e85bf7fb2ff82f8f8baa56f5acdd01ee3dac256e9c407ea0ca6c858ae78c2a3ee0139de0ea16d92296100d61353f8c9780c77f5331dc8cbcf0ab520a97ad42d70b975e74baa1c81046f2274e9e515ff46aee3f5eb300fec6dc"}]}}, {{0x9, 0x5, 0x9, 0x8, 0x0, 0xa, 0x14, 0x3, [@uac_iso={0x0, 0x25, 0x1, 0x2, 0x7, 0xa}, @generic={0x0, 0x9, "44bc2f358a2122849fcdd1499f4db538dc83331b9b78918bab41f53f9b9175b2e4656f56d80b45abc318053a9c5f17783d2ecb51bf5fb15ab38ca8ff6dd934d1dfdc114711f83b0cd31e8b5e250007418bb2fb8d4ca567c7836c563dbf3c09528fee051857b89e4718d035439d2d8d3516095b5689a9b0ab8b4dc4ad4575a750bb06a20cb09c22ee00b53ad331b5f1c5ee6f146563ee8d24b7a0c8e002d13a85c80e6c8cc9944a61d1075624c7c39ee231f012f18eb38fccd12999043c00405a79808abe1b2163d7b8d7d4d4fafad359d7f86c6aa2df3fc61434b9415058b6ff3de2"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x400, 0x7f, 0xf, 0x1, [@generic={0x0, 0x31, "840ab4825a72d3f5d1b8f7677707f835c3832a67495ba7d03b6f8da75ac73f59e968c2563174ad416a0305636cef5f2cd48cd0b9b496c9f3965b301e684b9747"}]}}, {{0x9, 0x5, 0xb, 0xc, 0x3ff, 0x13, 0x10, 0x1, [@generic={0x0, 0xe, "ffe3e61bc279efaf9d12899c4a9a1b5b3e5c8ad56bce77b1aeed1e039290c9594aac792a50db9e49bb11bdd82e5c934bfdb845dcc12465db2c4d8a868ca9d1578f1a70ab4f5d58e7dfdb2dea4bb1a2c2f91f322c4211f4fc382f388a080b341510cd41d9a61580f9689613d878c3d8ef2cc6ccf05314ccde3043ccd85f7820b49439096e4fde10bd"}]}}, {{0x9, 0x5, 0xd, 0xc, 0x3ff, 0xf9, 0x7e, 0x2, [@generic={0x0, 0x7, "80432e9f7cdbc1024dc01d7ef19c6938cd3747eb16e520bfcda4e3d88084957bd1df1c886c9439c99043a79bf45e0749471b4736f647959842ab5c23e6fa1210bdd7cfa0f744fbd788dce8eeb5aba6ff21fd164ec71650b7679b597a0c9910167d6b3b51e57fccfb15daa2c294578097b5ae019e50fd9d6fd4bba938b2c43bb233fee3a2e57fdc788ca40189f6d63241e093fb867514f23745a23a4b73a4aa80f1ef576aa388eb3f2c14bcd138fecef614794636eb2e8482ec"}]}}]}}, {{0x9, 0x4, 0xf7, 0x0, 0x0, 0x59, 0x17, 0xa, 0x9f, [@uac_as={[@format_type_ii_discrete={0x0, 0x24, 0x2, 0x2, 0x401, 0x4, 0x4e, "3211f901d8"}, @as_header={0x0, 0x24, 0x1, 0xca, 0x7, 0x4}, @format_type_i_discrete={0x0, 0x24, 0x2, 0x1, 0x1, 0x4, 0x4, 0x1, "ac90e0"}, @format_type_ii_discrete={0x0, 0x24, 0x2, 0x2, 0x7, 0xfffa, 0x5, "f835baf0"}]}], [{{0x9, 0x5, 0xb, 0x10, 0x40, 0x4, 0xfc, 0x4}}, {{0x9, 0x5, 0xe, 0x12, 0x400, 0x96, 0x2, 0x14, [@generic={0x0, 0x3, "2d307f11179f818cd3e5428075b9579862886f14006ddcf2f5bbcf439898ffb03cd161fd78a8fd7a164e69a00557c28c7dd0f56e067eb1291ed2b3c30248a807b3df802a247ec22d3f90"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x20, 0x80, 0x0, 0x8, [@generic={0x0, 0x10, "ec"}]}}, {{0x9, 0x5, 0xf, 0x3, 0x40, 0x1, 0x3, 0x9, [@generic={0x0, 0x21, "f9bb54e6994e92e8447c32e35ec943c5c2e92d"}, @generic={0x0, 0x9, "6420260c96a7c8957fa1e98e686fc52275750ccc0515c87023bb3785e0b1bd865de2fb16afe863712629bbe318968ec858a46595c25973bde484c205ae00c0a9c5621e3f25baa868765701277ad8b67c9080bc711ec02ba1db3158146e87d5e658edfd4ed88ca3f811b1924aaab4e278bab42f213f705ec9ac14db14f2d11e0aafe9b718d82bdc0912b914f8818aba868524bda15772b7035eff49decdd35214ffe518db6e88b9dde8ba74603e74c1f5c3c81bca3e85a03aa701b181ee"}]}}]}}, {{0x9, 0x4, 0xe, 0x8, 0x0, 0x4b, 0x7c, 0x91, 0x8, [], [{{0x9, 0x5, 0xb, 0x0, 0x7f7, 0x4, 0x7, 0x1, [@generic={0x0, 0x22, "ba4bf1ab13068e17d8b5081cc9c7cd2cef35bda912efcfa279f3488d1de70fb53d0d5506a16182db324cd36347b67bd8c85dbbda6f"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x1c, 0x1, 0xc}}, {{0x9, 0x5, 0x9, 0x3, 0x20, 0x3, 0x5, 0x0, [@generic={0x0, 0x7, "76dd1810113deb4b2821c87386fa39f632c4da02b66a160bb87953e38c94ea85b15f69216a8de8c01c9e906854d0269285017966fed53103efe2122b51897dbce3aa790b12485b80a0585f758e59a2bfea7b4d5c2aa43a52860e169af76c5131033cd04ade92140f2296b7204906901bd3e873469a21f8703b7bd9b2c87f19b9c2b760b73ae36fdffc59172048cab5308f8e7f24430d433c477d29ec4c1a316212c76122"}, @generic={0x0, 0x30, "481e39fd01d38bca350548d89991f45fd180d92f03ddb24faa155b8e1d62943aa70e742d10a84e7d14d4ced7c37b8e9ffc1c331ddc697e6f4db535f1e1cbc4e5947505ae0a5d1689c23080beb09b5e57940a6f18ee3caac6a9b50241d984b8904343ba646ad4bf1426c0264fbc4e4b84"}]}}, {{0x9, 0x5, 0x5, 0xc, 0x200, 0x1, 0x2, 0x3, [@uac_iso={0x0, 0x25, 0x1, 0x0, 0x1, 0x4}]}}, {{0x9, 0x5, 0x9, 0xc, 0x8, 0xf, 0x7f, 0xc6, [@uac_iso={0x0, 0x25, 0x1, 0x1, 0x2, 0x1}]}}, {{0x9, 0x5, 0xf, 0x3, 0x39f74a4f6607c547, 0xd, 0xb, 0x9, [@uac_iso={0x0, 0x25, 0x1, 0x7, 0x5}, @uac_iso={0x0, 0x25, 0x1, 0x83, 0x8, 0x9}]}}]}}]}}]}}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x3b})
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$nl_generic(0x10, 0x3, 0x10)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0)

7.383697815s ago: executing program 1 (id=19813):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
accept(r0, &(0x7f0000000000)=@qipcrtr, &(0x7f0000000080)=0x80) (async)
r1 = syz_usb_connect(0x3, 0x38e, &(0x7f0000000280)={{0x12, 0x1, 0x250, 0x4, 0x41, 0xbd, 0xff, 0x7ca, 0xa309, 0x961a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x37c, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0xb7, 0x0, 0xb, 0x1, 0x1f, 0x27, 0x0, [], [{{0x9, 0x5, 0xe, 0x4, 0x3ff, 0x8c, 0x64, 0x0, [@generic={0x30, 0x8, "f7be9ab73e70bec5df335fb3320e4692e29f01d429e9b34d984ef73519a4b402af986c3dd3d129d8dbeeb35495bc"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x6}]}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x6, 0x60, 0x9, [@generic={0xdf, 0x23, "a3f0da97c656dec949a32c255b20cff1a7065519c1708bb031aa22c0d2851599aa44d7c32aa60f023c4c1fcc6b3d3698b9cf5c722f24fde423e9d460f549be6406eb4361a0386dd87a79d4c18fc234045163efe29a29d653f77ab9c7a4af325ca501e766821a14b638263aa6c9de2a6f247be9aafeca8af0f8d3a9662cfa6361f8bde1d697647b479f33d9a0324ed93fd82eba34764e9f4ee2ba80296b4eee1fe054cbcf324d177e61fbc1ff4ff28d184e2478383667761c9dfade8a0b6858704bf70157d1485fae0d72e02a51b0edc65d577bb3722febd4b289750632"}, @generic={0x32, 0x0, "018a0c895cd40d3fcab46b847378586e371a3b017a7036c81e9f43ddb4c4a1de85e82536e053bb047ca42ed10455b428"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x20, 0x9, 0xf3, 0xb}}, {{0x9, 0x5, 0x7, 0x8, 0x3ff, 0x6, 0x2, 0x10}}, {{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x6, 0x9d, 0x0, [@generic={0xe2, 0x21, "e95d2d5bbcf19beb7668665030cc288a503c6242782e4fda771ad506689227b7931abe9408334cf65036dc169f67a59a19a6da554d8fc037df3729e30b2e76828eb854dd68cc5db7075a2bdd850e2348d9dc75e830e2a2ef6f3fa619dbdc7ba08442653daa5382ddee86d594276cf80f347e089c7f28e3d4a40e6a80c6ff619181a2e0663ebbc273063cb2e81633174d9bb5ac7f7d5a013e44b2deae552c1e371c6bfaf86f072b3d9a0ed726dd0085e60cd26756b6a8f1e5309d2edfa6f760791a893a7ff7fb532dbfc6514d206ecdf08d765386fec1da7a3bd5e9787ea81888"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0x94, 0x1, 0x3}}, {{0x9, 0x5, 0x6, 0x10, 0x448, 0x0, 0x3, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x4}, @generic={0xb1, 0x1, "262bd6158884d8ad39d2b01e4f5ddd055068fc87ef7241f6e824763ededda25b1dc7b590c89dba975e173889c6eb76d2f485633650f84c790fe39ea2668eae4f8b54602a204c9b8e6a39b08a0988c25aaf90a9df0526757de529dedb22c1b81803f86653da502f71bbbf5cdc5de85c10bc3754f1e13003e9d6ef977949ac66d7a0371ebf853aaacf6afead1ca59e05b82fff77c8fd66ce4e69788a1c2c4c9233ec5055d0aaaa9753e6d265be37d891"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x8, 0x2, 0x4, 0x6}}, {{0x9, 0x5, 0x5, 0x3, 0x400, 0x9, 0x6, 0xfb}}, {{0x9, 0x5, 0x5, 0x0, 0x8, 0x80, 0x3, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x0, 0x4}, @generic={0x1e, 0x13, "2ad410a6b87e712bd3f292fadd54f86d37d43e386d86188623550a1e"}]}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x1, 0x8, 0x7}}]}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000000c0)={0x2c, &(0x7f0000000240)={0x20, 0x0, 0x4, "89711572"}, 0x0, 0x0, 0x0, 0x0})

6.014603943s ago: executing program 2 (id=19815):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000002880), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000300)={&(0x7f0000000140)={0x14, r1, 0x711, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x28008000}, 0x40000)

5.780256243s ago: executing program 2 (id=19819):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002a00)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002280)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad6c6341b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad26b476e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee91231daea303f6b9ff61559f421764929e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4476340268534462f354d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea9b4f2e90e21fa13a8957c8a44a4f11dba0bb09460dc676ce8381b172d1d2bf011f7854d51377ac2c7bf6313096f8d59bea3d71af476a12407999a3b00c53d86528e82f126a1154f2db1764380ab7a305f4c3d2f66cda1cf13a3d0098d4bd8b1fe81dbdad4ded4125545a7845480302f2ad0a2ee873060f0d4443176238626323eaad3d36d2cd3c92b57fab01fb5fd2b3a03ee41caface193636d837d9c7b9816a3b347dc", 0x2fa}], 0x1}}], 0x1, 0x4000001) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_emit_ethernet(0x26, &(0x7f00000002c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x38, 0x18, 0x0, 0x0, 0x5, 0x89, 0x0, @empty, @broadcast}, "eaa2d7e2"}}}}, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000fc0)={0x2c, r2, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x9, 0x13, @udp='udp:syz2\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000004) (async)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000000)=0x7ffffffd, 0x4) (async)
r3 = dup(r0)
r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9, 0x4010, r3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x104, &(0x7f0000000040), 0x0, 0x4) (async)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) (async)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0x1d64, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB], 0x0, 0x156, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000580)=@flushsa={0x14, 0x1c, 0x1, 0x70bd27, 0x0, {0xff}}, 0x14}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r7 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.514009181s ago: executing program 2 (id=19821):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xffffb000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (fail_nth: 1)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)

3.982277633s ago: executing program 1 (id=19826):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703000009"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x1000000, 0x0, 0x4008080}, 0x0)

3.164368223s ago: executing program 4 (id=19828):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_procfs(0x0, &(0x7f0000000200)='net/tcp\x00')
read$dsp(r4, &(0x7f00000000c0)=""/229, 0xe5)
preadv(r4, &(0x7f00000006c0)=[{&(0x7f0000000400)=""/135, 0x87}], 0x1, 0x7, 0x0)
r5 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f00000019c0)='//\xf2/\x06\b///o/\xea\x95\x9a/\x00bb\x8a\x80\x91\xdf\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6h\xd1\x1d\xac\xaa\xfb\xc7Y\xcd\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc50\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\x05\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1oO\xe4\x99\xd6\xed\x83\xb0\x18q\xb9\xda\xf1kk\xb0N\xe69D\x12\x1f\x96\x85y\xe1\xf6\x83\x81\xc1\xcb\x169\xa5A%\xcb\n\xaby\x9f\x97\xde\xcf\x14\x0f\xffl\xb0e\xa2m\xb3\x8fsI\xc8v<\x8a\\7\xbaA\xef\x92\x98K\xfd\xaa\xdb', 0x0)

