last executing test programs:

19m45.833247712s ago: executing program 3 (id=2812):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x701203, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0xa, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70b924, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x9, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x8, 0x9, 0xffff5571, 0xffffcb85, 0x7, 0x24003}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2000c0e1}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="640000004ec6"})

19m45.532220598s ago: executing program 3 (id=2813):
syz_open_dev$vim2m(0x0, 0x3, 0x2)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x4, 0x80000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000080)=0x1)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r5 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x1e, 0x4, 0x0)
r7 = socket(0x1e, 0x2, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, 0x0, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)

19m44.451776786s ago: executing program 3 (id=2816):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
r1 = syz_clone3(&(0x7f0000000380)={0x40800000, 0x0, 0x0, 0x0, {0x1b}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = getuid()
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010020bd70100600010007000000080009000200000008000b00", @ANYRES16=r4], 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="a03700002d00010026bd7000fcdbdf250400000005000b00", @ANYRES32=r5, @ANYBLOB="81120c"], 0x37a0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
fstat(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000000c0)={r1, r3, r6}, 0xc)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x10c, &(0x7f0000000000)=0x3, 0x0, 0x4)

19m43.78404213s ago: executing program 3 (id=2819):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x10)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401)
mbind(&(0x7f0000fda000/0x2000)=nil, 0x2000, 0x1, &(0x7f0000001100)=0x4, 0x29b, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0xfffffffd, 0x80, {0x0, 0x0, 0x0, 0x0, 0x1503}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000200)={0x40, 0x17, 0x6, 0x401, 0x300, 0x4, 0x0})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r5, {0x0, 0x3}, {0xffff, 0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x100000009}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x4000)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
pwritev2(r9, &(0x7f00000000c0)=[{&(0x7f0000000000)='d', 0x1}], 0x1, 0x100000, 0x0, 0xe)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000002c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x2008040}, 0x880)

19m41.840115716s ago: executing program 3 (id=2830):
r0 = openat$vga_arbiter(0xffffff9c, &(0x7f0000000140), 0x400, 0x0)
write$vga_arbiter(r0, &(0x7f0000000280)=@unlock_all, 0xb)
r1 = socket(0x2, 0x2, 0xfffffffa)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)}, &(0x7f0000000180)=0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[{&(0x7f00000020c0)=""/4083, 0xff3}, {&(0x7f0000000200)=""/104, 0x68}], 0x2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010080000904000001020d0000052406000105240000000d24dfc700000000000000000006241a000000090581030002000000090401"], 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f0000000180)={0x1000, 0xe000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r9 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
unlink(&(0x7f00000002c0)='./file0\x00')
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r9, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f00000ca000/0x3000)=nil, 0x3000, 0x3000000, 0x12, r9, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000040)={0xd000, 0x10000})
close_range(r2, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)

19m41.497121118s ago: executing program 3 (id=2835):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x80481, 0x0)
pwrite64(r1, &(0x7f0000000080)="625430c10d", 0xff3c, 0x100000001)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, 0x0, 0x0)

19m41.015981197s ago: executing program 32 (id=2835):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x80481, 0x0)
pwrite64(r1, &(0x7f0000000080)="625430c10d", 0xff3c, 0x100000001)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x18)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, 0x0, 0x0)

2m50.557911992s ago: executing program 2 (id=5997):
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x206, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @hsr={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8}]}}}]}, 0x38}}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x23, 0x2, 0x1, "b43d70dde5b7e214dba25fc29ee6c9000000c67f00", 0x32315559})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x1b0, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x74, 0x2, {{}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x677270a9f349733c}, @TCA_NETEM_RATE={0x14, 0x6, {0x4, 0x3, 0x7, 0x4}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x77fa5260}, @TCA_NETEM_REORDER={0xc, 0x3, {0x101, 0x6}}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x4, 0x8}}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x3, 0x1}}, @TCA_NETEM_ECN={0x8}]}}}, @TCA_STAB={0x10c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, {0xc, 0x2, [0x0, 0x0, 0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x2, [0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, {0x12, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, {0x16, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, {0x18, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}]}]}, 0x1b0}}, 0x0)

2m50.270317304s ago: executing program 2 (id=5999):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f00000000c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00', 0x40}, r3}}, 0x30)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0xfdfe, 0x7, @remote, 0x4}, 0x1c)
connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xa}, &(0x7f0000000000)={0x1f, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0)

2m49.893028515s ago: executing program 2 (id=6000):
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_usb_connect(0x0, 0x44, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x1, 0x3c, 0x4c, 0x20, 0x15c2, 0xffdc, 0xa41b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x1, 0x2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9d, 0x0, 0x0, 0x1f, 0x98, 0x8e, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x2, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x306, 0x5, 0x4, 0x5}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x302, 0x5, 0x1, 0x2}, @mixer_unit={0x5, 0x24, 0x4, 0x4, 0xd9}]}]}}]}}]}}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
lseek(0xffffffffffffffff, 0xfffffffffffffffa, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f00000029c0)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000040)="f78d6b9d8f5eabea739bf8e1792502f4cad0b7367ee97a2787204f070a1f50d0ce8ca90083a4d7919805e08ef4e50225717b2fa864", 0x35}], 0x1, 0x0, 0x0, 0x8000}, {0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000002340)="cd27cb1e243dd0b0271495d077fce318b47d19930b10b8cbb93a599042d8928cd25999ac81c5b42522878c235b712b479c4a0ae4508e8ea56547b5b7cc3795501be9f8abcc8251018b265d16c328d3a3419cab8e0241e9679746cf62046a8a85748974d5936ebbcb13d0b3e0046829b8dcb82941e4efac75", 0x78}, {&(0x7f00000023c0)="152cf66a55c7ae4b33b32e1b663e2846e9d693c5c9c29ee919d3d90782cff01edbe47df5137fad6535081b74d2227497468e255fe1e5f17ae7e640b205b8a0ea27f42d57614f3799824035e760ea201dff8961d55ec70ae9f951d582bf48fd7ae94207ea5413a7df08e997f36389c88d58d8e2488311aceff45531d64e351bcce101b6bd402ae1e81ff191da487008d41283de73c6f8a33804496149a01e023f943639a4109dcb333d09fd4e1a3f2ef80dff33dc727c3b14df2da91ecb020cefc0ef172ac861958577180702846e6aa7cf25570e69290fe0ac08597889", 0xdd}, {&(0x7f00000024c0)="02740518dc78bf5a58824ed2476ba5bd9fe9ea45186f349a64ebe0cd5bdede4fe54f9858c27084110c66fe6b6b000f2b3a592f020c68c2aaaa71d12ca3d78d323b18211d6a504c68", 0x48}, {&(0x7f0000002540)="e12615bfc45f921c93764072781d5a304da94798e0185b3493922c670978a1d018991ce1bb6b1d792599ed851503d67919e6219ccb0ca14b057bcd81bcbde668a666d17fbc6c1f9067d9621a9a751c5a91f2919beb57ba97589a4528db67cc85b6810d87ae8c17ddcd693a194f720cfe0a9afb122802e6da6659766441c762f54bbc3b16e4b8ba382e6ee15402b2268425d53b8f35032c4f03aaff263b9883043ab6d0e29ae3a5f23d9b44903de9e41fa14485639a5f450dcfdc90f52e04e9d90aa09d57dabfff581ecd5a925266693b1a8b81c435ff787b76177108e11b29a005efe26b02ab567adff40c7b68629bf4a4d1b3b6c6", 0xf5}, {&(0x7f0000002640)="7f1df5606d772cc3d2b7c934a3f563ecc55e07fcdb6ad2d35d786de521c9ca1ca10800b4480b8b16fb6179fa78e48085ec6f4a56a8ed684d463d71f9f6e86288cfed4739b9c932f2e0580f6785a2a06714c71ab69a8f96eeeb7557f05aa0e915a3e686c750a291912cb36628e27a7d1a793e8cc010c1a87e8a6f22f8aea3b96f3e1da1d49c90a7f35ff4bb1911b164bc392e64605d929ce5b493bab50027c0a48c4116c05dec491ae8af9ec8e80ee574d21557ee1a90ca5a5370d29dc49c9a6332677d2cb02e7bbf68124d59761d3eb9d4c77fc9fa7865337928a3ddec10f9a368bb998ecf5c63b7555aba7ad234", 0xee}, {&(0x7f0000002740)="f35286e70ec5486b08fcd22cf1c28143408992f2816a9d79133b5a86ec4f8157a92dd50d76d0a44c95c1123617fb7cc93d1d61555eb9a41bc91d2a850ab30f35113c9a1833ec5972da3fc9dfc77dd8485df45c620eebd3b9464d9d335017649437aff2e32a9a5e95b7e541a39ec3bdd1651482468485771400341c4fedbc7d8ce459ffe5abd3df3b744c47413eae10ada6a59539b192c018a651de63cc1ddf082ca3b7d7720ac1da80918725b3fd6a3706af211d44fb424c8613772220b7287eee5cb0357a47da0c794b8a1fa3a63e0f183d3256e71680dc60f88029db7967cd6d80cd9fbd2d85596324765c5d", 0xed}], 0x6, &(0x7f0000002840)=[@op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @assoc={0x10}, @iv={0xf4, 0x117, 0x2, 0xe2, "fe77d5bacbfa1e5de89e5bdaf74fdb45eaec9cd23670194a23d070c8be99d42f9d8e532afd852a26a7191eb642d3f2495545417536425dcd55d85cbffe0390a46cfd1395a53f968289981c690fee6d165feb8837068a881bd862efed1858e3f081e555e519095e868d98a10a71c1cf40b56ec42cc2c49b80f8fc4e82a1ffd8fe899f48c6c654eccc50655c800a64ea19e9e81729c51a113151bc4ab1b433e6b7a4766d170c355b0f04b6ac53c70c748e73a12d059cbd207d9bd84ef4fe66a1f0fe58a624e34bb8856f411c5e46b08c79157c3527c11932d378ac8a532d422244ab6b"}, @assoc={0x10, 0x117, 0x4, 0x5}, @iv={0x1c, 0x117, 0x2, 0x9, "6d888a11c8382c59d2"}], 0x170, 0x4}], 0x2, 0x44c84)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x3a, &(0x7f0000000d80)=[{&(0x7f0000002240)=""/197, 0xc5}], 0x1}, 0x2001)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

2m45.865582607s ago: executing program 2 (id=6007):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310300000000000000000900000008000300", @ANYBLOB='\b'], 0x24}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r5, 0xc018480b, &(0x7f0000000980)={0x1, 0xffffffff, 0x8001, 0x5, 0x1, 0x5})
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000000203032000000000000000000000000008000100010000000900"], 0x28}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_ro(r6, &(0x7f0000000280)='blkio.bfq.sectors_recursive\x00', 0x0, 0x0)
preadv2(r7, &(0x7f0000000040)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x1, 0x0, 0x0)
r8 = socket(0x2, 0x80805, 0x0)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8}, @NFTA_RANGE_TO_DATA={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "a8"}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8d"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f0000000240)={0x0, 0x1000000})
sendmmsg$inet(r8, 0x0, 0x0, 0x20048890)

2m41.495905746s ago: executing program 2 (id=6021):
r0 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="26acd4fa15e068d767061c5e7e43c72e6204692f21f21e93f2a64cf4681e32abcc4f33c322849267bca826a6ccb2af4ecfba72fd5827f433c80652dab6a13a6bfb261bf107911fd51cf7551f9fb986e3586a33f0e18bcd5d62f96b60fcf4cb84eba5ac179e561ff3977dd2fefdc0fb6fa20c77d18e96d7a730d7", 0x7a, 0xfffffffffffffff9)
r1 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r0, &(0x7f0000000100)='id_resolver\x00', &(0x7f0000000140)={'syz', 0x2}, r1)
keyctl$dh_compute(0x17, &(0x7f0000000200)={r0, r0, r0}, &(0x7f0000000240)=""/240, 0xf0, &(0x7f0000000380)={&(0x7f0000000340)={'rmd128\x00'}})
keyctl$join(0x1, &(0x7f00000003c0)={'syz', 0x2})
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000400)='.log\x00', 0x19b200, 0x0)
preadv(r2, &(0x7f0000001a40)=[{&(0x7f0000000440)=""/144, 0x90}, {&(0x7f0000000500)=""/252, 0xfc}, {&(0x7f0000000600)=""/120, 0x78}, {&(0x7f0000000680)=""/54, 0x36}, {&(0x7f00000006c0)=""/57, 0x39}, {&(0x7f0000000700)=""/248, 0xf8}, {&(0x7f0000000800)=""/219, 0xdb}, {&(0x7f0000000900)=""/151, 0x97}, {&(0x7f00000009c0)=""/118, 0x76}, {&(0x7f0000000a40)=""/4096, 0x1000}], 0xa, 0x8, 0x0)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000004)
unshare(0x1a010c80)
link(&(0x7f0000001ac0)='./file0\x00', &(0x7f0000001b00)='./file0\x00')
arch_prctl$ARCH_FORCE_TAGGED_SVA(0x4004)
ioctl$MON_IOCX_GETX(r2, 0x400c920a, &(0x7f0000001c40)={&(0x7f0000001b40), &(0x7f0000001b80)=""/163, 0xa3})
lstat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = add_key(&(0x7f0000001d40)='logon\x00', &(0x7f0000001d80)={'syz', 0x3}, &(0x7f0000001dc0)="bdc39bdb57de6fe90b3c0c119a9497aab571c631e6bde1d4b2dc9633df3064f32cfd73013999bfa389d153112d195e69cdd116b60824be5d2aacb668e2becf2463acb81c93076cbe5b762dcd100a1c065997ccee42c8ba8469ae2b48d6ce0e91ea547ba6b1b5176901e895421689cf5cd843fc0e3fcdaac6e1688bb9a266201f9d19de4c1f9d089e808e7e9231", 0x8d, r0)
keyctl$get_persistent(0x16, r3, r4)
keyctl$get_persistent(0x16, r3, r0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, r1, r1, 0x1)
request_key(&(0x7f0000001e80)='rxrpc\x00', &(0x7f0000001ec0)={'syz', 0x3}, &(0x7f0000001f00)='.,)\xc8\x00', 0xfffffffffffffffb)
r5 = dup(r2)
r6 = getpgid(0xffffffffffffffff)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000001f80)={{0xa, 0x1, 0x4, 0x5, 'syz1\x00'}, 0x4, 0x100, 0x2, r6, 0x1, 0x3, 'syz0\x00', &(0x7f0000001f40)=['.log\x00'], 0x5})
unshare(0x2000000)
r7 = io_uring_setup(0x21bd, &(0x7f00000020c0)={0x0, 0x58df, 0x400, 0x2, 0x37e, 0x0, r5})
io_uring_enter(r7, 0x61fe, 0xc2a9, 0x9d234f6d76e68b2f, &(0x7f0000002140)={[0x0, 0x6]}, 0x8)
r8 = syz_open_dev$I2C(&(0x7f0000002180), 0xc8, 0x80001)
ioctl$I2C_SLAVE_FORCE(r8, 0x706, 0x23e)
ioctl$KVM_GET_PIT2(r2, 0x8070ae9f, &(0x7f00000021c0))
arch_prctl$ARCH_FORCE_TAGGED_SVA(0x4004)
r9 = add_key$user(&(0x7f0000002240), &(0x7f0000002280)={'syz', 0x3}, &(0x7f00000022c0)="1db44c72c974", 0x6, r0)
keyctl$update(0x2, r9, 0x0, 0x0)

2m41.180615407s ago: executing program 2 (id=6023):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000780)={0x44, &(0x7f00000004c0)={0x20, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0x0)
r3 = memfd_create(&(0x7f0000000080)=',\xea\x00', 0x4)
ftruncate(r3, 0x6fffffd)
dup(r3)
preadv2(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x2, 0x20000, 0x8)
syz_emit_ethernet(0x4a, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
unshare(0x2040400)
unshare(0x26020480)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x10e, &(0x7f0000000180)={0x0, 0x6b6f, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r9 = epoll_create1(0x80000)
r10 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f00000005c0)={0x4})
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r5, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x47f5, 0x0, 0x0, 0x0, 0x0)

2m25.832945987s ago: executing program 33 (id=6023):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000780)={0x44, &(0x7f00000004c0)={0x20, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0x0)
r3 = memfd_create(&(0x7f0000000080)=',\xea\x00', 0x4)
ftruncate(r3, 0x6fffffd)
dup(r3)
preadv2(r2, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x2, 0x20000, 0x8)
syz_emit_ethernet(0x4a, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
unshare(0x2040400)
unshare(0x26020480)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x10e, &(0x7f0000000180)={0x0, 0x6b6f, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r9 = epoll_create1(0x80000)
r10 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f00000005c0)={0x4})
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r5, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x47f5, 0x0, 0x0, 0x0, 0x0)

33.597692333s ago: executing program 6 (id=6419):
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$tun(0xffffff9c, &(0x7f0000000d00), 0x800, 0x0)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x104)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
fsopen(&(0x7f0000000380)='pipefs\x00', 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000000d80)={0x3fffffff, 0x100, "6a3ce4ab8ed6c54797be28dc6b7dcc8d5eba4a0f1dea455e02c75ec18cfcdbf4", 0x0, 0xffffffff, 0x40000, 0x5, 0x90})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
syz_open_dev$vbi(0x0, 0x2, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000060a010400000000000000000a0000010900010073797a31000000002800048024000180090001006d6574610003000014000280080002400000000208000340000000160900020073790000140000001100010000000000000000000100000a00"/132], 0x84}, 0x1, 0x0, 0x0, 0x8800}, 0x24000000)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180), 0x4)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)="fa82", 0xff80}], 0x1}, 0x20000000)
r7 = openat$sysctl(0xffffff9c, &(0x7f0000000d40)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0)
write$sysctl(r7, 0x0, 0x0)
r8 = syz_open_dev$vbi(0x0, 0x0, 0x2)
r9 = syz_open_dev$vcsn(&(0x7f0000000c80), 0xe0, 0x8200)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r2, &(0x7f0000000cc0)={0x2001})
ioctl$VIDIOC_G_SLICED_VBI_CAP(r8, 0xc0745645, &(0x7f0000000540)={0x1d2, [0x4, 0x7, 0x3, 0x58d6, 0xff, 0x4, 0xe98, 0xffff, 0x4371, 0xc14, 0x0, 0x1, 0xe, 0x8d26, 0xffff, 0x40, 0x3, 0x9, 0x7, 0x4, 0x10, 0x6, 0x101, 0xff, 0xf, 0x40, 0x3, 0x6, 0x9, 0x1, 0x2, 0xff, 0x6, 0x1000, 0xf, 0x1, 0x7f, 0x8, 0x13d8, 0x4, 0xc, 0x7, 0x8, 0x1, 0x7f, 0x5, 0x49, 0x6], 0x9})

