last executing test programs:

23m24.854350648s ago: executing program 1 (id=193):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0)
timer_create(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x5, &(0x7f0000000240)=0x83)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@gettaction={0x14, 0x5a, 0xc6b747b6bf1c6b95}, 0x14}}, 0x0)

23m23.473631301s ago: executing program 1 (id=198):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001600)=""/4098, 0x1002}, {&(0x7f0000002640)=""/4115, 0x1013}, {&(0x7f0000001240)=""/107, 0x6b}, {&(0x7f0000000780)=""/207, 0xcf}, {&(0x7f0000000140)=""/165, 0xa5}], 0x5}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0x1e, 0x0, &(0x7f0000000240)=0xa4)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0xe, 0x30}, 0xc)
close(0xffffffffffffffff)
read$FUSE(r5, &(0x7f0000000640)={0x2020}, 0x2020)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'dummy0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c0001fe0f000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r7], 0xb4}}, 0x0)

23m22.227921115s ago: executing program 1 (id=201):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x1d, r1}, 0x10, 0x0}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffeff, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$key(0xf, 0x3, 0x2)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@multicast1, 0x4e21, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x804, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in=@remote, 0x2, 0x33}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x3, 0x0, 0xb7, 0xffffffff, 0x1ff}}, 0xe8)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x20, &(0x7f00000003c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x2, 0x9, 0x6, 0xf98}, &(0x7f0000000400)=0x20)
recvfrom(r8, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'gre0\x00', 0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)

23m21.396580633s ago: executing program 1 (id=203):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = fanotify_init(0xf00, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
fanotify_mark(r0, 0x105, 0x4800002c, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x1bd4297c, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x14, 0x1e8, &(0x7f0000000680)})

23m21.268207582s ago: executing program 1 (id=205):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x624601)
ioctl$LOOP_CLR_FD(r0, 0x4c01)
r1 = msgget$private(0x0, 0x5bd)
msgsnd(r1, &(0x7f0000000500)=ANY=[@ANYRESDEC], 0x401, 0x0)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x10)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000006100)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0xa0, 0x8, 0x5, 0x8fe2, {{0x5, 0x4, 0x1, 0x0, 0x14, 0x68, 0x0, 0x10, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote}}}})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000005, 0x3032, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r4, 0x0, 0x3c, 0x72, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xd8, 0x62, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760", 0x0, 0x8000}, 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6400000006"], 0x8c}, 0x1, 0x0, 0x0, 0x24040800}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r5, 0x0, 0x480c4)
r6 = socket$inet6(0xa, 0x1, 0x0)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x484, &(0x7f0000000100)=""/217, &(0x7f0000000200)=0x18)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'gretap0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$netlink(0x10, 0x3, 0x0)

23m19.383420146s ago: executing program 1 (id=212):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRES32], 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008600)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x24008851}, 0x40040)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3801000010000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="20010000000000000000000000000000000000006c0000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000350000020001000000000000000000480003006465666c617465"], 0x138}}, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380100001000010000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r6], 0x138}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d000000000000000002000000000000"], 0x30}}, 0x0)

23m3.071874724s ago: executing program 32 (id=212):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRES32], 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008600)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x24008851}, 0x40040)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3801000010000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="20010000000000000000000000000000000000006c0000007f0000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000350000020001000000000000000000480003006465666c617465"], 0x138}}, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380100001000010000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=r6], 0x138}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d000000000000000002000000000000"], 0x30}}, 0x0)

21m12.75846279s ago: executing program 2 (id=553):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000bd000000000000000000000095000000000021c4250000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000000010104000000000002000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000008000480040003"], 0x40}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde4dbd98cfefe59b7b7fe0a4a8face354c7bbc8ac8b29d68be25f4796537"], 0x14}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000300)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0xffff, 0x0)

21m11.757176032s ago: executing program 2 (id=555):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$inet6(0xa, 0x3, 0x3b)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0xfffc, 0x600, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x9}, 0x1c)
io_uring_setup(0x75b0, &(0x7f0000000100)={0x0, 0xfdcf, 0x1, 0x1})
openat$sndseq(0xffffffffffffff9c, 0x0, 0x480)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x7, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000380)={0x2, 0x85b, 0x7, 0x3, 0x2, "928fa4a3930a5a876e64084d011ff91cdbb8e4"})
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
write$nci(0xffffffffffffffff, 0x0, 0x4)
syz_open_dev$video4linux(&(0x7f0000000300), 0xfc, 0x24ef03)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)

21m10.474189843s ago: executing program 2 (id=559):
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setresgid(0xee00, 0xee01, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='adfs\x00', 0x8000, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f00000000c0), 0x1)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r4, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x3, 0x12)

21m8.928525493s ago: executing program 2 (id=561):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff0000000071106d00000000009500080000000002"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x87)
connect$inet6(r0, &(0x7f0000000500)={0xa, 0xfffd, 0x0, @loopback, 0x5}, 0x1c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0x8, 0x7, 0x1, {0x5, @raw_data="cb35e044ef57cc26c89aa86264d990fb520bf30c79ca653940a0ef3f19f27fe4048c9cf6421ba2faea15ce29c1a009c75f27683ec9e553ad593af71a3155c050a336c4632bab6e5a3afce4cf3c7b317e27d03d4fb2ca35a2e045e3be7ce94b091fa50a744201a103081c2b835453cbba8d643060e56d287d7218f75ba5f1666d30386e2b2f76feab8d9ad2ce8111b0af05c1503279cf62d1b233cb9e7c4576341385e4a24afe15c3f30c9cdff3fbe6b401bdce055cb582f91934030aa0338fc705d7796d1dbbe3b8"}, 0x7})
write$binfmt_script(r1, &(0x7f0000000440), 0x1000a)
sendmsg$OSF_MSG_REMOVE(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="10070000010501040000000000000000030000065402010002000000000000000505020005000f0073797a31000000000000000000000000000000000000000000000000000000003f612d4373d5a8af5b95a0f8e968d78c1ad05ff84d917cdd5301de1220b0f7c5c52ed60fd41c0a261a78df329be500d502000000f83974f3995fcdb57a93bcff050008000000000001000000090006000000000002000000a1c0030003000000060000000200ff7f020000000100000009000c00020000008b0000000500040001000000320000001700000000000000000400000500040003000000080000000700040003000000000c00004b00040003000000fffbffff0600fbff0000000005000000ac00810000000000030000000600020000000000040000000400080002000000050000009200000000000000050000005b00018003000000010100000e000e0002000000030000000400ffff0100000007000000090005001d000000520000000900050002000000000000000e00faff0000000002000000570b050000000000070000000600125803000000060000000300810000000000800000000400030001000000050000000800d7000100000009000000070005000000000000000002010401040100000002000000b300030003000000018000000300050002000000fbffffff01000000030000000100000001004a0500000000e6000000f9ff0300b5553db005000000ff0f060003000000090000000600050003000000001000004a0108000000000080070000000107000000000000080000000002000200000061e3f003337d000201000000020000003e0006000100000005000000540201000300000000000080077f06000000080073797a310000000000000000000000000000000000000000000000000000000082716d6b9bb0597d277bebd747b93bedaf1cdd47e3f455879ed1fd9883dd080bf8f82c14bacaff15c84bcec259f52b0dfb570a5475cadab76c65101cdc9d4da306000700030000000300000005000400010000002d0000000600050001000000baf2ffff0100090002000000010000001700010400000000ffffff7f010001000000000007000000050001010000000005000000f2ff050003000000800000004a0001000200000003000000a799f3000100000000000000090004000100000008000000010100c0010000000000000040000001030000000400000008000100010000007f00000009000c0000000000010000004000060002000000434a7d19ff07000002000000daeb74d9080007000000000004000000080007000200000001000000675706000200000000020000020000800300000006000000c608070002000000090000000900070001000000ac0f0000d40006003691f10aff7f00000400080003000000d301000001000000020000001b000000c839008003000000db00000023006e000000000007000000ff0360000200000051000000e400c1000100000005000000720e070001000000080000000104833003008000009efbb3e6000000000100000008000500020000008100000003000700000000000100000002006f002f406e3fffff000008000200010000000a00000000000e00010000000200000000000200010000000400000054020100020000000600000007fb7cb80900280073797a30000000000000000000000000000000000000000000000000000000007adfcd8edb3d3e56fd58b4d69f53a05b8a862addf1a7ae8c4cb1d759be3656c106d3c1bffad501ff92b8d51223d853300f3b06d92f35ac61d5defb1541d25e6602000200020000000010000008000700020000000800000007000f0000000000030000000100ff0701000000080000000600008001000000010000800200030001000000040000000900030002000000c500000054ff0200010000000e000000070003000200000100000000000002000200000005000000f000050003000000020000000e00050000000000080000000080000003000000070000000d004062020000004000000000080100010000007f0000000809003801000000070000000200080001000000080600000600da0000000000000000007f00010000000000090000000800323b0300000008000000000002000300000000080000b005050000000000080000000800ff0f0200000000000000d58cda1672441944020000000000050003000000080000000700040003000000030000000100090003000000010000804000000001000000050000008c00010001000000040000000200050001000000090000000000d5040100000002000000ef0003000300000005000000080002000700000001000000f7ff2f0c0100000061010000a515070001000000090000003a000700030000007540000003000700030000000b00000000000700020000000800000001008000020000008eac00008100a7000000000005000000"], 0x710}, 0x1, 0x0, 0x0, 0x40004}, 0x10)
sendfile(r0, r0, &(0x7f0000000040)=0x5, 0x20001)

