last executing test programs:

1m28.758020906s ago: executing program 3 (id=1781):
syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
eventfd2(0xc44, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0)
close(r0)
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x1f, &(0x7f00000004c0)={0x0}, 0x1)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f00000017c0), 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CLEAR_HALT(r2, 0x80045503, &(0x7f0000000340)={0x1, 0x1})
ioctl$USBDEVFS_DISCONNECT_CLAIM(r2, 0x8108551b, &(0x7f0000000140)={0x0, 0x3, "99b115ee2095e6f247048463ccb48f9edf7935a5dd2eda3997476165061c7c854d2af35a2b0ee4c1270a7e4f5dfe697210376a7eada3e1e647163a44cdb858aa1a50de13f4d28a4ac2eadf300464263e62f5af3665da2a2b03fe1dfa1fadc5ca0d79c3506b5c49799f694702acbe553e1bc4923a0405499b591f275ae01e5320f57ec663883c99deb48d43fad2da266b13fc82020d067781bf0a0d1de85fae6e36ee8e4c1ca2be05ec89e2327a0abb457d70a54c85caaeb20709c3e6432a0c0db5a94eda4c41d7d548b2a8c8d2f61fc5496fdfb317abfa7e5e9085987db3a77585a291667b5a27987ff454e77860243a30ac833c3bc346c092302caf9b6920af"})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
rt_sigprocmask(0x2, &(0x7f0000000000)={[0x4]}, 0x0, 0x8)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x1, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000001340)={0x28, 0x2, r5, 0x0, &(0x7f00003bd000/0x3000)=nil, 0x3000, 0x80})
r6 = syz_io_uring_setup(0x495, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x3, 0xd7}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x4, 0x0})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)

1m28.146301834s ago: executing program 3 (id=1783):
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
sendfile(r2, r1, &(0x7f00000002c0)=0xb, 0x8)
r3 = socket$kcm(0x10, 0x2, 0x10)
socket$inet6(0xa, 0x80002, 0x0) (async)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r4, &(0x7f0000000780)={&(0x7f0000000300)=@in={0x2, 0x4e22, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0x0) (async)
sendmsg$sock(r4, &(0x7f0000000780)={&(0x7f0000000300)=@in={0x2, 0x4e22, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="180000003c000bab956cb26f8c7d94f90324fc602f000000", 0x18}], 0x1}, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00') (async)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x4)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4) (async)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r7, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast1}}, 0xa, 0x0, 0xdd3, 0x7ff, 0x38fa8b00d923ddd5}, 0x9c)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) (async)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r8, 0x80284504, &(0x7f0000000040)=""/185) (async)
ioctl$EVIOCGKEYCODE_V2(r8, 0x80284504, &(0x7f0000000040)=""/185)

1m26.707586572s ago: executing program 3 (id=1788):
r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127})
io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)

1m25.407367934s ago: executing program 3 (id=1795):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x60)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x204202, 0x42)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000300)=@ethtool_regs={0x4, 0x7, 0xf5, "908749e0a4bd098858597d915e2d9417ee4eb990f17bd533b20fa666cd602bef5ab579d0fa9de013d73c3a5b71763c89f41295949b73b73decd03bdebad269b7851fd77459632b9659ebcde406bd6727c54537ff0ac97c6579ff2df342da55fd0916d7063f3a6b4e8e31ad1402062d24d5f300fc417042466f662f066a276943f60b0628c1f0a07e5cec7663dd8b297552196aade8bbe8c99124dc2e7ab2f93f7e0ca1ad7cebd5d630ee50db584e85d3606fad008e314865277dbcec6467eab423cbb73fe1a1558f6b7065ee7abe1a4d409026f456bb88ea6b09d7c684078eb264f9cdca512a6599705fdd58acb3a141f161ea4d82"}})
syz_open_dev$vim2m(0x0, 0xff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000240)={0x7fffffff, 0x32314d48, 0x3, @stepwise={0x7, 0x2, 0xb2f6, 0xa3, 0x2, 0x400}})
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$poke(0x1, r1, &(0x7f0000000080), 0x4000000000004)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0)
write$rfkill(r2, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x1}, 0x8)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
r3 = syz_open_dev$video(0x0, 0x7ff, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f0000000080)={0xfdfd, 0x35315258, 0xf00, 0x870, 0x0, @stepwise={{0x80, 0x9}, {0xa, 0x13f00}, {0x7, 0x7ff}}})
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x5)
dup(r4)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
socket$tipc(0x1e, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1m23.899556189s ago: executing program 3 (id=1803):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r2, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="2a0000000600000000000000000000000100000000000000060000000020000001"], 0x2a)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)={0xb0, 0x0, 0x0, [{{0x200000000006, 0x0, 0x0, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xc000, 0x0, 0x0, 0x0, 0x2000}}, {0x0, 0x0, 0x1, 0x7ff, '\x00'}}]}, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x8e2, &(0x7f0000000940)={{0x12, 0x1, 0x200, 0x5, 0x2d, 0xf0, 0x10, 0x1bc7, 0x1072, 0xbf62, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d0, 0x4, 0x5, 0x4, 0x50, 0x40, [{{0x9, 0x4, 0xef, 0xff, 0xa, 0xff, 0x6e, 0x18, 0x4, [@cdc_ncm={{0xa, 0x24, 0x6, 0x0, 0x1, "8d74a25d13"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x6, 0x30, 0x2f}, {0x6, 0x24, 0x1a, 0x79ce, 0x13}, [@dmm={0x7, 0x24, 0x14, 0xfffa, 0x5}, @acm={0x4, 0x24, 0x2, 0x3}, @country_functional={0xa, 0x24, 0x7, 0x1, 0x2, [0x3, 0x2]}, @country_functional={0x8, 0x24, 0x7, 0x4, 0xa, [0x80]}, @mbim={0xc, 0x24, 0x1b, 0x1ff, 0x5, 0x8, 0x5, 0x2, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x800}]}], [{{0x9, 0x5, 0x7, 0x2, 0x8, 0x5, 0xf, 0xf9}}, {{0x9, 0x5, 0xf, 0xc, 0x210, 0xe8, 0x1, 0x1, [@generic={0x35, 0x6, "e80c4d02497fb7432ae6a8784972fbfe3ec26cc57faf8a3fda4a7c4476936ac12b63695682b9a5bc3b62e410e5425a1b42dac7"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x4, 0x1}]}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x6, 0x7, 0xa5}}, {{0x9, 0x5, 0x9, 0x10, 0x200, 0x3, 0xf8, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x40, 0xe8c}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x10, 0x7}]}}, {{0x9, 0x5, 0x9, 0x10, 0x400, 0x3, 0x0, 0x43}}, {{0x9, 0x5, 0x0, 0x3, 0x8, 0x3, 0x3, 0x6}}, {{0x9, 0x5, 0xe, 0x10, 0x400, 0x1, 0xf7, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x82, 0xd}, @generic={0x5c, 0x7, "4f93a2565f37ed36cb8d20a3626bf63b736a085380ebf36be49e97bc65fc795cafd3d636659536ac6f4c4b4f1547357ac6aa4c2b4c3e6cf3d267d1d1b96d6bf3698561731911bd2ab3f8722892087b34e0eba9f38636fc6a79d8"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x428, 0x1, 0xa4, 0x72, [@generic={0xb0, 0x31, "88d88189bb20658b874ea4f958e10819975af4dd945e0758a5eb9ac6e960ae949ab8f6b889b9798f4090a5f22fcbcd753a2e3b806eb18e1c0e3f7d996e6741bab133da87cd546a90e9c7a74ae0e4ecced776deb554b596d50a15fe27cbb6e4733844b17f20d658bff7cbb207000b7e16d7f8c83cac520c87a42c6262d7236cd8aef56ae78bb9508a902696ff63222b8eb52c9829aefcb09f37fe75b8a70bede6fe6d557002ea3a49c68612e10b34"}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0xffff}]}}, {{0x9, 0x5, 0xc, 0x3, 0x200, 0x7, 0x8, 0xce, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0x9fc7}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x1}]}}, {{0x9, 0x5, 0xd, 0x10, 0x3ff, 0x3, 0x2, 0xa, [@generic={0xef, 0x0, "ea5f0d2579a8c730b3d3cc08ff556dceffe140793906451006ce1dedea8688bf0a61182215b065773d5f40ccd9c62ae5cfb49f7e2759e2d9cbda16930fe3d592b4274ab9fc0a48d3c985a62dd34e812ef7144455eac7990b7ed646a8ddb8fdd383515ee0ff668b25a1d8229661e7a76897d4eb69abc0573e98223627941aa82f13e81f3199d677028f85cc52ed573ca6c9de0e2644637de2db93611ab3b9b54993b24bef8889d2cd36725f20caf364e119a0949d4c17cbc026b37b88ccc54088a4daf377e498ee366896afcf5294cbe5112472c925c4d7264a6bc5b61a43acf0226e6132bb239c2811e83cf07e"}]}}]}}, {{0x9, 0x4, 0xf, 0x40, 0x2, 0xff, 0x1, 0x32, 0x62, [@generic={0x100, 0x8, "19b3d8602f53020f0e87e01896def33807c059c6fcd3cccba8fd3a61ae2ac722544f84678b542c413af3e4e8e57680404f3ee5a920b0c695025bad69f334be2fecefca01e14af3570ed765a66a9055c9409f7c8ca63851645926bf51f1a7f64f3d37e1391dcc4990acc9ed38ea9a50f11b4c37d786b88c755c9430fe9a665b608e3c0edbde338201a79c6958211cd41f3e89a167d886512a35f53eaa04d6621c8c2bf7bec984e4e6a770867be7ec8e874884d697d35c2a37b9e18fdf7056f3f388fbd4ebe65d26a2c312a0c75aa29bd85eba84094061ab315db6cb7502df36ceb11af92b15e60263442b53cd370c16327c7fb67e4f69b62a6d1d6fdb7edb"}, @uac_control={{0xa, 0x24, 0x1, 0x813, 0x6}, [@extension_unit={0xb, 0x24, 0x8, 0x1, 0x5, 0xb, "db51943c"}, @processing_unit={0xd, 0x24, 0x7, 0x4, 0x1, 0xb, "2f09069e1d95"}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x300, 0x4, 0x4, 0xb9}, @selector_unit={0x6, 0x24, 0x5, 0x5, 0x9, '\r'}]}], [{{0x9, 0x5, 0x7, 0xc, 0x10, 0x0, 0xfa, 0x3}}, {{0x9, 0x5, 0xc, 0x0, 0x400, 0xf, 0x1, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x5, 0x40}]}}]}}, {{0x9, 0x4, 0x49, 0x74, 0x0, 0xf1, 0x69, 0x7e, 0x2, [@hid_hid={0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0xd3c}}, @cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "86"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x401, 0xd, 0x7f, 0x7}, {0x6, 0x24, 0x1a, 0xc, 0x20}, [@acm={0x4, 0x24, 0x2, 0x5}]}]}}, {{0x9, 0x4, 0xf5, 0x0, 0xf, 0xe3, 0x25, 0xcb, 0x10, [], [{{0x9, 0x5, 0x4, 0x0, 0x20, 0x7e, 0xfb, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x9}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x6, 0x1, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5d, 0x9}]}}, {{0x9, 0x5, 0xea80d0a910ae2ab, 0x8, 0x210, 0xfb, 0x5, 0x5, [@generic={0x1c, 0x23, "d16c602844784bd5dad4110cfec5695f8df1e58de5249e47d5d7"}, @generic={0x9, 0x23, "e0a07326d26b0c"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x10, 0x0, 0x1, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xff, 0x3}]}}, {{0x9, 0x5, 0x2, 0x0, 0x10, 0x1, 0x0, 0x23, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x35, 0x7}]}}, {{0x9, 0x5, 0x5, 0x2, 0x3ff, 0x1, 0x6, 0x7, [@generic={0xb4, 0x6, "d23717b87cda42587f53de391b57d9868566c9e31c81cd7c95378a1c4db6409ec6197b1e3b8be3efaca697714710ab7f6d3805491447cb7854124c16d940008ae5287f209f5fe0989ad086889721ea0c97ff15c3593284b093c498e08e6732c73f74c7a43ea81e272d3f0cad662bac2317dfa442d31b6cb5878ba015439a0bd99edbde5f9d0506961034800231916b24801999d448b18e9093d4e814594e75ae2ac07345615694079d70d37eeb0fb507163c"}, @generic={0x9, 0x24, "97ba0f60b31887"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x8, 0x7, 0x5, 0x7}}, {{0x9, 0x5, 0xb, 0x3, 0x3ff, 0x7, 0x1, 0x8}}, {{0x9, 0x5, 0x9, 0xc, 0x200, 0x3, 0x7, 0x30, [@generic={0xef, 0x31, "45e5bbeb3a98d23f3ed0059d982c48a1af2a60e54fbab05f50308de8d6723fa2b2cecfea29ae92e280485559d25dfc41fb4ccd15afdc8091acc98af4b78320b1074d0b756674ececdde09692651e16c13ed0d011baae1a4e7d2d0408cf0c6dd46fbd7d30e71a164692cde8493607673fdff510ca1ed43341be4e29d708a42132c2f52fe1e81e53c6e4c714150263bfdd870ec7e7ae49c06d91b924a5467e9d52e94a2d13242012e58a1aa527c3fdf3c5358826964d5ef68073d9aff2f41d0c83c39985d8cdf6f6fc6ebf1c7fb7730a2c57fa7dbb2938efb0bebbc77882f3b4fd3ed21c0212959c65d186d4ef48"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x4}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x9, 0x2, 0x0, [@generic={0x5b, 0x9, "fd120a88f6540cd07da3f47cedcf2367a4a1534c82fb3222ae2444056c6906af1e3defdec9be91835832fc92c13073e30513f30f04a0b3f4a3e7ad85976c4b189bdc7a66e23a92e31d2794ee1bd9625684286e6b4e6d098e03"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0xc9, 0x8}]}}, {{0x9, 0x5, 0x0, 0xc, 0x1ff, 0x9, 0x8, 0x8, [@generic={0x4b, 0x21, "f97fad1556b27e0a0b343ffb0baf8255c85c0faba6ad6c2e9e9a22375573a18a610a5957b806ac0385fc17e00708336759842834c1f3fe1071d34f248a121e89ded06aa8ea355d28eb"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xa, 0x2}]}}, {{0x9, 0x5, 0x80, 0x10, 0x24, 0x7, 0x44, 0x60, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x80, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0xa, 0x2}]}}, {{0x9, 0x5, 0x8, 0x10, 0x0, 0x5, 0x8, 0x0, [@generic={0xc9, 0x9, "b14c61bd4aa8839f5a0ad23437bd8869842a3de82f93f27b749cf8538d66659bb07b3b27e07f8f0cd76e97bdfd63205416174061fa4b39640f72b8f361662a66c82c9d444bf2556b46624a8e7866927be3dfe86cba5875a2c659883696b943f277aa7eea73189aff7ba0e58f412f403272f42e85b835161acdc1ddfc68b7f1f58abad0c078ce124449ce8b12a8b2c691ca9db4b9ce796d8ba99911633fe230dc957b6a38c66c374b326adf0b844af8f573d78b3a1e188098b9787635dea3ee9f405bbbd7f7eb0c"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xc, 0xb961}]}}, {{0x9, 0x5, 0xe, 0xc, 0x8, 0xc, 0x7, 0x40}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x0, 0xe, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0x1db}]}}]}}]}}]}}, 0x0)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000001240)={<r3=>0x0, 0xfffffffffffffff2, 0x9, 0x1})
ioctl$BTRFS_IOC_DEV_REPLACE(r2, 0xca289435, &(0x7f0000006380)={0x0, 0x631fad01, @start={r3, 0x1, "8432f6afa1d33698fbfaa3d825a528dd9da89a3fca00b63300074fe649fc5edc2663a721bf8c3ae55975eb31fc265e52ad8081e556a960a21023499d9986a3023e8210e71d9e10b2010b9cde3000460f2a47b517181fa9e590e46b01166f1cedfbc5aab2e8c36167313d4e967ba7e37210c058c3a7fe7d25cfb231cb9f8821761a4c54edf7685583e09446a2a9abc066bc17040bad2076079b54179d1e7c7424db1a87b7b5152972d6cdd699ba64b5711c66502f7ff174d766db29d952ddf8955621c6216be6571d3c4ac07be3232d0cce06355c1b4ec7c98f0cede541b94ca12c7d32e5436a4f93c10434f83ef4f82fca598d1ff6ac8e5fd608891e0adb9ebd28f5dde3a34e8b676175551efa710f0c684c4edf2e7c16f7d0b26b00dd1459ed6aff8cf1534b6b347c63941f6450d560b29ac5afdd81f7c4fa9d7337b69f08aa83b90f82962f5be9d3f68de16c64e2c2222dfafb5d5f454b652cd22a379e762f4d5f860587171c39823a00e565aa8986ae129268768fcb2fd705d117709ce4a8d3a1e72e5a8bebbbe2918702a73e9bb43d76e2bff04e40bcba3c480f4b2178abaec6c0d20f2df5156564caf9450476b2ab4c23c97a84fa4a072ffc08ed1f306a1127030a6a01e7712232ae197a0ae491468f9b51ad3706b83347cfadd40615defb72f780932efdf9cb67ccd42427b2dcffef0a32b7e1eacdd37654f77322606824c87f9493c6d610a5c57cdb8e76388c75fcdfaff434948e59f38ce86b3fa1204fef049056993b2c334bad41ae4359c70feb8b2a828cda3a6ec7994f5412d92d265b59f6e3f7c528e354a02bb5126a752145e4173b5d787e0a55c2fcf2a7e866f419dd9cce93f740450805f8cf5f7b13d8e89f50053e4b1d40d2214ae1c486afea563452f5b07525a5c236cd3eceee912955873dd8bb2efcdf2c2f20894b41d9374e5d005d010042c7571b780f9230a2f264ded8f2b91286f9d066e16861f2717855ff0c8cdceb2c8855c678b0d092402b69ebab08e726b72353fd4da29b81ffdd9b7c92b903bbe74c7aea7859956dd1f6007da4a00a35994ee205ea51994b8df686a7c047e053c09ba90f0f5c28937cce75f7fe86079e3ceccf9ecfb8860c8eae3c1e4b964b52d0d9196e6f0b994b6f26844b1fdf1d63ca392130effbfbe5854442d1cf95d1209b3ea3c0d7444d42a486b37b4fa372579c316d73ab0754cf926aff288865c7c5daf45f73bc6e02b451b343f80b18e58bc7f3b009e30d284de61264daf29c7172c780d5f1869ab7243849b00612d3ec756fc218f9ed6c4679724b38d71d6d33a401f26c0d9b856b0e64073149bb5fa24c666e9a81521786c27e02796965f00ff295c1fab5cb8bf1e8a1840bbe769b580cc331596c3615947965e213984636f3a30848aa56a48c3d50be76c05a6de1fabf75239589359ad2401b97", "d296209afe19db4aefc74cf7da1a4f2245422b5af098b2fc2e8c92a5a4d27f62006d78c16e9be819d99c18521d4a8dcc829d038518a8c74376207847e21e05de4ddd172e3205f65417aed7e4754f7588b07f9ff311939b33f9a4b6666c05470e167982fc62ad4801213fe0458e4aaf1dbdf9561ecd8048dffc0f220341b8d44ea55411bf12a1f2b72666f05dd19e8f5c7f77abe18e1924459873e44a94a2a6e909991559c36244aeffd7bb9bb72f50137be5b1af57b46900436ed2027de4ce184f57e3926f749351b292999a67a1ca6fa43b2c3367e244978f12a0d2f7b85db427117db2856727aa050426a3bb6a51710165ef823577cbdff0ce17870cd4c0b86fe23c87cd3e0d99c8cb753380758fc545e51c1a6a64fa44ace139c44dd927dcfe316eb3b0b61162ccc1cdbe0f907d884927249c146ce98bb55b9cf5ee9add47cf3e8450ff022121d8e3f26f475fc3a5e88277651137f047ee633bcd6b1c10bd6903403a9d21a2f85b8d2184dc6304cd16b4b56fcb017d00882dcd8f81ad9545690fca2f383bef5378487f49878cd7b36c091e4ae14290eeb30beb359fa36e242ea012ea854ef16993db176afe0ff2495b603546c6360d4c02cf69269ae0b8b5da40c0a50fca71d802f7bf864576f0e6fdda1ed6427957a07aff78acff419466e01703ad085969de4fb34bea82fdcb30a19d803fca7f5493f07e7671db9288bea4a567e2ef4213504bfe321fb9568f205bbc49ab214f91241f8a4a77ace9db80d4387ade14202f86359482becf0c50c3340af49f0d1cec26f74627b0d1a8d6b47bed2f6c466b1175c8061912b64807be428eb4a8e58938bcf318ff89261bec963c091d757eec82e00f3a5a16e8bb3f55ff955e30d34f1dd184ee33c5575bc5053b8e75240ab41a569da080ebd90f7918e26d95e2d7007e6674f18f61688d6b259183385150d797a79c8af06185142c1ea4ce93247d2082eb0d49428370461e08c2de5d97f40f382f8be314f8704afd75af305f8d2657a96ee725fa013e19c5963b0f9a317735317d066b5c4a4b8e9e14dd8cf992c72d9e025133fedf8d28e7d4cab7f644a20f2d546aac1a2da12ca503a45654be97584356be1d01b003876fde773e4eb81fb5a043b7b824b119765880bb016be2c158b8bf99d6667a762dc177d4b2bc790734c7f12a1de9e21a2219d7196b7064e4124a0143e08e26e6760077a17e1581e6f3220087684b7fffb6e0327b592388d978302ec149ffa8f00f973d866d490ee6e4b1e99252ac4255d4e30f2c5f2b8a90f33fd0b139966f85b656485667bd95e5f92156496660d7c12c3254a808e84988411e860ad8575b7d95d19622e40930462018dd792ece1ee7751434bd784e29987110c05d597396a5068f66857a5f98c916ab22b6676f828d15cd319f595a7b740823e489f2a0fceeb9b3cdb4"}, [0x8, 0x3, 0x8, 0x9, 0x401, 0x6, 0x2, 0x7, 0x4, 0x1, 0x40000, 0xffff, 0x8, 0x5, 0x1, 0xc8, 0x1efc, 0x8000, 0x0, 0x0, 0x8, 0x3ff, 0x7, 0x5, 0x0, 0x6, 0x2, 0x5, 0x5, 0x6, 0xfffffffffffffff9, 0x800, 0x18b, 0x9, 0xfffffffffffffff7, 0xf, 0x2, 0xfff, 0x40, 0x9, 0xc, 0x5, 0x1, 0xb, 0x9, 0x3, 0xfffffffffffffff4, 0x400, 0x7f, 0x2, 0x986, 0x8, 0x10000, 0x75, 0x8, 0xe, 0x100000000, 0x3, 0x6, 0x7fff, 0x1a, 0xfffffffffffffff8, 0x7, 0x3]})