2.984250418s ago: executing program 1 (id=19831):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x2c}]}}}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x9}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000058}, 0x20008844)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0xd5)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000006380)="7f5912d07634539c3b2e15a57b311187a3eb119eb4b279cacf0b94d44882da90bb8c7bf605806fd007bddf798e1fed05db9ef39d3dff16e6eb4e5e642774588b2020a414a4574d1e0aa3474184583a655385fb5e7e632304e818af022a134095ea51f1f77a9472dabe407b36f0c47e318bfdd7c6ecb5a5bc07f28701201245abe626ab4592fac5b1544570a665a5e559eecf9505a828f5b0199a5dc33934b75bebb03744f92918f93553eb072cd2a940a5931a5907f82fc99d519f02287cac4341c4637dd8110214e9634088fc6b5a77a5065c4798538f41b263c6329df4d668d018f7ac9634910969342c836d78c7baa9893cef90deb8cbaa8cac81c262016a8dac72fa5c3d5094a8b64abbf82594b8cb1dc876e01a39fc9a26874052c47ec3ed015bc85933a98a61bbc108292a6c7932421162c82ec64518ce13f0fda30adf97b5c0d70fb0c69398e78d9dabe99d3d408bfef6e2518c820217b4a1cee43704fa5b5c4d4013bb61f631b813b8272188d403821fafe0ee4b5e09671c177e34a2566939920fcda640007845e4d19e2ce3693cea27e7ec2482ee603589260503c567e3dd320923e651d2530afe927013724b1ccc22c390c9e53a47331789172fb44c442cf558f9990badcbf377b731aa83d7b73a6675c687f16c9b96b59e0a6e262da754b1bba316a31fc262561d4628e33de9969794b879eb7ceee36abb30f5f977198bed19fbc4c4f13f32a3909fa76a3beef541a5dfff9ff8609fbfaba986e3a02b23dc0938e7e5b476f5b256a3e3333caea34de6410f75d1daedf4176f6e5a9fb915647bb65302b49895cfb699131513e1d7d937f8e452fe350a78783de31c96535c742b35edc7b117bc2fd2df6cdbef0cfa1000bade8a6c8a06019592b7dc144ffa88a01fb1f6093e82f63b05830f414a07779226b4928f5edc6d592a294c030d518f7e350b2e2536a2bae2616a574b63415c952c28cf6a82553411d305fdc33d1447b7356b8726b67d23dc0749bbb1230b18abfdb6a0fd35cc1489fcdd90aa83edcc613a77db36dd42fc5b83635df5c2acfddab054303e7c859c8bd5a21493742d8fc1adb1ae3f68f6103d65709a8d917292e648c5621691425a203de2e82e9e6bcd53a7f3e90238e89b2b05202ceafc72bb2f997a99487aa993a72d0cb44b345b3982784a78aafe5e5b6ddf2a17e4dca9a5433481fd8e60195832b704a1c186dc3317888c8c0849f1029d0df6af3a5fc93c8e643287ee38580ff450a259dc4bd45343aa453f462e92302c020ce91f26b1c2b66764cac41d2e809a46e51ac50121172759ba4c791cfc8856f7676ad8020433e00bb80e46d9d7709e196565b3a7b18270508d1e0023960e5b335bd901465dc328a581ca918dd295a110aa9f25ebb51ae5523eb619431a9db2b6e046cd94aae4b985bd663c6c6769015f49cb40d3f4b520c1022683487b170c9e47ed306097f1208a92ecf6727f7f276d19bcdfb987ca8b7f54732d0908f98ccac0ba9f6905e194da99608598ee87a6992c4dd33fad2e5e463c995babd0c7dad010499ee2cbf0f2fb63c7678d681a8b63d8a1316fcac3a107f8723dc004aaf7d9224090b6c78212172884eda7089cac24f196db5d3bd2747649e6fee4ebafb3d883df077f99bb945220161a3323aaa09a5caba3348a2d78096a18625aece41aad5cf9fc9cdb590f0cabb882839474c53a14fdbd34772f69cdd369260309a9500af55572adb7b23d4fdbfaa807242ba1130f7029fbcffde2da9b8a0814840e9b241febe92d6247419ae4cd15f5b073c7dc03e4541e24291ac5b4e29cde2649ca6cb7952e81308ae249906ca9d97d8ceb129b0b2b44a84e268b12b8a373965b877028cae0ead133c8422052a8f91d92f6695b6a3e9c36661c0cb6d03dc795490b09f62210803d88dfb3777b16e1485c9c7ce4a4becc718c9da4aaa32f5d9da57ffbfe6633a302b10c676a0e047f1b24e8dac251dffc841a2906002abdd64334a2cc50db924e196b6cee0f9261a87793dcbf8dcf1363b91b33dfcbca15798e9089cab241884ddacd61fa07f8797cb21f9c1f4f1d7fd8d0f2e19b99b40173853282bbe94e5c867006949b55c1a27e12fef9f264d2a14700fb5c828e21293b38502dadfd2e96dbbe866547a460a737951e55803fe5ed0b448aa1fbe65de9117d066b2f46dbe658510434d2d3fabc734fc5632fd16a3ddf04a0da7067908f3fe7d9c046ec9d528808d0f4a755a4467609386b31104db69605b78507f83995c297d049d6b028ffe981f0ecd972f23ca43096a955d437f604355e49e1d9fac491f955fae46a150555bd91173091a016aeddc51399b8dd20bb6e8e3060da97180d79a8eea89562bbe4dd19f5c36686c3ab5de9cdce1a241b407c78b2a8886b3e316f5163ec082bb1de53ac1797a633587d9319f3626ce3b052107cd55a6c44b97e27aaf9bf5fe0d4475ae2090920865b0a0f32567351c4ac9859e57cdd8254a58d2dc5d67dd16b513a02954d7c99a9544ce5d8ea8a59a06321083690cf6007bb941cafccb17a3b81c96453964cb469e07e8543407f2c03105d88bbd2073cf9fdc51c9fcf58854417f49141efb66b0f98b36b89eccfb616992286ebaa8f325eb9ca85a45d8b1dfa7a18dd46516ad40d2f46365fac4cbb044624139bb5a0bb0ed062edfa0260ea03b9268f18a7d94d83d4411ee46896ef955aada3e31d29e83414ac0a64353b6498c8f1ef37d051b38291369f6f124913d3fef14af925ab93a34d58f569f3c4f12aa458c85b2b29249e4c868e0bce4791c7f7226bf050c23ad590f6231315f1c9a087b3041ce33f6971c4d5a20f85bb103edd586184e90a34dd5c9e3eb1fea74fe413c503c5d48c70e3fc1d210985644ce5ce0b5636751947ae22e3dd6fa39dcbe1ee3def6a3097c8d9836db3b9ce1bcff91451bc46ef3000b5dc66b007ff2ace898a81631c5728c9de7710c41691332a268b18f0eec37ed7944ad0049936e9fe4df157a8eb324ef0d9954ee8da259c700b05bea37e4238c7be1ead4ca18ef228a15d9828476e899b77821f27512ad3ca27e2bdc769890e6addc2bc1ade2a5434421d627d978b72ce2fab1ee5769646881a2ecea9743ec88b48442806e946c27213bd7fe137d3979dcf477eee9ebec8fbe72fd9b6123c0523e83045dc88ef385d961cb4b48320e16350846ebb36accdcfe95cf541347dbdd7817e3e7d91b71a1dcb23ba7156484f90f789ba880b8019cb6a248f3db56e5cf7af156c6e84f58e8ffdc322b76dcd1b4ca02cb6fdd1d210807c34febac4c49ddb8257aa18ad782efca3406f34c6500fb65cbfec98077b50ef7a21e366e0fad97c6f6ca5d69b93639f7c608dae3e6b5c282ce130a8ef23908a626ef98e38bb9255ab6db1fdb48ca0d8f2d469123acbf6a1a83ca4f08d21bbf638ffe553fb4faa83993d9fbff7a9af18e21c74ffb720f41e02912d4507aee16acd64a34d2727bed087fa30c34202b34003330c15fbde12d5ba8e7a88b23501c6b837d01b97d78ea66e323579f0ffa9cbb40ebef25deb8a88f82a4e29441fdfcdb743bf98d1ac091677fd8fd3f172116697db4b2d1186303f68b71eae90dbcbee1cbd6eb49702dbf2de4f7f247bd071446fc2edeb68df92fb4436a3773ccc865587202f13083008f1dd964fc912c29bb0072f381b9d042d0fa058faba9d68886cd9fba2f41dd084ed13fbfe9e97afca35024025a83a6c6bbd798c8dae5bffdf486e88b6c32357b20b4b0fbea04c8cef7178a05d64bfcf836cd919216accd05b99ed4390b0016accac7e0fedacefb7ef4580ba6202aa241989fba902b5502bd4d6a3fb0c62c236f78969d395c67cf1ad2f5c250d8f8076189766d6e20ae9de72be45c2d68b5733a6d1f467db1b16a55da3245160188a217306298e5a86a4c4cad1ae72d6287c6b56684ab4452d54995322eb19c15724447b39c196e2056937fb2b956684c06bda117908000000f4524ddfab9c9fa5872f9fab3a5c3e1de343cb59744978ff286e037b2b8a122c6774291d713cd5b233ea9359764c528676e092840cfd716d995bdbae8dded68c71b8865490946df93c6c617b77ce830a1fb17b3459917ddb1797641ad2e5fa12a4ea8fdd0c914024913ea45237010d8f725c0d6ca6775a22285dab06c48432cee3faccfeda5c7756001121286c6ba8f52740a76a66632142fd84a088f5a0809d49b4cb513630a94acd1f5f246a997c85e90c7b0f9e55b3454a13cbc30518d3979789b76492afd411574ed54f0e9858693dd29b96a20aa55c6835a40c44c84d523054dcaded22718e48708958f977f94cdb360421878f67e97fe2140233f15924071c78fe5ea27b7f9e7eb0cc08fe19703df61906177cb8377c16d50ede70d62f1d8c0f8068323cd5eab2f6fba57ab3574c4742e06031d5a75f3d000b56051f43f987472a5f582a83f4c99a4366ac8c66673da6a312fe4804fb185f3fcbf6f3ffda91f5ebf6467ce6baa992a850765d37de2b3f16fd3ca44854993082e987ca1f520e0c149cdf92f727566c4c5ebe3ecf376c67a5fa7d51942784ff35236a0940a5f275a9ab8c0c5caf68421a14834edc9c29fd3adaedf4cca2802aaa33283ac811d97ef4affbba7315ce7fa5dd2783a067f223a4a8235fd67c23fa535efb4547202d171b51050d508081be9fb6467e9e7d052a7fa8fa8534c440f9f22c8f3d763d89666046951fe85f977a7ad816fc42037adbbec0352ed2b3454fa433e31a30159b9a3d5777944258f01dfe9d38f67af3e85dbdf23e5bb841401b40afeaa708f0a06a2efa2289f9ebda77c2a1390b887bf4b3dd90e418955d05431fd524b481b8b51c523fb1a3d0339bc3999c0a14d643a6ea69346f46a554bd25be3263a3c5ac0848b152d3eed833e7f2a6ce3b0d4100e49319120d4c2b520205fa2a344ab087bec0f73968768d0188007603a77428f12026cf3b296823f3138315ff0f95f3c62c060acb1a11850b46d361ab41b7ad241e45246b091ee2d0c1d444290ff6669a34f1fd0020795fe89d4b67bf07f16c88c8987e7f72480ad42109b43f37e4c753495661b0514553532364638ca8152782b99804b6f9da69fb2b5b7f93acad94ccbadf6e6d9547852088945d3d8c4c5702b1323c47fdd4fc77fcfd61c7ea8b26cfd0954be063cca429cb9915b8a937833ff4c1f2bd620b08dc00ddaab4fa5e13a5f4f2127f0b63b7140dd14b1dee95f178d2bc33cef7e820e609aaa20a733931625227529c714530574bb8cb38e6baef0cefe9a9e3277a4e1534f249abed7f06c8470ff3723c9140f5ed466ba7b79ab2ed2e61d2f5826d72a560c8cc6cf6a64fb9e70b1d15b80f22cd86bbd38b5c46741e054204476f63651f3cc9bce975600abb3133e104fe0145383d0d320367df2dd202daeb7b51b4a1e4e7d36fd1c847965efd71430b8bcef773163b1e378e1381f05083304ea41ee8d37ecd988cc671270101ad4800706cf0387bd038a7164d1586ef5e8791cd6bc3a91bdcf35982d46d841acc8342544d557d369cb4a84589082bf9503d45659791e522bec6a5f61f740ca5540787dc4a6a9f567bb6c0b13d618e80b2b348adde16fc63b2052f381eab8c120f14ab623a4110030847db00ed2d19c0101991f82a8671738b68b6e0efaa8f771de3cb6c2165298df69383b775fafb7c249fd78ad2ee46390c1b905b3853680a80a1849952a10e69fa64d680cdeaf5a451408c5b5d64e0f244ee362f21f37c66b795d73647964d12e297f7f6b760ee4e4b46ef502a54483d3838674e1767eb93f91454f1dfb629e45ed71646f139b685cdac6c73afc20bf62b3b2dcd81d9adf65b4f4a5f2a2a2fa7e079d944739546462519521e523db10cbff9489d7ce84a78ed5fa80b2d5361f4829bfa4bef5c351c984cf58a5f227687eadceb8c0cdc51825a008f8bb8ebb549864b6fba1da22da5aa0a0161464695fad60e636e45091b6dee20498f33ff9f91c1ef927c90215cbf4f5711805eb13e0e65cf326627bcfdaf0bf07d5e9c53520b884411ed632f9f5169db46d674fd660637ab8ee1ca1aefee8ea4ab3b41e6fc18842a0a254db125243e4e996db939aab80b04d70fb22f3c1cf7edb1d18cb5af99be7dd4f01e2ee265109abc51845dcb3f5c8e8477fd7fa8fe41bd83809120428ea9dfef010005964d66ef96c1648516f1b0cacebd95ab20c2a2e2647c967c48c6c9b7977441a0dfeffba2beaec54a66f863c9ef3a4e2fc77928291753648b7abf3fc26128cb4eea246468b05cac113b3464546442e14d5aa760a3d7c481d238b2a5226bfe0dfd2dd5b2a9a5ad738c6a83e21312e0e11ea3daedaa7a6e527ec166337d24b083ccf97af580edb453dc1a7b841b7266ea143b294291ac5ed5dce7dac20d14bb6e53b64eec515515ef817611d22d3a306170d4f358f0b890411454e1bdf85ccc42589ba1a1d75289523e4aae1eb46328d0dac43539eab1d3aeca3db300e605c53cccf04d3688e5db58fe283b01745dc39baea5ff49db07deb7adeac2d3df45fa72f9fccc9d1947556fd8594faa393a2854691016eeea88e96272ee1156874b9ba78a4f71022e3ec2e0776f8db400e6b967be079684d3d80645125c488f5bc0a69a3d7e12bf187a41a8acc9b2f7a610798fb6e2e438b85a9012d6f6990c7b9a557b98d32753cc1786868dc864edd3f0edd8bbf48924fd09d0d7a2334bfcbb5786752765c8f33fc8cdab048b81607b1ba098ce44e6d99d8b1b08b5d19d177f6661c32031d475381c0c804c63d2b7ae9a2198c0d6114e7bdd0e01a4cbfc5c41e858d28f157efe5a52ffd6d70f2bef2066a2d65ec68ac1ea678588f1cf0c9eb030f34a2d99138c4a6a0f85edd8a382324c2c823a7bfc3db3e6822faa0ab1801361c1f23aff0fdb8fb27cdc1db4226d62c0101561e78b704854893c6bf0de79b45f87da7a8e4f65875842230d2bfa152e96fecbe4a7465fb400cb7790102d0a89f105e84a23173141245d641051b8d614d3be26423bc0d042990c62ea3b7392e7a8117e250348d3cf79be1529c8a764da382f019b5a750ab848ad03cf53921c8548318db7aaef2be3acce1a3d9a9715ebf6a5b53da18ef20b932d5926c3cb44c1a4e6ef83f2a84f8afa382d44ea35f17bc147ae1dc792784cfd9edeb9fe09f422aca81ec59688baf429509a6b27ad0f6e21c977756a022979c8a47d983d42a913d0ea6ecfd8bc0aaf9fba62a36d542710161a088656dca539a940ec6dc79ab197eebb803988674d93c8d604a5bcdcdeba44c331c72e58ff9320f39031fe711bca2e0269b1028862c2d2a6c8871a0f92dddd30629eafc739165a070c61c12be11bf3d3cabb31decf449059c99fcc12a1684d8cb48e496df33920dc0a4fd225981c0f45b7220fd9d9189808e4bb39e5accc10fd7a8f3cf1335cb9dc31043a1e2eaf75e0ba500d5ca4497b2924725c0892033eb0ef944e2fc204e9f1e177862af3d59190e2335061a76d4d3bd922d9bb72553a339dd1672b61a91a0d0e23ddf6b08bd13cdf82451b5e8fd3842ba71eebdde40f8563124fba86c3c500f2ceb7246967f497f1dd3e5e42f14774a909199dbec4b469b8b3b6b25a95caa86f334084d38d71d93a395acb14c145298c503f7f494bb9867c564ad7e32aa1ca7bcfa2181dc712165247462db25192f7cba05cee92826c0561303bc473c9485a989793b8bfc2d0285dfbb13c11a426dff4e404435e2e47760d45b76f91b6c7bf04d4504c2502293fc7b49d24fda5b5fcfabf714087582d25a69ead80222da1d574d599b39a0c54ea7709dea1798b9eddea5cff504cc5ae40c561976c11a514f2ba359f6791830926fa13ac7f71e7614d0233305d3ec694b7d31ef320a44079af2614956ba31a66b959a11a3bfbdb683037d6ca42d0e9bbd2d83af74fd4a73dd6537e393b7026169d3c0e017a9e3392e03e8d76cc0f5f0caad4926b3169d61ea09b6cd45e5f62aba4ecab5b053d54cdf8ec5a69320094d520f702cbd218125f24e38a5934a2f5f4d74c12df05cc0c7b3c36a37db2863e918a8cbc496fa77bf6109008e20602636ddbd53aec45741384aafd05ebbac9d6ddd8aeb3d75775bae5124cbc7fb5db4ce9c8af96ad05035a8dcb64c0b02f0669c65b07f60c9cb81e99462ef8318d0ab65b97d6a9271042f4d46a5d8ee42b90783db78827d018b8d392ab3eab88e06b409878fcf74067b1a1fede92874741cfde10bdb444819fb991c36c9dd458c8794e0b4bd9e3f7cd383c485e6a60fa4238b318e14896934d97b4b7993472f4f9f246ca7523e5979c984fd16248b087cc3eafd706328a3ec47f88247357c4b759a2a1f0efde24f4129fb612f8c3742847b39996487653d6bcaf5862dc1bca501abed2d0b5a23c1d2a62eb968acb01763718b27a57e99bcd66c9910d6d0bedc7e6197bd58267cb1a8c61eeef9f19aaa6a0cab7cc268e8bec46db3fbcf4de3e8abe483bb01811087fec18bbe471628c3bc80194d3661efa6d9130a524089b07d8cdf6198018a24d23bfee4a1664e68ae7c30f77bbbcc7116d9bda8a4e6c01f047a4ee60a09ab23a63e1bcdeb3869043efe60eb3b7a6beb366d11e786002b2e3d36d44f91ed87152697e456f8ebd2b0e15df21a773b1ea876319fada12bd340314944f8d9d90ea26380cd83692a2f634c241bfa0868fd7ba52a841ad418c97e818195047d6d11ade0aafabe0d627a68721f61f3758c40dd14498521966380d59e0cb621953f0ea908fd297178899b2e60c210479a4a9ef9a8cf1d2a0c2e909043ce75d2f4fb766eb166b995b714cfb71bad7462525aa15d3fc8462808f8a0cee080502765bb9d1e9912a9ba937a94e48708b531d5ba71bdddb97fe77dfc7fcbcc0ddbef56c1f78feff399eabe15aac18b95f0c88a40dd5ebbdcb3ae45ba66dc990e9267c5290f7b357e1ae5e354c72edab117bcc394e4e8a91d99ca2f000420ff9cb32f87c663c6bb9692cab44c5c26212dad70a5426ce7eee219cdeb6bcb65d9b1f957c3e495a1198a60dcf446f4b192fa50d8c4426b8ba3ef0e06be2d04d7e142e825718828617220349408bd313df2ae8f860058b169b7ec3416f4c73fbfe509b442b8332a7049e7dd59b77d199079c187f7afb9b869ddd27864fb1bd0ba7e0ff67ceefc88f86362540a3020b9a90d07b9634358142a4b095f3becfc810b2ca5d78361403cf09e59c3b747953ff3535bb9f99bfd20da8a64082fd8552739f622e5d24d2fee438083d839402aac872f3d98f394d56bb4564c8caac19ec4873ffd2dae20a0bd8f0781fb92984755014695ba1f3a2e01ce4fa33206b53138afdacf34c2be54b56cd76a9948013538c7ed8fa60055e9b60aafde90f50b4e0cc9b3009f45823f674f23ddd6cb2439c479e20ab975139055bc8ad72315c3c466093be1e06ad27f7601b9cfbce93f172143c6523e239fed636ece9407caa423db7e64d6ee1163976dd7f19c333d02d788111de7243b7dd6dba0a1d9957e758acd4ad9ceba61d0be6c2be89b65d18f1a7f1cee89f9fee5dc682e12e78d2822f99f4b2a920c36d0650604c545b76c9e5755032a8ea94d0fb21d513a138b5a1ad86acdf0097d5f289a9629c7a3e570a96383980c067a702cdc198712adade467e0baf05595108dff0b342d1b1fe243cf8145d024b46f8008c20ded574da9f49b49163591a6cd2fcad74caad0e95dc5714a15cfa88ff11a7d30028326575217447100f4c5c97f0cc25d79960e39b94f0ab60f986fa3c919865f8e231bd77c2c759b166d8874728e9e131b9b3aa5cd166a9ae330ca439ea3ffb7581f1f4389ebf9334810d07981c5ea03b42ef5615ebc17005a0c9c02478353c08f4cca0b6a2e98de3d51d3174ee8101387f52b12b699b57a4c50452a978eb43c3a101ae69213fe93f2606fc6bf7b771e3dea5e578b85e5642791e9aa281c8f91cebde1095cbc23ce174a1ceec151703a226749176d42d72468d48f88012d18e0f2640c3018e08c8a2df197f273596ca5d48cf976b7ee051189b8081f0863e613258f267a5bcf30509c6285fc37c0d045c29c471b04f189cb3c69914ba0591cfba1c71ed909362aa8840be28e624e3a6b8393170e809231e10820326ecd03e23e11dfe29ae47adddf3d4f858d51f9ca33ee85a5077a1463caac5d034293bcacafe15b3e6cac7247a33ace000f164cf8a5243f89b89b8b11220b35a07679e7af900e540d965669fa23ca0d0d3b47d9b2cb0fa31a90c69e686d582f6c9c8c628875c002cc5e288a5e1b738842258569fe2a4de3dfd7dfd13b1fd7c8c29dfa4f58ea8d0c7e56222fb9b0d29c68c7cb8ba3fd79b04a14366f83bbef2531311a3f385bdad440ee85e2dd947f32a349f9d1eb750ceb0f7211980b0b970c7b81f16935d4d3e764869edae7a45cb45a0445e8c8ec27fac4edd6ea269563b6f12f394782fd970cbfc2752fc9f4892c731eaac8e3a315797b0449b2a9ae3d4bd25d0e8f1a43e29630b4e2e882ece16dc542fcbc1f165b2cefc4deb40c23bf61f3e51d5acbc81135d35f0c055d8a003e03c0625e83f95ab2349c222dbc6d62d34e0119938d0b384a86dbdfd00c1226d0ff1f834c3529361c9db6d5612009bc39a0d654de2940ee2b8a96bd3c297ecad0a3df1b2a85a400fab889648315415c4ddbd0c9752146496d3769b3c9148330a8324453d4431d19727ddd12493003bd7eaeb05b2f5c333a33cba442df3dc11dc23c80292a52b040f5e707784b5d29f4c46d3ac8ae0e159517c1a196103bfd6bf6d32afd687773bf224ef00c844f1f36365e7220c57a97aa0904219a0ab84def7095b280b971b554e0142d154c5422c918b4744bb3b9e61721a983f4d63cc79fd88295b67b24fec0ec1ce8a2e80a1ca4e97cdda6d2df44a571a74b941f049886355e2bb5ed908e646850d85095d099e3a189a4298f4a25c0798b4dc25cd630695561a04f43ff009e4f49177e01c11442593fbc23657a46f918a77231b3405d4931b6f2c01f0207d6933304bb2106c5dbce23378bc7ca66ff4f57550bbc36500f6c4ce21dc22a4575c315d2f4c4fb1fb8e12ebc2c037451611718d4371c6d0a00bab9f68a1dea6bd654d49232ab3c85e07a6ec8e2b19012c31d540f81d666d0a236e9e2a4b6d85c0974efa172d13003b63e94cd7a5652f4703d88712fb63521abaf0e2a0dd4b2e457e42d4a811db6a77310b1aff1b9055c9995ce9a0fe2e0c3657c52ae562738b6c12693cb2bffd1d3c41b6a73feec4008e63562bbc38a8c56c10efdb2b67fcef74f6a6f7e35baa4685f7764977348db378b242ac5f81a8a69c666c0247d1d326faf3b7dd4f07bfb16c08bb2703f6997e1a6cf042c0ff0fea27217ac2c78328bd573e8dd86263de6ffcf3d26d45d8be7234da9f24f1a08ab16f3df9e85861fb1251933eb8982b81999234d6d56759acd528ffcaee5a300e711e0b7f0b208612caa6dfeddfe4557161933a1910ec4b35ed89760fb91de6c19f766845979e36855a11d7ba6b892a717b32e8e17b367c5fd11b940de937a975470bbf872f8a1cd637c76fe0a9aba5fb9e", 0x2000, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x28, 0x0, 0xffffffffffff6260, {{0x7, 0x5, 0x1, r3}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fcntl$lock(r4, 0x5, &(0x7f0000000200)={0x1})
prctl$PR_SET_TIMERSLACK(0x1d, 0xfffffffffffffffa)