21m8.196553771s ago: executing program 2 (id=564):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000400)='cgroup.stat\x00', 0x275a, 0x0)
preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/59, 0x3b}], 0x1, 0x8a2, 0x8bd7)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x987c89, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setpgid(r2, 0x0)
setpgid(0x0, r2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
alarm(0x0)
socket$inet_udp(0x2, 0x2, 0x0)
keyctl$clear(0x3, 0xfffffffffffffffd)
r7 = request_key(0x0, 0x0, 0x0, 0x0)
request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='q\xa9', r7)

21m7.079282253s ago: executing program 2 (id=568):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x111, 0x4b4, 0x0, 0x700, 0x290, 0x278, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @empty, [], [0x0, 0x0, 0xffffff00], 'vlan0\x00', 'team_slave_0\x00', {0xff}, {0xff}, 0x88, 0x0, 0x0, 0x42}, 0x0, 0x128, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4e23, 0xfffe]}}, @common=@ah={{0x30}, {[0x4d5, 0x4d4], 0x101, 0x6, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0={0xfc, 0x0, '\x00', 0x1}, [], [], 'geneve1\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x7}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x5, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) (fail_nth: 6)

20m50.649038145s ago: executing program 33 (id=568):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x0, 0x111, 0x4b4, 0x0, 0x700, 0x290, 0x278, 0x278, 0x290, 0x278, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @empty, [], [0x0, 0x0, 0xffffff00], 'vlan0\x00', 'team_slave_0\x00', {0xff}, {0xff}, 0x88, 0x0, 0x0, 0x42}, 0x0, 0x128, 0x148, 0x0, {}, [@common=@inet=@multiport={{0x50}, {0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4e23, 0xfffe]}}, @common=@ah={{0x30}, {[0x4d5, 0x4d4], 0x101, 0x6, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0={0xfc, 0x0, '\x00', 0x1}, [], [], 'geneve1\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x7}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x5, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) (fail_nth: 6)

5m11.065164455s ago: executing program 0 (id=3325):
socket$kcm(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setresgid(0xee00, 0xee01, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='adfs\x00', 0x8000, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x3, 0x12)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

5m9.978404069s ago: executing program 0 (id=3326):
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x88)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$packet_buf(r0, 0x107, 0x12, &(0x7f0000001880)="0ebf678060cc2b68e48e348444f339c56d97502a3cacbcfee383b192fafdd5e50fb288a1e509a7dd24bf211507808f973c83c2c4ef36e05f77f9009eba52484f72b3525fbc33a2af31a57567bc503ce46e02b988b3568309a51bdd26a1bb773800385b0c2f1a252f245fb69138f86b28225bc1e13c4c03bb2f2fcc3b3f95c0c3f6263e81924bc816fc512e5d9146778b58964fda8cb5a1dcc9c8bfd1b29538a43c522bcef3416ce4b97200c97e075b9166", 0xb1)
socket$inet6(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001940)={'team0\x00'})
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fchown(r1, 0x0, 0x0)

5m8.928767537s ago: executing program 0 (id=3327):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000180)={[0x8000000080000001, 0x7ffffffffffffffc, 0x10, 0x3, 0x1, 0x4, 0x3, 0x800002, 0x401, 0x1000, 0x8, 0x3, 0x9, 0x1000, 0x400000003, 0xffff], 0x2000, 0x90085})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0x8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x5, &(0x7f0000000200)=0x3)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xb635773f04ebbeee, 0x8010, r4, 0x20caf000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$TCSBRKP(r1, 0x5425, 0x1008)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x40002040, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x16)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
io_setup(0x3, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r8, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x20862, 0x0)
syz_usb_connect$cdc_ecm(0x3, 0x5c, &(0x7f0000000400)=ANY=[], 0x0)

5m4.668543476s ago: executing program 0 (id=3338):
io_setup(0x281, &(0x7f0000000100)=<r0=>0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0)
io_setup(0xb, &(0x7f0000000000)=<r2=>0x0)
ppoll(&(0x7f0000000040)=[{r1, 0x24}], 0x1, 0x0, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\x00\x00\x00\x00\x00\x00\x00\t8f\xf2\xde\xa0xk>\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7)
io_submit(r0, 0x1, &(0x7f0000000a00)=[&(0x7f0000001900)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0}])
io_destroy(r2)
r4 = socket(0x23, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x10001}, @TCA_CAKE_ACK_FILTER={0x8}]}}]}, 0x44}}, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
read(r7, &(0x7f0000001d40)=""/4096, 0x1000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_clone(0xa0122580, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f00000001c0)={0x1d, r8}, 0x10)
io_uring_enter(0xffffffffffffffff, 0x6d2e, 0x5824, 0x32, &(0x7f0000000080)={[0xfff]}, 0x8)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r7, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4)
sendmsg$can_raw(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0x20000000)

4m59.279578665s ago: executing program 0 (id=3346):
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x33, 0x301, 0x270bd26, 0x25dfdbfc, {0x3, 0x0, 0x4000}}, 0x14}, 0x1, 0x8000000000000, 0x0, 0x80c0}, 0x8004)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
newfstatat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x800)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000fcffffef000000000000000085000000ae0000009500"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @local}, 0x10)
setrlimit(0x8, 0x0)
ioctl$sock_TIOCOUTQ(r4, 0x5411, 0x0)

4m57.81856741s ago: executing program 0 (id=3350):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SET_SECUREBITS(0x1c, 0xc)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000680000006800000002000000000000000100000d0a0000000001000000000000000000000900000d"], &(0x7f0000000f40)=""/4080, 0x82, 0xff0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="050000000000000071118f000000000085100000020000008500941eb4d62bb18b4b2a4821c7da00000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000096231306010003000000002a90a08358477609b3"], 0x0}, 0x0)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}})
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000200)=0x6)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0xdb06e7d7f0fc8a45, 0xf, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x2, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x12, 0x9, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0x1c, 0xa}}]}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x110, 0x6, 0xff, 0x1, 0x40, 0x5}, 0x6b, &(0x7f0000000340)={0x5, 0xf, 0x6b, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "40719a487963301bcb55ab30378dbde1"}, @ssp_cap={0x18, 0x10, 0xa, 0x2, 0x3, 0x0, 0xf, 0x101, [0x30, 0x3f00, 0xffff30]}, @ssp_cap={0x24, 0x10, 0xa, 0x27, 0x6, 0x7583, 0xf, 0x7, [0x30, 0xc0, 0xffc000, 0x0, 0xcf, 0xc0]}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x7, 0xc15}]}, 0x5, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x180c}}, {0x94, &(0x7f0000000500)=@string={0x94, 0x3, "2d61a1634723862a10341da3146b0e8c2850960438652431f3170e29fb659561f7acd38729d65c6ea63ff6949b843bc623436b96c46f1260a14f1cfb3660e5f56280a5dc899273da2a5551b1a8559acad9f3b17a608e52b235aeedd3f842711f8f30f5788537f5d4ba97c6086cb8dde634274cf47bae21d7776aec0078996c81c499fc0a35bcbc2cb146b8268238194dde4e"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x402}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x422}}, {0x4, &(0x7f0000000640)=@lang_id={0x4}}]})