1m23.336778552s ago: executing program 3 (id=1805):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x7d, &(0x7f00000030c0), &(0x7f00000031c0)=0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x105042, 0x44)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x404200, 0x0)
readv(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000c000709000000050001005d00000005000400000000000900020073797a310000000011000300686173683a6e657400"/80], 0x58}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r4, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0xfa, 0x8, 0x0, 0x0}}, 0xffa3)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$BTRFS_IOC_QUOTA_CTL(r5, 0xc0109428, &(0x7f0000000140)={0x1, 0x8})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file1\x00'})
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000540))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)

1m23.045866084s ago: executing program 32 (id=1805):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x7d, &(0x7f00000030c0), &(0x7f00000031c0)=0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x105042, 0x44)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x404200, 0x0)
readv(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000c000709000000050001005d00000005000400000000000900020073797a310000000011000300686173683a6e657400"/80], 0x58}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r5)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r4, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0xfa, 0x8, 0x0, 0x0}}, 0xffa3)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$BTRFS_IOC_QUOTA_CTL(r5, 0xc0109428, &(0x7f0000000140)={0x1, 0x8})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file1\x00'})
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f0000000540))
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)

36.02855006s ago: executing program 4 (id=1958):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x1, @rand_addr=0x64010101}, 0xa, 0x0, 0x800}}, 0x26)
sendmmsg$inet(r4, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)

34.010981943s ago: executing program 4 (id=1967):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000280)={0x0, 0x37, 0xf6}, &(0x7f0000000440)={'enc=', 'pkcs1', ' hash=', {'blake2s-256-arm\x00'}}, &(0x7f0000000500)="04600eb5122eab350e13d0f69191ce0495036eb278d25fba08cfe2248877119cc87cc81610e9f37ace91efbee7876c4bd848ef9c534a87", &(0x7f0000000580)="8155e18a4af8d89cdb96e186c333c7221b1fd273fa2cde2ad135de5ba46d28dfd95dbf26ef8ee196047ae811fb14294eca7c2f0c402eac363b6a4e663a9f1360ce726a10543c5e95b653360a78ab41a84d3b8c42d2dbec71fdf81c019ac41106d5d36359817b636d2cd9813229b7f4c902c18e13dcde2dea72a7fc0c9ba10c174c24df0bfab5a14d0c0828a654dd1dc0113fcc6c79d2b75bd4b77f9947fc5c06b7e690de5bf5dc5f894a2fb6f90e094fe1fc3ef17a1f6c61153c4ee57544642664ea2ea6e3492ceac5cd93deeff7fcfa595cb1413794e15e358125010b39e253facfd722382bd66c329864b9d7cc561c8aefa5252613")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x30, 0x0, 0xc11, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_QOS_MAP={0xfffffffffffffd46, 0xc7, {[{0x7, 0x7}, {0x7}, {0x1, 0x2}], "4901dece5b739d7d"}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x80000001, &(0x7f00000003c0))
ptrace$getregset(0x4205, r4, 0x1, &(0x7f0000000080)={&(0x7f0000019580)=""/120, 0x78})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), r5)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec0000", @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c00008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c640009801c000080060001000200000008000200ffffffff0500030003000000"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x80)
bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x8, 0x0, 0x0, r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')

33.605188289s ago: executing program 1 (id=1968):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
execve(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1ce0ff00070601080000000000000000000000000500010006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000404c054b0200000000000109022400010000000009040000010300000009210800000122f8040905a103"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff030902"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setuid(0x0)

33.051612008s ago: executing program 4 (id=1970):
socket$kcm(0x29, 0x2, 0x0)
shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffc000/0x3000)=nil)
gettid()
socket(0x10, 0x803, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
getpriority(0x1, 0x18)

32.087813554s ago: executing program 4 (id=1974):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0xc0802)
write$binfmt_elf32(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x94)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000240)={0x100, r1, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r3}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000040)='#\':-:)*!/^\xbb\x17(])}\x00')

32.074024644s ago: executing program 2 (id=1975):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0xc0802)
write$binfmt_elf32(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x94)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000240)={0x100, r1, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r3}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000040)='#\':-:)*!/^\xbb\x17(])}\x00')

31.167403855s ago: executing program 0 (id=1977):
truncate(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080), 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000300)=0x1f06)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000cc0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_advertising_info={{}, {0x1, [{0x4, 0x0, @none, 0x0, "", 0xc}]}}}}, 0xf)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x6c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x82af08b28b1a09eb}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa3}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x6c}}, 0x20008000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f0000002100), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r8 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TCXONC(r8, 0x540a, 0x2)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x80, r4, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x8000, @void, @void, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x80, 0x1, 0x6, 0x0, {0x7, 0xc9, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x8, 0xb, 0x4}}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x80}}, 0x24000080)
ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00))
sendmmsg(r2, &(0x7f0000007380)=[{{0x0, 0x0, &(0x7f0000003700)=[{&(0x7f0000003500)="ee", 0x1}], 0x1}}], 0x1, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'veth0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}})
socket$nl_netfilter(0x10, 0x3, 0xc)

31.019949987s ago: executing program 5 (id=1978):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r3 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x6180, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getuid()
r4 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, 0xfffffffffffffffd, &(0x7f0000000040)=0x60)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="10001a001300080026bd7800fbdbdf25"], 0x10}], 0x1}, 0x0)
close(0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000200)={<r8=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000340)={r8, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r6)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000005853965f98d05a86d699c4c579c9fb19724ca9ec23ae87ff8092f847f90b0207a8229d28370228ea63b5bde5858fef4c7e8c779e75e584b07f18f84779261ba4cf11920198bba50bd468ca8c18c058f9510c1d4d3a3a9b33d6ec96b208ce9430338348df7012906e701df46f0c3953a37cc8dee985aa3541d07ff82e6f68ad5d5f97e0d20045f6bd432a27fc6415b2566302f1e2f680e94e57a1853d4fc3f43de2739c0900657b24a940caba431d692ac99f95bbf4b4db", @ANYRES16=r9, @ANYBLOB="05000000000000000000220000000a0001007770616e31000000"], 0x20}}, 0x4000000)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

30.623403054s ago: executing program 5 (id=1979):
socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000300)={'pcmmio\x00', [0x4f27, 0x9, 0x4, 0x4, 0xfffffffd, 0x4, 0x4, 0x7, 0x50c6cff3, 0xfd, 0x88, 0x100001, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r3, &(0x7f0000000e00), 0x12)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
mkdir(&(0x7f0000000000)='./file0\x00', 0x18a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r7=>0x0)
read$eventfd(r6, &(0x7f0000000000), 0x8)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r6, 0x0, 0x0, 0x0, 0x0, 0x1, r6}])
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})

30.381865184s ago: executing program 1 (id=1980):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x9, &(0x7f0000000100)=[{0x9, 0x7b, 0x8, 0x1}, {0x7, 0x80, 0xcb, 0x65d9}, {0x7, 0x4, 0x0, 0x8}, {0x8, 0xff, 0x35, 0x73}, {0x0, 0x9, 0x3f, 0x9}, {0x9, 0x7, 0x40, 0x8}, {0x3, 0x6, 0x1, 0x94a3}, {0x1, 0x9, 0x80, 0x5}, {0x4, 0x8, 0x2, 0x9}]})
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
chmod(&(0x7f0000000180)='./file0\x00', 0x379)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000640000000000000013"], 0xa7})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"])
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x6)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0))
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r7, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r7, 0x4004743a, &(0x7f0000000300))
ioctl$sock_inet_SIOCGIFPFLAGS(r4, 0x8935, &(0x7f0000000000)={'ip6gre0\x00'})
close_range(r3, 0xffffffffffffffff, 0x0)

29.864049511s ago: executing program 0 (id=1981):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {r5, 0x1}}, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unlinkat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

29.675003535s ago: executing program 1 (id=1982):
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x2, 0x1)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000000000000850000007100000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0x1d)
setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x300)
r6 = socket$kcm(0x10, 0x2, 0x0)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
syz_emit_ethernet(0x104, &(0x7f00000007c0)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x73, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @multicast1=0xac1414aa}, {0x0, 0x0, 0xe2, 0x0, @opaque="41a53bc57d107c6ff061f03cf6bb904c78ef576fdf1a82582813d34772ce2518f6e064561bc8e7c4c3b88889ba6f28ff51a9fa5b94875a7f49e85b4bac7040c621fa1ab002461bb46e93c9f5664d16a8691bdff00d19f7d7fa1a06180e28c9c4ba89da8d2b37f8b0922eaf0298e2395e4b02c08e80b8dfbdfaf63d3c0cd02bc258452710b9ef5347ac7329042cbf02c5878b573d4abaeb9da781b320fd79d482302a8a531644f0d27c0bef42ed5444393fcb1886713b667dc79bd243ea971d9779b208dea2b767d07df0f49a807f9e23d1a8affe410311d17962"}}}}}, 0x0)
r8 = socket(0x10, 0x3, 0x0)
write(r8, &(0x7f0000000000)="240000001a005f0214f9f40700090400810000000003000000000000080004", 0x1f)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
recvmsg(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

28.808388051s ago: executing program 2 (id=1983):
socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x2b, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000300)={'pcmmio\x00', [0x4f27, 0x9, 0x4, 0x4, 0xfffffffd, 0x4, 0x4, 0x7, 0x50c6cff3, 0xfd, 0x88, 0x100001, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r3, &(0x7f0000000e00), 0x12)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3)
mkdir(&(0x7f0000000000)='./file0\x00', 0x18a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r7=>0x0)
read$eventfd(r6, &(0x7f0000000000), 0x8)
io_submit(r7, 0x1, &(0x7f0000000440)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1fd, r6, 0x0, 0x0, 0x0, 0x0, 0x1, r6}])
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})

28.735504716s ago: executing program 4 (id=1984):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1ce0ff00070601080000000000000000000000000500010006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000404c054b0200000000000109022400010000000009"], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff030902"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r7, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setuid(0x0)

28.328627042s ago: executing program 5 (id=1985):
socket$kcm(0x29, 0x2, 0x0)
shmget$private(0x0, 0x3000, 0x40, &(0x7f0000ffc000/0x3000)=nil)
gettid()
socket(0x10, 0x803, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
getpriority(0x1, 0x18)

28.273802542s ago: executing program 0 (id=1986):
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$inet(0x2, 0x2, 0x1)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b705000000000000850000007100000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r5)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0x1d)
setsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, 0x300)
r6 = socket$kcm(0x10, 0x2, 0x0)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000000008001240"], 0x60}}, 0x0)
syz_emit_ethernet(0x104, &(0x7f00000007c0)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x0, 0x73, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @multicast1=0xac1414aa}, {0x0, 0x0, 0xe2, 0x0, @opaque="41a53bc57d107c6ff061f03cf6bb904c78ef576fdf1a82582813d34772ce2518f6e064561bc8e7c4c3b88889ba6f28ff51a9fa5b94875a7f49e85b4bac7040c621fa1ab002461bb46e93c9f5664d16a8691bdff00d19f7d7fa1a06180e28c9c4ba89da8d2b37f8b0922eaf0298e2395e4b02c08e80b8dfbdfaf63d3c0cd02bc258452710b9ef5347ac7329042cbf02c5878b573d4abaeb9da781b320fd79d482302a8a531644f0d27c0bef42ed5444393fcb1886713b667dc79bd243ea971d9779b208dea2b767d07df0f49a807f9e23d1a8affe410311d17962"}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f40700090400810000000003000000000000080004", 0x1f)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
recvmsg(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

27.724833406s ago: executing program 1 (id=1987):
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000d26a871dba07e83f34c6e27805b682"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[], 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = epoll_create1(0x80000)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000))
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000340)={0xa000001c})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000000940)=[{&(0x7f0000000700)=""/119, 0x77}, {&(0x7f0000000780)=""/104, 0x68}, {&(0x7f0000000800)=""/89, 0x59}, {&(0x7f0000000880)=""/178, 0xb2}, {&(0x7f0000000a40)=""/164, 0xa4}, {&(0x7f0000000400)=""/27, 0x1b}, {&(0x7f0000000540)=""/21, 0x15}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x8)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r5, 0x4008ae48, &(0x7f0000000040)=0x4000)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2549}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x3742}]}, 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, 0x0}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0xe, 0x8, 0x0, 0x8, 0x1, 0xe, 0x80, 0xe, 0x7, 0x4, 0x9, 0x0, 0x5, 0x3, 0x3, 0x7, 0x0, 0xdb, '\x00', 0x40, 0x6ea93ba1})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

27.167591201s ago: executing program 5 (id=1988):
socket$unix(0x1, 0x5, 0x0)
eventfd2(0x0, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8}, 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYRES32], &(0x7f0000000100)='syzkaller\x00', 0x10af39, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x24c3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r2, 0x0, 0x10000}, 0x18)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000200), 0x102, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt(r3, 0x28, 0x2, 0xfffffffffffffffc, &(0x7f0000000040))
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x2c0100, 0x0)
syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x16)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000080)='pipefs\x00', 0x2, &(0x7f00000000c0)='${^!%!^-\x06(\xdb&\x94}\\\x00')
msgget$private(0x0, 0x181)
r4 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000a2f000/0x1000)=nil, 0x1000, 0x300000f, 0x6, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)

26.559115888s ago: executing program 0 (id=1989):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r3 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x6180, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getuid()
r4 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, 0xfffffffffffffffd, &(0x7f0000000040)=0x60)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="10001a001300080026bd7800fbdbdf25"], 0x10}], 0x1}, 0x0)
close(0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000200)={<r8=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000340)={r8, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r6)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000005853965f98d05a86d699c4c579c9fb19724ca9ec23ae87ff8092f847f90b0207a8229d28370228ea63b5bde5858fef4c7e8c779e75e584b07f18f84779261ba4cf11920198bba50bd468ca8c18c058f9510c1d4d3a3a9b33d6ec96b208ce9430338348df7012906e701df46f0c3953a37cc8dee985aa3541d07ff82e6f68ad5d5f97e0d20045f6bd432a27fc6415b2566302f1e2f680e94e57a1853d4fc3f43de2739c0900657b24a940caba431d692ac99f95bbf4b4db", @ANYRES16=r9, @ANYBLOB="05000000000000000000220000000a0001007770616e31000000"], 0x20}}, 0x4000000)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

26.540309151s ago: executing program 1 (id=1990):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
execve(0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']})
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1ce0ff00070601080000000000000000000000000500010006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000680)=""/4096, 0x1000)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000404c054b0200000000000109022400010000000009040000010300000009210800000122f8040905a103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000706000000ff030902"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setuid(0x0)

26.505046875s ago: executing program 2 (id=1991):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/13], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x3, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000800c00000000000003", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = gettid()
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000200))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0xc)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000640)="6a03e63a4905f8e8dc01cf21f8f7", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r7)
sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x5c, r8, 0x1, 0x4000000, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x4}, {0x5, 0x3, 0x7}]}]}, 0x5c}}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x37}}})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

25.717746144s ago: executing program 0 (id=1992):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
r3 = socket(0x8, 0x3, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x6180, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
getuid()
r4 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_MMAP_OFFSETS(r4, 0x11b, 0x1, 0xfffffffffffffffd, &(0x7f0000000040)=0x60)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="10001a001300080026bd7800fbdbdf25"], 0x10}], 0x1}, 0x0)
close(0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000200)={<r8=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000340)={r8, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r6)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000600)=ANY=[@ANYBLOB="000000005853965f98d05a86d699c4c579c9fb19724ca9ec23ae87ff8092f847f90b0207a8229d28370228ea63b5bde5858fef4c7e8c779e75e584b07f18f84779261ba4cf11920198bba50bd468ca8c18c058f9510c1d4d3a3a9b33d6ec96b208ce9430338348df7012906e701df46f0c3953a37cc8dee985aa3541d07ff82e6f68ad5d5f97e0d20045f6bd432a27fc6415b2566302f1e2f680e94e57a1853d4fc3f43de2739c0900657b24a940caba431d692ac99f95bbf4b4db", @ANYRES16=r9, @ANYBLOB="05000000000000000000220000000a0001007770616e31000000"], 0x20}}, 0x4000000)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

25.48489107s ago: executing program 2 (id=1993):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xfffffeb7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
r4 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000340)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
io_uring_enter(r4, 0x6efc, 0x3900, 0xb, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