13.18065113s ago: executing program 1 (id=6469):
syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x93}, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) (async, rerun: 64)
socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
lsm_set_self_attr(0x68, &(0x7f0000000800)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0) (async)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async, rerun: 64)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) (async, rerun: 64)
r5 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000001780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001740)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14b7d13aba24227f83000000280001002dbd7008"], 0x14}, 0x1, 0x0, 0x0, 0x4051}, 0x20000800) (async)
r6 = inotify_init1(0x0)
inotify_add_watch(r6, &(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x6000d16) (async)
r7 = openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r7, 0xffffffffffffffff, 0x0, 0xd) (async)
setxattr$incfs_id(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000000c0), 0x0, 0x0, 0x1) (async)
ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea}) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x2)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) (async)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x2a, 0x6, "fde431229670d7492bb2005deabfbb35187a5f823d729949b356e7c2d544c993206dcef000bc"}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x70}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}}, 0x0)

12.070860604s ago: executing program 5 (id=6473):
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f00000000c0)={0x3})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0xfffffffc, 0xe, 0x9, 0x8, 0x0, 0x7}, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[@ANYBLOB="7c0000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="83040500000000005c0012800e0001006970"], 0x7c}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000300)={0x6, 0x0, 0x1, 'queue0\x00', 0x1})
r3 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x0)
move_mount(r4, 0x0, r4, 0x0, 0x256)
readv(r3, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
timer_create(0x0, 0x0, &(0x7f0000000140))
r5 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x2]}})
syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1281000056544820e105080411250102030109022400010000000009040000022ec25d00090509000000000000090503010000000000724479a88e79373ae03dfc0407b618583ee32df51912c5072b1801a78b8c16e526d4d8fdbdf9e9cfd7d0d0db90e33184438f8bdee9a985ef2b99067db046d73ba036d78f478f7b473030d0dc0c386df8121a1c2e53518420065835b403721de901a89bd149a58eac7a89fdf377e9a64104aefed3090b0812012bb0c696ae76f1fdcd6dd2883c29049dced50caab10f87480b04968bf165279d70fa297757860b9bcb43c21c11d80eea4a7634aa8fcaf8f0aa610c"], 0x0)

9.872180204s ago: executing program 1 (id=6475):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x5}, 0x1c)
listen(r0, 0xfffffffc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1ff}, 0x1c)
socket$igmp(0x2, 0x3, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r5=>0x0})
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000001, 0x30, 0xffffffffffffffff, 0x0)
read$FUSE(r6, &(0x7f0000000c40)={0x2020}, 0x2020)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={@dev, 0x40, r5})
r7 = socket(0x15, 0x4, 0x2)
ioctl(r7, 0x8916, &(0x7f0000000000))
ioctl(r7, 0x8936, &(0x7f0000000000))
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x40c0}, 0x4c800)
socket$nl_xfrm(0x10, 0x3, 0x6)
timer_create(0x0, 0x0, &(0x7f0000000300))
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
r8 = ioctl$TIOCGPTPEER(r6, 0x5441, 0x15)
ioctl$TCXONC(r8, 0x540a, 0x3)

8.245739956s ago: executing program 5 (id=6477):
r0 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000080)={r0})
r1 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000080)={r1})
r2 = socket$kcm(0x2d, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000100)) (fail_nth: 1)

7.910739246s ago: executing program 6 (id=6419):
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = openat$tun(0xffffff9c, &(0x7f0000000d00), 0x800, 0x0)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x104)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
fsopen(&(0x7f0000000380)='pipefs\x00', 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000000d80)={0x3fffffff, 0x100, "6a3ce4ab8ed6c54797be28dc6b7dcc8d5eba4a0f1dea455e02c75ec18cfcdbf4", 0x0, 0xffffffff, 0x40000, 0x5, 0x90})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
syz_open_dev$vbi(0x0, 0x2, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000060a010400000000000000000a0000010900010073797a31000000002800048024000180090001006d6574610003000014000280080002400000000208000340000000160900020073790000140000001100010000000000000000000100000a00"/132], 0x84}, 0x1, 0x0, 0x0, 0x8800}, 0x24000000)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180), 0x4)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000040)="fa82", 0xff80}], 0x1}, 0x20000000)
r7 = openat$sysctl(0xffffff9c, &(0x7f0000000d40)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0)
write$sysctl(r7, 0x0, 0x0)
r8 = syz_open_dev$vbi(0x0, 0x0, 0x2)
r9 = syz_open_dev$vcsn(&(0x7f0000000c80), 0xe0, 0x8200)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r2, &(0x7f0000000cc0)={0x2001})
ioctl$VIDIOC_G_SLICED_VBI_CAP(r8, 0xc0745645, &(0x7f0000000540)={0x1d2, [0x4, 0x7, 0x3, 0x58d6, 0xff, 0x4, 0xe98, 0xffff, 0x4371, 0xc14, 0x0, 0x1, 0xe, 0x8d26, 0xffff, 0x40, 0x3, 0x9, 0x7, 0x4, 0x10, 0x6, 0x101, 0xff, 0xf, 0x40, 0x3, 0x6, 0x9, 0x1, 0x2, 0xff, 0x6, 0x1000, 0xf, 0x1, 0x7f, 0x8, 0x13d8, 0x4, 0xc, 0x7, 0x8, 0x1, 0x7f, 0x5, 0x49, 0x6], 0x9})

7.258328051s ago: executing program 5 (id=6479):
openat$nvram(0xffffff9c, &(0x7f0000000080), 0x4000, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x4, &(0x7f00000004c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x7}, 0x1c)
listen(r3, 0xfffffffc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r4, @ANYRES16=r6, @ANYBLOB="10002cbd700000000000010000005e00000000000000390f000003000000a714141c7943e428e95bd5d2421a638e2ad2a4b7dffcc597ae91f8d3962451a691acf9e9bec27a97c92a97d7291a0bdb80dad99c4745491747d945bdde42f516ff8fd6f29f98110ada70cdda0bba80c3fc3e1e3544790174b77a30469dfa55df56ac"], 0x28}, 0x1, 0xff07, 0x0, 0x2000a805}, 0x2004080)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
fcntl$setstatus(r7, 0x4, 0x42000)
userfaultfd(0x801)
r8 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r8, 0x5423, 0x0)

7.181642042s ago: executing program 0 (id=6481):
r0 = socket$inet6(0xa, 0x2, 0x73)
r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x5, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc040564a, &(0x7f00000000c0)={0x0, 0x80080003, 0x100f, 0xffffffffffffffff, 0x0, 0x0})
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket(0x10, 0x3, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x208000, 0x0, 0x3c, 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, 0xffffffffffffffff, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in6=@mcast1, 0x4e24, 0x0, 0x0, 0x8, 0x2, 0x0, 0x20, 0xc}, {0x10000, 0xeca, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x7789, 0x10000}, {0x0, 0x0, 0x1}}, {{@in6=@mcast2, 0x4d6, 0x3c}, 0x0, @in=@private=0xa010100, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0xe4)
close(r0)
r4 = openat$cgroup_root(0xffffff9c, &(0x7f00000010c0)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000001100)='memory.swap.events\x00', 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000080)=""/4097, 0x1001}], 0x1, 0x3f, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = epoll_create1(0x80000)
epoll_pwait2(r6, &(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)

5.680311504s ago: executing program 0 (id=6482):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000000d40)={0x0, 0x7000003, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0, 0x0, 0x40000000}, 0x20001)

5.619580203s ago: executing program 1 (id=6483):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000024000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c400000019000100fcbc79ff00aa00000000000000aa4e2200004e2401000a00006000"/50, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000010feffffffffffffff000000400000000000000000000000001a000000000000000100000000000000feffffffffffffff7a0000000000000005000000000000000000000000000000ff7f0000000000000800000000000000010003000a0010000100000000000000"], 0xc4}}, 0x0)
sendto$inet6(r3, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"})
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

5.430138644s ago: executing program 4 (id=6484):
pipe2$9p(&(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x3677, &(0x7f0000001280)={0x0, 0xcc19, 0x10001, 0x2}, &(0x7f0000000100), &(0x7f0000000140))
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

5.304136619s ago: executing program 0 (id=6485):
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f00000014c0)={0x5, 0x15, [{0x8, 0x0, 0xfffffffffffffffa}, {0x7, 0x0, 0x4c}, {0x8, 0x0, 0x1}, {0x6, 0x0, 0x2}, {0x7}, {0x2, 0x0, 0x33b000000000}, {0xfffffff9, 0x0, 0x5}, {0x7, 0x0, 0x8}, {0xc86, 0x0, 0x7fffffffffffffff}, {0xb90e, 0x0, 0xe581}, {0x7, 0x0, 0x10}, {0x8, 0x0, 0x7}, {0xfdc, 0x0, 0x7}, {0x3}, {0x800, 0x0, 0x101}, {0x7, 0x0, 0x4}]})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @broadcast}})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="1c681411f7a496c0dacc6a3c24465b016f64b4c00b5f7c691cb24cb8000000001a0000200000000000201500", 0x0, 0x48)
readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000001440)="e403402e6d69aa1cef9ef9a6a8a811114a73730561f86ec24fbd20a031516af10645443ba1ea91a31e618c729fb36241fc852cf7795cc3c0d78ae4de1e5110eafba42f764d048680", 0x0, 0x48)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xb4, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x8c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x54, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x1c, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "e4164e689db3ea202864ed1a276b800466"}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x128}}, 0x0)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f00000002c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000})

5.071020357s ago: executing program 6 (id=6486):
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00810000007f00000001"], 0x48)
bpf$BPF_GET_PROG_INFO(0x15, &(0x7f0000000080)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffda6, 0x22, 0x8, 0x20, 0x0}}, 0x10)

4.584482063s ago: executing program 6 (id=6487):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002c40)={0x14, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x28, 0x4, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0xc40)

4.569491425s ago: executing program 5 (id=6488):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000010c0)=[{{&(0x7f0000000280)=@abs={0x0, 0x0, 0x4e26}, 0x6e, &(0x7f0000000500), 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="100000000100000001000000", @ANYRES32=r0, @ANYBLOB="200000000100000001000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRESOCT=r2, @ANYRES32=r3, @ANYRES32=r0, @ANYBLOB="180000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48, 0x30000001}}, {{&(0x7f0000000b80)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f00000003c0)=[{&(0x7f0000000c00)="d2d15d737f979eb0616ebd09b207a18fe50bcccf26612b6e686f06", 0x1b}, {&(0x7f0000000c40)="e967bf8c3ad7505ff6e5fae82136c24b2055dcdc451f1938ec83ab5a4acfb2151e1a79548d0d1a3fc524fc8e440b58a7102b548658fa9418bb678f3fe88d1f06421a9c6694dc4caa2e602106bc5f8f45caa4c2a922f924db9cd6dae6ee91a5", 0x5f}, {&(0x7f0000000cc0)="c45629c66beb35a03e0b5ff338c51aa08a4149f123d4b791e215f7e513eec45ea14886285ee0ab667066096cbd9ea36a25f3ea56ae6b1d582ee6d061e965293ddc56076d33cfd00f1f3938d54f2239035c6008e58bbbdbf03e76189f6d5e13abbd221d79d1850a9248f10a93a011", 0x6e}, {&(0x7f0000000d40)="fc25ceee447617328f1fa6d2f3b36175a7d5e16f19e811495702f593c3063af2c427439ab48c3ad61c41c6ecc608f9a9264e5a7c9f722ce05cc2a897cd59", 0x3e}, {&(0x7f0000000d80)="7cc94ba68a73235a6f9c5c5f5a", 0xd}, {&(0x7f0000000dc0)="7c797ebefd93938b9a1b01c80213369dd52c8396b712859cd36de91f717604935a1423148bc0de8b14e8436e1d74db83464426e580921c07753c8ba695d7ebabd06e51468073a208de267cb3b816dbed08f6014df69d3e4f0f6cad3bd3a78e2c88c1e290a28fa1e4252eb39a4385452cdd", 0x71}, {&(0x7f0000000e40)}, {&(0x7f0000000800)="b6feee99a22a4a374d0f7964e2e4ee88f57ed461800090b4e16af208f129fedd3e9a89ac4a552464d150d0a9cc8e9aa71e6d69376d88d4d74acd7c3e354175c9058920469b2aad225c548577417a74024fe20e39acf569c53e0221b49c77bda6d2c19448cbb8c22c5414a1874f054e951e74abf587375302f1616ad41cd474e93a2d89c80e5ee4b9fc2be132", 0x7d}, {&(0x7f0000000f00)="d18a7e9577513e826fc23f9dc3241a6f3ae8e3defe0474c8d2926e7afa", 0x1d}, {&(0x7f0000000440)="53da8cbc04e3d4e5941055c42147198143a585748bae5781d0635a96a31dca7a7a3e3e3788abfb72b430caeaa63ec92bcdedd7903b9bce316b69fa2236c771f32c825b6713be66272de6271dd99ef732ce89724535f6b4e0ebda09292793c4517b764ea1a9571f98998bd85755679a25f7a4b5fb9672f3c631e5c295e3d589f5111fe4a258f175f75f522db679700e10291635e48dec23478ec2d0ae79eeaacf3b18a7aa48eb322f22178bc49e8d2014bdf47b042c76fad7ace6bb4454c668b5681efc3a57e8e839556caccffb7cd38047d1875653bb", 0x8e}], 0xa, &(0x7f0000001040)=[@rights={{0x0, 0x1, 0x1, [r0]}}], 0x18, 0x4000}}], 0x8000000000000b6, 0x4000050)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x10, 0x0, 0x5, 0xb46, 0x8, 0x8, 0x0, 0x3}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='net_cls.classid\x00', 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000540)=0x8000, 0x4)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080", @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}}, 0x0)
alarm(0x1000000001)
alarm(0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="600000000206010400000000000000000000000014000780fcff10"], 0x60}}, 0x0)
r5 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f00000001c0)={0x60, 0x2, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x10000000000, &(0x7f0000000140)=[{0x3, 0x4}, {0x2, 0x1, 0x9}, {0x40, 0x2, 0x6}, {0x26db, 0x8000000, 0x8}, {0x40, 0x3, 0x2}], 0x5, 0x0, 0x0, 0x0, 0x0, 0x7b})
r7 = gettid()
process_vm_writev(r7, 0x0, 0x0, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000080010000060a01040000000000000000010000000900020073797a310000000038000480340001800c00010062697477697365002400028008000340000000040800024000000000080006400000000008000140000000000900010073797a30000000005e0007"], 0x1f4}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000c3fb0000000000000000850000002f00000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_emit_ethernet(0x46, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd65059500001011fffe8000000000000000000000000000bbff0200000000000000000000000000013b000107000300004e214e2700089078dadd5c56307a775f8d9a99db5f194267848763467181de81917ef7d93c21a47f9e2f4ca4311b893bbc5a89a2113cefa0a30cf536862886e143613d04f92e6526d4026c08d4fa67d4215c25ecc10fcaaf60249dfb00e9bdd3ad12a718f810510657e2eb23a00be00551c745b8d3c9556c17dd5de6dba8f65a7e3204f007ed42dbdaca32ea94ce7182fdcb2dac257842ecd711c463ab3b47ec005566fa5b20c3ecf458d8bec2ec8e292e3ec3fcc354af131e384e8029bed68f02c392b51672b5d0621916b8328616f39c3eef879154a43a049a20a84a2b8293ac01bfb4a33589f740e747369da41b6ca10cffefc3773dcdb453f4b67a4b3cc96fea92cc9f83b7ae97c0811043b4d2de1b712968df48748e2e0b73f7c3774f2e0e6c92"], 0x0)

4.234854102s ago: executing program 0 (id=6489):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@ifindex, 0xffffffffffffffff, 0x7}, 0x20) (async)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000380)={0x24, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_FEATURES_WANTED={0x4}]}, 0x24}}, 0x0)

4.076196391s ago: executing program 6 (id=6490):
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000006c0)=[{{&(0x7f0000000340)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000180)=[{&(0x7f00000003c0)="2f3fe8d51d29ddef06b6ed00fc3fde2a082ee51b9df9270eae1f9ad4068e601fa101a9c153f7256885f8181215e8ae39c97affbe2d2f0f3d4651d5ca1001a5319233ba40151b0026bd4520ecbbf6ab8e214246a79080b8cad4aa39661bfd65feb140b809f20430e9fc501fb9c999cab1a1a1f85db127754400f9ed73057f9ffbaec08be32debeeba7b9840723d6e9d26f0da71eeca30bcf01c8679557f1bf579aa32b1ebaa621dfa0aa23c81930e839090375a5c2bf9a16488e5247141f8fcb6be82467813", 0xc5}], 0x1, &(0x7f0000000680)=[@cred={{0x18, 0x1, 0x2, {r0, 0x0, 0xffffffffffffffff}}}], 0x18, 0x20000000}}], 0x1, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
chown(&(0x7f00000040c0)='./file0\x00', 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0xa00, &(0x7f0000002280)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', r6, 0x0, 0x50)
umount2(&(0x7f00000001c0)='./file0\x00', 0x3)
r7 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, 0x0, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x3, 0x8})
ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f)
io_uring_enter(r7, 0x3517, 0x173d, 0x42, 0x0, 0x7000)
r10 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r10, 0x0, 0x0)
syz_usb_control_io(r10, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.976152621s ago: executing program 4 (id=6491):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$AUDIT_GET_FEATURE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3fb, 0xd29, 0x70bd2c, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x5}, 0x200000c0)
read$alg(r1, &(0x7f0000000000)=""/172, 0xac)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_FLUSH(r2, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000c80)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0xfffffffffffffd2e, 0x8000, 0x3}, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x141301)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0x80045515, &(0x7f00000000c0)={0x1, 0x1})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYRESHEX=r1, @ANYRES8=r0, @ANYBLOB="03000000000a0000"], 0x20}}, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x262)
sendto$inet(r3, 0x0, 0x0, 0x400c806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r7, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r7, 0x29, 0x37, &(0x7f0000000000)={0x6c}, 0x8)
connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e23, 0xd7, @local, 0x9}, 0x1c)