4m41.294824724s ago: executing program 34 (id=3350):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SET_SECUREBITS(0x1c, 0xc)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000680000006800000002000000000000000100000d0a0000000001000000000000000000000900000d"], &(0x7f0000000f40)=""/4080, 0x82, 0xff0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="050000000000000071118f000000000085100000020000008500941eb4d62bb18b4b2a4821c7da00000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000096231306010003000000002a90a08358477609b3"], 0x0}, 0x0)
r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x80}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}})
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000200)=0x6)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0xdb06e7d7f0fc8a45, 0xf, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x7, 0x1, 0x2, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x12, 0x9, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0x1c, 0xa}}]}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x110, 0x6, 0xff, 0x1, 0x40, 0x5}, 0x6b, &(0x7f0000000340)={0x5, 0xf, 0x6b, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "40719a487963301bcb55ab30378dbde1"}, @ssp_cap={0x18, 0x10, 0xa, 0x2, 0x3, 0x0, 0xf, 0x101, [0x30, 0x3f00, 0xffff30]}, @ssp_cap={0x24, 0x10, 0xa, 0x27, 0x6, 0x7583, 0xf, 0x7, [0x30, 0xc0, 0xffc000, 0x0, 0xcf, 0xc0]}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0x7, 0xc15}]}, 0x5, [{0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x180c}}, {0x94, &(0x7f0000000500)=@string={0x94, 0x3, "2d61a1634723862a10341da3146b0e8c2850960438652431f3170e29fb659561f7acd38729d65c6ea63ff6949b843bc623436b96c46f1260a14f1cfb3660e5f56280a5dc899273da2a5551b1a8559acad9f3b17a608e52b235aeedd3f842711f8f30f5788537f5d4ba97c6086cb8dde634274cf47bae21d7776aec0078996c81c499fc0a35bcbc2cb146b8268238194dde4e"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x402}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x422}}, {0x4, &(0x7f0000000640)=@lang_id={0x4}}]})

9.856396972s ago: executing program 4 (id=4162):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000de5c0a16fe8600000000ff7f0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000002780), 0x80, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, r1, 0x4, 0x0, @void}, 0x10)
r3 = msgget$private(0x0, 0x0)
setreuid(0x0, 0xee00)
msgctl$MSG_STAT(r3, 0xb, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000001c087d083eb4e1ee341525230000001c00000003000000000000000200000604000000015bfd000400000002000000050000000061003d9eaded8544cb65f0f6a87c6167c45fca65e5bea1a16be8d404e82319e757"], 0x0, 0x37, 0x0, 0x8, 0x0, 0x0, @void, @value}, 0x28)

9.796138939s ago: executing program 4 (id=4163):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000840)={0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000014"], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

8.961028463s ago: executing program 5 (id=4165):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8, 0x8000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x80, 0x0, 0x0, 0xe, 0x0, @local, @multicast2}}}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
select(0x40, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffff2, 0x0, 0x0, 0x5}, 0x0, 0x0, &(0x7f0000000100)={0x7fffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xc8e}, {0x16}]}, 0x10)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000ec0)=[{{&(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendto$inet(r5, &(0x7f0000000c80)="e8", 0x6200, 0x0, 0x0, 0x0)
r6 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[5\xa9\x90\xffc\x1f\x1a\xa9\xfd\xfa\xad\xd1md\xe7\xe2\x7f\x9b\xd5R\x10\xf3\xb6\xffT\xbf\xd1\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\x9fc\xda\xa9\x83r\xd8\x98\x00\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9', 0x0)
write$binfmt_script(r6, &(0x7f00000001c0)={'#! ', './file0'}, 0xb)
pwrite64(r6, &(0x7f0000000040)="ab", 0x1, 0x2)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(r3, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

8.204222383s ago: executing program 7 (id=4168):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x3, [@enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x1, 0x4}, {0x2, 0x5}]}]}, {0x0, [0x61]}}, 0x0, 0x37, 0x0, 0x8, 0x0, 0x0, @void, @value}, 0x28) (fail_nth: 7)

7.880793958s ago: executing program 6 (id=4170):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @typedef={0x3}, @ptr={0x0, 0x0, 0x0, 0x2, 0x4}, @volatile={0x0, 0x0, 0x0, 0xa, 0x2}]}, {0x0, [0x0, 0x0, 0x61, 0x2e]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a4693989c36ffffffffffffd0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1530f8d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c11090000000000000000b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c8565117fcb8ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17911540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc240000000000127535a468702cac97b6b82a6e65d4cf1200"/2702], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r4 = syz_open_dev$vim2m(&(0x7f0000000600), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000080)={0xfffffffd, 0x54485746, 0x2, @discrete={0x6, 0xe}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r6, 0x701, 0xfffffffc, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x24044004}, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fb80f31416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000700, 0x9b, 0x0, &(0x7f0000000400)="d860292d328ea69abcb01433a33ec78507001d97dd722231bdec288c116f27901936d43dd12539ff621c7235ed74916fc4ea08d192ee46afc946ac4359e753177f7f77cd646e1f2c7a09c32d40d750443e0bc902a1b293ab975e080d5b6316e2d00a174c421c8cfa5d7ec548a814ebd90c9a4b8ee7d54b41c259e34ec3aae8ec4316d891dd0b602c0328fee2541ead3b67d68cf6f1d0f473a5d23b"}, 0x50)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

7.76817379s ago: executing program 7 (id=4172):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000300)=@newtaction={0x10c, 0x30, 0x53b, 0x0, 0x0, {}, [{0xf8, 0x1, [@m_simple={0xf4, 0x1, 0x0, 0x0, {{0xb}, {0xc8, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xc2, 0x3, 'ext4_writepages_resu\x00\x00\x00dQ\xc6yYR\xfd\\\xbf\x1c\xcesb\xe8\xed\xba@\xe6\xf7\xd8\"\xc6\xc0\x192\xd4:\xfd\x1d\x92\xe8BM\xe6\xb4\x8a\x19U\x18\x0f\x1f\xdf%\xd8}\xf5\xd9~\fd7\xc6\xf4\xd0;&!\x9c\xc89\xb2\x03\xfbE1\xed\xfe\xa1PN\xcdoQV\xd3[\\j\x0e\xfb\x88S`C\xa3\xb0\xa7`\x0evH\t+\xcb=\xe6d\xfe\x9c\xee\x88\x94#{\x8fTG\xa5Qz\x17\x05aW=\x94\xd4\xea\xfb+\xa0x\xda\x83d@\xdcq\xbd\x82\x9e<\xff&\xdd\xb3z\xb5\xd7\xcc\x8f\x1di\x18H\xe8\x13\xfaU\a)g5\xae\xd3!\xbc~\xfc\x11\xa8\xe2\xb2\xe6\xaeU\x85'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x10c}}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x200000}, 0x1f00)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x4c, 0x0, 0x0)
sendmsg$SMC_PNETID_DEL(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x54, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond_slave_0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_macvtap\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x801}, 0x20040001)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$afs(&(0x7f0000000100)=ANY=[@ANYBLOB='#syz1:.yz0'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)

7.624726869s ago: executing program 5 (id=4173):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="b4fcffffffffffffff115c0000000000e5070000000000000000740000bbf503ed3ec2c3cfeaac2b383a"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
mlock(&(0x7f0000ff8000/0x5000)=nil, 0x5000)
mkdir(0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000080)='dirsync\x00', &(0x7f00000000c0)='./file0\x00', r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r2, 0xfffffffc)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="04000100000005"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)

6.674092176s ago: executing program 7 (id=4174):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x2, 0x8}, {}, {}, @raw32={[0x0, 0x0, 0x2]}}], 0x1c)
writev(r1, &(0x7f0000000080), 0x55)
syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x20, 0x21, 0x71, {0x71, 0x23, "da79407837991c48272081db08fc7f190bbea78633a7047f3583c9696e625084dfe56993c3f54d102005a14eaf50a9c08a8bc1b4292c511a154e95f92869fbb0071ae81b916475086efd0e17af45a35e8d820fe19b4117a6df7df905fe916b20680e6066d4c07d867126cacfef3306"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x80a}}}, &(0x7f0000000380)={0x44, &(0x7f0000000140)={0x20, 0x7, 0x2c, "5bfbef7d4da0a2b03cfc0a2b2e94aa3e2115256d9967010fbc8b0c0e593effb63a216110b7ad48163c1fb050"}, &(0x7f00000001c0)={0x0, 0xa, 0x1}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000240)={0x20, 0x81, 0x3, "e5b658"}, &(0x7f0000000280)={0x20, 0x82, 0x2, "10ae"}, &(0x7f00000002c0)={0x20, 0x83, 0x2, 'pG'}, &(0x7f0000000300)={0x20, 0x84, 0x4, "2504d970"}, &(0x7f0000000340)={0x20, 0x85, 0x3, "7e1d93"}})

6.051003861s ago: executing program 4 (id=4176):
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000300)=@fd={0x6, 0x7, 0x4, 0x4000, 0x0, {}, {0x4, 0xc, 0x81, 0x2, 0x5, 0xc, "d109151d"}, 0x5, 0x4, {}, 0x812})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x800000010, &(0x7f0000001240)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r2, 0x4}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f00000003c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)

5.572540545s ago: executing program 4 (id=4177):
r0 = syz_open_dev$media(&(0x7f0000000140), 0xc, 0x80d00)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000000)=[{}, {}]})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010024bd7000fddbaa2503000000180001801400020073797a5f74756e000000000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x2000c000)
r1 = socket$inet6(0x10, 0x3, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0xdb, @rand_addr=' \x01\x00', 0x7}, 0x1c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
personality(0x5000007)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180), 0x8)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0xd351}, 0x10, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000bc0), 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0x4020940d, 0x0)
socket$inet6(0xa, 0x2, 0x3)