25.305983711s ago: executing program 0 (id=1994):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0xc0802)
write$binfmt_elf32(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x94)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000240)={0x100, r1, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r3}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x9c3fa077fa966179, 0x70bd29, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054)

24.449705252s ago: executing program 2 (id=1995):
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000d26a871dba07e83f34c6e27805b682"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[], 0xd0}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = epoll_create1(0x80000)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000))
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000340)={0xa000001c})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000000940)=[{&(0x7f0000000700)=""/119, 0x77}, {&(0x7f0000000780)=""/104, 0x68}, {&(0x7f0000000800)=""/89, 0x59}, {&(0x7f0000000880)=""/178, 0xb2}, {&(0x7f0000000a40)=""/164, 0xa4}, {&(0x7f0000000400)=""/27, 0x1b}, {&(0x7f0000000540)=""/21, 0x15}, {&(0x7f0000000b00)=""/4096, 0x1000}], 0x8)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r5, 0x4008ae48, &(0x7f0000000040)=0x4000)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2549}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x3742}]}, 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, 0x0}], 0x1, 0x20, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0xe, 0x8, 0x0, 0x8, 0x1, 0xe, 0x80, 0xe, 0x7, 0x4, 0x9, 0x0, 0x5, 0x3, 0x3, 0x7, 0x0, 0xdb, '\x00', 0x40, 0x6ea93ba1})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

24.141319584s ago: executing program 4 (id=1996):
truncate(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r0, &(0x7f0000000080)={0x2020}, 0x2020)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000080), 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000300)=0x1f06)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000cc0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xc}, @hci_ev_le_advertising_info={{}, {0x1, [{0x4, 0x0, @none, 0x0, "", 0xc}]}}}}, 0xf)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x6c, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x82af08b28b1a09eb}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa3}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x6c}}, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f0000002100), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r8 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TCXONC(r8, 0x540a, 0x2)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x80, r4, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x8000, @void, @void, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x80, 0x1, 0x6, 0x0, {0x7, 0xc9, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x8, 0xb, 0x4}}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x80}}, 0x24000080)
ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00))
sendmmsg(r2, &(0x7f0000007380)=[{{0x0, 0x0, &(0x7f0000003700)=[{&(0x7f0000003500)="ee", 0x1}], 0x1}}], 0x1, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'veth0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}})
socket$nl_netfilter(0x10, 0x3, 0xc)

23.957314923s ago: executing program 5 (id=1997):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r1, @ANYBLOB="fe000400000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000e5000300000000000600000000000000250000001000000006000000faffffff95"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r3], 0x44}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

23.562857193s ago: executing program 5 (id=1998):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r5=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0xfffffffe, @empty}, r5}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {r5, 0x1}}, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
unlinkat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x0)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r2, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

23.423061974s ago: executing program 1 (id=1999):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x10, 0x1a, 0x0, 0x1, [@AF_INET6={0xc, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x3}]}]}]}, 0x40}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000240)={0x4, 0x0, [{0xeeef0000, 0x8a, &(0x7f0000000040)=""/138}, {0x8080000, 0x79, &(0x7f0000000100)=""/121}, {0x5000, 0x1001, &(0x7f0000001780)=""/4097}, {0xeeee0000, 0x1f, &(0x7f00000001c0)=""/31}]})
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3})
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f00000003c0)={0x1})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f000024e000/0x3000)=nil, 0x3000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x0)
syz_clone(0x84021100, 0x0, 0x1c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000040), 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0x8, 0x58565559, 0x3, 0x6, 0x2, 0x6, 0xa6e, 0x0, 0x4, 0x1, 0x5}})
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000000)={0xc})

21.057790745s ago: executing program 2 (id=2000):
syz_usb_connect(0x5, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x200, 0xfa, 0x7f, 0x11, 0x40, 0x1235, 0x18, 0x60f9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xc3, 0x7, 0xc0, 0x3, [{{0x9, 0x4, 0x1, 0xc, 0x0, 0xd1, 0xe5, 0xf6, 0xfd}}]}}]}}, 0x0)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ptrace(0x4206, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22}, 0x21)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r1, 0x0, r3, 0x0, 0xae6, 0x4)
read$FUSE(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
syz_usb_connect$cdc_ncm(0x5, 0x196, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x184, 0x2, 0x1, 0x4, 0xc0, 0xff, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "bec1ad0ff543"}, {0x5, 0x24, 0x0, 0x80}, {0xd, 0x24, 0xf, 0x1, 0xeb, 0x9, 0x9, 0xf6}, {0x6, 0x24, 0x1a, 0x616e, 0x9}, [@dmm={0x7, 0x24, 0x14, 0x7, 0x5}, @mdlm_detail={0x50, 0x24, 0x13, 0x7, "d34eb114243fe2079e8bc44ad9f6f16996fdd70a3ba8c8a750bc2e7ec4f53ef36afb596a1dabcf11cc862fb8ab1ec313c49c4028c0a63649628cbb8ef9bde722f7b508d06d452c94d6bb45a2"}, @mdlm_detail={0xcb, 0x24, 0x13, 0x2e, "c19db865477222ada344e13c710838f0a4b2ec6822b5971e795725f86ac05486c3960ac4ce0a3d553935f4e13fdf51e5addd31d7092c335cd68c3d0638690354afe962e0078c57bb6807b41bf32166c28e24bea21629390c4f28f52e9975e042937ab01783ba5f6b9f07551bc95b3b3fcd6c5a39f5b22ec57892b7b5b63eb538d00bc3a8feabda351376724ea8f67c0d5067921ab08ab3942205a73041880675bae12d7383a21107ba193b1c046a356c86490b0d11b43d2b395b786cd17199f3a8990b9cecb17b"}]}, {{0x9, 0x5, 0x81, 0x3, 0x670, 0x3, 0x7, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x610, 0xec, 0xf8, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x4, 0x1, 0x8}}}}}}}]}}, &(0x7f0000000240)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x300, 0x31, 0x0, 0x7, 0x40, 0x3c}, 0x35, &(0x7f0000000200)={0x5, 0xf, 0x35, 0x2, [@ssp_cap={0x1c, 0x10, 0xa, 0x3, 0x4, 0x1ff, 0x7080, 0x0, [0x3fc0, 0xc0cf, 0xc0c0, 0xffc030]}, @ssp_cap={0x14, 0x10, 0xa, 0x9, 0x2, 0x7fffffe, 0xf000, 0xe75a, [0xff0000, 0xc0]}]}})
syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000280)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc531, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x51, 0x40, 0xe, [{{0x9, 0x4, 0x0, 0xd2, 0x2, 0x3, 0x1, 0x3, 0x7f, {0x9, 0x21, 0x81, 0x81, 0x1, {0x22, 0x6e}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4, 0x5, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x7f, 0xf, 0x10}}]}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x48, 0x9, 0x7, 0xff}, 0x104, &(0x7f0000000300)={0x5, 0xf, 0x104, 0x1, [@generic={0xff, 0x10, 0x4, "dbe2c517704f40a7a419a4d16ef07d4f18c44f1568a5a795e98fc7b7f6fc68cd6f3d6b972397a00baaf1457486b1100890816a0583d1bb6bfb776440102b76f8f5b949aeca0e6d09c7de421ad2a19e07a399450210018e984a5b5c18730c6683157b3d87e633952a0a3401eb8f10c7390da9fddf38b2d641a6835f81ba319c5610c978ac4d03dd2af45c98a66cee9d65792abda14b8d27431ff9d2547b8a6fcc0e841aac4ee12fba57397fae93e54ff48879b9976a39bdab15994a7d3c708f2b6bac65370da7d7c9a13f0af2fceadc8511fe369d6a045ffddaba994171a4cef1bf4a89e45feda1eec95ddb8dcb1c7a33d62130cd123818c131beb179"}]}, 0x4, [{0xd0, &(0x7f0000000440)=@string={0xd0, 0x3, "7437094af22de8b2672141c58c82ec1fbe8d01dc5c1347e15431b1c9e6566459679b1ce71139e7d116796d61c9167845a74489b268d5aac675e3de3a3428ccf95fba83cdeeb56bf658217a2eb03df3b1ef582105584db8e61e6d1f8e02aea07a4cb2d99a2775625677246dca095545b622c7d78a4b6dc0f5071ed992f91863892759dfc280d9224381833c99ec399a545f1b930dc0ae5a5af10d0b1919cbd909a1cc874bcce6b486f18f5f3a50e398f20129426bc6ec7c8dafa0a78f3a1557abaff16af859894fbae7ae6d590c7c"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x44d}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x41e}}, {0xff, &(0x7f00000005c0)=@string={0xff, 0x3, "d5ea10ca889756048d0f5a127b0a7fc47dcb4286d5d35a8c715f676fc6a06984abcad1edd253826ad2a3235be1409f9db7e9f698f86d5c0ddba1f9140580e50cf242ec3a99249abef14bc21a69af1a35b3040e3cd250e0ab4146f4e78cd44adf163c76df0a65f8ad5f0b348c9717ad6f29d71d4d9591bcc7f0ac984a53548c1fb9c960a761adfd675cb88c5d9ddd1b73ef8fb458802f11052a0d6d21d6987993b14e465e7895f55e05698dd0e99b899ace8faa2a9b2d7c51878392afb291e2f3e3022a2a0017878c9d75c3afaa21bc641f0cb2ce15e31642109e659cc6bd665ed679e75cd896d0207e783fb06ec947bf558ae8a34039ff0daf3ca2e00a"}}]})

0s ago: executing program 33 (id=1994):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0xc0802)
write$binfmt_elf32(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=<r2=>0x0, &(0x7f00000000c0)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x2}, 0x94)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000140), 0x80, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000240)={0x100, r1, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r3}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x9c3fa077fa966179, 0x70bd29, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054)

kernel console output (not intermixed with test programs):