2.841257781s ago: executing program 5 (id=19833):
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

2.680365446s ago: executing program 2 (id=19834):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000600)={r0}, 0xc)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0x1ac81b, 0x0, 0x0, 0x0, 0x1000000}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0x0, 0x1010000}, @initr0, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x0, 0x300}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)

2.644890628s ago: executing program 5 (id=19835):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0xc00}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xcc}}, 0x0)

2.294296241s ago: executing program 5 (id=19837):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0xf7ff, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d300000000000000800050001040f0f080003000000080008000f00f7ffffff08000600040000000800110009000000080002"], 0x5c}}, 0x0)

2.002643194s ago: executing program 5 (id=19839):
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x21)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x21)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
openat$comedi(0xffffffffffffff9c, 0x0, 0x1c1800, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000300)={@rand_addr=' \x01\x00', @remote, @private1, 0x0, 0x0, 0x0, 0x500, 0x0, 0x80040306})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)

1.44837336s ago: executing program 6 (id=19841):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000340), 0x8)
r0 = socket(0xa, 0x5, 0x0)
listen(r0, 0x100)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000a40)={r3, r3, r3}, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x4, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000340)={[{0x4, 0x3, 0x20, 0x8, 0x0, 0x89, 0x2, 0x6, 0x2, 0x81, 0x5, 0x4, 0xfffffffffffffffa}, {0x0, 0xdac9, 0x9f, 0x4, 0x9, 0x3, 0xd0, 0xe8, 0x1d, 0x0, 0xfe, 0xf, 0x4}, {0x9, 0x7, 0x0, 0x1, 0x7f, 0x17, 0x4, 0x9, 0x9, 0x17, 0x7, 0x80, 0x5}], 0x8})
sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@in6={0xa, 0x4e20, 0x7, @private1, 0x1}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0x1}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="1800"], 0x18, 0x20044000}, 0x8050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000000000700000000000000000000000903000000080000000000000f01001b0900000000000000002e"], 0x0, 0x46, 0x0, 0x100000}, 0x28)
r5 = syz_clone3(&(0x7f00000002c0)={0x100000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1d}, &(0x7f00000000c0)=""/147, 0x93, &(0x7f0000000180)=""/215, &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x3}, 0x58)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="090000008100000003000000ffffffff16010000", @ANYRES32, @ANYBLOB="ffffffff0000bade3259b93ef98b1eacc20b2900", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r5, 0x0, 0x5001)

1.367116495s ago: executing program 5 (id=19842):
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRESOCT, @ANYRESOCT, @ANYBLOB="00000000010000000000000000df"], 0x48}, 0x1, 0x0, 0x0, 0x404a850}, 0x4040000)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000300)={'ip6_vti0\x00', <r3=>0x0, 0x2f, 0x1, 0x0, 0xff, 0x20, @loopback, @mcast1, 0x1, 0x1, 0x7, 0xff}})
r4 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r4, &(0x7f00000005c0), 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, <r5=>0x0}, &(0x7f0000000480)=0x14)
sendmsg$ETHTOOL_MSG_EEE_GET(r1, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x60, r2, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x48840}, 0x24000010)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x150, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_red={{0x8}, {0x124, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000020000000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}, @TCA_RED_MAX_P={0x8, 0x3, 0x7fffffff}]}}]}, 0x150}}, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x7, 0x50, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x5, 0x2}}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0)

1.348835402s ago: executing program 6 (id=19843):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
shutdown(r0, 0x0)

1.232288937s ago: executing program 6 (id=19844):
r0 = shmget(0x3, 0x4000, 0x20, &(0x7f0000ffa000/0x4000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="0800260090150000080057"], 0x2c}}, 0x80)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000000100)=""/28)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000a962da20402001497747020203010902220001000000000904000001308e72000905000000000000000705db224370bf9e7d443e5dcd7a14f2e88c161020ce6d80986533cc878d3e52fcf49f45467ba406e62bd903c7aeab51be491439ab200a79279697658db9b089231ee787caab98f528873f0f03474d281e64d2cf4cd9fa74f3bec125a9177fb6629b4c4ab07e1809b8896074b9c193a1d561b676d7cf183dda94554dce453ee8028101000000bdb72554e2b7a89862a627e43c2d96cd8faf"], 0x0)
r4 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {r7, 0xfffffffc, 0x0, 0x30, 0x0, @in={0x2, 0x4e22, @loopback}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x80000004}}}, 0x118)
write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f00000002c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000080), r7}}, 0x18)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYRES64=r5, @ANYRESDEC=r4, @ANYBLOB="1b56b1ac05834f38c7b64cf199460afca559ed37f77b85dc6c42d1b72cb3ae9eff8a85f49aade70362e5b96c0db863ea3bf82c9a18a520017d9718744b1df5a75167cf36ac183d4675fe2a2a939322b35c071ba422b68832463afbbcfc8d4f601ae6d5b0074043c19c930f8cf9eb34190068524a0380350c45836d3b2353b00cde5775851a826eae82aa91655432adc57e", @ANYRESOCT=r5, @ANYBLOB="3191c348281cc3f0278bf9263a65a345859381f96c5a3be4c8d150f89909508521b79f828325933f0526c5cd90a7abb57106e7fba1f178b93c5fc9fb5555f6c1e73b44a54dfed140d0693df4c35a5b1af7ba6a20ef940f7408c8cb8193976fe7cddff89090f6c554d7929b4ffb503937679d7bbb140892acf6c3d1bcf975678fc1cb1d697d365cee3017979fa4fac05127818426f722e54d45fbb34921423e001898205914867e1eb0613efc13726ae2b5ae665e0c057da7213a4d5b0d3b6d3f949265ec6006aa615400834a0b6540607019264bc1d844524c857209242e50e7ebd89ae8295d9fe628f4418449f6020f7703bebc03c4f237af", @ANYRESDEC=r4], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@generic={0x0, r10}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = socket$inet6(0xa, 0x3, 0x8cb0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r12, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000, 0x0, 0x1, 0x1}, 0x20)
r13 = openat$cgroup_int(r11, &(0x7f0000000080)='hugetlb.2MB.failcnt\x00', 0x2, 0x0)
write$cgroup_int(r13, &(0x7f0000000180)=0x1, 0x12)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r14, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r15, @ANYBLOB="01002dbd7000000000000100000008000600e0000001050004000100000008000b0027"], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x34, r15, 0x300, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, @FOU_ATTR_IFINDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x54)
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])

1.215589785s ago: executing program 6 (id=19845):
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

1.160969109s ago: executing program 6 (id=19846):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}})
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000010c0)={'filter\x00', 0x7, 0x4, 0x400, 0x0, 0x0, 0x210, 0x318, 0x318, 0x318, 0x4, &(0x7f0000000100), {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @broadcast, @private=0xa010100, 0x4, 0xffffffff}}}, {{@arp={@empty, @rand_addr=0x64010101, 0xffffffff, 0xffffff00, 0xd, 0xc, {@mac=@remote, {[0x0, 0xff, 0xff]}}, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, 0x5, 0x6, 0x4, 0x2, 0x40, 0x7, 'bridge0\x00', 'syzkaller0\x00', {0xff}, {}, 0x0, 0x142}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x8, 0x0, {0x9}}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7ff, 'syz0\x00', {0xfffffffffffffeff}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x450)
r1 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d2407010604000000000000e90924030000000001"], 0x0)
syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) (async)
r2 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r2, 0x29, 0x18, &(0x7f00000001c0)=0xffffffc3, 0x4) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x60, r4, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0) (async)
readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c) (async)
syz_usb_control_io(r1, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="400001000000e6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000a80)={0x84, &(0x7f0000000480)={0x0, 0x13, 0x1, "b7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r1, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000540)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) (async)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r5, 0x400448e2, &(0x7f0000000300)) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r5}, 0x8) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1f, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70200005245855db7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000bf020000000000008500000084000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1d, 0x20, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x6}, [@alu={0x7, 0x0, 0xc, 0x2, 0xf, 0xffffffffffffffff, 0x1}, @map_fd={0x18, 0x2, 0x1, 0x0, r6}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @map_val={0x18, 0x3, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1e1c}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @ldst={0x2, 0x2, 0x1, 0x2, 0x5, 0x50, 0x1b}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0)={0x2, 0x8}, 0x10}, 0x94)

118.274238ms ago: executing program 2 (id=19847):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000004000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66)
syz_open_procfs(0x0, &(0x7f0000000300)='net/xfrm_stat\x00')
r4 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x3, r4, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, r4)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a125c5baecd7e46618851e723e8ef1628f8e5c9fff1954ad6617c17f", 0x2a, 0x20000080, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000140)=0x6)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)

301.139µs ago: executing program 6 (id=19848):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000380)={0x78, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$lock(r1, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x5})
fcntl$lock(r1, 0x7, &(0x7f0000000080)={0x0, 0x0, 0xb, 0xbb9})
fcntl$lock(r1, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3})
timer_create(0x0, &(0x7f0000000240)={0x0, 0x25, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040), 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$usbfs(0x0, 0x85c, 0x1f5100)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x111)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, 0x0)
acct(&(0x7f0000000040)='./file0\x00')
getpeername$unix(r0, &(0x7f0000000080), &(0x7f00000003c0)=0x6e)
semctl$GETVAL(0x0, 0x1, 0xc, &(0x7f0000000500)=""/235)
shmctl$SHM_INFO(0x0, 0xe, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 5 (id=19849):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r0, 0x4b3a, 0x1)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x7f, 0x141000)
ioctl$COMEDI_INSN(r1, 0x8028640c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040), 0x4)
sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4800)
ioctl$TCXONC(r0, 0x4b3a, 0x0)

kernel console output (not intermixed with test programs):