5.298558858s ago: executing program 3 (id=4181):
syz_emit_ethernet(0x46, &(0x7f0000000000)={@empty, @multicast, @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x3, 0x4, 0x38, 0x64, 0x0, 0x3, 0x6, 0x0, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x10}, {[@noop]}}, @payload_conn={{{0x20, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x2, 0x3, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x13, 0x0, 0x4e20, 0x4e22}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x1b2, 0xb60, 0xcb5, 0x5cd]})

5.212337096s ago: executing program 3 (id=4182):
socket$kcm(0x29, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='maps\x00')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_DEL(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000740)=ANY=[@ANYBLOB="31feffff", @ANYRES16=r2, @ANYBLOB="000400000000000000ffff0000880b8f903359001c4e39000e0001006e657464657673696d30000008010100"], 0x50}}, 0x80)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmmsg$inet6(r3, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000002c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001400)=' ', 0x1}], 0x1}}], 0x2, 0x20000802)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)
shutdown(r3, 0x2)
bind$inet6(r3, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
socket$can_raw(0x1d, 0x3, 0x1)
fcntl$getown(r5, 0x9)
socket$can_raw(0x1d, 0x3, 0x1)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r6, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r7, &(0x7f0000000080), 0x2, 0x0)
openat$cgroup_subtree(r7, &(0x7f00000001c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f4, &(0x7f0000000000))
preadv(0xffffffffffffffff, &(0x7f00000005c0), 0x0, 0x7, 0x198)
sendmsg$nl_route(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r8, @ANYRESOCT=r4, @ANYRES32=r9], 0x90}}, 0x0)
pread64(r0, &(0x7f0000002e00)=""/4098, 0x1002, 0x4)

5.1678411s ago: executing program 3 (id=4183):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x12c)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
setreuid(0xee01, 0xee01)
utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000880)={{0x0, 0xea60}}, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0xc, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x2e, 0x0, &(0x7f00000064c0))
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r3}, 0x18)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='afs_receive_data\x00', r5, 0x0, 0x7}, 0x18)
syz_open_dev$video(0x0, 0xc000, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b0009", 0x29}, {0x0}], 0x2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x1, 0x38}, 0xc)

5.076535727s ago: executing program 3 (id=4184):
r0 = fsmount(0xffffffffffffffff, 0x0, 0x82)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000680)=[{}], &(0x7f00000006c0)=0x8)
r1 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a00030100000009040000000101"], 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000090a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30"], 0x248}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1017}], 0x0, 0x0, 0x0})
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4400000002060108000000000000000000000000050005000a0000c4050001000700000005000400000000000900020073797a31000000000c000300686173683a6970"], 0x44}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff08000940000000390900020073797a310000000005000100070000005c0008801c0007801800018014000240fe"], 0x8c}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)
sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000040601020000000200000000000000000500010007"], 0x1c}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x108}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r11 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io(r11, 0x0, 0x0)
syz_usb_control_io(r11, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r11, 0x81, 0x39, &(0x7f00000019c0)="67c683c965b2cdd97db6987c666ed9ab39c43e5eff2744059504045804ff15beef7f431593d7949c6f1e0edbd6873365b6b3372eed28b9623e")

4.584120581s ago: executing program 6 (id=4185):
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x30e83000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @local}], 0x10)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f00000001c0)=ANY=[@ANYBLOB="911075000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)})
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)

4.582913384s ago: executing program 4 (id=4186):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000840)={0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="000014"], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

4.436569864s ago: executing program 6 (id=4187):
socket$inet(0x2, 0x3, 0x2)
syz_open_procfs$pagemap(0x0, &(0x7f0000000100))
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x133, &(0x7f0000000000)={@random="9a70b05e7d2c", @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0xfd, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bf"}}}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
socket$inet6(0xa, 0x2, 0x0)
pipe(&(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES16=r0], 0x0)

4.202012551s ago: executing program 5 (id=4188):
eventfd2(0x0, 0x0)
io_setup(0x81, &(0x7f0000000400))
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}], 0x1, 0x40800)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xe0}, 0x1, 0x0, 0x0, 0x20008800}, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)
sendmsg$nl_crypto(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x0)
kcmp(0xffffffffffffffff, r2, 0x5, r0, r0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0xc, 0x0, 0x0)
connect$inet6(r6, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

3.537218629s ago: executing program 3 (id=4189):
r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x1}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello')

3.339600256s ago: executing program 7 (id=4190):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4001c20)
request_key(0x0, &(0x7f0000001ffb)={'syz', 0x1}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000340)={0x2000, r5}, 0x0)
landlock_restrict_self(r4, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000140)=0xffff548b, 0x4)
ioprio_set$uid(0x3, 0x0, 0x0)
sendfile(r3, r3, 0x0, 0x200000)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
syz_emit_ethernet(0x2e, &(0x7f0000000100)={@local, @broadcast, @val={@void}, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr=0x64010100, @local}, {0x16, 0x0, 0x0, @multicast1}}}}}, 0x0)

1.898782812s ago: executing program 7 (id=4191):
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000480), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0xc1004110, &(0x7f0000000000)={0x0, [0x6, 0xffff1337, 0x3], [{0x0, 0x0, 0x0, 0x1}, {0x35, 0x39}, {0x0, 0x8}, {0x800000, 0x800001}, {}, {0x1ff}, {0x0, 0x1000}, {}, {}, {}, {}, {0x0, 0xe68b}], 0xc, 0x0, 0x0, 0x0, 0x0, 0x500})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f00003e5000/0x1000)=nil, 0x1000, 0xc)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendto$packet(r2, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x5, 0x6, @multicast}, 0x14)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000500)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x28, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.888396536s ago: executing program 5 (id=4192):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xcc, 0xc, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r1, 0x0, 0x0}, 0x10)

1.604228789s ago: executing program 5 (id=4193):
syz_usb_connect$uac1(0x0, 0x71, 0x0, &(0x7f0000000140)={0x0, 0x0, 0xa1, &(0x7f0000000000)=ANY=[@ANYBLOB="050fa1000214100c07b31bfd9988100a0e9e56e4a18e7a14a89c0b013095d2974862190429b6371ba9e7ec7fa480a9c71503fda257f976882351f77fd23a33966bb5e31ce3974890779d6f263642abc7f3"]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000a80)=[@text64={0x40, 0x0}], 0x1, 0x70, 0x0, 0x0)
r3 = dup(r2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'})
ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, 0xfffffffffffffffe)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="00450200020000001c0012800900010069706970000000000c00028008000300ac1e00011400030074757e6c3000"/56], 0x50}, 0x1, 0x0, 0x0, 0x4008000}, 0x40020)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="0f01c30fc7390f01cbb9080b00000f320fc72d1454d4980fc7682bc4c2999aaddd8bceb38fe8eca2a80100000037c4e14ddee2660f38810b", 0x38}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000054d564b"])
ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f0000000440)={0x0, 0x0, 0x2, 0x1000, &(0x7f0000fd8000/0x1000)=nil, 0xffffffffffff0000, r3})

1.142919243s ago: executing program 6 (id=4194):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f00000000c0)={0xe000000, 0x20323159, 0x500, 0x2d0, 0x4, @discrete={0x1, 0x7}})

1.099587145s ago: executing program 4 (id=4195):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @typedef={0x3}, @ptr={0x0, 0x0, 0x0, 0x2, 0x4}, @volatile={0x0, 0x0, 0x0, 0xa, 0x2}]}, {0x0, [0x0, 0x0, 0x61, 0x2e]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000049c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a4693989c36ffffffffffffd0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1530f8d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c11090000000000000000b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c8565117fcb8ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17911540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc240000000000127535a468702cac97b6b82a6e65d4cf1200"/2702], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r4 = syz_open_dev$vim2m(&(0x7f0000000600), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000080)={0xfffffffd, 0x54485746, 0x2, @discrete={0x6, 0xe}})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x14, r6, 0x701, 0xfffffffc, 0x0, {0xb}}, 0x14}, 0x1, 0x0, 0x0, 0x24044004}, 0x4000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e0ffff00124000632f77fb80f31416e000030a94029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000700, 0x9b, 0x0, &(0x7f0000000400)="d860292d328ea69abcb01433a33ec78507001d97dd722231bdec288c116f27901936d43dd12539ff621c7235ed74916fc4ea08d192ee46afc946ac4359e753177f7f77cd646e1f2c7a09c32d40d750443e0bc902a1b293ab975e080d5b6316e2d00a174c421c8cfa5d7ec548a814ebd90c9a4b8ee7d54b41c259e34ec3aae8ec4316d891dd0b602c0328fee2541ead3b67d68cf6f1d0f473a5d23b"}, 0x50)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