[37187]" dev="sockfs" ino=37187 ioctlcmd=0x6180 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  569.300502][   T30] audit: type=1400 audit(1755073476.301:479): avc:  denied  { write } for  pid=12402 comm="syz.1.1661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  569.742540][T12416] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1664'.
[  570.059186][T12414] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1664'.
[  570.120343][ T5904] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  570.285410][ T5904] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  570.322661][ T5904] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  570.350327][ T5904] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  570.380386][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.414204][ T5904] usb 5-1: config 0 descriptor??
[  571.920372][   T30] audit: type=1400 audit(1755073478.971:480): avc:  denied  { read write } for  pid=12442 comm="syz.3.1671" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  571.947184][   T30] audit: type=1400 audit(1755073478.981:481): avc:  denied  { open } for  pid=12442 comm="syz.3.1671" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  573.209585][ T5904] usb 5-1: USB disconnect, device number 42
[  573.606300][T12469] netlink: 'syz.4.1678': attribute type 8 has an invalid length.
[  573.640064][T12470] netlink: 'syz.0.1679': attribute type 8 has an invalid length.
[  575.477549][   T30] audit: type=1400 audit(1755073482.531:482): avc:  denied  { read write } for  pid=12490 comm="syz.1.1685" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  575.500981][    C1] vkms_vblank_simulate: vblank timer overrun
[  575.892953][   T30] audit: type=1400 audit(1755073482.531:483): avc:  denied  { open } for  pid=12490 comm="syz.1.1685" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  575.916329][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.009489][   T30] audit: type=1326 audit(1755073483.051:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.032911][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.049256][   T30] audit: type=1326 audit(1755073483.051:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.192894][   T30] audit: type=1326 audit(1755073483.051:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.216298][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.266477][   T30] audit: type=1326 audit(1755073483.051:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.321681][   T30] audit: type=1326 audit(1755073483.051:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.348087][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.373199][T12506] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  576.543027][T12511] sctp: [Deprecated]: syz.1.1690 (pid 12511) Use of struct sctp_assoc_value in delayed_ack socket option.
[  576.543027][T12511] Use struct sctp_sack_info instead
[  576.742544][   T30] audit: type=1326 audit(1755073483.051:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.765736][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.807239][   T30] audit: type=1326 audit(1755073483.051:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  576.830630][    C1] vkms_vblank_simulate: vblank timer overrun
[  576.836839][  T840] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  577.053002][  T840] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  577.069710][  T840] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  577.163983][   T30] audit: type=1326 audit(1755073483.051:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12492 comm="syz.2.1687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feaf0d8ebe9 code=0x7ffc0000
[  577.190972][  T840] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  577.215473][  T840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.236320][  T840] usb 4-1: config 0 descriptor??
[  577.269962][T12530] FAULT_INJECTION: forcing a failure.
[  577.269962][T12530] name failslab, interval 1, probability 0, space 0, times 0
[  577.319023][T12530] CPU: 0 UID: 0 PID: 12530 Comm: syz.1.1694 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  577.319058][T12530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  577.319066][T12530] Call Trace:
[  577.319070][T12530]  <TASK>
[  577.319075][T12530]  dump_stack_lvl+0x16c/0x1f0
[  577.319090][T12530]  should_fail_ex+0x512/0x640
[  577.319102][T12530]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  577.319116][T12530]  should_failslab+0xc2/0x120
[  577.319128][T12530]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  577.319139][T12530]  ? __alloc_skb+0x2b2/0x380
[  577.319158][T12530]  __alloc_skb+0x2b2/0x380
[  577.319174][T12530]  ? __pfx___alloc_skb+0x10/0x10
[  577.319193][T12530]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  577.319207][T12530]  netlink_alloc_large_skb+0x69/0x130
[  577.319219][T12530]  netlink_sendmsg+0x6a1/0xdd0
[  577.319233][T12530]  ? __pfx_netlink_sendmsg+0x10/0x10
[  577.319249][T12530]  ____sys_sendmsg+0xa98/0xc70
[  577.319263][T12530]  ? copy_msghdr_from_user+0x10a/0x160
[  577.319274][T12530]  ? __pfx_____sys_sendmsg+0x10/0x10
[  577.319294][T12530]  ___sys_sendmsg+0x134/0x1d0
[  577.319305][T12530]  ? __pfx____sys_sendmsg+0x10/0x10
[  577.319329][T12530]  ? __mutex_unlock_slowpath+0x100/0x800
[  577.319345][T12530]  __sys_sendmsg+0x16d/0x220
[  577.319355][T12530]  ? __pfx___sys_sendmsg+0x10/0x10
[  577.319375][T12530]  do_syscall_64+0xcd/0x4c0
[  577.319387][T12530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.319398][T12530] RIP: 0033:0x7f0a5818ebe9
[  577.319407][T12530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.319417][T12530] RSP: 002b:00007f0a59075038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  577.319427][T12530] RAX: ffffffffffffffda RBX: 00007f0a583b5fa0 RCX: 00007f0a5818ebe9
[  577.319434][T12530] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  577.319440][T12530] RBP: 00007f0a59075090 R08: 0000000000000000 R09: 0000000000000000
[  577.319446][T12530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.319451][T12530] R13: 00007f0a583b6038 R14: 00007f0a583b5fa0 R15: 00007ffdb9c56eb8
[  577.319465][T12530]  </TASK>
[  578.250420][ T5904] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  578.700368][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  578.710204][ T5904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  578.726814][ T5904] usb 2-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13
[  578.740711][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.762719][ T5904] usb 2-1: Product: syz
[  578.774546][ T5904] usb 2-1: Manufacturer: syz
[  578.787084][ T5904] usb 2-1: SerialNumber: syz
[  578.940204][ T5904] usb 2-1: config 0 descriptor??
[  578.999790][ T5904] rndis_host 2-1:0.0: skipping garbage
[  579.005768][ T5904] rndis_host 2-1:0.0: probe with driver rndis_host failed with error -22
[  579.510159][ T5904] usb 4-1: USB disconnect, device number 48
[  581.168210][  T840] usb 2-1: USB disconnect, device number 38
[  581.882512][T12604] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  582.001504][T12607] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  582.666243][T12614] overlayfs: failed to resolve './bus': -2
[  583.181717][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  583.181733][   T30] audit: type=1400 audit(1755073490.241:536): avc:  denied  { execstack } for  pid=12620 comm="syz.1.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  583.966287][T12636] syzkaller1: entered promiscuous mode
[  583.978648][T12636] syzkaller1: entered allmulticast mode
[  584.389781][  T840] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  584.550638][  T840] usb 2-1: Using ep0 maxpacket: 8
[  584.563899][  T840] usb 2-1: unable to get BOS descriptor or descriptor too short
[  584.577480][  T840] usb 2-1: config 4 interface 0 has no altsetting 0
[  584.601953][  T840] usb 2-1: string descriptor 0 read error: -22
[  584.895164][  T840] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  584.920350][ T5904] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  584.942752][  T840] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  584.978738][  T840] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  585.017100][  T840] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  585.030110][  T840] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  585.041501][  T840] usb 2-1: media controller created
[  585.066788][  T840] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  585.098335][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  585.176934][  T840] zl10353_read_register: readreg error (reg=127, ret==0)
[  585.208455][  T840] usb 2-1: USB disconnect, device number 39
[  585.235770][ T5904] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  585.263282][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  585.273225][ T5904] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  585.280386][   T30] audit: type=1400 audit(1755073492.331:537): avc:  denied  { write } for  pid=12652 comm="syz.3.1715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  585.301185][ T5904] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  585.363324][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.370813][   T30] audit: type=1400 audit(1755073492.331:538): avc:  denied  { getopt } for  pid=12652 comm="syz.3.1715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  585.399308][ T5904] usb 1-1: config 0 descriptor??
[  585.780429][  T840] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  585.880412][T12071] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  586.030415][ T5904] hdpvr 1-1:0.0: firmware version 0x0 dated 
[  586.041327][ T5904] hdpvr 1-1:0.0: untested firmware, the driver might not work.
[  586.188478][T12071] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  586.210363][  T840] usb 3-1: Using ep0 maxpacket: 32
[  586.215668][T12071] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.236568][  T840] usb 3-1: config 0 has an invalid interface number: 225 but max is 0
[  586.247617][T12071] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.264992][  T840] usb 3-1: config 0 has no interface number 0
[  586.278261][T12071] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  586.292644][  T840] usb 3-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79
[  586.308984][T12071] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.324426][  T840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.356632][T12071] usb 5-1: config 0 descriptor??
[  586.362048][  T840] usb 3-1: Product: syz
[  586.372718][  T840] usb 3-1: Manufacturer: syz
[  586.377672][  T840] usb 3-1: SerialNumber: syz
[  586.394848][  T840] usb 3-1: config 0 descriptor??
[  586.629422][T12656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.640782][T12656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.668938][T12656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.705803][T12656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.825931][T12071] sony 0003:054C:024B.0034: unexpected long global item
[  586.839392][T12683] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  586.852804][T12071] sony 0003:054C:024B.0034: parse failed
[  586.871329][T12071] sony 0003:054C:024B.0034: probe with driver sony failed with error -22
[  587.021639][  T840] mos7840 3-1:0.225: required endpoints missing
[  587.038468][  T840] usb 3-1: USB disconnect, device number 39
[  587.229610][ T5904] hdpvr 1-1:0.0: device init failed
[  587.243873][ T5904] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12
[  587.283243][ T5904] usb 1-1: USB disconnect, device number 43
[  587.506769][T12694] FAULT_INJECTION: forcing a failure.
[  587.506769][T12694] name failslab, interval 1, probability 0, space 0, times 0
[  587.538517][T12694] CPU: 0 UID: 0 PID: 12694 Comm: syz.1.1722 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  587.538540][T12694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  587.538550][T12694] Call Trace:
[  587.538556][T12694]  <TASK>
[  587.538563][T12694]  dump_stack_lvl+0x16c/0x1f0
[  587.538585][T12694]  should_fail_ex+0x512/0x640
[  587.538604][T12694]  ? fs_reclaim_acquire+0xae/0x150
[  587.538629][T12694]  ? tomoyo_encode2+0x100/0x3e0
[  587.538652][T12694]  should_failslab+0xc2/0x120
[  587.538671][T12694]  __kmalloc_noprof+0xd2/0x510
[  587.538689][T12694]  ? d_absolute_path+0x136/0x1a0
[  587.538719][T12694]  tomoyo_encode2+0x100/0x3e0
[  587.538756][T12694]  tomoyo_encode+0x29/0x50
[  587.538779][T12694]  tomoyo_realpath_from_path+0x18f/0x6e0
[  587.538812][T12694]  tomoyo_path_number_perm+0x245/0x580
[  587.538833][T12694]  ? tomoyo_path_number_perm+0x237/0x580
[  587.538857][T12694]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  587.538880][T12694]  ? find_held_lock+0x2b/0x80
[  587.538927][T12694]  ? find_held_lock+0x2b/0x80
[  587.538948][T12694]  ? hook_file_ioctl_common+0x145/0x410
[  587.538971][T12694]  ? __fget_files+0x20e/0x3c0
[  587.538995][T12694]  security_file_ioctl+0x9b/0x240
[  587.539019][T12694]  __x64_sys_ioctl+0xb7/0x210
[  587.539044][T12694]  do_syscall_64+0xcd/0x4c0
[  587.539064][T12694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.539082][T12694] RIP: 0033:0x7f0a5818ebe9
[  587.539096][T12694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.539111][T12694] RSP: 002b:00007f0a59075038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  587.539128][T12694] RAX: ffffffffffffffda RBX: 00007f0a583b5fa0 RCX: 00007f0a5818ebe9
[  587.539139][T12694] RDX: 0000200000000100 RSI: 00000000c0386105 RDI: 0000000000000003
[  587.539149][T12694] RBP: 00007f0a59075090 R08: 0000000000000000 R09: 0000000000000000
[  587.539159][T12694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.539169][T12694] R13: 00007f0a583b6038 R14: 00007f0a583b5fa0 R15: 00007ffdb9c56eb8
[  587.539194][T12694]  </TASK>
[  587.539210][T12694] ERROR: Out of memory at tomoyo_realpath_from_path.
[  588.445796][T12071] usb 5-1: USB disconnect, device number 43
[  589.717273][T12726] netlink: 'syz.1.1729': attribute type 1 has an invalid length.
[  589.725483][T12726] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1729'.
[  589.734897][T12726] netlink: 'syz.1.1729': attribute type 2 has an invalid length.
[  589.747617][T12726] netlink: 'syz.1.1729': attribute type 1 has an invalid length.
[  590.350673][ T5904] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  590.350673][T12071] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  590.383213][   T30] audit: type=1326 audit(1755073497.441:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12731 comm="syz.1.1730" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0a5818ebe9 code=0x0
[  590.502343][ T5904] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  590.516201][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.528406][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.531717][T12071] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  590.550005][ T5904] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  590.559797][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.568743][T12071] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.570330][ T5904] usb 1-1: config 0 descriptor??
[  590.605600][T12071] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.624046][T12071] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  590.635909][T12071] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.654448][T12071] usb 5-1: config 0 descriptor??
[  591.076440][T12071] sony 0003:054C:024B.0036: unexpected long global item
[  591.081249][ T5904] sony 0003:054C:024B.0035: unexpected long global item
[  591.091390][ T5904] sony 0003:054C:024B.0035: parse failed
[  591.094320][T12071] sony 0003:054C:024B.0036: parse failed
[  591.097117][ T5904] sony 0003:054C:024B.0035: probe with driver sony failed with error -22
[  591.106159][T12071] sony 0003:054C:024B.0036: probe with driver sony failed with error -22
[  591.119696][ T5992] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  591.247812][   T30] audit: type=1400 audit(1755073498.301:540): avc:  denied  { create } for  pid=12740 comm="syz.1.1733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  591.290450][ T5992] usb 4-1: Using ep0 maxpacket: 16
[  591.399277][ T5992] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  591.469689][T12743] ubi31: attaching mtd0
[  591.477374][T12743] ubi31: scanning is finished
[  591.482188][T12743] ubi31: empty MTD device detected
[  591.557463][ T5992] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  591.567184][ T5992] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  591.579986][ T5992] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  591.589138][ T5992] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.597233][ T5992] usb 4-1: Product: syz
[  591.602387][ T5992] usb 4-1: Manufacturer: syz
[  591.629910][ T5992] usb 4-1: SerialNumber: syz
[  591.642127][T12743] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  591.649782][T12743] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  591.657359][T12743] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  591.664599][T12743] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  591.672158][T12743] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  591.679049][T12743] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  591.687220][T12743] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4056810253
[  591.697371][T12743] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  591.727438][T12744] ubi31: background thread "ubi_bgt31d" started, PID 12744
[  591.946541][ T5992] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  591.960156][ T5992] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  592.053985][ T5992] usb 4-1: USB disconnect, device number 49
[  592.133232][ T8482] udevd[8482]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  592.356632][ T5904] usb 5-1: USB disconnect, device number 44
[  592.411791][   T30] audit: type=1400 audit(1755073499.471:541): avc:  denied  { getopt } for  pid=12749 comm="syz.4.1736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  592.644681][T12755] ubi: mtd0 is already attached to ubi31
[  593.105328][ T5992] usb 1-1: USB disconnect, device number 44
[  594.188461][T12761] CUSE: unknown device info "ÿ
"
[  594.193743][T12761] CUSE: zero length info key specified
[  594.271268][T12761] ALSA: mixer_oss: invalid OSS volume 'u'
[  594.708812][T12784] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  595.009191][T12790] FAULT_INJECTION: forcing a failure.
[  595.009191][T12790] name failslab, interval 1, probability 0, space 0, times 0
[  595.050814][T12790] CPU: 1 UID: 0 PID: 12790 Comm: syz.3.1745 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  595.050830][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  595.050837][T12790] Call Trace:
[  595.050843][T12790]  <TASK>
[  595.050848][T12790]  dump_stack_lvl+0x16c/0x1f0
[  595.050864][T12790]  should_fail_ex+0x512/0x640
[  595.050876][T12790]  ? fs_reclaim_acquire+0xae/0x150
[  595.050892][T12790]  ? tomoyo_encode2+0x100/0x3e0
[  595.050907][T12790]  should_failslab+0xc2/0x120
[  595.050920][T12790]  __kmalloc_noprof+0xd2/0x510
[  595.050931][T12790]  ? d_absolute_path+0x136/0x1a0
[  595.050949][T12790]  tomoyo_encode2+0x100/0x3e0
[  595.050971][T12790]  tomoyo_encode+0x29/0x50
[  595.050986][T12790]  tomoyo_realpath_from_path+0x18f/0x6e0
[  595.051006][T12790]  tomoyo_path_number_perm+0x245/0x580
[  595.051019][T12790]  ? tomoyo_path_number_perm+0x237/0x580
[  595.051034][T12790]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  595.051063][T12790]  ? find_held_lock+0x2b/0x80
[  595.051077][T12790]  ? hook_file_ioctl_common+0x145/0x410
[  595.051091][T12790]  ? __fget_files+0x20e/0x3c0
[  595.051106][T12790]  security_file_ioctl+0x9b/0x240
[  595.051122][T12790]  __x64_sys_ioctl+0xb7/0x210
[  595.051140][T12790]  do_syscall_64+0xcd/0x4c0
[  595.051153][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.051164][T12790] RIP: 0033:0x7f04d2f8ebe9
[  595.051173][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.051183][T12790] RSP: 002b:00007f04d3dae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  595.051194][T12790] RAX: ffffffffffffffda RBX: 00007f04d31b5fa0 RCX: 00007f04d2f8ebe9
[  595.051201][T12790] RDX: 0000200000000240 RSI: 0000000000003b87 RDI: 0000000000000003
[  595.051207][T12790] RBP: 00007f04d3dae090 R08: 0000000000000000 R09: 0000000000000000
[  595.051214][T12790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.051220][T12790] R13: 00007f04d31b6038 R14: 00007f04d31b5fa0 R15: 00007fff8def4ba8
[  595.051235][T12790]  </TASK>
[  595.051289][T12790] ERROR: Out of memory at tomoyo_realpath_from_path.
[  595.287154][   T30] audit: type=1326 audit(1755073502.341:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12773 comm="syz.2.1742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feaf0d8ebe9 code=0x7fc00000
[  595.892001][T12804] ubi: mtd0 is already attached to ubi31
[  596.521168][T12810] FAULT_INJECTION: forcing a failure.
[  596.521168][T12810] name failslab, interval 1, probability 0, space 0, times 0
[  596.533929][T12810] CPU: 0 UID: 0 PID: 12810 Comm: syz.1.1749 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  596.533959][T12810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  596.533970][T12810] Call Trace:
[  596.533977][T12810]  <TASK>
[  596.533985][T12810]  dump_stack_lvl+0x16c/0x1f0
[  596.534008][T12810]  should_fail_ex+0x512/0x640
[  596.534028][T12810]  ? fs_reclaim_acquire+0xae/0x150
[  596.534055][T12810]  ? tomoyo_encode2+0x100/0x3e0
[  596.534079][T12810]  should_failslab+0xc2/0x120
[  596.534100][T12810]  __kmalloc_noprof+0xd2/0x510
[  596.534118][T12810]  ? d_absolute_path+0x136/0x1a0
[  596.534149][T12810]  tomoyo_encode2+0x100/0x3e0
[  596.534178][T12810]  tomoyo_encode+0x29/0x50
[  596.534202][T12810]  tomoyo_realpath_from_path+0x18f/0x6e0
[  596.534236][T12810]  tomoyo_path_number_perm+0x245/0x580
[  596.534257][T12810]  ? tomoyo_path_number_perm+0x237/0x580
[  596.534282][T12810]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  596.534333][T12810]  ? find_held_lock+0x2b/0x80
[  596.534355][T12810]  ? hook_file_ioctl_common+0x145/0x410
[  596.534380][T12810]  ? __fget_files+0x20e/0x3c0
[  596.534405][T12810]  security_file_ioctl+0x9b/0x240
[  596.534432][T12810]  __x64_sys_ioctl+0xb7/0x210
[  596.534461][T12810]  do_syscall_64+0xcd/0x4c0
[  596.534486][T12810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.534504][T12810] RIP: 0033:0x7f0a5818ebe9
[  596.534519][T12810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.534537][T12810] RSP: 002b:00007f0a59033038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  596.534554][T12810] RAX: ffffffffffffffda RBX: 00007f0a583b6180 RCX: 00007f0a5818ebe9
[  596.534570][T12810] RDX: 0000200000000440 RSI: 0000000040186f40 RDI: 0000000000000003
[  596.534581][T12810] RBP: 00007f0a59033090 R08: 0000000000000000 R09: 0000000000000000
[  596.534592][T12810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  596.534603][T12810] R13: 00007f0a583b6218 R14: 00007f0a583b6180 R15: 00007ffdb9c56eb8
[  596.534629][T12810]  </TASK>
[  596.738661][T12810] ERROR: Out of memory at tomoyo_realpath_from_path.
[  596.746167][T12810] ubi: mtd0 is already attached to ubi31
[  597.090547][ T5904] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  597.230521][ T5992] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  597.422061][ T5992] usb 5-1: device descriptor read/64, error -71
[  597.742755][ T5904] usb 3-1: config 0 has no interfaces?
[  597.755648][ T5904] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  597.777609][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.799414][T12826] FAULT_INJECTION: forcing a failure.
[  597.799414][T12826] name failslab, interval 1, probability 0, space 0, times 0
[  597.802319][ T5904] usb 3-1: config 0 descriptor??
[  597.816581][T12826] CPU: 1 UID: 0 PID: 12826 Comm: syz.1.1755 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  597.816603][T12826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  597.816612][T12826] Call Trace:
[  597.816618][T12826]  <TASK>
[  597.816624][T12826]  dump_stack_lvl+0x16c/0x1f0
[  597.816643][T12826]  should_fail_ex+0x512/0x640
[  597.816660][T12826]  ? fs_reclaim_acquire+0xae/0x150
