last executing test programs:

1m33.006591976s ago: executing program 2 (id=1379):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x38}}, 0x4000)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000080)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168"})
syz_open_dev$dri(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00'}, 0x90)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$read(0xb, 0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x403, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x2d298, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffe], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x25d], [0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_ABS_SETUP(r3, 0x401c5504, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0)
close(r4)
ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"})

1m31.026351257s ago: executing program 2 (id=1385):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)=<r1=>0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
gettid()
ioctl(r3, 0x7, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
sendmsg$inet(r5, 0x0, 0x0)
read$char_usb(r5, &(0x7f0000000080)=""/139, 0xfdef)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2800000012000101000000000000000007000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001d008b"], 0x28}, 0x1, 0x0, 0x0, 0x24000010}, 0x44804)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)={&(0x7f0000000240)="c3dd924e7b518b49636f5c", &(0x7f00000003c0)=""/140, &(0x7f0000000480)="e3fc063091a7af238223925e98a5a9dd44a79255587bc3277c78460111ebe9ee6c91f20b53ce1a844b301a99e215b9090476cd7514ca8457a8505df0900ec6944fb1848548875c22ca1ee34989f1eb34", &(0x7f0000000580)="6bcc2b39de8ecbbad31fcdb0ba998ddf113304f900ebe97e55e0098fc04eb70596ef6d5bce244de4b7088399c25cf09adfba9808e9297ba7a60c8370b16e337583746e7214f599c5", 0xa460, r5, 0x4}, 0x38)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000002c80), &(0x7f00000061c0)=0x4)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f0000000000)='\f/\x00', 0x0, r3)
r8 = syz_open_dev$MSR(0x0, 0x8000002000000, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
migrate_pages(r2, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setitimer(0x0, 0x0, &(0x7f0000000040))
r9 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r9, 0x1ad72f7)
accept4$netrom(r9, 0x0, 0x0, 0x0)

1m29.315220209s ago: executing program 2 (id=1395):
syz_io_uring_setup(0x10c, &(0x7f0000000300)={0x0, 0x24e3e, 0x1000, 0xfffffffd, 0x90}, &(0x7f0000000240)=<r0=>0x0, &(0x7f0000000140)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c12b800000010004b0400000000fedbdf257a00", @ANYRES32=0x0, @ANYBLOB="0000046bdbd115002c0012800b00010067726174617000001c000280050009000000000005000a00000000000500160001000000"], 0x4c}}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000280)=[@increfs_done={0x40106308, 0x3}], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000001340)="0e9849f1"})
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x0}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x0, 0x0, &(0x7f0000000300)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
write$nbd(0xffffffffffffffff, 0x0, 0x0)
keyctl$clear(0x3, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='\x00', 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

1m27.570534812s ago: executing program 2 (id=1400):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x4})
ppoll(&(0x7f00000003c0)=[{r1}], 0x1, &(0x7f0000000400)={0x0, 0x3938700}, 0x0, 0xfdfe)

1m26.454505727s ago: executing program 2 (id=1406):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000100)=<r3=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, r3, 0x1, &(0x7f0000000280))
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20305, 0x7e15}, [@IFLA_LINK={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x48094)
r6 = socket(0x6, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000300)={0x4, @loopback, 0x0, 0x0, 'lc\x00', 0x9, 0x0, 0x69}, 0x2c)
r7 = fanotify_init(0x200, 0x0)
ioctl$sock_qrtr_TIOCINQ(r7, 0x541b, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x18, r9, 0x6a98047402e98331, 0x1000000, 0x0, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x50}, 0x4886)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000040))
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x200, 0xfffffff9, 0xbf5d, 0x2, 0x3})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40900000000000061110300000000008510000002000000850000006600000095000000000000009500000000000000"], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

1m24.985323046s ago: executing program 2 (id=1412):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f280080018000cac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x1fd, 0x0, &(0x7f0000ff4000/0xa000)=nil})
r2 = syz_usb_connect(0x5, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000000e00000000000000040000000000000010000000000000002000000000000000"], 0x24, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
rmdir(&(0x7f0000000080)='./file0\x00')
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_ep_read(r2, 0x6, 0xb4, &(0x7f0000000080)=""/180)
r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000240)={0x1, 0x5, 0x200, 0x100005, 0x800000000002, 0x8, 0x2000000000000031, 0x200, 0x1, 0x2c, 0x1, 0x2})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r5, 0xc0984124, &(0x7f0000000d40))
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r5, 0xc0984124, &(0x7f0000000940))
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x6)
ioctl$EVIOCGMASK(r6, 0x5b04, 0x0)

1m9.560775057s ago: executing program 32 (id=1412):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f280080018000cac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000040)={0x1fd, 0x0, &(0x7f0000ff4000/0xa000)=nil})
r2 = syz_usb_connect(0x5, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="020000000e00000000000000040000000000000010000000000000002000000000000000"], 0x24, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
rmdir(&(0x7f0000000080)='./file0\x00')
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_ep_read(r2, 0x6, 0xb4, &(0x7f0000000080)=""/180)
r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000240)={0x1, 0x5, 0x200, 0x100005, 0x800000000002, 0x8, 0x2000000000000031, 0x200, 0x1, 0x2c, 0x1, 0x2})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r5, 0xc0984124, &(0x7f0000000d40))
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r5, 0xc0984124, &(0x7f0000000940))
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x6)
ioctl$EVIOCGMASK(r6, 0x5b04, 0x0)

13.952949302s ago: executing program 1 (id=1618):
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e22, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4)
syz_open_dev$usbfs(&(0x7f0000000000), 0x1800, 0x400)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x438682, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000340), 0x765f40, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x20000000)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000004200)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[])
read$FUSE(r5, &(0x7f0000004240)={0x2020}, 0x2020)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
creat(&(0x7f0000000240)='./bus\x00', 0xd)

11.838392581s ago: executing program 1 (id=1624):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
connect$inet(r4, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x200, 0x3f20}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @broadcast}]}}}, @IFLA_MASTER={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x40488c5}, 0x40000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}}, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x18, &(0x7f0000001840)=ANY=[@ANYBLOB="180000009a010000000000000500000018110000d5903d0fe25ee49d69c127a073c160a2e47ba3c3e5dd5f4ef66aede2387e24f6a5867909d956a80475a81b48eb04a23fd18dec90db36f40eebdcd557a2323c2f6312963b330c7b2b762675577d309b6e97d5c60c2e7909bd1126fd0d8067883f546b874a3def588f8141dd1f7b18446fcef0f36c55ee16878fe632cb3ac4fab8b89cbc7caabe65831a1bedf5ee7f49416e9c2601b720b77b977da661a230b65c1782240b463b9e4aa74f783504234fd4da8e69fc24dcbfe03362320b4b1ab91d5cfa7b694fe192785f68592068", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x472, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x1, 0xffffffffffffffff], &(0x7f0000001700)=[{0x4, 0x3, 0x5, 0x3}], 0x10, 0xb, @void, @value}, 0xe4)

10.743042829s ago: executing program 1 (id=1630):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdr_2292={{0x24, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x24}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
read$FUSE(r1, &(0x7f0000002c00)={0x2020}, 0x2020)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001ac0)=@newtfilter={0x24, 0x2c, 0x20, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0x9}, {0xfff2, 0xfff3}, {0x7, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x703d27, 0x4000, {0x60, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1, 0xb}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x7ffffffd}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

7.78014013s ago: executing program 1 (id=1636):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x2860)
r0 = socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r0, 0x0, 0x0})
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
r5 = fsopen(&(0x7f0000000080)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
fsmount(r5, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)

6.994841455s ago: executing program 0 (id=1639):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5a20}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x80)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000200)={0x58, 0xa, 0x0, "3205c546e8b51e04f4bf40070700", 0x4f424752})
connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000380)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xd8}, 0xa)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0xbf7f, 0x8000, 0x0, 0x2cb})
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
r6 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb)
setitimer(0x1, &(0x7f0000000080)={{}, {0x77359400}}, &(0x7f00000000c0))
ftruncate(r6, 0xffff)
fcntl$addseals(r6, 0x409, 0x7)
r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000})
r8 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_FLUSH(r8, 0x29, 0xd4, &(0x7f0000000100)=0x7, 0x4)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r9, &(0x7f0000000440)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000c40)=ANY=[@ANYBLOB="a01100000402010128bd7000fbdbdf25050000007f13c9a6d9ad601ca9182b35535b9598b282913fd369f806c8a78e74e2cfd9ac06aa1a55838a987e7431bc84e9aa996d29bc626f6988e9ce1d1838f304fd3e935affdf36edd8a92289800d5546646e581b7d6c8913297a8087fb9470d2faedbedad31d03a2ea541a26a7b532b7914acf91b091c2f7efec6418ea95e1e3b8e830f685a3952e3ae4119e091cb3342042ee94aed7ae6228755a324db84ecb035fc1e525d750cdfcac5034352e94e0f00bd961629185f6e701dcfe252a6b7e6175e65b87c5b6b3d3565916fbb36b23d69124984125b0375949c31465263340abeeaa2db4175215cf89d622e2b69ef508ea29d35bdd527c09d524eb5ef921a52d5cc0c64ae5bd80286eb70fee51152ce7e9b75f66e01b613ec5f80f76f2572226e68b7283ab8f8c914db74f7c6c9e57afe4464065e3ad06c5f85c173ffc0aa70d93e8defe5efdaa26f1959ce3e8389a2649e81e0ca4416fc0db77befdbeb94b4a4289c1d237aa3bd9819d792687d1fabb615712523f2c6fdf00d62a7c79cc3e7fb3073953463e517417ddbe9b7506ad52ca2c5294d4c7b968397d60448039e6340a7f8708c6926c66b5dc69250e53a2cb55e80d8a097ac8a4a34677c1a4c1cfd404ad3eac2880862ba462416cae7fe98656cf37b557f1bbdc4a5039719fcdb28d4edbcc2955ea6596d20405ebee91fd7ecb742a975d19657eb37dd235c508ac8b6b3eb4bf5aa0cc176e8cf4d83077c0751b48740061ad54cbc11d52be6faee3199743aa6debdb55ca60f9dfc580cf1519cefe0ab6b8a9011f304a0ea63b1bab6ef763a63ee3034b24ec6db77f6a8519daf5ac522cd9bd871b83298f48c9fce8b27eeed0dd8490ea321114e1e3f40b53110b1434df4a44089b69a0d36867012ca8c3b7075e7508e6016376d8eddcc49bc2b0c73b4334f6f78e7a03ece5252b31cac2a0638ac2fd6d99c69d548c25fdf491dabce7e73dd7fe95e14e8f8930bb2b8dac651cbecaee2df45b5219a3965dcf6f20707290bc4dd64e9237d1b74c55db4a862ca0eee85a5525d4edf47ce38aa3d8b712dbf10452be98033d0327d114684e4cc8217bcc9347fa5ea388ab9727993182523f90bd7fcb3895d002db33b83c7729ee9fce165d60bfef98ae7657b0d49350f18c6d815002880a0be78af334e7672f9d88e1d89b609f143934387a96f9fdea0039cb2941fc6cca1aca7846b56bd65a1d1b093bc80e9c486a1347a830dc0314bdb3c8ecfb83425537fb6c5578b6e29e9c61ec2ec6b0a6f3198519a8cde5daae88af6476b404f1a87009c0ccda22986cd6b8d1e018de2f28a04dd40331d0733a827bdb49c0bb27e510dfdd4ef8359fcdb33e8460635fcf909dafe69c82fb57fc8b65f2e84767f932db0621dce9a40ec09587504e58c3ddfbe402fe0ae029a304ef651d4e2dda8f0b08f77404eb5136441ec7b75b2960113acf93eb355b1ee216f16c68f28e3709c932a836e943501ab8aef7a1d22a2e4b211c26d212e9102d330538ef0787fc2d717ce78a438005bef9e7c39172ca893b2c71f7d61bf0b3b3db5a35e6fa3e19131de66ef9402621643b9fc0936cf5586bf9bef2fbf0072a871fcf1d7cb68f93d0b99a2882f68c497446be2a9ea441c5e33b35fd7b3c6a9284e1a9531a9530e6e1f101c0c034533cdc3e55c69267c1d8f15f60f07446e5b41845bf02928e68346159b8e917d1ebe44f610a5f006b33f2cd3cc6f3d4e8a10a40b3019388c869ffc970640517e7c92bbe0e04eadbfacf48cb6f0ac8e2e578ac54d5fcd9bb4646e73de1e7c927293cabeb43687a281abcc6a02d60951d72f87d2bf22b05048f59bf425fc959c3a760e9ca4732af36562082935be3d63f94b9b2718a2b3eb3eea978c082f2d47327ee33975ad3f421495dadd11b66f8cb14e659bdd0d4d8c7e330628c782f98c8eb843e007bfdd60179423978b6a6920621da58a3b67a2f7e13382dee3cfb9a26b32d7f5376be9d33d9164e836968118032ca1f9a65d32babeea6c9cfee23bff0b023d1c1226a8a2bb5f6d0fb1b263a3a562d5127dd7821f0d4642ea20b29d83729b1bb0f3560c83e5a9d057ccc6dff9248adeff90d15d24bfbef7548053733494c9f84a8dd14eec24f7910f2e3f67daee5cda3da46bd69608fffc1f13b79cb95bd0811192b8ecdbad3247610dd2fbccd59faafe66ebf43c3e8d6e3acb10d3de315a7974adf30b06668ee2950df0faff546a2b7e556ad24987dbe19b46e6204b22939c77307117b8d0cb18674a585f0de5451913886bff0424e23edb8d913dbfdb6661c9ddb988b34f144429c5c0b1bce24096654f1e765c98fb04c02aa5fdd7c4972f41052ad1c02a942834f0b62cdac0fc45ab259aeaea5bbd644c00051f254003889198128649e7678e1f641e6fadbe063d6ad1c5850846acf09ede28a207a6178918cc69d0b8ee52dd02761fe24c93f5438dade53dd7fcdee6ebe17f5eff51e922136b738b4778dc0d2b17d02b36fb3de246551302f83f2355b01f4a3b6b20221a9e2300d50d02268f120512ced127a722057d82d205c220886cfc8c6468db93e4a11f0cdbfaff6dba41f73a5e226841fe84a4c73b979cf68b79ab4e52697be7160c6ea40881f68c68989bf3744ea2bd58d9c6fe0cdc2d3f4ee675b6fac1a1aff3dd4a000e70bff15c41b196f304df534910fc9e19c1a8eb186a165b5cfc32e0dd3ae87a01ebce91243a7e6809e7135fbe47e3b90610bab21030641dfd5f59b435bb4854ed0f80368a76026f91c073b59f559ed5af047cfd8055a26d9afe55f1f6352aaf25ac9c7a347c09474904155b91b4807f61c1fc6131c0c23fc25d8f6bea8ae997c87b6961c71d827297522c03e2c870ae3e3a21d5790c1d43cf2639284a047d0db5ce47ac33176272ede0de05448865a51fd2435510bfd4a2a6417c3368155b8a16c7af92784523dc8598e3ba9375726c319bb9e6c23a957a6ef2ec609c7c55f3a3509f2e05a9b9031940b64624ba78353a1181e29b7c5038bcc02f23cefb82b3c9aa1e64904cc97183c0515cae5ab94e4c3d0e2e3c27628575246f58c7f714079480509b70166b115aa1566e6f32a5bab399c7a03c7b20aea33c7aafc6feb90b71d6ebd3296a88b32be29462c7ce17476901f1cf121817302f6d36d58f7d1f2798ee28c1174616642a7d3efc674543910bbea7a13a6f11f71f1d9b44aca6ef624f8c5614a62276ef0a9359d5170015d4722438cdbdc7129197e755a4a57aeb06e81591bff4dd1a8ce18d3c76932bc9f2060c7b383b0130047a93f8572e00f2466dfe35205796dfb6ff3a36bfc1160a995203a6968e69c472cbe77215de0ee8fda3aa67c711da0ab0a16a20deb6e19f68ebe283e4ee14f3e47e4972d0e447bb4d424c480104a08f1f19d47751293c7e64b99bda96d19cd93dda5f6435fdbd6795493baab8603351c0a7ed766ddd7cbe4faf2186dc152b54cd7ad6986c6acde6ae4cba162038d87ea4ed55e9d3899decc5e79f062ac9af217374dd82983011ce25c829034e10c3af0a44feb08ff67c0b38f941d9313b3da163505d6e1c275fbf558cca4fcbebb8c72bee327d598c806fe582fa3e76450a40644e54478f806f6502e4026ac333b036b4621b9cf50a44508a0b65032205974ab57b478f22abbddaef9ea286bfa4444889089fef8a1bae8054085a6f76e119c692148ea6113abaadd314bb756da400dc5bd4e7fb54de4ead2737d58fe0d33f2dd9e6ea827ae323ef4537338eb70c5097d1c54c4eb76959fcdb1f959158c0d94335608617df6684c6852c692e52ebf5696ec6ce09f7bb7019a920f3227cf305adc0b3944e02da337061a03e5f8c85ce3e7e0e312cbd26e30320cfceaca19c89012b751c89b8cf1c41b67ff5f3967787c63543d63a30f2e9500a62c6473f757359242ea45788771a83afb949dd5947964f0c14a6cbc8e24448459bd1cc7ecd67d0cdcd7c56e2c70f4da7a6de04d5c17ceb4ae06611a8e11c72296be97834262a781c0b7532ba33e677ff5ed69e3653b11ec64b6796a3e48c30fb10cfe05e6f05995808d1256e53bd21509f2ff74d892334c6a274333a9c90dfb945854cd98574bdedbc1f5713511596ad15f551a27bc9c83c650275cd936cc85b905ad944b5f8ffa080326f9735e8f5712e1898c2ffacbca078254638d3d7f6a47dbd4398ba34570db65f2ae472f4f479ac5c4424133d9179b2acb771120104e220456d17dfa1522ba81b0fec6db2f53d710b424a8cd53340c0eb04a81c27ee5a7e99460d8eb762c7440101a5022505355a22d13025e274ac53c9d2ad13369b457b572d0564a354a5b144d0423c6bd2350b7360c2a99706f2413259d98af7211bcd6ef71823d2409a553554d228e7988d52552b41656158297f5bc290c66b462744dba0edf23f79e5e2299a040d711c90d0a3ca2ec4a41fe9cc47356cedd41c965383225200cce37b7b049fd02f96d5204350fa4ffb8b1c08a32756e645fcd3719ca4a7d852200e10b57da26557af1b48bfa8a548bb9702c632a4b105a870a3a34432d41e30a3bd990c5d1d319db22693cba592d3798d6384d7ad39ad5f5618e3bed39fd2db2f9e295b87e906287b6af1bd3feb0e60907a955108a127cbd447bbc2ad64709d78da9caf87b91e9fc7a7f803af9c688a81bd108807954fa7ec6875970a5120bcabb0a31a620aff5a3a19ae664b15d9b7013c55c1265159fafb7823eb7b696469111a17978518840a7de0712620354e57995599be73d9bc5a9ff21c2d1baf089abcf7972584029e6e2538509a34101b6a294bd1504a828c4845b6b8629d128786a571dd661339fc7c3b8bc3646858f3defc17d3d19cbd80fca1c03109bb85206a6397277dd5d19adcbdfc22583adafb9960f649785c1186f1889a3c189007144e54ff1b97680314c2d9c142c33b805d41757a501d4f87a9d26d7b6c29087f1858377b1f943eb08ac2f6033ee910761b9c935bf33bc1458c62e0d6fb5c968490f760310ad7c0afe700b14565c46b60642d5a2942c1f5c09cf6866c15b5474846acd18f737fa2ec18449c5604c1eb2e746e4e15635fd1d31d005f1c39f3d352e58b093ce470d102cf0ce028f93f3dc5f639ac61eb029c2d24bbf8d85f1a7c3dc3f5ca60999ab018ebd15fd55c4f0e4bc4fb1f595b61083115c4f96ab3a7c74984cebecefd16208cbef82a7ab22bc36fbc1e8d97b31fcffcb4f39d5759326b708cc62f866d09366ed668852f1296350cfa81c28d16834066a7f612e5410df918dd3b1356e87312501ef80e197adfd2becbb86e4ebb62dcd4f0e8df6014c5f59d912a24e0f564ad2fb740a78dbecd13587aa364402e36fb150687a677afd380f8c83b9aa40160de269d2b8e3986a3f1df30280a2673af98d64857b45499a8a879a117daf3359fdf375e4f1d2a37bb482ab1d400665710a9504b6e6d8014d861be0993fc7760eb38d80b986b50d979ded1c385f59e9ded21f8de93449bfb9693ae637f04391162bbaabcec53e0dc0ea6d4c845b2dae8a1300fc0d849c56c56902ef860abb273cd6c078b5fdea7d0febd90f095fb149023778a87aa705e663d9537d8dd38a53f4828540732d41e7d8967b9c8161bb934d0e2e2c9665aa15c2e353d97a78959b2aa85ded4cd3e637f852e1472f676e4b722f59ea864aec68c17f26a35613a3bb4ce9cd9512c7492d48d2ee97c8d31f8b282122e1c5900e8977a4243c2ee4a9bcdf41895e1b483c8cfdabe8c823921e42c5d82651815c7e013b80040022806823b0075277909cbba8943303a6072f95f2ffa95d1342341719c69355e7d5aacefffa33220c54afc6f66ad6ffe6fd923c700765e8d09098fe8ba60570707dbbd9856fb073358a1435879a62346fd81a9d5264a9b9d48546d2e5e975785149d46861f0245a07907ea6c089ba451a31bf9c2df857126469777d3698d93f39b71753f23a7cb655d0ff01b3328e9c73bbf9276b553f4f9dec4194bb6e05a79fa28b700e4babadbab93de37e20b46cea2d321c7bfb486d2ef60f25f77be88c308fd5b74cb51ccee73cdc5300dabbf9c039f01f8f0e896a188237edc774cc5857b511f0e6ab08bf4a9c4d6c8e39bb795900a573ebda16d263f409a24d576ce8bd3d2789ab0939678824dbd2d62ba2fe00777afbd94dec9b15979466698b503e7397d66f5aad7cbc9b9117fea2e26b8f550f1508158cdf0d935f61aaf3f3e97e35a3ab00f34d550bde4725318c0a81fa6b0cdf6ca4e9197be6d8024fe4e08c192014004a0000000000000000000000ffffffffffff0400408000000c00a4800400c58004001580"], 0x11a0}, 0x1, 0x0, 0x0, 0x20048804}, 0x24004080)
r10 = fcntl$dupfd(r7, 0x0, r7)
prlimit64(r0, 0x6, &(0x7f0000000300)={0xfff, 0x4}, &(0x7f0000000340))
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r10})