932.292282ms ago: executing program 6 (id=4196):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8)
r4 = openat$cgroup_pressure(r1, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r2}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r4, &(0x7f0000000340)={'some', 0x20, 0x4, 0x20, 0xffffa}, 0x2f)
close(r2)
close(r4)
r5 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4)
sendto$inet6(r5, &(0x7f0000000440)="bb8f1ad1bf2a", 0x6, 0x10, 0x0, 0x0)
sendto$inet6(r5, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)

930.176581ms ago: executing program 7 (id=4197):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x100800)
bind$vsock_stream(r0, &(0x7f0000000280)={0x28, 0x0, 0x2710}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
removexattr(0x0, &(0x7f0000000300)=@known='security.selinux\x00')
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0xfffffffffaa08a7d)
r6 = io_uring_setup(0x5e69, &(0x7f0000000100)={0x0, 0x1084, 0x40, 0x10000003, 0x2c3})
io_uring_register$IORING_UNREGISTER_FILES(r6, 0x3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="06000000040000000800000008000000000000b600", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000300)={0x41, 0x2, 0x0, "444900d730faa901000000000000000000f789981008d7b15b5700e46b8be100", 0x50424752})

748.744496ms ago: executing program 6 (id=4198):
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e71, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)

52.225064ms ago: executing program 3 (id=4199):
epoll_create1(0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, 0x0, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @bcast, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x42)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000001c0)={[0x5, 0x6, 0x0, 0x0, 0x10003, 0x0, 0x400200cc4, 0xffe, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCGNPMODE(r9, 0xc008744c, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r9, 0xc0286687, &(0x7f0000000280)={0x3, 0x7ff, 0x85, &(0x7f0000000380)=""/133})
r10 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r10, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

0s ago: executing program 5 (id=4200):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x53, 0xa, 0x3, "2e9b1c2300000000000000000000e70000a2000000000000000000001000", 0x38414762})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000040)={0x190, 0x80, 0x2dde1e3ad56d4950, 0x4b0, 0xffffff53, 0x1, 0x8, 0x1, {0xf, 0x3}, {0x9, 0x7}, {0xffffffff, 0x3}, {0x2, 0x1}, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8, 0x7fffffff, 0x4, 0x1, 0x2, 0x6, 0x8000, 0x0, 0x100, 0x0, 0xa})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000031"], 0x0, 0xa, 0x0, 0x0, 0x41100, 0xa, '\x00', 0x0, @cgroup_sock_addr=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='>\x00'/28], 0x50)
r5 = timerfd_create(0x0, 0x0)
timerfd_settime(r5, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
readv(r5, &(0x7f0000000080)=[{&(0x7f00000016c0)=""/149, 0x95}], 0x1)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x19, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000d01230ccdf7d47ac000018110000", @ANYRES8=0x0, @ANYBLOB="0000000000000000b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b509050000000000dbaaf0ff00000000bda804000000000007080000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000080000004600000076000006129cfdf428ca7800bf91000000000000b6080000000000008500000085000000b7000000000000009500000000000000174218ec797ad23284a0b497f3467f7fc2863a87b9b263ab034c9534865dcd01194a"], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x483, @void, @value}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r6, 0x58, &(0x7f00000000c0)}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="662700000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r7, 0xc034564b, &(0x7f00000000c0)={0x0, 0x20323159, 0x500, 0x2d0, 0x4, @discrete={0x1, 0x7}})
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x7, 0x65ae, {<r8=>0x0}, {0xffffffffffffffff}, 0xe, 0x629})
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r7, 0xc0945662, &(0x7f0000000100)={0x1, 0x0, '\x00', {0x0, @reserved}})
prlimit64(r8, 0xc, 0x0, &(0x7f0000000080))
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x3d, &(0x7f00000003c0)=""/219, &(0x7f00000002c0)=0xdb)

kernel console output (not intermixed with test programs):