[  597.816683][T12826]  ? tomoyo_encode2+0x100/0x3e0
[  597.816707][T12826]  should_failslab+0xc2/0x120
[  597.816725][T12826]  __kmalloc_noprof+0xd2/0x510
[  597.816740][T12826]  ? d_absolute_path+0x136/0x1a0
[  597.816764][T12826]  tomoyo_encode2+0x100/0x3e0
[  597.816788][T12826]  tomoyo_encode+0x29/0x50
[  597.816808][T12826]  tomoyo_realpath_from_path+0x18f/0x6e0
[  597.816836][T12826]  tomoyo_path_number_perm+0x245/0x580
[  597.816853][T12826]  ? tomoyo_path_number_perm+0x237/0x580
[  597.816873][T12826]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  597.816892][T12826]  ? find_held_lock+0x2b/0x80
[  597.816931][T12826]  ? find_held_lock+0x2b/0x80
[  597.816948][T12826]  ? hook_file_ioctl_common+0x145/0x410
[  597.816969][T12826]  ? __fget_files+0x20e/0x3c0
[  597.816990][T12826]  security_file_ioctl+0x9b/0x240
[  597.817012][T12826]  __x64_sys_ioctl+0xb7/0x210
[  597.817036][T12826]  do_syscall_64+0xcd/0x4c0
[  597.817053][T12826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  597.817069][T12826] RIP: 0033:0x7f0a5818ebe9
[  597.817083][T12826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  597.817098][T12826] RSP: 002b:00007f0a59075038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  597.817116][T12826] RAX: ffffffffffffffda RBX: 00007f0a583b5fa0 RCX: 00007f0a5818ebe9
[  597.817128][T12826] RDX: 00002000000001c0 RSI: 00000000c0d05605 RDI: 0000000000000003
[  597.817139][T12826] RBP: 00007f0a59075090 R08: 0000000000000000 R09: 0000000000000000
[  597.817149][T12826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  597.817158][T12826] R13: 00007f0a583b6038 R14: 00007f0a583b5fa0 R15: 00007ffdb9c56eb8
[  597.817181][T12826]  </TASK>
[  597.817196][T12826] ERROR: Out of memory at tomoyo_realpath_from_path.
[  598.160712][ T5992] usb 5-1: new full-speed USB device number 46 using dummy_hcd
[  598.169182][T12830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.178421][T12830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.223702][T12071] usb 3-1: USB disconnect, device number 40
[  598.300428][ T5992] usb 5-1: device descriptor read/64, error -71
[  598.417607][ T5992] usb usb5-port1: attempt power cycle
[  598.512519][   T30] audit: type=1400 audit(1755073505.561:543): avc:  denied  { read } for  pid=12837 comm="syz.3.1758" path="socket:[39185]" dev="sockfs" ino=39185 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  598.644585][   T30] audit: type=1400 audit(1755073505.561:544): avc:  denied  { read } for  pid=12837 comm="syz.3.1758" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  598.788428][ T5992] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[  598.812395][ T5992] usb 5-1: device descriptor read/8, error -71
[  599.730739][ T5992] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[  599.750835][ T5992] usb 5-1: device descriptor read/8, error -71
[  599.870583][ T5992] usb usb5-port1: unable to enumerate USB device
[  600.130330][ T5992] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  600.280574][ T5992] usb 1-1: Using ep0 maxpacket: 16
[  600.281676][ T5911] usb 5-1: new full-speed USB device number 49 using dummy_hcd
[  600.287075][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  600.311542][T12857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1763'.
[  600.330523][ T5992] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  600.385773][ T5992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.431023][ T5992] usb 1-1: config 0 descriptor??
[  600.455177][T12862] FAULT_INJECTION: forcing a failure.
[  600.455177][T12862] name failslab, interval 1, probability 0, space 0, times 0
[  600.468407][T12862] CPU: 0 UID: 0 PID: 12862 Comm: syz.2.1765 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  600.468432][T12862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.468442][T12862] Call Trace:
[  600.468448][T12862]  <TASK>
[  600.468455][T12862]  dump_stack_lvl+0x16c/0x1f0
[  600.468480][T12862]  should_fail_ex+0x512/0x640
[  600.468500][T12862]  ? __kmalloc_cache_node_noprof+0x5a/0x420
[  600.468530][T12862]  should_failslab+0xc2/0x120
[  600.468550][T12862]  __kmalloc_cache_node_noprof+0x6d/0x420
[  600.468579][T12862]  ? __get_vm_area_node+0x101/0x330
[  600.468616][T12862]  ? __lock_acquire+0x62e/0x1ce0
[  600.468649][T12862]  __get_vm_area_node+0x101/0x330
[  600.468676][T12862]  __vmalloc_node_range_noprof+0x271/0x14b0
[  600.468699][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.468726][T12862]  ? find_held_lock+0x2b/0x80
[  600.468748][T12862]  ? avc_has_perm_noaudit+0x117/0x3b0
[  600.468767][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.468791][T12862]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  600.468816][T12862]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  600.468848][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.468866][T12862]  __vmalloc_node_noprof+0xad/0xf0
[  600.468889][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.468910][T12862]  bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.468926][T12862]  ? security_capable+0x7e/0x260
[  600.468948][T12862]  bpf_prog_alloc+0x3b/0x230
[  600.468963][T12862]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  600.468983][T12862]  bpf_prog_load+0x1a04/0x2490
[  600.469012][T12862]  ? __pfx_bpf_prog_load+0x10/0x10
[  600.469037][T12862]  ? avc_has_perm+0x144/0x1f0
[  600.469066][T12862]  ? selinux_bpf+0xde/0x130
[  600.469080][T12862]  ? bpf_lsm_bpf+0x9/0x10
[  600.469100][T12862]  __sys_bpf+0x4a3f/0x4de0
[  600.469120][T12862]  ? __pfx___sys_bpf+0x10/0x10
[  600.469138][T12862]  ? ksys_write+0x190/0x250
[  600.469160][T12862]  ? __mutex_unlock_slowpath+0x163/0x800
[  600.469193][T12862]  ? fput+0x9b/0xd0
[  600.469215][T12862]  ? ksys_write+0x1ac/0x250
[  600.469231][T12862]  ? __pfx_ksys_write+0x10/0x10
[  600.469253][T12862]  __x64_sys_bpf+0x78/0xc0
[  600.469276][T12862]  ? lockdep_hardirqs_on+0x7c/0x110
[  600.469293][T12862]  do_syscall_64+0xcd/0x4c0
[  600.469313][T12862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.469331][T12862] RIP: 0033:0x7feaf0d8ebe9
[  600.469346][T12862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.469364][T12862] RSP: 002b:00007feaf1c4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  600.469380][T12862] RAX: ffffffffffffffda RBX: 00007feaf0fb5fa0 RCX: 00007feaf0d8ebe9
[  600.469392][T12862] RDX: 0000000000000094 RSI: 0000200000000300 RDI: 0000000000000005
[  600.469402][T12862] RBP: 00007feaf1c4e090 R08: 0000000000000000 R09: 0000000000000000
[  600.469413][T12862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.469423][T12862] R13: 00007feaf0fb6038 R14: 00007feaf0fb5fa0 R15: 00007ffe71c5a208
[  600.469448][T12862]  </TASK>
[  600.469834][T12862] syz.2.1765: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  600.788309][ T5911] usb 5-1: not running at top speed; connect to a high speed hub
[  600.796431][T12862] CPU: 0 UID: 0 PID: 12862 Comm: syz.2.1765 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  600.796455][T12862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  600.796468][T12862] Call Trace:
[  600.796475][T12862]  <TASK>
[  600.796482][T12862]  dump_stack_lvl+0x16c/0x1f0
[  600.796505][T12862]  warn_alloc+0x248/0x3a0
[  600.796525][T12862]  ? __pfx_warn_alloc+0x10/0x10
[  600.796545][T12862]  ? __kmalloc_cache_node_noprof+0x272/0x420
[  600.796578][T12862]  ? __kasan_kmalloc+0x8a/0xb0
[  600.796596][T12862]  ? __get_vm_area_node+0x208/0x330
[  600.796625][T12862]  __vmalloc_node_range_noprof+0xb2d/0x14b0
[  600.796653][T12862]  ? find_held_lock+0x2b/0x80
[  600.796675][T12862]  ? avc_has_perm_noaudit+0x117/0x3b0
[  600.796695][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.796744][T12862]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  600.796771][T12862]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  600.796804][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.796821][T12862]  __vmalloc_node_noprof+0xad/0xf0
[  600.796845][T12862]  ? bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.796866][T12862]  bpf_prog_alloc_no_stats+0x54/0x5d0
[  600.796883][T12862]  ? security_capable+0x7e/0x260
[  600.796906][T12862]  bpf_prog_alloc+0x3b/0x230
[  600.796922][T12862]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  600.796943][T12862]  bpf_prog_load+0x1a04/0x2490
[  600.796971][T12862]  ? __pfx_bpf_prog_load+0x10/0x10
[  600.796997][T12862]  ? avc_has_perm+0x144/0x1f0
[  600.797028][T12862]  ? selinux_bpf+0xde/0x130
[  600.797045][T12862]  ? bpf_lsm_bpf+0x9/0x10
[  600.797072][T12862]  __sys_bpf+0x4a3f/0x4de0
[  600.797098][T12862]  ? __pfx___sys_bpf+0x10/0x10
[  600.797120][T12862]  ? ksys_write+0x190/0x250
[  600.797143][T12862]  ? __mutex_unlock_slowpath+0x163/0x800
[  600.797178][T12862]  ? fput+0x9b/0xd0
[  600.797201][T12862]  ? ksys_write+0x1ac/0x250
[  600.797218][T12862]  ? __pfx_ksys_write+0x10/0x10
[  600.797241][T12862]  __x64_sys_bpf+0x78/0xc0
[  600.797264][T12862]  ? lockdep_hardirqs_on+0x7c/0x110
[  600.797281][T12862]  do_syscall_64+0xcd/0x4c0
[  600.797300][T12862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  600.797316][T12862] RIP: 0033:0x7feaf0d8ebe9
[  600.797330][T12862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  600.797346][T12862] RSP: 002b:00007feaf1c4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  600.797361][T12862] RAX: ffffffffffffffda RBX: 00007feaf0fb5fa0 RCX: 00007feaf0d8ebe9
[  600.797372][T12862] RDX: 0000000000000094 RSI: 0000200000000300 RDI: 0000000000000005
[  600.797383][T12862] RBP: 00007feaf1c4e090 R08: 0000000000000000 R09: 0000000000000000
[  600.797393][T12862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  600.797403][T12862] R13: 00007feaf0fb6038 R14: 00007feaf0fb5fa0 R15: 00007ffe71c5a208
[  600.797430][T12862]  </TASK>
[  600.797677][T12862] Mem-Info:
[  601.037385][ T5992] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0
[  601.045190][ T5911] usb 5-1: config 1 interface 0 has no altsetting 0
[  601.060757][T12862] active_anon:14865 inactive_anon:0 isolated_anon:0
[  601.060757][T12862]  active_file:17150 inactive_file:40803 isolated_file:0
[  601.060757][T12862]  unevictable:768 dirty:538 writeback:0
[  601.060757][T12862]  slab_reclaimable:12071 slab_unreclaimable:101110
[  601.060757][T12862]  mapped:41202 shmem:3197 pagetables:3447
[  601.060757][T12862]  sec_pagetables:0 bounce:0
[  601.060757][T12862]  kernel_misc_reclaimable:0
[  601.060757][T12862]  free:1251502 free_pcp:23051 free_cma:0
[  601.143230][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.155131][ T5992] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0
[  601.170391][ T5992] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0
[  601.181541][ T5911] usb 5-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.40
[  601.184718][ T5992] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0
[  601.199837][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.202514][ T5992] mcp2221 0003:04D8:00DD.0037: unknown main item tag 0x0
[  601.210326][T12862] Node 0 active_anon:59360kB inactive_anon:0kB active_file:68600kB inactive_file:163012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:156408kB dirty:2152kB writeback:0kB shmem:11252kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13936kB pagetables:13624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  601.251044][ T5992] mcp2221 0003:04D8:00DD.0037: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  601.260283][ T5911] usb 5-1: Product: syz
[  601.265634][ T5911] usb 5-1: Manufacturer: syz
[  601.270236][ T5911] usb 5-1: SerialNumber: syz
[  601.270416][T12862] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  601.304778][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.375217][T12862] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  601.404027][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.512064][T12862] lowmem_reserve[]: 0 2479 2481 2481 2481
[  601.535042][T12849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.548972][T12862] Node 0 DMA32 free:1119368kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52140kB inactive_anon:0kB active_file:68600kB inactive_file:161700kB unevictable:1536kB writepending:656kB present:3129332kB managed:2539412kB mlocked:0kB bounce:0kB free_pcp:61872kB local_pcp:28700kB free_cma:0kB
[  601.581270][    C1] vkms_vblank_simulate: vblank timer overrun
[  601.591012][T12849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.593619][T12862] lowmem_reserve[]: 0 0 1 1 1
[  601.628160][T12862] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[  601.664906][ T5992] usb 1-1: USB disconnect, device number 45
[  601.683091][ T5911] usbhid 5-1:1.0: can't add hid device: -71
[  601.683790][T12862] lowmem_reserve[]: 0 0 0 0 0
[  601.689222][ T5911] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  601.697066][T12862] Node 1 Normal free:3882668kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:29152kB local_pcp:14544kB free_cma:0kB
[  601.739829][ T5904] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  601.747460][T12862] lowmem_reserve[]: 0 0 0 0 0
[  601.747608][T12862] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  601.765980][ T5911] usb 5-1: USB disconnect, device number 49
[  601.800439][T12867] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  601.808197][T12867] audit: out of memory in audit_log_start
[  601.815214][T12862] Node 0 DMA32: 812*4kB (UME) 742*8kB (UME) 255*16kB (UME) 1185*32kB (UME) 624*64kB (UME) 450*128kB (UME) 180*256kB (UME) 43*512kB (UM) 4*1024kB (M) 7*2048kB (UME) 216*4096kB (M) = 1119984kB
[  602.043970][T12862] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  602.076120][T12862] Node 1 Normal: 89*4kB (U) 21*8kB (UME) 14*16kB (UME) 10*32kB (UME) 4*64kB (ME) 5*128kB (UME) 3*256kB (UM) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3882668kB
[  602.094244][T12862] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  602.220492][T12862] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  602.244327][ T5904] usb 4-1: Using ep0 maxpacket: 16
[  602.259653][T12862] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  602.296699][ T5904] usb 4-1: config index 0 descriptor too short (expected 16456, got 72)
[  602.308693][ T5904] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  602.318430][ T5904] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  602.319162][T12862] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  602.337112][ T5904] usb 4-1: config 0 has an invalid interface number: 125 but max is 1
[  602.345772][ T5904] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  602.349130][T12862] 59300 total pagecache pages
[  602.354767][ T5904] usb 4-1: config 0 has no interface number 0
[  602.420296][ T5904] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  602.461440][T12862] 0 pages in swap cache
[  602.461729][ T5904] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  602.478528][ T5904] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  602.502283][T12862] Free swap  = 124996kB
[  602.508437][T12862] Total swap = 124996kB
[  602.538004][T12862] 2097051 pages RAM
[  602.551648][T12862] 0 pages HighMem/MovableOnly
[  602.556386][T12862] 430236 pages reserved
[  602.563090][ T5904] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  602.585960][T12862] 0 pages cma reserved
[  602.628541][ T5904] usb 4-1: config 0 interface 125 has no altsetting 0
[  602.640321][ T5904] usb 4-1: config 0 interface 125 has no altsetting 2
[  602.679714][ T5904] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  602.696886][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.714286][ T5904] usb 4-1: Product: syz
[  602.729730][ T5904] usb 4-1: Manufacturer: syz
[  602.737828][ T5904] usb 4-1: SerialNumber: syz
[  602.751573][ T5904] usb 4-1: config 0 descriptor??
[  602.759430][ T5904] usb 4-1: selecting invalid altsetting 2
[  603.414887][ T5932] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  603.920804][ T5904] get_1284_register timeout
[  603.925453][ T5904] uss720 4-1:0.125: probe with driver uss720 failed with error -5
[  603.925541][    C0] usb 4-1: async_complete: urb error -104
[  603.925645][    C0] usb 4-1: async_complete: urb error -104
[  603.925738][    C0] usb 4-1: async_complete: urb error -104
[  603.960567][ T5932] usb 1-1: Using ep0 maxpacket: 16
[  604.006127][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  604.033544][ T5932] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  604.044611][T12893] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1774'.
[  604.050287][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.078067][ T5932] usb 1-1: Product: syz
[  604.092077][ T5932] usb 1-1: Manufacturer: syz
[  604.096937][ T5932] usb 1-1: SerialNumber: syz
[  604.130843][ T5932] usb 1-1: config 0 descriptor??
[  604.147892][ T5932] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  604.159802][ T5932] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  605.113456][ T5932] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  605.482132][ T5992] usb 4-1: USB disconnect, device number 50
[  605.553849][T12908] Bluetooth: MGMT ver 1.23
[  605.626506][ T5932] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  605.722120][ T5932] em28xx 1-1:0.0: board has no eeprom
[  606.152023][ T5904] usb 5-1: new full-speed USB device number 50 using dummy_hcd
[  606.360184][ T5904] usb 5-1: not running at top speed; connect to a high speed hub
[  606.398537][ T5904] usb 5-1: config 1 interface 0 has no altsetting 0
[  606.421192][ T5904] usb 5-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.40
[  606.447740][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.500560][ T5904] usb 5-1: Product: syz
[  606.504900][ T5904] usb 5-1: Manufacturer: syz
[  606.509557][ T5904] usb 5-1: SerialNumber: syz
[  606.743264][T12873] em28xx 1-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  606.810451][ T5932] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  606.827184][ T5932] em28xx 1-1:0.0: dvb set to bulk mode.
[  606.852129][ T5904] usbhid 5-1:1.0: can't add hid device: -71
[  606.861136][ T5911] em28xx 1-1:0.0: Binding DVB extension
[  606.887146][ T5932] usb 1-1: USB disconnect, device number 46
[  606.897131][ T5904] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  606.925121][ T5932] em28xx 1-1:0.0: Disconnecting em28xx
[  606.950734][T12923] usb usb8: usbfs: process 12923 (syz.3.1781) did not claim interface 0 before use
[  606.960162][   T30] audit: type=1400 audit(1755073513.991:545): avc:  denied  { write } for  pid=12922 comm="syz.3.1781" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  606.992629][ T5904] usb 5-1: USB disconnect, device number 50
[  607.115617][ T5911] em28xx 1-1:0.0: Registering input extension
[  607.127235][ T5932] em28xx 1-1:0.0: Closing input extension
[  607.191025][ T5932] em28xx 1-1:0.0: Freeing device
[  607.524706][T12931] syzkaller1: entered promiscuous mode
[  607.542755][T12931] syzkaller1: entered allmulticast mode
[  607.690328][ T5992] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  607.735474][T12942] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1786'.
[  607.844232][T12943] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  607.870447][ T5992] usb 2-1: Using ep0 maxpacket: 16
[  607.890458][T12071] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  607.905383][ T5992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.919843][ T5992] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  607.946440][ T5992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.969178][ T5992] usb 2-1: config 0 descriptor??
[  608.053180][T12071] usb 5-1: Using ep0 maxpacket: 8
[  608.070851][T12071] usb 5-1: unable to get BOS descriptor or descriptor too short
[  608.094259][T12071] usb 5-1: config 4 interface 0 has no altsetting 0
[  608.120392][T12071] usb 5-1: string descriptor 0 read error: -22
[  608.133807][T12071] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  608.182619][T12071] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  608.217126][T12071] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  608.242907][T12071] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  608.273949][T12071] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  608.305412][T12071] usb 5-1: media controller created
[  608.399886][ T5992] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  608.413199][T12071] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  608.433085][ T5992] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  608.445803][ T5992] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  608.470312][ T5992] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  608.482349][ T5992] mcp2221 0003:04D8:00DD.0038: unknown main item tag 0x0
[  608.492422][T12071] zl10353_read_register: readreg error (reg=127, ret==0)
[  608.510721][ T5992] mcp2221 0003:04D8:00DD.0038: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  608.549738][T12071] usb 5-1: USB disconnect, device number 51
[  608.564215][T12949] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  608.896301][T12926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  608.909987][T12926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  608.930762][T12071] usb 2-1: USB disconnect, device number 40
[  609.172038][T12071] hid (null): unknown global tag 0xe
[  609.190313][T12071] hid (null): unknown global tag 0xc
[  609.196585][T12071] hid (null): report_id 3550834153 is invalid
[  609.286757][T12071] hid-generic 0007:0010:0008.0039: unknown main item tag 0x3
[  609.307259][T12071] hid-generic 0007:0010:0008.0039: collection stack underflow
[  609.336328][T12071] hid-generic 0007:0010:0008.0039: item 0 0 0 12 parsing failed
[  609.336342][   T30] audit: type=1400 audit(1755073516.221:546): avc:  denied  { write } for  pid=12954 comm="syz.4.1789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  609.374606][T12071] hid-generic 0007:0010:0008.0039: probe with driver hid-generic failed with error -22
[  609.522111][T12963] FAULT_INJECTION: forcing a failure.
[  609.522111][T12963] name failslab, interval 1, probability 0, space 0, times 0
[  609.580626][T12963] CPU: 1 UID: 0 PID: 12963 Comm: syz.1.1791 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  609.580652][T12963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  609.580661][T12963] Call Trace:
[  609.580666][T12963]  <TASK>
[  609.580673][T12963]  dump_stack_lvl+0x16c/0x1f0
[  609.580695][T12963]  should_fail_ex+0x512/0x640
[  609.580714][T12963]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  609.580736][T12963]  should_failslab+0xc2/0x120
[  609.580762][T12963]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  609.580781][T12963]  ? __alloc_skb+0x2b2/0x380
[  609.580816][T12963]  __alloc_skb+0x2b2/0x380
[  609.580843][T12963]  ? __pfx___alloc_skb+0x10/0x10
[  609.580873][T12963]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  609.580898][T12963]  netlink_alloc_large_skb+0x69/0x130
[  609.580919][T12963]  netlink_sendmsg+0x6a1/0xdd0
[  609.580943][T12963]  ? __pfx_netlink_sendmsg+0x10/0x10
[  609.580973][T12963]  ____sys_sendmsg+0xa98/0xc70
[  609.580995][T12963]  ? copy_msghdr_from_user+0x10a/0x160
[  609.581013][T12963]  ? __pfx_____sys_sendmsg+0x10/0x10
[  609.581048][T12963]  ___sys_sendmsg+0x134/0x1d0
[  609.581068][T12963]  ? __pfx____sys_sendmsg+0x10/0x10
[  609.581109][T12963]  ? __mutex_unlock_slowpath+0x100/0x800
[  609.581137][T12963]  __sys_sendmsg+0x16d/0x220
[  609.581156][T12963]  ? __pfx___sys_sendmsg+0x10/0x10
[  609.581191][T12963]  do_syscall_64+0xcd/0x4c0
[  609.581212][T12963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.581230][T12963] RIP: 0033:0x7f0a5818ebe9
[  609.581245][T12963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  609.581263][T12963] RSP: 002b:00007f0a59075038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  609.581280][T12963] RAX: ffffffffffffffda RBX: 00007f0a583b5fa0 RCX: 00007f0a5818ebe9
[  609.581292][T12963] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  609.581303][T12963] RBP: 00007f0a59075090 R08: 0000000000000000 R09: 0000000000000000
[  609.581313][T12963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  609.581323][T12963] R13: 00007f0a583b6038 R14: 00007f0a583b5fa0 R15: 00007ffdb9c56eb8
[  609.581348][T12963]  </TASK>
[  609.804913][    C1] vkms_vblank_simulate: vblank timer overrun