 2857.267100][T17621]  ? skb_clone+0x212/0x3a0
[ 2857.267117][T17621]  should_failslab+0xa8/0x100
[ 2857.267136][T17621]  ? skb_clone+0x212/0x3a0
[ 2857.267152][T17621]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 2857.267183][T17621]  skb_clone+0x212/0x3a0
[ 2857.267205][T17621]  __netlink_deliver_tap+0x404/0x850
[ 2857.267236][T17621]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2857.267257][T17621]  netlink_deliver_tap+0x19c/0x1b0
[ 2857.267277][T17621]  netlink_unicast+0x811/0xa10
[ 2857.267303][T17621]  ? __pfx_netlink_unicast+0x10/0x10
[ 2857.267323][T17621]  ? netlink_sendmsg+0x642/0xb30
[ 2857.267341][T17621]  ? skb_put+0x11b/0x210
[ 2857.267365][T17621]  netlink_sendmsg+0x805/0xb30
[ 2857.267392][T17621]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2857.267420][T17621]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 2857.267436][T17621]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2857.267457][T17621]  __sock_sendmsg+0x21c/0x270
[ 2857.267488][T17621]  ____sys_sendmsg+0x508/0x820
[ 2857.267510][T17621]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2857.267534][T17621]  ? import_iovec+0x74/0xa0
[ 2857.267554][T17621]  ___sys_sendmsg+0x21f/0x2a0
[ 2857.267571][T17621]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2857.267620][T17621]  ? __fget_files+0x2a/0x420
[ 2857.267634][T17621]  ? __fget_files+0x3a6/0x420
[ 2857.267658][T17621]  __x64_sys_sendmsg+0x1a1/0x260
[ 2857.267677][T17621]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2857.267702][T17621]  ? __pfx_ksys_write+0x10/0x10
[ 2857.267721][T17621]  ? rcu_is_watching+0x15/0xb0
[ 2857.267745][T17621]  ? do_syscall_64+0xbe/0x3b0
[ 2857.267765][T17621]  do_syscall_64+0xfa/0x3b0
[ 2857.267778][T17621]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2857.267799][T17621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2857.267815][T17621]  ? clear_bhb_loop+0x60/0xb0
[ 2857.267833][T17621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2857.267847][T17621] RIP: 0033:0x7f53b55beec9
[ 2857.267863][T17621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2857.267878][T17621] RSP: 002b:00007f53b3826038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2857.267896][T17621] RAX: ffffffffffffffda RBX: 00007f53b5815fa0 RCX: 00007f53b55beec9
[ 2857.267907][T17621] RDX: 0000000020040000 RSI: 0000200000000080 RDI: 0000000000000003
[ 2857.267917][T17621] RBP: 00007f53b3826090 R08: 0000000000000000 R09: 0000000000000000
[ 2857.267925][T17621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2857.267934][T17621] R13: 00007f53b5816038 R14: 00007f53b5815fa0 R15: 00007ffdfbd81b58
[ 2857.267961][T17621]  </TASK>
[ 2857.305844][T17621] gretap1: entered allmulticast mode
[ 2857.453669][T17625] netlink: 68 bytes leftover after parsing attributes in process `syz.4.17839'.
[ 2858.008654][T17249] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 2858.042869][T17249] usb 6-1: device descriptor read/8, error -71
[ 2858.488608][T17249] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 2858.581302][T17249] usb 6-1: device descriptor read/8, error -71
[ 2858.704144][T17249] usb usb6-port1: unable to enumerate USB device
[ 2858.882545][T17646] gretap1: entered allmulticast mode
[ 2858.952601][T17654] binder: 17648:17654 ioctl c0306201 200000000040 returned -22
[ 2858.966449][T17656] IPv6: sit1: Disabled Multicast RS
[ 2860.606690][T17685] netlink: 11 bytes leftover after parsing attributes in process `syz.5.17868'.
[ 2860.606716][T17685] netlink: 11 bytes leftover after parsing attributes in process `syz.5.17868'.
[ 2860.863355][T10742] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 2860.928144][T12481] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 2861.023432][T10742] usb 6-1: Using ep0 maxpacket: 16
[ 2861.029164][T10742] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 2861.029191][T10742] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2861.029219][T10742] usb 6-1: Product: syz
[ 2861.029233][T10742] usb 6-1: Manufacturer: syz
[ 2861.029248][T10742] usb 6-1: SerialNumber: syz
[ 2861.097001][T10742] r8152-cfgselector 6-1: Unknown version 0x0000
[ 2861.097032][T10742] r8152-cfgselector 6-1: config 0 descriptor??
[ 2861.117552][T12481] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 2861.117606][T12481] usb 5-1: New USB device found, idVendor=040e, idProduct=4007, bcdDevice=5d.18
[ 2861.117629][T12481] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2861.576792][T12481] r8152-cfgselector 6-1: USB disconnect, device number 8
[ 2861.891139][T11879] Bluetooth: hci1: Malformed LE Event: 0x02
[ 2862.182310][T17736] netlink: 72 bytes leftover after parsing attributes in process `syz.1.17884'.
[ 2862.700306][T17745] block device autoloading is deprecated and will be removed.
[ 2864.606621][T17249] usb 5-1: USB disconnect, device number 4
[ 2865.445395][T17773] delete_channel: no stack
[ 2866.142150][T17806] 9pnet_fd: Insufficient options for proto=fd
[ 2866.347218][T17807] random: crng reseeded on system resumption
[ 2867.248597][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2868.206244][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2868.763829][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2869.057824][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2869.832691][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2869.833321][T17249] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 2870.005933][T17249] usb 6-1: config 0 interface 0 has no altsetting 0
[ 2870.005973][T17249] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 2870.005995][T17249] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2870.105133][T17249] usb 6-1: config 0 descriptor??
[ 2870.624681][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2870.625238][T17249]  (null): keene_cmd_main failed (-71)
[ 2870.655307][T17249] video4linux radio48: keene_cmd_main failed (-71)
[ 2870.655331][T17249] radio-keene 6-1:0.0: V4L2 device registered as radio48
[ 2870.658236][T17249] usb 6-1: USB disconnect, device number 9
[ 2870.791123][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2871.352806][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2871.938842][T17856] bond5: option lp_interval: invalid value (18446744073709551487)
[ 2871.938866][T17856] bond5: option lp_interval: allowed values 1 - 2147483647
[ 2872.107517][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2872.969102][T17856] bond5 (unregistering): Released all slaves
[ 2874.514920][T17249] usb 6-1: new low-speed USB device number 10 using dummy_hcd
[ 2876.456876][T17249] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 2876.457760][T17249] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 2876.457781][T17249] usb 6-1: can't read configurations, error -71
[ 2876.489241][T17897] Process accounting resumed
[ 2877.155962][ T5876] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[ 2877.917139][T17947] Process accounting resumed
[ 2878.082525][ T5876] usb 5-1: config 9 has an invalid interface number: 8 but max is 0
[ 2878.082552][ T5876] usb 5-1: config 9 has no interface number 0
[ 2878.082604][ T5876] usb 5-1: config 9 interface 8 altsetting 12 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 2878.082630][ T5876] usb 5-1: config 9 interface 8 altsetting 12 has a duplicate endpoint with address 0xF, skipping
[ 2878.082652][ T5876] usb 5-1: config 9 interface 8 has no altsetting 0
[ 2878.136996][ T5876] usb 5-1: New USB device found, idVendor=114f, idProduct=68a2, bcdDevice=c1.ae
[ 2878.137017][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2878.137028][ T5876] usb 5-1: Product: ⃪侞ﶾ탽펏틶릻
[ 2878.137036][ T5876] usb 5-1: Manufacturer: ࠐ
[ 2878.137043][ T5876] usb 5-1: SerialNumber: ⣲ꎼ像饼䮋ᚅꍁꔨ툧ఒ꓀得옘㵜⣤톈⧗䎬鍑틬8閸嵡⟲ﮰ扎尡捯鍊ޢ领⶘먢瑮鷷ᘤﵒ㊿殶䤬妯溶誮豭옂躱鄾ે⻏추꠆痥絩䕀㬁螕䭡䦍ꕝ忯椎竡㧙ᶱ葧캞ㅶ㑎ꑑ⋬눥፳龸돾⟡繋ḏ鎓ݡ㛵햣揇ѫ譀㼔즛볙첋㿨쳍엜ﮣﳘ羒᎜愂協㰼惸♽Ω
[ 2878.427793][T17938] tmpfs: Bad value for 'mpol'
[ 2878.471251][ T5876] usb 5-1: USB disconnect, device number 5
[ 2878.746395][T17976] netlink: 40 bytes leftover after parsing attributes in process `syz.6.17973'.
[ 2878.758144][T17975] 9pnet_fd: Insufficient options for proto=fd
[ 2880.301498][T17994] FAULT_INJECTION: forcing a failure.
[ 2880.301498][T17994] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2880.301532][T17994] CPU: 0 UID: 0 PID: 17994 Comm: syz.5.17978 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2880.301554][T17994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2880.301567][T17994] Call Trace:
[ 2880.301575][T17994]  <TASK>
[ 2880.301585][T17994]  dump_stack_lvl+0x189/0x250
[ 2880.301617][T17994]  ? __pfx____ratelimit+0x10/0x10
[ 2880.301646][T17994]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2880.301673][T17994]  ? __pfx__printk+0x10/0x10
[ 2880.301713][T17994]  should_fail_ex+0x46c/0x600
[ 2880.301746][T17994]  _copy_to_user+0x31/0xb0
[ 2880.301776][T17994]  simple_read_from_buffer+0xe1/0x170
[ 2880.301810][T17994]  proc_fail_nth_read+0x1b6/0x220
[ 2880.301838][T17994]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2880.301866][T17994]  ? rw_verify_area+0x2ac/0x4e0
[ 2880.301892][T17994]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2880.301917][T17994]  vfs_read+0x203/0xa30
[ 2880.301952][T17994]  ? __pfx_vfs_read+0x10/0x10
[ 2880.301974][T17994]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 2880.302008][T17994]  ? mutex_lock_nested+0x154/0x1d0
[ 2880.302030][T17994]  ? fdget_pos+0x253/0x320
[ 2880.302059][T17994]  ksys_read+0x14b/0x260
[ 2880.302088][T17994]  ? __pfx_ksys_read+0x10/0x10
[ 2880.302110][T17994]  ? rcu_is_watching+0x15/0xb0
[ 2880.302139][T17994]  ? do_syscall_64+0xbe/0x3b0
[ 2880.302163][T17994]  do_syscall_64+0xfa/0x3b0
[ 2880.302181][T17994]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2880.302208][T17994]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2880.302228][T17994]  ? clear_bhb_loop+0x60/0xb0
[ 2880.302253][T17994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2880.302272][T17994] RIP: 0033:0x7f494b8ad8dc
[ 2880.302290][T17994] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2880.302309][T17994] RSP: 002b:00007f4949b16030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2880.302330][T17994] RAX: ffffffffffffffda RBX: 00007f494bb05fa0 RCX: 00007f494b8ad8dc
[ 2880.302345][T17994] RDX: 000000000000000f RSI: 00007f4949b160a0 RDI: 0000000000000004
[ 2880.302359][T17994] RBP: 00007f4949b16090 R08: 0000000000000000 R09: 0000000000000000
[ 2880.302372][T17994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2880.302384][T17994] R13: 00007f494bb06038 R14: 00007f494bb05fa0 R15: 00007fff0144f8a8
[ 2880.302418][T17994]  </TASK>
[ 2881.197470][T18012] netlink: 24 bytes leftover after parsing attributes in process `syz.5.17983'.
[ 2881.731919][T17268] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 2882.010911][T17268] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=f0.64
[ 2882.010972][T17268] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 2882.011026][T17268] usb 6-1: Product: syz
[ 2882.011089][T17268] usb 6-1: SerialNumber: syz
[ 2882.288545][T17268] usb 6-1: config 0 descriptor??
[ 2882.300155][T17268] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 2882.330779][T17268] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2882.331968][T17268] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[ 2882.332023][T17268] usb 6-1: media controller created
[ 2882.403820][T17268] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2882.642967][T17268] DVB: Unable to find symbol mt352_attach()
[ 2882.644407][T18032] fuse: Unknown parameter 'Group_id'
[ 2882.789608][T17268] DVB: Unable to find symbol nxt6000_attach()
[ 2882.789624][T17268] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[ 2882.793568][T17268] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36
[ 2882.806336][T17268] dvb-usb: schedule remote query interval to 1000 msecs.
[ 2882.806355][T17268] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[ 2882.806371][T17268] dvb-usb: bulk message failed: -22 (7/0)
[ 2882.806386][T17268] dvb-usb: bulk message failed: -22 (7/0)
[ 2882.809068][T17268] usb 6-1: USB disconnect, device number 12
[ 2883.258629][T17268] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[ 2885.348721][T18100] input: syz1 as /devices/virtual/input/input37
[ 2885.452947][T18107] binder: 18103:18107 ioctl c0306201 200000000040 returned -22
[ 2887.792933][T17268] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[ 2887.961047][T17268] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[ 2887.961075][T17268] usb 6-1: config 8 has no interface number 0
[ 2887.961125][T17268] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[ 2887.961154][T17268] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[ 2887.961175][T17268] usb 6-1: config 8 interface 177 has no altsetting 0
[ 2887.961215][T17268] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 2887.961238][T17268] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2888.033932][T18149] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2888.775594][T17268] usb 6-1: string descriptor 0 read error: -71
[ 2888.969839][T17268] ir_toy 6-1:8.177: required endpoints not found
[ 2888.985240][T17268] usb 6-1: USB disconnect, device number 13
[ 2890.806379][T18223] binder: 18214:18223 ioctl c0306201 200000000040 returned -22
[ 2892.732658][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2892.893834][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2892.961921][T18247] netlink: 'syz.4.18077': attribute type 6 has an invalid length.
[ 2892.961940][T18247] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.18077'.
[ 2893.310997][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2894.518059][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2894.668993][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 2894.669063][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 2894.787550][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2894.836505][T18294] netlink: 36 bytes leftover after parsing attributes in process `syz.5.18095'.
[ 2894.953197][T18301] FAULT_INJECTION: forcing a failure.
[ 2894.953197][T18301] name failslab, interval 1, probability 0, space 0, times 0
[ 2894.953230][T18301] CPU: 1 UID: 0 PID: 18301 Comm: syz.4.18097 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2894.953253][T18301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2894.953265][T18301] Call Trace:
[ 2894.953273][T18301]  <TASK>
[ 2894.953282][T18301]  dump_stack_lvl+0x189/0x250
[ 2894.953313][T18301]  ? __pfx____ratelimit+0x10/0x10
[ 2894.953342][T18301]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2894.953368][T18301]  ? __pfx__printk+0x10/0x10
[ 2894.953395][T18301]  ? __pfx___might_resched+0x10/0x10
[ 2894.953423][T18301]  should_fail_ex+0x46c/0x600
[ 2894.953463][T18301]  should_failslab+0xa8/0x100
[ 2894.953485][T18301]  __kmalloc_noprof+0xcc/0x7d0
[ 2894.953511][T18301]  ? kfree+0x51/0x950
[ 2894.953531][T18301]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2894.953562][T18301]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2894.953587][T18301]  ? tomoyo_domain+0xda/0x130
[ 2894.953617][T18301]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2894.953638][T18301]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2894.953661][T18301]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2894.953686][T18301]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 2894.953714][T18301]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2894.953750][T18301]  ? __lock_acquire+0xab9/0xd20
[ 2894.953791][T18301]  ? __fget_files+0x2a/0x420
[ 2894.953813][T18301]  ? __fget_files+0x2a/0x420
[ 2894.953829][T18301]  ? __fget_files+0x3a6/0x420
[ 2894.953846][T18301]  ? __fget_files+0x2a/0x420
[ 2894.953869][T18301]  security_file_ioctl+0xcb/0x2d0
[ 2894.953893][T18301]  __se_sys_ioctl+0x47/0x170
[ 2894.953920][T18301]  do_syscall_64+0xfa/0x3b0
[ 2894.953937][T18301]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2894.953963][T18301]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2894.953983][T18301]  ? clear_bhb_loop+0x60/0xb0
[ 2894.954006][T18301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2894.954025][T18301] RIP: 0033:0x7f53b55beec9
[ 2894.954042][T18301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2894.954060][T18301] RSP: 002b:00007f53b3826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2894.954081][T18301] RAX: ffffffffffffffda RBX: 00007f53b5815fa0 RCX: 00007f53b55beec9
[ 2894.954096][T18301] RDX: 0000200000005e00 RSI: 0000000080286722 RDI: 0000000000000003
[ 2894.954109][T18301] RBP: 00007f53b3826090 R08: 0000000000000000 R09: 0000000000000000
[ 2894.954122][T18301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2894.954134][T18301] R13: 00007f53b5816038 R14: 00007f53b5815fa0 R15: 00007ffdfbd81b58
[ 2894.954167][T18301]  </TASK>
[ 2894.963410][T18301] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2896.012547][T18322] ptrace attach of "./syz-executor exec"[16871] was attempted by "./syz-executor exec"[18322]
[ 2896.488852][T18316] dvmrp1: entered allmulticast mode
[ 2896.550277][T18316] dvmrp1: left allmulticast mode
[ 2896.550433][T18316] dvmrp8: left allmulticast mode
[ 2897.131693][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2898.128949][T18347] Process accounting resumed
[ 2898.512917][T18376] ptrace attach of "./syz-executor exec"[16918] was attempted by "./syz-executor exec"[18376]
[ 2898.604196][T18380] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[ 2898.604214][T18380] overlayfs: missing 'lowerdir'
[ 2903.223531][T18480] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 2905.858086][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2906.253856][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2907.007505][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2907.344220][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2907.444683][T18535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2907.445090][T18535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2907.622437][T18539] netlink: 'syz.2.18189': attribute type 6 has an invalid length.
[ 2907.622458][T18539] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.18189'.
[ 2907.688142][T10742] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[ 2907.848324][T10742] usb 5-1: Using ep0 maxpacket: 8
[ 2907.850755][T10742] usb 5-1: config index 0 descriptor too short (expected 6427, got 27)
[ 2907.850780][T10742] usb 5-1: config 0 has an invalid interface number: 21 but max is 0
[ 2907.850799][T10742] usb 5-1: config 0 has no interface number 0
[ 2907.850845][T10742] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2907.850870][T10742] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 2907.850896][T10742] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 2907.852417][T10742] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 2907.852444][T10742] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[ 2907.852464][T10742] usb 5-1: Product: syz
[ 2907.861737][T10742] usb 5-1: config 0 descriptor??
[ 2907.862748][T18534] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2908.114136][T10742] usb 5-1: USB disconnect, device number 6
[ 2909.487016][T18562] bond1 (unregistering): Released all slaves
[ 2909.562481][T10742] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 2909.740575][T10742] usb 6-1: Using ep0 maxpacket: 16
[ 2909.743283][T10742] usb 6-1: config 0 interface 0 has no altsetting 0
[ 2909.743320][T10742] usb 6-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[ 2909.743343][T10742] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2909.748532][T10742] usb 6-1: config 0 descriptor??
[ 2910.185551][T10742] hid (null): global environment stack underflow
[ 2910.239858][T10742] megaworld 0003:07B5:0312.001E: global environment stack underflow
[ 2910.239880][T10742] megaworld 0003:07B5:0312.001E: item 0 0 1 11 parsing failed
[ 2910.245736][T10742] megaworld 0003:07B5:0312.001E: parse failed
[ 2910.245806][T10742] megaworld 0003:07B5:0312.001E: probe with driver megaworld failed with error -22
[ 2910.444201][T10742] usb 6-1: USB disconnect, device number 14
[ 2910.454633][T18589] netlink: 'syz.4.18209': attribute type 1 has an invalid length.
[ 2911.190910][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2914.855065][T17908] netdevsim netdevsim9 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2914.855100][T17908] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2917.709945][T17908] netdevsim netdevsim9 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2917.709980][T17908] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2918.556473][T17908] netdevsim netdevsim9 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2918.556508][T17908] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2918.781621][T18730] binder: 18724:18730 ioctl c0306201 200000000040 returned -22
[ 2918.988791][T18726] netlink: 'syz.2.18264': attribute type 1 has an invalid length.
[ 2919.205277][T17908] netdevsim netdevsim9 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2919.205312][T17908] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2919.401391][T18741] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18270'.
[ 2919.445835][T18754] netlink: 16 bytes leftover after parsing attributes in process `syz.6.18275'.
[ 2919.639663][   T31] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 2919.758468][T17908] bridge_slave_1: left allmulticast mode
[ 2919.758496][T17908] bridge_slave_1: left promiscuous mode
[ 2919.758747][T17908] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2919.828201][   T31] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2919.828236][   T31] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2919.828275][   T31] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2919.828298][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2919.840775][T18747] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2919.849607][   T31] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2919.909570][T17908] bridge_slave_0: left allmulticast mode
[ 2919.909596][T17908] bridge_slave_0: left promiscuous mode
[ 2919.909858][T17908] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2920.667609][T17908] bond_slave_0: left promiscuous mode
[ 2920.712572][T18780] netlink: 380 bytes leftover after parsing attributes in process `syz.1.18286'.
[ 2920.958059][T18787] netlink: 16 bytes leftover after parsing attributes in process `syz.6.18289'.
[ 2920.958087][T18787] netlink: 40 bytes leftover after parsing attributes in process `syz.6.18289'.
[ 2920.985408][T18789] netlink: 'syz.6.18289': attribute type 4 has an invalid length.
[ 2920.985427][T18789] netlink: 'syz.6.18289': attribute type 2 has an invalid length.
[ 2921.458655][T17908] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface
[ 2922.127563][T18800] netlink: 'syz.4.18293': attribute type 6 has an invalid length.
[ 2922.127585][T18800] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.18293'.
[ 2924.494275][T17908] team0: Port device bridge0 removed
[ 2924.941249][T17908] team0: Port device bridge1 removed
[ 2925.253351][T17908] bond1 (unregistering): (slave bridge3): Releasing active interface
[ 2926.911260][T17908] bond3 (unregistering): (slave macvlan2): Removing an active aggregator
[ 2926.912533][T17908] bond3 (unregistering): (slave macvlan2): Releasing backup interface
[ 2927.103739][T17908] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2927.189122][T17908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2927.233460][T17908] bond0 (unregistering): Released all slaves
[ 2927.261196][T17908] bond1 (unregistering): Released all slaves
[ 2928.425186][T17908] bond2 (unregistering): Released all slaves