different from the descriptor's value: 3
[ 1415.216402][ T5907] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1415.458581][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1415.849220][ T5945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1416.167330][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1416.175550][ T5907] usb 5-1: Product: syz
[ 1416.179822][ T5907] usb 5-1: Manufacturer: syz
[ 1416.184514][ T5907] usb 5-1: SerialNumber: syz
[ 1416.638224][ T5945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1416.700605][ T5907] usb 5-1: 0:2 : does not exist
[ 1416.851224][T20091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3803'.
[ 1417.450701][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1417.490862][ T5907] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1417.531415][ T5945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1417.677829][ T5907] usb 5-1: USB disconnect, device number 87
[ 1417.772311][ T5945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1417.927187][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1418.136970][T20106] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3808'.
[ 1418.143248][T20107] netlink: 'syz.3.3807': attribute type 8 has an invalid length.
[ 1418.953108][T20101] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3805'.
[ 1419.079268][T20115] No control pipe specified
[ 1419.263144][ T5907] usb 4-1: new full-speed USB device number 85 using dummy_hcd
[ 1419.359305][ T5841] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[ 1419.655241][ T5841] usb 7-1: device descriptor read/64, error -71
[ 1419.725273][ T5907] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[ 1419.725682][ T5907] usb 4-1: config 8 has no interface number 0
[ 1419.727337][ T5907] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[ 1419.727604][ T5907] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1419.727991][ T5907] usb 4-1: config 8 interface 177 has no altsetting 0
[ 1419.760257][ T5907] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1419.760288][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1419.760307][ T5907] usb 4-1: Manufacturer: syz
[ 1419.767130][T20110] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1419.906196][ T5841] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[ 1419.906684][T11419] net_ratelimit: 4 callbacks suppressed
[ 1419.906701][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1419.927476][T20120] delete_channel: no stack
[ 1419.991503][ T5945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1420.050401][ T5841] usb 7-1: device descriptor read/64, error -71
[ 1420.161316][ T5841] usb usb7-port1: attempt power cycle
[ 1420.526368][ T5841] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 1420.546585][ T5841] usb 7-1: device descriptor read/8, error -71
[ 1420.676857][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1420.802782][ T5841] usb 7-1: new high-speed USB device number 66 using dummy_hcd
[ 1420.825216][ T5841] usb 7-1: device descriptor read/8, error -71
[ 1420.941729][ T5841] usb usb7-port1: unable to enumerate USB device
[ 1420.948642][ T5907] ir_toy 4-1:8.177: required endpoints not found
[ 1420.972490][ T5907] usb 4-1: USB disconnect, device number 85
[ 1421.024085][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1421.108330][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1421.559291][   T30] kauditd_printk_skb: 33 callbacks suppressed
[ 1421.559310][   T30] audit: type=1800 audit(1652.656:2996): pid=20129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.3815" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1421.609914][T20129] overlayfs: missing 'lowerdir'
[ 1421.727161][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1421.963419][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1422.133696][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1422.213871][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1422.367936][T20132] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3816'.
[ 1422.392438][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1422.624741][T20140] No memory to map
[ 1423.574847][T20147] FAULT_INJECTION: forcing a failure.
[ 1423.574847][T20147] name failslab, interval 1, probability 0, space 0, times 0
[ 1423.611965][T20147] CPU: 0 UID: 0 PID: 20147 Comm: syz.4.3821 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1423.611993][T20147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1423.612005][T20147] Call Trace:
[ 1423.612013][T20147]  <TASK>
[ 1423.612022][T20147]  dump_stack_lvl+0x189/0x250
[ 1423.612051][T20147]  ? __pfx____ratelimit+0x10/0x10
[ 1423.612075][T20147]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1423.612099][T20147]  ? __pfx__printk+0x10/0x10
[ 1423.612119][T20147]  ? __pfx___might_resched+0x10/0x10
[ 1423.612142][T20147]  ? fs_reclaim_acquire+0x7d/0x100
[ 1423.612171][T20147]  should_fail_ex+0x414/0x560
[ 1423.612197][T20147]  should_failslab+0xa8/0x100
[ 1423.612221][T20147]  __kmalloc_noprof+0xcb/0x4f0
[ 1423.612239][T20147]  ? tomoyo_mount_permission+0x27a/0x970
[ 1423.612260][T20147]  ? tomoyo_encode+0x28b/0x550
[ 1423.612288][T20147]  tomoyo_encode+0x28b/0x550
[ 1423.612315][T20147]  ? tomoyo_mount_permission+0x27a/0x970
[ 1423.612338][T20147]  tomoyo_mount_permission+0x331/0x970
[ 1423.612369][T20147]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[ 1423.612453][T20147]  security_sb_mount+0xec/0x350
[ 1423.612475][T20147]  path_mount+0xbc/0xfe0
[ 1423.612496][T20147]  ? user_path_at+0x44/0x60
[ 1423.612516][T20147]  ? kmem_cache_free+0x18f/0x400
[ 1423.612546][T20147]  __se_sys_mount+0x317/0x410
[ 1423.612575][T20147]  ? __pfx___se_sys_mount+0x10/0x10
[ 1423.612595][T20147]  ? rcu_is_watching+0x15/0xb0
[ 1423.612624][T20147]  ? do_syscall_64+0xbe/0x3b0
[ 1423.612646][T20147]  ? __x64_sys_mount+0x20/0xc0
[ 1423.612671][T20147]  do_syscall_64+0xfa/0x3b0
[ 1423.612693][T20147]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1423.612716][T20147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1423.612734][T20147]  ? clear_bhb_loop+0x60/0xb0
[ 1423.612756][T20147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1423.612773][T20147] RIP: 0033:0x7f5ce338e929
[ 1423.612787][T20147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1423.612802][T20147] RSP: 002b:00007f5ce41b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1423.612820][T20147] RAX: ffffffffffffffda RBX: 00007f5ce35b5fa0 RCX: 00007f5ce338e929
[ 1423.612832][T20147] RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 0000200000000100
[ 1423.612843][T20147] RBP: 00007f5ce41b7090 R08: 0000000000000000 R09: 0000000000000000
[ 1423.612855][T20147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1423.612865][T20147] R13: 0000000000000000 R14: 00007f5ce35b5fa0 R15: 00007ffc85ed2eb8
[ 1423.612895][T20147]  </TASK>
[ 1424.267138][T17384] Bluetooth: Unexpected start frame (len 0)
[ 1425.269857][ T5907] net_ratelimit: 9 callbacks suppressed
[ 1425.269876][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1425.395956][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1425.467922][T11419] usb 7-1: new high-speed USB device number 67 using dummy_hcd
[ 1426.316979][T20175] overlayfs: missing 'workdir'
[ 1426.338484][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1426.346970][T11419] usb 7-1: Using ep0 maxpacket: 16
[ 1426.493494][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1426.529838][T11419] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.658246][T11419] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1426.678084][ T5907] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[ 1426.737206][T11419] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1426.757007][T11419] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1426.877248][T11419] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1426.940370][ T5831] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1426.944967][T11419] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1426.957196][T11419] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1426.965579][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1426.970790][T11419] usb 7-1: Manufacturer: syz
[ 1426.986341][ T5907] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1427.000695][T11419] usb 7-1: config 0 descriptor??
[ 1427.005147][ T5907] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1427.026338][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1427.034380][ T5907] usb 6-1: Product: syz
[ 1427.039226][ T5907] usb 6-1: Manufacturer: syz
[ 1427.043826][ T5907] usb 6-1: SerialNumber: syz
[ 1427.069130][ T5907] usb 6-1: config 0 descriptor??
[ 1427.081190][ T5907] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[ 1427.099000][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1427.119082][ T5907] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[ 1427.132959][ T5907] usb 6-1: media controller created
[ 1427.152635][ T5831] usb 4-1: Using ep0 maxpacket: 16
[ 1427.174669][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1427.193423][ T5831] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1427.237420][ T5831] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1427.245410][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1427.269666][ T5831] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1427.296877][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1427.323915][    C1] IPv4: Oversized IP packet from 172.20.20.10
[ 1427.390009][ T5831] usb 4-1: config 0 descriptor??
[ 1427.431369][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1427.644136][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1427.981358][ T5907] DVB: Unable to find symbol tda10046_attach()
[ 1427.996092][ T5907] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[ 1428.007946][T11419] rc_core: IR keymap rc-hauppauge not found
[ 1428.017548][ T5907] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[ 1428.022808][T11419] Registered IR keymap rc-empty
[ 1428.049263][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.093438][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.126600][T11419] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[ 1428.146028][T11419] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input31
[ 1428.171595][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.206051][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.243235][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.275329][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.317883][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.350054][ T5831] usbhid 4-1:0.0: can't add hid device: -71
[ 1428.350846][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.358449][ T5831] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1428.401055][ T5831] usb 4-1: USB disconnect, device number 86
[ 1428.404195][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.542853][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1428.553215][T13749] Bluetooth: hci1: command 0x0405 tx timeout
[ 1428.607215][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1428.638646][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.660251][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.702789][T11419] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[ 1428.751114][T11419] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[ 1428.771513][T11419] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1428.899221][T11419] usb 7-1: USB disconnect, device number 67
[ 1429.056861][T20205] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3838'.