[  610.505635][   T30] audit: type=1400 audit(1755073517.561:547): avc:  denied  { read } for  pid=12972 comm="syz.3.1795" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  610.673582][   T30] audit: type=1400 audit(1755073517.581:548): avc:  denied  { open } for  pid=12972 comm="syz.3.1795" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  611.152183][T12973] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  611.152492][T12980] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  611.158411][T12973] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  611.244538][T12980] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  611.332889][T12973] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  611.333428][T12980] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  611.353848][T12973] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  611.364904][T12980] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  611.389641][T12980] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  611.398504][T12973] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  611.406076][T12980] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  611.412945][T12973] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  611.487914][T12973] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  611.514209][T12973] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  611.740323][ T5992] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  611.747882][   T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  611.762630][ T5932] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  611.910394][   T24] usb 1-1: Using ep0 maxpacket: 8
[  611.916568][ T5992] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  611.928220][ T5992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  611.939215][ T5992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  611.941336][ T5932] usb 5-1: Using ep0 maxpacket: 8
[  611.950048][ T5992] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  611.963224][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[  611.971770][ T5992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.973232][ T5932] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  611.981136][   T24] usb 1-1: config 4 interface 0 has no altsetting 0
[  611.988640][ T5932] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  612.006698][ T5932] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  612.016813][ T5932] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  612.027292][ T5932] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  612.041085][ T5932] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  612.044565][ T5992] usb 3-1: config 0 descriptor??
[  612.050292][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.080804][   T24] usb 1-1: string descriptor 0 read error: -22
[  612.086982][   T24] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  612.123460][   T24] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  612.162485][   T24] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  612.207899][   T24] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  612.225298][   T24] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  612.232950][   T24] usb 1-1: media controller created
[  612.250226][T10405] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.297037][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  612.382960][   T24] zl10353_read_register: readreg error (reg=127, ret==0)
[  612.413934][T10405] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.455824][   T24] usb 1-1: USB disconnect, device number 47
[  612.488135][ T5992] sony 0003:054C:024B.003A: unexpected long global item
[  612.502233][ T5992] sony 0003:054C:024B.003A: parse failed
[  612.509654][T10405] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.520052][ T5992] sony 0003:054C:024B.003A: probe with driver sony failed with error -22
[  612.593176][T10405] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.669565][ T5167] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  612.689067][ T5167] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  612.699279][ T5167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  612.709561][ T5167] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  612.718261][ T5167] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  612.739314][T12292] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  612.749854][T12292] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  612.759132][T12292] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  612.770123][T12292] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  612.773059][T10405] dummy0: left allmulticast mode
[  612.785162][T10405] bridge0: port 3(dummy0) entered disabled state
[  612.793775][T12292] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  612.804081][T10405] bridge_slave_1: left allmulticast mode
[  612.817593][   T30] audit: type=1400 audit(1755073519.861:549): avc:  denied  { mounton } for  pid=13006 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  612.843084][T10405] bridge_slave_1: left promiscuous mode
[  612.848841][T10405] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.858407][T10405] bridge_slave_0: left allmulticast mode
[  612.864250][T10405] bridge_slave_0: left promiscuous mode
[  612.870093][T10405] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.459650][T10405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  613.470545][T10405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  613.480012][T10405] bond0 (unregistering): Released all slaves
[  613.571988][T10405] IPVS: stopping master sync thread 7435 ...
[  613.750631][   T24] usb 3-1: USB disconnect, device number 41
[  614.773064][ T5992] usb 5-1: USB disconnect, device number 52
[  614.789374][T13050] FAULT_INJECTION: forcing a failure.
[  614.789374][T13050] name failslab, interval 1, probability 0, space 0, times 0
[  614.820610][ T5167] Bluetooth: hci3: command tx timeout
[  614.886619][T13050] CPU: 0 UID: 0 PID: 13050 Comm: syz.2.1812 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  614.886645][T13050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  614.886656][T13050] Call Trace:
[  614.886662][T13050]  <TASK>
[  614.886669][T13050]  dump_stack_lvl+0x16c/0x1f0
[  614.886693][T13050]  should_fail_ex+0x512/0x640
[  614.886713][T13050]  ? __kmalloc_noprof+0xbf/0x510
[  614.886733][T13050]  ? __crypto_alloc_tfmgfp+0xd1/0x400
[  614.886752][T13050]  should_failslab+0xc2/0x120
[  614.886772][T13050]  __kmalloc_noprof+0xd2/0x510
[  614.886797][T13050]  __crypto_alloc_tfmgfp+0xd1/0x400
[  614.886820][T13050]  crypto_alloc_base+0x58/0x180
[  614.886840][T13050]  drbg_init_sym_kernel+0xb8/0x720
[  614.886865][T13050]  ? __pfx_drbg_init_sym_kernel+0x10/0x10
[  614.886896][T13050]  ? __pfx___mutex_lock+0x10/0x10
[  614.886931][T13050]  ? __pfx_drbg_init_sym_kernel+0x10/0x10
[  614.886956][T13050]  drbg_kcapi_seed+0x6f7/0xee0
[  614.886984][T13050]  ? __pfx_drbg_kcapi_seed+0x10/0x10
[  614.887010][T13050]  ? copy_from_sockptr_offset.constprop.0+0xe4/0x1a0
[  614.887030][T13050]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  614.887055][T13050]  crypto_rng_reset+0x7b/0x130
[  614.887075][T13050]  ? __pfx_rng_setkey+0x10/0x10
[  614.887096][T13050]  alg_setsockopt+0x429/0xdd0
[  614.887117][T13050]  ? __pfx_alg_setsockopt+0x10/0x10
[  614.887137][T13050]  ? selinux_socket_setsockopt+0x6a/0x80
[  614.887161][T13050]  ? __pfx_alg_setsockopt+0x10/0x10
[  614.887180][T13050]  do_sock_setsockopt+0xf3/0x1d0
[  614.887206][T13050]  __sys_setsockopt+0x1a0/0x230
[  614.887239][T13050]  __x64_sys_setsockopt+0xbd/0x160
[  614.887254][T13050]  ? do_syscall_64+0x91/0x4c0
[  614.887273][T13050]  ? lockdep_hardirqs_on+0x7c/0x110
[  614.887290][T13050]  do_syscall_64+0xcd/0x4c0
[  614.887311][T13050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.887329][T13050] RIP: 0033:0x7feaf0d8ebe9
[  614.887343][T13050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.887359][T13050] RSP: 002b:00007feaf1c4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  614.887376][T13050] RAX: ffffffffffffffda RBX: 00007feaf0fb5fa0 RCX: 00007feaf0d8ebe9
[  614.887387][T13050] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[  614.887397][T13050] RBP: 00007feaf1c4e090 R08: 0000000000000000 R09: 0000000000000000
[  614.887407][T13050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.887417][T13050] R13: 00007feaf0fb6038 R14: 00007feaf0fb5fa0 R15: 00007ffe71c5a208
[  614.887441][T13050]  </TASK>
[  614.888188][T13050] DRBG: could not allocate cipher TFM handle: aes
[  615.522836][T10405] hsr_slave_0: left promiscuous mode
[  615.529900][T10405] hsr_slave_1: left promiscuous mode
[  615.539569][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  615.588740][T10405] batman_adv: batadv0: Removing interface: batadv_slave_0
[  615.651224][T10405] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  615.685096][T10405] batman_adv: batadv0: Removing interface: batadv_slave_1
[  615.752402][T10405] veth1_macvtap: left promiscuous mode
[  615.758219][T10405] veth0_macvtap: left promiscuous mode
[  615.766789][T10405] veth1_vlan: left promiscuous mode
[  615.779483][T10405] veth0_vlan: left promiscuous mode
[  615.985247][   T30] audit: type=1400 audit(1755073523.041:550): avc:  denied  { map } for  pid=13073 comm="syz.1.1817" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  616.009079][    C1] vkms_vblank_simulate: vblank timer overrun
[  616.100453][   T24] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  616.236144][T10405] team0 (unregistering): Port device team_slave_1 removed
[  616.250367][   T24] usb 5-1: Using ep0 maxpacket: 8
[  616.258052][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  616.269740][   T24] usb 5-1: config 4 interface 0 has no altsetting 0
[  616.278529][T10405] team0 (unregistering): Port device team_slave_0 removed
[  616.279744][   T24] usb 5-1: string descriptor 0 read error: -22
[  616.296922][   T24] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  616.306616][   T24] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  616.328400][   T24] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  616.346512][   T24] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  616.369504][   T24] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  616.376939][   T24] usb 5-1: media controller created
[  616.396858][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  616.538651][   T24] zl10353_read_register: readreg error (reg=127, ret==0)
[  616.589042][   T24] usb 5-1: USB disconnect, device number 53
[  616.703605][T13068] syzkaller1: entered promiscuous mode
[  616.709108][T13068] syzkaller1: entered allmulticast mode
[  616.735237][T13006] chnl_net:caif_netlink_parms(): no params data found
[  616.776291][T13081] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1819'.
[  616.900740][ T5167] Bluetooth: hci3: command tx timeout
[  617.643427][T13006] bridge0: port 1(bridge_slave_0) entered blocking state
[  617.655093][T13006] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.668370][T13006] bridge_slave_0: entered allmulticast mode
[  617.679362][T13006] bridge_slave_0: entered promiscuous mode
[  617.707654][T13006] bridge0: port 2(bridge_slave_1) entered blocking state
[  617.729616][T13006] bridge0: port 2(bridge_slave_1) entered disabled state
[  617.766031][T13006] bridge_slave_1: entered allmulticast mode
[  617.789175][T13006] bridge_slave_1: entered promiscuous mode
[  617.870476][ T5932] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  617.948112][T13006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  617.960704][T13006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  618.021619][T13006] team0: Port device team_slave_0 added
[  618.053605][ T5932] usb 3-1: Using ep0 maxpacket: 16
[  618.062044][ T5932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  618.075319][ T5932] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  618.091003][T13006] team0: Port device team_slave_1 added
[  618.095784][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.134020][ T5932] usb 3-1: config 0 descriptor??
[  618.222441][T13006] batman_adv: batadv0: Adding interface: batadv_slave_0
[  618.293825][T13006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  618.477248][T13006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  618.517485][T13006] batman_adv: batadv0: Adding interface: batadv_slave_1
[  618.532080][T13006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  618.557995][    C1] vkms_vblank_simulate: vblank timer overrun
[  618.562985][ T5932] mcp2221 0003:04D8:00DD.003B: unknown main item tag 0x0
[  618.589825][ T5932] mcp2221 0003:04D8:00DD.003B: unknown main item tag 0x0
[  618.617550][ T5932] mcp2221 0003:04D8:00DD.003B: unknown main item tag 0x0
[  618.657757][T13006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  618.673255][ T5932] mcp2221 0003:04D8:00DD.003B: unknown main item tag 0x0
[  618.690439][ T5932] mcp2221 0003:04D8:00DD.003B: unknown main item tag 0x0
[  618.735427][ T5932] mcp2221 0003:04D8:00DD.003B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  618.823396][T13120] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1825'.
[  618.970054][T13100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.972864][T13006] hsr_slave_0: entered promiscuous mode
[  618.978953][T13100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.000433][ T5167] Bluetooth: hci3: command tx timeout
[  619.019316][ T5932] usb 3-1: USB disconnect, device number 42
[  619.084103][T13006] hsr_slave_1: entered promiscuous mode
[  619.112662][T13006] debugfs: 'hsr0' already exists in 'hsr'
[  619.119006][T13006] Cannot create hsr debugfs directory
[  619.129965][T13117] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1825'.
[  619.562852][T13128] loop6: detected capacity change from 0 to 63
[  619.614804][ T5865] buffer_io_error: 26 callbacks suppressed
[  619.614818][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.639566][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.648784][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.663810][   T30] audit: type=1400 audit(1755073526.721:551): avc:  denied  { connect } for  pid=13131 comm="syz.2.1828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  619.708718][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.731797][T13132] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1828'.
[  619.749144][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.772321][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.781040][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.795976][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.805311][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.814123][T13128] Buffer I/O error on dev loop6, logical block 0, async page read
[  619.827137][T13006] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  620.038917][T13006] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  620.573876][T13006] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  620.713605][T13006] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  620.753180][T13136] tmpfs: Cannot change global quota limit on remount
[  621.064178][ T5167] Bluetooth: hci3: command tx timeout
[  621.279342][T13006] 8021q: adding VLAN 0 to HW filter on device bond0
[  621.301698][T13006] 8021q: adding VLAN 0 to HW filter on device team0
[  621.314981][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  621.322235][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  621.388271][ T6023] bridge0: port 2(bridge_slave_1) entered blocking state
[  621.395414][ T6023] bridge0: port 2(bridge_slave_1) entered forwarding state
[  621.868518][T13187] FAULT_INJECTION: forcing a failure.
[  621.868518][T13187] name failslab, interval 1, probability 0, space 0, times 0
[  621.881566][T13187] CPU: 0 UID: 0 PID: 13187 Comm: syz.2.1838 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  621.881591][T13187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  621.881607][T13187] Call Trace:
[  621.881614][T13187]  <TASK>
[  621.881622][T13187]  dump_stack_lvl+0x16c/0x1f0
[  621.881646][T13187]  should_fail_ex+0x512/0x640
[  621.881665][T13187]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  621.881697][T13187]  should_failslab+0xc2/0x120
[  621.881717][T13187]  __kmalloc_cache_noprof+0x6a/0x3e0
[  621.881744][T13187]  ? lowpan_enable_set+0x43/0x1f0
[  621.881771][T13187]  ? __pfx_lowpan_enable_set+0x10/0x10
[  621.881800][T13187]  lowpan_enable_set+0x43/0x1f0
[  621.881825][T13187]  ? __pfx_lowpan_enable_set+0x10/0x10
[  621.881850][T13187]  simple_attr_write_xsigned.constprop.0.isra.0+0x1fd/0x310
[  621.881877][T13187]  ? __pfx_simple_attr_write_xsigned.constprop.0.isra.0+0x10/0x10
[  621.881902][T13187]  ? lock_acquire+0x62/0x350
[  621.881935][T13187]  debugfs_attr_write+0x76/0xa0
[  621.881956][T13187]  ? __pfx_debugfs_attr_write+0x10/0x10
[  621.881974][T13187]  vfs_write+0x29d/0x11d0
[  621.881998][T13187]  ? __pfx___mutex_lock+0x10/0x10
[  621.882017][T13187]  ? __pfx_vfs_write+0x10/0x10
[  621.882044][T13187]  ? __fget_files+0x20e/0x3c0
[  621.882073][T13187]  ksys_write+0x12a/0x250
[  621.882090][T13187]  ? __pfx_ksys_write+0x10/0x10
[  621.882117][T13187]  do_syscall_64+0xcd/0x4c0
[  621.882139][T13187]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.882157][T13187] RIP: 0033:0x7feaf0d8ebe9
[  621.882172][T13187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.882189][T13187] RSP: 002b:00007feaf1c0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  621.882205][T13187] RAX: ffffffffffffffda RBX: 00007feaf0fb6180 RCX: 00007feaf0d8ebe9
[  621.882217][T13187] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000007
[  621.882228][T13187] RBP: 00007feaf1c0c090 R08: 0000000000000000 R09: 0000000000000000
[  621.882239][T13187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.882249][T13187] R13: 00007feaf0fb6218 R14: 00007feaf0fb6180 R15: 00007ffe71c5a208
[  621.882276][T13187]  </TASK>
[  622.260423][T12071] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  622.404835][T13006] 8021q: adding VLAN 0 to HW filter on device batadv0
[  622.423115][T12071] usb 2-1: Using ep0 maxpacket: 16
[  622.430226][T12071] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  622.450233][T12071] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  622.476182][T12071] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.530794][T12071] usb 2-1: config 0 descriptor??
[  622.688751][   T30] audit: type=1400 audit(1755073529.741:552): avc:  denied  { create } for  pid=13207 comm="syz.4.1840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  622.727677][   T30] audit: type=1400 audit(1755073529.741:553): avc:  denied  { ioctl } for  pid=13207 comm="syz.4.1840" path="socket:[41269]" dev="sockfs" ino=41269 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  622.964042][T12071] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  622.974185][T12071] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  623.007359][T13221] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  623.109593][T12071] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  623.139902][T12071] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  623.168716][T12071] mcp2221 0003:04D8:00DD.003C: unknown main item tag 0x0
[  623.203067][T12071] mcp2221 0003:04D8:00DD.003C: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  623.266237][T13006] veth0_vlan: entered promiscuous mode
[  623.288106][T13006] veth1_vlan: entered promiscuous mode
[  623.386752][T13181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  623.398313][T13181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.515918][ T5904] usb 2-1: USB disconnect, device number 41
[  623.519835][T13006] veth0_macvtap: entered promiscuous mode
[  623.631990][T13006] veth1_macvtap: entered promiscuous mode
[  623.657867][T13006] batman_adv: batadv0: Interface activated: batadv_slave_0
[  623.685085][T13006] batman_adv: batadv0: Interface activated: batadv_slave_1
[  623.808671][ T6023] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  623.817973][ T6023] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  623.827238][ T6023] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  623.877827][ T6023] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  623.949026][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  623.960751][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  623.967568][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  623.978281][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  624.016351][   T74] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.027129][   T74] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  624.085482][   T30] audit: type=1400 audit(1755073531.111:554): avc:  denied  { mounton } for  pid=13006 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  624.194901][T13236] FAULT_INJECTION: forcing a failure.
[  624.194901][T13236] name failslab, interval 1, probability 0, space 0, times 0
[  624.272793][T13236] CPU: 0 UID: 0 PID: 13236 Comm: syz.1.1844 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  624.272820][T13236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  624.272830][T13236] Call Trace:
[  624.272836][T13236]  <TASK>
[  624.272843][T13236]  dump_stack_lvl+0x16c/0x1f0
[  624.272867][T13236]  should_fail_ex+0x512/0x640
[  624.272886][T13236]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  624.272908][T13236]  should_failslab+0xc2/0x120
[  624.272930][T13236]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  624.272948][T13236]  ? __alloc_skb+0x2b2/0x380
[  624.272982][T13236]  __alloc_skb+0x2b2/0x380
[  624.273009][T13236]  ? __pfx___alloc_skb+0x10/0x10
[  624.273039][T13236]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  624.273064][T13236]  netlink_alloc_large_skb+0x69/0x130
[  624.273085][T13236]  netlink_sendmsg+0x6a1/0xdd0
[  624.273109][T13236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  624.273139][T13236]  ____sys_sendmsg+0xa98/0xc70
[  624.273163][T13236]  ? copy_msghdr_from_user+0x10a/0x160
[  624.273181][T13236]  ? __pfx_____sys_sendmsg+0x10/0x10
[  624.273216][T13236]  ___sys_sendmsg+0x134/0x1d0
[  624.273237][T13236]  ? __pfx____sys_sendmsg+0x10/0x10
[  624.273279][T13236]  ? __mutex_unlock_slowpath+0x100/0x800
[  624.273307][T13236]  __sys_sendmsg+0x16d/0x220
[  624.273324][T13236]  ? __pfx___sys_sendmsg+0x10/0x10
[  624.273359][T13236]  do_syscall_64+0xcd/0x4c0
[  624.273379][T13236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.273396][T13236] RIP: 0033:0x7f0a5818ebe9
[  624.273410][T13236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.273427][T13236] RSP: 002b:00007f0a59075038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  624.273443][T13236] RAX: ffffffffffffffda RBX: 00007f0a583b5fa0 RCX: 00007f0a5818ebe9
[  624.273458][T13236] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  624.273468][T13236] RBP: 00007f0a59075090 R08: 0000000000000000 R09: 0000000000000000
[  624.273478][T13236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.273488][T13236] R13: 00007f0a583b6038 R14: 00007f0a583b5fa0 R15: 00007ffdb9c56eb8
[  624.273514][T13236]  </TASK>
[  625.160358][T12071] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  625.292637][T13258] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1847'.
[  625.331859][T12071] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  625.345335][T12071] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  625.453015][T12071] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  625.462947][T12071] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.483478][T12071] usb 6-1: config 0 descriptor??
[  626.774717][   T30] audit: type=1400 audit(1755073533.831:555): avc:  denied  { append } for  pid=13275 comm="syz.4.1851" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  626.790507][T13280] random: crng reseeded on system resumption
[  627.625683][T13300] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1853'.
[  627.637608][T13298] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1853'.
[  627.660688][ T5911] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  627.890377][ T5911] usb 1-1: Using ep0 maxpacket: 16
[  627.897187][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.910303][ T5911] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  627.919411][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.951810][ T5911] usb 1-1: config 0 descriptor??