6.24990071s ago: executing program 1 (id=1641):
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
prctl$PR_SET_THP_DISABLE(0x44, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r6 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000300)=r6, 0x1)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)

5.764656235s ago: executing program 0 (id=1643):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="11000000040000000400000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
socket$kcm(0x29, 0x7, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000140)={0x40, 0xffffffffffffff95, 0x0, 0x1, 0x0, [0x6, 0xfff, 0x8, 0x8000]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3000000000020101000000000006000740000000000400028004000380040001800800044000"/48], 0x30}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000002, 0x10, 0xffffffffffffffff, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r4])
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0x1}, {0xffff, 0xc}, {0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x11}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010067726574617000000c0002800600020020"], 0x50}, 0x1, 0x0, 0x0, 0xc845}, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
chmod(&(0x7f0000000080)='./file0\x00', 0x104)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000000c0))
r8 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000100)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r8, 0x207a98, 0x0, 0x0, 0x0, 0x0)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x8000002, 0xfffffffd}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback, 0xffffffff}, 0x1c)
msgget(0x2, 0x0)
sendto$inet6(r6, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0)

5.534521317s ago: executing program 5 (id=1645):
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = dup(r0)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x4598, &(0x7f0000000740)={0x0, 0x41c2a, 0x10100, 0x0, 0x3d3, 0x0, r2}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x2c2}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$lock(r6, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x0, 0x1})
fcntl$lock(r6, 0x26, &(0x7f0000000080)={0x0, 0x2})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000100), &(0x7f0000000140)=r1}, 0x20)

5.030155324s ago: executing program 4 (id=1646):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdr_2292={{0x24, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x24}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
read$FUSE(r1, &(0x7f0000002c00)={0x2020}, 0x2020)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001ac0)=@newtfilter={0x24, 0x2c, 0x20, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0x9}, {0xfff2, 0xfff3}, {0x7, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x703d27, 0x4000, {0x60, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1, 0xb}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x7ffffffd}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

4.969697682s ago: executing program 1 (id=1647):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000180)="440f20c03505000000440f22c0f26df20f38f17a64b805000000b9e10d00000f01d9d8dd0f01728eb8010000000f01d94c0fc71d000000003ef245dbed410fc7f7", 0x41}], 0x1, 0x72, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r5, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

4.122303292s ago: executing program 3 (id=1648):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@remote, @broadcast, @val={@void, {0x8100, 0x6}}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x4, @random="624f49a9b610", @private2, @multicast, @mcast1}}}}, &(0x7f0000000080)={0x1, 0x4, [0x2e5, 0xef3, 0xa47, 0x172]})
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
recvmmsg(r0, &(0x7f00000005c0)=[{{&(0x7f00000000c0)=@l2tp, 0x80, &(0x7f0000000500)=[{&(0x7f0000000140)=""/241, 0xf1}, {&(0x7f0000000240)=""/82, 0x52}, {&(0x7f00000002c0)=""/108, 0x6c}, {&(0x7f0000000340)=""/151, 0x97}, {&(0x7f0000000400)=""/245, 0xf5}], 0x5, &(0x7f0000000580)=""/42, 0x2a}, 0x6}], 0x1, 0x4041, &(0x7f0000000600)={0x77359400})
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={0xffffffffffffffff}, 0x4)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000006c0)=@o_path={&(0x7f0000000640)='./file0\x00', r1, 0x4000, r0}, 0x18)
dup2(r1, r1) (async)
r2 = dup2(r1, r1)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000700)=[@window={0x3, 0xff, 0xfffb}, @window={0x3, 0x1, 0xe}, @timestamp], 0x3)
close_range(r2, r2, 0x2) (async)
close_range(r2, r2, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$loop(&(0x7f0000000740), 0x2, 0x10000)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
write(r4, &(0x7f0000000780)="adbd8e1cac404b37bb1aba34c3548fd5ec92a2dbc36c1d8b1500f75ab4be124ff087ca403fa8067116e4aaaa3d9be9643c32044920f8034c2861cea8b5", 0x3d)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000840)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000840)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000b40)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000880)={0x244, r5, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x3}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xbc, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x2}}, {0xac, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xa7, 0x2, "2a92cf2f71d9837f35fc96ee3f83aea573da3026dfafa8066d194f96b3fc56c8cb6987350cc9e4a497772f8c8127486012d67cc5e0b5a0d99f078f2e99797f0a1a29a4db32cafa6ab02f54e8bb30bfbb62f73a598e9f71da86005dce14b5d473728ec4d6380f810d4715e4e2c99d45a59b81d388a5013ce499c9fc7e3fe7fd8e1e4441a0d88437f049d6db2c30caeaaa3aad008e22dd8892535b0a14bf2bd5f2d0944f"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x48, 0x3, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x3f, 0x2, "0848b87478f31288cea3aa5b83cdd40a12fcb5f68065e4ccb604f510b4a983cdcc4f93313620d22284c8af36d291dfee11670fd84e46d1f6f6f80f"}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10c, 0x3, 0x0, 0x1, [{0xfc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0xf8, 0x1, "30c28e99ebf50152927554ec1fedccc8cc0ab390ef534f1bedd80692723012598dc79019a41c17c543e9514ab74ea2243eac081c1c8e6e2029072144b4fa0c0fa12b78cb28c885cf385895dbfe5f82cc01955105e7a07b03c0e17635dd1fbe7f364635adeaa2aa98ca8421ea61c0ebbeed3304594f8de3334e9f10524fff11aa80c25ce575434893a05ed7f8852bd0dd1f47327f2776f1f6949bee4c81e7ea6468d18699a00ec45bc3b0516ce9630e7dd49b4e6c8607fb5909027581d8711ba0eb179ce27139aef0c65b0865ffbe52c777aa1b7167777f47ade61933b2692eedae07423915782c82f50091e7095f58536fc848f2"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xc37}}]}]}, 0x244}}, 0x8804) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000b40)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000880)={0x244, r5, 0x200, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x3}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xbc, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0x2}}, {0xac, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0xa7, 0x2, "2a92cf2f71d9837f35fc96ee3f83aea573da3026dfafa8066d194f96b3fc56c8cb6987350cc9e4a497772f8c8127486012d67cc5e0b5a0d99f078f2e99797f0a1a29a4db32cafa6ab02f54e8bb30bfbb62f73a598e9f71da86005dce14b5d473728ec4d6380f810d4715e4e2c99d45a59b81d388a5013ce499c9fc7e3fe7fd8e1e4441a0d88437f049d6db2c30caeaaa3aad008e22dd8892535b0a14bf2bd5f2d0944f"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x48, 0x3, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x3f, 0x2, "0848b87478f31288cea3aa5b83cdd40a12fcb5f68065e4ccb604f510b4a983cdcc4f93313620d22284c8af36d291dfee11670fd84e46d1f6f6f80f"}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10c, 0x3, 0x0, 0x1, [{0xfc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0xf8, 0x1, "30c28e99ebf50152927554ec1fedccc8cc0ab390ef534f1bedd80692723012598dc79019a41c17c543e9514ab74ea2243eac081c1c8e6e2029072144b4fa0c0fa12b78cb28c885cf385895dbfe5f82cc01955105e7a07b03c0e17635dd1fbe7f364635adeaa2aa98ca8421ea61c0ebbeed3304594f8de3334e9f10524fff11aa80c25ce575434893a05ed7f8852bd0dd1f47327f2776f1f6949bee4c81e7ea6468d18699a00ec45bc3b0516ce9630e7dd49b4e6c8607fb5909027581d8711ba0eb179ce27139aef0c65b0865ffbe52c777aa1b7167777f47ade61933b2692eedae07423915782c82f50091e7095f58536fc848f2"}}, {0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8, 0x3, 0xc37}}]}]}, 0x244}}, 0x8804)
ioctl$SIOCAX25NOUID(r2, 0x89e3, &(0x7f0000000b80)=0x1) (async)
ioctl$SIOCAX25NOUID(r2, 0x89e3, &(0x7f0000000b80)=0x1)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000bc0)={r4}) (async)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000bc0)={<r7=>r4})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000c00)=[@in6={0xa, 0x4e23, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x8}, @in={0x2, 0x4e21, @private=0xa010100}], 0x2c)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={r1, 0xe0, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000001040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000001080)=[0x0, 0x0, 0x0], &(0x7f00000010c0)=[0x0], 0x0, 0xa5, &(0x7f0000001100)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000001140), &(0x7f0000001180), 0x8, 0xc6, 0x8, 0x8, &(0x7f00000011c0)}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000001500)=[{{&(0x7f0000000c40)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000fc0)=[{&(0x7f0000000c80)="d0c759b361d68d706178fcbe154ad7c13ad85602a05475b951112ce9d8a646df50cbad07e3df24bdf671f874260f212ad86526e05bf1d3530daacf7ace1ce03bd2a0bb2774f2ee299018d8c60b03aa6e064206f31d0294674f2f5261b04e5a74deb104dded172e7bd1e5cacb68d33697b42c66dadaf3a76a203495bac4d0e55bdd4144940b32a6e628e5217eeaea526b0baeb55c3405fede01804c5afa74559cd168e5276bc6bde6904d10d41375024b3d5d1f047ee8d82eef90123d5d65f2", 0xbf}, {&(0x7f0000000d40)="6ddda61620e75f161fbfdeb73b1c99ed2c97d292715919c0c4d9e3f3359fad71ae704bf2bd5bb0035e28d43889eaf892d655edaa87b6362f9bfacb1dff", 0x3d}, {&(0x7f0000000d80)="38c65551671ffc1519786c082e1ae1147b53c07177b9e92da0c544e482305616d6b6856d560b0a57f9cd65db66275686a9cdc663156bf2a45b9a1ebfd9a64bc3c7e6cb19df065866f95d5e016b804b25f0ba381f73b185768e1c0f9ea40946ffc831c4fb21db9ace56c953a7e3f5632b32ecc7517f00026b86d890c497e7e92115c9e857c842b98dbb9cb51ed9e8d05f1ab5b0ab1ebe830b565b2cdab1ad7370ae73affc7ca9f973e7c4d942223cb6041a4f555875c528c9628900966b02dd24667f5cd257a077", 0xc7}, {&(0x7f0000000e80)="b018adee82756b208b7c7394c789c501c9914e72dee39962f206386ed89fb02732cace1d1ff010bf2a3c7256c200", 0x2e}, {&(0x7f0000000ec0)="8c43b0e92bee3b656c644437949dee86c966ee098c7758ee2de51cfb652a5a9ecef6797c72131a9456fc9e93cd0f41686e3d08bed99500a8d66ac97adfdc156976cd678b7b61fac7b40a2b62d059b35617ef5727c376f4103f0dd8044265e16371c03b47a4d95290c690d42a8235a366e75fdee19d02698639b573edc7b72e6f998633c1103316cbec0e7671fadfade8b1ef704c0f0171bbbbabd5ec890889b89559ac898c868fa89ed5aed65cd1615ed748b7f07a63cc764363ccd84cd5981233b601edbbe2086783d447abf395cb5c372d1f2f43ff4073043d78", 0xdb}], 0x5, &(0x7f0000001340)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xc3}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @rand_addr=0x64010100, @remote}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}], 0x68}}, {{&(0x7f00000013c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000001440)=[{&(0x7f0000001400)="b0165f58a6f2", 0x6}], 0x1, &(0x7f0000001480)=[@ip_ttl={{0x14, 0x0, 0x2, 0x3}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}], 0x48}}], 0x2, 0x4060890)
syz_genetlink_get_family_id$l2tp(&(0x7f0000001580), 0xffffffffffffffff)
socket$unix(0x1, 0x5, 0x0) (async)
socket$unix(0x1, 0x5, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000015c0)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000015c0)={<r9=>0xffffffffffffffff})
ioctl$sock_SIOCADDRT(r2, 0x890b, &(0x7f0000001600)={0x0, @ax25={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x3}, @isdn={0x22, 0x9, 0x1, 0x0, 0x5a}, @generic={0x1d, "8eb6b9ac27c7981efe9a2f15283f"}, 0x84, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1b3c, 0x1, 0x3})
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000016c0)={'wpan1\x00', <r11=>0x0})
sendmsg$IEEE802154_SET_MACPARAMS(r10, &(0x7f0000001780)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x40, 0x0, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r11}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x2b}, @IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x5}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x4048000}, 0x4004008)
pwritev2(r9, &(0x7f0000001b40)=[{&(0x7f00000017c0)="41a6be9fa6fbfe93d83d4c581b64a6ae840cbad27480ec155d197ffea908060c9773c646a1c849d74b5f5d4aaccbd7843ff07bdd5a08dec85fe1c22cb82232607c0b0bc5525e85c1c629eb2a5f377396685df5d191dfb4d77f646a2642", 0x5d}, {&(0x7f0000001840)="4311337f0e1862e8fc8507d170da2459f720c7427831a30bd353b9eb2d9b7e332eb0722a826efc07a4c0b2d886a8bbf1a842583f61d2b90d21080ef8a4b4fc917cf4b31fd4187618878d971e070eeb28fc7e1cc6d4a9070a97b96d5db3ce73eccf1f64adafba1c6024a34132f306b25c406661c9f0735ec01411b1542155c174565d69eba8f440cac3bd717b68b426880e6fc77594238a338b7071b11e478a93a1d706", 0xa3}, {&(0x7f0000001900)="414df6b0", 0x4}, {&(0x7f0000001940)="6baa62905b7397a75649f1f59f37af296a09f519c567b79e98504210cd38df89744e7f6ba062e40073b3db63edae2042468fe004b8f24624d390c7df15d67b7f3ff90fa53cd5f2596f695b82a3e3550958b254ee6a78c2668f4d762fba977e1c0f406466474d1a6675a386fda15880182f8840a952452cba5930a6ec610a7297546316512c4ba23faaaef230beecd2803002a2757ef48a0b8763ae2b374953068c4d38d873fa43c826bb4f96cc77e29ac1305d18e325ec0b0833a3d308833c65a3985786adcd3a9782a7db244147e18760daad098c326726c667", 0xda}, {&(0x7f0000001a40)="b725deae953d536995fe632a0742311bba09135e4f082beb3dc09183beea8054e471bc1a327008298d16ebc5c14409248bf6704e890f1f867689778b93da954091204d5f26138abb9b61a3ef86878715cbcf97026d7a14c50f7c5d591493e76c0211fed0374f8718ff0352d4bc56b9b5a561347b9d3ab563db7cee57034199cefcfebaaf073760a83dec4253a5aa8fafb94087231cd8d82d8deee3b04deee55aec044cefb3c831242fa03499219087af8ec395c9b5df225df19e00c56c751c1be84b0af3c76aff6a50", 0xc9}], 0x5, 0x97, 0x1ff, 0x4) (async)
pwritev2(r9, &(0x7f0000001b40)=[{&(0x7f00000017c0)="41a6be9fa6fbfe93d83d4c581b64a6ae840cbad27480ec155d197ffea908060c9773c646a1c849d74b5f5d4aaccbd7843ff07bdd5a08dec85fe1c22cb82232607c0b0bc5525e85c1c629eb2a5f377396685df5d191dfb4d77f646a2642", 0x5d}, {&(0x7f0000001840)="4311337f0e1862e8fc8507d170da2459f720c7427831a30bd353b9eb2d9b7e332eb0722a826efc07a4c0b2d886a8bbf1a842583f61d2b90d21080ef8a4b4fc917cf4b31fd4187618878d971e070eeb28fc7e1cc6d4a9070a97b96d5db3ce73eccf1f64adafba1c6024a34132f306b25c406661c9f0735ec01411b1542155c174565d69eba8f440cac3bd717b68b426880e6fc77594238a338b7071b11e478a93a1d706", 0xa3}, {&(0x7f0000001900)="414df6b0", 0x4}, {&(0x7f0000001940)="6baa62905b7397a75649f1f59f37af296a09f519c567b79e98504210cd38df89744e7f6ba062e40073b3db63edae2042468fe004b8f24624d390c7df15d67b7f3ff90fa53cd5f2596f695b82a3e3550958b254ee6a78c2668f4d762fba977e1c0f406466474d1a6675a386fda15880182f8840a952452cba5930a6ec610a7297546316512c4ba23faaaef230beecd2803002a2757ef48a0b8763ae2b374953068c4d38d873fa43c826bb4f96cc77e29ac1305d18e325ec0b0833a3d308833c65a3985786adcd3a9782a7db244147e18760daad098c326726c667", 0xda}, {&(0x7f0000001a40)="b725deae953d536995fe632a0742311bba09135e4f082beb3dc09183beea8054e471bc1a327008298d16ebc5c14409248bf6704e890f1f867689778b93da954091204d5f26138abb9b61a3ef86878715cbcf97026d7a14c50f7c5d591493e76c0211fed0374f8718ff0352d4bc56b9b5a561347b9d3ab563db7cee57034199cefcfebaaf073760a83dec4253a5aa8fafb94087231cd8d82d8deee3b04deee55aec044cefb3c831242fa03499219087af8ec395c9b5df225df19e00c56c751c1be84b0af3c76aff6a50", 0xc9}], 0x5, 0x97, 0x1ff, 0x4)
mount$overlay(0x0, &(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00), 0x41002, &(0x7f0000001c40)={[{@nfs_export_on}, {@userxattr}], [{@dont_appraise}, {@dont_appraise}, {@permit_directio}, {@hash}, {@pcr={'pcr', 0x3d, 0x7}}]}) (async)
mount$overlay(0x0, &(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00), 0x41002, &(0x7f0000001c40)={[{@nfs_export_on}, {@userxattr}], [{@dont_appraise}, {@dont_appraise}, {@permit_directio}, {@hash}, {@pcr={'pcr', 0x3d, 0x7}}]})
connect$inet6(r3, &(0x7f0000001cc0)={0xa, 0x4e21, 0x4, @mcast2, 0x7}, 0x1c)

4.059856428s ago: executing program 4 (id=1649):
r0 = socket(0xa, 0x3, 0x3a)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x101, 0x0, 0x0, {0x3, 0x0, 0x800}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x23}]}, 0x1c}}, 0x44840)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xcb, &(0x7f0000000040), 0xc)

4.022570354s ago: executing program 5 (id=1650):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x8)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000000))
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb00148008000b"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000040)={0x7fffffff, 0x692c, 0x5, 0x7fff, 0x0, "7e12105588e633b9b1df022dace17a32d211ee"})
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f00000007c0)=0xd)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000c3a0f8ff4100000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x8c, &(0x7f00000005c0)=""/140, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3.874632666s ago: executing program 3 (id=1651):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x2860)
r0 = socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r0, 0x0, 0x0})
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
r3 = fsopen(&(0x7f0000000080)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)

3.874266484s ago: executing program 0 (id=1652):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, &(0x7f0000000240)=[{0x0}, {}], 0x2, 0xa, 0x0)