3.824634039s ago: executing program 0 (id=6492):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x416400)
r2 = socket(0x15, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x271b, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8004, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0cc5605, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
timerfd_create(0x0, 0x0)
socket(0x15, 0x5, 0x0)
shutdown(0xffffffffffffffff, 0x0)
chdir(&(0x7f0000000540)='./cgroup\x00')
fchmodat(0xffffffffffffffff, &(0x7f00000000c0)='./file0/file0\x00', 0xffffff8a)
mkdir(&(0x7f00000003c0)='./file0\x00', 0xffe9)
pread64(0xffffffffffffffff, &(0x7f0000000340)=""/251, 0xfb, 0xacab)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000001c0)={'veth1_to_batadv\x00', 0x1fe})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xe0000000, 0x5, 0xb7, 0x2, 0x1, 0x1, 0x4, 0x3, 0x1}}}}]}, 0x58}}, 0x4000)
r7 = socket(0x15, 0xa, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newtfilter={0x2c, 0x2c, 0xd2b, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r9, {0xb, 0x6}, {0x1}, {0x1, 0x9}}, [@TCA_CHAIN={0x8, 0xb, 0x1a}]}, 0x2c}, 0x1, 0x0, 0x0, 0x480c4}, 0x800)
r10 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r10, 0x7003)

2.816165071s ago: executing program 5 (id=6493):
syz_emit_ethernet(0x4a, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x3, 0xfffffffffffffffc, 0xfffffffc, 0xfffffffe}, 0x0)
socket$netlink(0x10, 0x3, 0xa)
munmap(&(0x7f0000c00000/0x400000)=nil, 0x400000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r9, {0xfff9, 0x7}, {}, {0x1, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x800)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000580)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.666908369s ago: executing program 4 (id=6494):
r0 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0xa8de0)
pipe(&(0x7f0000000080)) (async)
ioctl(0xffffffffffffffff, 0x8, 0x0) (async)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000010, 0x13, r1, 0x0) (async, rerun: 32)
syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) (async, rerun: 32)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') (async)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000100)="240000005a001f001007f41108000400020100020800038005000000ffc8bbb86ec81f7d", 0x24)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0xc0045543, 0x0)

2.609987939s ago: executing program 1 (id=6495):
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r1 = syz_io_uring_setup(0x493, &(0x7f0000000200)={0x0, 0x4661, 0x10, 0x0, 0x288}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_open_procfs(0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0})
io_uring_enter(r1, 0x40f9, 0x217, 0xa5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000900), 0x0, 0x0)
ppoll(&(0x7f0000000940)=[{r4}], 0x1, &(0x7f0000000980)={0x0, 0x3938700}, 0x0, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x0)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f00000000c0)={&(0x7f0000000080), 0x23})

2.082771737s ago: executing program 4 (id=6496):
io_setup(0x6, &(0x7f0000000600)=<r0=>0x0)
r1 = openat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='blkio.bfq.idle_time\x00', 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
copy_file_range(r3, 0x0, r3, 0x0, 0x5, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={<r4=>0x0}, &(0x7f00000001c0)=0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f00000003c0)={{0x2, 0x1, 0x5, 0x9, 'syz1\x00', 0x3}, 0x4, 0x2, 0x85, r4, 0x6, 0xfffffff7, 'syz0\x00', &(0x7f0000000740)=['\x00', 'blkio.bfq.idle_time\x00', './cgroup.cpu/syz1\x00e@]j$\xe7\x84C!]\x84\xc7,\x05\xc1\xe7\xac\x02o\x15>P\xcfW\xf1\x91\xfci\xcd*`I\xa8\x1bw\xf8\xa4\xe2\xbd\xd2\xdf\xc0L\x8f\xaf\xf6%\xbe\xf8_\r\xee\xe3\xde\xac7&\xe1\xe6u\x8d\xdf\x05\x9feo\xac`.\xe8{\x12\xa2\xee\x82\x935\xa8\x90\xee\xa2V\\F\r\x1b\fF\x97\x93\aH3\xe6\xc0_&\xce\xd5\xd9\'\xfe\x86\xcb\xc8\x81\xcaqo;s\xfdJ\x95\xa18Zf\xb8\x95I\xdbb\x01\x9a\xbf\f\x0f\xe0A\xc4\x9dsqWJ\x03\xf8fn[\xd3\xe0x\xdc\xac\xd0\x12\x92d\x87\x8e\xf6\nf\xbf\xfa\xf3[\xb6\x8a9\\V\xa66\x98;\xec\x10\xc9\xa0\x02\xb1\xcb\xceg<8\xc3Q\x03S\xfb>2\"\x8e\x1b\xe9\x8an\xf3&\xe6\xbb\xbc\xb3Y\xec\x11\xb0\x1b\xef\x10 6\x05\xb6\x14\xa7\x96k\xbc\xfb>\xf2?\xf9\x89\xd6c\xd9\xfa\xaayn\x8f\t\x96\x81\r7\xe2{\xa6\xbb\xc9\x16\xb5\xf0a?', '%\'-^\x00', '\x00', './cgroup.cp5/syz1\x00'], 0x132})
bpf$BPF_MAP_GET_FD_BY_ID(0x9, &(0x7f0000000100)={0x0, 0x7, 0x10}, 0xc)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix_mp={0x9, 0x401, 0x3032344d, 0x32315559, 0x7, [{0x9, 0xc365}, {0x1000000e, 0xd}, {0x7, 0x200}, {0x8, 0x7fff}, {0xf, 0x4}, {0x5, 0x401}, {0x2, 0x9}, {0x2240, 0x80000001}], 0x6, 0x9, 0x1}})
r5 = socket(0xa, 0x3, 0x100)
socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r2, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x1, @dev, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=[@hopopts_2292={{0x54, 0x29, 0xb, {0x0, 0x7, '\x00', [@hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @local}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}]}}}], 0x54}, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e19, 0x7, @mcast2, 0x7}, 0x1c)
sendmsg$inet6(r5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x18}, 0x4004)
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
io_submit(r0, 0x40000055, &(0x7f00000000c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0x0, r6, 0x0}])
accept4$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x2, 0x0, @private}, &(0x7f0000000640)=0x10, 0x800)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', &(0x7f0000000700), 0x0, 0x0, 0x8c)

1.615455475s ago: executing program 1 (id=6497):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
r3 = dup(r2)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x14, 0x41, 0x0, 0x7, 0x0})
socket$qrtr(0x2a, 0x2, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x10)

1.204493736s ago: executing program 4 (id=6498):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
r2 = syz_open_dev$cec(&(0x7f0000001080), 0x0, 0x60082)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
r3 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980)='GZ', 0x2, 0xfffffffffffffffb)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x1, 0xfffdffff, 0x2d)
keyctl$revoke(0x3, r3)
add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980)='G', 0x1, 0xfffffffffffffffb)
ioctl$CEC_DQEVENT(r2, 0xc0506107, &(0x7f00000010c0)={0x0, 0x0, 0x0, @raw})
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000000000900000030000380140002007369743000000000000000000000000006000400ff"], 0x44}}, 0x0)
sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x5000002}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
splice(r1, &(0x7f0000000100)=0x6, r0, &(0x7f0000000200)=0x9, 0x400, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r6, 0xae80, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'sed\x00', 0xa43531a02e0465ec, 0x56dc, 0x6f}, 0x2c)

983.81727ms ago: executing program 1 (id=6499):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd2(0x0, 0x80800)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, r3})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000440)={[0x1, 0x0, 0xff00000000000000, 0x8, 0x9, 0x8001, 0x81, 0x5, 0x80000000, 0x9, 0x2, 0x40, 0x4, 0x6, 0x4, 0x8], 0x1, 0x100000})
syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
r6 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x2)
getsockopt$netlink(r9, 0x10e, 0x6, &(0x7f0000001100)=""/4096, &(0x7f0000000000)=0xffffffffffffff5f)
syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x9, 0x0, {0x3}})
io_uring_enter(r6, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x6a855000)
r10 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0xfffffffffffffdf4, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYRESDEC=r10, @ANYRESHEX=r2, @ANYBLOB="2000b288c7caef49f78f00000f000000000000f6223f209f2b88a5c6fb6cc6c2c8c99bfb144496e670809f75a16cb06c66ff6f5a25471b7fa663d536ce6922ea6970b9082714afd98c76dfd20a39fe2f3b57eeaa083fffb50325556dc76d7dc1a103501fbab18a0cbc905732bf322cacec424a8acab17d7c21217bf4212731a149e4b5854a972c8d0e0b1e93efc137731ae3"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000140)={0x7, 0x2})
getgid()
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}}, 0x0)

615.639827ms ago: executing program 4 (id=6500):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x424000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x4001, 0x5d5c, 0x7}) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x60800) (async)
listen(0xffffffffffffffff, 0x8) (async)
unlink(&(0x7f00000001c0)='./mnt\x00') (async)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (async)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)) (async)
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000c40)={0x2000000b}) (async)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000200)={0x0, 0xe099, 0x0, 0x101, 0x27c, 0x0, r3}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
r8 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, &(0x7f0000000440)={0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000001040)={'ip6_vti0\x00', 0x0})
preadv(0xffffffffffffffff, 0x0, 0x0, 0x96, 0x0) (async)
ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0xe) (async)
recvfrom$inet(0xffffffffffffffff, &(0x7f00000011c0)=""/144, 0x90, 0x110, &(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10) (async)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) (async)
io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x0) (async)
syz_io_uring_submit(r6, r7, &(0x7f0000000640)=@IORING_OP_ASYNC_CANCEL) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000080)=[0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x5, 0x2, 0x8}) (async)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000001, 0x13, r0, 0x100300)

589.875026ms ago: executing program 0 (id=6501):
syz_usb_connect$printer(0x1, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xfd, 0x70, 0x3c, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x2, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x3, 0x9, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x5, 0x36, 0x81}}]}}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x4, 0x9, 0x2, 0x10, 0x1}, 0x115, &(0x7f0000000240)={0x5, 0xf, 0x115, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0xe, 0x9, 0x3}, @generic={0xe4, 0x10, 0x6, "ae6311670b10e74775bedad3be87b10e44d6b0ed02c519cf6b084832bb73add54938bf514507291804fe1b873744307fff2fd00da2e892a8cd0dc05f5c9bf0698b10da1d6022fb4ea63a4c67183ce1ff8a3882881aa8d222b5446da9885dbf38ebc6d9b96f66960315df10d793b4f0698706007b8cc19dfcc2bc2afd3179c8d3882b2a12ca060dca0c36c6c3621a25566493ccb035c50200a7f4c74ea10ce02742ffa5d33deb1e5f7c34a98219a290e45911a15ff4d2150be51273e3acd9bdc0677482aa5a8a9fa3f33e34360ea8577dfc0096169f12f96a23a8ff0f2a337dd0fa"}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x8, 0xff00, 0x1}, @wireless={0xb, 0x10, 0x1, 0x8, 0x38, 0x45, 0xf8, 0xfffb, 0x2}, @wireless={0xb, 0x10, 0x1, 0xc, 0x5f, 0x99, 0xa4, 0x2, 0x5}]}, 0x2, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x20e}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1009}}]})
syz_emit_ethernet(0x56, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa00000d010000a01600002b583200f8b50d307d74af37e4da9707f653e812f340ace5733a33dc5af03aa1939e28153eb8282b1da382161fd80f7757e423f45751fd1dd4"], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x20, 0x15, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4040808)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="016f0800010000000000140500004500004000000000008490783fffffffac1414aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ba00000090780018090300050a00000000000000020008d58838068b91000000"], 0x4e)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x12, &(0x7f0000000200)=0x1, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000001c0)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)={0x20, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x4c6}, @NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='bic\x00', 0x4)
sendto$inet6(r4, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
syz_emit_ethernet(0xfc0, &(0x7f0000007940)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a60f8a000000000000000000001200ffffe0000012fe8000000000000000000000000000aa8400000000000000223427d5c9a46b9f2e505b0c0a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386c020000000000000017fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b653d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b5295e93496a6fdf5af8122257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087aec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d44dee62c4fc1007bc5b0ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7"], 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r7, &(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e)
socket$packet(0x11, 0x2, 0x300)

442.293789ms ago: executing program 5 (id=6502):
pipe2$9p(&(0x7f00000000c0), 0x0)
syz_io_uring_setup(0x3677, &(0x7f0000001280)={0x0, 0xcc19, 0x10001, 0x2}, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15)

0s ago: executing program 6 (id=6503):
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_usb_connect(0x0, 0x4b, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x1, 0x3c, 0x4c, 0x20, 0x15c2, 0xffdc, 0xa41b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x39, 0x1, 0x2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9d, 0x0, 0x0, 0x1f, 0x98, 0x8e, 0x0, [@uac_control={{0xa, 0x24, 0x1, 0x2, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x306, 0x5, 0x4, 0x5}, @selector_unit={0x7, 0x24, 0x5, 0x6, 0x57, "c7cc"}, @output_terminal={0x9, 0x24, 0x3, 0x2, 0x302, 0x5, 0x1, 0x2}, @mixer_unit={0x5, 0x24, 0x4, 0x4, 0xd9}]}]}}]}}]}}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020)
lseek(0xffffffffffffffff, 0xfffffffffffffffa, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f00000029c0)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000040)="f78d6b9d8f5eabea739bf8e1792502f4cad0b7367ee97a2787204f070a1f50d0ce8ca90083a4d7919805e08ef4e50225717b2fa864", 0x35}], 0x1, 0x0, 0x0, 0x8000}, {0x0, 0x0, 0x0, 0x0, &(0x7f0000002840)=[@op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @op={0x10, 0x117, 0x3, 0x1}, @assoc={0x10}, @iv={0xf4, 0x117, 0x2, 0xe2, "fe77d5bacbfa1e5de89e5bdaf74fdb45eaec9cd23670194a23d070c8be99d42f9d8e532afd852a26a7191eb642d3f2495545417536425dcd55d85cbffe0390a46cfd1395a53f968289981c690fee6d165feb8837068a881bd862efed1858e3f081e555e519095e868d98a10a71c1cf40b56ec42cc2c49b80f8fc4e82a1ffd8fe899f48c6c654eccc50655c800a64ea19e9e81729c51a113151bc4ab1b433e6b7a4766d170c355b0f04b6ac53c70c748e73a12d059cbd207d9bd84ef4fe66a1f0fe58a624e34bb8856f411c5e46b08c79157c3527c11932d378ac8a532d422244ab6b"}, @assoc={0x10, 0x117, 0x4, 0x5}, @iv={0x1c, 0x117, 0x2, 0x9, "6d888a11c8382c59d2"}], 0x170, 0x4}], 0x2, 0x44c84)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x3a, &(0x7f0000000d80)=[{&(0x7f0000002240)=""/197, 0xc5}], 0x1}, 0x2001)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

kernel console output (not intermixed with test programs):