[ 1429.916922][T20216] netlink: 'syz.7.3842': attribute type 1 has an invalid length.
[ 1429.962677][ T5907] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[ 1430.083546][T20225] overlayfs: missing 'workdir'
[ 1430.127511][ T5907] usb 6-1: USB disconnect, device number 79
[ 1430.356688][T20232] netlink: 'syz.3.3846': attribute type 11 has an invalid length.
[ 1430.390430][T20232] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3846'.
[ 1430.412929][T20233] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3844'.
[ 1430.820980][ T5907] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1430.973771][T11419] net_ratelimit: 7 callbacks suppressed
[ 1430.973789][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1431.040199][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1431.210911][T20237] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3845'.
[ 1431.252712][ T5907] usb 4-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config
[ 1431.263230][ T5907] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[ 1431.335608][ T5907] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 196
[ 1431.792889][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1431.842972][ T5907] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[ 1431.872365][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1431.890789][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1431.908312][   T30] audit: type=1326 audit(1662.337:2997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30b638e929 code=0x7ffc0000
[ 1431.943230][ T5907] usb 4-1: config 0 descriptor??
[ 1431.959334][   T30] audit: type=1326 audit(1662.337:2998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f30b638e929 code=0x7ffc0000
[ 1431.982976][   T30] audit: type=1326 audit(1662.337:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30b638e929 code=0x7ffc0000
[ 1432.004779][   T30] audit: type=1326 audit(1662.337:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f30b638d290 code=0x7ffc0000
[ 1432.026812][   T30] audit: type=1326 audit(1662.337:3001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30b638e52b code=0x7ffc0000
[ 1432.049841][   T30] audit: type=1326 audit(1662.337:3002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30b638e52b code=0x7ffc0000
[ 1432.071735][   T30] audit: type=1326 audit(1662.337:3003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30b638e52b code=0x7ffc0000
[ 1432.093535][   T30] audit: type=1326 audit(1662.337:3004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30b638e52b code=0x7ffc0000
[ 1432.151006][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1432.160026][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1432.175042][T20228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1432.186637][   T30] audit: type=1326 audit(1662.580:3005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20252 comm="syz.6.3852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f30b638e52b code=0x7ffc0000
[ 1432.250575][T20228] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1432.298693][T20261] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 20261 comm: syz.4.3853)
[ 1432.533023][   T30] audit: type=1800 audit(1662.721:3006): pid=20261 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3853" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=84095 res=0 errno=0
[ 1432.673150][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1432.711899][T11419] usb 7-1: new full-speed USB device number 68 using dummy_hcd
[ 1432.850742][T11419] usb 7-1: device descriptor read/64, error -71
[ 1433.332460][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1433.655886][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1433.668304][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1433.676911][T11419] usb 7-1: new full-speed USB device number 69 using dummy_hcd
[ 1433.692536][ T5907] usb 4-1: string descriptor 0 read error: -71
[ 1433.720803][ T5907] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1433.752003][ T5907] usb 4-1: USB disconnect, device number 87
[ 1434.039611][T11419] usb 7-1: device descriptor read/64, error -71
[ 1434.159206][T11419] usb usb7-port1: attempt power cycle
[ 1434.910376][T17028] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1434.967434][T11419] usb 7-1: new full-speed USB device number 70 using dummy_hcd
[ 1434.994729][T11419] usb 7-1: device descriptor read/8, error -71
[ 1435.153947][T17028] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1435.194413][T17028] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1435.242065][T17028] usb 4-1: config 0 descriptor??
[ 1435.281710][T17028] cp210x 4-1:0.0: cp210x converter detected
[ 1435.497400][T20283] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1435.504721][T20283] IPv6: NLM_F_CREATE should be set when creating new route
[ 1435.512011][T20283] IPv6: NLM_F_CREATE should be set when creating new route
[ 1435.797239][T20283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3860'.
[ 1436.049124][T20319] FAULT_INJECTION: forcing a failure.
[ 1436.049124][T20319] name failslab, interval 1, probability 0, space 0, times 0
[ 1436.088563][T20319] CPU: 1 UID: 0 PID: 20319 Comm: syz.7.3868 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1436.088592][T20319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1436.088604][T20319] Call Trace:
[ 1436.088612][T20319]  <TASK>
[ 1436.088621][T20319]  dump_stack_lvl+0x189/0x250
[ 1436.088651][T20319]  ? __pfx____ratelimit+0x10/0x10
[ 1436.088675][T20319]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1436.088697][T20319]  ? __pfx__printk+0x10/0x10
[ 1436.088720][T20319]  ? __pfx___might_resched+0x10/0x10
[ 1436.088742][T20319]  ? fs_reclaim_acquire+0x7d/0x100
[ 1436.088769][T20319]  should_fail_ex+0x414/0x560
[ 1436.088795][T20319]  should_failslab+0xa8/0x100
[ 1436.088819][T20319]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1436.088837][T20319]  ? alloc_empty_file+0x55/0x1d0
[ 1436.088865][T20319]  alloc_empty_file+0x55/0x1d0
[ 1436.088889][T20319]  path_openat+0x107/0x3830
[ 1436.088905][T20319]  ? arch_stack_walk+0xfc/0x150
[ 1436.088953][T20319]  ? kasan_save_track+0x4f/0x80
[ 1436.088970][T20319]  ? kasan_save_track+0x3e/0x80
[ 1436.088986][T20319]  ? __kasan_slab_alloc+0x6c/0x80
[ 1436.089005][T20319]  ? getname_flags+0xb8/0x540
[ 1436.089026][T20319]  ? __pfx_path_openat+0x10/0x10
[ 1436.089041][T20319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.089085][T20319]  do_filp_open+0x1fa/0x410
[ 1436.089101][T20319]  ? __lock_acquire+0xab9/0xd20
[ 1436.089124][T20319]  ? __pfx_do_filp_open+0x10/0x10
[ 1436.089164][T20319]  ? _raw_spin_unlock+0x28/0x50
[ 1436.089184][T20319]  ? alloc_fd+0x64c/0x6c0
[ 1436.089216][T20319]  do_sys_openat2+0x121/0x1c0
[ 1436.089243][T20319]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1436.089268][T20319]  ? ksys_write+0x22a/0x250
[ 1436.089288][T20319]  ? __pfx_ksys_write+0x10/0x10
[ 1436.089304][T20319]  ? rcu_is_watching+0x15/0xb0
[ 1436.089329][T20319]  __x64_sys_open+0x11e/0x150
[ 1436.089357][T20319]  do_syscall_64+0xfa/0x3b0
[ 1436.089380][T20319]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1436.089404][T20319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.089421][T20319]  ? clear_bhb_loop+0x60/0xb0
[ 1436.089443][T20319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1436.089460][T20319] RIP: 0033:0x7fed72b8e929
[ 1436.089477][T20319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1436.089492][T20319] RSP: 002b:00007fed739cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1436.089512][T20319] RAX: ffffffffffffffda RBX: 00007fed72db5fa0 RCX: 00007fed72b8e929
[ 1436.089525][T20319] RDX: 0000000000000119 RSI: 0000000000020880 RDI: 0000200000000180
[ 1436.089540][T20319] RBP: 00007fed739cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1436.089552][T20319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1436.089563][T20319] R13: 0000000000000000 R14: 00007fed72db5fa0 R15: 00007ffe01b0af98
[ 1436.089593][T20319]  </TASK>
[ 1436.572573][T17028] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 1436.623340][T17028] cp210x 4-1:0.0: GPIO initialisation failed: -71
[ 1436.776134][T14703] net_ratelimit: 6 callbacks suppressed
[ 1436.776152][T14703] TC_ACT_REPEAT abuse ?
[ 1436.795974][T17028] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1436.836609][T17028] usb 4-1: USB disconnect, device number 88
[ 1437.401399][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1437.415847][T17028] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1437.426064][T17028] cp210x 4-1:0.0: device disconnected
[ 1438.290742][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1438.406986][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1438.461583][T14703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1438.549794][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1439.063287][T20344] Invalid source name
[ 1439.067391][T20344] UBIFS error (pid: 20344): cannot open "./file0", error -22
[ 1440.238074][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1440.254307][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1440.305248][T20354] FAULT_INJECTION: forcing a failure.
[ 1440.305248][T20354] name failslab, interval 1, probability 0, space 0, times 0
[ 1440.331605][T20354] CPU: 0 UID: 60929 PID: 20354 Comm: syz.6.3876 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1440.331632][T20354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1440.331643][T20354] Call Trace:
[ 1440.331651][T20354]  <TASK>
[ 1440.331660][T20354]  dump_stack_lvl+0x189/0x250
[ 1440.331689][T20354]  ? __pfx____ratelimit+0x10/0x10
[ 1440.331713][T20354]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1440.331735][T20354]  ? __pfx__printk+0x10/0x10
[ 1440.331760][T20354]  ? __pfx___might_resched+0x10/0x10
[ 1440.331781][T20354]  ? fs_reclaim_acquire+0x7d/0x100
[ 1440.331816][T20354]  should_fail_ex+0x414/0x560
[ 1440.331842][T20354]  should_failslab+0xa8/0x100
[ 1440.331865][T20354]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1440.331885][T20354]  ? alloc_empty_file+0x55/0x1d0
[ 1440.331913][T20354]  alloc_empty_file+0x55/0x1d0
[ 1440.331938][T20354]  path_openat+0x107/0x3830
[ 1440.331955][T20354]  ? arch_stack_walk+0xfc/0x150
[ 1440.332006][T20354]  ? kasan_save_track+0x4f/0x80
[ 1440.332022][T20354]  ? kasan_save_track+0x3e/0x80
[ 1440.332039][T20354]  ? __kasan_slab_alloc+0x6c/0x80
[ 1440.332057][T20354]  ? getname_flags+0xb8/0x540
[ 1440.332079][T20354]  ? __pfx_path_openat+0x10/0x10
[ 1440.332094][T20354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.332132][T20354]  do_filp_open+0x1fa/0x410
[ 1440.332147][T20354]  ? __lock_acquire+0xab9/0xd20
[ 1440.332171][T20354]  ? __pfx_do_filp_open+0x10/0x10
[ 1440.332211][T20354]  ? _raw_spin_unlock+0x28/0x50
[ 1440.332231][T20354]  ? alloc_fd+0x64c/0x6c0
[ 1440.332263][T20354]  do_sys_openat2+0x121/0x1c0
[ 1440.332290][T20354]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1440.332315][T20354]  ? ksys_write+0x22a/0x250
[ 1440.332336][T20354]  ? __pfx_ksys_write+0x10/0x10
[ 1440.332353][T20354]  ? rcu_is_watching+0x15/0xb0
[ 1440.332380][T20354]  __x64_sys_open+0x11e/0x150
[ 1440.332408][T20354]  do_syscall_64+0xfa/0x3b0
[ 1440.332433][T20354]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.332449][T20354]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1440.332467][T20354]  ? clear_bhb_loop+0x60/0xb0
[ 1440.332487][T20354]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.332504][T20354] RIP: 0033:0x7f30b638e929