3.716439975s ago: executing program 5 (id=1653):
syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000340)={0x24, 0x2, 0x1, 0x201, 0x0, 0x0, {0x7, 0x0, 0x7}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x5}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x405}]}, 0x24}, 0x1, 0x0, 0x0, 0x40884}, 0x4040000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000100)={0x0, 0x4205, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r2, @ANYBLOB="11060000000000000000010000000800050001000000200108803c0000801400028002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003002aea091428000080060001000a00000014000200ff010000000000000000000000000001050003000300000028020080060001000a00000014000200ff0100000000000000000000000000010500030000000000240001000000000000000000000000000000000000000000000000000000000000000000140004000200000000000000000000000000000024000300000000000000000000000000000000000000000000000000000000000000000014000200776731"], 0x174}}, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000007c0)='children\x00')
preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000040)=""/127, 0x7f}], 0x1, 0x6, 0x0)

3.626857527s ago: executing program 0 (id=1654):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = epoll_create1(0x80000)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000440)={0x2, 'veth1_to_batadv\x00', 0x3}, 0x18)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
chdir(&(0x7f0000000300)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28)
write$binfmt_script(r5, &(0x7f0000000380)={'#! ', './file0', [{0x20, '#! '}, {}], 0xa, "65148ce47ce2de8a7cd73644d637c941ace8"}, 0x22)
msgget$private(0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x4})

3.537334991s ago: executing program 4 (id=1655):
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='cma_release\x00', r3}, 0x18)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}, 0x3000c041)
r4 = socket$kcm(0x10, 0x2, 0x4)
recvmsg$kcm(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2002)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r6 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0)
lseek(r6, 0x1, 0x4)
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000440)={r9, 0x0, 0x0, 0x0, 0x0, [<r10=>0x0]})
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r10})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000200)={r9})

3.52940799s ago: executing program 3 (id=1656):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuseblk(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x81, &(0x7f0000000440)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})

3.156942969s ago: executing program 3 (id=1657):
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r3 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000300)=r3, 0x1)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)

2.399629324s ago: executing program 5 (id=1658):
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000090000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b70200000303000000c001ae2e66e90085000000840000feb600000000000000"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x1e, &(0x7f0000000040)=0x1, 0x4)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r6, 0x0)
epoll_create1(0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SYNC(r6, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r6, 0x8010500c, &(0x7f00000000c0))
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={0x0}}, 0x0)
recvmmsg(r2, &(0x7f0000002380), 0x0, 0x22, 0xfffffffffffffffd)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}]}}}]}]}], {0x14}}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x8044)
syz_emit_ethernet(0xbe, &(0x7f0000000540)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0xfffe, 0x0, 0xa0, 0x2f, 0x0, @loopback, @multicast1}, {0x2001, 0x880b, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "a034d532ee3432d2210796eb298794b076e60046d98f7b0d857657b26b00ca81", "749271046ac8a596855227e00bcd7f1ebec5de80a44f799faadb8092addb37261cc2a31eb206d1342585bbe72565efda", "86aec9e041768d530d61351616d9316455abe3284c8b453fee110d51", {"2bf6ed2ab65ebfbc4d0b72d1152050fc", "7af82a7f928d62623d7ad271c15cd385"}}}}}}}, 0x0)

2.399348766s ago: executing program 4 (id=1659):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000340)={0x1, 0x0, &(0x7f00000001c0)=[<r1=>0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000004c0)={&(0x7f00000003c0)=[r1], 0x1, 0x800})

2.399038105s ago: executing program 0 (id=1660):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdr_2292={{0x24, 0x29, 0x5, {0x0, 0x2, 0x2, 0x1, 0x0, [@remote]}}}], 0x24}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
read$FUSE(r1, &(0x7f0000002c00)={0x2020}, 0x2020)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001ac0)=@newtfilter={0x24, 0x2c, 0x20, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0x9}, {0xfff2, 0xfff3}, {0x7, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0xd0f, 0x703d27, 0x4000, {0x60, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xffff}, {0xfff1, 0xb}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0x7ffffffd}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

2.062493527s ago: executing program 4 (id=1661):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f00000000000600000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
pipe2$watch_queue(&(0x7f0000001000), 0x80)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}, {0x480bd72125a0c189, 0xa}, {0xffe0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x880)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000580)='net/udp\x00')
preadv(r6, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x91, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r8, 0x11, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$VIDIOC_SUBDEV_G_EDID(r7, 0xc0285628, &(0x7f0000000080)={0x0, 0x1, 0x3, '\x00', &(0x7f0000000040)})
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x9, 0x0, &(0x7f0000000640)='syzkaller\x00', 0xfffffff6, 0x71, &(0x7f0000000680)=""/113, 0x41100, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x5, 0x9, 0x2a211361, 0x2}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000007c0)=[{0x0, 0x5, 0x3, 0x3}, {0x0, 0x4, 0xd, 0x6}, {0x3, 0x1, 0xf, 0x4}, {0x4, 0x2, 0x3, 0x1}, {0x1, 0x4, 0xc, 0x4}, {0x1, 0x3, 0xc, 0x4}], 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000900)={r6, 0xffffffffffffffff, 0x4, r9}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

2.052811473s ago: executing program 3 (id=1662):
r0 = creat(&(0x7f0000000340)='./file0\x00', 0x0)
close(r0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x208000, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r0, @ANYBLOB="2c00fd1c01a0e39e060d4afc3dcecb0a76521b3d45d8a4027852f445f053c76ee0d283870ea26e7c064c07d23d5b0c56f0990fbe04b9ce389672654b4fcac9d18c40f69fa560b4d7f3217fd19b2b990ba93503787d25594204f2ae59f82dbdae352e40d4255e1854a630ae21083fcf7335f8324688b7d7c9758963ee3373679c3683be01cc3af769"])

1.09515427s ago: executing program 5 (id=1663):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x8)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r3 = dup(r2)
ioctl$PTP_EXTTS_REQUEST2(r3, 0xc0603d0f, &(0x7f0000000000))
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb00148008000b"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000040)={0x7fffffff, 0x692c, 0x5, 0x7fff, 0x0, "7e12105588e633b9b1df022dace17a32d211ee"})
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x5412, &(0x7f00000007c0)=0xd)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000c3a0f8ff4100000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x8c, &(0x7f00000005c0)=""/140, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

999.781891ms ago: executing program 0 (id=1664):
socket$kcm(0x10, 0x5, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='mm_page_pcpu_drain\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setresgid(0xee00, 0xee01, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r4 = fanotify_init(0x20, 0x8000)
r5 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x4)
fanotify_mark(r4, 0x1, 0x2a, r5, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40c00)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f00000002c0)="3b160421512b4bf0f1eb87b219489048d6b3c0a0ffa65a78f99feb436dacee4a6c664dda96e6cba455b85313e6510e1652a8d7f163db4833aa7772301994ebeb31beb1ae50a50cc8e7db03b1ee2af0286ad812fc42c4bca0c7e87e85707c423a9b3f2c71dd522f045c62157fbac3b4781cee532ed192b496361db8d197d58acfda4a4c1128e24304bea80957ae79de075186b67dfb6d8c74a1b8c2323fdfb9b163d30b24fdb0906c22e3307654089492296988852f8fed84bbca8b71ba870934", 0xc0}], 0x1, 0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f0000000280)="1a000000", 0x4)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r6, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x928, 0x200000008b}, 0x0)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
write$cgroup_int(r7, 0x0, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})

170.569744ms ago: executing program 3 (id=1665):
r0 = socket(0x10, 0x3, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mmap(&(0x7f0000896000/0x3000)=nil, 0x3000, 0x580000b, 0x8a013, r1, 0x6861b000)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
ioctl$TIOCMIWAIT(r2, 0x545c, 0x0)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x8000000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(r4, 0x0, 0x8084)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r4, &(0x7f0000001940)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000004f00)=""/209, 0xd1}, {&(0x7f00000004c0)=""/261, 0x105}, {&(0x7f0000002700)=""/4083, 0xff3}, {&(0x7f0000000240)=""/84, 0x54}, {&(0x7f0000001e80)=""/249, 0xf9}, {&(0x7f0000000740)=""/244, 0xf4}], 0x6}, 0x80000000}], 0x4, 0x20, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000fdffffff03000000400001802c0004000000000002000a00ac14140f000000000000000014000200020000030000000100000000000000000d0001007564703a73"], 0x54}}, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000040000000000000000711223000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @cgroup_sock=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r7, 0x10e, 0x5, &(0x7f0000000100)=0x401, 0x4)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)

800.545µs ago: executing program 5 (id=1666):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x2860)
r0 = socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r0, 0x0, 0x0})
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
r3 = fsopen(&(0x7f0000000080)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)

0s ago: executing program 4 (id=1667):
socket$netlink(0x10, 0x3, 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.failcnt\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000000c0)=0x1, 0x12)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(&(0x7f0000000240), &(0x7f0000000040)='.\x00', &(0x7f0000000140)='f2fs\x00', 0x0, 0x0)
socket$rds(0x15, 0x5, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x50, &(0x7f0000000100), 0x48)

kernel console output (not intermixed with test programs):

usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.801755][ T5897] usb 4-1: Product: syz
[  410.806067][ T5897] usb 4-1: Manufacturer: syz
[  410.829639][ T5897] usb 4-1: SerialNumber: syz
[  410.955754][ T9953] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.526088][ T9953] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.659583][ T5897] usb 4-1: 0:10 : does not exist
[  411.696123][ T9953] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.724445][ T5897] usb 4-1: USB disconnect, device number 21
[  412.282779][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  412.302515][ T9974] FAULT_INJECTION: forcing a failure.
[  412.302515][ T9974] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.333508][ T9974] CPU: 0 UID: 0 PID: 9974 Comm: syz.0.975 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  412.333536][ T9974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  412.333547][ T9974] Call Trace:
[  412.333554][ T9974]  <TASK>
[  412.333562][ T9974]  dump_stack_lvl+0x189/0x250
[  412.333594][ T9974]  ? __pfx____ratelimit+0x10/0x10
[  412.333621][ T9974]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.333647][ T9974]  ? __pfx__printk+0x10/0x10
[  412.333678][ T9974]  should_fail_ex+0x414/0x560
[  412.333707][ T9974]  _copy_to_user+0x31/0xb0
[  412.333727][ T9974]  simple_read_from_buffer+0xe1/0x170
[  412.333757][ T9974]  proc_fail_nth_read+0x1df/0x250
[  412.333786][ T9974]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.333816][ T9974]  ? rw_verify_area+0x258/0x650
[  412.333834][ T9974]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.333860][ T9974]  vfs_read+0x200/0x980
[  412.333886][ T9974]  ? __pfx___mutex_lock+0x10/0x10
[  412.333914][ T9974]  ? __pfx_vfs_read+0x10/0x10
[  412.333935][ T9974]  ? __fget_files+0x2a/0x420
[  412.333961][ T9974]  ? __fget_files+0x3a0/0x420
[  412.333981][ T9974]  ? __fget_files+0x2a/0x420
[  412.334009][ T9974]  ksys_read+0x145/0x250
[  412.334026][ T9974]  ? __fget_files+0x3a0/0x420
[  412.334048][ T9974]  ? __pfx_ksys_read+0x10/0x10
[  412.334070][ T9974]  ? do_syscall_64+0xbe/0x3b0
[  412.334097][ T9974]  do_syscall_64+0xfa/0x3b0
[  412.334119][ T9974]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.334141][ T9974]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.334157][ T9974]  ? clear_bhb_loop+0x60/0xb0
[  412.334177][ T9974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.334192][ T9974] RIP: 0033:0x7f515cd8d33c
[  412.334206][ T9974] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  412.334221][ T9974] RSP: 002b:00007f515dbc8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  412.334238][ T9974] RAX: ffffffffffffffda RBX: 00007f515cfb5fa0 RCX: 00007f515cd8d33c
[  412.334250][ T9974] RDX: 000000000000000f RSI: 00007f515dbc80a0 RDI: 0000000000000005
[  412.334260][ T9974] RBP: 00007f515dbc8090 R08: 0000000000000000 R09: 0000000000000000
[  412.334276][ T9974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.334286][ T9974] R13: 0000000000000000 R14: 00007f515cfb5fa0 R15: 00007ffc36c8fbc8
[  412.334311][ T9974]  </TASK>
[  412.619552][ T9953] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.810203][ T9982] usb usb8: usbfs: process 9982 (syz.2.978) did not claim interface 0 before use
[  413.004151][ T9953] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  413.027328][ T9953] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  414.233019][ T9953] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  414.334592][ T9994] siw: device registration error -23
[  414.999584][ T9953] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  416.198066][ T9995] Bluetooth: hci2: command 0x0405 tx timeout
[  416.214464][T10011] netlink: zone id is out of range
[  416.219985][T10011] netlink: zone id is out of range
[  416.226460][T10011] netlink: zone id is out of range
[  416.231621][T10011] netlink: zone id is out of range
[  416.236800][T10011] netlink: zone id is out of range
[  416.241908][T10011] netlink: zone id is out of range
[  416.247290][T10011] netlink: zone id is out of range
[  416.252386][T10011] netlink: zone id is out of range
[  416.257521][T10011] netlink: zone id is out of range
[  416.262620][T10011] netlink: zone id is out of range
[  416.644000][T10018] (syz.0.987,10018,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  416.652903][T10018] (syz.0.987,10018,1):ocfs2_fill_super:1177 ERROR: status = -22
[  417.266927][ T5939] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  417.830549][ T5939] usb 3-1: unable to read config index 0 descriptor/start: -61
[  418.267873][ T5939] usb 3-1: can't read configurations, error -61
[  418.374734][T10025] netlink: 104 bytes leftover after parsing attributes in process `syz.1.989'.
[  418.568618][ T5939] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  418.607407][T10031] binder: 10027:10031 ioctl 4018620d 0 returned -22
[  418.969473][ T5939] usb 3-1: unable to read config index 0 descriptor/start: -61
[  419.520563][ T5939] usb 3-1: can't read configurations, error -61
[  419.534903][T10035] xt_hashlimit: overflow, rate too high: 0
[  419.542087][T10035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.992'.
[  419.586526][T10033] netlink: 24 bytes leftover after parsing attributes in process `syz.4.991'.
[  419.607222][ T5939] usb usb3-port1: attempt power cycle
[  419.946988][ T5939] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  419.972268][ T5939] usb 3-1: unable to read config index 0 descriptor/start: -61
[  419.980099][ T5939] usb 3-1: can't read configurations, error -61
[  420.128637][ T5939] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  420.160433][ T5939] usb 3-1: unable to read config index 0 descriptor/start: -61
[  420.172661][ T5939] usb 3-1: can't read configurations, error -61
[  420.189075][ T5939] usb usb3-port1: unable to enumerate USB device
[  421.256814][ T2156] IPVS: starting estimator thread 0...
[  421.270594][T10061] nbd: illegal input index 115408896
[  421.366838][T10063] IPVS: using max 29 ests per chain, 69600 per kthread
[  421.445272][T10064] sctp: [Deprecated]: syz.2.1002 (pid 10064) Use of int in max_burst socket option.
[  421.445272][T10064] Use struct sctp_assoc_value instead
[  421.547140][ T5904] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  421.817737][ T5904] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  421.913289][ T5904] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  421.959215][ T5904] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  421.980843][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.005365][ T5904] usb 5-1: Product: syz
[  422.017440][ T5904] usb 5-1: Manufacturer: syz
[  422.029633][ T5904] usb 5-1: SerialNumber: syz
[  422.376839][   T43] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  422.415907][ T5904] usb 5-1: 0:2 : does not exist
[  422.451087][ T5904] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  422.496378][ T5904] usb 5-1: USB disconnect, device number 21
[  422.564328][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  422.578463][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  422.603111][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  422.618350][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  422.648370][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  422.661129][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.683772][   T43] usb 4-1: config 0 descriptor??
[  423.211522][   T43] usb 4-1: USB disconnect, device number 22
[  423.355448][T10101] FAULT_INJECTION: forcing a failure.
[  423.355448][T10101] name failslab, interval 1, probability 0, space 0, times 0
[  423.370094][T10101] CPU: 0 UID: 0 PID: 10101 Comm: syz.0.1011 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  423.370120][T10101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  423.370131][T10101] Call Trace:
[  423.370138][T10101]  <TASK>
[  423.370145][T10101]  dump_stack_lvl+0x189/0x250
[  423.370178][T10101]  ? __pfx____ratelimit+0x10/0x10
[  423.370204][T10101]  ? __pfx_dump_stack_lvl+0x10/0x10
[  423.370228][T10101]  ? __pfx__printk+0x10/0x10
[  423.370253][T10101]  ? __pfx___might_resched+0x10/0x10
[  423.370277][T10101]  ? fs_reclaim_acquire+0x7d/0x100
[  423.370308][T10101]  should_fail_ex+0x414/0x560
[  423.370335][T10101]  should_failslab+0xa8/0x100
[  423.370360][T10101]  kmem_cache_alloc_noprof+0x73/0x3c0
[  423.370381][T10101]  ? getname_flags+0xb8/0x540
[  423.370410][T10101]  getname_flags+0xb8/0x540
[  423.370439][T10101]  do_sys_openat2+0xbc/0x1c0
[  423.370468][T10101]  ? __pfx_do_sys_openat2+0x10/0x10
[  423.370493][T10101]  ? irqentry_exit+0x74/0x90
[  423.370532][T10101]  __x64_sys_openat+0x138/0x170
[  423.370565][T10101]  do_syscall_64+0xfa/0x3b0
[  423.370593][T10101]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.370617][T10101]  ? asm_sysvec_call_function_single+0x1a/0x20
[  423.370635][T10101]  ? clear_bhb_loop+0x60/0xb0
[  423.370658][T10101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  423.370676][T10101] RIP: 0033:0x7f515cd8d290
[  423.370691][T10101] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  423.370707][T10101] RSP: 002b:00007f515dba6b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  423.370726][T10101] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f515cd8d290
[  423.370740][T10101] RDX: 0000000000000002 RSI: 00007f515dba6c10 RDI: 00000000ffffff9c
[  423.370752][T10101] RBP: 00007f515dba6c10 R08: 0000000000000000 R09: 00236962762f7665
[  423.370765][T10101] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  423.370777][T10101] R13: 0000000000000000 R14: 00007f515cfb6080 R15: 00007ffc36c8fbc8
[  423.370806][T10101]  </TASK>
[  423.404028][T10082] pim6reg1: entered promiscuous mode
[  423.938815][T10082] pim6reg1: entered allmulticast mode
[  426.681703][T10135] net_ratelimit: 15 callbacks suppressed
[  426.681722][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  426.719069][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  426.824760][T10137] openvswitch: netlink: Duplicate or invalid key (type 0).
[  426.833665][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  426.842931][T10137] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.134858][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.146503][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.192104][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.232650][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.267228][T10135] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.815925][T10156] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.011048][T10158] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1026'.
[  428.011231][T10158] netlink: 196 bytes leftover after parsing attributes in process `syz.4.1026'.
[  428.011263][T10158] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1026'.
[  428.011345][T10162] random: crng reseeded on system resumption
[  428.118930][T10156] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  428.237993][T10156] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.297170][T10156] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  429.686874][T10188] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1034'.
[  429.733001][T10188] vlan2: entered promiscuous mode
[  429.738288][T10188] batadv0: entered promiscuous mode
[  430.211268][T10156] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.233057][T10156] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.257680][T10156] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.278004][T10156] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.476812][   T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  430.569392][T10201] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1040'.
[  430.637526][   T10] usb 3-1: Using ep0 maxpacket: 32
[  430.646360][   T10] usb 3-1: config 0 has an invalid interface number: 106 but max is 0
[  430.670909][   T10] usb 3-1: config 0 has no interface number 0
[  430.687346][   T10] usb 3-1: config 0 interface 106 has no altsetting 0
[  430.705574][   T10] usb 3-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[  430.727954][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.763315][   T10] usb 3-1: Product: syz
[  430.781443][   T10] usb 3-1: Manufacturer: syz
[  430.791580][   T10] usb 3-1: SerialNumber: syz
[  430.808767][   T10] usb 3-1: config 0 descriptor??
[  430.830150][   T10] cdc_phonet 3-1:0.106: probe with driver cdc_phonet failed with error -22
[  431.030880][T10211] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  431.031171][ T9995] Bluetooth: hci2: link tx timeout
[  431.048771][ T9995] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  432.047504][T10220] netlink: 'syz.4.1043': attribute type 3 has an invalid length.
[  432.178967][T10223] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1045'.
[  432.500581][ T6943] bond0: (slave wlan1): link status definitely down, disabling slave
[  433.081663][ T9995] Bluetooth: hci2: command 0x0405 tx timeout
[  433.262957][ T5933] usb 3-1: USB disconnect, device number 21
[  435.089446][T10257] ptrace attach of "./syz-executor exec"[6533] was attempted by "\x09   
                   ��      ��      ��      ��              ��      ��      ��                 ����                        \x07   �                                                         \x07   \x0a                        '      
   \x0c   \x07\x07�(R��   
   @              ����                                                   �                                                                                                                                                                                                                                                       /dev/swradio#"[10257]
[  435.577002][ T5933] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  436.016620][T10266] (syz.2.1058,10266,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  436.025500][T10266] (syz.2.1058,10266,0):ocfs2_fill_super:1177 ERROR: status = -22
[  436.156864][ T5933] usb 5-1: not running at top speed; connect to a high speed hub
[  436.172883][ T5933] usb 5-1: config 95 has an invalid interface number: 86 but max is 0
[  436.181283][ T5933] usb 5-1: config 95 has no interface number 0
[  436.188096][ T5933] usb 5-1: config 95 interface 86 altsetting 8 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  436.295227][ T5933] usb 5-1: config 95 interface 86 has no altsetting 0
[  436.316789][ T5933] usb 5-1: New USB device found, idVendor=1781, idProduct=0138, bcdDevice=88.93
[  436.326014][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.334915][ T5933] usb 5-1: Product: 眅廉酣폺歞ꝫ됑அ᱙⑍퀲䵲瞄廊輧瘷㨘펗䬂鞸㏜鍽玑嶄ꗯᎾ䉯ᾇ꽿湕
[  436.372582][ T5933] usb 5-1: Manufacturer: ⠁
[  439.072625][T10289] syz.1.1063: attempt to access beyond end of device
[  439.072625][T10289] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  439.086229][T10289] hfs: can't find a HFS filesystem on dev nbd1
[  439.099283][   T43] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  439.633439][T10300] veth1_to_hsr: entered allmulticast mode
[  439.689768][T10300] net_ratelimit: 57 callbacks suppressed
[  439.689789][T10300] A link change request failed with some changes committed already. Interface veth1_to_hsr may have been left with an inconsistent configuration, please check.
[  439.756768][   T43] usb 1-1: device not accepting address 27, error -71
[  441.296387][T10322] (syz.2.1072,10322,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  441.305232][T10322] (syz.2.1072,10322,1):ocfs2_fill_super:1177 ERROR: status = -22
[  441.752691][   T43] usb 5-1: USB disconnect, device number 22
[  444.217637][   T43] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  444.555269][   T43] usb 4-1: config 0 has an invalid interface number: 192 but max is 2
[  444.571563][   T43] usb 4-1: config 0 has an invalid interface number: 131 but max is 2
[  444.622576][   T43] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  444.721921][   T43] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  444.739323][   T43] usb 4-1: config 0 has no interface number 0
[  444.757669][   T43] usb 4-1: config 0 has no interface number 1
[  444.822176][   T43] usb 4-1: config 0 interface 192 altsetting 7 endpoint 0xB has invalid maxpacket 512, setting to 64
[  444.833444][   T43] usb 4-1: config 0 interface 192 altsetting 7 endpoint 0x5 has invalid maxpacket 512, setting to 64
[  444.845887][   T43] usb 4-1: config 0 interface 192 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  445.002218][   T43] usb 4-1: config 0 interface 192 altsetting 7 has a duplicate endpoint with address 0x3, skipping
[  445.017084][   T43] usb 4-1: config 0 interface 192 altsetting 7 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  445.065158][   T43] usb 4-1: config 0 interface 192 altsetting 7 has a duplicate endpoint with address 0x3, skipping
[  445.111875][   T43] usb 4-1: config 0 interface 192 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  445.123574][   T43] usb 4-1: config 0 interface 192 has no altsetting 0
[  445.130755][   T43] usb 4-1: config 0 interface 131 has no altsetting 0
[  445.138432][   T43] usb 4-1: string descriptor 0 read error: -71
[  445.144769][   T43] usb 4-1: Dual-Role OTG device on HNP port
[  445.151512][   T43] usb 4-1: can't set HNP mode: -71
[  445.624217][T10355] siw: device registration error -23
[  446.430629][T10369] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1083'.
[  448.140980][T10383] xt_CT: No such helper "snmp"
[  448.950017][   T43] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  449.773535][   T43] usb 3-1: config 0 has an invalid interface number: 93 but max is 0
[  450.283704][   T43] usb 3-1: config 0 has no interface number 0
[  450.307521][   T43] usb 3-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  450.327049][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.335084][   T43] usb 3-1: Product: syz
[  450.359662][   T43] usb 3-1: Manufacturer: syz
[  450.364312][   T43] usb 3-1: SerialNumber: syz
[  450.393190][   T43] usb 3-1: config 0 descriptor??
[  450.562523][T10415] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1097'.
[  450.716229][T10395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.725865][T10395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.739460][   T43] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in cold state, will try to load a firmware
[  450.819293][   T43] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  450.856967][   T43] dib0700: firmware download failed at 7 with -22
[  450.888437][   T43] usb 3-1: USB disconnect, device number 22
[  451.598319][T10427] (syz.1.1100,10427,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  451.607310][T10427] (syz.1.1100,10427,0):ocfs2_fill_super:1177 ERROR: status = -22
[  452.052745][T10426] netlink: 'syz.3.1101': attribute type 11 has an invalid length.
[  452.065075][T10426] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1101'.
[  452.201472][T10429] FAULT_INJECTION: forcing a failure.
[  452.201472][T10429] name failslab, interval 1, probability 0, space 0, times 0
[  452.226633][T10429] CPU: 0 UID: 0 PID: 10429 Comm: syz.0.1102 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  452.226663][T10429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  452.226675][T10429] Call Trace:
[  452.226683][T10429]  <TASK>
[  452.226692][T10429]  dump_stack_lvl+0x189/0x250
[  452.226725][T10429]  ? __pfx____ratelimit+0x10/0x10
[  452.226753][T10429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.226780][T10429]  ? __pfx__printk+0x10/0x10
[  452.226805][T10429]  ? __pfx___might_resched+0x10/0x10
[  452.226836][T10429]  should_fail_ex+0x414/0x560
[  452.226864][T10429]  should_failslab+0xa8/0x100
[  452.226891][T10429]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  452.226914][T10429]  ? __alloc_skb+0x112/0x2d0
[  452.226945][T10429]  __alloc_skb+0x112/0x2d0
[  452.226970][T10429]  netlink_sendmsg+0x5c6/0xb30
[  452.227002][T10429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  452.227032][T10429]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  452.227054][T10429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  452.227077][T10429]  __sock_sendmsg+0x21c/0x270
[  452.227108][T10429]  ____sys_sendmsg+0x505/0x830
[  452.227138][T10429]  ? __pfx_____sys_sendmsg+0x10/0x10
[  452.227170][T10429]  ? import_iovec+0x74/0xa0
[  452.227192][T10429]  ___sys_sendmsg+0x21f/0x2a0
[  452.227217][T10429]  ? __pfx____sys_sendmsg+0x10/0x10
[  452.227277][T10429]  ? __fget_files+0x2a/0x420
[  452.227300][T10429]  ? __fget_files+0x3a0/0x420
[  452.227335][T10429]  __x64_sys_sendmsg+0x19b/0x260
[  452.227362][T10429]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  452.227395][T10429]  ? __pfx_ksys_write+0x10/0x10
[  452.227414][T10429]  ? rcu_is_watching+0x15/0xb0
[  452.227447][T10429]  ? do_syscall_64+0xbe/0x3b0
[  452.227478][T10429]  do_syscall_64+0xfa/0x3b0
[  452.227505][T10429]  ? lockdep_hardirqs_on+0x9c/0x150
[  452.227531][T10429]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.227550][T10429]  ? clear_bhb_loop+0x60/0xb0
[  452.227573][T10429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.227591][T10429] RIP: 0033:0x7f515cd8e929
[  452.227608][T10429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  452.227624][T10429] RSP: 002b:00007f515dbc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  452.227644][T10429] RAX: ffffffffffffffda RBX: 00007f515cfb5fa0 RCX: 00007f515cd8e929
[  452.227658][T10429] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  452.227670][T10429] RBP: 00007f515dbc8090 R08: 0000000000000000 R09: 0000000000000000
[  452.227681][T10429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  452.227692][T10429] R13: 0000000000000000 R14: 00007f515cfb5fa0 R15: 00007ffc36c8fbc8
[  452.227722][T10429]  </TASK>
[  452.661454][T10438] sctp: [Deprecated]: syz.1.1104 (pid 10438) Use of int in max_burst socket option.
[  452.661454][T10438] Use struct sctp_assoc_value instead
[  452.788345][   T43] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  452.889898][ T5904] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  452.947252][   T43] usb 3-1: Using ep0 maxpacket: 8
[  452.973227][   T43] usb 3-1: config 0 has an invalid interface number: 46 but max is 0
[  452.981847][   T43] usb 3-1: config 0 has no interface number 0
[  452.988455][   T43] usb 3-1: config 0 interface 46 has no altsetting 0
[  453.003171][   T43] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=f3.33
[  453.012748][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.023092][   T43] usb 3-1: Product: syz
[  453.027588][   T43] usb 3-1: Manufacturer: syz
[  453.032889][   T43] usb 3-1: SerialNumber: syz
[  453.048206][   T43] usb 3-1: config 0 descriptor??
[  453.085075][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  453.104597][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  453.118069][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 52323, setting to 64
[  453.129368][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  453.149594][ T5904] usb 1-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  453.164528][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.172668][ T5904] usb 1-1: Product: syz
[  453.176913][ T5904] usb 1-1: Manufacturer: syz
[  453.181550][ T5904] usb 1-1: SerialNumber: syz
[  453.201171][ T5904] usb 1-1: config 0 descriptor??
[  453.207523][T10437] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  453.329826][ T5904] rc_core: IR keymap rc-imon-rsc not found
[  453.335768][ T5904] Registered IR keymap rc-empty
[  453.357253][ T5904] rc rc0: iMON Station as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  453.384205][ T5904] input: iMON Station as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input33
[  453.534986][T10441] Cannot find add_set index 2 as target
[  453.547499][T10441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.571327][T10441] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.401370][   T10] usb 1-1: USB disconnect, device number 29
[  454.725445][T10448] mkiss: ax0: crc mode is auto.
[  454.857346][ T5939] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  455.499097][ T5939] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  455.632635][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.805378][ T5939] usb 2-1: Product: syz
[  455.922792][ T5939] usb 2-1: Manufacturer: syz
[  456.043803][ T5939] usb 2-1: SerialNumber: syz
[  456.110237][   T43] f81534a_ctrl 3-1:0.46: failed to set register 0x116: -5
[  456.117606][   T43] f81534a_ctrl 3-1:0.46: failed to enable ports: -5
[  456.120581][ T5939] usb 2-1: config 0 descriptor??
[  456.132182][   T43] f81534a_ctrl 3-1:0.46: probe with driver f81534a_ctrl failed with error -5
[  456.160421][   T43] usb 3-1: USB disconnect, device number 23
[  457.194095][ T5939] usb 2-1: USB disconnect, device number 23
[  457.223140][T10455] netlink: 'syz.2.1112': attribute type 2 has an invalid length.
[  457.240879][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  457.506178][ T5840] udevd[5840]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  457.521853][T10479] input: syz0 as /devices/virtual/input/input34