[  628.115259][ T5904] usb 6-1: USB disconnect, device number 2
[  628.211390][T13305] loop6: detected capacity change from 0 to 63
[  628.443233][ T5865] buffer_io_error: 4105 callbacks suppressed
[  628.443243][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  628.456364][ T5911] mcp2221 0003:04D8:00DD.003D: unknown main item tag 0x0
[  628.490406][ T5911] mcp2221 0003:04D8:00DD.003D: unknown main item tag 0x0
[  628.520133][ T5911] mcp2221 0003:04D8:00DD.003D: unknown main item tag 0x0
[  628.533673][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  628.560575][ T5911] mcp2221 0003:04D8:00DD.003D: unknown main item tag 0x0
[  628.570791][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  628.603886][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  628.613055][ T5911] mcp2221 0003:04D8:00DD.003D: unknown main item tag 0x0
[  628.629638][ T5865] Buffer I/O error on dev loop6, logical block 0, async page read
[  628.668059][ T5911] mcp2221 0003:04D8:00DD.003D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  628.700908][   T30] audit: type=1400 audit(1755073535.751:556): avc:  denied  { unmount } for  pid=5850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  628.936285][T13296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.946219][T13296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.984192][T13309] FAULT_INJECTION: forcing a failure.
[  628.984192][T13309] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  629.052404][T13309] CPU: 0 UID: 0 PID: 13309 Comm: syz.5.1857 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  629.052423][T13309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  629.052429][T13309] Call Trace:
[  629.052433][T13309]  <TASK>
[  629.052438][T13309]  dump_stack_lvl+0x16c/0x1f0
[  629.052453][T13309]  should_fail_ex+0x512/0x640
[  629.052468][T13309]  _copy_from_iter+0x29f/0x16f0
[  629.052487][T13309]  ? __pfx__copy_from_iter+0x10/0x10
[  629.052501][T13309]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  629.052520][T13309]  copy_page_from_iter+0xde/0x180
[  629.052535][T13309]  tun_build_skb.constprop.0+0x2e8/0x1500
[  629.052556][T13309]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  629.052575][T13309]  ? unwind_get_return_address+0x59/0xa0
[  629.052588][T13309]  ? arch_stack_walk+0xa6/0x100
[  629.052610][T13309]  ? _kstrtoull+0x145/0x200
[  629.052626][T13309]  ? __pfx__kstrtoull+0x10/0x10
[  629.052644][T13309]  tun_get_user+0x14ae/0x3ce0
[  629.052665][T13309]  ? __pfx_tun_get_user+0x10/0x10
[  629.052681][T13309]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  629.052699][T13309]  ? find_held_lock+0x2b/0x80
[  629.052712][T13309]  ? tun_get+0x191/0x370
[  629.052729][T13309]  tun_chr_write_iter+0xdc/0x210
[  629.052745][T13309]  vfs_write+0x7d3/0x11d0
[  629.052757][T13309]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  629.052773][T13309]  ? __pfx_vfs_write+0x10/0x10
[  629.052782][T13309]  ? find_held_lock+0x2b/0x80
[  629.052805][T13309]  ksys_write+0x12a/0x250
[  629.052815][T13309]  ? __pfx_ksys_write+0x10/0x10
[  629.052832][T13309]  do_syscall_64+0xcd/0x4c0
[  629.052844][T13309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.052855][T13309] RIP: 0033:0x7fb7e498d69f
[  629.052864][T13309] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  629.052875][T13309] RSP: 002b:00007fb7e57c3000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  629.052885][T13309] RAX: ffffffffffffffda RBX: 00007fb7e4bb5fa0 RCX: 00007fb7e498d69f
[  629.052892][T13309] RDX: 000000000000004e RSI: 0000200000000000 RDI: 00000000000000c8
[  629.052898][T13309] RBP: 00007fb7e57c3090 R08: 0000000000000000 R09: 0000000000000000
[  629.052904][T13309] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001
[  629.052910][T13309] R13: 00007fb7e4bb6038 R14: 00007fb7e4bb5fa0 R15: 00007ffc4e0dc718
[  629.052924][T13309]  </TASK>
[  629.409194][ T5992] usb 1-1: USB disconnect, device number 48
[  631.920529][   T30] audit: type=1400 audit(1755073538.781:557): avc:  denied  { map } for  pid=13346 comm="syz.1.1865" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  632.113809][   T30] audit: type=1400 audit(1755073539.171:558): avc:  denied  { setopt } for  pid=13357 comm="syz.0.1867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  633.004688][   T30] audit: type=1400 audit(1755073540.061:559): avc:  denied  { append } for  pid=13379 comm="syz.2.1870" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  633.090193][T13382] FAULT_INJECTION: forcing a failure.
[  633.090193][T13382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.128474][T13382] CPU: 0 UID: 0 PID: 13382 Comm: syz.2.1870 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  633.128499][T13382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  633.128509][T13382] Call Trace:
[  633.128516][T13382]  <TASK>
[  633.128523][T13382]  dump_stack_lvl+0x16c/0x1f0
[  633.128544][T13382]  should_fail_ex+0x512/0x640
[  633.128574][T13382]  _copy_from_user+0x2e/0xd0
[  633.128596][T13382]  core_sys_select+0x35b/0xc10
[  633.128620][T13382]  ? __pfx_core_sys_select+0x10/0x10
[  633.128665][T13382]  ? set_user_sigmask+0x21b/0x2b0
[  633.128686][T13382]  ? __pfx_set_user_sigmask+0x10/0x10
[  633.128712][T13382]  do_pselect.constprop.0+0x19f/0x1e0
[  633.128732][T13382]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  633.128760][T13382]  __x64_sys_pselect6+0x182/0x240
[  633.128780][T13382]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  633.128807][T13382]  do_syscall_64+0xcd/0x4c0
[  633.128826][T13382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.128844][T13382] RIP: 0033:0x7feaf0d8ebe9
[  633.128858][T13382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.128875][T13382] RSP: 002b:00007feaf1c28038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  633.128891][T13382] RAX: ffffffffffffffda RBX: 00007feaf0fb6090 RCX: 00007feaf0d8ebe9
[  633.128903][T13382] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  633.128914][T13382] RBP: 00007feaf1c28090 R08: 0000000000000000 R09: 0000000000000000
[  633.128924][T13382] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  633.128934][T13382] R13: 00007feaf0fb6128 R14: 00007feaf0fb6090 R15: 00007ffe71c5a208
[  633.128959][T13382]  </TASK>
[  634.157483][T13399] libceph: resolve '£]' (ret=-3): failed
[  634.941194][T13414] netlink: 'syz.5.1877': attribute type 1 has an invalid length.
[  634.972899][T13416] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  635.007473][   T30] audit: type=1400 audit(1755073542.011:560): avc:  denied  { ioctl } for  pid=13406 comm="syz.2.1876" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  635.011756][T13418] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  635.040251][    C1] vkms_vblank_simulate: vblank timer overrun
[  635.056284][T13420] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1877'.
[  635.182375][T13424] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1878'.
[  635.559004][ T5911] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  635.666105][ T5904] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  635.811651][ T5911] usb 5-1: Using ep0 maxpacket: 32
[  635.907956][ T5911] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  635.958961][ T5911] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  636.000525][ T5911] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  636.010375][ T5911] usb 5-1: config 1 has no interface number 0
[  636.018048][ T5904] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  636.030340][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  636.041434][ T5911] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  636.056784][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[  636.067814][ T5911] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  636.086807][ T5904] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  636.118486][ T5911] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  636.132557][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.151756][ T5904] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  636.163925][ T5904] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  636.190707][ T5904] usb 3-1: Manufacturer: syz
[  636.207728][ T5904] usb 3-1: config 0 descriptor??
[  636.226938][ T5911] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  636.520580][ T5904] rc_core: IR keymap rc-hauppauge not found
[  636.526731][ T5904] Registered IR keymap rc-empty
[  636.533938][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  636.560895][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  636.734621][ T5904] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  636.760761][ T5904] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input11
[  636.796235][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  636.962292][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  636.979872][T13444] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  637.014356][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.070720][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.120609][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.392725][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.420638][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.430095][T13449] loop6: detected capacity change from 0 to 63
[  637.440669][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.453754][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.472164][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.480356][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.517923][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.553504][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.561417][ T5904] mceusb 3-1:0.0: Error: mce write urb status = -71
[  637.581489][ T5904] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  637.672012][ T5904] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  637.680419][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.680975][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.711300][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.723116][ T5904] usb 3-1: USB disconnect, device number 43
[  637.729804][T13449] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.764106][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  637.933227][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  638.208287][ T5911] snd_usb_pod 5-1:1.1: set_interface failed
[  638.214631][ T5911] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  638.239126][ T5911] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71
[  638.250330][ T5992] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  638.275625][ T5911] usb 5-1: USB disconnect, device number 54
[  638.492529][ T5992] usb 2-1: not running at top speed; connect to a high speed hub
[  638.505061][ T5992] usb 2-1: config 1 interface 0 has no altsetting 0
[  639.298725][ T5992] usb 2-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.40
[  639.370315][   T30] audit: type=1400 audit(1755073546.371:561): avc:  denied  { nlmsg_write } for  pid=13452 comm="syz.2.1884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  639.390907][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.397728][ T5992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.509454][ T5992] usb 2-1: Product: syz
[  639.520060][ T5992] usb 2-1: Manufacturer: syz
[  639.524813][ T5992] usb 2-1: SerialNumber: syz
[  639.696041][T13469] netlink: 'syz.4.1886': attribute type 8 has an invalid length.
[  639.896309][ T5992] usbhid 2-1:1.0: can't add hid device: -71
[  639.910355][ T5992] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  639.973919][ T5992] usb 2-1: USB disconnect, device number 42
[  641.360358][T13511] netlink: 'syz.4.1892': attribute type 10 has an invalid length.
[  641.368237][T13511] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1892'.
[  641.428604][T13511] 9pnet_fd: Insufficient options for proto=fd
[  641.444451][T13511] lo speed is unknown, defaulting to 1000
[  641.451060][T13511] lo speed is unknown, defaulting to 1000
[  641.462093][T13511] lo speed is unknown, defaulting to 1000
[  641.521201][T13511] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[  641.611539][T13511] lo speed is unknown, defaulting to 1000
[  641.625784][T13511] lo speed is unknown, defaulting to 1000
[  641.640081][T13511] lo speed is unknown, defaulting to 1000
[  641.653010][T13511] lo speed is unknown, defaulting to 1000
[  641.659587][T13511] lo speed is unknown, defaulting to 1000
[  641.902628][T13517] FAULT_INJECTION: forcing a failure.
[  641.902628][T13517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  641.915907][T13517] CPU: 0 UID: 0 PID: 13517 Comm: syz.1.1894 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  641.915930][T13517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  641.915940][T13517] Call Trace:
[  641.915946][T13517]  <TASK>
[  641.915953][T13517]  dump_stack_lvl+0x16c/0x1f0
[  641.915977][T13517]  should_fail_ex+0x512/0x640
[  641.916000][T13517]  _copy_from_user+0x2e/0xd0
[  641.916022][T13517]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  641.916042][T13517]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  641.916069][T13517]  alg_setsockopt+0x3bb/0xdd0
[  641.916089][T13517]  ? __pfx_alg_setsockopt+0x10/0x10
[  641.916108][T13517]  ? selinux_socket_setsockopt+0x6a/0x80
[  641.916131][T13517]  ? __pfx_alg_setsockopt+0x10/0x10
[  641.916150][T13517]  do_sock_setsockopt+0xf3/0x1d0
[  641.916175][T13517]  __sys_setsockopt+0x1a0/0x230
[  641.916208][T13517]  __x64_sys_setsockopt+0xbd/0x160
[  641.916224][T13517]  ? do_syscall_64+0x91/0x4c0
[  641.916242][T13517]  ? lockdep_hardirqs_on+0x7c/0x110
[  641.916259][T13517]  do_syscall_64+0xcd/0x4c0
[  641.916279][T13517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  641.916296][T13517] RIP: 0033:0x7f0a5818ebe9
[  641.916311][T13517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  641.916329][T13517] RSP: 002b:00007f0a59054038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  641.916346][T13517] RAX: ffffffffffffffda RBX: 00007f0a583b6090 RCX: 00007f0a5818ebe9
[  641.916357][T13517] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000005
[  641.916368][T13517] RBP: 00007f0a59054090 R08: 0000000000000005 R09: 0000000000000000
[  641.916378][T13517] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  641.916389][T13517] R13: 00007f0a583b6128 R14: 00007f0a583b6090 R15: 00007ffdb9c56eb8
[  641.916415][T13517]  </TASK>
[  642.640465][   T24] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  642.997138][T13521] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1893'.
[  643.008386][T13525] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1893'.
[  643.022144][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  643.036194][   T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  643.047784][   T24] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  643.095647][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.139973][   T24] usb 1-1: config 0 descriptor??
[  644.000336][ T5911] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  644.007998][ T5904] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  644.196935][T13547] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  644.260392][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  644.266767][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  644.278799][ T5904] usb 2-1: config 0 interface 0 has no altsetting 0
[  644.286936][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  644.327092][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  644.338698][ T5904] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  644.350410][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.360591][T13512] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1891'.
[  644.369654][ T5911] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  644.379310][ T5904] usb 2-1: Product: syz
[  644.383788][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.394423][ T5904] usb 2-1: Manufacturer: syz
[  644.399202][ T5904] usb 2-1: SerialNumber: syz
[  644.408000][ T5911] usb 5-1: config 0 descriptor??
[  644.418006][ T5904] usb 2-1: config 0 descriptor??
[  644.848791][ T5911] sony 0003:054C:024B.003E: unexpected long global item
[  644.861537][ T5904] gs_usb 2-1:0.0: Configuring for 224 interfaces
[  644.913355][ T5904] gs_usb 2-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  644.940863][ T5911] sony 0003:054C:024B.003E: parse failed
[  644.950092][ T5911] sony 0003:054C:024B.003E: probe with driver sony failed with error -22
[  644.959071][ T5904] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[  644.976516][T13557] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1903'.
[  644.994800][T13550] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1903'.
[  645.098165][T13535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  645.107465][T13535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.455995][   T24] usb 1-1: USB disconnect, device number 49
[  645.614735][T13570] loop6: detected capacity change from 0 to 63
[  645.656558][ T5855] buffer_io_error: 1048 callbacks suppressed
[  645.656613][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.694515][T13570] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.704848][T13570] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.718252][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.727226][T13574] wireguard0: entered promiscuous mode
[  645.733105][T13574] wireguard0: entered allmulticast mode
[  645.771581][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.779853][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.786894][T13579] netlink: 'syz.0.1907': attribute type 1 has an invalid length.
[  645.807394][T13570] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.832002][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.846977][T13570] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.901834][T13570] Buffer I/O error on dev loop6, logical block 0, async page read
[  646.405778][ T5911] usb 5-1: USB disconnect, device number 55
[  646.489799][   T24] usb 2-1: USB disconnect, device number 43
[  647.915038][   T30] audit: type=1400 audit(1755073554.971:562): avc:  denied  { setopt } for  pid=13626 comm="syz.4.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  648.228213][   T30] audit: type=1400 audit(1755073555.281:563): avc:  denied  { append } for  pid=13626 comm="syz.4.1914" name="video9" dev="devtmpfs" ino=957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  648.442870][   T30] audit: type=1400 audit(1755073555.321:564): avc:  denied  { load_policy } for  pid=13626 comm="syz.4.1914" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  648.474278][T13645] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  648.598951][T13633] SELinux: failed to load policy
[  649.051362][T12071] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  649.210381][T12071] usb 2-1: Using ep0 maxpacket: 8
[  649.353698][T12071] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  649.368811][T12071] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  649.394871][T12071] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  649.415201][T12071] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  649.435583][T12071] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  649.523905][T12071] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  649.565584][T12071] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.017075][ T5911] usb 2-1: USB disconnect, device number 44
[  650.223497][T13684] netlink: 172 bytes leftover after parsing attributes in process `syz.5.1921'.
[  650.338460][   T30] audit: type=1400 audit(1755073557.201:565): avc:  denied  { remount } for  pid=13674 comm="syz.5.1921" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  650.610317][ T5904] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  650.836612][ T5904] usb 5-1: Using ep0 maxpacket: 16
[  650.871246][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.921701][T13704] syzkaller1: entered promiscuous mode
[  650.927253][T13704] syzkaller1: entered allmulticast mode
[  650.929719][ T5904] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  650.935822][T12071] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  650.976665][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.050378][ T5904] usb 5-1: config 0 descriptor??
[  651.120729][T12071] usb 3-1: Using ep0 maxpacket: 32
[  651.135585][T12071] usb 3-1: unable to get BOS descriptor or descriptor too short
[  651.146212][T12071] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  651.160065][T12071] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  651.176953][T12071] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.200838][T12071] usb 3-1: Product: syz
[  651.205099][T12071] usb 3-1: Manufacturer: syz
[  651.209775][T12071] usb 3-1: SerialNumber: syz
[  651.223581][ T5932] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  651.391463][ T5932] usb 6-1: Using ep0 maxpacket: 8
[  651.401524][ T5932] usb 6-1: unable to get BOS descriptor or descriptor too short
[  651.411609][ T5932] usb 6-1: config 4 interface 0 has no altsetting 0
[  651.422427][T12071] usb 3-1: Cannot retrieve CPort count: -71
[  651.431892][T12071] usb 3-1: Cannot retrieve CPort count: -71
[  651.432799][ T5932] usb 6-1: string descriptor 0 read error: -22
[  651.442174][T12071] es2_ap_driver 3-1:7.0: probe with driver es2_ap_driver failed with error -71
[  651.455547][T12071] usb 3-1: USB disconnect, device number 44
[  651.477574][ T5904] mcp2221 0003:04D8:00DD.003F: unknown main item tag 0x0
[  651.490415][ T5932] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  651.524632][ T5904] mcp2221 0003:04D8:00DD.003F: unknown main item tag 0x0
[  651.532533][ T5932] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  651.543189][ T5904] mcp2221 0003:04D8:00DD.003F: unknown main item tag 0x0
[  651.552580][ T5904] mcp2221 0003:04D8:00DD.003F: unknown main item tag 0x0
[  651.563064][ T5932] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  651.572762][ T5904] mcp2221 0003:04D8:00DD.003F: unknown main item tag 0x0
[  651.583242][ T5932] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  651.597840][ T5904] mcp2221 0003:04D8:00DD.003F: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  651.608820][ T5932] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  651.618722][ T5932] usb 6-1: media controller created
[  651.652534][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  651.775988][ T5932] zl10353_read_register: readreg error (reg=127, ret==0)
[  651.877530][T13680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.892223][ T5932] usb 6-1: USB disconnect, device number 3
[  651.901063][T13680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.917518][ T5904] usb 5-1: USB disconnect, device number 56
[  652.158492][   T30] audit: type=1400 audit(1755073559.211:566): avc:  denied  { read open } for  pid=13736 comm="syz.2.1931" path="/" dev="configfs" ino=126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  652.790481][T13753] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  653.190745][T13765] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  655.275136][T13795] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  655.400663][T12071] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  655.694929][T12071] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  655.730886][T12071] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  655.741761][T12071] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  655.751982][T12071] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.766808][T12071] usb 3-1: config 0 descriptor??
[  656.420490][ T5904] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  656.464299][T13813] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1947'.
[  656.473596][T12071] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  656.484691][T13812] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1947'.
[  656.580986][ T5904] usb 5-1: Using ep0 maxpacket: 16