7.576789][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1917.576816][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1917.576844][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1917.576867][T32667]  ? kcov_ioctl+0x200/0x640
[ 1917.576910][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1917.576931][T32667]  ? do_futex+0x333/0x420
[ 1917.576959][T32667]  ? fput+0xa0/0xd0
[ 1917.576985][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1917.577013][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1917.577050][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1917.577093][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1917.577121][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1917.577147][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1917.577173][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1917.577208][T32667]  do_fast_syscall_32+0x34/0x80
[ 1917.577234][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1917.577260][T32667] RIP: 0023:0xf7fe5539
[ 1917.577279][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1917.577299][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1917.577322][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1917.577337][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1917.577375][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1917.577388][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1917.577411][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1917.577444][T32667]  </TASK>
[ 1918.052067][T32667] Mem-Info:
[ 1918.055470][T32667] active_anon:9846 inactive_anon:0 isolated_anon:0
[ 1918.055470][T32667]  active_file:20332 inactive_file:40554 isolated_file:0
[ 1918.055470][T32667]  unevictable:768 dirty:151 writeback:0
[ 1918.055470][T32667]  slab_reclaimable:8752 slab_unreclaimable:136666
[ 1918.055470][T32667]  mapped:42993 shmem:4820 pagetables:1496
[ 1918.055470][T32667]  sec_pagetables:0 bounce:0
[ 1918.055470][T32667]  kernel_misc_reclaimable:0
[ 1918.055470][T32667]  free:1218240 free_pcp:24651 free_cma:0
[ 1918.101793][T32667] Node 0 active_anon:39384kB inactive_anon:0kB active_file:81240kB inactive_file:162012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:171900kB dirty:604kB writeback:0kB shmem:17744kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13728kB pagetables:5820kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1918.135936][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1918.168563][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1918.197817][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1918.203713][T32667] Node 0 DMA32 free:969420kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39516kB inactive_anon:0kB active_file:81240kB inactive_file:160444kB unevictable:1536kB writepending:608kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:69184kB local_pcp:47780kB free_cma:0kB
[ 1918.237446][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1918.242481][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1918.271920][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1918.276726][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:20592kB free_cma:0kB
[ 1918.309317][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1918.314496][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1918.328176][T32667] Node 0 DMA32: 1010*4kB (UME) 495*8kB (UME) 460*16kB (UME) 744*32kB (UME) 362*64kB (UME) 199*128kB (UME) 111*256kB (UME) 103*512kB (UME) 108*1024kB (UME) 9*2048kB (UE) 164*4096kB (UM) = 969728kB
[ 1918.348030][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1918.361302][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1918.380062][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1918.389922][T32667] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=1 hugepages_size=2048kB
[ 1918.400376][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1918.410071][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1918.419626][T32667] 65703 total pagecache pages
[ 1918.458574][T32667] 2 pages in swap cache
[ 1918.469614][T32667] Free swap  = 124988kB
[ 1918.587394][T32667] Total swap = 124996kB
[ 1918.609451][T32667] 2097051 pages RAM
[ 1918.626386][T32667] 0 pages HighMem/MovableOnly
[ 1918.670445][ T5845] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1918.689748][T32667] 425385 pages reserved
[ 1918.709960][T32667] 0 pages cma reserved
[ 1918.820314][ T5845] usb 7-1: Using ep0 maxpacket: 32
[ 1918.832196][ T5845] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1918.840400][ T5845] usb 7-1: can't read configurations, error -61
[ 1918.980686][ T5845] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1919.222067][T32573] usb 5-1: new low-speed USB device number 119 using dummy_hcd
[ 1919.260505][ T5845] usb 7-1: Using ep0 maxpacket: 32
[ 1919.288364][ T5845] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1919.350302][ T5845] usb 7-1: can't read configurations, error -61
[ 1919.367043][ T5845] usb usb7-port1: attempt power cycle
[ 1919.430735][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1919.465057][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1919.519128][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1919.559135][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1919.631988][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1919.725388][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1919.750807][ T5845] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1919.781431][ T5845] usb 7-1: Using ep0 maxpacket: 32
[ 1919.791337][ T5845] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1919.801987][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1919.820060][ T5845] usb 7-1: can't read configurations, error -61
[ 1919.835486][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1919.877674][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1919.914661][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1919.954514][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1919.962425][ T5845] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1919.970046][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1919.982227][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1920.003490][ T5845] usb 7-1: Using ep0 maxpacket: 32
[ 1920.011434][ T5845] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1920.019280][ T5845] usb 7-1: can't read configurations, error -61
[ 1920.046113][ T5845] usb usb7-port1: unable to enumerate USB device
[ 1920.065226][ T1225] ptrace attach of "./syz-executor exec"[31765] was attempted by "./syz-executor exec"[1225]
[ 1920.190489][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1920.415219][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1920.470671][T32573] usb 5-1: string descriptor 0 read error: -22
[ 1920.477334][T32573] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1920.487336][T32573] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1920.520331][T32573] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1922.296095][ T1182] usb 5-1: USB disconnect, device number 119
[ 1922.317028][ T1240] netlink: 44 bytes leftover after parsing attributes in process `syz.6.6324'.
[ 1922.542936][ T1242] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1922.639029][ T1242] kvm: pic: level sensitive irq not supported
[ 1922.639416][ T1242] kvm: pic: non byte read
[ 1923.521319][ T1255] program syz.0.6330 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1923.780338][ T1182] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1923.800805][ T1265] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6331'.
[ 1923.810040][ T1265] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6331'.
[ 1923.821539][ T1265] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6331'.
[ 1923.982678][ T1266] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1923.990628][ T1182] usb 1-1: Using ep0 maxpacket: 32
[ 1924.000120][ T1182] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[ 1924.059314][ T1182] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1924.079272][ T1182] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1924.091357][ T1265] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1924.129523][ T1182] usb 1-1: Product: syz
[ 1924.134214][ T1182] usb 1-1: Manufacturer: syz
[ 1924.149843][ T1182] usb 1-1: SerialNumber: syz
[ 1924.157256][ T1182] usb 1-1: config 0 descriptor??
[ 1924.176250][ T1255] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1924.196615][ T1182] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input87
[ 1925.188450][T32573] usb 1-1: USB disconnect, device number 90
[ 1925.188574][    C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[ 1925.303739][ T1274] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6335'.
[ 1925.329692][ T1274] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6335'.
[ 1925.412912][ T1276] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6335'.
[ 1925.740249][T32573] usb 5-1: new low-speed USB device number 120 using dummy_hcd
[ 1925.955705][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1925.969799][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1926.010914][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1926.075898][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1926.228045][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1926.349037][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1926.377468][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1926.417989][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1926.461762][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1926.483144][ T1294] netlink: 'syz.6.6338': attribute type 27 has an invalid length.
[ 1926.523246][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1926.584760][T32573] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1926.820677][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1927.275452][T32573] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1927.357213][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1927.404995][T32573] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1927.549953][T32573] usb 5-1: string descriptor 0 read error: -22
[ 1927.606145][T32573] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1927.643450][T32573] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1927.730532][ T1182] usb 2-1: new full-speed USB device number 93 using dummy_hcd
[ 1927.738656][T32573] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1927.895385][ T1182] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1927.905359][ T1182] usb 2-1: config 0 has no interface number 0
[ 1927.917243][ T1182] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1928.003354][ T1182] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1928.049287][ T1182] usb 2-1: config 0 descriptor??
[ 1928.186785][T26611] usb 6-1: new full-speed USB device number 55 using dummy_hcd
[ 1928.490530][T26611] usb 6-1: device descriptor read/64, error -71
[ 1928.526014][ T1182] hub 2-1:0.1: bad descriptor, ignoring hub
[ 1928.599736][T32573] usb 5-1: USB disconnect, device number 120
[ 1928.615944][ T1182] hub 2-1:0.1: probe with driver hub failed with error -5
[ 1928.664577][ T1182] usb 2-1: selecting invalid altsetting 1
[ 1928.691135][ T1182] dvb_ttusb_budget: ttusb_init_controller: error
[ 1928.717888][ T1182] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1928.730209][T26611] usb 6-1: new full-speed USB device number 56 using dummy_hcd
[ 1928.762649][T32667] warn_alloc: 4 callbacks suppressed
[ 1928.762670][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1928.893540][T32667] CPU: 0 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1928.893563][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1928.893574][T32667] Call Trace:
[ 1928.893580][T32667]  <TASK>
[ 1928.893587][T32667]  dump_stack_lvl+0x189/0x250
[ 1928.893612][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1928.893631][T32667]  ? __pfx__printk+0x10/0x10
[ 1928.893652][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1928.893683][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1928.893724][T32667]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1928.893747][T32667]  warn_alloc+0x214/0x310
[ 1928.893767][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1928.893793][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1928.893817][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1928.893845][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1928.893892][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1928.893923][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1928.893948][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1928.893973][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1928.893997][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1928.894021][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1928.894046][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1928.894087][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1928.894124][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1928.894153][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1928.894180][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1928.894206][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1928.894231][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1928.894257][T32667]  vb2_core_poll+0x4f5/0x840
[ 1928.894285][T32667]  vb2_fop_poll+0x168/0x380
[ 1928.894311][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1928.894334][T32667]  v4l2_poll+0x147/0x2c0
[ 1928.894356][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1928.894379][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1928.894413][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1928.894444][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1928.894468][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1928.894498][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1928.894516][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1928.894541][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1928.894559][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1928.894580][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1928.894597][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1928.894614][T32667]  io_queue_async+0x79/0x2f0
[ 1928.894634][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1928.894677][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1928.894697][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1928.894716][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1928.894735][T32667]  ? kcov_ioctl+0x200/0x640
[ 1928.894766][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1928.894781][T32667]  ? do_futex+0x333/0x420
[ 1928.894802][T32667]  ? fput+0xa0/0xd0
[ 1928.894821][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1928.894842][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1928.894869][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1928.894899][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1928.894920][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1928.894939][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1928.894959][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1928.894984][T32667]  do_fast_syscall_32+0x34/0x80
[ 1928.895004][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1928.895024][T32667] RIP: 0023:0xf7fe5539
[ 1928.895038][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1928.895052][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1928.895069][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1928.895079][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1928.895089][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1928.895099][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1928.895108][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1928.895130][T32667]  </TASK>
[ 1928.900266][T26611] usb 6-1: device descriptor read/64, error -71
[ 1928.919237][T32667] Mem-Info:
[ 1929.452109][T32667] active_anon:9599 inactive_anon:0 isolated_anon:0
[ 1929.452109][T32667]  active_file:20332 inactive_file:40558 isolated_file:0
[ 1929.452109][T32667]  unevictable:768 dirty:151 writeback:0
[ 1929.452109][T32667]  slab_reclaimable:8728 slab_unreclaimable:136408
[ 1929.452109][T32667]  mapped:37989 shmem:4822 pagetables:1535
[ 1929.452109][T32667]  sec_pagetables:0 bounce:0
[ 1929.452109][T32667]  kernel_misc_reclaimable:0
[ 1929.452109][T32667]  free:1224926 free_pcp:19068 free_cma:0
[ 1929.468481][T26611] usb usb6-port1: attempt power cycle
[ 1929.566106][T32667] Node 0 active_anon:38496kB inactive_anon:0kB active_file:81240kB inactive_file:162028kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:151868kB dirty:604kB writeback:0kB shmem:17752kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13692kB pagetables:5976kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1929.610365][ T1182] DVB: Unable to find symbol cx22700_attach()
[ 1929.649314][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1929.788935][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1929.824923][ T1182] DVB: Unable to find symbol tda10046_attach()
[ 1929.834793][ T1182] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1929.872888][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1929.885215][T32667] Node 0 DMA32 free:993036kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43352kB inactive_anon:0kB active_file:81240kB inactive_file:160460kB unevictable:1536kB writepending:604kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:45168kB local_pcp:5104kB free_cma:0kB
[ 1929.968021][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1929.976484][ T1334] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6349'.
[ 1930.060455][T26611] usb 6-1: new full-speed USB device number 57 using dummy_hcd
[ 1930.068290][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1930.101023][T26611] usb 6-1: device descriptor read/8, error -71
[ 1930.158321][ T1335] netlink: 6 bytes leftover after parsing attributes in process `syz.6.6350'.
[ 1930.167748][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1930.213295][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:7696kB free_cma:0kB
[ 1930.264728][T11111] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1930.346272][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1930.367964][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1930.389117][T32667] Node 0 DMA32: 41*4kB (ME) 88*8kB (UE) 533*16kB (UME) 1346*32kB (UME) 449*64kB (UME) 208*128kB (UME) 113*256kB (UME) 104*512kB (UME) 108*1024kB (UME) 10*2048kB (UME) 163*4096kB (UM) = 988724kB
[ 1930.442244][T11111] usb 1-1: config 0 has no interfaces?
[ 1930.462539][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1930.494846][T32573] usb 2-1: USB disconnect, device number 93
[ 1930.506672][T11111] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1930.518939][T26611] usb 6-1: new full-speed USB device number 58 using dummy_hcd
[ 1930.534691][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1930.565474][T26611] usb 6-1: device descriptor read/8, error -71
[ 1930.588212][T11111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1930.654883][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1930.667058][T11111] usb 1-1: Product: syz
[ 1930.687239][T32667] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1930.690556][T11111] usb 1-1: Manufacturer: syz
[ 1930.702569][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1930.718091][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1930.728394][T11111] usb 1-1: SerialNumber: syz
[ 1930.732375][T26611] usb usb6-port1: unable to enumerate USB device
[ 1930.770691][T11111] usb 1-1: config 0 descriptor??
[ 1930.774683][T32667] 68566 total pagecache pages
[ 1930.787547][T32667] 2 pages in swap cache
[ 1930.792035][T32667] Free swap  = 124988kB
[ 1930.796427][T32667] Total swap = 124996kB
[ 1930.817022][T32667] 2097051 pages RAM
[ 1930.826270][T32667] 0 pages HighMem/MovableOnly
[ 1930.832315][T32667] 425385 pages reserved
[ 1930.915903][T32667] 0 pages cma reserved
[ 1930.968628][ T1344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6352'.
[ 1931.053468][ T1334] netlink: 'syz.0.6349': attribute type 2 has an invalid length.
[ 1932.151193][T32573] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1932.354544][T32573] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1932.461145][T32573] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1932.585458][T32573] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1932.599878][T32573] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1932.628410][T32573] usb 7-1: Product: syz
[ 1932.638427][T32573] usb 7-1: Manufacturer: syz
[ 1932.646662][T32573] usb 7-1: SerialNumber: syz
[ 1932.667252][T32573] cdc_ncm 7-1:1.0: NCM or ECM functional descriptors missing
[ 1932.705792][T32573] cdc_ncm 7-1:1.0: bind() failure
[ 1932.720269][ T1182] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[ 1932.885216][T32573] usb 1-1: USB disconnect, device number 91
[ 1932.960309][ T1182] usb 5-1: Using ep0 maxpacket: 8
[ 1932.970850][ T1182] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 64
[ 1932.986462][ T1182] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 64
[ 1933.016891][ T1182] usb 5-1: config 1 interface 0 altsetting 255 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 1933.105879][ T1182] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1933.117737][ T1180] usb 7-1: USB disconnect, device number 10
[ 1933.144978][ T1182] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1933.176145][ T1182] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1933.185950][ T1182] usb 5-1: SerialNumber: syz
[ 1933.205769][ T1363] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[ 1933.217609][ T1363] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[ 1933.510698][ T1363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1933.519719][ T1363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1933.659320][ T1363] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1933.844503][ T1373] fuse: Bad value for 'fd'
[ 1933.890559][T11111] usb 1-1: new low-speed USB device number 92 using dummy_hcd
[ 1933.912913][ T1373] fuse: Bad value for 'fd'
[ 1934.063423][T11111] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1934.071105][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1934.095432][T11111] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1934.133649][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1934.169697][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1934.197752][T11111] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1934.206552][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1934.228644][T11111] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1934.296916][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1934.322462][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1934.414359][T11111] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1934.447386][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1934.448808][ T1182] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[ 1934.529025][T11111] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1934.579846][ T1182] cdc_acm 5-1:1.0: ttyACM0: USB ACM device
[ 1934.692585][ T1182] usb 5-1: USB disconnect, device number 121
[ 1934.707719][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1934.812112][T11111] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1934.849587][T11111] usb 1-1: string descriptor 0 read error: -22
[ 1934.892097][T11111] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1934.902151][T26637] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1934.922448][T11111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1934.955736][T11111] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1935.009384][ T1387] syzkaller1: entered promiscuous mode