[ 2929.605001][T17908] bond3 (unregistering): Released all slaves
[ 2929.704458][T18926] pimreg: entered allmulticast mode
[ 2929.842941][T17908] : left promiscuous mode
[ 2929.992365][T10742] usb 6-1: USB disconnect, device number 15
[ 2930.100034][T18933] FAULT_INJECTION: forcing a failure.
[ 2930.100034][T18933] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2930.100066][T18933] CPU: 1 UID: 0 PID: 18933 Comm: syz.5.18356 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2930.100089][T18933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 2930.100100][T18933] Call Trace:
[ 2930.100108][T18933]  <TASK>
[ 2930.100116][T18933]  dump_stack_lvl+0x189/0x250
[ 2930.100148][T18933]  ? __pfx____ratelimit+0x10/0x10
[ 2930.100175][T18933]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2930.100200][T18933]  ? __pfx__printk+0x10/0x10
[ 2930.100238][T18933]  should_fail_ex+0x46c/0x600
[ 2930.100270][T18933]  _copy_to_user+0x31/0xb0
[ 2930.100294][T18933]  simple_read_from_buffer+0xe1/0x170
[ 2930.100327][T18933]  proc_fail_nth_read+0x1b6/0x220
[ 2930.100353][T18933]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2930.100380][T18933]  ? rw_verify_area+0x2ac/0x4e0
[ 2930.100406][T18933]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2930.100430][T18933]  vfs_read+0x203/0xa30
[ 2930.100465][T18933]  ? __pfx_vfs_read+0x10/0x10
[ 2930.100486][T18933]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 2930.100520][T18933]  ? mutex_lock_nested+0x154/0x1d0
[ 2930.100542][T18933]  ? fdget_pos+0x253/0x320
[ 2930.100570][T18933]  ksys_read+0x14b/0x260
[ 2930.100598][T18933]  ? __pfx_ksys_read+0x10/0x10
[ 2930.100620][T18933]  ? rcu_is_watching+0x15/0xb0
[ 2930.100649][T18933]  ? do_syscall_64+0xbe/0x3b0
[ 2930.100672][T18933]  do_syscall_64+0xfa/0x3b0
[ 2930.100689][T18933]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2930.100716][T18933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2930.100735][T18933]  ? clear_bhb_loop+0x60/0xb0
[ 2930.100758][T18933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2930.100776][T18933] RIP: 0033:0x7f494b8ad8dc
[ 2930.100791][T18933] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2930.100807][T18933] RSP: 002b:00007f4949b16030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2930.100826][T18933] RAX: ffffffffffffffda RBX: 00007f494bb05fa0 RCX: 00007f494b8ad8dc
[ 2930.100839][T18933] RDX: 000000000000000f RSI: 00007f4949b160a0 RDI: 0000000000000006
[ 2930.100858][T18933] RBP: 00007f4949b16090 R08: 0000000000000000 R09: 0000000000000000
[ 2930.100869][T18933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2930.100881][T18933] R13: 00007f494bb06038 R14: 00007f494bb05fa0 R15: 00007fff0144f8a8
[ 2930.100913][T18933]  </TASK>
[ 2931.253966][T18978] netlink: 2 bytes leftover after parsing attributes in process `syz.2.18369'.
[ 2931.574966][T18985] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.18372'.
[ 2931.574990][T18985] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18372'.
[ 2932.598373][T19005] Invalid ELF header magic: != ELF
[ 2935.590310][   T31] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 2935.872796][   T31] usb 6-1: Using ep0 maxpacket: 8
[ 2935.885843][   T31] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2935.885871][   T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2935.891292][   T31] usb 6-1: config 0 descriptor??
[ 2936.331157][T19070] lo speed is unknown, defaulting to 1000
[ 2936.333876][T19070] lo speed is unknown, defaulting to 1000
[ 2936.561153][   T31] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2936.561443][   T31] asix 6-1:0.0: probe with driver asix failed with error -71
[ 2936.597136][   T31] usb 6-1: USB disconnect, device number 16
[ 2936.951370][T17908] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2936.951400][T17908] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2937.003030][T17908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2937.003055][T17908] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2937.164954][T17908] hsr0: left allmulticast mode
[ 2937.165305][T17908] veth0_macvtap: left promiscuous mode
[ 2937.165495][T17908] veth1_vlan: left promiscuous mode
[ 2937.165670][T17908] veth0_vlan: left promiscuous mode
[ 2942.700228][T17908] team0 (unregistering): Port device team_slave_1 removed
[ 2945.575498][T10742] lo speed is unknown, defaulting to 1000
[ 2945.575530][T10742] infiniband syz2: ib_query_port failed (-19)
[ 2950.230808][T17908] IPVS: stop unused estimator thread 0...
[ 2951.507648][T16873] Bluetooth: hci4: command 0x0406 tx timeout
[ 2953.379276][ T5876] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[ 2953.822653][ T5876] usb 5-1: config 0 has an invalid interface number: 215 but max is 0
[ 2953.822682][ T5876] usb 5-1: config 0 has an invalid interface number: 117 but max is 0
[ 2953.822703][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2953.822722][ T5876] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[ 2953.822742][ T5876] usb 5-1: config 0 has no interface number 0
[ 2953.822758][ T5876] usb 5-1: config 0 has no interface number 1
[ 2953.822823][ T5876] usb 5-1: config 0 interface 215 altsetting 0 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[ 2953.822849][ T5876] usb 5-1: config 0 interface 215 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 10
[ 2953.822875][ T5876] usb 5-1: too many endpoints for config 0 interface 117 altsetting 88: 155, using maximum allowed: 30
[ 2953.822916][ T5876] usb 5-1: config 0 interface 117 altsetting 88 has 0 endpoint descriptors, different from the interface descriptor's value: 155
[ 2953.822943][ T5876] usb 5-1: config 0 interface 117 has no altsetting 0
[ 2953.822977][ T5876] usb 5-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=1a.b9
[ 2953.823001][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2953.828118][ T5876] usb 5-1: config 0 descriptor??
[ 2954.059651][T19363] syz.2.18516 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 2954.096068][ T5876] ushc 5-1:0.215: probe with driver ushc failed with error -110
[ 2954.153004][ T5876] usb 5-1: string descriptor 0 read error: -32
[ 2954.197594][ T5876] usb 5-1: USB disconnect, device number 7
[ 2954.721323][T19381] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18524'.
[ 2955.079332][ T5876] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 2955.246910][ T5876] usb 6-1: Using ep0 maxpacket: 32
[ 2955.259060][ T5876] usb 6-1: config 0 interface 0 has no altsetting 0
[ 2955.262561][ T5876] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 2955.262587][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2955.262606][ T5876] usb 6-1: Product: syz
[ 2955.262619][ T5876] usb 6-1: Manufacturer: syz
[ 2955.262633][ T5876] usb 6-1: SerialNumber: syz
[ 2955.312681][ T5876] usb 6-1: config 0 descriptor??
[ 2955.322216][ T5876] gs_usb 6-1:0.0: Required endpoints not found
[ 2956.745916][T19418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2956.746343][T19418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2956.774172][T19418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2956.774578][T19418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2958.495219][T12280] usb 6-1: USB disconnect, device number 17
[ 2960.416335][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 2960.416425][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 2961.654735][T19507] gretap4: entered allmulticast mode
[ 2962.964797][T19518] netlink: 40 bytes leftover after parsing attributes in process `syz.2.18577'.
[ 2966.025858][T19565] ptrace attach of "./syz-executor exec"[15175] was attempted by "./syz-executor exec"[19565]
[ 2966.852041][T19602] netlink: 16 bytes leftover after parsing attributes in process `syz.1.18608'.
[ 2966.861639][T19602] dummy0: entered promiscuous mode
[ 2966.955717][T19602] dummy0: left promiscuous mode
[ 2968.334991][T11879] Bluetooth: hci1: command 0x0406 tx timeout
[ 2970.837404][T19667] netlink: 12 bytes leftover after parsing attributes in process `syz.1.18631'.
[ 2970.837427][T19667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18631'.
[ 2970.847418][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2970.872411][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2972.087486][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2972.454592][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2972.642121][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2973.076025][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2974.519198][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2974.880881][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2976.702832][T17903] kworker/u8:1 (17903) used greatest stack depth: 12696 bytes left
[ 2979.536826][T19781] input: syz1 as /devices/virtual/input/input39
[ 2980.057718][T19793] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[ 2982.457559][T19816] netlink: 'syz.2.18683': attribute type 1 has an invalid length.
[ 2984.095673][   T37] kauditd_printk_skb: 49 callbacks suppressed
[ 2984.095690][   T37] audit: type=1326 audit(3166.725:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19831 comm="syz.2.18689" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f43f89deec9 code=0x0
[ 2984.735271][T19860] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 2984.735707][T19860] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2985.025713][T19872] ptrace attach of "./syz-executor exec"[13398] was attempted by "./syz-executor exec"[19872]
[ 2987.061783][T19914] netlink: 56 bytes leftover after parsing attributes in process `syz.4.18724'.
[ 2988.795609][   T37] audit: type=1326 audit(3171.112:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19910 comm="syz.5.18722" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f494b8aeec9 code=0x0
[ 2999.241382][T20019] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 2999.787954][ T8946] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 3000.005849][ T8946] usb 5-1: Using ep0 maxpacket: 32
[ 3001.260695][ T8946] usb 5-1: config 0 interface 0 has no altsetting 0
[ 3001.396620][T20052] 9pnet_fd: Insufficient options for proto=fd
[ 3001.517787][ T8946] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 3001.517814][ T8946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3001.517832][ T8946] usb 5-1: Product: syz
[ 3001.517845][ T8946] usb 5-1: Manufacturer: syz
[ 3001.517859][ T8946] usb 5-1: SerialNumber: syz
[ 3001.539127][ T8946] usb 5-1: config 0 descriptor??
[ 3001.545912][ T8946] gs_usb 5-1:0.0: Required endpoints not found
[ 3003.461772][T17268] usb 5-1: USB disconnect, device number 8
[ 3004.093743][T20097] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18785'.
[ 3005.642251][   T37] audit: type=1326 audit(3186.864:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642303][   T37] audit: type=1326 audit(3186.864:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642353][   T37] audit: type=1326 audit(3186.864:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642395][   T37] audit: type=1326 audit(3186.864:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642436][   T37] audit: type=1326 audit(3186.864:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642477][   T37] audit: type=1326 audit(3186.864:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.642518][   T37] audit: type=1326 audit(3186.873:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.653262][   T37] audit: type=1326 audit(3186.882:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.653328][   T37] audit: type=1326 audit(3186.882:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3005.653384][   T37] audit: type=1326 audit(3186.882:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20107 comm="syz.4.18791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3007.178998][T20132] input: syz0 as /devices/virtual/input/input40
[ 3009.386359][T20158] overlayfs: failed to clone upperpath
[ 3009.477034][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3009.671986][T20167] netlink: 'syz.2.18815': attribute type 6 has an invalid length.
[ 3009.719069][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3009.890174][ T5876] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 3010.068511][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3010.068545][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3010.068568][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 3010.068610][ T5876] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 3010.068632][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3010.074114][ T5876] usb 5-1: config 0 descriptor??
[ 3010.522420][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522444][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522460][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522475][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522490][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522506][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522521][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522536][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522551][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.522584][ T5876] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0
[ 3010.664878][ T5876] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 3011.584515][T20213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3011.584934][T20213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3011.693022][T20220] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 3012.747380][ T5876] usb 5-1: reset high-speed USB device number 9 using dummy_hcd
[ 3013.116296][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3014.022448][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3014.185141][T20253] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 3016.866832][T17249] usb 5-1: USB disconnect, device number 9
[ 3017.038101][T20280] gretap2: entered allmulticast mode
[ 3017.196635][T20292] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 3019.086294][   T37] kauditd_printk_skb: 53 callbacks suppressed
[ 3019.086311][   T37] audit: type=1326 audit(3199.454:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20309 comm="syz.1.18871" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x0
[ 3019.091399][T20317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.18872'.
[ 3019.864955][T20344] FAULT_INJECTION: forcing a failure.
[ 3019.864955][T20344] name failslab, interval 1, probability 0, space 0, times 0
[ 3019.864987][T20344] CPU: 0 UID: 0 PID: 20344 Comm: syz.4.18882 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3019.865010][T20344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3019.865022][T20344] Call Trace:
[ 3019.865030][T20344]  <TASK>
[ 3019.865039][T20344]  dump_stack_lvl+0x189/0x250
[ 3019.865074][T20344]  ? __pfx____ratelimit+0x10/0x10
[ 3019.865102][T20344]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3019.865127][T20344]  ? __pfx__printk+0x10/0x10
[ 3019.865155][T20344]  ? __pfx___might_resched+0x10/0x10
[ 3019.865179][T20344]  ? fs_reclaim_acquire+0x7d/0x100
[ 3019.865211][T20344]  should_fail_ex+0x46c/0x600
[ 3019.865243][T20344]  should_failslab+0xa8/0x100
[ 3019.865265][T20344]  __kmalloc_noprof+0xcc/0x7d0
[ 3019.865291][T20344]  ? tomoyo_encode+0x28b/0x550
[ 3019.865321][T20344]  tomoyo_encode+0x28b/0x550
[ 3019.865350][T20344]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 3019.865376][T20344]  ? tomoyo_domain+0xda/0x130
[ 3019.865406][T20344]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 3019.865427][T20344]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 3019.865450][T20344]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 3019.865475][T20344]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 3019.865503][T20344]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3019.865537][T20344]  ? __lock_acquire+0xab9/0xd20
[ 3019.865579][T20344]  ? __fget_files+0x2a/0x420
[ 3019.865600][T20344]  ? __fget_files+0x2a/0x420
[ 3019.865617][T20344]  ? __fget_files+0x3a6/0x420
[ 3019.865634][T20344]  ? __fget_files+0x2a/0x420
[ 3019.865657][T20344]  security_file_ioctl+0xcb/0x2d0
[ 3019.865681][T20344]  __se_sys_ioctl+0x47/0x170
[ 3019.865707][T20344]  do_syscall_64+0xfa/0x3b0
[ 3019.865724][T20344]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3019.865750][T20344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3019.865770][T20344]  ? clear_bhb_loop+0x60/0xb0
[ 3019.865793][T20344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3019.865812][T20344] RIP: 0033:0x7f53b55beec9
[ 3019.865829][T20344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3019.865847][T20344] RSP: 002b:00007f53b3826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3019.865868][T20344] RAX: ffffffffffffffda RBX: 00007f53b5815fa0 RCX: 00007f53b55beec9
[ 3019.865883][T20344] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000003
[ 3019.865897][T20344] RBP: 00007f53b3826090 R08: 0000000000000000 R09: 0000000000000000
[ 3019.865909][T20344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3019.865922][T20344] R13: 00007f53b5816038 R14: 00007f53b5815fa0 R15: 00007ffdfbd81b58
[ 3019.865955][T20344]  </TASK>
[ 3019.869455][T20344] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 3020.383848][T20339] openvswitch: netlink: Tunnel attr 3 has unexpected len 8 expected 1
[ 3021.845554][T20361] ptrace attach of "./syz-executor exec"[13398] was attempted by "./syz-executor exec"[20361]
[ 3022.390967][T20370] cgroup: name respecified
[ 3022.892786][T20378] netlink: 8 bytes leftover after parsing attributes in process `syz.5.18894'.
[ 3022.994587][   T37] audit: type=1326 audit(3203.102:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20376 comm="syz.5.18894" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f494b8aeec9 code=0x0
[ 3023.106043][T20387] ptrace attach of "./syz-executor exec"[13398] was attempted by ""[20387]
[ 3023.154230][T20387] netlink: 48 bytes leftover after parsing attributes in process `syz.1.18898'.
[ 3023.154244][T20387] netlink: 32 bytes leftover after parsing attributes in process `syz.1.18898'.
[ 3023.154586][T20388] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 3026.613371][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 3026.613443][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 3027.965853][T20466] Process accounting resumed
[ 3028.075388][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3028.351621][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3028.369287][T20497] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 3028.566685][ T5876] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 3028.743062][ T5876] usb 6-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3028.743094][ T5876] usb 6-1: config 0 interface 0 has no altsetting 0
[ 3028.743146][ T5876] usb 6-1: New USB device found, idVendor=056a, idProduct=0343, bcdDevice= 0.00
[ 3028.743159][ T5876] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3028.787532][ T5876] usb 6-1: config 0 descriptor??
[ 3029.242710][ T5876] usbhid 6-1:0.0: can't add hid device: -71
[ 3029.243015][ T5876] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 3029.273267][ T5876] usb 6-1: USB disconnect, device number 18
[ 3030.371505][T20534] netlink: 56 bytes leftover after parsing attributes in process `syz.1.18958'.
[ 3030.483979][T20541] netlink: 'syz.1.18959': attribute type 6 has an invalid length.
[ 3030.893648][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3031.137005][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3031.662196][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3035.578928][T20574] netlink: 'syz.1.18971': attribute type 6 has an invalid length.
[ 3035.987303][   T37] audit: type=1326 audit(3215.263:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20577 comm="syz.4.18972" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x0
[ 3036.917108][T10742] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[ 3037.082363][T10742] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3037.082508][T10742] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[ 3037.082580][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[ 3037.082630][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[ 3037.082680][T10742] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 3037.082728][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 3037.082880][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 3037.082925][T10742] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3037.191307][T10742] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[ 3037.191385][T10742] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[ 3037.191407][T10742] usb 5-1: Product: syz
[ 3037.191446][T10742] usb 5-1: Manufacturer: syz
[ 3037.191485][T10742] usb 5-1: SerialNumber: syz
[ 3037.316126][T16873] Bluetooth: hci1: unexpected event for opcode 0x043d
[ 3037.684764][T10742] usb 5-1: config 0 descriptor??
[ 3037.694738][T20597] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3037.759867][T10742] ati_remote 5-1:0.0: ati_remote_probe: Unexpected endpoint_out
[ 3040.240755][T10742] usb 5-1: USB disconnect, device number 10
[ 3040.520789][T20610] binder: 20603:20610 ioctl c0306201 200000000040 returned -22
[ 3042.194186][   T37] audit: type=1326 audit(3221.053:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20599 comm="syz.2.18981" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f43f89deec9 code=0x0
[ 3044.370580][T16873] Bluetooth: hci3: unexpected event for opcode 0x043d
[ 3045.803267][T20707] netlink: 32 bytes leftover after parsing attributes in process `syz.4.19016'.
[ 3052.801783][T20730] binder: 20725:20730 ioctl c0306201 200000000040 returned -22
[ 3052.973346][T17249] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 3054.220152][T17249] usb 5-1: config 1 has an invalid interface number: 102 but max is 1
[ 3054.220178][T17249] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3054.220196][T17249] usb 5-1: config 1 has no interface number 0
[ 3054.220256][T17249] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3054.220283][T17249] usb 5-1: too many endpoints for config 1 interface 102 altsetting 111: 117, using maximum allowed: 30
[ 3054.220322][T17249] usb 5-1: config 1 interface 102 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 117
[ 3054.220347][T17249] usb 5-1: config 1 interface 102 has no altsetting 0
[ 3054.225962][T17249] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 3054.225990][T17249] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3054.226009][T17249] usb 5-1: Product: syz
[ 3054.226023][T17249] usb 5-1: Manufacturer: syz
[ 3054.226037][T17249] usb 5-1: SerialNumber: syz
[ 3054.239175][T17249] usb 5-1: selecting invalid altsetting 1
[ 3055.170764][T20721] netlink: 4 bytes leftover after parsing attributes in process `syz.4.19023'.
[ 3055.170787][T20721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19023'.
[ 3055.598276][T20721] netlink: 16 bytes leftover after parsing attributes in process `syz.4.19023'.
[ 3055.598300][T20721] netlink: 16 bytes leftover after parsing attributes in process `syz.4.19023'.
[ 3055.786689][T20762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3055.788452][T20762] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3057.092875][T17249] cdc_ncm 5-1:1.1: failed GET_NTB_PARAMETERS
[ 3057.092927][T17249] cdc_ncm 5-1:1.1: bind() failure
[ 3057.148500][T17249] usb 5-1: USB disconnect, device number 11
[ 3057.379479][T20796] FAULT_INJECTION: forcing a failure.
[ 3057.379479][T20796] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 3057.379643][T20796] CPU: 0 UID: 0 PID: 20796 Comm: syz.5.19052 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3057.379666][T20796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3057.379678][T20796] Call Trace:
[ 3057.379686][T20796]  <TASK>
[ 3057.379695][T20796]  dump_stack_lvl+0x189/0x250
[ 3057.379726][T20796]  ? __pfx____ratelimit+0x10/0x10
[ 3057.379753][T20796]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3057.379780][T20796]  ? __pfx__printk+0x10/0x10
[ 3057.379804][T20796]  ? fs_reclaim_acquire+0x7d/0x100
[ 3057.379832][T20796]  should_fail_ex+0x46c/0x600
[ 3057.379864][T20796]  prepare_alloc_pages+0x213/0x670
[ 3057.379893][T20796]  __alloc_frozen_pages_noprof+0x123/0x370
[ 3057.379921][T20796]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 3057.379952][T20796]  ? policy_nodemask+0x27c/0x720
[ 3057.379977][T20796]  alloc_pages_mpol+0xd1/0x380
[ 3057.380002][T20796]  vma_alloc_folio_noprof+0xe4/0x280
[ 3057.380026][T20796]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 3057.380059][T20796]  folio_prealloc+0x30/0x180
[ 3057.380082][T20796]  handle_mm_fault+0x12ee/0x3400
[ 3057.380109][T20796]  ? reacquire_held_locks+0x127/0x1d0
[ 3057.380140][T20796]  ? handle_mm_fault+0xdb/0x3400
[ 3057.380175][T20796]  ? __pfx_handle_mm_fault+0x10/0x10
[ 3057.380200][T20796]  ? lock_vma_under_rcu+0x3d2/0x450
[ 3057.380245][T20796]  ? do_user_addr_fault+0x1a8/0x1380
[ 3057.380275][T20796]  do_user_addr_fault+0xa7c/0x1380
[ 3057.380310][T20796]  ? rcu_is_watching+0x15/0xb0
[ 3057.380333][T20796]  ? trace_page_fault_user+0x84/0x1e0
[ 3057.380362][T20796]  exc_page_fault+0x76/0xf0
[ 3057.380391][T20796]  asm_exc_page_fault+0x26/0x30
[ 3057.380410][T20796] RIP: 0033:0x7f494b77a75b
[ 3057.380428][T20796] Code: 00 00 00 48 8d 3d dd 39 19 00 48 89 c1 31 c0 e8 fb 3a ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 11 3a 19 00 48 89 34 24 48 8b 14 24 48 8b
[ 3057.380445][T20796] RSP: 002b:00007f4949b14fb0 EFLAGS: 00010202
[ 3057.380463][T20796] RAX: 0000000000000000 RBX: 00007f494bb05fa0 RCX: 0000000000000000
[ 3057.380476][T20796] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00002000000000c0
[ 3057.380488][T20796] RBP: 00007f4949b16090 R08: 0000000000000000 R09: 0000000000000000
[ 3057.380508][T20796] R10: 00002000000000c0 R11: 0000000000000000 R12: 0000000000000001
[ 3057.380524][T20796] R13: 00007f494bb06038 R14: 00007f494bb05fa0 R15: 00007fff0144f8a8
[ 3057.380557][T20796]  </TASK>
[ 3057.645633][T20796] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 3058.639379][T20809] binder: 20802:20809 ioctl c0306201 200000000040 returned -22
[ 3061.055583][   T37] audit: type=1326 audit(3238.629:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20805 comm="syz.1.19056" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3d4db7eec9 code=0x0
[ 3061.562821][T10742] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 3061.759713][T10742] usb 6-1: Using ep0 maxpacket: 32
[ 3061.871294][T20850] bond1: option lacp_active: invalid value (7)
[ 3061.895064][T10742] usb 6-1: config 0 has an invalid interface number: 106 but max is 0
[ 3061.895089][T10742] usb 6-1: config 0 has no interface number 0
[ 3061.895123][T10742] usb 6-1: config 0 interface 106 has no altsetting 0
[ 3062.239502][T10742] usb 6-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[ 3062.239532][T10742] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3062.239552][T10742] usb 6-1: Product: syz
[ 3062.239566][T10742] usb 6-1: Manufacturer: syz
[ 3062.239581][T10742] usb 6-1: SerialNumber: syz
[ 3062.300497][T10742] usb 6-1: config 0 descriptor??
[ 3062.308294][T20850] bond1 (unregistering): Released all slaves
[ 3062.526377][T20850] Process accounting resumed
[ 3062.729281][T10742] cdc_phonet 6-1:0.106: probe with driver cdc_phonet failed with error -22
[ 3062.750624][T10742] usb 6-1: USB disconnect, device number 19
[ 3062.835421][T20869] netlink: 68 bytes leftover after parsing attributes in process `syz.4.19076'.
[ 3063.962989][T16873] Bluetooth: hci1: unexpected event for opcode 0x043d
[ 3065.036754][T10742] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[ 3065.306229][T10742] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3065.306293][T10742] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[ 3065.306318][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[ 3065.306342][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[ 3065.306369][T10742] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 3065.306392][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 3065.306415][T10742] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 3065.306436][T10742] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3065.308986][T10742] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[ 3065.309013][T10742] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[ 3065.309032][T10742] usb 5-1: Product: syz
[ 3065.309046][T10742] usb 5-1: Manufacturer: syz
[ 3065.309061][T10742] usb 5-1: SerialNumber: syz
[ 3065.466541][T10742] usb 5-1: config 0 descriptor??
[ 3065.467256][T20884] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3065.493554][T10742] ati_remote 5-1:0.0: ati_remote_probe: Unexpected endpoint_out
[ 3067.107589][T17249] usb 5-1: USB disconnect, device number 12
[ 3067.158673][T20919] netlink: 24 bytes leftover after parsing attributes in process `syz.1.19095'.
[ 3067.291554][   T37] audit: type=1326 audit(3244.541:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.292270][   T37] audit: type=1326 audit(3244.541:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.292553][   T37] audit: type=1326 audit(3244.541:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.293025][   T37] audit: type=1326 audit(3244.541:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.293300][   T37] audit: type=1326 audit(3244.541:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.565986][   T37] audit: type=1326 audit(3244.784:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.566037][   T37] audit: type=1326 audit(3244.802:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20918 comm="syz.1.19095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3067.807565][T20944] overlayfs: statfs failed on './file0'
[ 3068.057919][T10742] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 3068.196842][T10742] usb 5-1: device descriptor read/64, error -71
[ 3068.411516][   T37] audit: type=1326 audit(3245.598:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20951 comm="syz.5.19108" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f494b8aeec9 code=0x0
[ 3068.464422][T10742] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 3068.603163][T10742] usb 5-1: device descriptor read/64, error -71
[ 3068.725738][T10742] usb usb5-port1: attempt power cycle
[ 3069.091212][T10742] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 3069.107445][T10742] usb 5-1: device descriptor read/8, error -71
[ 3069.363466][T10742] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 3069.385671][T10742] usb 5-1: device descriptor read/8, error -71
[ 3069.501566][T10742] usb usb5-port1: unable to enumerate USB device
[ 3069.571751][T20982] netlink: 1900 bytes leftover after parsing attributes in process `syz.1.19117'.
[ 3073.317732][T17268] usb 5-1: new low-speed USB device number 17 using dummy_hcd
[ 3073.481333][T17268] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[ 3073.481367][T17268] usb 5-1: config 0 interface 0 has no altsetting 0
[ 3073.481401][T17268] usb 5-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00
[ 3073.481425][T17268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3073.656971][T17268] usb 5-1: config 0 descriptor??
[ 3073.658095][T21019] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3074.305049][T17268] usbhid 5-1:0.0: can't add hid device: -71
[ 3074.305174][T17268] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 3074.328681][T17268] usb 5-1: USB disconnect, device number 17
[ 3074.964220][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3075.851402][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3076.513515][T21081] veth1_virt_wifi: entered promiscuous mode
[ 3076.513797][T21081] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[ 3076.824220][T17268] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 3076.956721][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3076.984848][T17268] usb 5-1: Using ep0 maxpacket: 8
[ 3076.989046][T17268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 3076.989079][T17268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 3076.989100][T17268] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 3076.989123][T17268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[ 3076.989148][T17268] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 3076.989251][T17268] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 3076.989274][T17268] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3077.092380][T17268] usb 5-1: config 0 descriptor??
[ 3077.093763][T21080] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3077.205137][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3077.231934][T10742] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 3077.403837][T10742] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 3077.403869][T10742] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 3077.403897][T10742] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 3077.408390][T10742] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 3077.408416][T10742] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3077.408435][T10742] usb 6-1: Product: syz
[ 3077.408449][T10742] usb 6-1: Manufacturer: syz
[ 3077.408462][T10742] usb 6-1: SerialNumber: syz
[ 3077.480454][T10742] usb 6-1: config 0 descriptor??
[ 3077.481484][T21092] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 3077.481675][T21092] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 3077.483926][T10742] usb 6-1: ucan: probing device on interface #0
[ 3077.602662][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3077.616903][T20929] usb 5-1: USB disconnect, device number 18
[ 3077.623845][T16873] Bluetooth: hci2: Opcode 0x0c03 failed: -71
[ 3077.715144][T10742] usb 6-1: ucan: device protocol version 0 is not supported
[ 3077.715169][T10742] usb 6-1: ucan: probe failed; try to update the device firmware
[ 3077.934169][T21092] netlink: 256 bytes leftover after parsing attributes in process `syz.5.19159'.
[ 3078.136495][T21114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3078.141074][T21114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3080.230979][T17268] usb 6-1: USB disconnect, device number 20
[ 3081.336881][T21119] lo speed is unknown, defaulting to 1000
[ 3081.619075][T21134] /dev/nullb0: Can't lookup blockdev
[ 3082.223313][  T989] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[ 3082.384426][  T989] usb 5-1: Using ep0 maxpacket: 16
[ 3082.402171][  T989] usb 5-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=f8.a6
[ 3082.402199][  T989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3082.402220][  T989] usb 5-1: Product: syz
[ 3082.402234][  T989] usb 5-1: Manufacturer: syz
[ 3082.402249][  T989] usb 5-1: SerialNumber: syz
[ 3082.451264][  T989] usb 5-1: config 0 descriptor??
[ 3082.615709][T21154] netlink: 40 bytes leftover after parsing attributes in process `syz.6.19181'.
[ 3082.616057][T21154] netlink: 96 bytes leftover after parsing attributes in process `syz.6.19181'.
[ 3082.616357][T21155] netlink: 96 bytes leftover after parsing attributes in process `syz.6.19181'.
[ 3082.680938][T20929] usb 5-1: USB disconnect, device number 19
[ 3084.329681][T21187] netlink: 12 bytes leftover after parsing attributes in process `syz.5.19196'.
[ 3086.017658][T21239] FAULT_INJECTION: forcing a failure.
[ 3086.017658][T21239] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3086.017704][T21239] CPU: 1 UID: 0 PID: 21239 Comm: syz.5.19212 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3086.017726][T21239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3086.017737][T21239] Call Trace:
[ 3086.017744][T21239]  <TASK>
[ 3086.017753][T21239]  dump_stack_lvl+0x189/0x250
[ 3086.017784][T21239]  ? __pfx____ratelimit+0x10/0x10
[ 3086.017811][T21239]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3086.017835][T21239]  ? __pfx__printk+0x10/0x10
[ 3086.017854][T21239]  ? __might_fault+0xb0/0x130
[ 3086.017882][T21239]  should_fail_ex+0x46c/0x600
[ 3086.017910][T21239]  _copy_from_user+0x2d/0xb0
[ 3086.017930][T21239]  ___sys_recvmsg+0x12e/0x510
[ 3086.017956][T21239]  ? __pfx____sys_recvmsg+0x10/0x10
[ 3086.017999][T21239]  ? __fget_files+0x3a6/0x420
[ 3086.018028][T21239]  do_recvmmsg+0x30d/0x770
[ 3086.018059][T21239]  ? __pfx_do_recvmmsg+0x10/0x10
[ 3086.018076][T21239]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 3086.018101][T21239]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 3086.018137][T21239]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 3086.018174][T21239]  __x64_sys_recvmmsg+0x190/0x240
[ 3086.018195][T21239]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 3086.018220][T21239]  ? do_syscall_64+0xbe/0x3b0
[ 3086.018242][T21239]  do_syscall_64+0xfa/0x3b0
[ 3086.018261][T21239]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3086.018277][T21239]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 3086.018291][T21239]  ? clear_bhb_loop+0x60/0xb0
[ 3086.018308][T21239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3086.018324][T21239] RIP: 0033:0x7f494b8aeec9
[ 3086.018339][T21239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3086.018360][T21239] RSP: 002b:00007f4949b16038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 3086.018380][T21239] RAX: ffffffffffffffda RBX: 00007f494bb05fa0 RCX: 00007f494b8aeec9
[ 3086.018394][T21239] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003
[ 3086.018406][T21239] RBP: 00007f4949b16090 R08: 0000000000000000 R09: 0000000000000000
[ 3086.018419][T21239] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 3086.018430][T21239] R13: 00007f494bb06038 R14: 00007f494bb05fa0 R15: 00007fff0144f8a8
[ 3086.018460][T21239]  </TASK>
[ 3086.071606][  T989] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 3086.232205][  T989] usb 5-1: Using ep0 maxpacket: 16
[ 3086.234676][  T989] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 3086.234777][  T989] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 3086.234817][  T989] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 3086.316856][  T989] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 3086.317356][  T989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3086.317378][  T989] usb 5-1: Product: syz
[ 3086.317393][  T989] usb 5-1: Manufacturer: syz
[ 3086.317408][  T989] usb 5-1: SerialNumber: syz
[ 3087.622751][  T989] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[ 3087.847458][  T989] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82
[ 3088.057908][  T989] usb 5-1: USB disconnect, device number 20
[ 3090.534485][   T37] audit: type=1326 audit(3266.289:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3090.916574][   T37] audit: type=1326 audit(3266.635:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.120873][   T37] audit: type=1326 audit(3266.831:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.125728][   T37] audit: type=1326 audit(3266.831:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.126673][   T37] audit: type=1326 audit(3266.831:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.172062][  T989] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 3091.406836][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3091.460155][   T37] audit: type=1326 audit(3266.831:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.460207][   T37] audit: type=1326 audit(3267.159:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.460249][   T37] audit: type=1326 audit(3267.159:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.538755][   T37] audit: type=1326 audit(3267.224:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.569755][   T37] audit: type=1326 audit(3267.224:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21299 comm="syz.1.19232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d4db7eec9 code=0x7ffc0000
[ 3091.574687][  T989] usb 6-1: config 1 has an invalid interface number: 102 but max is 1
[ 3091.574708][  T989] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3091.574725][  T989] usb 6-1: config 1 has no interface number 0
[ 3091.574782][  T989] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3091.574807][  T989] usb 6-1: too many endpoints for config 1 interface 102 altsetting 111: 117, using maximum allowed: 30
[ 3091.574842][  T989] usb 6-1: config 1 interface 102 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 117
[ 3091.574869][  T989] usb 6-1: config 1 interface 102 has no altsetting 0
[ 3091.595841][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 3091.595908][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 3091.611466][  T989] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 3091.611491][  T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3091.611510][  T989] usb 6-1: Product: syz
[ 3091.611523][  T989] usb 6-1: Manufacturer: syz
[ 3091.611537][  T989] usb 6-1: SerialNumber: syz
[ 3091.623105][  T989] usb 6-1: selecting invalid altsetting 1
[ 3091.875931][T21290] netlink: 4 bytes leftover after parsing attributes in process `syz.5.19234'.
[ 3091.878527][T21290] netlink: 8 bytes leftover after parsing attributes in process `syz.5.19234'.
[ 3092.262093][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3092.340312][  T989] cdc_ncm 6-1:1.1: failed GET_NTB_PARAMETERS
[ 3092.340356][  T989] cdc_ncm 6-1:1.1: bind() failure
[ 3092.373511][  T989] usb 6-1: USB disconnect, device number 21
[ 3093.307996][T21339] FAULT_INJECTION: forcing a failure.
[ 3093.307996][T21339] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 3093.308030][T21339] CPU: 1 UID: 0 PID: 21339 Comm: syz.4.19253 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3093.308052][T21339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3093.308064][T21339] Call Trace:
[ 3093.308073][T21339]  <TASK>
[ 3093.308082][T21339]  dump_stack_lvl+0x189/0x250
[ 3093.308114][T21339]  ? __pfx____ratelimit+0x10/0x10
[ 3093.308142][T21339]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3093.308169][T21339]  ? __pfx__printk+0x10/0x10
[ 3093.308192][T21339]  ? fs_reclaim_acquire+0x7d/0x100
[ 3093.308221][T21339]  should_fail_ex+0x46c/0x600
[ 3093.308253][T21339]  prepare_alloc_pages+0x213/0x670
[ 3093.308282][T21339]  __alloc_frozen_pages_noprof+0x123/0x370
[ 3093.308311][T21339]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 3093.308352][T21339]  alloc_pages_mpol+0xd1/0x380
[ 3093.308377][T21339]  alloc_pages_noprof+0xcf/0x1e0
[ 3093.308400][T21339]  get_free_pages_noprof+0xf/0x80
[ 3093.308420][T21339]  kasan_populate_vmalloc+0x38/0x270
[ 3093.308448][T21339]  ? rt_spin_unlock+0x161/0x200
[ 3093.308474][T21339]  alloc_vmap_area+0xd7a/0x14c0
[ 3093.308517][T21339]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 3093.308543][T21339]  ? __kasan_kmalloc+0x93/0xb0
[ 3093.308570][T21339]  ? __kmalloc_cache_node_noprof+0x2a9/0x700
[ 3093.308597][T21339]  ? __get_vm_area_node+0x172/0x350
[ 3093.308621][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.308643][T21339]  __get_vm_area_node+0x227/0x350
[ 3093.308676][T21339]  __vmalloc_node_range_noprof+0x30c/0x12d0
[ 3093.308703][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.308727][T21339]  ? is_bpf_text_address+0x26/0x2b0
[ 3093.308758][T21339]  ? __lock_acquire+0xab9/0xd20
[ 3093.308784][T21339]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 3093.308818][T21339]  ? __might_fault+0xb0/0x130
[ 3093.308844][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.308862][T21339]  __vmalloc_noprof+0xb1/0xf0
[ 3093.308888][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.308910][T21339]  bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.308935][T21339]  bpf_prog_alloc+0x3c/0x1a0
[ 3093.308958][T21339]  bpf_prog_load+0x735/0x19e0
[ 3093.308990][T21339]  ? __pfx_bpf_prog_load+0x10/0x10
[ 3093.309034][T21339]  ? bpf_lsm_bpf+0x9/0x20
[ 3093.309055][T21339]  ? security_bpf+0x7e/0x300
[ 3093.309080][T21339]  __sys_bpf+0x507/0x860
[ 3093.309101][T21339]  ? __pfx___sys_bpf+0x10/0x10
[ 3093.309117][T21339]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 3093.309156][T21339]  ? ksys_write+0x230/0x260
[ 3093.309184][T21339]  ? __pfx_ksys_write+0x10/0x10
[ 3093.309207][T21339]  ? rcu_is_watching+0x15/0xb0
[ 3093.309237][T21339]  __x64_sys_bpf+0x7c/0x90
[ 3093.309264][T21339]  do_syscall_64+0xfa/0x3b0
[ 3093.309281][T21339]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3093.309307][T21339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.309328][T21339]  ? clear_bhb_loop+0x60/0xb0
[ 3093.309351][T21339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.309370][T21339] RIP: 0033:0x7f53b55beec9
[ 3093.309388][T21339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3093.309406][T21339] RSP: 002b:00007f53b3826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3093.309427][T21339] RAX: ffffffffffffffda RBX: 00007f53b5815fa0 RCX: 00007f53b55beec9
[ 3093.309442][T21339] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[ 3093.309455][T21339] RBP: 00007f53b3826090 R08: 0000000000000000 R09: 0000000000000000
[ 3093.309468][T21339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3093.309479][T21339] R13: 00007f53b5816038 R14: 00007f53b5815fa0 R15: 00007ffdfbd81b58
[ 3093.309511][T21339]  </TASK>
[ 3093.397251][T21339] syz.4.19253: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 3093.397419][T21339] CPU: 0 UID: 0 PID: 21339 Comm: syz.4.19253 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3093.397442][T21339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3093.397454][T21339] Call Trace:
[ 3093.397462][T21339]  <TASK>
[ 3093.397471][T21339]  dump_stack_lvl+0x189/0x250
[ 3093.397505][T21339]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3093.397530][T21339]  ? __pfx__printk+0x10/0x10
[ 3093.397553][T21339]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 3093.397579][T21339]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 3093.397605][T21339]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 3093.397633][T21339]  warn_alloc+0x22e/0x3b0
[ 3093.397654][T21339]  ? kasan_quarantine_put+0xdd/0x220
[ 3093.397679][T21339]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3093.397708][T21339]  ? __pfx_warn_alloc+0x10/0x10
[ 3093.397728][T21339]  ? __get_vm_area_node+0x240/0x350
[ 3093.397752][T21339]  ? __get_vm_area_node+0x172/0x350
[ 3093.397778][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.397800][T21339]  ? __get_vm_area_node+0x240/0x350
[ 3093.397831][T21339]  __vmalloc_node_range_noprof+0x331/0x12d0
[ 3093.397864][T21339]  ? is_bpf_text_address+0x26/0x2b0
[ 3093.397896][T21339]  ? __lock_acquire+0xab9/0xd20
[ 3093.397921][T21339]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 3093.397950][T21339]  ? __might_fault+0xb0/0x130
[ 3093.397976][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.397994][T21339]  __vmalloc_noprof+0xb1/0xf0
[ 3093.398020][T21339]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.398042][T21339]  bpf_prog_alloc_no_stats+0x4a/0x530
[ 3093.398073][T21339]  bpf_prog_alloc+0x3c/0x1a0
[ 3093.398094][T21339]  bpf_prog_load+0x735/0x19e0
[ 3093.398125][T21339]  ? __pfx_bpf_prog_load+0x10/0x10
[ 3093.398167][T21339]  ? bpf_lsm_bpf+0x9/0x20
[ 3093.398187][T21339]  ? security_bpf+0x7e/0x300
[ 3093.398211][T21339]  __sys_bpf+0x507/0x860
[ 3093.398232][T21339]  ? __pfx___sys_bpf+0x10/0x10
[ 3093.398247][T21339]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 3093.398287][T21339]  ? ksys_write+0x230/0x260