[  656.589869][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.601217][ T5904] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  656.610458][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.625694][ T5904] usb 5-1: config 0 descriptor??
[  656.642096][T12071] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  656.655645][T12071] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.667436][T12071] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.685531][T12071] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  656.696688][T12071] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.790066][T12071] usb 2-1: config 0 descriptor??
[  657.047163][ T5904] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  657.058844][ T5904] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  657.083068][ T5904] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  657.101135][ T5904] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  657.147722][ T5904] mcp2221 0003:04D8:00DD.0040: unknown main item tag 0x0
[  657.171151][T13820] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  657.180214][ T5904] mcp2221 0003:04D8:00DD.0040: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  657.260800][T12071] sony 0003:054C:024B.0041: unexpected long global item
[  657.278745][T12071] sony 0003:054C:024B.0041: parse failed
[  657.295491][T12071] sony 0003:054C:024B.0041: probe with driver sony failed with error -22
[  657.466550][T13804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.486343][T13804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.504948][T12071] usb 5-1: USB disconnect, device number 57
[  657.744612][   T24] usb 3-1: USB disconnect, device number 45
[  658.310318][   T24] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  658.725803][   T24] usb 3-1: Using ep0 maxpacket: 16
[  658.733146][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.744485][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  658.753667][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.772797][   T24] usb 3-1: config 0 descriptor??
[  659.140464][ T5992] usb 1-1: new full-speed USB device number 50 using dummy_hcd
[  659.145073][ T5904] usb 2-1: USB disconnect, device number 45
[  659.215046][   T24] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  659.268422][   T24] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  659.295760][   T24] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  659.305489][   T24] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  659.315463][   T24] mcp2221 0003:04D8:00DD.0042: unknown main item tag 0x0
[  659.323499][   T24] mcp2221 0003:04D8:00DD.0042: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  659.352045][ T5992] usb 1-1: not running at top speed; connect to a high speed hub
[  659.361045][ T5992] usb 1-1: config 1 interface 0 has no altsetting 0
[  659.372293][ T5992] usb 1-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.40
[  659.394705][ T5992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.403241][ T5992] usb 1-1: Product: syz
[  659.408971][ T5992] usb 1-1: Manufacturer: syz
[  659.432165][ T5992] usb 1-1: SerialNumber: syz
[  659.673581][T13826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.682397][T13826] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  659.701795][ T5992] usbhid 1-1:1.0: can't add hid device: -71
[  659.729743][   T24] usb 3-1: USB disconnect, device number 46
[  659.736604][ T5992] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  659.766776][ T5992] usb 1-1: USB disconnect, device number 50
[  660.303304][T13853] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  661.090616][   T24] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  661.311077][T13876] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  661.328090][   T24] usb 1-1: Using ep0 maxpacket: 16
[  661.384956][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  661.410424][   T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  661.428318][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.481155][   T24] usb 1-1: config 0 descriptor??
[  661.904393][   T24] mcp2221 0003:04D8:00DD.0043: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  662.309751][T13865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.318933][T13865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.333677][   T24] usb 1-1: USB disconnect, device number 51
[  662.340303][ T5904] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  662.501943][ T5904] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  662.584184][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  662.595460][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  662.605898][ T5904] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  662.615449][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.625106][ T5904] usb 2-1: config 0 descriptor??
[  663.034607][ T5904] sony 0003:054C:024B.0044: unexpected long global item
[  663.046668][ T5904] sony 0003:054C:024B.0044: parse failed
[  663.061494][ T5904] sony 0003:054C:024B.0044: probe with driver sony failed with error -22
[  663.253666][T13902] loop6: detected capacity change from 0 to 63
[  663.268722][ T5855] buffer_io_error: 3242 callbacks suppressed
[  663.268731][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.358899][T13902] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.389290][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.404786][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.414416][T13902] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.427978][T13902] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.436412][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.453005][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.469990][T13902] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.482310][T13902] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.621418][ T5904] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  663.701322][   T24] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  663.770389][ T5904] usb 5-1: Using ep0 maxpacket: 16
[  663.779550][ T5904] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  663.791942][ T5904] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  663.801311][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.815147][ T5904] usb 5-1: Product: syz
[  663.822488][ T5904] usb 5-1: Manufacturer: syz
[  663.829216][ T5904] usb 5-1: SerialNumber: syz
[  663.844135][ T5904] usb 5-1: config 0 descriptor??
[  663.852365][   T24] usb 3-1: Using ep0 maxpacket: 16
[  663.856823][ T5904] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  663.866884][ T5904] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  663.877605][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  663.895018][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  663.905778][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.006682][   T24] usb 3-1: Product: syz
[  664.024856][   T24] usb 3-1: Manufacturer: syz
[  664.029992][   T24] usb 3-1: SerialNumber: syz
[  664.058256][   T24] usb 3-1: config 0 descriptor??
[  664.066926][   T24] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  664.077863][   T24] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  664.460893][ T5904] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  664.625449][T13914] lo speed is unknown, defaulting to 1000
[  664.693451][   T24] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  665.048612][ T5904] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  665.057196][ T5911] usb 2-1: USB disconnect, device number 46
[  665.073240][ T5904] em28xx 5-1:0.0: board has no eeprom
[  665.205598][   T24] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  665.233339][   T24] em28xx 3-1:0.0: board has no eeprom
[  665.298632][T13925] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  665.871185][T13933] loop6: detected capacity change from 0 to 63
[  665.994995][T13935] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1982'.
[  666.492006][T13934] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1982'.
[  666.506017][T13904] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  666.541793][T13906] em28xx 5-1:0.0: reading from i2c device at 0x0 failed (error=-5)
[  666.570590][   T24] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  666.579976][   T24] em28xx 3-1:0.0: dvb set to bulk mode.
[  666.610530][ T5904] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  666.645112][ T5904] em28xx 5-1:0.0: dvb set to bulk mode.
[  666.656276][T12071] em28xx 3-1:0.0: Binding DVB extension
[  666.701772][   T24] usb 3-1: USB disconnect, device number 47
[  666.708678][   T24] em28xx 3-1:0.0: Disconnecting em28xx
[  666.769035][ T5904] usb 5-1: USB disconnect, device number 58
[  666.805058][ T5904] em28xx 5-1:0.0: Disconnecting em28xx
[  667.051872][T12071] em28xx 3-1:0.0: Registering input extension
[  667.114000][ T5932] em28xx 5-1:0.0: Binding DVB extension
[  667.231042][T13944] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi)
[  667.337131][ T5932] em28xx 5-1:0.0: Registering input extension
[  667.374912][   T24] em28xx 3-1:0.0: Closing input extension
[  667.497066][ T5904] em28xx 5-1:0.0: Closing input extension
[  667.552028][   T24] em28xx 3-1:0.0: Freeing device
[  667.693899][ T5904] em28xx 5-1:0.0: Freeing device
[  667.989279][T13954] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1986'.
[  668.020037][T13951] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1986'.
[  668.300291][   T24] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  668.604509][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  668.630245][   T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  668.647137][   T24] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  668.666065][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.713032][   T24] usb 5-1: config 0 descriptor??
[  669.320037][T13974] lo speed is unknown, defaulting to 1000
[  669.380438][   T24] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  669.581950][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  669.601099][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.634926][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.646437][   T24] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  669.657495][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.669709][   T24] usb 2-1: config 0 descriptor??
[  669.678812][T13958] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1984'.
[  669.860416][T13982] lo speed is unknown, defaulting to 1000
[  670.109716][   T24] sony 0003:054C:024B.0045: unexpected long global item
[  670.126123][   T24] sony 0003:054C:024B.0045: parse failed
[  670.133070][   T24] sony 0003:054C:024B.0045: probe with driver sony failed with error -22
[  671.138718][ T5932] usb 5-1: USB disconnect, device number 59
[  671.310335][ T5904] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  671.480290][ T5904] usb 1-1: Using ep0 maxpacket: 16
[  671.539751][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  671.550135][T14001] netlink: 'syz.5.1997': attribute type 1 has an invalid length.
[  671.617345][ T5904] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  671.664599][T14003] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1997'.
[  671.688022][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.725286][ T5904] usb 1-1: Product: syz
[  671.748045][T14003] 8021q: adding VLAN 0 to HW filter on device batadv1
[  671.760192][ T5904] usb 1-1: Manufacturer: syz
[  671.766457][ T5904] usb 1-1: SerialNumber: syz
[  671.795244][T14003] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[  671.806299][ T5904] usb 1-1: config 0 descriptor??
[  671.826770][ T5904] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  671.856175][ T5904] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  672.024455][   T24] usb 2-1: USB disconnect, device number 47
[  672.194667][T14007] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  672.216398][T14009] loop6: detected capacity change from 0 to 63
[  672.249572][T14009] buffer_io_error: 6127 callbacks suppressed
[  672.249590][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.266013][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.274755][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.283458][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.291724][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.311047][T14009] Buffer I/O error on dev loop6, logical block 0, async page read
[  672.390533][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.381162][ T5904] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  673.400913][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.411085][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.419336][ T5855] Buffer I/O error on dev loop6, logical block 0, async page read
[  675.390307][ T5904] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  675.398393][ T5904] em28xx 1-1:0.0: board has no eeprom
[  694.400649][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  694.406943][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  695.377902][ T5904] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  695.426795][ T5904] em28xx 1-1:0.0: dvb set to bulk mode.
[  696.383232][T11036] em28xx 1-1:0.0: Binding DVB extension
[  704.384603][ T5904] usb 1-1: USB disconnect, device number 52
[  704.391426][ T5904] em28xx 1-1:0.0: Disconnecting em28xx
[  800.460130][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  800.467077][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P12071/1:b..l P3536/1:b..l
[  800.476508][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=62829, q=819 ncpus=2)
[  800.484203][    C0] task:kworker/u8:6    state:R  running task     stack:23512 pid:3536  tgid:3536  ppid:2      task_flags:0x4208060 flags:0x00004000
[  800.498117][    C0] Workqueue: iou_exit io_ring_exit_work
[  800.503649][    C0] Call Trace:
[  800.506901][    C0]  <TASK>
[  800.509810][    C0]  __schedule+0x1190/0x5de0
[  800.514303][    C0]  ? __pfx___schedule+0x10/0x10
[  800.519133][    C0]  ? mark_held_locks+0x49/0x80
[  800.523873][    C0]  preempt_schedule_irq+0x51/0x90
[  800.528867][    C0]  irqentry_exit+0x36/0x90
[  800.533252][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  800.539201][    C0] RIP: 0010:lock_acquire+0x62/0x350
[  800.544373][    C0] Code: 77 3e 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 62 6d 13 0f 0f 82 74 02 00 00 8b 35 2a 9f 13 0f 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 b9 76 3e 12 0f 85 c7 02 00 00 48 83 c4
[  800.563951][    C0] RSP: 0018:ffffc9000ca274b0 EFLAGS: 00000206
[  800.569987][    C0] RAX: 0000000000000046 RBX: ffffffff8e5c11e0 RCX: 0000000028edb41d
[  800.577926][    C0] RDX: 0000000000000000 RSI: ffffffff8de29d10 RDI: ffffffff8c162580
[  800.585876][    C0] RBP: 0000000000000002 R08: 35e0f3cc307269f2 R09: 0000000000000000
[  800.593816][    C0] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000
[  800.601759][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  800.609709][    C0]  ? unwind_next_frame+0x3f4/0x20a0
[  800.614882][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  800.621023][    C0]  unwind_next_frame+0xd1/0x20a0
[  800.625931][    C0]  ? unwind_next_frame+0xbd/0x20a0
[  800.631012][    C0]  ? kthread+0x3c5/0x780
[  800.635224][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  800.641350][    C0]  arch_stack_walk+0x94/0x100
[  800.646002][    C0]  ? kthread+0x3c5/0x780
[  800.650218][    C0]  stack_trace_save+0x8e/0xc0
[  800.654871][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  800.660219][    C0]  ? __lock_acquire+0xb97/0x1ce0
[  800.665133][    C0]  kasan_save_stack+0x33/0x60
[  800.669780][    C0]  ? kasan_save_stack+0x33/0x60
[  800.674598][    C0]  ? kasan_save_track+0x14/0x30
[  800.679415][    C0]  ? kasan_save_free_info+0x3b/0x60
[  800.684586][    C0]  ? __kasan_slab_free+0x60/0x70
[  800.689490][    C0]  ? kfree+0x2b4/0x4d0
[  800.693531][    C0]  ? io_remove_buffers_legacy+0x1f0/0x360
[  800.699221][    C0]  ? io_destroy_buffers+0x206/0x230
[  800.704385][    C0]  ? io_ring_exit_work+0x7e0/0x10a0
[  800.709556][    C0]  ? process_one_work+0x9cc/0x1b70
[  800.714639][    C0]  ? worker_thread+0x6c8/0xf10
[  800.719371][    C0]  ? kthread+0x3c5/0x780
[  800.723610][    C0]  kasan_save_track+0x14/0x30
[  800.728255][    C0]  kasan_save_free_info+0x3b/0x60
[  800.733253][    C0]  __kasan_slab_free+0x60/0x70
[  800.737988][    C0]  kfree+0x2b4/0x4d0
[  800.741856][    C0]  ? __pfx___might_resched+0x10/0x10
[  800.747112][    C0]  ? io_remove_buffers_legacy+0x1f0/0x360
[  800.752802][    C0]  io_remove_buffers_legacy+0x1f0/0x360
[  800.758326][    C0]  io_destroy_buffers+0x206/0x230
[  800.763324][    C0]  ? __pfx_io_destroy_buffers+0x10/0x10
[  800.768844][    C0]  ? io_alloc_cache_free+0x1eb/0x2e0
[  800.774103][    C0]  io_ring_exit_work+0x7e0/0x10a0
[  800.779107][    C0]  ? __pfx_io_ring_exit_work+0x10/0x10
[  800.784540][    C0]  ? try_to_wake_up+0x160/0x1870
[  800.789461][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  800.795078][    C0]  ? __pfx_io_tctx_exit_cb+0x10/0x10
[  800.800361][    C0]  ? rcu_is_watching+0x12/0xc0
[  800.805110][    C0]  process_one_work+0x9cc/0x1b70
[  800.810026][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  800.815373][    C0]  ? __pfx_process_one_work+0x10/0x10
[  800.820739][    C0]  ? assign_work+0x1a0/0x250
[  800.825302][    C0]  worker_thread+0x6c8/0xf10
[  800.829869][    C0]  ? __pfx_worker_thread+0x10/0x10
[  800.834955][    C0]  kthread+0x3c5/0x780
[  800.838994][    C0]  ? __pfx_kthread+0x10/0x10
[  800.843555][    C0]  ? rcu_is_watching+0x12/0xc0
[  800.848291][    C0]  ? __pfx_kthread+0x10/0x10
[  800.852854][    C0]  ret_from_fork+0x5d7/0x6f0
[  800.857417][    C0]  ? __pfx_kthread+0x10/0x10
[  800.861982][    C0]  ret_from_fork_asm+0x1a/0x30
[  800.866734][    C0]  </TASK>
[  800.869730][    C0] task:kworker/1:4     state:R  running task     stack:22968 pid:12071 tgid:12071 ppid:2      task_flags:0x4208060 flags:0x00004000
[  800.883258][    C0] Workqueue: events_power_efficient gc_worker
[  800.889307][    C0] Call Trace:
[  800.892562][    C0]  <TASK>
[  800.895485][    C0]  __schedule+0x1190/0x5de0
[  800.899966][    C0]  ? __mutex_unlock_slowpath+0x163/0x800
[  800.905578][    C0]  ? __pfx___schedule+0x10/0x10
[  800.910427][    C0]  ? mark_held_locks+0x49/0x80
[  800.915171][    C0]  preempt_schedule_irq+0x51/0x90
[  800.920167][    C0]  irqentry_exit+0x36/0x90
[  800.924554][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  800.930507][    C0] RIP: 0010:gc_worker+0x2d5/0x16e0
[  800.935592][    C0] Code: 00 00 48 c7 c7 a8 e4 ab 90 e8 87 df dd f7 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 d5 ab 01 f8 58 48 85 db 0f 85 d4 0f 00 00 <e8> 56 b0 01 f8 8b 1d d0 01 f2 06 41 89 dc 31 ff 41 83 e4 01 44 89
[  800.955169][    C0] RSP: 0000:ffffc90003a17b58 EFLAGS: 00000293
[  800.961207][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff89b9ee09
[  800.969151][    C0] RDX: ffff888047504880 RSI: ffffffff89b9ee18 RDI: 0000000000000007
[  800.977097][    C0] RBP: ffffffff9b2c416c R08: 0000000000000007 R09: 0000000000000000
[  800.985040][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888031400000
[  800.992982][    C0] R13: 0000000000040000 R14: dffffc0000000000 R15: 0000000000001770
[  801.000930][    C0]  ? gc_worker+0xe19/0x16e0
[  801.005408][    C0]  ? gc_worker+0xe28/0x16e0
[  801.009886][    C0]  ? gc_worker+0xe28/0x16e0
[  801.014372][    C0]  ? debug_object_deactivate+0x1ec/0x3a0
[  801.019987][    C0]  ? __pfx_gc_worker+0x10/0x10
[  801.024727][    C0]  ? rcu_is_watching+0x12/0xc0
[  801.029465][    C0]  process_one_work+0x9cc/0x1b70
[  801.034379][    C0]  ? __pfx_reg_check_chans_work+0x10/0x10
[  801.040068][    C0]  ? __pfx_process_one_work+0x10/0x10
[  801.045416][    C0]  ? assign_work+0x1a0/0x250
[  801.049980][    C0]  worker_thread+0x6c8/0xf10
[  801.054544][    C0]  ? __kthread_parkme+0x19e/0x250
[  801.059595][    C0]  ? __pfx_worker_thread+0x10/0x10
[  801.064701][    C0]  kthread+0x3c5/0x780
[  801.068745][    C0]  ? __pfx_kthread+0x10/0x10
[  801.073306][    C0]  ? rcu_is_watching+0x12/0xc0
[  801.078041][    C0]  ? __pfx_kthread+0x10/0x10
[  801.082603][    C0]  ret_from_fork+0x5d7/0x6f0
[  801.087165][    C0]  ? __pfx_kthread+0x10/0x10
[  801.091742][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.096489][    C0]  </TASK>
[  801.099483][    C0] rcu: rcu_preempt kthread starved for 9265 jiffies! g62829 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  801.110557][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  801.120496][    C0] rcu: RCU grace-period kthread stack dump:
[  801.126368][    C0] task:rcu_preempt     state:R  running task     stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  801.139813][    C0] Call Trace:
[  801.143071][    C0]  <TASK>
[  801.145978][    C0]  __schedule+0x1190/0x5de0
[  801.150469][    C0]  ? __pfx___schedule+0x10/0x10
[  801.155298][    C0]  ? find_held_lock+0x2b/0x80
[  801.159947][    C0]  ? schedule+0x2d7/0x3a0
[  801.164254][    C0]  schedule+0xe7/0x3a0
[  801.168300][    C0]  schedule_timeout+0x123/0x290
[  801.173138][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  801.178485][    C0]  ? __pfx_process_timeout+0x10/0x10
[  801.183747][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  801.189530][    C0]  ? prepare_to_swait_event+0xf5/0x480
[  801.194966][    C0]  rcu_gp_fqs_loop+0x1ea/0xb00
[  801.199700][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  801.204954][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  801.210124][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  801.215044][    C0]  ? rcu_gp_cleanup+0x7c1/0xd90
[  801.219868][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  801.225649][    C0]  rcu_gp_kthread+0x270/0x380
[  801.230295][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  801.235462][    C0]  ? rcu_is_watching+0x12/0xc0
[  801.240197][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  801.245367][    C0]  ? __kthread_parkme+0x19e/0x250
[  801.250365][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  801.255533][    C0]  kthread+0x3c5/0x780
[  801.259574][    C0]  ? __pfx_kthread+0x10/0x10
[  801.264143][    C0]  ? rcu_is_watching+0x12/0xc0
[  801.268893][    C0]  ? __pfx_kthread+0x10/0x10
[  801.273495][    C0]  ret_from_fork+0x5d7/0x6f0
[  801.278057][    C0]  ? __pfx_kthread+0x10/0x10
[  801.282617][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.287359][    C0]  </TASK>
[  801.290350][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  801.296637][    C0] Sending NMI from CPU 0 to CPUs 1:
[  801.301817][    C1] NMI backtrace for cpu 1
[  801.301827][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.17.0-rc1-syzkaller-00016-g8742b2d8935f #0 PREEMPT(full) 
[  801.301844][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  801.301852][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  801.301866][    C1] Code: ac 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 c2 16 00 fb f4 <e9> 4c 0d 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  801.301879][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[  801.301891][    C1] RAX: 0000000003754519 RBX: 0000000000000001 RCX: ffffffff8b934c29
[  801.301899][    C1] RDX: 0000000000000000 RSI: ffffffff8de4f205 RDI: ffffffff8c162580
[  801.301908][    C1] RBP: ffffed1003c5d488 R08: 0000000000000001 R09: ffffed10170a6655
[  801.301917][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[  801.301926][    C1] R13: ffff88801e2ea440 R14: ffffffff90ab3690 R15: 0000000000000000
[  801.301935][    C1] FS:  0000000000000000(0000) GS:ffff8881247bc000(0000) knlGS:0000000000000000
[  801.301949][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  801.301958][    C1] CR2: 00007f351a850700 CR3: 0000000078c8b000 CR4: 00000000003526f0
[  801.301967][    C1] Call Trace:
[  801.301972][    C1]  <TASK>
[  801.301976][    C1]  default_idle+0x13/0x20
[  801.301991][    C1]  default_idle_call+0x6d/0xb0
[  801.302006][    C1]  do_idle+0x391/0x510
[  801.302023][    C1]  ? __pfx_do_idle+0x10/0x10
[  801.302038][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[  801.302055][    C1]  cpu_startup_entry+0x4f/0x60
[  801.302071][    C1]  start_secondary+0x21d/0x2b0
[  801.302094][    C1]  ? __pfx_start_secondary+0x10/0x10
[  801.302115][    C1]  common_startup_64+0x13e/0x148
[  801.302135][    C1]  </TASK>