[ 1935.053902][ T1387] syzkaller1: entered allmulticast mode
[ 1935.070436][T26637] usb 2-1: Using ep0 maxpacket: 32
[ 1935.081139][T26637] usb 2-1: config 2 has an invalid interface number: 157 but max is 0
[ 1935.089747][T26637] usb 2-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config
[ 1935.092196][ T1388] FAULT_INJECTION: forcing a failure.
[ 1935.092196][ T1388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1935.113084][T26637] usb 2-1: config 2 has no interface number 0
[ 1935.116525][T26637] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[ 1935.132430][T26637] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1935.145233][T26637] usb 2-1: Product: syz
[ 1935.225099][T26637] usb 2-1: Manufacturer: syz
[ 1935.246733][T26637] usb 2-1: SerialNumber: syz
[ 1935.350557][ T1388] CPU: 1 UID: 0 PID: 1388 Comm: syz.4.6364 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1935.350588][ T1388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1935.350601][ T1388] Call Trace:
[ 1935.350610][ T1388]  <TASK>
[ 1935.350619][ T1388]  dump_stack_lvl+0x189/0x250
[ 1935.350651][ T1388]  ? __pfx____ratelimit+0x10/0x10
[ 1935.350675][ T1388]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1935.350699][ T1388]  ? __pfx__printk+0x10/0x10
[ 1935.350728][ T1388]  ? __might_fault+0xb0/0x130
[ 1935.350768][ T1388]  should_fail_ex+0x414/0x560
[ 1935.350796][ T1388]  _copy_from_iter+0x1db/0x16f0
[ 1935.350835][ T1388]  ? __pfx__copy_from_iter+0x10/0x10
[ 1935.350864][ T1388]  ? __lock_acquire+0xab9/0xd20
[ 1935.350888][ T1388]  ? css_rstat_updated+0x1a5/0xca0
[ 1935.350919][ T1388]  tun_get_user+0x4ce/0x3ce0
[ 1935.350968][ T1388]  ? aa_file_perm+0x11f/0xed0
[ 1935.350993][ T1388]  ? __pfx_tun_get_user+0x10/0x10
[ 1935.351018][ T1388]  ? aa_file_perm+0x11f/0xed0
[ 1935.351043][ T1388]  ? aa_file_perm+0x3e7/0xed0
[ 1935.351081][ T1388]  ? ref_tracker_alloc+0x318/0x460
[ 1935.351103][ T1388]  ? __lock_acquire+0xab9/0xd20
[ 1935.351126][ T1388]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1935.351156][ T1388]  ? tun_get+0x1c/0x2f0
[ 1935.351188][ T1388]  ? tun_get+0x1c/0x2f0
[ 1935.351214][ T1388]  ? tun_get+0x1c/0x2f0
[ 1935.351246][ T1388]  tun_chr_write_iter+0x113/0x200
[ 1935.351276][ T1388]  vfs_write+0x54b/0xa90
[ 1935.351309][ T1388]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1935.351337][ T1388]  ? __pfx_vfs_write+0x10/0x10
[ 1935.351376][ T1388]  ? __fget_files+0x2a/0x420
[ 1935.351406][ T1388]  ksys_write+0x145/0x250
[ 1935.351436][ T1388]  ? __pfx_ksys_write+0x10/0x10
[ 1935.351474][ T1388]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1935.351500][ T1388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1935.351530][ T1388]  __do_fast_syscall_32+0xb6/0x2b0
[ 1935.351556][ T1388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1935.351583][ T1388]  do_fast_syscall_32+0x34/0x80
[ 1935.351608][ T1388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1935.351633][ T1388] RIP: 0023:0xf70fe539
[ 1935.351652][ T1388] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1935.351669][ T1388] RSP: 002b:00000000f50cd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1935.351691][ T1388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1935.351706][ T1388] RDX: 0000000000000ffe RSI: 0000000000000000 RDI: 0000000000000000
[ 1935.351718][ T1388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1935.351730][ T1388] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1935.351743][ T1388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1935.351773][ T1388]  </TASK>
[ 1935.991180][T26637] imon 2-1:2.157: unable to register, err -19
[ 1936.039545][ T1391] netlink: 6 bytes leftover after parsing attributes in process `syz.5.6365'.
[ 1936.820408][T26637] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1937.011618][ T1182] usb 1-1: USB disconnect, device number 92
[ 1937.026379][T26637] usb 5-1: Using ep0 maxpacket: 16
[ 1937.034891][T26637] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1937.047334][T26637] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1937.226645][T26637] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1937.279912][T26637] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1937.368726][T26637] usb 5-1: Product: syz
[ 1937.375915][T26637] usb 5-1: Manufacturer: syz
[ 1937.399830][T26637] usb 5-1: SerialNumber: syz
[ 1937.430452][T26637] usb 5-1: config 0 descriptor??
[ 1937.485116][ T1403] FAULT_INJECTION: forcing a failure.
[ 1937.485116][ T1403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1937.488514][T26637] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1937.548060][ T1405] netlink: 6 bytes leftover after parsing attributes in process `syz.0.6370'.
[ 1937.548901][ T1403] CPU: 1 UID: 0 PID: 1403 Comm: syz.6.6368 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1937.548935][ T1403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1937.548951][ T1403] Call Trace:
[ 1937.548962][ T1403]  <TASK>
[ 1937.548972][ T1403]  dump_stack_lvl+0x189/0x250
[ 1937.549007][ T1403]  ? __pfx____ratelimit+0x10/0x10
[ 1937.549036][ T1403]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1937.549064][ T1403]  ? __pfx__printk+0x10/0x10
[ 1937.549096][ T1403]  ? __might_fault+0xb0/0x130
[ 1937.549141][ T1403]  should_fail_ex+0x414/0x560
[ 1937.549177][ T1403]  _copy_from_user+0x2d/0xb0
[ 1937.549216][ T1403]  snd_seq_oss_write+0x515/0x930
[ 1937.549269][ T1403]  ? __pfx_snd_seq_oss_write+0x10/0x10
[ 1937.549299][ T1403]  ? common_file_perm+0x199/0x200
[ 1937.549343][ T1403]  ? security_file_permission+0x75/0x290
[ 1937.549385][ T1403]  odev_write+0x5a/0x80
[ 1937.549407][ T1403]  ? __pfx_odev_write+0x10/0x10
[ 1937.549431][ T1403]  vfs_write+0x27e/0xa90
[ 1937.549474][ T1403]  ? __pfx_vfs_write+0x10/0x10
[ 1937.549506][ T1403]  ? __fget_files+0x2a/0x420
[ 1937.549536][ T1403]  ? __fget_files+0x2a/0x420
[ 1937.549556][ T1403]  ? __fget_files+0x3a0/0x420
[ 1937.549575][ T1403]  ? __fget_files+0x2a/0x420
[ 1937.549606][ T1403]  ksys_write+0x145/0x250
[ 1937.549659][ T1403]  ? __pfx_ksys_write+0x10/0x10
[ 1937.549695][ T1403]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1937.549723][ T1403]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1937.549752][ T1403]  __do_fast_syscall_32+0xb6/0x2b0
[ 1937.549787][ T1403]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1937.549817][ T1403]  do_fast_syscall_32+0x34/0x80
[ 1937.549845][ T1403]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1937.549875][ T1403] RIP: 0023:0xf70fe539
[ 1937.549895][ T1403] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1937.549915][ T1403] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1937.549941][ T1403] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000080
[ 1937.549958][ T1403] RDX: 000000000000050e RSI: 0000000000000000 RDI: 0000000000000000
[ 1937.549971][ T1403] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1937.549986][ T1403] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1937.549998][ T1403] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1937.550036][ T1403]  </TASK>
[ 1937.807997][T26637] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[ 1938.222690][ T1180] usb 2-1: USB disconnect, device number 94
[ 1938.253276][T26637] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 1938.270646][T26637] em28xx 5-1:0.0: Config register raw data: 0x56
[ 1938.332915][ T1414] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6374'.
[ 1938.471451][T26637] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[ 1938.488748][T26637] em28xx 5-1:0.0: No AC97 audio processor
[ 1938.649345][ T1429] block device autoloading is deprecated and will be removed.
[ 1938.688628][ T1429] syz.4.6366: attempt to access beyond end of device
[ 1938.688628][ T1429] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1938.753125][ T1432] netlink: 232 bytes leftover after parsing attributes in process `syz.6.6376'.
[ 1938.768296][ T1432] netlink: 232 bytes leftover after parsing attributes in process `syz.6.6376'.
[ 1938.967410][ T1435] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6376'.
[ 1939.017830][ T1436] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6377'.
[ 1939.033472][ T1436] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6377'.
[ 1939.062974][ T1436] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6377'.
[ 1939.902293][ T1442] FAULT_INJECTION: forcing a failure.
[ 1939.902293][ T1442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1940.058227][ T1442] CPU: 1 UID: 0 PID: 1442 Comm: syz.0.6378 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1940.058252][ T1442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1940.058263][ T1442] Call Trace:
[ 1940.058270][ T1442]  <TASK>
[ 1940.058277][ T1442]  dump_stack_lvl+0x189/0x250
[ 1940.058301][ T1442]  ? __pfx____ratelimit+0x10/0x10
[ 1940.058318][ T1442]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1940.058336][ T1442]  ? __pfx__printk+0x10/0x10
[ 1940.058356][ T1442]  ? __might_fault+0xb0/0x130
[ 1940.058385][ T1442]  should_fail_ex+0x414/0x560
[ 1940.058405][ T1442]  _copy_from_user+0x2d/0xb0
[ 1940.058427][ T1442]  get_compat_msghdr+0xad/0x4a0
[ 1940.058455][ T1442]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1940.058487][ T1442]  ___sys_sendmsg+0x193/0x2a0
[ 1940.058504][ T1442]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1940.058544][ T1442]  ? __fget_files+0x2a/0x420
[ 1940.058559][ T1442]  ? __fget_files+0x3a0/0x420
[ 1940.058579][ T1442]  __sys_sendmsg+0x164/0x220
[ 1940.058595][ T1442]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1940.058620][ T1442]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1940.058640][ T1442]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1940.058658][ T1442]  __do_fast_syscall_32+0xb6/0x2b0
[ 1940.058677][ T1442]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1940.058696][ T1442]  do_fast_syscall_32+0x34/0x80
[ 1940.058714][ T1442]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1940.058733][ T1442] RIP: 0023:0xf712e539
[ 1940.058746][ T1442] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1940.058759][ T1442] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1940.058775][ T1442] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1940.058786][ T1442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1940.058795][ T1442] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1940.058804][ T1442] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1940.058813][ T1442] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1940.058834][ T1442]  </TASK>
[ 1940.269616][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1940.313699][T32667] warn_alloc: 4 callbacks suppressed
[ 1940.313716][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1940.336962][T32667] CPU: 1 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1940.336985][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1940.336996][T32667] Call Trace:
[ 1940.337005][T32667]  <TASK>
[ 1940.337013][T32667]  dump_stack_lvl+0x189/0x250
[ 1940.337039][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1940.337058][T32667]  ? __pfx__printk+0x10/0x10
[ 1940.337079][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1940.337101][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1940.337122][T32667]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1940.337145][T32667]  warn_alloc+0x214/0x310
[ 1940.337165][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1940.337186][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1940.337210][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1940.337237][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1940.337283][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1940.337311][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1940.337335][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1940.337359][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1940.337382][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1940.337406][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1940.337429][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1940.337470][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1940.337506][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1940.337534][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1940.337560][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1940.337586][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1940.337610][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1940.337636][T32667]  vb2_core_poll+0x4f5/0x840
[ 1940.337663][T32667]  vb2_fop_poll+0x168/0x380
[ 1940.337688][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1940.337710][T32667]  v4l2_poll+0x147/0x2c0
[ 1940.337732][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1940.337755][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1940.337783][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1940.337813][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1940.337837][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1940.337867][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1940.337891][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1940.337916][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1940.337934][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1940.337954][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1940.337972][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1940.337989][T32667]  io_queue_async+0x79/0x2f0
[ 1940.338010][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1940.338048][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1940.338067][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1940.338087][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1940.338105][T32667]  ? kcov_ioctl+0x200/0x640
[ 1940.338136][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1940.338151][T32667]  ? do_futex+0x333/0x420
[ 1940.338171][T32667]  ? fput+0xa0/0xd0
[ 1940.338190][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1940.338211][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1940.338237][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1940.338268][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1940.338289][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1940.338309][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1940.338328][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1940.338354][T32667]  do_fast_syscall_32+0x34/0x80
[ 1940.338373][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1940.338393][T32667] RIP: 0023:0xf7fe5539
[ 1940.338408][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1940.338422][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1940.338438][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1940.338449][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1940.338459][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1940.338468][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1940.338478][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1940.338500][T32667]  </TASK>
[ 1940.338506][T32667] Mem-Info:
[ 1940.659531][ T5845] usb 5-1: USB disconnect, device number 122
[ 1940.850271][ T5845] em28xx 5-1:0.0: Disconnecting em28xx
[ 1940.880718][T32667] active_anon:10264 inactive_anon:0 isolated_anon:0
[ 1940.880718][T32667]  active_file:20332 inactive_file:40562 isolated_file:0
[ 1940.880718][T32667]  unevictable:768 dirty:106 writeback:0
[ 1940.880718][T32667]  slab_reclaimable:8756 slab_unreclaimable:136307
[ 1940.880718][T32667]  mapped:46198 shmem:4821 pagetables:1540
[ 1940.880718][T32667]  sec_pagetables:0 bounce:0
[ 1940.880718][T32667]  kernel_misc_reclaimable:0
[ 1940.880718][T32667]  free:1228207 free_pcp:15184 free_cma:0
[ 1940.947640][ T5845] em28xx 5-1:0.0: Freeing device
[ 1940.988145][ T1445] FAULT_INJECTION: forcing a failure.
[ 1940.988145][ T1445] name failslab, interval 1, probability 0, space 0, times 0
[ 1941.018041][ T1445] CPU: 0 UID: 0 PID: 1445 Comm: syz.0.6380 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1941.018065][ T1445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1941.018076][ T1445] Call Trace:
[ 1941.018082][ T1445]  <TASK>
[ 1941.018089][ T1445]  dump_stack_lvl+0x189/0x250
[ 1941.018113][ T1445]  ? __pfx____ratelimit+0x10/0x10
[ 1941.018130][ T1445]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1941.018148][ T1445]  ? __pfx__printk+0x10/0x10
[ 1941.018173][ T1445]  ? __pfx___might_resched+0x10/0x10
[ 1941.018191][ T1445]  ? fs_reclaim_acquire+0x7d/0x100
[ 1941.018210][ T1445]  should_fail_ex+0x414/0x560
[ 1941.018230][ T1445]  should_failslab+0xa8/0x100
[ 1941.018254][ T1445]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1941.018277][ T1445]  ? __alloc_skb+0x112/0x2d0
[ 1941.018302][ T1445]  __alloc_skb+0x112/0x2d0
[ 1941.018326][ T1445]  netlink_ack+0x146/0xa50
[ 1941.018346][ T1445]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1941.018374][ T1445]  netlink_rcv_skb+0x28c/0x470
[ 1941.018396][ T1445]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1941.018414][ T1445]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1941.018447][ T1445]  ? down_read+0x1ad/0x2e0
[ 1941.018469][ T1445]  genl_rcv+0x28/0x40
[ 1941.018483][ T1445]  netlink_unicast+0x759/0x8e0
[ 1941.018510][ T1445]  netlink_sendmsg+0x805/0xb30
[ 1941.018539][ T1445]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1941.018563][ T1445]  ? __import_iovec+0x5d4/0x7f0
[ 1941.018583][ T1445]  ? aa_sock_msg_perm+0x94/0x160
[ 1941.018601][ T1445]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1941.018617][ T1445]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1941.018639][ T1445]  __sock_sendmsg+0x219/0x270
[ 1941.018660][ T1445]  ____sys_sendmsg+0x505/0x830
[ 1941.018679][ T1445]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1941.018705][ T1445]  ___sys_sendmsg+0x21f/0x2a0
[ 1941.018721][ T1445]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1941.018762][ T1445]  ? __fget_files+0x2a/0x420
[ 1941.018787][ T1445]  ? __fget_files+0x3a0/0x420
[ 1941.018807][ T1445]  __sys_sendmsg+0x164/0x220
[ 1941.018823][ T1445]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1941.018853][ T1445]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1941.018871][ T1445]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1941.018888][ T1445]  __do_fast_syscall_32+0xb6/0x2b0
[ 1941.018906][ T1445]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1941.018925][ T1445]  do_fast_syscall_32+0x34/0x80
[ 1941.018942][ T1445]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1941.018960][ T1445] RIP: 0023:0xf712e539
[ 1941.018973][ T1445] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1941.018986][ T1445] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1941.019001][ T1445] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[ 1941.019012][ T1445] RDX: 000000002000c800 RSI: 0000000000000000 RDI: 0000000000000000
[ 1941.019021][ T1445] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1941.019029][ T1445] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1941.019038][ T1445] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1941.019059][ T1445]  </TASK>
[ 1941.019208][T32667] Node 0 active_anon:41256kB inactive_anon:0kB active_file:81240kB inactive_file:162044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:184720kB dirty:424kB writeback:0kB shmem:17748kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13724kB pagetables:5996kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1941.487089][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1941.519256][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1941.687355][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1941.716293][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1941.832880][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1941.917891][T32667] Node 0 DMA32 free:1005744kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:43100kB inactive_anon:0kB active_file:81240kB inactive_file:160476kB unevictable:1536kB writepending:308kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:31356kB local_pcp:19756kB free_cma:0kB
[ 1941.950315][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1942.150409][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1942.165462][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1942.194533][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1942.380241][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1942.385118][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:20592kB free_cma:0kB
[ 1942.416613][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1942.534180][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1942.549376][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1942.621048][T32667] Node 0 DMA32: 719*4kB (ME) 879*8kB (UME) 649*16kB (UME) 1328*32kB (UME) 479*64kB (UME) 195*128kB (UME) 114*256kB (UME) 107*512kB (UME) 110*1024kB (UME) 9*2048kB (UME) 163*4096kB (UM) = 1001092kB
[ 1942.660258][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1942.706209][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1942.784804][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1942.806625][T32667] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1942.817871][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1942.890236][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1943.020854][ T5845] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1943.031831][T32667] 65711 total pagecache pages
[ 1943.045682][T32667] 2 pages in swap cache
[ 1943.061003][ T1470] netlink: 6 bytes leftover after parsing attributes in process `syz.5.6390'.
[ 1943.085258][T32667] Free swap  = 124988kB
[ 1943.099267][T32667] Total swap = 124996kB
[ 1943.115851][ T1475] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6389'.
[ 1943.139491][T32667] 2097051 pages RAM
[ 1943.190684][ T5845] usb 1-1: Using ep0 maxpacket: 32
[ 1943.196603][T32667] 0 pages HighMem/MovableOnly
[ 1943.199507][ T5845] usb 1-1: config 2 has an invalid interface number: 157 but max is 0
[ 1943.206325][T32667] 425385 pages reserved
[ 1943.225979][T32667] 0 pages cma reserved
[ 1943.227039][ T5845] usb 1-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config
[ 1943.299886][ T5845] usb 1-1: config 2 has no interface number 0
[ 1943.313295][ T5845] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[ 1943.330548][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1943.350921][ T5845] usb 1-1: Product: syz
[ 1943.366415][ T5845] usb 1-1: Manufacturer: syz
[ 1943.385919][ T5845] usb 1-1: SerialNumber: syz
[ 1943.391263][T32573] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1943.557149][T32573] usb 2-1: config 0 has no interfaces?
[ 1943.570875][T32573] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1943.607734][T32573] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1943.625724][ T5845] imon 1-1:2.157: unable to register, err -19
[ 1943.721943][T32573] usb 2-1: Product: syz
[ 1943.785232][T32573] usb 2-1: Manufacturer: syz
[ 1943.806040][T32573] usb 2-1: SerialNumber: syz
[ 1944.036990][T32573] usb 2-1: config 0 descriptor??
[ 1944.169023][ T1489] syz_tun: entered allmulticast mode
[ 1944.189636][ T1488] syz_tun: left allmulticast mode
[ 1944.362996][ T1475] netlink: 'syz.1.6389': attribute type 2 has an invalid length.
[ 1944.880862][   T30] audit: type=1326 audit(1753337058.976:6535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1493 comm="syz.4.6396" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fe539 code=0x0
[ 1945.037857][ T1504] netlink: 232 bytes leftover after parsing attributes in process `syz.6.6397'.
[ 1945.048138][ T1504] netlink: 232 bytes leftover after parsing attributes in process `syz.6.6397'.
[ 1945.069952][ T1504] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6397'.
[ 1945.128549][ T1504] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1945.267265][ T1495] could not allocate digest TFM handle sha1-ni