[  458.157779][    T9] usb 4-1: Using ep0 maxpacket: 8
[  458.236609][    T9] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  458.244914][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  458.272022][    T9] usb 4-1: config 0 has no interface number 0
[  458.304893][    T9] usb 4-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  458.360781][T10482] FAULT_INJECTION: forcing a failure.
[  458.360781][T10482] name failslab, interval 1, probability 0, space 0, times 0
[  458.395660][    T9] usb 4-1: config 0 interface 52 has no altsetting 0
[  458.420288][T10482] CPU: 0 UID: 0 PID: 10482 Comm: syz.1.1118 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  458.420318][T10482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.420330][T10482] Call Trace:
[  458.420338][T10482]  <TASK>
[  458.420346][T10482]  dump_stack_lvl+0x189/0x250
[  458.420378][T10482]  ? __pfx____ratelimit+0x10/0x10
[  458.420405][T10482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.420432][T10482]  ? __pfx__printk+0x10/0x10
[  458.420457][T10482]  ? __pfx___might_resched+0x10/0x10
[  458.420483][T10482]  ? fs_reclaim_acquire+0x7d/0x100
[  458.420510][T10482]  should_fail_ex+0x414/0x560
[  458.420538][T10482]  should_failslab+0xa8/0x100
[  458.420564][T10482]  __kmalloc_noprof+0xcb/0x4f0
[  458.420585][T10482]  ? kfree+0x4d/0x440
[  458.420602][T10482]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  458.420635][T10482]  tomoyo_realpath_from_path+0xe3/0x5d0
[  458.420665][T10482]  ? tomoyo_domain+0xda/0x130
[  458.420698][T10482]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  458.420721][T10482]  tomoyo_path_number_perm+0x1e8/0x5a0
[  458.420747][T10482]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  458.420788][T10482]  ? __lock_acquire+0xab9/0xd20
[  458.420832][T10482]  ? __fget_files+0x2a/0x420
[  458.420860][T10482]  ? __fget_files+0x2a/0x420
[  458.420882][T10482]  ? __fget_files+0x3a0/0x420
[  458.420905][T10482]  ? __fget_files+0x2a/0x420
[  458.420933][T10482]  security_file_ioctl+0xcb/0x2d0
[  458.420960][T10482]  __se_sys_ioctl+0x47/0x170
[  458.420983][T10482]  do_syscall_64+0xfa/0x3b0
[  458.421009][T10482]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.421035][T10482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.421054][T10482]  ? clear_bhb_loop+0x60/0xb0
[  458.421076][T10482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.421094][T10482] RIP: 0033:0x7f58b7b8e929
[  458.421110][T10482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.421125][T10482] RSP: 002b:00007f58b8a38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  458.421144][T10482] RAX: ffffffffffffffda RBX: 00007f58b7db5fa0 RCX: 00007f58b7b8e929
[  458.421156][T10482] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  458.421166][T10482] RBP: 00007f58b8a38090 R08: 0000000000000000 R09: 0000000000000000
[  458.421176][T10482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.421187][T10482] R13: 0000000000000000 R14: 00007f58b7db5fa0 R15: 00007fffdf0508a8
[  458.421212][T10482]  </TASK>
[  458.421220][T10482] ERROR: Out of memory at tomoyo_realpath_from_path.
[  458.680954][T10482] input: syz0 as /devices/virtual/input/input35
[  458.696799][    T9] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  458.713599][    T9] usb 4-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  458.725211][    T9] usb 4-1: Manufacturer: syz
[  458.733518][    T9] usb 4-1: config 0 descriptor??
[  458.845016][T10488] FAULT_INJECTION: forcing a failure.
[  458.845016][T10488] name failslab, interval 1, probability 0, space 0, times 0
[  458.869234][T10488] CPU: 0 UID: 0 PID: 10488 Comm: syz.0.1121 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  458.869262][T10488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.869273][T10488] Call Trace:
[  458.869281][T10488]  <TASK>
[  458.869288][T10488]  dump_stack_lvl+0x189/0x250
[  458.869319][T10488]  ? __pfx____ratelimit+0x10/0x10
[  458.869349][T10488]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.869376][T10488]  ? __pfx__printk+0x10/0x10
[  458.869397][T10488]  ? __pfx___might_resched+0x10/0x10
[  458.869423][T10488]  ? fs_reclaim_acquire+0x7d/0x100
[  458.869453][T10488]  should_fail_ex+0x414/0x560
[  458.869479][T10488]  should_failslab+0xa8/0x100
[  458.869504][T10488]  __kmalloc_noprof+0xcb/0x4f0
[  458.869526][T10488]  ? tomoyo_encode+0x28b/0x550
[  458.869558][T10488]  tomoyo_encode+0x28b/0x550
[  458.869592][T10488]  tomoyo_realpath_from_path+0x58d/0x5d0
[  458.869631][T10488]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  458.869655][T10488]  tomoyo_path_number_perm+0x1e8/0x5a0
[  458.869681][T10488]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  458.869712][T10488]  ? kasan_save_track+0x4f/0x80
[  458.869768][T10488]  ? __pfx_current_check_access_path+0x10/0x10
[  458.869798][T10488]  tomoyo_path_mknod+0x142/0x190
[  458.869815][T10488]  ? kasan_quarantine_put+0xdd/0x220
[  458.869836][T10488]  ? __pfx_tomoyo_path_mknod+0x10/0x10
[  458.869859][T10488]  ? kern_path_create+0x3e/0x50
[  458.869877][T10488]  ? kmem_cache_free+0x18f/0x400
[  458.869903][T10488]  security_path_mknod+0x17e/0x3a0
[  458.869926][T10488]  unix_bind+0x3ca/0xd90
[  458.869957][T10488]  ? __pfx_unix_bind+0x10/0x10
[  458.869981][T10488]  ? bpf_lsm_socket_bind+0x9/0x20
[  458.870006][T10488]  __sys_bind+0x2c3/0x3e0
[  458.870028][T10488]  ? __pfx___sys_bind+0x10/0x10
[  458.870058][T10488]  ? __pfx_ksys_write+0x10/0x10
[  458.870077][T10488]  ? rcu_is_watching+0x15/0xb0
[  458.870111][T10488]  __x64_sys_bind+0x7a/0x90
[  458.870130][T10488]  do_syscall_64+0xfa/0x3b0
[  458.870159][T10488]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.870176][T10488]  ? asm_sysvec_call_function_single+0x1a/0x20
[  458.870194][T10488]  ? clear_bhb_loop+0x60/0xb0
[  458.870218][T10488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.870246][T10488] RIP: 0033:0x7f515cd8e929
[  458.870263][T10488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.870279][T10488] RSP: 002b:00007f515dbc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  458.870300][T10488] RAX: ffffffffffffffda RBX: 00007f515cfb5fa0 RCX: 00007f515cd8e929
[  458.870314][T10488] RDX: 000000000000006e RSI: 00002000000000c0 RDI: 0000000000000004
[  458.870326][T10488] RBP: 00007f515dbc8090 R08: 0000000000000000 R09: 0000000000000000
[  458.870337][T10488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.870348][T10488] R13: 0000000000000000 R14: 00007f515cfb5fa0 R15: 00007ffc36c8fbc8
[  458.870378][T10488]  </TASK>
[  458.870420][T10488] ERROR: Out of memory at tomoyo_realpath_from_path.
[  459.003627][T10495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  459.018820][   T30] audit: type=1400 audit(1750062686.786:373): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=10487 comm="syz.0.1121" name="237" dev="tmpfs" ino=1270
[  459.207092][T10495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  459.320892][T10495] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  459.365144][ T5904] usb 4-1: USB disconnect, device number 25
[  459.385646][T10495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  459.447710][T10499] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1124'.
[  459.463696][T10499] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  460.750943][ T5939] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  461.443829][ T5939] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  461.622791][T10530] bond2 (unregistering): Released all slaves
[  461.746116][ T5904] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  462.085653][ T2156] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  462.447005][ T2156] usb 2-1: Using ep0 maxpacket: 32
[  462.539054][ T2156] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  462.549536][ T5904] usb 3-1: Using ep0 maxpacket: 16
[  462.559076][ T2156] usb 2-1: config 0 has no interfaces?
[  462.564630][ T2156] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  462.574983][ T2156] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.640931][ T5904] usb 3-1: New USB device found, idVendor=05ac, idProduct=0263, bcdDevice=6f.9e
[  462.678808][ T2156] usb 2-1: config 0 descriptor??
[  462.703907][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.722197][ T5904] usb 3-1: Product: syz
[  462.733724][ T5904] usb 3-1: Manufacturer: syz
[  462.756931][ T5904] usb 3-1: SerialNumber: syz
[  462.772752][ T5904] usb 3-1: config 0 descriptor??
[  462.789066][ T5904] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input36
[  462.908474][ T2156] usb 2-1: USB disconnect, device number 24
[  462.944394][T10552] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1137'.
[  463.361930][T10556] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1139'.
[  463.399285][T10558] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1140'.
[  463.472953][   T30] audit: type=1326 audit(1750062691.236:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10557 comm="syz.0.1140" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f515cd8e929 code=0x0
[  464.367733][ T5178] bcm5974 3-1:0.0: could not read from device
[  464.462498][ T5904] usb 3-1: USB disconnect, device number 24
[  464.472695][ T5178] bcm5974 3-1:0.0: could not read from device
[  465.089804][ T5178] bcm5974 3-1:0.0: could not read from device
[  465.192365][T10580] mkiss: ax0: crc mode is auto.
[  466.491752][ T5830] udevd[5830]: Error opening device "/dev/input/event4": No such file or directory
[  466.548690][ T5830] udevd[5830]: Unable to EVIOCGABS device "/dev/input/event4"
[  466.556247][ T5830] udevd[5830]: Unable to EVIOCGABS device "/dev/input/event4"
[  466.588264][ T5830] udevd[5830]: Unable to EVIOCGABS device "/dev/input/event4"
[  466.636984][ T5830] udevd[5830]: Unable to EVIOCGABS device "/dev/input/event4"
[  466.644551][ T5830] udevd[5830]: Assertion 'close_nointr(fd) != -EBADF' failed at util.c:228, function safe_close(). Aborting.
[  466.741959][ T5193] udevd[5193]: worker [5830] terminated by signal 6 (Aborted)
[  466.752083][T10594] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1149'.
[  466.761708][ T5193] udevd[5193]: worker [5830] failed while handling '/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input36/event4'
[  466.775679][T10595] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1151'.
[  466.815400][T10594] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1149'.
[  466.860227][T10594] block nbd0: Unsupported socket: shutdown callout must be supported.
[  466.984419][T10598] sctp: [Deprecated]: syz.4.1152 (pid 10598) Use of int in max_burst socket option.
[  466.984419][T10598] Use struct sctp_assoc_value instead
[  468.399039][   T43] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  468.578157][   T43] usb 3-1: Using ep0 maxpacket: 16
[  468.591902][   T43] usb 3-1: config 2 has an invalid interface number: 219 but max is 1
[  468.616329][   T43] usb 3-1: config 2 has an invalid interface number: 104 but max is 1
[  468.626139][   T43] usb 3-1: config 2 has no interface number 0
[  468.635416][   T43] usb 3-1: config 2 has no interface number 1
[  468.643411][   T43] usb 3-1: config 2 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  468.669362][   T43] usb 3-1: config 2 interface 219 altsetting 0 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  468.705176][   T43] usb 3-1: config 2 interface 104 altsetting 6 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  468.724237][   T43] usb 3-1: config 2 interface 104 has no altsetting 0
[  468.734620][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=08b4, bcdDevice=89.3b
[  468.747873][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.071783][   T43] usb 3-1: Product: Љ
[  469.083220][   T43] usb 3-1: Manufacturer: ዤ쏻䊼釦묿䈻䨘ŭ῵ꟺ୕ꇰ⫤䢟邬历浶Ⴞ⚙픦꓏ន癸弳Ꞽ騕酀ᢕ튆稘켟ሻ逧畳⚈足勋嵧ﴔᵗ䗀꽟䓒殲쓏牎엸佯Ѐ᳛폟앹쪊䚛臻ภ쿷ꑺ納㯡ﷃ꼞ᾩ咦ບ遣繵찐梱⛴쮓㿐恆컺昂ꆷ뎗잂቙㫂街淙腭
[  469.716886][   T43] usb 3-1: SerialNumber: syz
[  469.724561][   T43] usb 3-1: rejected 1 configuration due to insufficient available bus power
[  469.738258][   T43] usb 3-1: no configuration chosen from 1 choice
[  470.011579][   T43] usb 3-1: USB disconnect, device number 25
[  470.619985][T10651] lo speed is unknown, defaulting to 1000
[  470.876751][ T5921] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  470.946492][T10659] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'.
[  470.969292][T10656] sctp: [Deprecated]: syz.1.1166 (pid 10656) Use of int in max_burst socket option.
[  470.969292][T10656] Use struct sctp_assoc_value instead
[  471.048671][ T5921] usb 3-1: config 0 interface 0 has no altsetting 0
[  471.065533][ T5921] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  471.075598][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.107781][ T5921] usb 3-1: config 0 descriptor??
[  472.049934][ T5921] video4linux radio48: keene_cmd_set failed (-110)
[  472.120138][ T5921] radio-keene 3-1:0.0: V4L2 device registered as radio48
[  472.138310][ T5921] usb 3-1: USB disconnect, device number 26
[  474.280522][T10688] veth3: entered promiscuous mode
[  474.285615][T10688] veth3: entered allmulticast mode
[  474.325485][T10694] 9pnet_fd: Insufficient options for proto=fd
[  474.529723][T10699] syz.1.1179: attempt to access beyond end of device
[  474.529723][T10699] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  474.547787][T10699] hfs: can't find a HFS filesystem on dev nbd1
[  474.664425][ T5921] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  474.713854][T10708] siw: device registration error -23
[  475.469366][ T5921] usb 4-1: Using ep0 maxpacket: 8
[  475.532675][T10712] FAULT_INJECTION: forcing a failure.
[  475.532675][T10712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  475.546247][T10712] CPU: 1 UID: 0 PID: 10712 Comm: syz.2.1183 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  475.546275][T10712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  475.546288][T10712] Call Trace:
[  475.546296][T10712]  <TASK>
[  475.546304][T10712]  dump_stack_lvl+0x189/0x250
[  475.546338][T10712]  ? __pfx____ratelimit+0x10/0x10
[  475.546366][T10712]  ? __pfx_dump_stack_lvl+0x10/0x10
[  475.546393][T10712]  ? __pfx__printk+0x10/0x10
[  475.546425][T10712]  should_fail_ex+0x414/0x560
[  475.546454][T10712]  _copy_to_user+0x31/0xb0
[  475.546474][T10712]  simple_read_from_buffer+0xe1/0x170
[  475.546503][T10712]  proc_fail_nth_read+0x1df/0x250
[  475.546532][T10712]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  475.546562][T10712]  ? rw_verify_area+0x258/0x650
[  475.546582][T10712]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  475.546610][T10712]  vfs_read+0x200/0x980
[  475.546637][T10712]  ? __pfx___mutex_lock+0x10/0x10
[  475.546663][T10712]  ? __pfx_vfs_read+0x10/0x10
[  475.546683][T10712]  ? __fget_files+0x2a/0x420
[  475.546709][T10712]  ? __fget_files+0x3a0/0x420
[  475.546728][T10712]  ? __fget_files+0x2a/0x420
[  475.546757][T10712]  ksys_read+0x145/0x250
[  475.546779][T10712]  ? __pfx_ksys_read+0x10/0x10
[  475.546796][T10712]  ? rcu_is_watching+0x15/0xb0
[  475.546826][T10712]  ? do_syscall_64+0xbe/0x3b0
[  475.546854][T10712]  do_syscall_64+0xfa/0x3b0
[  475.546879][T10712]  ? lockdep_hardirqs_on+0x9c/0x150
[  475.546904][T10712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.546922][T10712]  ? clear_bhb_loop+0x60/0xb0
[  475.546943][T10712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.546959][T10712] RIP: 0033:0x7fc9d2d8d33c
[  475.546975][T10712] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  475.546992][T10712] RSP: 002b:00007fc9d0bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  475.547011][T10712] RAX: ffffffffffffffda RBX: 00007fc9d2fb5fa0 RCX: 00007fc9d2d8d33c
[  475.547025][T10712] RDX: 000000000000000f RSI: 00007fc9d0bf60a0 RDI: 0000000000000006
[  475.547036][T10712] RBP: 00007fc9d0bf6090 R08: 0000000000000000 R09: 0000000000000000
[  475.547045][T10712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.547054][T10712] R13: 0000000000000000 R14: 00007fc9d2fb5fa0 R15: 00007ffff37ee3a8
[  475.547080][T10712]  </TASK>
[  475.561109][ T5921] usb 4-1: unable to get BOS descriptor or descriptor too short
[  477.121222][T10732] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1187'.
[  477.294745][ T5921] usb 4-1: config 4 interface 0 has no altsetting 0
[  477.311371][ T5921] usb 4-1: string descriptor 0 read error: -22
[  477.318276][ T5921] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  477.330144][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.400052][ T5921] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  477.421881][T10740] overlayfs: failed to clone upperpath
[  477.621322][T10719] xt_CT: No such helper "snmp"
[  477.702691][T10749] sctp: [Deprecated]: syz.2.1191 (pid 10749) Use of int in max_burst socket option.
[  477.702691][T10749] Use struct sctp_assoc_value instead
[  477.721810][ T5921] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  477.775333][ T5921] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  477.796943][T10750] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  477.797219][ T5921] usb 4-1: media controller created
[  477.804046][T10750] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  477.837227][T10750] vhci_hcd vhci_hcd.0: Device attached
[  477.964467][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.006787][ T5904] vhci_hcd: vhci_device speed not set
[  478.036925][   T43] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  478.040002][ T5921] zl10353_read_register: readreg error (reg=127, ret==0)
[  478.082052][ T5904] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  478.196916][   T43] usb 2-1: device descriptor read/64, error -71
[  478.217206][ T5921] usb 4-1: USB disconnect, device number 26
[  478.456907][   T43] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  478.607186][   T43] usb 2-1: device descriptor read/64, error -71
[  478.836947][   T43] usb usb2-port1: attempt power cycle
[  479.497236][   T43] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  479.630803][   T43] usb 2-1: device descriptor read/8, error -71
[  479.756576][T10787] pimreg: entered allmulticast mode
[  479.886851][   T43] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  479.934459][T10785] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  481.487162][T10751] vhci_hcd: connection reset by peer
[  481.512144][ T6943] vhci_hcd: stop threads
[  481.525700][ T6943] vhci_hcd: release socket
[  481.549286][ T6943] vhci_hcd: disconnect device
[  481.564080][T10791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1200'.
[  481.586734][   T43] usb 2-1: device not accepting address 28, error -71
[  481.596086][   T43] usb usb2-port1: unable to enumerate USB device
[  481.627249][T10791] netlink: 'syz.2.1200': attribute type 1 has an invalid length.
[  481.653381][T10791] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1200'.
[  482.286781][T10801] bridge0: port 3(netdevsim2) entered blocking state
[  482.295899][T10801] bridge0: port 3(netdevsim2) entered disabled state
[  482.305401][T10801] netdevsim netdevsim3 netdevsim2: entered allmulticast mode
[  482.480516][T10801] netdevsim netdevsim3 netdevsim2: entered promiscuous mode
[  483.170110][T10801] bridge0: port 3(netdevsim2) entered blocking state
[  483.176989][T10801] bridge0: port 3(netdevsim2) entered forwarding state
[  483.407917][ T5904] vhci_hcd: vhci_device speed not set
[  484.088788][   T43] IPVS: starting estimator thread 0...
[  484.277245][T10820] IPVS: using max 24 ests per chain, 57600 per kthread
[  484.664133][ T5824] Bluetooth: hci3: unexpected event for opcode 0x0407
[  486.283524][T10840] lo speed is unknown, defaulting to 1000
[  487.280254][T10858] bridge0: port 1(gretap0) entered blocking state
[  487.288823][T10858] bridge0: port 1(gretap0) entered disabled state
[  487.307499][T10858] gretap0: entered allmulticast mode
[  487.315185][T10858] gretap0: entered promiscuous mode
[  487.332447][T10858] bridge0: port 1(gretap0) entered blocking state
[  487.339485][T10858] bridge0: port 1(gretap0) entered forwarding state
[  487.360428][T10859] gretap0: left allmulticast mode
[  487.365510][T10859] gretap0: left promiscuous mode
[  487.375065][T10859] bridge0: port 1(gretap0) entered disabled state
[  488.052341][T10871] fuse: Bad value for 'fd'
[  488.132925][T10874] FAULT_INJECTION: forcing a failure.
[  488.132925][T10874] name failslab, interval 1, probability 0, space 0, times 0
[  488.202804][T10874] CPU: 0 UID: 0 PID: 10874 Comm: syz.1.1225 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  488.202832][T10874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  488.202844][T10874] Call Trace:
[  488.202851][T10874]  <TASK>
[  488.202859][T10874]  dump_stack_lvl+0x189/0x250
[  488.202891][T10874]  ? __pfx____ratelimit+0x10/0x10
[  488.202917][T10874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.202944][T10874]  ? __pfx__printk+0x10/0x10
[  488.202968][T10874]  ? __pfx___might_resched+0x10/0x10
[  488.202994][T10874]  ? fs_reclaim_acquire+0x7d/0x100
[  488.203024][T10874]  should_fail_ex+0x414/0x560
[  488.203051][T10874]  should_failslab+0xa8/0x100
[  488.203077][T10874]  __kmalloc_noprof+0xcb/0x4f0
[  488.203097][T10874]  ? kfree+0x4d/0x440
[  488.203114][T10874]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  488.203148][T10874]  tomoyo_realpath_from_path+0xe3/0x5d0
[  488.203174][T10874]  ? tomoyo_domain+0xda/0x130
[  488.203208][T10874]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  488.203231][T10874]  tomoyo_path_number_perm+0x1e8/0x5a0
[  488.203256][T10874]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  488.203293][T10874]  ? __lock_acquire+0xab9/0xd20
[  488.203338][T10874]  ? __fget_files+0x2a/0x420
[  488.203361][T10874]  ? __fget_files+0x2a/0x420
[  488.203381][T10874]  ? __fget_files+0x3a0/0x420
[  488.203402][T10874]  ? __fget_files+0x2a/0x420
[  488.203426][T10874]  security_file_ioctl+0xcb/0x2d0
[  488.203452][T10874]  __se_sys_ioctl+0x47/0x170
[  488.203475][T10874]  do_syscall_64+0xfa/0x3b0
[  488.203500][T10874]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.203527][T10874]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.203545][T10874]  ? clear_bhb_loop+0x60/0xb0
[  488.203580][T10874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.203597][T10874] RIP: 0033:0x7f58b7b8e929
[  488.203614][T10874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.203631][T10874] RSP: 002b:00007f58b8a38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  488.203651][T10874] RAX: ffffffffffffffda RBX: 00007f58b7db5fa0 RCX: 00007f58b7b8e929
[  488.203666][T10874] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000003
[  488.203677][T10874] RBP: 00007f58b8a38090 R08: 0000000000000000 R09: 0000000000000000
[  488.203688][T10874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.203699][T10874] R13: 0000000000000000 R14: 00007f58b7db5fa0 R15: 00007fffdf0508a8
[  488.203728][T10874]  </TASK>
[  488.203736][T10874] ERROR: Out of memory at tomoyo_realpath_from_path.
[  488.682531][ T5824] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  488.691485][ T5824] Bluetooth: hci3: Injecting HCI hardware error event
[  488.701781][ T5824] Bluetooth: hci3: hardware error 0x00
[  489.040654][ T5933] libceph: connect (1)[c::]:6789 error -101
[  489.046939][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  489.071813][T10885] ceph: No mds server is up or the cluster is laggy
[  489.110153][T10896] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1231'.
[  489.786561][ T5921] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  490.036516][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  490.115103][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 53, changing to 9
[  490.385099][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8617, setting to 1024
[  490.436361][ T5921] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  490.467187][ T5921] usb 2-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  490.476548][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.517372][ T5921] usb 2-1: config 0 descriptor??
[  490.786959][ T5824] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  491.437429][T10917] vivid-000: kernel_thread() failed
[  491.578465][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.490867][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.503030][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.515269][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.535462][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.552047][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.600904][T10932] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1240'.
[  492.679131][ T5921] hid-multitouch 0003:0457:07DA.0008: unknown main item tag 0x0
[  492.962367][ T5921] hid-multitouch 0003:0457:07DA.0008: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.1-1/input0
[  493.021275][T10935] overlayfs: failed to clone upperpath
[  493.023362][ T5921] usb 2-1: USB disconnect, device number 29
[  493.206071][T10937] fido_id[10937]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  493.549363][T10944] xt_CT: No such helper "snmp"