[ 3093.398314][T21339]  ? __pfx_ksys_write+0x10/0x10
[ 3093.398336][T21339]  ? rcu_is_watching+0x15/0xb0
[ 3093.398366][T21339]  __x64_sys_bpf+0x7c/0x90
[ 3093.398392][T21339]  do_syscall_64+0xfa/0x3b0
[ 3093.398409][T21339]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3093.398435][T21339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.398454][T21339]  ? clear_bhb_loop+0x60/0xb0
[ 3093.398477][T21339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3093.398495][T21339] RIP: 0033:0x7f53b55beec9
[ 3093.398511][T21339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3093.398528][T21339] RSP: 002b:00007f53b3826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3093.398547][T21339] RAX: ffffffffffffffda RBX: 00007f53b5815fa0 RCX: 00007f53b55beec9
[ 3093.398562][T21339] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[ 3093.398574][T21339] RBP: 00007f53b3826090 R08: 0000000000000000 R09: 0000000000000000
[ 3093.398586][T21339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3093.398598][T21339] R13: 00007f53b5816038 R14: 00007f53b5815fa0 R15: 00007ffdfbd81b58
[ 3093.398630][T21339]  </TASK>
[ 3093.398637][T21339] Mem-Info:
[ 3093.398646][T21339] active_anon:6006 inactive_anon:44953 isolated_anon:0
[ 3093.398646][T21339]  active_file:25720 inactive_file:36241 isolated_file:0
[ 3093.398646][T21339]  unevictable:17165 dirty:185 writeback:0
[ 3093.398646][T21339]  slab_reclaimable:13441 slab_unreclaimable:114052
[ 3093.398646][T21339]  mapped:34247 shmem:44993 pagetables:1688
[ 3093.398646][T21339]  sec_pagetables:0 bounce:0
[ 3093.398646][T21339]  kernel_misc_reclaimable:0
[ 3093.398646][T21339]  free:1184622 free_pcp:3213 free_cma:0
[ 3093.398697][T21339] Node 0 active_anon:24024kB inactive_anon:179812kB active_file:102580kB inactive_file:144964kB unevictable:67124kB isolated(anon):0kB isolated(file):0kB mapped:136900kB dirty:740kB writeback:0kB shmem:178436kB kernel_stack:13620kB pagetables:6568kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 3093.398741][T21339] Node 1 active_anon:0kB inactive_anon:0kB active_file:300kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:184kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 3093.398783][T21339] Node 0 DMA free:15356kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3093.398838][T21339] lowmem_reserve[]: 0 2516 2518 2518 2518
[ 3093.398870][T21339] Node 0 DMA32 free:823016kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24024kB inactive_anon:179812kB active_file:102580kB inactive_file:144964kB unevictable:67124kB writepending:740kB zspages:0kB present:3129332kB managed:2576580kB mlocked:0kB bounce:0kB free_pcp:12852kB local_pcp:3444kB free_cma:0kB
[ 3093.398929][T21339] lowmem_reserve[]: 0 0 1 1 1
[ 3093.398959][T21339] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3093.399012][T21339] lowmem_reserve[]: 0 0 0 0 0
[ 3093.399043][T21339] Node 1 Normal free:3900116kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:300kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3093.399103][T21339] lowmem_reserve[]: 0 0 0 0 0
[ 3093.399132][T21339] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[ 3093.399268][T21339] Node 0 DMA32: 58*4kB (UM) 260*8kB (UME) 262*16kB (UME) 924*32kB (UME) 248*64kB (UME) 116*128kB (ME) 64*256kB (UME) 33*512kB (UME) 14*1024kB (UME) 12*2048kB (UME) 167*4096kB (UM) = 823016kB
[ 3093.399411][T21339] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 3093.399500][T21339] Node 1 Normal: 203*4kB (UME) 57*8kB (UE) 44*16kB (UME) 223*32kB (UE) 97*64kB (UE) 26*128kB (UME) 14*256kB (UM) 6*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (M) = 3900116kB
[ 3093.399643][T21339] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 3093.399659][T21339] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 3093.399675][T21339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 3093.399690][T21339] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 3093.399705][T21339] 123336 total pagecache pages
[ 3093.399714][T21339] 0 pages in swap cache
[ 3093.399720][T21339] Free swap  = 124996kB
[ 3093.399728][T21339] Total swap = 124996kB
[ 3093.399735][T21339] 2097051 pages RAM
[ 3093.399742][T21339] 0 pages HighMem/MovableOnly
[ 3093.399749][T21339] 420816 pages reserved
[ 3093.399757][T21339] 0 pages cma reserved
[ 3093.984336][T10742] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 3094.172464][T10742] usb 6-1: Using ep0 maxpacket: 16
[ 3094.175794][T10742] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 3094.175822][T10742] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[ 3094.184909][T10742] usb 6-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[ 3094.184935][T10742] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3094.184956][T10742] usb 6-1: Product: syz
[ 3094.184978][T10742] usb 6-1: Manufacturer: syz
[ 3094.184992][T10742] usb 6-1: SerialNumber: syz
[ 3094.191019][T10742] usb 6-1: config 0 descriptor??
[ 3094.215748][T10742] mcba_usb 6-1:0.0: Can't find endpoints
[ 3094.295861][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3094.487349][T21344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3094.487756][T21344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3094.527929][  T989] usb 6-1: USB disconnect, device number 22
[ 3094.981224][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3095.443797][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3096.425702][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3099.308017][T21407] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 3099.332825][T21407] overlayfs: conflicting options: nfs_export=on,index=off
[ 3099.780740][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3099.992779][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3100.039466][T16873] Bluetooth: hci3: unexpected event for opcode 0x043d
[ 3100.725953][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3100.976901][T21436] block nbd0: server does not support multiple connections per device.
[ 3100.985380][T21436] block nbd0: shutting down sockets
[ 3101.990225][T21453] Process accounting resumed
[ 3102.752857][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3103.821072][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3104.691067][    C0] vkms_vblank_simulate: vblank timer overrun
[ 3106.311913][T21534] netlink: 32 bytes leftover after parsing attributes in process `syz.4.19324'.
[ 3106.311947][T21534] netlink: 48 bytes leftover after parsing attributes in process `syz.4.19324'.
[ 3106.375391][T21534] netlink: 48 bytes leftover after parsing attributes in process `syz.4.19324'.
[ 3106.468831][T20929] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 3106.488960][T21543] netlink: 'syz.1.19327': attribute type 6 has an invalid length.
[ 3106.488979][T21543] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.19327'.
[ 3106.629877][T20929] usb 6-1: Using ep0 maxpacket: 16
[ 3106.637501][T20929] usb 6-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=f8.a6
[ 3106.637528][T20929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3106.637547][T20929] usb 6-1: Product: syz
[ 3106.637562][T20929] usb 6-1: Manufacturer: syz
[ 3106.637577][T20929] usb 6-1: SerialNumber: syz
[ 3106.683253][T20929] usb 6-1: config 0 descriptor??
[ 3109.490620][T20929] usb 6-1: USB disconnect, device number 23
[ 3114.855072][   T37] kauditd_printk_skb: 15 callbacks suppressed
[ 3114.855091][   T37] audit: type=1326 audit(3289.028:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855138][   T37] audit: type=1326 audit(3289.028:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855188][   T37] audit: type=1326 audit(3289.028:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855231][   T37] audit: type=1326 audit(3289.028:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855274][   T37] audit: type=1326 audit(3289.028:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855315][   T37] audit: type=1326 audit(3289.028:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3114.855358][   T37] audit: type=1326 audit(3289.028:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21638 comm="syz.2.19369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3116.229947][T20930] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 3116.415563][T20930] usb 6-1: config 1 has an invalid interface number: 102 but max is 1
[ 3116.415590][T20930] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3116.415609][T20930] usb 6-1: config 1 has no interface number 0
[ 3116.415672][T20930] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3116.415698][T20930] usb 6-1: too many endpoints for config 1 interface 102 altsetting 111: 117, using maximum allowed: 30
[ 3116.415740][T20930] usb 6-1: config 1 interface 102 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 117
[ 3116.415766][T20930] usb 6-1: config 1 interface 102 has no altsetting 0
[ 3116.418830][T20930] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 3116.418856][T20930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3116.418876][T20930] usb 6-1: Product: syz
[ 3116.418890][T20930] usb 6-1: Manufacturer: syz
[ 3116.418904][T20930] usb 6-1: SerialNumber: syz
[ 3116.450465][T20930] usb 6-1: selecting invalid altsetting 1
[ 3117.667755][T20930] cdc_ncm 6-1:1.1: failed GET_NTB_PARAMETERS
[ 3117.667785][T20930] cdc_ncm 6-1:1.1: bind() failure
[ 3117.686500][T20930] usb 6-1: USB disconnect, device number 24
[ 3118.505404][   T37] audit: type=1326 audit(3292.433:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21722 comm="syz.2.19395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3118.505457][   T37] audit: type=1326 audit(3292.433:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21722 comm="syz.2.19395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3118.510605][   T37] audit: type=1326 audit(3292.452:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21722 comm="syz.2.19395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3120.440262][T21748] binder: 21737:21748 ioctl c0306201 200000000040 returned -22
[ 3121.939873][T21761] FAULT_INJECTION: forcing a failure.
[ 3121.939873][T21761] name failslab, interval 1, probability 0, space 0, times 0
[ 3121.939913][T21761] CPU: 0 UID: 0 PID: 21761 Comm: syz.5.19410 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3121.939936][T21761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3121.939948][T21761] Call Trace:
[ 3121.939957][T21761]  <TASK>
[ 3121.939966][T21761]  dump_stack_lvl+0x189/0x250
[ 3121.939997][T21761]  ? __pfx____ratelimit+0x10/0x10
[ 3121.940025][T21761]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3121.940052][T21761]  ? __pfx__printk+0x10/0x10
[ 3121.940079][T21761]  ? __pfx___might_resched+0x10/0x10
[ 3121.940108][T21761]  should_fail_ex+0x46c/0x600
[ 3121.940137][T21761]  ? preload_this_cpu_lock+0x49/0xc0
[ 3121.940158][T21761]  should_failslab+0xa8/0x100
[ 3121.940179][T21761]  ? preload_this_cpu_lock+0x49/0xc0
[ 3121.940197][T21761]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[ 3121.940222][T21761]  ? alloc_vmap_area+0x271/0x14c0
[ 3121.940246][T21761]  ? kmem_cache_alloc_node_noprof+0x291/0x6e0
[ 3121.940270][T21761]  ? alloc_vmap_area+0x271/0x14c0
[ 3121.940299][T21761]  preload_this_cpu_lock+0x49/0xc0
[ 3121.940322][T21761]  alloc_vmap_area+0x41c/0x14c0
[ 3121.940363][T21761]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 3121.940388][T21761]  ? __kasan_kmalloc+0x93/0xb0
[ 3121.940415][T21761]  ? __kmalloc_cache_node_noprof+0x2a9/0x700
[ 3121.940442][T21761]  ? __get_vm_area_node+0x172/0x350
[ 3121.940467][T21761]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3121.940490][T21761]  __get_vm_area_node+0x227/0x350
[ 3121.940522][T21761]  __vmalloc_node_range_noprof+0x30c/0x12d0
[ 3121.940550][T21761]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3121.940575][T21761]  ? is_bpf_text_address+0x26/0x2b0
[ 3121.940607][T21761]  ? __lock_acquire+0xab9/0xd20
[ 3121.940634][T21761]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 3121.940663][T21761]  ? __might_fault+0xb0/0x130
[ 3121.940689][T21761]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3121.940707][T21761]  __vmalloc_noprof+0xb1/0xf0
[ 3121.940732][T21761]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3121.940755][T21761]  bpf_prog_alloc_no_stats+0x4a/0x530
[ 3121.940780][T21761]  bpf_prog_alloc+0x3c/0x1a0
[ 3121.940802][T21761]  bpf_prog_load+0x735/0x19e0
[ 3121.940833][T21761]  ? __pfx_bpf_prog_load+0x10/0x10
[ 3121.940875][T21761]  ? bpf_lsm_bpf+0x9/0x20
[ 3121.940896][T21761]  ? security_bpf+0x7e/0x300
[ 3121.940927][T21761]  __sys_bpf+0x507/0x860
[ 3121.940947][T21761]  ? __pfx___sys_bpf+0x10/0x10
[ 3121.940963][T21761]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 3121.941002][T21761]  ? ksys_write+0x230/0x260
[ 3121.941030][T21761]  ? __pfx_ksys_write+0x10/0x10
[ 3121.941052][T21761]  ? rcu_is_watching+0x15/0xb0
[ 3121.941082][T21761]  __x64_sys_bpf+0x7c/0x90
[ 3121.941109][T21761]  do_syscall_64+0xfa/0x3b0
[ 3121.941126][T21761]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3121.941151][T21761]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3121.941171][T21761]  ? clear_bhb_loop+0x60/0xb0
[ 3121.941194][T21761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3121.941213][T21761] RIP: 0033:0x7f494b8aeec9
[ 3121.941230][T21761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3121.941248][T21761] RSP: 002b:00007f4949b16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3121.941270][T21761] RAX: ffffffffffffffda RBX: 00007f494bb05fa0 RCX: 00007f494b8aeec9
[ 3121.941284][T21761] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[ 3121.941297][T21761] RBP: 00007f4949b16090 R08: 0000000000000000 R09: 0000000000000000
[ 3121.941310][T21761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3121.941322][T21761] R13: 00007f494bb06038 R14: 00007f494bb05fa0 R15: 00007fff0144f8a8
[ 3121.941352][T21761]  </TASK>
[ 3123.505529][T16873] Bluetooth: hci4: unexpected event for opcode 0x043d
[ 3124.247721][T20930] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[ 3124.499150][T20930] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3124.499220][T20930] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[ 3124.499245][T20930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[ 3124.499269][T20930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[ 3124.499294][T20930] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 3124.499319][T20930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 3124.499342][T20930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 3124.499362][T20930] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3124.906790][T20930] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[ 3124.906820][T20930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[ 3124.906840][T20930] usb 6-1: Product: syz
[ 3124.906855][T20930] usb 6-1: Manufacturer: syz
[ 3124.906870][T20930] usb 6-1: SerialNumber: syz
[ 3126.196958][T20930] usb 6-1: config 0 descriptor??
[ 3126.198642][T20930] usb 6-1: can't set config #0, error -71
[ 3126.225808][T20930] usb 6-1: USB disconnect, device number 25
[ 3126.235578][T21778] Process accounting resumed
[ 3126.613833][   T37] kauditd_printk_skb: 23 callbacks suppressed
[ 3126.613851][   T37] audit: type=1326 audit(3300.028:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.613896][   T37] audit: type=1326 audit(3300.028:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.618720][   T37] audit: type=1326 audit(3300.038:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.618767][   T37] audit: type=1326 audit(3300.038:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.619807][   T37] audit: type=1326 audit(3300.038:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.619852][   T37] audit: type=1326 audit(3300.038:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f43f89dd710 code=0x7ffc0000
[ 3126.619894][   T37] audit: type=1326 audit(3300.038:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.684838][   T37] audit: type=1326 audit(3300.094:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.684892][   T37] audit: type=1326 audit(3300.094:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3126.684935][   T37] audit: type=1326 audit(3300.094:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21808 comm="syz.2.19426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3127.449962][T16873] Bluetooth: hci1: unexpected event for opcode 0x043d
[ 3127.711792][  T989] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[ 3127.874158][  T989] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3127.874241][  T989] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[ 3127.874266][  T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[ 3127.874292][  T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[ 3127.874317][  T989] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[ 3127.874341][  T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 3127.874366][  T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 3127.874386][  T989] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3127.876962][  T989] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[ 3127.876988][  T989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=8
[ 3127.877007][  T989] usb 5-1: Product: syz
[ 3127.877021][  T989] usb 5-1: Manufacturer: syz
[ 3127.877035][  T989] usb 5-1: SerialNumber: syz
[ 3127.907236][  T989] usb 5-1: config 0 descriptor??
[ 3127.908010][T21830] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3127.950735][  T989] ati_remote 5-1:0.0: ati_remote_probe: Unexpected endpoint_out
[ 3128.246074][  T989] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 3128.400952][T21856] netlink: 48 bytes leftover after parsing attributes in process `syz.1.19444'.
[ 3128.400973][T21856] netlink: 32 bytes leftover after parsing attributes in process `syz.1.19444'.
[ 3128.416847][  T989] usb 6-1: Using ep0 maxpacket: 16
[ 3128.419305][  T989] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 3128.419327][  T989] usb 6-1: config 0 has no interface number 0
[ 3128.426986][  T989] usb 6-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[ 3128.427011][  T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3128.427030][  T989] usb 6-1: Product: syz
[ 3128.427043][  T989] usb 6-1: Manufacturer: syz
[ 3128.427058][  T989] usb 6-1: SerialNumber: syz
[ 3128.433380][  T989] usb 6-1: config 0 descriptor??
[ 3128.443684][  T989] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 3129.061864][T21842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3129.062475][T21842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3129.151205][T21861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3129.151719][T21861] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3129.347773][T20930] usb 6-1: USB disconnect, device number 26
[ 3130.265175][T10742] usb 5-1: USB disconnect, device number 21
[ 3131.031363][T21906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19465'.
[ 3132.609899][T17273] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 3133.266014][T17273] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 3133.266047][T17273] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 3133.266072][T17273] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 3133.269734][T17273] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 3133.269762][T17273] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3133.269782][T17273] usb 6-1: Product: syz
[ 3133.269796][T17273] usb 6-1: Manufacturer: syz
[ 3133.269810][T17273] usb 6-1: SerialNumber: syz
[ 3133.360173][T17273] usb 6-1: config 0 descriptor??
[ 3133.418135][T21933] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 3133.418424][T21933] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 3133.436577][T17273] usb 6-1: ucan: probing device on interface #0
[ 3133.647002][T17273] usb 6-1: ucan: device protocol version 0 is not supported
[ 3133.647025][T17273] usb 6-1: ucan: probe failed; try to update the device firmware
[ 3133.871582][T21933] netlink: 256 bytes leftover after parsing attributes in process `syz.5.19477'.
[ 3134.029891][T21959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3134.030228][T21959] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3135.625843][  T989] usb 6-1: USB disconnect, device number 27
[ 3136.487796][T21972] FAULT_INJECTION: forcing a failure.
[ 3136.487796][T21972] name failslab, interval 1, probability 0, space 0, times 0
[ 3136.487861][T21972] CPU: 1 UID: 0 PID: 21972 Comm: syz.5.19489 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3136.487885][T21972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3136.487900][T21972] Call Trace:
[ 3136.487908][T21972]  <TASK>
[ 3136.487917][T21972]  dump_stack_lvl+0x189/0x250
[ 3136.487947][T21972]  ? __pfx____ratelimit+0x10/0x10
[ 3136.487976][T21972]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3136.488003][T21972]  ? __pfx__printk+0x10/0x10
[ 3136.488032][T21972]  ? __pfx___might_resched+0x10/0x10
[ 3136.488081][T21972]  should_fail_ex+0x46c/0x600
[ 3136.488113][T21972]  should_failslab+0xa8/0x100
[ 3136.488135][T21972]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 3136.488163][T21972]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[ 3136.488181][T21972]  ? __vmalloc_noprof+0xb1/0xf0
[ 3136.488206][T21972]  ? bpf_prog_alloc_no_stats+0xdb/0x530
[ 3136.488231][T21972]  bpf_prog_alloc_no_stats+0xdb/0x530
[ 3136.488256][T21972]  bpf_prog_alloc+0x3c/0x1a0
[ 3136.488278][T21972]  bpf_prog_load+0x735/0x19e0
[ 3136.488311][T21972]  ? __pfx_bpf_prog_load+0x10/0x10
[ 3136.488354][T21972]  ? bpf_lsm_bpf+0x9/0x20
[ 3136.488375][T21972]  ? security_bpf+0x7e/0x300
[ 3136.488400][T21972]  __sys_bpf+0x507/0x860
[ 3136.488421][T21972]  ? __pfx___sys_bpf+0x10/0x10
[ 3136.488474][T21972]  __x64_sys_bpf+0x7c/0x90
[ 3136.488500][T21972]  do_syscall_64+0xfa/0x3b0
[ 3136.488521][T21972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3136.488540][T21972]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 3136.488558][T21972]  ? clear_bhb_loop+0x60/0xb0
[ 3136.488582][T21972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3136.488601][T21972] RIP: 0033:0x7f494b8aeec9
[ 3136.488618][T21972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3136.488636][T21972] RSP: 002b:00007f4949ad4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3136.488657][T21972] RAX: ffffffffffffffda RBX: 00007f494bb06180 RCX: 00007f494b8aeec9
[ 3136.488672][T21972] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 0000000000000005
[ 3136.488686][T21972] RBP: 00007f4949ad4090 R08: 0000000000000000 R09: 0000000000000000
[ 3136.488699][T21972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3136.488723][T21972] R13: 00007f494bb06218 R14: 00007f494bb06180 R15: 00007fff0144f8a8
[ 3136.488755][T21972]  </TASK>
[ 3137.632564][T10742] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 3138.659255][T10742] usb 6-1: Using ep0 maxpacket: 16
[ 3138.665579][T10742] usb 6-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=f8.a6
[ 3138.665606][T10742] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3138.665626][T10742] usb 6-1: Product: syz
[ 3138.665640][T10742] usb 6-1: Manufacturer: syz
[ 3138.665655][T10742] usb 6-1: SerialNumber: syz
[ 3138.680450][T10742] usb 6-1: config 0 descriptor??
[ 3139.720674][T22001] Process accounting resumed
[ 3139.946702][T22039] netlink: 32 bytes leftover after parsing attributes in process `syz.6.19514'.
[ 3139.947549][T22039] netlink: 28 bytes leftover after parsing attributes in process `syz.6.19514'.
[ 3141.100249][T17273] usb 6-1: USB disconnect, device number 28
[ 3141.167051][T22055] netlink: 104 bytes leftover after parsing attributes in process `syz.5.19519'.