[ 1945.723934][ T1506] input: syz1 as /devices/virtual/input/input88
[ 1945.876215][ T1508] netlink: 'syz.4.6399': attribute type 58 has an invalid length.
[ 1945.952896][ T1508] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6399'.
[ 1946.492452][T26611] usb 1-1: USB disconnect, device number 93
[ 1946.631616][ T1182] usb 2-1: USB disconnect, device number 95
[ 1947.115407][ T1522] netlink: 6 bytes leftover after parsing attributes in process `syz.0.6403'.
[ 1947.623811][ T1533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6407'.
[ 1947.710187][T26611] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1948.044993][T26611] usb 2-1: Using ep0 maxpacket: 8
[ 1948.080711][T26611] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1948.120825][T26611] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 249, changing to 11
[ 1948.167546][T26611] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1948.183912][T26611] usb 2-1: New USB device found, idVendor=05ac, idProduct=0236, bcdDevice= 0.40
[ 1948.195754][T26611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1948.230683][T26611] usb 2-1: Product: syz
[ 1948.234937][T26611] usb 2-1: Manufacturer: syz
[ 1948.239578][T26611] usb 2-1: SerialNumber: syz
[ 1948.478057][ T1526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1948.521115][ T1526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1948.554475][ T1543] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6408'.
[ 1948.565062][ T1543] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6408'.
[ 1948.578172][ T1543] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6408'.
[ 1948.673449][ T1543] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1948.725285][T26611] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input89
[ 1948.762608][ T5202] bcm5974 2-1:1.0: could not read from device
[ 1948.798616][ T5202] bcm5974 2-1:1.0: could not read from device
[ 1948.851942][T26611] usb 2-1: USB disconnect, device number 96
[ 1948.873415][ T5202] bcm5974 2-1:1.0: could not read from device
[ 1948.928868][ T5202] bcm5974 2-1:1.0: could not read from device
[ 1949.301542][  T948] udevd[948]: Error opening device "/dev/input/event4": No such file or directory
[ 1949.535860][  T948] udevd[948]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1949.613731][  T948] udevd[948]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1949.635671][  T948] udevd[948]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1949.660787][  T948] udevd[948]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1950.270398][T26637] usb 2-1: new low-speed USB device number 97 using dummy_hcd
[ 1950.370347][T30164] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1950.486874][T26637] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1950.494654][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1950.534505][T26637] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1950.593906][T30164] usb 6-1: Using ep0 maxpacket: 32
[ 1950.599181][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1950.616805][T30164] usb 6-1: config 2 has an invalid interface number: 157 but max is 0
[ 1950.625424][T30164] usb 6-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config
[ 1950.687467][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1950.704944][T30164] usb 6-1: config 2 has no interface number 0
[ 1950.728297][T30164] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[ 1950.745814][T30164] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1950.769576][T26637] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1950.855510][T30164] usb 6-1: Product: syz
[ 1950.860748][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1950.877349][T30164] usb 6-1: Manufacturer: syz
[ 1950.885043][T30164] usb 6-1: SerialNumber: syz
[ 1950.894893][T26637] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1950.919601][T30164] imon 6-1:2.157: unable to register, err -19
[ 1950.937804][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1950.969900][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1951.012846][T26637] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[ 1951.021748][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1951.055066][   T30] audit: type=1326 audit(1753337065.146:6536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1951.140059][T26637] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1951.214035][   T30] audit: type=1326 audit(1753337065.146:6537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1951.301974][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1951.367943][   T30] audit: type=1326 audit(1753337065.146:6538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1951.405111][T26637] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1951.406584][T32667] warn_alloc: 3 callbacks suppressed
[ 1951.406608][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 1951.516333][   T30] audit: type=1326 audit(1753337065.146:6539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1951.517856][T26637] usb 2-1: string descriptor 0 read error: -22
[ 1951.532902][T32667] ,cpuset=
[ 1951.592700][ T1566] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6414'.
[ 1951.950384][   T30] audit: type=1326 audit(1753337065.146:6540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1951.950526][T32667] /
[ 1952.017327][T26637] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1952.029331][T32667] ,mems_allowed=0-1
[ 1952.054247][   T30] audit: type=1326 audit(1753337065.146:6541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1952.083099][T32667] CPU: 0 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1952.083129][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1952.083143][T32667] Call Trace:
[ 1952.083152][T32667]  <TASK>
[ 1952.083161][T32667]  dump_stack_lvl+0x189/0x250
[ 1952.083191][T32667]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1952.083226][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1952.083253][T32667]  ? __pfx__printk+0x10/0x10
[ 1952.083283][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1952.083312][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1952.083348][T32667]  warn_alloc+0x214/0x310
[ 1952.083376][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1952.083412][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1952.083443][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1952.083480][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1952.083545][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1952.083584][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1952.083622][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1952.083654][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1952.083687][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1952.083718][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1952.083750][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1952.083808][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1952.083858][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1952.083895][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1952.083931][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1952.083965][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1952.083999][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1952.084051][T32667]  vb2_core_poll+0x4f5/0x840
[ 1952.084089][T32667]  vb2_fop_poll+0x168/0x380
[ 1952.084124][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1952.084156][T32667]  v4l2_poll+0x147/0x2c0
[ 1952.084186][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1952.084218][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1952.084258][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1952.084302][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1952.084336][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1952.084378][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1952.084410][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1952.084446][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1952.084469][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1952.084498][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1952.084521][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1952.084543][T32667]  io_queue_async+0x79/0x2f0
[ 1952.084571][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1952.084625][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1952.084651][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1952.084678][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1952.084702][T32667]  ? kcov_ioctl+0x200/0x640
[ 1952.084744][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1952.084763][T32667]  ? do_futex+0x333/0x420
[ 1952.084790][T32667]  ? fput+0xa0/0xd0
[ 1952.084815][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1952.084844][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1952.084880][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1952.084923][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1952.084950][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1952.084974][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1952.085000][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1952.085033][T32667]  do_fast_syscall_32+0x34/0x80
[ 1952.085058][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1952.085082][T32667] RIP: 0023:0xf7fe5539
[ 1952.085101][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1952.085120][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1952.085143][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1952.085158][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1952.085172][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1952.085186][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1952.085197][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1952.085229][T32667]  </TASK>
[ 1952.085374][T32667] Mem-Info:
[ 1952.500471][T26637] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1952.523527][   T30] audit: type=1326 audit(1753337065.146:6542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1952.555036][   T30] audit: type=1326 audit(1753337065.146:6543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1952.578546][ T1572] cgroup: fork rejected by pids controller in /syz6
[ 1952.592278][T32667] active_anon:9763 inactive_anon:0 isolated_anon:0
[ 1952.592278][T32667]  active_file:20332 inactive_file:40566 isolated_file:0
[ 1952.592278][T32667]  unevictable:2816 dirty:128 writeback:0
[ 1952.592278][T32667]  slab_reclaimable:8736 slab_unreclaimable:136205
[ 1952.592278][T32667]  mapped:40165 shmem:4821 pagetables:1517
[ 1952.592278][T32667]  sec_pagetables:0 bounce:0
[ 1952.592278][T32667]  kernel_misc_reclaimable:0
[ 1952.592278][T32667]  free:1224653 free_pcp:17239 free_cma:0
[ 1952.670600][T30164] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[ 1952.716586][   T30] audit: type=1326 audit(1753337065.146:6544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1952.765480][T32667] Node 0 active_anon:39052kB inactive_anon:0kB active_file:81240kB inactive_file:162060kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:160580kB dirty:512kB writeback:0kB shmem:17748kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13692kB pagetables:5904kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1952.820412][   T30] audit: type=1326 audit(1753337065.146:6545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1561 comm="syz.4.6413" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[ 1952.848417][T30164] usb 5-1: Using ep0 maxpacket: 8
[ 1952.855718][T30164] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1952.899881][T30164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1952.910566][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1952.931410][T30164] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1952.968690][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1953.000326][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1953.006339][T32667] Node 0 DMA32 free:993888kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39388kB inactive_anon:0kB active_file:81240kB inactive_file:160492kB unevictable:9728kB writepending:512kB present:3129332kB managed:2558496kB mlocked:8192kB bounce:0kB free_pcp:40508kB local_pcp:18992kB free_cma:0kB
[ 1953.043979][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1953.048972][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1953.089859][T30164] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1953.157141][T30164] usb 5-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[ 1953.171207][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1953.188487][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:20592kB free_cma:0kB
[ 1953.219984][T30164] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1953.243811][T30164] usb 5-1: config 0 descriptor??
[ 1953.334870][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1953.353731][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1953.367033][T32667] Node 0 DMA32: 46*4kB (UME) 401*8kB (UME) 597*16kB (UME) 1155*32kB (UME) 499*64kB (UME) 215*128kB (UME) 116*256kB (UME) 108*512kB (UME) 111*1024kB (UME) 9*2048kB (UME) 163*4096kB (UM) = 994096kB
[ 1953.387145][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1953.400020][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1953.440597][ T5845] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 1953.465574][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1953.486545][T32667] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1953.496616][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1953.513345][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1953.524144][T32667] 65719 total pagecache pages
[ 1953.529573][T32667] 2 pages in swap cache
[ 1953.534789][T32667] Free swap  = 124988kB
[ 1953.539707][T32667] Total swap = 124996kB
[ 1953.545497][T32667] 2097051 pages RAM
[ 1953.549868][T32667] 0 pages HighMem/MovableOnly
[ 1953.555624][T32667] 425385 pages reserved
[ 1953.559940][T32667] 0 pages cma reserved
[ 1953.605253][T26637] usb 2-1: can't set config #168, error -71
[ 1953.613923][ T5845] usb 1-1: Using ep0 maxpacket: 32
[ 1953.627661][T26637] usb 2-1: USB disconnect, device number 97
[ 1953.645861][ T5845] usb 1-1: config 0 has an invalid interface number: 199 but max is 0
[ 1953.733869][ T5845] usb 1-1: config 0 has no interface number 0
[ 1953.747462][T26611] usb 6-1: USB disconnect, device number 59
[ 1953.751432][ T5845] usb 1-1: too many endpoints for config 0 interface 199 altsetting 166: 241, using maximum allowed: 30
[ 1953.776250][T30164] redragon 0003:0C45:760B.004F: Fixing Redragon ASURA report descriptor.
[ 1953.812713][T30164] redragon 0003:0C45:760B.004F: unknown main item tag 0x6
[ 1953.822750][ T5845] usb 1-1: config 0 interface 199 altsetting 166 has 0 endpoint descriptors, different from the interface descriptor's value: 241
[ 1953.846933][T30164] redragon 0003:0C45:760B.004F: item fetching failed at offset 7/133
[ 1953.893920][ T5845] usb 1-1: config 0 interface 199 has no altsetting 0
[ 1953.904814][T30164] redragon 0003:0C45:760B.004F: probe with driver redragon failed with error -22
[ 1953.926733][ T5845] usb 1-1: New USB device found, idVendor=054e, idProduct=d001, bcdDevice=88.92
[ 1953.949958][T21847] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1953.975789][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1954.013932][ T5845] usb 1-1: config 0 descriptor??
[ 1954.063952][ T1583] netlink: 6 bytes leftover after parsing attributes in process `syz.5.6420'.
[ 1954.087150][T30164] usb 5-1: USB disconnect, device number 123
[ 1954.285362][T21847] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1954.448862][T21847] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1954.579335][ T5845] usb 1-1: string descriptor 0 read error: -71
[ 1954.623013][ T5845] usb 1-1: USB disconnect, device number 94
[ 1954.660647][T21847] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1954.761817][ T1592] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.6424'.
[ 1954.804575][ T1592] debugfs: Directory 'Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`²i' with parent 'ieee80211' already present!
[ 1954.838075][ T1597] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[ 1954.862037][ T1598] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.6421'.
[ 1954.904712][ T1598] debugfs: Directory 'Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!' with parent 'ieee80211' already present!
[ 1955.020840][T26637] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[ 1955.180622][T26637] usb 2-1: Using ep0 maxpacket: 8
[ 1955.193747][T26637] usb 2-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[ 1955.236954][T26637] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1955.314995][T26637] usb 2-1: config 0 descriptor??
[ 1955.564844][T26637] usb 2-1: string descriptor 0 read error: -71
[ 1955.610392][T26637] usb 2-1: Found UVC 0.00 device <unnamed> (2833:0201)
[ 1955.657915][T26637] usb 2-1: No valid video chain found.
[ 1955.720615][T26637] usb 2-1: USB disconnect, device number 98
[ 1955.928979][T18398] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1955.939337][T18398] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1955.950651][T18398] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1956.027579][T18398] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1956.038046][T18398] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1956.300221][ T1182] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1956.545652][ T1182] usb 1-1: Using ep0 maxpacket: 32
[ 1956.623641][ T1182] usb 1-1: config 2 has an invalid interface number: 157 but max is 0
[ 1956.740179][ T1182] usb 1-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config
[ 1956.861916][ T1182] usb 1-1: config 2 has no interface number 0
[ 1956.951684][ T1182] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[ 1956.984991][ T1182] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1957.043918][ T1182] usb 1-1: Product: syz
[ 1957.056751][ T1182] usb 1-1: Manufacturer: syz
[ 1957.065833][ T1182] usb 1-1: SerialNumber: syz
[ 1957.122103][ T1182] imon 1-1:2.157: unable to register, err -19
[ 1957.490911][ T1633] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1958.130721][T18398] Bluetooth: hci5: command tx timeout
[ 1958.238459][T21847] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1958.286344][T21847] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1958.328313][T21847] bond0 (unregistering): Released all slaves
[ 1958.393510][T21847] bond1 (unregistering): Released all slaves
[ 1958.980252][ T5845] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1959.128806][ T1647] netlink: 6 bytes leftover after parsing attributes in process `syz.1.6434'.
[ 1959.140399][ T5845] usb 5-1: Using ep0 maxpacket: 16
[ 1959.192081][ T5845] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1959.247055][ T5845] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1959.250237][ T1182] usb 6-1: new low-speed USB device number 60 using dummy_hcd
[ 1959.311349][ T5845] usb 5-1: Product: syz
[ 1959.344130][ T5845] usb 5-1: Manufacturer: syz
[ 1959.387575][ T5845] usb 5-1: SerialNumber: syz
[ 1959.429019][ T5845] r8152-cfgselector 5-1: Unknown version 0x0000
[ 1959.453240][ T5845] r8152-cfgselector 5-1: config 0 descriptor??
[ 1959.482683][ T1182] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1959.548426][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1959.579303][T21847] hsr_slave_0: left promiscuous mode
[ 1959.644381][ T1182] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1959.712519][T21847] hsr_slave_1: left promiscuous mode
[ 1959.761580][T21847] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1959.764081][ T1656] netlink: 80 bytes leftover after parsing attributes in process `syz.1.6435'.
[ 1959.792936][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1959.819374][T21847] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1959.950951][T30164] usb 1-1: USB disconnect, device number 95
[ 1959.990288][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1960.032908][T21847] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1960.064266][T26611] r8152-cfgselector 5-1: USB disconnect, device number 124
[ 1960.076321][ T1661] FAULT_INJECTION: forcing a failure.
[ 1960.076321][ T1661] name failslab, interval 1, probability 0, space 0, times 0
[ 1960.096997][T21847] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1960.107024][ T1182] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1960.136854][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1960.160222][ T1661] CPU: 0 UID: 0 PID: 1661 Comm: syz.0.6436 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1960.160250][ T1661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1960.160262][ T1661] Call Trace:
[ 1960.160270][ T1661]  <TASK>
[ 1960.160278][ T1661]  dump_stack_lvl+0x189/0x250
[ 1960.160306][ T1661]  ? __pfx____ratelimit+0x10/0x10
[ 1960.160329][ T1661]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1960.160351][ T1661]  ? __pfx__printk+0x10/0x10
[ 1960.160383][ T1661]  ? __pfx___might_resched+0x10/0x10
[ 1960.160412][ T1661]  should_fail_ex+0x414/0x560
[ 1960.160439][ T1661]  should_failslab+0xa8/0x100
[ 1960.160472][ T1661]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1960.160502][ T1661]  ? __alloc_skb+0x112/0x2d0
[ 1960.160535][ T1661]  __alloc_skb+0x112/0x2d0
[ 1960.160569][ T1661]  netlink_sendmsg+0x5c6/0xb30
[ 1960.160611][ T1661]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1960.160653][ T1661]  ? __import_iovec+0x5d4/0x7f0
[ 1960.160680][ T1661]  ? aa_sock_msg_perm+0x94/0x160
[ 1960.160705][ T1661]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1960.160728][ T1661]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1960.160759][ T1661]  __sock_sendmsg+0x219/0x270
[ 1960.160788][ T1661]  ____sys_sendmsg+0x505/0x830
[ 1960.160814][ T1661]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1960.160852][ T1661]  ___sys_sendmsg+0x21f/0x2a0
[ 1960.160874][ T1661]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1960.160933][ T1661]  ? __fget_files+0x2a/0x420
[ 1960.160951][ T1661]  ? __fget_files+0x3a0/0x420
[ 1960.160981][ T1661]  __sys_sendmsg+0x164/0x220
[ 1960.161004][ T1661]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1960.161039][ T1661]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1960.161064][ T1661]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1960.161090][ T1661]  __do_fast_syscall_32+0xb6/0x2b0
[ 1960.161116][ T1661]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1960.161144][ T1661]  do_fast_syscall_32+0x34/0x80
[ 1960.161169][ T1661]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1960.161194][ T1661] RIP: 0023:0xf712e539
[ 1960.161213][ T1661] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1960.161232][ T1661] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1960.161260][ T1661] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000940
[ 1960.161275][ T1661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1960.161287][ T1661] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1960.161299][ T1661] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1960.161312][ T1661] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1960.161342][ T1661]  </TASK>
[ 1960.430243][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1960.437994][ T1182] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1960.450130][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1960.461604][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1960.490328][T18398] Bluetooth: hci5: command tx timeout
[ 1960.540373][T31368] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1960.558063][ T1182] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1960.567231][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1960.599183][ T1182] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1960.629711][T21847] veth1_macvtap: left promiscuous mode