[  493.917874][T10961] netlink: 'syz.1.1250': attribute type 33 has an invalid length.
[  493.926000][T10961] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1250'.
[  493.967057][T10961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'.
[  494.337000][ T5921] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  494.518923][ T5921] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  494.545826][ T5921] usb 4-1: config 0 has no interface number 0
[  494.579448][ T5921] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  494.616774][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.314703][ T5921] usb 4-1: config 0 descriptor??
[  495.440146][ T5921] usb 4-1: selecting invalid altsetting 1
[  495.484968][ T5921] dvb_ttusb_budget: ttusb_init_controller: error
[  495.541970][ T5921] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  495.705314][T10986] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  496.172178][ T5921] DVB: Unable to find symbol cx22700_attach()
[  496.493705][ T5921] DVB: Unable to find symbol tda10046_attach()
[  496.512607][ T5921] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  496.578895][ T5921] usb 4-1: USB disconnect, device number 27
[  496.670526][T11000] fuse: Bad value for 'group_id'
[  496.685730][T11000] fuse: Bad value for 'group_id'
[  496.988853][T11007] lo speed is unknown, defaulting to 1000
[  497.231377][T11011] lo speed is unknown, defaulting to 1000
[  497.345755][   T30] audit: type=1326 audit(1750062725.106:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11020 comm="syz.3.1269" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe166d8e929 code=0x0
[  497.664381][T11028] xt_CT: No such helper "snmp"
[  499.547354][T11057] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1277'.
[  500.330253][    T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  500.947866][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  501.103318][    T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  501.156814][    T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  501.165911][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.215341][    T9] usb 4-1: config 0 descriptor??
[  501.236721][   T30] audit: type=1326 audit(1750062728.996:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.326858][   T30] audit: type=1326 audit(1750062728.996:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.440273][   T30] audit: type=1326 audit(1750062729.026:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.492965][   T30] audit: type=1326 audit(1750062729.026:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.566918][   T30] audit: type=1326 audit(1750062729.026:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.635167][   T30] audit: type=1326 audit(1750062729.026:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f58b7b8e963 code=0x7ffc0000
[  501.682940][   T30] audit: type=1326 audit(1750062729.036:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f58b7b8e963 code=0x7ffc0000
[  501.721127][   T30] audit: type=1326 audit(1750062729.036:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  501.736448][T11082] lo speed is unknown, defaulting to 1000
[  501.746475][   T30] audit: type=1326 audit(1750062729.046:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.1.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f58b7b8e929 code=0x7ffc0000
[  502.227457][T11094] syz.1.1284: attempt to access beyond end of device
[  502.227457][T11094] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  502.240950][T11094] hfs: can't find a HFS filesystem on dev nbd1
[  502.406723][T11089] xt_CT: No such helper "snmp"
[  503.220714][T11104] siw: device registration error -23
[  504.081002][T11110] FAULT_INJECTION: forcing a failure.
[  504.081002][T11110] name failslab, interval 1, probability 0, space 0, times 0
[  504.104003][ T5904] usb 4-1: USB disconnect, device number 28
[  504.132895][T11110] CPU: 1 UID: 0 PID: 11110 Comm: syz.1.1288 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  504.132923][T11110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  504.132935][T11110] Call Trace:
[  504.132943][T11110]  <TASK>
[  504.132952][T11110]  dump_stack_lvl+0x189/0x250
[  504.132985][T11110]  ? __pfx____ratelimit+0x10/0x10
[  504.133013][T11110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  504.133041][T11110]  ? __pfx__printk+0x10/0x10
[  504.133067][T11110]  ? __pfx___might_resched+0x10/0x10
[  504.133093][T11110]  ? fs_reclaim_acquire+0x7d/0x100
[  504.133124][T11110]  should_fail_ex+0x414/0x560
[  504.133152][T11110]  should_failslab+0xa8/0x100
[  504.133178][T11110]  __kmalloc_cache_noprof+0x70/0x3d0
[  504.133201][T11110]  ? vhost_task_create+0xf6/0x290
[  504.133222][T11110]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  504.133248][T11110]  vhost_task_create+0xf6/0x290
[  504.133268][T11110]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  504.133294][T11110]  ? __pfx_vhost_task_create+0x10/0x10
[  504.133322][T11110]  ? __pfx_vhost_task_fn+0x10/0x10
[  504.133353][T11110]  ? kasan_save_track+0x4f/0x80
[  504.133371][T11110]  ? kasan_save_track+0x3e/0x80
[  504.133397][T11110]  kvm_mmu_post_init_vm+0x147/0x2b0
[  504.133428][T11110]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  504.133456][T11110]  ? __mutex_trylock_common+0x153/0x260
[  504.133490][T11110]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  504.133514][T11110]  ? rcu_is_watching+0x15/0xb0
[  504.133541][T11110]  ? look_up_lock_class+0x74/0x170
[  504.133571][T11110]  ? register_lock_class+0x51/0x320
[  504.133601][T11110]  ? __lock_acquire+0xab9/0xd20
[  504.133655][T11110]  kvm_vcpu_ioctl+0x95c/0xe90
[  504.133680][T11110]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  504.133707][T11110]  ? __lock_acquire+0xab9/0xd20
[  504.133734][T11110]  ? __asan_memset+0x22/0x50
[  504.133756][T11110]  ? smack_file_ioctl+0x302/0x340
[  504.133781][T11110]  ? __pfx_smack_file_ioctl+0x10/0x10
[  504.133815][T11110]  ? __fget_files+0x2a/0x420
[  504.133839][T11110]  ? __fget_files+0x3a0/0x420
[  504.133868][T11110]  ? __fget_files+0x2a/0x420
[  504.133896][T11110]  ? bpf_lsm_file_ioctl+0x9/0x20
[  504.133922][T11110]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  504.133951][T11110]  __se_sys_ioctl+0xfc/0x170
[  504.133974][T11110]  do_syscall_64+0xfa/0x3b0
[  504.134001][T11110]  ? lockdep_hardirqs_on+0x9c/0x150
[  504.134027][T11110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.134046][T11110]  ? clear_bhb_loop+0x60/0xb0
[  504.134070][T11110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.134089][T11110] RIP: 0033:0x7f58b7b8e929
[  504.134106][T11110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.134123][T11110] RSP: 002b:00007f58b8a17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  504.134144][T11110] RAX: ffffffffffffffda RBX: 00007f58b7db6080 RCX: 00007f58b7b8e929
[  504.134157][T11110] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  504.134169][T11110] RBP: 00007f58b8a17090 R08: 0000000000000000 R09: 0000000000000000
[  504.134179][T11110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  504.134190][T11110] R13: 0000000000000001 R14: 00007f58b7db6080 R15: 00007fffdf0508a8
[  504.134219][T11110]  </TASK>
[  504.861237][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.870827][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.879969][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.889087][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.898201][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.907313][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.916388][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.925525][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.934660][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  504.943777][T11114] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[  505.276769][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  505.579839][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  505.706735][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  505.881240][T11134] syz.1.1293: attempt to access beyond end of device
[  505.881240][T11134] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  505.894437][T11134] hfs: can't find a HFS filesystem on dev nbd1
[  506.508732][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  506.534808][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.559290][    T9] usb 3-1: config 0 descriptor??
[  506.651998][    T9] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  506.800241][T11143] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  506.814849][T11120] netlink: 83 bytes leftover after parsing attributes in process `syz.2.1291'.
[  506.827431][    T9] usb 3-1: USB disconnect, device number 27
[  506.847466][T11144] FAULT_INJECTION: forcing a failure.
[  506.847466][T11144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.913682][T11144] CPU: 1 UID: 0 PID: 11144 Comm: syz.1.1298 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  506.913712][T11144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  506.913723][T11144] Call Trace:
[  506.913731][T11144]  <TASK>
[  506.913739][T11144]  dump_stack_lvl+0x189/0x250
[  506.913770][T11144]  ? __pfx____ratelimit+0x10/0x10
[  506.913798][T11144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.913824][T11144]  ? __pfx__printk+0x10/0x10
[  506.913856][T11144]  should_fail_ex+0x414/0x560
[  506.913884][T11144]  _copy_to_user+0x31/0xb0
[  506.913904][T11144]  simple_read_from_buffer+0xe1/0x170
[  506.913933][T11144]  proc_fail_nth_read+0x1df/0x250
[  506.913962][T11144]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  506.913990][T11144]  ? rw_verify_area+0x258/0x650
[  506.914010][T11144]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  506.914037][T11144]  vfs_read+0x200/0x980
[  506.914064][T11144]  ? __pfx___mutex_lock+0x10/0x10
[  506.914092][T11144]  ? __pfx_vfs_read+0x10/0x10
[  506.914114][T11144]  ? __fget_files+0x2a/0x420
[  506.914142][T11144]  ? __fget_files+0x3a0/0x420
[  506.914164][T11144]  ? __fget_files+0x2a/0x420
[  506.914197][T11144]  ksys_read+0x145/0x250
[  506.914215][T11144]  ? __fget_files+0x3a0/0x420
[  506.914241][T11144]  ? __pfx_ksys_read+0x10/0x10
[  506.914267][T11144]  ? do_syscall_64+0xbe/0x3b0
[  506.914297][T11144]  do_syscall_64+0xfa/0x3b0
[  506.914323][T11144]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.914348][T11144]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.914377][T11144]  ? clear_bhb_loop+0x60/0xb0
[  506.914400][T11144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.914417][T11144] RIP: 0033:0x7f58b7b8d33c
[  506.914433][T11144] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  506.914449][T11144] RSP: 002b:00007f58b8a17030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  506.914469][T11144] RAX: ffffffffffffffda RBX: 00007f58b7db6080 RCX: 00007f58b7b8d33c
[  506.914482][T11144] RDX: 000000000000000f RSI: 00007f58b8a170a0 RDI: 0000000000000004
[  506.914494][T11144] RBP: 00007f58b8a17090 R08: 0000000000000000 R09: 0000000000000000
[  506.914505][T11144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.914516][T11144] R13: 0000000000000000 R14: 00007f58b7db6080 R15: 00007fffdf0508a8
[  506.914546][T11144]  </TASK>
[  507.311661][T11141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1297'.
[  509.467334][T11180] xt_CT: No such helper "snmp"
[  509.706980][ T5904] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  509.860718][ T5904] usb 2-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  509.878900][ T5904] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  509.936293][ T5904] usb 2-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  510.071367][ T5904] usb 2-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  510.110970][ T5904] usb 2-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  510.166677][ T5904] usb 2-1: Manufacturer: syz
[  510.186942][ T5904] usb 2-1: SerialNumber: syz
[  510.221247][T11184] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  510.544355][T11207] netlink: 'syz.3.1316': attribute type 9 has an invalid length.
[  511.025146][ T5904] yealink 2-1:36.0: invalid payload size 1024, expected 16
[  511.056147][ T5904] input: Yealink usb-p1k as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:36.0/input/input38
[  511.248349][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.255426][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.262394][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.269359][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.276420][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.283386][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.290329][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.297273][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.304187][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.310949][    C1] yealink 2-1:36.0: unexpected response 0
[  511.316902][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.323863][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.330827][    C1] yealink 2-1:36.0: unexpected response 0
[  511.336768][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.343755][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.350551][    C1] yealink 2-1:36.0: unexpected response 0
[  511.356538][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.364078][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.370864][    C1] yealink 2-1:36.0: unexpected response 0
[  511.377304][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.386850][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.393664][    C1] yealink 2-1:36.0: unexpected response 0
[  511.399909][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.413957][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.420902][    C1] yealink 2-1:36.0: unexpected response 0
[  511.436763][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.443992][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.451036][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.457988][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.464933][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.471684][    C1] yealink 2-1:36.0: unexpected response 0
[  511.477646][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.484626][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.491381][    C1] yealink 2-1:36.0: unexpected response 0
[  511.497268][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.504184][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.510936][    C1] yealink 2-1:36.0: unexpected response 0
[  511.516852][    C1] yealink 2-1:36.0: urb_ctl_callback - urb status -71
[  511.523675][ T5904] usb 2-1: USB disconnect, device number 30
[  511.529590][    C1] yealink 2-1:36.0: urb_irq_callback - urb status -71
[  511.529604][    C1] yealink 2-1:36.0: unexpected response 0
[  511.529613][    C1] yealink 2-1:36.0: urb_irq_callback - usb_submit_urb failed -19
[  511.891806][T11221] /dev/nullb0: Can't open blockdev
[  514.762309][    T9] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  514.960036][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[  514.971307][    T9] usb 1-1: config 5 has an invalid interface number: 148 but max is 0
[  514.994394][    T9] usb 1-1: config 5 has no interface number 0
[  515.004390][    T9] usb 1-1: config 5 interface 148 altsetting 1 endpoint 0xC has an invalid bInterval 250, changing to 4
[  515.039131][    T9] usb 1-1: config 5 interface 148 altsetting 1 endpoint 0xD has invalid wMaxPacketSize 0
[  515.071444][    T9] usb 1-1: config 5 interface 148 has no altsetting 0
[  515.094984][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=d181, bcdDevice=b4.a2
[  515.114533][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.133623][    T9] usb 1-1: Product: syz
[  515.138854][    T9] usb 1-1: Manufacturer: syz
[  515.143896][    T9] usb 1-1: SerialNumber: syz
[  515.173089][T11250] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1328'.
[  515.343214][T11254] sctp: [Deprecated]: syz.4.1329 (pid 11254) Use of struct sctp_assoc_value in delayed_ack socket option.
[  515.343214][T11254] Use struct sctp_sack_info instead
[  515.380760][    T9] ipheth 1-1:5.148: Unable to find endpoints
[  515.974064][    T9] usb 1-1: USB disconnect, device number 30
[  516.096198][T11257] FAULT_INJECTION: forcing a failure.
[  516.096198][T11257] name failslab, interval 1, probability 0, space 0, times 0
[  516.148080][T11257] CPU: 0 UID: 0 PID: 11257 Comm: syz.3.1330 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  516.148108][T11257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  516.148119][T11257] Call Trace:
[  516.148127][T11257]  <TASK>
[  516.148135][T11257]  dump_stack_lvl+0x189/0x250
[  516.148167][T11257]  ? __pfx____ratelimit+0x10/0x10
[  516.148194][T11257]  ? __pfx_dump_stack_lvl+0x10/0x10
[  516.148221][T11257]  ? __pfx__printk+0x10/0x10
[  516.148245][T11257]  ? __pfx___might_resched+0x10/0x10
[  516.148277][T11257]  should_fail_ex+0x414/0x560
[  516.148304][T11257]  should_failslab+0xa8/0x100
[  516.148329][T11257]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  516.148352][T11257]  ? __alloc_skb+0x112/0x2d0
[  516.148377][T11257]  __alloc_skb+0x112/0x2d0
[  516.148401][T11257]  netlink_sendmsg+0x5c6/0xb30
[  516.148431][T11257]  ? __pfx_netlink_sendmsg+0x10/0x10
[  516.148460][T11257]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  516.148482][T11257]  ? __pfx_netlink_sendmsg+0x10/0x10
[  516.148504][T11257]  __sock_sendmsg+0x21c/0x270
[  516.148535][T11257]  ____sys_sendmsg+0x505/0x830
[  516.148563][T11257]  ? __pfx_____sys_sendmsg+0x10/0x10
[  516.148595][T11257]  ? import_iovec+0x74/0xa0
[  516.148617][T11257]  ___sys_sendmsg+0x21f/0x2a0
[  516.148642][T11257]  ? __pfx____sys_sendmsg+0x10/0x10
[  516.148699][T11257]  ? __fget_files+0x2a/0x420
[  516.148722][T11257]  ? __fget_files+0x3a0/0x420
[  516.148756][T11257]  __x64_sys_sendmsg+0x19b/0x260
[  516.148782][T11257]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  516.148813][T11257]  ? __pfx_ksys_write+0x10/0x10
[  516.148832][T11257]  ? rcu_is_watching+0x15/0xb0
[  516.148863][T11257]  ? do_syscall_64+0xbe/0x3b0
[  516.148895][T11257]  do_syscall_64+0xfa/0x3b0
[  516.148920][T11257]  ? lockdep_hardirqs_on+0x9c/0x150
[  516.148946][T11257]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.148964][T11257]  ? clear_bhb_loop+0x60/0xb0
[  516.148986][T11257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.149004][T11257] RIP: 0033:0x7fe166d8e929
[  516.149020][T11257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  516.149037][T11257] RSP: 002b:00007fe167bc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  516.149056][T11257] RAX: ffffffffffffffda RBX: 00007fe166fb5fa0 RCX: 00007fe166d8e929
[  516.149075][T11257] RDX: 0000000004040040 RSI: 0000200000000180 RDI: 0000000000000005
[  516.149087][T11257] RBP: 00007fe167bc8090 R08: 0000000000000000 R09: 0000000000000000
[  516.149099][T11257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  516.149110][T11257] R13: 0000000000000000 R14: 00007fe166fb5fa0 R15: 00007fff2ae80828
[  516.149140][T11257]  </TASK>
[  516.425633][    C0] vkms_vblank_simulate: vblank timer overrun
[  517.901894][T11281] IPVS: set_ctl: invalid protocol: 135 224.0.0.2:20004
[  518.037506][T11283] overlayfs: empty lowerdir
[  518.176774][ T5939] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  518.335534][T11289] net_ratelimit: 3319 callbacks suppressed
[  518.335554][T11289] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  518.357935][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  518.376805][ T5939] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  518.415011][ T5939] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  518.428518][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  518.436571][ T5939] usb 3-1: Product: syz
[  518.455436][T11292] overlay: Unknown parameter 'permit_directio'
[  518.464966][ T5939] usb 3-1: Manufacturer: syz
[  518.478876][ T5939] usb 3-1: SerialNumber: syz
[  518.493469][ T5939] usb 3-1: config 0 descriptor??
[  518.809494][ T5939] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  519.095589][ T5939] usb 3-1: USB disconnect, device number 28
[  519.223284][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  522.314095][T11332] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  522.396731][   T30] kauditd_printk_skb: 60 callbacks suppressed
[  522.396749][   T30] audit: type=1326 audit(1750062750.156:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  522.424602][T11337] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1355'.
[  522.434173][T11337] gretap0: entered promiscuous mode
[  522.495812][   T30] audit: type=1326 audit(1750062750.156:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  522.564324][   T30] audit: type=1326 audit(1750062750.156:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  522.614398][   T30] audit: type=1326 audit(1750062750.156:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  522.701394][   T30] audit: type=1326 audit(1750062750.156:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  522.756179][   T30] audit: type=1326 audit(1750062750.156:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  523.394167][   T30] audit: type=1326 audit(1750062750.156:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  523.446716][   T30] audit: type=1326 audit(1750062750.166:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  523.557840][   T30] audit: type=1326 audit(1750062750.166:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  523.584496][T11344] syz.3.1357: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  523.604615][T11344] CPU: 1 UID: 0 PID: 11344 Comm: syz.3.1357 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  523.604642][T11344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  523.604653][T11344] Call Trace:
[  523.604661][T11344]  <TASK>
[  523.604670][T11344]  dump_stack_lvl+0x189/0x250
[  523.604705][T11344]  ? __pfx_dump_stack_lvl+0x10/0x10
[  523.604734][T11344]  ? __pfx__printk+0x10/0x10
[  523.604754][T11344]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  523.604788][T11344]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  523.604821][T11344]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  523.604856][T11344]  warn_alloc+0x214/0x310
[  523.604888][T11344]  ? __pfx_warn_alloc+0x10/0x10
[  523.604924][T11344]  ? __get_vm_area_node+0x28f/0x300
[  523.604949][T11344]  ? translate_table+0x198/0x2000
[  523.604974][T11344]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  523.605024][T11344]  ? lockdep_hardirqs_on+0x9c/0x150
[  523.605054][T11344]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  523.605085][T11344]  ? rcu_is_watching+0x15/0xb0
[  523.605113][T11344]  ? translate_table+0x198/0x2000
[  523.605134][T11344]  ? translate_table+0x198/0x2000
[  523.605153][T11344]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  523.605177][T11344]  ? translate_table+0x198/0x2000
[  523.605205][T11344]  translate_table+0x198/0x2000
[  523.605240][T11344]  ? __lock_acquire+0xab9/0xd20
[  523.605270][T11344]  ? __pfx_translate_table+0x10/0x10
[  523.605294][T11344]  ? __might_fault+0xb0/0x130
[  523.605336][T11344]  ? _copy_from_user+0x94/0xb0
[  523.605360][T11344]  do_ipt_set_ctl+0x967/0xcd0
[  523.605389][T11344]  ? rcu_is_watching+0x15/0xb0
[  523.605425][T11344]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  523.605465][T11344]  ? __pfx___mutex_lock+0x10/0x10
[  523.605495][T11344]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  523.605523][T11344]  ? __schedule+0x16c0/0x4cb0
[  523.605565][T11344]  nf_setsockopt+0x26f/0x290
[  523.605591][T11344]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  523.605613][T11344]  do_sock_setsockopt+0x257/0x3e0
[  523.605639][T11344]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  523.605665][T11344]  ? __fget_files+0x2a/0x420
[  523.605700][T11344]  __x64_sys_setsockopt+0x18b/0x220
[  523.605729][T11344]  do_syscall_64+0xfa/0x3b0
[  523.605757][T11344]  ? lockdep_hardirqs_on+0x9c/0x150
[  523.605784][T11344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.605804][T11344]  ? clear_bhb_loop+0x60/0xb0
[  523.605828][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.605847][T11344] RIP: 0033:0x7fe166d8e929
[  523.605865][T11344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.605882][T11344] RSP: 002b:00007fe167b86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  523.605903][T11344] RAX: ffffffffffffffda RBX: 00007fe166fb6160 RCX: 00007fe166d8e929
[  523.605917][T11344] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000005
[  523.605929][T11344] RBP: 00007fe166e10b39 R08: 0000000000000478 R09: 0000000000000000
[  523.605942][T11344] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000000
[  523.605954][T11344] R13: 0000000000000000 R14: 00007fe166fb6160 R15: 00007fff2ae80828
[  523.605985][T11344]  </TASK>
[  523.606003][T11344] Mem-Info:
[  523.676239][   T30] audit: type=1326 audit(1750062750.176:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11331 comm="syz.4.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  523.678819][T11344] active_anon:8368 inactive_anon:33704 isolated_anon:0
[  523.678819][T11344]  active_file:18876 inactive_file:39944 isolated_file:0
[  523.678819][T11344]  unevictable:775 dirty:39 writeback:0
[  523.678819][T11344]  slab_reclaimable:10829 slab_unreclaimable:101932
[  523.678819][T11344]  mapped:33585 shmem:37566 pagetables:1290
[  523.678819][T11344]  sec_pagetables:0 bounce:0
[  523.678819][T11344]  kernel_misc_reclaimable:0
[  523.678819][T11344]  free:1251352 free_pcp:15496 free_cma:0
[  523.991772][T11344] Node 0 active_anon:23972kB inactive_anon:134916kB active_file:75280kB inactive_file:159776kB unevictable:1564kB isolated(anon):0kB isolated(file):0kB mapped:134316kB dirty:156kB writeback:0kB shmem:139228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11744kB pagetables:5136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  524.025831][T11344] Node 1 active_anon:0kB inactive_anon:0kB active_file:224kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  524.057402][T11344] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  524.086823][T11344] lowmem_reserve[]: 0 2501 2503 2503 2503
[  524.092635][T11344] Node 0 DMA32 free:1086092kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23968kB inactive_anon:135072kB active_file:73520kB inactive_file:159708kB unevictable:1564kB writepending:156kB present:3129332kB managed:2561484kB mlocked:28kB bounce:0kB free_pcp:52848kB local_pcp:17568kB free_cma:0kB
[  524.125665][T11344] lowmem_reserve[]: 0 0 1 1 1
[  524.130459][T11344] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1760kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  524.159586][T11344] lowmem_reserve[]: 0 0 0 0 0
[  524.164700][T11344] Node 1 Normal free:3903600kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:224kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18352kB local_pcp:5860kB free_cma:0kB
[  524.196766][T11344] lowmem_reserve[]: 0 0 0 0 0
[  524.201532][T11344] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  524.214336][T11344] Node 0 DMA32: 1*4kB (U) 9*8kB (ME) 2*16kB (UM) 3*32kB (UE) 157*64kB (ME) 71*128kB (ME) 27*256kB (ME) 18*512kB (UM) 16*1024kB (UME) 13*2048kB (UME) 246*4096kB (M) = 1086092kB
[  524.232248][T11344] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  524.244687][T11344] Node 1 Normal: 202*4kB (UME) 49*8kB (UME) 46*16kB (UME) 133*32kB (UME) 39*64kB (UME) 13*128kB (UME) 6*256kB (UME) 5*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3903600kB
[  524.263567][T11344] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.273551][T11344] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  524.283244][T11344] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.292877][T11344] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  524.302249][T11344] 94008 total pagecache pages
[  524.306988][T11344] 0 pages in swap cache
[  524.311150][T11344] Free swap  = 124996kB
[  524.315338][T11344] Total swap = 124996kB
[  524.319763][T11344] 2097051 pages RAM
[  524.323580][T11344] 0 pages HighMem/MovableOnly
[  524.328321][T11344] 424573 pages reserved
[  524.332479][T11344] 0 pages cma reserved
[  524.384046][T11353] input: syz1 as /devices/virtual/input/input39
[  524.855971][T11359] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1362'.
[  525.587255][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  526.836866][    T9] usb 3-1: Using ep0 maxpacket: 32
[  526.912356][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  526.926833][T11359] bridge_slave_1: left allmulticast mode
[  526.967332][T11359] bridge_slave_1: left promiscuous mode
[  526.973078][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  526.985589][T11359] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.597990][T11359] bridge_slave_0: left allmulticast mode
[  527.707148][T11359] bridge_slave_0: left promiscuous mode
[  527.742744][    T9] usb 3-1: string descriptor 0 read error: -71
[  527.751096][T11359] bridge0: port 1(bridge_slave_0) entered disabled state
[  527.756861][    T9] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  527.836721][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.859655][    T9] usb 3-1: config 0 descriptor??
[  527.883611][T11380] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  527.926003][    T9] usb 3-1: can't set config #0, error -71
[  527.954968][    T9] usb 3-1: USB disconnect, device number 29
[  529.457667][T11398] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1372'.
[  529.471377][T11400] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1374'.
[  529.927566][T11398] netlink: 129704 bytes leftover after parsing attributes in process `syz.4.1372'.
[  531.496729][ T5933] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  532.200109][ T5933] usb 1-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  532.210063][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.481678][ T5933] usb 1-1: config 0 descriptor??
[  532.607403][  T977] lo speed is unknown, defaulting to 1000
[  532.613233][  T977] syz0: Port: 1 Link DOWN
[  533.098373][T11423] input: syz0 as /devices/virtual/input/input40
[  533.110454][T11430] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  533.139173][T11430] batadv_slave_1: entered promiscuous mode
[  533.168528][T11430] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1383'.
[  533.425423][ T5933] hackrf 1-1:0.0: usb_control_msg() failed -71 request 0e
[  533.437593][ T5933] hackrf 1-1:0.0: Could not detect board
[  533.444814][ T5933] hackrf 1-1:0.0: probe with driver hackrf failed with error -71
[  533.457725][ T5933] usb 1-1: USB disconnect, device number 31
[  534.312514][T11454] sctp: [Deprecated]: syz.2.1385 (pid 11454) Use of int in max_burst socket option.
[  534.312514][T11454] Use struct sctp_assoc_value instead
[  534.418360][T11464] lo speed is unknown, defaulting to 1000
[  535.038585][T11477] binder: 11476:11477 ioctl c0306201 200000001440 returned -11
[  535.053555][T11477] binder: 11476:11477 ioctl 8138ae83 7fc9d0bf4aa0 returned -22
[  537.914802][T11520] tipc: Started in network mode
[  537.936786][T11520] tipc: Node identity 4, cluster identity 4711
[  537.943024][T11520] tipc: Node number set to 4
[  538.337555][T11532] sctp: [Deprecated]: syz.0.1405 (pid 11532) Use of int in max_burst socket option.
[  538.337555][T11532] Use struct sctp_assoc_value instead
[  538.655076][T11540] random: crng reseeded on system resumption
[  538.682393][T11540] netlink: 'syz.1.1408': attribute type 1 has an invalid length.
[  538.694668][T11540] binder: 11539:11540 ioctl c018620c 200000000380 returned -22
[  538.887883][T11545] input: syz1 as /devices/virtual/input/input41
[  539.386803][T11555] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1412'.
[  539.457036][T11556] 9pnet_fd: Insufficient options for proto=fd
[  539.588517][T11559] tmpfs: Bad value for 'huge'
[  539.633614][T11561] tmpfs: Bad value for 'huge'
[  539.686806][ T5933] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  540.236764][ T5933] usb 3-1: Using ep0 maxpacket: 8
[  540.256474][ T5933] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  540.282518][ T5933] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  540.522805][ T5933] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  540.532777][ T5933] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  540.542789][ T5933] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  540.561383][ T5933] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  540.603859][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.376979][ T5933] usb 3-1: usb_control_msg returned -32
[  542.387628][ T5933] usbtmc 3-1:16.0: can't read capabilities
[  542.588332][T11585] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  545.197837][ T5939] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  552.677387][    C0] Dead loop on virtual device ipvlan1, fix it urgently!
[  554.731789][    T9] usb 3-1: USB disconnect, device number 30
[  554.766862][ T5939] usb 1-1: Using ep0 maxpacket: 32
[  554.817335][ T5939] usb 1-1: device descriptor read/all, error -71
[  555.128714][T11621] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.281730][T11625] program syz.1.1434 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  555.964865][ T9995] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  555.978928][ T9995] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  556.003229][ T9995] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  556.012257][ T9995] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  556.020374][ T9995] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  556.348820][T11646] lo speed is unknown, defaulting to 1000
[  556.776724][    T9] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  556.851160][ T1158] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.068926][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  557.173726][T11664] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 11664 comm: syz.4.1444)
[  557.212797][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  557.219056][   T30] audit: type=1800 audit(1750062784.956:467): pid=11664 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1444" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=33747 res=0 errno=0
[  557.257693][    T9] usb 4-1: not running at top speed; connect to a high speed hub
[  557.580313][    T9] usb 4-1: config 17 has an invalid interface number: 8 but max is 1
[  557.590838][    T9] usb 4-1: config 17 has 1 interface, different from the descriptor's value: 2
[  557.606073][ T1158] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.618642][    T9] usb 4-1: config 17 has no interface number 0
[  557.644041][    T9] usb 4-1: config 17 interface 8 altsetting 6 has an endpoint descriptor with address 0x61, changing to 0x1
[  557.667402][    T9] usb 4-1: config 17 interface 8 altsetting 6 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  557.678857][    T9] usb 4-1: config 17 interface 8 has no altsetting 0
[  557.696098][    T9] usb 4-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  557.710263][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.718621][  T977] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  557.744178][    T9] usb 4-1: Product: syz
[  557.756481][ T1158] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.760338][    T9] usb 4-1: Manufacturer: syz
[  557.771612][    T9] usb 4-1: SerialNumber: syz
[  557.845253][ T1158] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.876980][  T977] usb 2-1: Using ep0 maxpacket: 32
[  557.897520][  T977] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  557.906792][  T977] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  557.929299][  T977] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  557.943461][  T977] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  557.957260][  T977] usb 2-1: config 0 interface 0 has no altsetting 0
[  557.969568][  T977] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  558.000524][  T977] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  558.085424][    T9] usb 4-1: selecting invalid altsetting 0
[  558.116929][ T5824] Bluetooth: hci5: command tx timeout
[  558.124980][  T977] usb 2-1: Product: syz
[  558.144258][T11646] chnl_net:caif_netlink_parms(): no params data found
[  558.158356][    T9] usb 4-1: 8:6 : no UAC_FORMAT_TYPE desc
[  558.170867][  T977] usb 2-1: Manufacturer: syz
[  558.194319][    T9] usb 4-1: selecting invalid altsetting 0
[  558.200809][  T977] usb 2-1: SerialNumber: syz
[  558.283098][  T977] usb 2-1: config 0 descriptor??
[  558.382354][  T977] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  558.408270][    T9] usb 4-1: USB disconnect, device number 29
[  558.426936][  T977] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  558.503750][T11620] udevd[11620]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  558.700034][T11663] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  558.707761][    T9] usb 2-1: USB disconnect, device number 31
[  558.713702][    C0] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  558.720886][T11671] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -19
[  558.751307][T11673] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  558.751573][    T9] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  559.877572][ T5824] Bluetooth: hci2: command 0x0405 tx timeout
[  559.880686][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  560.136768][    T9] usb 2-1: Using ep0 maxpacket: 32
[  560.181784][    T9] usb 2-1: device descriptor read/all, error -71
[  560.196980][ T9995] Bluetooth: hci5: command tx timeout
[  561.840721][ T1158] bond0 (unregistering): Released all slaves
[  562.106884][ T5904] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  562.278804][ T9995] Bluetooth: hci5: command tx timeout
[  562.286898][ T5904] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  562.300260][T11646] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.311397][T11709] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  562.326469][T11646] bridge0: port 1(bridge_slave_0) entered disabled state
[  562.333820][ T5904] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  562.344686][ T5904] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  562.345283][T11646] bridge_slave_0: entered allmulticast mode
[  562.357943][ T5904] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  562.374438][ T5904] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  562.389194][ T5904] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  562.398711][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  562.407184][ T5904] usb 1-1: Product: syz
[  562.411537][ T5904] usb 1-1: Manufacturer: syz
[  562.411680][T11646] bridge_slave_0: entered promiscuous mode
[  562.447353][ T5904] cdc_wdm 1-1:1.0: skipping garbage
[  562.452611][ T5904] cdc_wdm 1-1:1.0: skipping garbage
[  562.457793][T11646] bridge0: port 2(bridge_slave_1) entered blocking state
[  562.457884][T11646] bridge0: port 2(bridge_slave_1) entered disabled state
[  562.458046][T11646] bridge_slave_1: entered allmulticast mode
[  562.477368][ T5904] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  562.484635][ T5904] cdc_wdm 1-1:1.0: Unknown control protocol
[  562.524564][T11646] bridge_slave_1: entered promiscuous mode
[  562.976798][   T30] audit: type=1326 audit(1750062790.636:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11710 comm="syz.4.1457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x0
[  563.392845][ T5921] usb 1-1: USB disconnect, device number 34
[  563.413099][T11646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  563.565332][T11646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  563.650475][ T1158] hsr_slave_0: left promiscuous mode
[  563.665635][ T1158] hsr_slave_1: left promiscuous mode
[  563.704513][ T1158] veth1_macvtap: left promiscuous mode
[  563.710813][ T1158] veth0_macvtap: left promiscuous mode
[  563.733284][ T1158] veth1_vlan: left promiscuous mode
[  563.747062][ T1158] veth0_vlan: left promiscuous mode
[  563.883145][T11724] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1459'.
[  564.106864][ T1158] pimreg (unregistering): left allmulticast mode
[  564.367017][ T9995] Bluetooth: hci5: command tx timeout
[  564.864503][T11734] 9pnet_fd: Insufficient options for proto=fd
[  566.734782][T11723] (unnamed net_device) (uninitialized): up delay (7) is not a multiple of miimon (3), value rounded to 6 ms
[  566.748544][T11723] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms
[  566.781742][T11723] 8021q: adding VLAN 0 to HW filter on device bond1
[  566.850631][T11646] team0: Port device team_slave_0 added
[  566.869619][T11646] team0: Port device team_slave_1 added
[  566.954261][T11646] batman_adv: batadv0: Adding interface: batadv_slave_0
[  566.971108][T11646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.010657][T11646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.052814][T11646] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.061381][T11646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.102439][T11646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  567.136728][    T9] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  567.160334][T11755] FAULT_INJECTION: forcing a failure.
[  567.160334][T11755] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.173528][T11755] CPU: 1 UID: 0 PID: 11755 Comm: syz.1.1470 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  567.173554][T11755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  567.173566][T11755] Call Trace:
[  567.173575][T11755]  <TASK>
[  567.173584][T11755]  dump_stack_lvl+0x189/0x250
[  567.173616][T11755]  ? __pfx____ratelimit+0x10/0x10
[  567.173644][T11755]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.173671][T11755]  ? __pfx__printk+0x10/0x10
[  567.173690][T11755]  ? __might_fault+0xb0/0x130
[  567.173723][T11755]  should_fail_ex+0x414/0x560
[  567.173750][T11755]  _copy_from_user+0x2d/0xb0
[  567.173770][T11755]  ___sys_recvmsg+0x12e/0x510
[  567.173800][T11755]  ? __pfx____sys_recvmsg+0x10/0x10
[  567.173847][T11755]  ? __fget_files+0x3a0/0x420
[  567.173882][T11755]  __x64_sys_recvmsg+0x198/0x260
[  567.173909][T11755]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  567.173950][T11755]  ? do_syscall_64+0xbe/0x3b0
[  567.173982][T11755]  do_syscall_64+0xfa/0x3b0
[  567.174010][T11755]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.174028][T11755]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  567.174046][T11755]  ? clear_bhb_loop+0x60/0xb0
[  567.174068][T11755]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.174093][T11755] RIP: 0033:0x7f58b7b8e929
[  567.174110][T11755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.174126][T11755] RSP: 002b:00007f58b8a17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  567.174145][T11755] RAX: ffffffffffffffda RBX: 00007f58b7db6080 RCX: 00007f58b7b8e929
[  567.174159][T11755] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000006
[  567.174171][T11755] RBP: 00007f58b8a17090 R08: 0000000000000000 R09: 0000000000000000
[  567.174182][T11755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  567.174193][T11755] R13: 0000000000000000 R14: 00007f58b7db6080 R15: 00007fffdf0508a8
[  567.174222][T11755]  </TASK>
[  567.460279][    T9] usb 4-1: config 1 interface 0 altsetting 9 endpoint 0x82 is Bulk; changing to Interrupt
[  567.477253][    T9] usb 4-1: config 1 interface 0 altsetting 9 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  567.499276][    T9] usb 4-1: config 1 interface 0 has no altsetting 0
[  567.533304][T11646] hsr_slave_0: entered promiscuous mode
[  567.541872][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  567.555834][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.569335][T11646] hsr_slave_1: entered promiscuous mode
[  567.575159][    T9] usb 4-1: Product: В
[  567.577012][T11646] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  567.579727][    T9] usb 4-1: Manufacturer: 
[  567.590534][T11646] Cannot create hsr debugfs directory
[  567.591968][    T9] usb 4-1: SerialNumber: 㯙㈋抾᮹㳌氿ᗙ﾿㟨ઋ훅낷ᯌ灻薙㲃⫫ⴄ徸봔芦넘ఇ죡哓ꈤ殯ꅴ퇊݈૲찉九⃻嬋⯥㹰૙잦洨놭ᳪ巁亰쬐缫㡫㠝黂ꉂ珯⤕뇾
[  567.595608][T11750] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  567.626411][T11750] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  567.733452][ T1158] IPVS: stop unused estimator thread 0...
[  567.858726][    T9] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  568.050310][T11646] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  568.071245][T11750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1469'.
[  568.084134][T11646] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  568.095703][T11750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'.
[  568.111694][T11750] netlink: 'syz.3.1469': attribute type 11 has an invalid length.
[  568.112529][T11646] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  568.131742][T11771] JFS: discard option not supported on device
[  568.145673][T11646] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  568.155765][T11771] Mount JFS Failure: -22
[  568.160306][T11771] jfs_mount failed w/return code = -22
[  568.235352][T11750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.246246][T11750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.265466][    T9] usb 4-1: USB disconnect, device number 30
[  568.471077][T11646] 8021q: adding VLAN 0 to HW filter on device bond0
[  568.503914][T11646] 8021q: adding VLAN 0 to HW filter on device team0
[  568.530712][ T6015] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.538059][ T6015] bridge0: port 1(bridge_slave_0) entered forwarding state
[  568.574720][ T6015] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.581920][ T6015] bridge0: port 2(bridge_slave_1) entered forwarding state
[  568.798462][   T30] audit: type=1326 audit(1750062796.536:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11780 comm="syz.0.1477" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f515cd8e929 code=0x0
[  569.522500][T11646] 8021q: adding VLAN 0 to HW filter on device batadv0
[  570.683178][T11820] overlayfs: failed to clone upperpath
[  570.784309][T11826] FAULT_INJECTION: forcing a failure.
[  570.784309][T11826] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  570.822998][T11826] CPU: 1 UID: 0 PID: 11826 Comm: syz.0.1489 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  570.823024][T11826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  570.823035][T11826] Call Trace:
[  570.823043][T11826]  <TASK>
[  570.823051][T11826]  dump_stack_lvl+0x189/0x250
[  570.823083][T11826]  ? __pfx____ratelimit+0x10/0x10
[  570.823110][T11826]  ? __pfx_dump_stack_lvl+0x10/0x10
[  570.823137][T11826]  ? __pfx__printk+0x10/0x10
[  570.823156][T11826]  ? __might_fault+0xb0/0x130
[  570.823189][T11826]  should_fail_ex+0x414/0x560
[  570.823217][T11826]  _copy_from_user+0x2d/0xb0
[  570.823235][T11826]  ___sys_sendmsg+0x158/0x2a0
[  570.823261][T11826]  ? __pfx____sys_sendmsg+0x10/0x10
[  570.823320][T11826]  ? __fget_files+0x2a/0x420
[  570.823343][T11826]  ? __fget_files+0x3a0/0x420
[  570.823376][T11826]  __x64_sys_sendmsg+0x19b/0x260
[  570.823401][T11826]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  570.823430][T11826]  ? __pfx_ksys_write+0x10/0x10
[  570.823449][T11826]  ? rcu_is_watching+0x15/0xb0
[  570.823482][T11826]  ? do_syscall_64+0xbe/0x3b0
[  570.823513][T11826]  do_syscall_64+0xfa/0x3b0
[  570.823539][T11826]  ? lockdep_hardirqs_on+0x9c/0x150
[  570.823572][T11826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.823591][T11826]  ? clear_bhb_loop+0x60/0xb0
[  570.823614][T11826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.823631][T11826] RIP: 0033:0x7f515cd8e929
[  570.823648][T11826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  570.823665][T11826] RSP: 002b:00007f515dbc8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  570.823685][T11826] RAX: ffffffffffffffda RBX: 00007f515cfb5fa0 RCX: 00007f515cd8e929
[  570.823699][T11826] RDX: 0000000000000000 RSI: 0000200000005d80 RDI: 0000000000000003
[  570.823711][T11826] RBP: 00007f515dbc8090 R08: 0000000000000000 R09: 0000000000000000
[  570.823723][T11826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  570.823734][T11826] R13: 0000000000000000 R14: 00007f515cfb5fa0 R15: 00007ffc36c8fbc8
[  570.823763][T11826]  </TASK>
[  570.847095][T11646] veth0_vlan: entered promiscuous mode
[  571.079160][T11646] veth1_vlan: entered promiscuous mode
[  571.224121][T11646] veth0_macvtap: entered promiscuous mode
[  571.257470][T11829] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.302914][T11646] veth1_macvtap: entered promiscuous mode
[  571.360441][T11646] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.384667][T11646] batman_adv: batadv0: Interface activated: batadv_slave_1
[  571.416197][T11646] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  571.426167][T11646] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  571.469800][T11646] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  571.480209][T11646] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  571.683627][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.698567][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.720662][T11844] lo speed is unknown, defaulting to 1000
[  571.766060][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.775451][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.086720][ T5904] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  572.088289][T11858] input: syz1 as /devices/virtual/input/input43
[  572.447200][ T5904] usb 1-1: Using ep0 maxpacket: 16
[  572.456568][ T5904] usb 1-1: config 1 has an invalid interface number: 123 but max is 0
[  572.465232][ T5904] usb 1-1: config 1 has no interface number 0
[  572.473288][ T5904] usb 1-1: config 1 interface 123 has no altsetting 0
[  572.484349][ T5904] usb 1-1: New USB device found, idVendor=0b05, idProduct=4202, bcdDevice=4c.71
[  572.497189][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.505361][ T5904] usb 1-1: Product: syz