[ 3141.696362][T22061] netlink: 'syz.1.19521': attribute type 6 has an invalid length.
[ 3141.732219][T17908] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3144.180516][T17908] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3144.385648][T22130] netlink: 72 bytes leftover after parsing attributes in process `syz.1.19541'.
[ 3144.385670][T22130] tc_dump_action: action bad kind
[ 3144.714108][T17908] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3145.436321][T20930] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 3146.073530][T20930] usb 6-1: device descriptor read/64, error -71
[ 3146.516540][T20930] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 3146.569494][T17908] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3146.697629][T20930] usb 6-1: device descriptor read/64, error -71
[ 3146.819734][T20930] usb usb6-port1: attempt power cycle
[ 3146.840387][T22150] netlink: 48 bytes leftover after parsing attributes in process `syz.1.19547'.
[ 3147.190389][T20930] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 3147.213151][T20930] usb 6-1: device descriptor read/8, error -71
[ 3147.455928][T17908] bond1: left allmulticast mode
[ 3147.455972][T17908] bond1: left promiscuous mode
[ 3147.456250][T17908] bridge0: port 3(bond1) entered disabled state
[ 3147.472885][T20930] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 3147.489818][T20930] usb 6-1: device descriptor read/8, error -71
[ 3147.554660][T17908] bridge_slave_1: left allmulticast mode
[ 3147.554687][T17908] bridge_slave_1: left promiscuous mode
[ 3147.554933][T17908] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3147.607979][T20930] usb usb6-port1: unable to enumerate USB device
[ 3147.652659][T17908] bridge_slave_0: left allmulticast mode
[ 3147.652686][T17908] bridge_slave_0: left promiscuous mode
[ 3147.652916][T17908] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3147.811312][T17908] batman_adv: batadv0: Interface deactivated: gretap1
[ 3147.811389][T17908] tipc: Resetting bearer <eth:gre0>
[ 3148.756275][   T37] kauditd_printk_skb: 62 callbacks suppressed
[ 3148.756293][   T37] audit: type=1326 audit(3320.748:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.756562][   T37] audit: type=1326 audit(3320.748:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.757535][   T37] audit: type=1326 audit(3320.748:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.757586][   T37] audit: type=1326 audit(3320.748:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.757628][   T37] audit: type=1326 audit(3320.748:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.758133][   T37] audit: type=1326 audit(3320.748:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.758408][   T37] audit: type=1326 audit(3320.748:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.758664][   T37] audit: type=1326 audit(3320.748:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.759111][   T37] audit: type=1326 audit(3320.748:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3148.759726][   T37] audit: type=1326 audit(3320.748:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22222 comm="syz.2.19574" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43f89deec9 code=0x7ffc0000
[ 3151.614726][T17908] batman_adv: batadv0: Removing interface: gretap1
[ 3151.640693][T22271] overlayfs: conflicting options: nfs_export=on,index=off
[ 3152.191646][T17908] tipc: Disabling bearer <eth:gre0>
[ 3152.233502][T22293] netlink: 48 bytes leftover after parsing attributes in process `syz.2.19604'.
[ 3152.625678][T22309] openvswitch: netlink: Message has 8 unknown bytes.
[ 3154.524133][T17908] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3154.577290][T17908] bond_slave_0: left promiscuous mode
[ 3154.623915][T17908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3154.664729][T17908] bond_slave_1: left promiscuous mode
[ 3154.679039][T17908] bond0 (unregistering): Released all slaves
[ 3155.702284][T17908] bond1 (unregistering): Released all slaves
[ 3155.729512][T17908] bond2 (unregistering): Released all slaves
[ 3155.766125][T17908] bond3 (unregistering): Released all slaves
[ 3155.839004][T22190] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19560'.
[ 3155.839060][T22190] netem: change failed
[ 3156.045400][T22465] CIFS mount error: No usable UNC path provided in device string!
[ 3156.045400][T22465] 
[ 3156.045421][T22465] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 3156.521445][T17908] : left promiscuous mode
[ 3157.511311][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 3157.511382][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 3158.591815][T22499] netlink: 28 bytes leftover after parsing attributes in process `syz.1.19699'.
[ 3158.660411][   T31] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 3158.679423][T17908] tipc: Disabling bearer <udp:syz1>
[ 3158.679623][T17908] tipc: Left network mode
[ 3158.845289][   T31] usb 5-1: config 1 has an invalid interface number: 102 but max is 1
[ 3158.845316][   T31] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3158.845335][   T31] usb 5-1: config 1 has no interface number 0
[ 3158.845389][   T31] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3158.845416][   T31] usb 5-1: too many endpoints for config 1 interface 102 altsetting 111: 117, using maximum allowed: 30
[ 3158.845451][   T31] usb 5-1: config 1 interface 102 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 117
[ 3158.845477][   T31] usb 5-1: config 1 interface 102 has no altsetting 0
[ 3158.848607][   T31] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 3158.848634][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3158.848654][   T31] usb 5-1: Product: syz
[ 3158.848669][   T31] usb 5-1: Manufacturer: syz
[ 3158.848683][   T31] usb 5-1: SerialNumber: syz
[ 3158.869029][   T31] usb 5-1: selecting invalid altsetting 1
[ 3159.313132][T22490] netlink: 16 bytes leftover after parsing attributes in process `syz.4.19693'.
[ 3159.313164][T22490] netlink: 16 bytes leftover after parsing attributes in process `syz.4.19693'.
[ 3159.655522][T22481] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[ 3159.845428][   T31] cdc_ncm 5-1:1.1: failed GET_NTB_PARAMETERS
[ 3159.845476][   T31] cdc_ncm 5-1:1.1: bind() failure
[ 3159.881476][   T31] usb 5-1: USB disconnect, device number 22
[ 3160.174155][T22536] FAULT_INJECTION: forcing a failure.
[ 3160.174155][T22536] name failslab, interval 1, probability 0, space 0, times 0
[ 3160.174241][T22536] CPU: 1 UID: 0 PID: 22536 Comm: syz.5.19712 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3160.174268][T22536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3160.174280][T22536] Call Trace:
[ 3160.174288][T22536]  <TASK>
[ 3160.174298][T22536]  dump_stack_lvl+0x189/0x250
[ 3160.174329][T22536]  ? __pfx____ratelimit+0x10/0x10
[ 3160.174357][T22536]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3160.174384][T22536]  ? __pfx__printk+0x10/0x10
[ 3160.174413][T22536]  ? __pfx___might_resched+0x10/0x10
[ 3160.174437][T22536]  ? fs_reclaim_acquire+0x7d/0x100
[ 3160.174462][T22536]  should_fail_ex+0x46c/0x600
[ 3160.174494][T22536]  should_failslab+0xa8/0x100
[ 3160.174516][T22536]  __kmalloc_noprof+0xcc/0x7d0
[ 3160.174543][T22536]  ? tomoyo_encode+0x28b/0x550
[ 3160.174573][T22536]  tomoyo_encode+0x28b/0x550
[ 3160.174603][T22536]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 3160.174639][T22536]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 3160.174660][T22536]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 3160.174683][T22536]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 3160.174708][T22536]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[ 3160.174738][T22536]  ? rcu_is_watching+0x15/0xb0
[ 3160.174797][T22536]  ? __rcu_read_unlock+0x84/0xe0
[ 3160.174824][T22536]  ? __fget_files+0x2a/0x420
[ 3160.174849][T22536]  ? __fget_files+0x3a6/0x420
[ 3160.174866][T22536]  ? __fget_files+0x2a/0x420
[ 3160.174889][T22536]  security_file_ioctl+0xcb/0x2d0
[ 3160.174913][T22536]  __se_sys_ioctl+0x47/0x170
[ 3160.174940][T22536]  do_syscall_64+0xfa/0x3b0
[ 3160.174958][T22536]  ? lockdep_hardirqs_on+0x9c/0x150
[ 3160.174985][T22536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3160.175005][T22536]  ? clear_bhb_loop+0x60/0xb0
[ 3160.175036][T22536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3160.175055][T22536] RIP: 0033:0x7f494b8aeec9
[ 3160.175072][T22536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3160.175090][T22536] RSP: 002b:00007f4949af5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 3160.175111][T22536] RAX: ffffffffffffffda RBX: 00007f494bb06090 RCX: 00007f494b8aeec9
[ 3160.175126][T22536] RDX: 0000000000000002 RSI: 0000000000005437 RDI: 0000000000000007
[ 3160.175138][T22536] RBP: 00007f4949af5090 R08: 0000000000000000 R09: 0000000000000000
[ 3160.175151][T22536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3160.175162][T22536] R13: 00007f494bb06128 R14: 00007f494bb06090 R15: 00007fff0144f8a8
[ 3160.175196][T22536]  </TASK>
[ 3160.175380][T22536] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 3161.043699][T22536] Process accounting resumed
[ 3162.746561][T22563] fuse: Unknown parameter 'g!b7ؚŒ�!��m0䛘�l���M]b[��o�����D�h`��b'
[ 3164.474975][T22579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.19728'.
[ 3164.475002][T22579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.19728'.
[ 3166.476327][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3166.809691][T22622] Process accounting resumed
[ 3166.862272][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3167.159162][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3167.427150][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3167.905692][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3168.196325][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3168.461039][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3168.838288][T18941] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 3169.001317][T18941] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 3169.001348][T18941] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 3169.001373][T18941] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 3169.004457][T18941] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 3169.004484][T18941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3169.004504][T18941] usb 5-1: Product: syz
[ 3169.004519][T18941] usb 5-1: Manufacturer: syz
[ 3169.004534][T18941] usb 5-1: SerialNumber: syz
[ 3169.074414][T18941] usb 5-1: config 0 descriptor??
[ 3169.075437][T22648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3169.075648][T22648] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 3169.077783][T18941] usb 5-1: ucan: probing device on interface #0
[ 3169.113062][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3169.255448][T17908] hsr_slave_0: left promiscuous mode
[ 3169.300819][T18941] usb 5-1: ucan: device protocol version 0 is not supported
[ 3169.300842][T18941] usb 5-1: ucan: probe failed; try to update the device firmware
[ 3169.306370][T17908] hsr_slave_1: left promiscuous mode
[ 3169.307258][T17908] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3169.307281][T17908] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3169.365918][T17908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3169.365944][T17908] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3169.528883][T22648] netlink: 256 bytes leftover after parsing attributes in process `syz.4.19753'.
[ 3169.582273][T17908] veth1_vlan: left promiscuous mode
[ 3169.582436][T17908] veth0_vlan: left promiscuous mode
[ 3169.675702][T22678] netlink: 'syz.1.19763': attribute type 11 has an invalid length.
[ 3169.726433][T22679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3169.726851][T22679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3170.381255][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3170.471889][T22703] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19777'.
[ 3170.534850][T22704] netlink: 8 bytes leftover after parsing attributes in process `syz.6.19777'.
[ 3170.914837][T22712] netlink: 24 bytes leftover after parsing attributes in process `syz.2.19780'.
[ 3171.855737][   T31] usb 5-1: USB disconnect, device number 23
[ 3172.375971][   T37] kauditd_printk_skb: 63 callbacks suppressed
[ 3172.375989][   T37] audit: type=1326 audit(3342.832:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22723 comm="syz.4.19782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3172.376146][   T37] audit: type=1326 audit(3342.832:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22723 comm="syz.4.19782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3172.433490][   T37] audit: type=1326 audit(3342.898:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22723 comm="syz.4.19782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3172.433540][   T37] audit: type=1326 audit(3342.898:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22723 comm="syz.4.19782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3172.433581][   T37] audit: type=1326 audit(3342.898:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22723 comm="syz.4.19782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53b55beec9 code=0x7ffc0000
[ 3176.558990][T22753] overlayfs: failed to clone upperpath
[ 3179.058893][T18941] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 3179.238707][T18941] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 3179.238739][T18941] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 3179.238760][T18941] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[ 3179.265176][T18941] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 3179.265204][T18941] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3179.265223][T18941] usb 6-1: Product: syz
[ 3179.265236][T18941] usb 6-1: Manufacturer: syz
[ 3179.265250][T18941] usb 6-1: SerialNumber: syz
[ 3179.305264][T18941] usb 6-1: config 0 descriptor??
[ 3179.306452][T22766] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 3179.306644][T22766] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 3179.310367][T18941] usb 6-1: ucan: probing device on interface #0
[ 3179.529814][T18941] usb 6-1: ucan: device protocol version 0 is not supported
[ 3179.529829][T18941] usb 6-1: ucan: probe failed; try to update the device firmware
[ 3180.007741][T22766] netlink: 256 bytes leftover after parsing attributes in process `syz.5.19796'.
[ 3180.135218][T17908] team0 (unregistering): Port device team_slave_1 removed
[ 3180.282518][T22771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3180.282781][T22771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3180.700771][T17908] team0 (unregistering): Port device team_slave_0 removed
[ 3182.035369][T17273] usb 6-1: USB disconnect, device number 33
[ 3185.902146][   T31] lo speed is unknown, defaulting to 1000
[ 3185.902173][   T31] infiniband syz0: ib_query_port failed (-19)
[ 3186.382609][T18941] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 3186.554522][T18941] usb 6-1: Using ep0 maxpacket: 8
[ 3186.572813][T18941] usb 6-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3186.572843][T18941] usb 6-1: config 0 interface 0 has no altsetting 0
[ 3186.572950][T18941] usb 6-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00
[ 3186.573017][T18941] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3186.849060][T18941] usb 6-1: config 0 descriptor??
[ 3187.031767][T22801] netlink: 48 bytes leftover after parsing attributes in process `syz.4.19808'.
[ 3187.319184][T18941] hid_parser_main: 5 callbacks suppressed
[ 3187.319207][T18941] lenovo 0003:17EF:60A3.0020: unknown main item tag 0x0
[ 3187.319236][T18941] lenovo 0003:17EF:60A3.0020: unknown main item tag 0x0
[ 3187.319263][T18941] lenovo 0003:17EF:60A3.0020: unknown main item tag 0x0
[ 3187.319289][T18941] lenovo 0003:17EF:60A3.0020: unknown main item tag 0x0
[ 3187.319315][T18941] lenovo 0003:17EF:60A3.0020: unknown main item tag 0x0
[ 3187.368318][T18941] lenovo 0003:17EF:60A3.0020: hidraw0: USB HID v0.00 Device [HID 17ef:60a3] on usb-dummy_hcd.5-1/input0
[ 3187.537046][T22794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3187.537460][T22794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3187.539950][T20930] usb 6-1: USB disconnect, device number 34
[ 3190.329949][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3190.653816][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3191.567646][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3192.262635][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3193.066087][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3193.183142][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3193.898336][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3194.478085][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3194.496446][T22901] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 3194.525707][T17908] IPVS: stop unused estimator thread 0...
[ 3194.848372][    C1] vkms_vblank_simulate: vblank timer overrun
[ 3194.894696][T17908] ------------[ cut here ]------------
[ 3194.894719][T17908] WARNING: CPU: 1 PID: 17908 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x26d/0x2f0
[ 3194.894759][T17908] Modules linked in:
[ 3194.894779][T17908] CPU: 1 UID: 0 PID: 17908 Comm: kworker/u8:19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3194.894799][T17908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3194.894811][T17908] Workqueue: netns cleanup_net
[ 3194.894837][T17908] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[ 3194.894860][T17908] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ab bb b8 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 49 6c 9a f8 e8 94 18 57 f8 90 <0f> 0b 90 e9 fd fd ff ff e8 86 18 57 f8 90 0f 0b 90 e9 60 fe ff ff
[ 3194.894877][T17908] RSP: 0018:ffffc90010357898 EFLAGS: 00010293
[ 3194.894894][T17908] RAX: ffffffff89668fdc RBX: ffff8880383f5000 RCX: ffff888038cf3c00
[ 3194.894908][T17908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 3194.894921][T17908] RBP: ffffc900103579b0 R08: 0000000000000000 R09: 0000000000000000
[ 3194.894934][T17908] R10: dffffc0000000000 R11: fffffbfff1d6bcef R12: ffffffff8e762b40
[ 3194.894949][T17908] R13: 1ffff9200206af40 R14: ffff8880383f6800 R15: dffffc0000000000
[ 3194.894965][T17908] FS:  0000000000000000(0000) GS:ffff88812711c000(0000) knlGS:0000000000000000
[ 3194.894982][T17908] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3194.894995][T17908] CR2: 00007f43f6c24f98 CR3: 000000004ca8a000 CR4: 00000000003526f0
[ 3194.895011][T17908] Call Trace:
[ 3194.895019][T17908]  <TASK>
[ 3194.895033][T17908]  xfrm_net_exit+0x2d/0x70
[ 3194.895051][T17908]  ops_undo_list+0x49a/0x990
[ 3194.895083][T17908]  ? __pfx_ops_undo_list+0x10/0x10
[ 3194.895107][T17908]  ? rt_spin_unlock+0x150/0x200
[ 3194.895136][T17908]  ? rt_spin_unlock+0x161/0x200
[ 3194.895162][T17908]  cleanup_net+0x4de/0x820
[ 3194.895191][T17908]  ? __pfx_cleanup_net+0x10/0x10
[ 3194.895224][T17908]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3194.895250][T17908]  ? process_scheduled_works+0x9ef/0x17b0
[ 3194.895275][T17908]  ? process_scheduled_works+0x9ef/0x17b0
[ 3194.895303][T17908]  process_scheduled_works+0xae1/0x17b0
[ 3194.895361][T17908]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3194.895407][T17908]  worker_thread+0x8a0/0xda0
[ 3194.895461][T17908]  kthread+0x711/0x8a0
[ 3194.895486][T17908]  ? __pfx_worker_thread+0x10/0x10
[ 3194.895518][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.895535][T17908]  ? rt_spin_unlock+0x150/0x200
[ 3194.895560][T17908]  ? rt_spin_unlock+0x161/0x200
[ 3194.895580][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.895603][T17908]  ret_from_fork+0x439/0x7d0
[ 3194.895632][T17908]  ? __pfx_ret_from_fork+0x10/0x10
[ 3194.895664][T17908]  ? __switch_to_asm+0x39/0x70
[ 3194.895683][T17908]  ? __switch_to_asm+0x33/0x70
[ 3194.895700][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.895722][T17908]  ret_from_fork_asm+0x1a/0x30
[ 3194.895755][T17908]  </TASK>
[ 3194.895770][T17908] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 3194.895784][T17908] CPU: 1 UID: 0 PID: 17908 Comm: kworker/u8:19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 3194.895805][T17908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 3194.895817][T17908] Workqueue: netns cleanup_net
[ 3194.895841][T17908] Call Trace:
[ 3194.895849][T17908]  <TASK>
[ 3194.895858][T17908]  dump_stack_lvl+0x99/0x250
[ 3194.895885][T17908]  ? __asan_memcpy+0x40/0x70
[ 3194.895910][T17908]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3194.895937][T17908]  ? __pfx__printk+0x10/0x10
[ 3194.895974][T17908]  vpanic+0x237/0x6d0
[ 3194.895993][T17908]  ? __pfx_vpanic+0x10/0x10
[ 3194.896022][T17908]  panic+0xb9/0xc0
[ 3194.896040][T17908]  ? __pfx_panic+0x10/0x10
[ 3194.896074][T17908]  __warn+0x31b/0x4b0
[ 3194.896091][T17908]  ? xfrm_state_fini+0x26d/0x2f0
[ 3194.896118][T17908]  ? xfrm_state_fini+0x26d/0x2f0
[ 3194.896143][T17908]  report_bug+0x2be/0x4f0
[ 3194.896170][T17908]  ? xfrm_state_fini+0x26d/0x2f0
[ 3194.896196][T17908]  ? xfrm_state_fini+0x26d/0x2f0
[ 3194.896220][T17908]  ? xfrm_state_fini+0x26f/0x2f0
[ 3194.896244][T17908]  handle_bug+0x84/0x160
[ 3194.896264][T17908]  exc_invalid_op+0x1a/0x50
[ 3194.896281][T17908]  asm_exc_invalid_op+0x1a/0x20
[ 3194.896295][T17908] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[ 3194.896319][T17908] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 ab bb b8 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 49 6c 9a f8 e8 94 18 57 f8 90 <0f> 0b 90 e9 fd fd ff ff e8 86 18 57 f8 90 0f 0b 90 e9 60 fe ff ff
[ 3194.896337][T17908] RSP: 0018:ffffc90010357898 EFLAGS: 00010293
[ 3194.896353][T17908] RAX: ffffffff89668fdc RBX: ffff8880383f5000 RCX: ffff888038cf3c00
[ 3194.896368][T17908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 3194.896380][T17908] RBP: ffffc900103579b0 R08: 0000000000000000 R09: 0000000000000000
[ 3194.896394][T17908] R10: dffffc0000000000 R11: fffffbfff1d6bcef R12: ffffffff8e762b40
[ 3194.896408][T17908] R13: 1ffff9200206af40 R14: ffff8880383f6800 R15: dffffc0000000000
[ 3194.896433][T17908]  ? xfrm_state_fini+0x26c/0x2f0
[ 3194.896464][T17908]  ? xfrm_state_fini+0x26c/0x2f0
[ 3194.896492][T17908]  xfrm_net_exit+0x2d/0x70
[ 3194.896518][T17908]  ops_undo_list+0x49a/0x990
[ 3194.896552][T17908]  ? __pfx_ops_undo_list+0x10/0x10
[ 3194.896576][T17908]  ? rt_spin_unlock+0x150/0x200
[ 3194.896604][T17908]  ? rt_spin_unlock+0x161/0x200
[ 3194.896630][T17908]  cleanup_net+0x4de/0x820
[ 3194.896659][T17908]  ? __pfx_cleanup_net+0x10/0x10
[ 3194.896688][T17908]  ? _raw_spin_unlock_irq+0x23/0x50
[ 3194.896713][T17908]  ? process_scheduled_works+0x9ef/0x17b0
[ 3194.896739][T17908]  ? process_scheduled_works+0x9ef/0x17b0
[ 3194.896768][T17908]  process_scheduled_works+0xae1/0x17b0
[ 3194.896825][T17908]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3194.896871][T17908]  worker_thread+0x8a0/0xda0
[ 3194.896926][T17908]  kthread+0x711/0x8a0
[ 3194.896951][T17908]  ? __pfx_worker_thread+0x10/0x10
[ 3194.896977][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.896995][T17908]  ? rt_spin_unlock+0x150/0x200
[ 3194.897022][T17908]  ? rt_spin_unlock+0x161/0x200
[ 3194.897043][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.897065][T17908]  ret_from_fork+0x439/0x7d0
[ 3194.897094][T17908]  ? __pfx_ret_from_fork+0x10/0x10
[ 3194.897127][T17908]  ? __switch_to_asm+0x39/0x70
[ 3194.897155][T17908]  ? __switch_to_asm+0x33/0x70
[ 3194.897173][T17908]  ? __pfx_kthread+0x10/0x10
[ 3194.897195][T17908]  ret_from_fork_asm+0x1a/0x30
[ 3194.897231][T17908]  </TASK>
[ 3194.897492][T17908] Kernel Offset: disabled