[ 1960.655872][T21847] veth0_macvtap: left promiscuous mode
[ 1960.661869][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1960.680719][T21847] veth1_vlan: left promiscuous mode
[ 1960.696922][T31368] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1960.715100][T21847] veth0_vlan: left promiscuous mode
[ 1960.721082][ T1182] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1960.755464][T31368] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1960.777078][T31368] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1960.794207][ T1182] usb 6-1: string descriptor 0 read error: -22
[ 1960.804918][ T1182] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1960.825227][T31368] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1960.847833][ T1182] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1960.878130][ T1656] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1960.907576][T31368] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1960.948596][ T1182] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1961.554832][T32667] warn_alloc: 6 callbacks suppressed
[ 1961.554855][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1961.648751][T32667] CPU: 0 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1961.648785][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1961.648799][T32667] Call Trace:
[ 1961.648809][T32667]  <TASK>
[ 1961.648818][T32667]  dump_stack_lvl+0x189/0x250
[ 1961.648852][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1961.648878][T32667]  ? __pfx__printk+0x10/0x10
[ 1961.648907][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1961.648934][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1961.648964][T32667]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1961.648995][T32667]  warn_alloc+0x214/0x310
[ 1961.649022][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1961.649051][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1961.649082][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1961.649119][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1961.649185][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1961.649224][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1961.649256][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1961.649288][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1961.649319][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1961.649351][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1961.649384][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1961.649443][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1961.649493][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1961.649544][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1961.649581][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1961.649616][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1961.649650][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1961.649685][T32667]  vb2_core_poll+0x4f5/0x840
[ 1961.649723][T32667]  vb2_fop_poll+0x168/0x380
[ 1961.649759][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1961.649790][T32667]  v4l2_poll+0x147/0x2c0
[ 1961.649820][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1961.649852][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1961.649893][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1961.649939][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1961.649974][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1961.650012][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1961.650037][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1961.650075][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1961.650097][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1961.650126][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1961.650149][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1961.650172][T32667]  io_queue_async+0x79/0x2f0
[ 1961.650201][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1961.650255][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1961.650282][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1961.650308][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1961.650333][T32667]  ? kcov_ioctl+0x200/0x640
[ 1961.650375][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1961.650395][T32667]  ? do_futex+0x333/0x420
[ 1961.650423][T32667]  ? fput+0xa0/0xd0
[ 1961.650450][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1961.650478][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1961.650514][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1961.650565][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1961.650593][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1961.650620][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1961.650645][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1961.650679][T32667]  do_fast_syscall_32+0x34/0x80
[ 1961.650706][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1961.650731][T32667] RIP: 0023:0xf7fe5539
[ 1961.650751][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1961.650769][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1961.650793][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1961.650808][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1961.650821][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1961.650834][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1961.650847][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1961.650877][T32667]  </TASK>
[ 1962.049952][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1962.109289][T32667] Mem-Info:
[ 1962.116611][T32667] active_anon:10115 inactive_anon:0 isolated_anon:0
[ 1962.116611][T32667]  active_file:20337 inactive_file:40572 isolated_file:0
[ 1962.116611][T32667]  unevictable:768 dirty:119 writeback:7
[ 1962.116611][T32667]  slab_reclaimable:8672 slab_unreclaimable:136002
[ 1962.116611][T32667]  mapped:39111 shmem:4829 pagetables:1515
[ 1962.116611][T32667]  sec_pagetables:0 bounce:0
[ 1962.116611][T32667]  kernel_misc_reclaimable:0
[ 1962.116611][T32667]  free:1218204 free_pcp:25968 free_cma:0
[ 1962.162174][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1962.171863][T32667] Node 0 active_anon:40496kB inactive_anon:0kB active_file:81240kB inactive_file:162080kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:156424kB dirty:420kB writeback:0kB shmem:17788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13676kB pagetables:5908kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1962.205365][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1962.214548][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1962.285649][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1962.426385][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1962.470035][T32667] Node 0 DMA32 free:972260kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40752kB inactive_anon:0kB active_file:81240kB inactive_file:160512kB unevictable:1536kB writepending:416kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:70964kB local_pcp:31212kB free_cma:0kB
[ 1962.577600][T18398] Bluetooth: hci5: command tx timeout
[ 1962.583972][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1962.588737][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1962.719109][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1962.810373][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:20592kB free_cma:0kB
[ 1962.870508][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1962.883550][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1962.949731][T32667] Node 0 DMA32: 1094*4kB (UM) 789*8kB (UME) 589*16kB (UME) 814*32kB (UME) 420*64kB (UME) 183*128kB (UME) 108*256kB (UME) 96*512kB (UME) 111*1024kB (UME) 9*2048kB (UME) 163*4096kB (UM) = 973008kB
[ 1963.021967][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1963.035156][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1963.128078][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1963.142144][T32667] Node 0 hugepages_total=1 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1963.154051][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1963.165127][T32667] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1963.187782][T32667] 65733 total pagecache pages
[ 1963.286480][T32667] 2 pages in swap cache
[ 1963.292807][T32667] Free swap  = 124988kB
[ 1963.299890][T32667] Total swap = 124996kB
[ 1963.306446][T32667] 2097051 pages RAM
[ 1963.310604][T32667] 0 pages HighMem/MovableOnly
[ 1963.330706][T32667] 425385 pages reserved
[ 1963.335691][T32667] 0 pages cma reserved
[ 1964.612337][T18398] Bluetooth: hci5: command tx timeout
[ 1964.950778][ T5845] usb 2-1: USB disconnect, device number 99
[ 1964.976523][T26611] usb 6-1: USB disconnect, device number 60
[ 1965.548501][ T1694] kvm: pic: single mode not supported
[ 1965.548536][ T1694] kvm: pic: level sensitive irq not supported
[ 1965.586383][ T1694] kvm: pic: single mode not supported
[ 1965.592694][ T1694] kvm: pic: level sensitive irq not supported
[ 1965.998824][ T1621] chnl_net:caif_netlink_parms(): no params data found
[ 1966.387933][T18398] Bluetooth: hci1: ACL packet for unknown connection handle 200
[ 1967.175043][ T1721] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[ 1967.185864][ T1621] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1967.236777][ T1621] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1967.322923][ T1730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6446'.
[ 1967.330442][ T1621] bridge_slave_0: entered allmulticast mode
[ 1967.339373][ T1730] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6446'.
[ 1967.353916][ T1621] bridge_slave_0: entered promiscuous mode
[ 1967.391641][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1967.407282][ T1621] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1967.791084][ T1621] bridge_slave_1: entered allmulticast mode
[ 1967.817760][ T1621] bridge_slave_1: entered promiscuous mode
[ 1967.824839][ T1732] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6446'.
[ 1968.073738][ T1621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1968.142902][ T1621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1968.457036][ T1743] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6449'.
[ 1968.466321][ T1743] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6449'.
[ 1968.480760][ T1743] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6449'.
[ 1968.717896][ T1621] team0: Port device team_slave_0 added
[ 1968.785587][ T1621] team0: Port device team_slave_1 added
[ 1968.840621][ T1743] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1969.407902][ T1621] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1969.431419][ T1621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1969.498270][ T1621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1969.546534][ T1621] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1969.584902][ T1621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1969.687059][ T1621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1969.996636][ T1765] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6454'.
[ 1970.005951][ T1765] netlink: 232 bytes leftover after parsing attributes in process `syz.5.6454'.
[ 1970.018133][ T1765] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6454'.
[ 1970.280659][ T1621] hsr_slave_0: entered promiscuous mode
[ 1970.316299][ T1621] hsr_slave_1: entered promiscuous mode
[ 1970.344738][ T1621] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1970.374470][ T1621] Cannot create hsr debugfs directory
[ 1971.146431][ T1779] netlink: 6 bytes leftover after parsing attributes in process `syz.0.6457'.
[ 1971.931622][ T1182] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[ 1972.130971][ T1182] usb 1-1: Using ep0 maxpacket: 8
[ 1972.143136][ T1182] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1972.168380][ T1182] usb 1-1: config 5 has an invalid interface number: 215 but max is 0
[ 1972.202746][ T1182] usb 1-1: config 5 has no interface number 0
[ 1972.234507][ T1182] usb 1-1: config 5 interface 215 has no altsetting 0
[ 1972.265065][ T1182] usb 1-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=dc.ba
[ 1972.281759][ T1182] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1972.354952][T32667] warn_alloc: 6 callbacks suppressed
[ 1972.354974][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1972.417893][ T1182] usb 1-1: Product: syz
[ 1972.426676][ T1182] usb 1-1: Manufacturer: syz
[ 1972.436146][T32667] CPU: 0 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1972.436179][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1972.436194][T32667] Call Trace:
[ 1972.436204][T32667]  <TASK>
[ 1972.436214][T32667]  dump_stack_lvl+0x189/0x250
[ 1972.436248][T32667]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1972.436284][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1972.436311][T32667]  ? __pfx__printk+0x10/0x10
[ 1972.436342][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1972.436372][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1972.436410][T32667]  warn_alloc+0x214/0x310
[ 1972.436439][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1972.436472][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1972.436505][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1972.436542][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1972.436610][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1972.436646][T32667]  ? vb2_vmalloc_alloc+0xb2/0x340
[ 1972.436681][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1972.436716][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1972.436755][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1972.436790][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1972.436823][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1972.436858][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1972.436919][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1972.436972][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1972.437003][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1972.437044][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1972.437089][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1972.437124][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1972.437160][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1972.437196][T32667]  vb2_core_poll+0x4f5/0x840
[ 1972.437235][T32667]  vb2_fop_poll+0x168/0x380
[ 1972.437271][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1972.437305][T32667]  v4l2_poll+0x147/0x2c0
[ 1972.437335][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1972.437368][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1972.437409][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1972.437453][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1972.437487][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1972.437529][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1972.437556][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1972.437591][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1972.437615][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1972.437644][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1972.437669][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1972.437693][T32667]  io_queue_async+0x79/0x2f0
[ 1972.437722][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1972.437779][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1972.437806][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1972.437836][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1972.437860][T32667]  ? kcov_ioctl+0x200/0x640
[ 1972.437904][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1972.437924][T32667]  ? do_futex+0x333/0x420
[ 1972.437953][T32667]  ? fput+0xa0/0xd0
[ 1972.437980][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1972.438009][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1972.438048][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1972.438098][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1972.438128][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1972.438155][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1972.438183][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1972.438219][T32667]  do_fast_syscall_32+0x34/0x80
[ 1972.438246][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1972.438273][T32667] RIP: 0023:0xf7fe5539
[ 1972.438292][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1972.438312][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1972.438335][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1972.438351][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1972.438364][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1972.438377][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1972.438390][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1972.438423][T32667]  </TASK>
[ 1972.438516][T32667] Mem-Info:
[ 1972.502553][ T1810] netlink: 232 bytes leftover after parsing attributes in process `syz.4.6462'.
[ 1972.502578][ T1810] netlink: 232 bytes leftover after parsing attributes in process `syz.4.6462'.
[ 1972.503121][ T1810] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6462'.
[ 1972.882537][T32667] active_anon:9741 inactive_anon:0 isolated_anon:0
[ 1972.882537][T32667]  active_file:20332 inactive_file:40575 isolated_file:0
[ 1972.882537][T32667]  unevictable:768 dirty:102 writeback:0
[ 1972.882537][T32667]  slab_reclaimable:8722 slab_unreclaimable:135367
[ 1972.882537][T32667]  mapped:40106 shmem:4826 pagetables:1503
[ 1972.882537][T32667]  sec_pagetables:0 bounce:0
[ 1972.882537][T32667]  kernel_misc_reclaimable:0
[ 1972.882537][T32667]  free:1222609 free_pcp:22432 free_cma:0
[ 1972.927984][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1972.937882][ T1182] usb 1-1: SerialNumber: syz
[ 1972.997720][T32667] Node 0 active_anon:38664kB inactive_anon:0kB active_file:81240kB inactive_file:162096kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:160352kB dirty:408kB writeback:0kB shmem:17768kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13524kB pagetables:5848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1973.031224][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1973.093681][ T1807] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1973.127279][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1973.159043][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1973.165815][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1973.195824][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1973.204976][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1973.210994][T32667] Node 0 DMA32 free:988116kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38668kB inactive_anon:0kB active_file:81240kB inactive_file:160528kB unevictable:1536kB writepending:412kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:59432kB local_pcp:26572kB free_cma:0kB
[ 1973.243226][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1973.249844][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1973.265617][ T1814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1973.283878][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1973.296174][ T1814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1973.410901][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1973.415719][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:7696kB free_cma:0kB
[ 1973.454649][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1973.463194][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1973.488770][T32667] Node 0 DMA32: 402*4kB (UM) 133*8kB (UME) 438*16kB (UME) 748*32kB (UME) 469*64kB (UME) 289*128kB (UME) 124*256kB (UME) 108*512kB (UME) 112*1024kB (UME) 9*2048kB (UME) 163*4096kB (UM) = 988432kB
[ 1973.526335][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1973.624311][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1973.729033][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1973.731136][ T1817] bridge2: entered allmulticast mode
[ 1973.769964][T32667] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1973.792026][ T1819] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1973.812195][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1973.877492][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1973.931966][T32667] 65731 total pagecache pages
[ 1974.025756][T32667] 2 pages in swap cache
[ 1974.119568][T32667] Free swap  = 124988kB
[ 1974.138466][T32667] Total swap = 124996kB
[ 1974.148520][T32667] 2097051 pages RAM
[ 1974.220997][ T1621] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1974.240198][T32667] 0 pages HighMem/MovableOnly
[ 1974.257744][ T1621] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1974.299890][ T1621] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1974.309966][T32667] 425385 pages reserved
[ 1974.332250][ T1621] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1974.417947][T32667] 0 pages cma reserved
[ 1974.730569][ T1182] cypress_m8 1-1:5.215: DeLorme Earthmate USB converter detected
[ 1974.758937][ T1182] earthmate ttyUSB0: required endpoint is missing
[ 1974.834746][ T1182] usb 1-1: USB disconnect, device number 96
[ 1974.848340][ T1621] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1974.910358][ T1182] cypress_m8 1-1:5.215: device disconnected
[ 1974.964852][ T1621] 8021q: adding VLAN 0 to HW filter on device team0
[ 1975.066822][T22634] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1975.074095][T22634] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1975.182928][ T1667] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1975.190206][ T1667] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1975.749453][ T1621] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1976.333414][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.339879][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1976.357263][ T1621] veth0_vlan: entered promiscuous mode
[ 1976.395352][ T1621] veth1_vlan: entered promiscuous mode
[ 1976.517293][ T1621] veth0_macvtap: entered promiscuous mode
[ 1976.634677][ T1621] veth1_macvtap: entered promiscuous mode
[ 1976.775868][ T1621] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1976.862227][ T1621] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1976.942453][ T1621] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.023444][ T1621] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.285843][ T1868] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6474'.
[ 1977.302925][ T1621] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.335621][ T1868] netlink: 232 bytes leftover after parsing attributes in process `syz.0.6474'.
[ 1977.361751][ T1621] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1977.462672][ T1869] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6474'.
[ 1977.578869][ T1868] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[ 1977.767600][ T1873] loop5: detected capacity change from 0 to 2631
[ 1978.378777][T21840] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1978.431060][  T945] buffer_io_error: 16 callbacks suppressed
[ 1978.431077][  T945] Buffer I/O error on dev loop5, logical block 328, async page read
[ 1978.501705][T21840] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1978.910365][T30164] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1978.919280][T29208] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1978.965652][T29208] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1979.272341][ T1884] FAULT_INJECTION: forcing a failure.
[ 1979.272341][ T1884] name failslab, interval 1, probability 0, space 0, times 0
[ 1979.393110][ T1884] CPU: 0 UID: 0 PID: 1884 Comm: syz.5.6477 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1979.393141][ T1884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1979.393155][ T1884] Call Trace:
[ 1979.393165][ T1884]  <TASK>
[ 1979.393175][ T1884]  dump_stack_lvl+0x189/0x250
[ 1979.393207][ T1884]  ? __pfx____ratelimit+0x10/0x10
[ 1979.393232][ T1884]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1979.393258][ T1884]  ? __pfx__printk+0x10/0x10
[ 1979.393293][ T1884]  ? __pfx___might_resched+0x10/0x10
[ 1979.393349][ T1884]  ? fs_reclaim_acquire+0x7d/0x100
[ 1979.393375][ T1884]  should_fail_ex+0x414/0x560
[ 1979.393404][ T1884]  should_failslab+0xa8/0x100
[ 1979.393437][ T1884]  __kmalloc_noprof+0xcb/0x4f0
[ 1979.393463][ T1884]  ? kfree+0x4d/0x440
[ 1979.393486][ T1884]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1979.393518][ T1884]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1979.393546][ T1884]  ? tomoyo_domain+0xd9/0x130
[ 1979.393577][ T1884]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1979.393598][ T1884]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1979.393623][ T1884]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1979.393662][ T1884]  ? __lock_acquire+0xab9/0xd20
[ 1979.393706][ T1884]  ? __fget_files+0x2a/0x420
[ 1979.393730][ T1884]  ? __fget_files+0x3a0/0x420
[ 1979.393748][ T1884]  ? __fget_files+0x2a/0x420
[ 1979.393772][ T1884]  security_file_ioctl_compat+0xcb/0x2d0
[ 1979.393808][ T1884]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1979.393837][ T1884]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1979.393864][ T1884]  ? __fget_files+0x3a0/0x420
[ 1979.393888][ T1884]  ? fput+0xa0/0xd0
[ 1979.393912][ T1884]  ? ksys_write+0x22a/0x250
[ 1979.393947][ T1884]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1979.393974][ T1884]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1979.393999][ T1884]  __do_fast_syscall_32+0xb6/0x2b0
[ 1979.394026][ T1884]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1979.394053][ T1884]  do_fast_syscall_32+0x34/0x80
[ 1979.394078][ T1884]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1979.394103][ T1884] RIP: 0023:0xf70ae539
[ 1979.394127][ T1884] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1979.394145][ T1884] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1979.394168][ T1884] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000089e0
[ 1979.394183][ T1884] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1979.394196][ T1884] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1979.394208][ T1884] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1979.394220][ T1884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1979.394251][ T1884]  </TASK>
[ 1979.394350][ T1884] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1980.166844][ T1894] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6419'.
[ 1980.377901][ T1902] IPv6: NLM_F_CREATE should be specified when creating new route
[ 1982.163985][ T1929] netlink: 232 bytes leftover after parsing attributes in process `syz.1.6483'.
[ 1982.173347][ T1929] netlink: 232 bytes leftover after parsing attributes in process `syz.1.6483'.
[ 1982.185835][ T1929] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6483'.
[ 1983.183590][ T1941] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[ 1983.312333][ T1941] netlink: 188 bytes leftover after parsing attributes in process `syz.5.6488'.
[ 1983.501466][ T1955] usb usb8: usbfs: process 1955 (syz.4.6491) did not claim interface 0 before use
[ 1983.637365][T32667] warn_alloc: 3 callbacks suppressed
[ 1983.637382][T32667] syz.2.6023: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1983.703925][T32667] CPU: 0 UID: 0 PID: 32667 Comm: syz.2.6023 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1983.703948][T32667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1983.703958][T32667] Call Trace:
[ 1983.703966][T32667]  <TASK>
[ 1983.703973][T32667]  dump_stack_lvl+0x189/0x250
[ 1983.703996][T32667]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1983.704023][T32667]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1983.704042][T32667]  ? __pfx__printk+0x10/0x10
[ 1983.704063][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1983.704086][T32667]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1983.704112][T32667]  warn_alloc+0x214/0x310
[ 1983.704132][T32667]  ? __pfx_warn_alloc+0x10/0x10
[ 1983.704154][T32667]  ? __get_vm_area_node+0x28f/0x300
[ 1983.704178][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1983.704206][T32667]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1983.704253][T32667]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1983.704282][T32667]  ? __kasan_kmalloc+0x93/0xb0
[ 1983.704313][T32667]  vmalloc_user_noprof+0xad/0xf0
[ 1983.704337][T32667]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1983.704362][T32667]  vb2_vmalloc_alloc+0xef/0x340
[ 1983.704386][T32667]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1983.704410][T32667]  __vb2_queue_alloc+0x9c2/0x15a0
[ 1983.704453][T32667]  vb2_core_reqbufs+0xc31/0x1420
[ 1983.704489][T32667]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1983.704511][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1983.704540][T32667]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1983.704567][T32667]  __vb2_init_fileio+0x318/0xff0
[ 1983.704593][T32667]  ? __pfx___mutex_lock+0x10/0x10
[ 1983.704618][T32667]  ? __pfx_do_raw_write_lock+0x10/0x10
[ 1983.704644][T32667]  vb2_core_poll+0x4f5/0x840
[ 1983.704671][T32667]  vb2_fop_poll+0x168/0x380
[ 1983.704697][T32667]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1983.704720][T32667]  v4l2_poll+0x147/0x2c0
[ 1983.704742][T32667]  ? __pfx_v4l2_poll+0x10/0x10
[ 1983.704766][T32667]  __ep_eventpoll_poll+0x455/0x7c0
[ 1983.704795][T32667]  ? __pfx___ep_eventpoll_poll+0x10/0x10
[ 1983.704825][T32667]  ? __pfx_ep_eventpoll_poll+0x10/0x10
[ 1983.704850][T32667]  __io_arm_poll_handler+0x372/0xbb0
[ 1983.704879][T32667]  io_arm_poll_handler+0x726/0xb70
[ 1983.704902][T32667]  ? __pfx_io_accept+0x10/0x10
[ 1983.704927][T32667]  ? __pfx_io_arm_poll_handler+0x10/0x10
[ 1983.704944][T32667]  ? __pfx_io_async_queue_proc+0x10/0x10
[ 1983.704965][T32667]  ? io_file_get_normal+0x101/0x2f0
[ 1983.704982][T32667]  ? io_issue_sqe+0x3bb/0xfd0
[ 1983.704999][T32667]  io_queue_async+0x79/0x2f0
[ 1983.705020][T32667]  io_submit_sqes+0xe22/0x1c50
[ 1983.705058][T32667]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1983.705077][T32667]  ? __pfx_futex_wait+0x10/0x10
[ 1983.705097][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1983.705115][T32667]  ? kcov_ioctl+0x200/0x640
[ 1983.705146][T32667]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1983.705160][T32667]  ? do_futex+0x333/0x420
[ 1983.705180][T32667]  ? fput+0xa0/0xd0
[ 1983.705199][T32667]  ? __pfx_do_futex+0x10/0x10
[ 1983.705220][T32667]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1983.705246][T32667]  ? __se_sys_futex_time32+0x360/0x3e0
[ 1983.705276][T32667]  ? rcu_is_watching+0x15/0xb0
[ 1983.705302][T32667]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 1983.705321][T32667]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1983.705340][T32667]  __do_fast_syscall_32+0xb6/0x2b0
[ 1983.705366][T32667]  do_fast_syscall_32+0x34/0x80
[ 1983.705385][T32667]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1983.705404][T32667] RIP: 0023:0xf7fe5539
[ 1983.705418][T32667] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1983.705431][T32667] RSP: 002b:00000000f50b755c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1983.705447][T32667] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000000047f5
[ 1983.705458][T32667] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1983.705468][T32667] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1983.705477][T32667] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1983.705486][T32667] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1983.705508][T32667]  </TASK>
[ 1983.705632][T32667] Mem-Info:
[ 1984.230835][T32667] active_anon:10130 inactive_anon:0 isolated_anon:0
[ 1984.230835][T32667]  active_file:20332 inactive_file:40580 isolated_file:0
[ 1984.230835][T32667]  unevictable:768 dirty:141 writeback:0
[ 1984.230835][T32667]  slab_reclaimable:8821 slab_unreclaimable:136787
[ 1984.230835][T32667]  mapped:44256 shmem:4819 pagetables:1576
[ 1984.230835][T32667]  sec_pagetables:0 bounce:0
[ 1984.230835][T32667]  kernel_misc_reclaimable:0
[ 1984.230835][T32667]  free:1228861 free_pcp:14160 free_cma:0
[ 1984.668866][T32667] Node 0 active_anon:38888kB inactive_anon:0kB active_file:81240kB inactive_file:162116kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:164936kB dirty:564kB writeback:0kB shmem:17740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14068kB pagetables:6140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1984.703116][ T1182] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1984.887899][T32667] Node 1 active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1984.950284][ T1182] usb 7-1: Using ep0 maxpacket: 8
[ 1984.982154][ T1182] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1985.013664][ T1182] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1985.077777][T32667] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1985.114481][ T1182] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1985.163604][ T1182] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1985.200799][ T1182] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1985.222640][T32667] lowmem_reserve[]: 0 2498 2500 2500 2500
[ 1985.235514][T32667] Node 0 DMA32 free:1009460kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40060kB inactive_anon:0kB active_file:81240kB inactive_file:160548kB unevictable:1536kB writepending:576kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:27548kB local_pcp:16392kB free_cma:0kB
[ 1985.284794][ T1182] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1985.618556][ T1182] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1985.643319][T32667] lowmem_reserve[]: 0 0 1 1 1
[ 1985.723641][T32667] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 1985.790365][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1985.795333][T32667] Node 1 Normal free:3889140kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:88kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:28288kB local_pcp:20592kB free_cma:0kB
[ 1985.910302][ T1182] usb 7-1: usb_control_msg returned -32
[ 1985.915976][ T1182] usbtmc 7-1:16.0: can't read capabilities
[ 1985.960244][T32667] lowmem_reserve[]: 0 0 0 0 0
[ 1986.000227][T32667] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1986.090632][T32667] Node 0 DMA32: 1733*4kB (UME) 874*8kB (UME) 599*16kB (UME) 953*32kB (UME) 480*64kB (UME) 284*128kB (UME) 125*256kB (UME) 107*512kB (UME) 111*1024kB (UME) 10*2048kB (UME) 163*4096kB (UM) = 1009652kB
[ 1986.190306][T32667] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1986.247637][T32667] Node 1 Normal: 177*4kB (UME) 66*8kB (UME) 44*16kB (UME) 211*32kB (UE) 60*64kB (UME) 20*128kB (UME) 5*256kB (UME) 6*512kB (UME) 1*1024kB (E) 3*2048kB (UME) 943*4096kB (M) = 3889140kB
[ 1986.425232][T32667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1986.485370][T32667] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1986.540265][T32667] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1986.631605][T32667] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1986.678678][T32667] 66107 total pagecache pages
[ 1986.718416][T32667] 2 pages in swap cache
[ 1986.741107][T32667] Free swap  = 124988kB
[ 1986.754217][T32667] Total swap = 124996kB
[ 1986.795420][T32667] 2097051 pages RAM
[ 1986.817205][T32667] 0 pages HighMem/MovableOnly
[ 1986.845938][T32667] 425385 pages reserved
[ 1986.858366][T32667] 0 pages cma reserved
[ 1987.010189][ T1182] usb 7-1: USB disconnect, device number 11
[ 1987.070214][T26637] usb 1-1: new low-speed USB device number 97 using dummy_hcd
[ 1987.170971][   T31] INFO: task syz.2.6023:32666 blocked for more than 143 seconds.
[ 1987.200253][   T31]       Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0
[ 1987.208048][   T31]       Blocked by coredump.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1987.242421][T26637] usb 1-1: Invalid ep0 maxpacket: 16
[ 1987.350212][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1987.397064][   T31] task:syz.2.6023      state:D stack:24296 pid:32666 tgid:32653 ppid:21055  task_flags:0x400448 flags:0x20004006
[ 1987.424166][T26637] usb 1-1: new low-speed USB device number 98 using dummy_hcd
[ 1987.504091][   T31] Call Trace:
[ 1987.528889][   T31]  <TASK>
[ 1987.569604][   T31]  __schedule+0x16fd/0x4cf0
[ 1987.596387][   T31]  ? __lock_acquire+0x9c1/0xd20
[ 1987.634788][   T31]  ? schedule+0x165/0x360
[ 1987.639227][   T31]  ? __pfx___schedule+0x10/0x10
[ 1987.670250][T26637] usb 1-1: Invalid ep0 maxpacket: 16
[ 1987.710480][T26637] usb usb1-port1: attempt power cycle
[ 1987.716531][   T31]  ? schedule+0x91/0x360
[ 1987.732354][   T31]  schedule+0x165/0x360
[ 1987.736617][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1987.800243][   T31]  __mutex_lock+0x724/0xe80
[ 1987.804866][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1987.809617][   T31]  ? io_uring_del_tctx_node+0xf0/0x2c0
[ 1987.874429][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1987.879562][   T31]  ? do_raw_spin_unlock+0x122/0x240
[ 1987.917144][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1987.950131][   T31]  ? xa_erase+0xd5/0xf0
[ 1987.954398][   T31]  io_uring_del_tctx_node+0xf0/0x2c0
[ 1988.019129][   T31]  io_uring_clean_tctx+0xd4/0x1a0
[ 1988.060563][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1988.065513][   T31]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[ 1988.114379][T26637] usb 1-1: new low-speed USB device number 99 using dummy_hcd
[ 1988.130346][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1988.150333][   T31]  ? io_uring_drop_tctx_refs+0x108/0x1c0
[ 1988.200256][   T31]  io_uring_cancel_generic+0x6ca/0x7d0
[ 1988.205833][   T31]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[ 1988.234798][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1988.260260][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1988.265565][   T31]  ? io_uring_unreg_ringfd+0x52f/0x540
[ 1988.310238][   T31]  do_exit+0x345/0x22e0
[ 1988.314517][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1988.319613][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1988.360290][   T31]  do_group_exit+0x21c/0x2d0
[ 1988.364989][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1988.400140][   T31]  get_signal+0x1286/0x1340
[ 1988.404806][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1988.440186][   T31]  ? do_epoll_ctl+0xcf7/0xe90
[ 1988.444973][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1988.470197][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1988.475844][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1988.510479][   T31]  __do_fast_syscall_32+0x1f4/0x2b0
[ 1988.515800][   T31]  do_fast_syscall_32+0x34/0x80
[ 1988.530212][   T31]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1988.537032][   T31] RIP: 0023:0xf7fe5539
[ 1988.570167][   T31] RSP: 002b:00000000f50e555c EFLAGS: 00000206 ORIG_RAX: 00000000000000ff
[ 1988.578694][   T31] RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000001
[ 1988.632440][   T31] RDX: 000000000000000c RSI: 00000000800005c0 RDI: 0000000000000000
[ 1988.660208][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1988.668794][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1988.700242][   T31] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1988.708319][   T31]  </TASK>
[ 1988.720686][   T31] 
[ 1988.720686][   T31] Showing all locks held in the system:
[ 1988.728497][   T31] 1 lock held by khungtaskd/31:
[ 1988.855068][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1988.868278][   T31] 5 locks held by dhcpcd/5512:
[ 1988.873353][   T31] 2 locks held by getty/5607:
[ 1988.878069][   T31]  #0: ffff88803108d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1988.910203][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1988.986200][   T31] 2 locks held by kworker/0:8/11111:
[ 1989.010136][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1989.040186][   T31]  #1: ffffc90002f47bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1989.070122][   T31] 1 lock held by kworker/u8:15/21847:
[ 1989.075574][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1989.101908][   T31] 5 locks held by kworker/0:0/26637:
[ 1989.107309][   T31]  #0: ffff888144686148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1989.140239][   T31]  #1: ffffc9000c577bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1989.180217][   T31]  #2: ffff888028216198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[ 1989.189327][   T31]  #3: ffff888028241510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[ 1989.250124][   T31]  #4: ffff8881443c2568 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[ 1989.259968][   T31] 1 lock held by syz-executor/31765:
[ 1989.288457][   T31] 1 lock held by syz.2.6023/32666:
[ 1989.300194][   T31]  #0: ffff88807bdae0a8 (&ctx->uring_lock){+.+.}-{4:4}, at: io_uring_del_tctx_node+0xf0/0x2c0
[ 1989.333278][   T31] 3 locks held by syz.2.6023/32667:
[ 1989.338653][   T31] 3 locks held by kworker/1:5/1182:
[ 1989.380187][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1989.419854][   T31]  #1: ffffc90003cafbc0 (drain_vmap_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1989.447832][   T31]  #2: ffffffff8e242308 (vmap_purge_lock){+.+.}-{4:4}, at: drain_vmap_area_work+0x17/0x40
[ 1989.470358][   T31] 1 lock held by syz.0.6501/2017:
[ 1989.475475][   T31]  #0: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1989.530328][   T31] 2 locks held by dhcpcd/2034:
[ 1989.535279][   T31]  #0: ffff888041efe258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1989.570199][   T31]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1989.620181][   T31] 1 lock held by dhcpcd/2035:
[ 1989.624954][   T31]  #0: ffff8880776b6e08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[ 1989.665490][   T31] 1 lock held by dhcpcd/2036:
[ 1989.677747][   T31]  #0: ffff8880331ba258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1989.700173][   T31] 1 lock held by dhcpcd/2037:
[ 1989.705029][   T31]  #0: ffff888029d0c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1989.731208][   T31] 1 lock held by dhcpcd/2038:
[ 1989.735983][   T31]  #0: ffff888055c10258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0
[ 1989.760142][   T31] 1 lock held by sed/2047:
[ 1989.820141][   T31] 
[ 1989.822551][   T31] =============================================
[ 1989.822551][   T31] 
[ 1989.906382][   T31] NMI backtrace for cpu 1
[ 1989.906405][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1989.906428][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1989.906441][   T31] Call Trace:
[ 1989.906450][   T31]  <TASK>
[ 1989.906458][   T31]  dump_stack_lvl+0x189/0x250
[ 1989.906487][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1989.906519][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1989.906541][   T31]  ? __pfx__printk+0x10/0x10
[ 1989.906578][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1989.906610][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1989.906637][   T31]  ? _printk+0xcf/0x120
[ 1989.906666][   T31]  ? __pfx__printk+0x10/0x10
[ 1989.906703][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1989.906723][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1989.906754][   T31]  watchdog+0xfee/0x1030
[ 1989.906775][   T31]  ? watchdog+0x1de/0x1030
[ 1989.906802][   T31]  kthread+0x70e/0x8a0
[ 1989.906830][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1989.906845][   T31]  ? __pfx_kthread+0x10/0x10
[ 1989.906872][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1989.906890][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1989.906909][   T31]  ? __pfx_kthread+0x10/0x10
[ 1989.906940][   T31]  ret_from_fork+0x3fc/0x770
[ 1989.906963][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1989.906988][   T31]  ? __switch_to_asm+0x39/0x70
[ 1989.907010][   T31]  ? __switch_to_asm+0x33/0x70
[ 1989.907033][   T31]  ? __pfx_kthread+0x10/0x10
[ 1989.907060][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1989.907101][   T31]  </TASK>
[ 1989.907109][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1990.067371][    C0] NMI backtrace for cpu 0
[ 1990.067390][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1990.067412][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1990.067424][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1990.067453][    C0] Code: 93 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 9d 1a 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1990.067469][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[ 1990.067485][    C0] RAX: 961cace06ec0d200 RBX: ffffffff81976a18 RCX: 961cace06ec0d200
[ 1990.067499][    C0] RDX: 0000000000000001 RSI: ffffffff8d99695f RDI: ffffffff8be28d40
[ 1990.067512][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1990.067527][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa1dcf0
[ 1990.067541][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1990.067554][    C0] FS:  0000000000000000(0000) GS:ffff888125c23000(0000) knlGS:0000000000000000
[ 1990.067569][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1990.067581][    C0] CR2: 00007f5ffcbe6e9c CR3: 000000000df38000 CR4: 00000000003526f0
[ 1990.067598][    C0] Call Trace:
[ 1990.067605][    C0]  <TASK>
[ 1990.067612][    C0]  default_idle+0x13/0x20
[ 1990.067635][    C0]  default_idle_call+0x74/0xb0
[ 1990.067659][    C0]  do_idle+0x1e8/0x510
[ 1990.067680][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1990.067700][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1990.067719][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1990.067745][    C0]  ? do_idle+0x5/0x510
[ 1990.067766][    C0]  cpu_startup_entry+0x44/0x60
[ 1990.067786][    C0]  rest_init+0x2de/0x300
[ 1990.067809][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1990.067831][    C0]  start_kernel+0x47d/0x500
[ 1990.067856][    C0]  x86_64_start_reservations+0x24/0x30
[ 1990.067875][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1990.067900][    C0]  common_startup_64+0x13e/0x147
[ 1990.067933][    C0]  </TASK>
[ 1990.440575][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1990.447806][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[ 1990.459656][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1990.469783][   T31] Call Trace:
[ 1990.473105][   T31]  <TASK>
[ 1990.476062][   T31]  dump_stack_lvl+0x99/0x250
[ 1990.480769][   T31]  ? __asan_memcpy+0x40/0x70
[ 1990.485388][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1990.490618][   T31]  ? __pfx__printk+0x10/0x10
[ 1990.495283][   T31]  panic+0x2db/0x790
[ 1990.499207][   T31]  ? __pfx_panic+0x10/0x10
[ 1990.503645][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1990.509495][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1990.514926][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1990.521146][   T31]  watchdog+0x102d/0x1030
[ 1990.525511][   T31]  ? watchdog+0x1de/0x1030
[ 1990.529960][   T31]  kthread+0x70e/0x8a0
[ 1990.534060][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1990.538749][   T31]  ? __pfx_kthread+0x10/0x10
[ 1990.543369][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1990.548583][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1990.553803][   T31]  ? __pfx_kthread+0x10/0x10
[ 1990.558414][   T31]  ret_from_fork+0x3fc/0x770
[ 1990.563021][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1990.568190][   T31]  ? __switch_to_asm+0x39/0x70
[ 1990.573010][   T31]  ? __switch_to_asm+0x33/0x70
[ 1990.577856][   T31]  ? __pfx_kthread+0x10/0x10
[ 1990.582490][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1990.587293][   T31]  </TASK>
[ 1990.590674][   T31] Kernel Offset: disabled
[ 1990.595031][   T31] Rebooting in 86400 seconds..