[  572.516878][ T5904] usb 1-1: Manufacturer: syz
[  572.521646][ T5904] usb 1-1: SerialNumber: syz
[  573.148638][ T5904] ipaq 1-1:1.123: PocketPC PDA converter detected
[  573.263464][T11871] vlan2: entered allmulticast mode
[  573.271834][T11871] veth1_macvtap: entered allmulticast mode
[  573.339805][ T5904] usb 1-1: PocketPC PDA converter now attached to ttyUSB0
[  573.654739][T11876] usb 1-1: USB disconnect, device number 35
[  573.731370][T11876] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0
[  573.749651][T11876] ipaq 1-1:1.123: device disconnected
[  573.817871][T11878] usb usb1: usbfs: process 11878 (syz.5.1506) did not claim interface 0 before use
[  573.832204][T11878] usb usb1: selecting invalid altsetting 15
[  574.051158][T11884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1508'.
[  574.061553][T11884] netlink: 'syz.5.1508': attribute type 30 has an invalid length.
[  574.075680][T11884] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  574.084570][T11884] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  574.093298][T11884] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  574.102091][T11884] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  574.113848][T11884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1508'.
[  574.123398][T11884] netlink: 'syz.5.1508': attribute type 30 has an invalid length.
[  576.254157][T11908] mkiss: ax0: crc mode is auto.
[  576.998674][T11911] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  577.432593][T11915] netlink: 'syz.3.1519': attribute type 4 has an invalid length.
[  577.457886][T11918] ipt_rpfilter: unknown options
[  577.463409][T11918] ipt_rpfilter: unknown options
[  577.473757][T11918] ipt_rpfilter: unknown options
[  577.479906][T11918] ipt_rpfilter: unknown options
[  577.485404][T11918] ipt_rpfilter: unknown options
[  577.492079][T11918] ipt_rpfilter: unknown options
[  577.511009][T11918] ipt_rpfilter: unknown options
[  577.550644][T11920] netlink: 'syz.3.1519': attribute type 4 has an invalid length.
[  578.933694][T11956] mkiss: ax0: crc mode is auto.
[  584.669714][ T5824] Bluetooth: hci4: command 0x1003 tx timeout
[  584.677733][ T9995] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  585.017267][T11962] netlink: 'syz.5.1535': attribute type 1 has an invalid length.
[  585.075726][T11966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1537'.
[  585.266721][ T5933] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  585.450779][ T5933] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  585.468090][ T5933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.508516][ T5933] usb 2-1: config 0 descriptor??
[  585.523020][ T5933] cp210x 2-1:0.0: cp210x converter detected
[  587.144358][T11992] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  588.532982][ T5933] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  588.653758][ T5933] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  588.804419][ T5933] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  589.002719][ T5933] usb 2-1: cp210x converter now attached to ttyUSB0
[  589.228262][ T5933] usb 2-1: USB disconnect, device number 34
[  589.450860][ T5933] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  589.532895][ T5933] cp210x 2-1:0.0: device disconnected
[  589.746957][T12016] FAULT_INJECTION: forcing a failure.
[  589.746957][T12016] name failslab, interval 1, probability 0, space 0, times 0
[  589.759881][T12016] CPU: 0 UID: 0 PID: 12016 Comm: syz.1.1550 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  589.759906][T12016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  589.759916][T12016] Call Trace:
[  589.759924][T12016]  <TASK>
[  589.759931][T12016]  dump_stack_lvl+0x189/0x250
[  589.759961][T12016]  ? __pfx____ratelimit+0x10/0x10
[  589.759986][T12016]  ? __pfx_dump_stack_lvl+0x10/0x10
[  589.760011][T12016]  ? __pfx__printk+0x10/0x10
[  589.760032][T12016]  ? __pfx___might_resched+0x10/0x10
[  589.760062][T12016]  should_fail_ex+0x414/0x560
[  589.760089][T12016]  should_failslab+0xa8/0x100
[  589.760111][T12016]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  589.760133][T12016]  ? __alloc_skb+0x112/0x2d0
[  589.760153][T12016]  __alloc_skb+0x112/0x2d0
[  589.760177][T12016]  netlink_sendmsg+0x5c6/0xb30
[  589.760207][T12016]  ? __pfx_netlink_sendmsg+0x10/0x10
[  589.760235][T12016]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  589.760254][T12016]  ? __pfx_netlink_sendmsg+0x10/0x10
[  589.760272][T12016]  __sock_sendmsg+0x21c/0x270
[  589.760298][T12016]  ____sys_sendmsg+0x505/0x830
[  589.760322][T12016]  ? __pfx_____sys_sendmsg+0x10/0x10
[  589.760349][T12016]  ? import_iovec+0x74/0xa0
[  589.760367][T12016]  ___sys_sendmsg+0x21f/0x2a0
[  589.760388][T12016]  ? __pfx____sys_sendmsg+0x10/0x10
[  589.760436][T12016]  ? __fget_files+0x2a/0x420
[  589.760462][T12016]  ? __fget_files+0x3a0/0x420
[  589.760491][T12016]  __x64_sys_sendmsg+0x19b/0x260
[  589.760513][T12016]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  589.760551][T12016]  do_syscall_64+0xfa/0x3b0
[  589.760576][T12016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.760592][T12016]  ? asm_sysvec_call_function_single+0x1a/0x20
[  589.760608][T12016]  ? clear_bhb_loop+0x60/0xb0
[  589.760627][T12016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.760642][T12016] RIP: 0033:0x7f58b7b8e929
[  589.760656][T12016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.760672][T12016] RSP: 002b:00007f58b89f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  589.760689][T12016] RAX: ffffffffffffffda RBX: 00007f58b7db6160 RCX: 00007f58b7b8e929
[  589.760702][T12016] RDX: 0000000004000040 RSI: 0000200000000000 RDI: 0000000000000007
[  589.760713][T12016] RBP: 00007f58b89f6090 R08: 0000000000000000 R09: 0000000000000000
[  589.760723][T12016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.760732][T12016] R13: 0000000000000000 R14: 00007f58b7db6160 R15: 00007fffdf0508a8
[  589.760757][T12016]  </TASK>
[  590.014989][    C0] vkms_vblank_simulate: vblank timer overrun
[  590.483509][T12015] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1551'.
[  590.575027][   T30] audit: type=1326 audit(1750062818.336:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12017 comm="syz.5.1553" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f999358e929 code=0x0
[  590.896401][T12033] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  593.133119][T12055] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1560'.
[  593.249983][T12056] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  593.288103][T12057] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  593.521850][T12066] netlink: 'syz.1.1564': attribute type 12 has an invalid length.
[  593.636354][   T30] audit: type=1326 audit(1750062821.396:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.674057][   T30] audit: type=1326 audit(1750062821.396:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.710818][   T30] audit: type=1326 audit(1750062821.396:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.737357][   T30] audit: type=1326 audit(1750062821.396:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.810329][   T30] audit: type=1326 audit(1750062821.396:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.887435][   T30] audit: type=1326 audit(1750062821.396:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.932387][   T30] audit: type=1326 audit(1750062821.396:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.958545][   T30] audit: type=1326 audit(1750062821.396:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  593.983418][   T30] audit: type=1326 audit(1750062821.396:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12045 comm="syz.4.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0d0378e929 code=0x7ffc0000
[  594.710270][T12084] siw: device registration error -23
[  595.537544][T12090] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  596.024197][T12098] netlink: 'syz.0.1572': attribute type 7 has an invalid length.
[  597.077516][T12112] input: syz1 as /devices/virtual/input/input44
[  598.705050][T12121] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.1578'.
[  598.746983][T12121] netlink: 4280 bytes leftover after parsing attributes in process `syz.0.1578'.
[  599.246751][T12130] can0: slcan on ptm0.
[  599.335848][T12140] siw: device registration error -23
[  599.937746][T12121] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1578'.
[  599.947487][T12128] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  599.957540][    T9] IPVS: starting estimator thread 0...
[  600.033954][T12145] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  600.056680][T12146] IPVS: using max 30 ests per chain, 72000 per kthread
[  601.410358][T12160] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1589'.
[  601.446800][T12160] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1589'.
[  601.557906][T12120] can0 (unregistered): slcan off ptm0.
[  601.834812][T12168] veth2: entered allmulticast mode
[  602.437349][T12174] netlink: 'syz.0.1592': attribute type 1 has an invalid length.
[  602.445138][T12174] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1592'.
[  602.607081][T12177] input: syz1 as /devices/virtual/input/input46
[  604.272110][T12193] siw: device registration error -23
[  605.005428][T12197] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  605.045605][T12199] bridge0: port 3(netdevsim2) entered disabled state
[  605.052615][T12199] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.074912][T12201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1600'.
[  605.093403][T12199] bridge0: entered allmulticast mode
[  605.153459][T12199] netdevsim netdevsim3 netdevsim2: left allmulticast mode
[  605.206831][T12199] netdevsim netdevsim3 netdevsim2: left promiscuous mode
[  605.224686][T12199] bridge0: port 3(netdevsim2) entered disabled state
[  605.258209][T12201] block device autoloading is deprecated and will be removed.
[  605.325743][T12199] bridge_slave_1: left allmulticast mode
[  605.337032][T12199] bridge_slave_1: left promiscuous mode
[  605.351411][T12199] bridge0: port 2(bridge_slave_1) entered disabled state
[  606.041995][T12199] bridge_slave_0: left allmulticast mode
[  606.048771][T12199] bridge_slave_0: left promiscuous mode
[  606.056742][T12199] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.998369][T12226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1605'.
[  607.017259][T12226] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1605'.
[  608.197643][T12246] siw: device registration error -23
[  608.832900][T12252] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  611.589667][T12284] trusted_key: encrypted_key: master key parameter 'use' is invalid
[  612.473374][T12298] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  612.852467][T12304] siw: device registration error -23
[  614.183608][T12317] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  614.192474][T12317] batadv_slave_0: entered promiscuous mode
[  617.264848][T12344] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  619.107707][T12365] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1643'.
[  619.174500][T12366] 9pnet_fd: Insufficient options for proto=fd
[  619.273754][T12371] fuse: Bad value for 'group_id'
[  619.279482][T12371] fuse: Bad value for 'group_id'
[  619.285631][T12371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1643'.
[  619.304208][T12371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1643'.
[  620.294112][T12386] pim6reg: entered allmulticast mode
[  620.400601][T12386] pim6reg: left allmulticast mode
[  620.409698][T12389] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  622.527275][T12377] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  622.573211][T12377] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  622.616983][ T9995] Bluetooth: hci2: command 0x0405 tx timeout
[  623.982844][T12434] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  624.228355][T12377] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  624.234316][T12377] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  624.269249][T12438] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1665'.
[  624.278713][T12438] tipc: Invalid UDP bearer configuration
[  624.278768][T12438] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  729.356583][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  729.363579][    C0] rcu: 	1-...!: (1 GPs behind) idle=8b2c/1/0x4000000000000000 softirq=58868/58880 fqs=1
[  729.374447][    C0] rcu: 	(detected by 0, t=10506 jiffies, g=47113, q=470 ncpus=2)
[  729.382189][    C0] Sending NMI from CPU 0 to CPUs 1:
[  729.382224][    C1] NMI backtrace for cpu 1
[  729.382240][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  729.382260][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  729.382270][    C1] RIP: 0010:__lock_acquire+0x893/0xd20
[  729.382295][    C1] Code: 83 3d 44 d7 01 0e 00 0f 85 36 02 00 00 48 83 7c 24 28 00 0f 84 bc 01 00 00 41 8b 46 f8 25 ff 1f 00 00 48 0f a3 05 ad 36 03 12 <0f> 83 5a 01 00 00 48 69 c0 c8 00 00 00 48 8d 80 30 73 42 93 e9 87
[  729.382309][    C1] RSP: 0018:ffffc90000a08b30 EFLAGS: 00000003
[  729.382324][    C1] RAX: 0000000000000007 RBX: 0000000000000002 RCX: 00000000966bc755
[  729.382334][    C1] RDX: 00000000035c887d RSI: 0000000096921e0a RDI: ffff88801d2fda00
[  729.382346][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff897ee394
[  729.382356][    C1] R10: dffffc0000000000 R11: ffffffff897ee2d0 R12: 0000000000000d4a
[  729.382367][    C1] R13: ffff88801d2fe4f0 R14: ffff88801d2fe540 R15: ca2bf256966bc755
[  729.382379][    C1] FS:  0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000
[  729.382393][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  729.382403][    C1] CR2: 000000110c3a7fdb CR3: 000000003a250000 CR4: 00000000003526f0
[  729.382417][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  729.382426][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  729.382436][    C1] Call Trace:
[  729.382444][    C1]  <IRQ>
[  729.382458][    C1]  ? advance_sched+0xc4/0xc90
[  729.382477][    C1]  lock_acquire+0x120/0x360
[  729.382496][    C1]  ? advance_sched+0xc4/0xc90
[  729.382520][    C1]  _raw_spin_lock+0x2e/0x40
[  729.382540][    C1]  ? advance_sched+0xc4/0xc90
[  729.382557][    C1]  advance_sched+0xc4/0xc90
[  729.382576][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  729.382597][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  729.382621][    C1]  ? __pfx_advance_sched+0x10/0x10
[  729.382639][    C1]  __hrtimer_run_queues+0x529/0xc60
[  729.382669][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  729.382690][    C1]  ? read_tsc+0x9/0x20
[  729.382711][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  729.382743][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  729.382767][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  729.382789][    C1]  </IRQ>
[  729.382794][    C1]  <TASK>
[  729.382800][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  729.382818][    C1] RIP: 0010:unwind_next_frame+0x12fc/0x2390
[  729.382841][    C1] Code: d5 48 89 d5 48 89 d8 48 29 e8 48 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 <48> c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 27
[  729.382855][    C1] RSP: 0018:ffffc900001d7458 EFLAGS: 00000292
[  729.382868][    C1] RAX: ffffffff8fb403e0 RBX: ffffffff8fb403e8 RCX: 0000000000000004
[  729.382879][    C1] RDX: ffffffff8fb403d8 RSI: ffffffff902f6cc0 RDI: ffffffff8be1b6a0
[  729.382891][    C1] RBP: ffffffff8fb403d8 R08: 0000000000000005 R09: ffffffff81729af5
[  729.382902][    C1] R10: ffffc900001d7578 R11: ffffffff81acf5a0 R12: ffffffff8185d1ba
[  729.382914][    C1] R13: ffffffff8fb403d8 R14: ffffc900001d7528 R15: ffffffff8fb403e0
[  729.382928][    C1]  ? run_ksoftirqd+0x9a/0x100
[  729.382942][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  729.382963][    C1]  ? unwind_next_frame+0xa5/0x2390
[  729.382988][    C1]  ? unwind_next_frame+0xd4/0x2390
[  729.383011][    C1]  ? unwind_next_frame+0xa5/0x2390
[  729.383033][    C1]  ? run_ksoftirqd+0x9b/0x100
[  729.383048][    C1]  ? rcu_core+0xc34/0x1710
[  729.383067][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  729.383083][    C1]  arch_stack_walk+0x11c/0x150
[  729.383109][    C1]  ? run_ksoftirqd+0x9b/0x100
[  729.383124][    C1]  stack_trace_save+0x9c/0xe0
[  729.383139][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  729.383157][    C1]  ? __lock_acquire+0xab9/0xd20
[  729.383177][    C1]  kasan_save_track+0x3e/0x80
[  729.383198][    C1]  ? kasan_save_track+0x3e/0x80
[  729.383214][    C1]  ? kasan_save_free_info+0x46/0x50
[  729.383236][    C1]  ? __kasan_slab_free+0x62/0x70
[  729.383252][    C1]  ? slab_free_after_rcu_debug+0x129/0x2a0
[  729.383276][    C1]  ? rcu_core+0xca8/0x1710
[  729.383295][    C1]  ? handle_softirqs+0x286/0x870
[  729.383315][    C1]  ? run_ksoftirqd+0x9b/0x100
[  729.383348][    C1]  kasan_save_free_info+0x46/0x50
[  729.383370][    C1]  __kasan_slab_free+0x62/0x70
[  729.383388][    C1]  slab_free_after_rcu_debug+0x129/0x2a0
[  729.383412][    C1]  ? __pfx_slab_free_after_rcu_debug+0x10/0x10
[  729.383435][    C1]  ? rcu_core+0xc34/0x1710
[  729.383454][    C1]  rcu_core+0xca8/0x1710
[  729.383482][    C1]  ? __pfx_rcu_core+0x10/0x10
[  729.383500][    C1]  ? __schedule+0x16c0/0x4cb0
[  729.383521][    C1]  ? rcu_qs+0xc4/0x170
[  729.383541][    C1]  ? __pfx_rcu_qs+0x10/0x10
[  729.383560][    C1]  ? sched_clock_cpu+0x74/0x430
[  729.383585][    C1]  ? rcu_softirq_qs+0xf2/0x350
[  729.383605][    C1]  ? __pfx_rcu_softirq_qs+0x10/0x10
[  729.383630][    C1]  handle_softirqs+0x286/0x870
[  729.383653][    C1]  ? run_ksoftirqd+0x9b/0x100
[  729.383669][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  729.383689][    C1]  ? preempt_schedule_common+0x83/0xd0
[  729.383711][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  729.383733][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  729.383752][    C1]  run_ksoftirqd+0x9b/0x100
[  729.383766][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  729.383780][    C1]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[  729.383803][    C1]  ? smpboot_thread_fn+0x5f4/0xa60
[  729.383825][    C1]  smpboot_thread_fn+0x53f/0xa60
[  729.383847][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  729.383871][    C1]  kthread+0x70e/0x8a0
[  729.383888][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  729.383909][    C1]  ? __pfx_kthread+0x10/0x10
[  729.383925][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  729.383945][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  729.383966][    C1]  ? __pfx_kthread+0x10/0x10
[  729.383981][    C1]  ret_from_fork+0x3fc/0x770
[  729.384002][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  729.384024][    C1]  ? __switch_to_asm+0x39/0x70
[  729.384038][    C1]  ? __switch_to_asm+0x33/0x70
[  729.384052][    C1]  ? __pfx_kthread+0x10/0x10
[  729.384068][    C1]  ret_from_fork_asm+0x1a/0x30
[  729.384089][    C1]  </TASK>
[  729.384212][    C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g47113 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  729.990920][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  730.000892][    C0] rcu: RCU grace-period kthread stack dump:
[  730.006786][    C0] task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  730.020288][    C0] Call Trace:
[  730.023566][    C0]  <TASK>
[  730.026503][    C0]  __schedule+0x16a2/0x4cb0
[  730.031029][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  730.036241][    C0]  ? schedule+0x165/0x360
[  730.040584][    C0]  ? __lock_acquire+0xab9/0xd20
[  730.045444][    C0]  ? __pfx___schedule+0x10/0x10
[  730.050320][    C0]  ? schedule+0x91/0x360
[  730.054573][    C0]  schedule+0x165/0x360
[  730.058743][    C0]  schedule_timeout+0x12b/0x270
[  730.063612][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  730.068995][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  730.074897][    C0]  ? __pfx_process_timeout+0x10/0x10
[  730.080200][    C0]  ? prepare_to_swait_event+0x341/0x380
[  730.085762][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  730.090635][    C0]  ? __pfx_rcu_watching_snap_save+0x10/0x10
[  730.096535][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  730.101829][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  730.107738][    C0]  ? finish_swait+0xcd/0x1f0
[  730.112334][    C0]  rcu_gp_kthread+0x99/0x390
[  730.116933][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  730.122142][    C0]  ? __kthread_parkme+0x7b/0x200
[  730.127127][    C0]  ? __kthread_parkme+0x1a1/0x200
[  730.132179][    C0]  kthread+0x70e/0x8a0
[  730.136261][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  730.141474][    C0]  ? __pfx_kthread+0x10/0x10
[  730.146076][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  730.151290][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  730.156500][    C0]  ? __pfx_kthread+0x10/0x10
[  730.161098][    C0]  ret_from_fork+0x3fc/0x770
[  730.165703][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  730.170828][    C0]  ? __switch_to_asm+0x39/0x70
[  730.175591][    C0]  ? __switch_to_asm+0x33/0x70
[  730.180351][    C0]  ? __pfx_kthread+0x10/0x10
[  730.184946][    C0]  ret_from_fork_asm+0x1a/0x30
[  730.189746][    C0]  </TASK>
[  730.192775][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  730.199115][    C0] CPU: 0 UID: 0 PID: 6943 Comm: kworker/u8:17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full) 
[  730.211361][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  730.221442][    C0] Workqueue: events_unbound toggle_allocation_gate
[  730.227967][    C0] RIP: 0010:smp_call_function_many_cond+0xf6e/0x12d0
[  730.234665][    C0] Code: 89 ee 83 e6 01 31 ff e8 50 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 fb 73 0b 00 eb 37 f3 90 43 0f b6 04 2c <84> c0 75 10 41 f7 07 01 00 00 00 74 1e e8 e0 73 0b 00 eb e5 44 89
[  730.254279][    C0] RSP: 0018:ffffc90003ddf6a0 EFLAGS: 00000293
[  730.260355][    C0] RAX: 0000000000000000 RBX: ffff8880b863c9c0 RCX: ffff88803433bc00
[  730.268332][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  730.276304][    C0] RBP: ffffc90003ddf800 R08: ffffffff8f9fe2f7 R09: 1ffffffff1f3fc5e
[  730.284280][    C0] R10: dffffc0000000000 R11: fffffbfff1f3fc5f R12: 1ffff110170e825d
[  730.292252][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b87412e8
[  730.300227][    C0] FS:  0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
[  730.309159][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  730.315746][    C0] CR2: 000000110c40fe25 CR3: 000000000df38000 CR4: 00000000003526f0
[  730.323734][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  730.331742][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  730.339724][    C0] Call Trace:
[  730.343012][    C0]  <TASK>
[  730.345969][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  730.352317][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  730.357694][    C0]  ? kmem_cache_alloc_bulk_noprof+0x148/0x790
[  730.363770][    C0]  ? __pfx___text_poke+0x10/0x10
[  730.368707][    C0]  ? rcu_is_watching+0x15/0xb0
[  730.373481][    C0]  ? trace_contention_end+0x39/0x120
[  730.378776][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  730.383803][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  730.388927][    C0]  smp_text_poke_batch_finish+0x5e0/0x1100
[  730.394742][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  730.399781][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  730.406034][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[  730.412320][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  730.418321][    C0]  static_key_enable_cpuslocked+0x128/0x250
[  730.424232][    C0]  static_key_enable+0x1a/0x20
[  730.429007][    C0]  toggle_allocation_gate+0xad/0x240
[  730.434307][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  730.440207][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  730.445946][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  730.451673][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  730.457403][    C0]  process_scheduled_works+0xade/0x17b0
[  730.463005][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  730.469055][    C0]  worker_thread+0x8a0/0xda0
[  730.473670][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  730.480034][    C0]  ? __kthread_parkme+0x7b/0x200
[  730.485006][    C0]  kthread+0x70e/0x8a0
[  730.489128][    C0]  ? __pfx_worker_thread+0x10/0x10
[  730.494261][    C0]  ? __pfx_kthread+0x10/0x10
[  730.498867][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  730.504094][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  730.509301][    C0]  ? __pfx_kthread+0x10/0x10
[  730.513900][    C0]  ret_from_fork+0x3fc/0x770
[  730.518507][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  730.523635][    C0]  ? __switch_to_asm+0x39/0x70
[  730.528406][    C0]  ? __switch_to_asm+0x33/0x70
[  730.533170][    C0]  ? __pfx_kthread+0x10/0x10
[  730.537767][    C0]  ret_from_fork_asm+0x1a/0x30
[  730.542559][    C0]  </TASK>