[ 1440.332521][T20354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1440.332535][T20354] RSP: 002b:00007f30b72c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1440.332555][T20354] RAX: ffffffffffffffda RBX: 00007f30b65b5fa0 RCX: 00007f30b638e929
[ 1440.332568][T20354] RDX: 000000000000002e RSI: 000000000014907e RDI: 0000200000000300
[ 1440.332580][T20354] RBP: 00007f30b72c0090 R08: 0000000000000000 R09: 0000000000000000
[ 1440.332591][T20354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1440.332602][T20354] R13: 0000000000000000 R14: 00007f30b65b5fa0 R15: 00007fff0f0f3f28
[ 1440.332634][T20354]  </TASK>
[ 1441.371591][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1441.379999][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1442.273402][T20388] FAULT_INJECTION: forcing a failure.
[ 1442.273402][T20388] name failslab, interval 1, probability 0, space 0, times 0
[ 1442.327603][T20388] CPU: 0 UID: 0 PID: 20388 Comm: syz.5.3883 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1442.327639][T20388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1442.327650][T20388] Call Trace:
[ 1442.327658][T20388]  <TASK>
[ 1442.327666][T20388]  dump_stack_lvl+0x189/0x250
[ 1442.327695][T20388]  ? __pfx____ratelimit+0x10/0x10
[ 1442.327719][T20388]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1442.327743][T20388]  ? __pfx__printk+0x10/0x10
[ 1442.327768][T20388]  ? __pfx___might_resched+0x10/0x10
[ 1442.327791][T20388]  ? fs_reclaim_acquire+0x7d/0x100
[ 1442.327819][T20388]  should_fail_ex+0x414/0x560
[ 1442.327846][T20388]  should_failslab+0xa8/0x100
[ 1442.327870][T20388]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1442.327890][T20388]  ? __d_alloc+0x31/0x6f0
[ 1442.327920][T20388]  __d_alloc+0x31/0x6f0
[ 1442.327942][T20388]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[ 1442.327969][T20388]  d_alloc_parallel+0xe0/0x14e0
[ 1442.327985][T20388]  ? __lock_acquire+0xab9/0xd20
[ 1442.328007][T20388]  ? smack_log+0xef/0x3f0
[ 1442.328026][T20388]  ? __pfx_smack_log+0x10/0x10
[ 1442.328043][T20388]  ? smk_access+0x14c/0x4e0
[ 1442.328065][T20388]  ? __lock_acquire+0xab9/0xd20
[ 1442.328087][T20388]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1442.328110][T20388]  ? __raw_spin_lock_init+0x45/0x100
[ 1442.328131][T20388]  ? __init_waitqueue_head+0xa9/0x150
[ 1442.328155][T20388]  __lookup_slow+0x116/0x3d0
[ 1442.328175][T20388]  ? __pfx___lookup_slow+0x10/0x10
[ 1442.328207][T20388]  ? bpf_lsm_inode_permission+0x9/0x20
[ 1442.328226][T20388]  ? security_inode_permission+0xb7/0x310
[ 1442.328254][T20388]  ? down_read+0x1ad/0x2e0
[ 1442.328274][T20388]  lookup_slow+0x53/0x70
[ 1442.328292][T20388]  walk_component+0x2d2/0x400
[ 1442.328314][T20388]  ? path_lookupat+0x156/0x430
[ 1442.328341][T20388]  path_lookupat+0x163/0x430
[ 1442.328371][T20388]  filename_lookup+0x212/0x570
[ 1442.328393][T20388]  ? __x64_sys_newlstat+0xcc/0x170
[ 1442.328415][T20388]  ? do_syscall_64+0xfa/0x3b0
[ 1442.328444][T20388]  ? __pfx_filename_lookup+0x10/0x10
[ 1442.328494][T20388]  ? __might_fault+0xb0/0x130
[ 1442.328526][T20388]  vfs_statx+0xf8/0x550
[ 1442.328555][T20388]  ? __pfx_vfs_statx+0x10/0x10
[ 1442.328580][T20388]  ? getname_flags+0x1e5/0x540
[ 1442.328606][T20388]  __x64_sys_newlstat+0xea/0x170
[ 1442.328639][T20388]  ? __pfx___x64_sys_newlstat+0x10/0x10
[ 1442.328682][T20388]  ? __pfx_ksys_write+0x10/0x10
[ 1442.328699][T20388]  ? rcu_is_watching+0x15/0xb0
[ 1442.328728][T20388]  ? do_syscall_64+0xbe/0x3b0
[ 1442.328755][T20388]  do_syscall_64+0xfa/0x3b0
[ 1442.328777][T20388]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1442.328800][T20388]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1442.328817][T20388]  ? clear_bhb_loop+0x60/0xb0
[ 1442.328838][T20388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1442.328856][T20388] RIP: 0033:0x7f757cf8e929
[ 1442.328871][T20388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1442.328886][T20388] RSP: 002b:00007f757add5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[ 1442.328906][T20388] RAX: ffffffffffffffda RBX: 00007f757d1b6160 RCX: 00007f757cf8e929
[ 1442.328919][T20388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000003c0
[ 1442.328931][T20388] RBP: 00007f757add5090 R08: 0000000000000000 R09: 0000000000000000
[ 1442.328942][T20388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1442.328953][T20388] R13: 0000000000000000 R14: 00007f757d1b6160 R15: 00007ffe9f1f7e68
[ 1442.328984][T20388]  </TASK>
[ 1442.770522][T18702] net_ratelimit: 2 callbacks suppressed
[ 1442.770542][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1442.784456][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1443.027940][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1443.188559][T20400] Invalid source name
[ 1443.192652][T20400] UBIFS error (pid: 20400): cannot open "./file0", error -22
[ 1443.977383][ T5985] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1444.932375][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1444.941523][T14703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1445.038743][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1445.047055][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1445.055651][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1445.797928][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1446.754936][T20414] netlink: 'syz.6.3891': attribute type 10 has an invalid length.
[ 1446.767308][T20418] netlink: 'syz.6.3891': attribute type 10 has an invalid length.
[ 1446.994393][ T5935] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[ 1447.379550][ T5935] usb 6-1: Using ep0 maxpacket: 16
[ 1447.405001][ T5935] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1447.466639][ T5935] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1447.481177][ T5935] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1447.501172][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1447.522632][ T5935] usb 6-1: Product: syz
[ 1447.528508][ T5935] usb 6-1: Manufacturer: syz
[ 1447.538170][ T5935] usb 6-1: SerialNumber: syz
[ 1448.549720][T20446] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.3899'.
[ 1448.696467][ T5886] net_ratelimit: 18 callbacks suppressed
[ 1448.696485][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1448.970323][ T5935] usb 6-1: 0:2 : does not exist
[ 1449.069720][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1449.274945][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1449.283711][T14703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1449.364188][ T5935] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1449.584713][T20457] Invalid source name
[ 1449.588795][T20457] UBIFS error (pid: 20457): cannot open "./file0", error -22
[ 1449.768378][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1449.839687][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1449.968997][ T5935] usb 6-1: USB disconnect, device number 80
[ 1450.016797][T20459] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3902'.
[ 1450.177558][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1450.201584][T20459] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3902'.
[ 1450.237847][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1450.504995][T11419] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1450.673876][   T24] usb 7-1: new full-speed USB device number 72 using dummy_hcd
[ 1450.759170][T11419] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1450.770229][T11419] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1450.783100][T11419] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1450.792595][T11419] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1450.845658][   T24] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1450.860925][   T24] usb 7-1: not running at top speed; connect to a high speed hub
[ 1450.881665][   T24] usb 7-1: config 8 has an invalid interface number: 24 but max is 0
[ 1450.898250][   T24] usb 7-1: config 8 has no interface number 0
[ 1450.911202][   T24] usb 7-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 64
[ 1450.929503][T11419] usb 5-1: config 0 descriptor??
[ 1450.948829][T11419] usbhid 5-1:0.0: can't add hid device: -22
[ 1450.955966][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1450.971325][T11419] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[ 1450.982550][   T24] usb 7-1: config 8 interface 24 has no altsetting 0
[ 1451.045416][   T24] usb 7-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[ 1451.074898][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1451.112543][   T24] usb 7-1: Product: syz
[ 1451.126852][   T24] usb 7-1: Manufacturer: syz
[ 1451.150924][   T24] usb 7-1: SerialNumber: syz
[ 1451.175788][T20470] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1451.378043][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1451.450002][   T24] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'.
[ 1451.495467][   T24] usb 7-1: USB disconnect, device number 72
[ 1451.633148][T20479] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3903'.
[ 1451.805499][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1451.814004][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1451.977355][T17384] Bluetooth: hci1: command 0x0405 tx timeout
[ 1453.298180][   T24] usb 5-1: USB disconnect, device number 88
[ 1454.963998][ T5841] net_ratelimit: 7 callbacks suppressed
[ 1454.964010][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1454.987271][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1455.314724][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1455.482311][ T5935] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1455.664564][ T5935] usb 4-1: Using ep0 maxpacket: 8
[ 1455.704992][ T5935] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1455.770451][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1455.779276][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1455.802251][ T5935] usb 4-1: Product: syz
[ 1455.811724][ T5935] usb 4-1: Manufacturer: syz
[ 1455.821519][ T5935] usb 4-1: SerialNumber: syz
[ 1455.827079][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1455.841944][ T5935] usb 4-1: config 0 descriptor??
[ 1455.854211][ T5935] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1455.953151][ T5841] usb 7-1: new high-speed USB device number 73 using dummy_hcd
[ 1456.096132][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1456.104920][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1456.141919][ T5841] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1456.153535][ T5841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1456.182012][ T5841] usb 7-1: config 0 descriptor??
[ 1456.200586][ T5841] cp210x 7-1:0.0: cp210x converter detected
[ 1456.419673][T20508] ubi31: detaching mtd0
[ 1456.429612][T20508] ubi31: mtd0 is detached
[ 1456.447944][ T5841] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1456.465419][ T5841] cp210x 7-1:0.0: querying part number failed
[ 1456.491817][ T5841] usb 7-1: cp210x converter now attached to ttyUSB0
[ 1456.514820][ T5841] usb 7-1: USB disconnect, device number 73
[ 1456.536460][ T5841] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1456.564494][ T5841] cp210x 7-1:0.0: device disconnected
[ 1457.268764][ T5935] gspca_sonixj: reg_w1 err -110
[ 1457.429614][T20498] binder: 20496:20498 ioctl c0306201 200000000240 returned -11
[ 1457.440788][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1457.440902][   T24] TC_ACT_REPEAT abuse ?
[ 1457.449116][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1457.492564][ T5935] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[ 1457.506313][ T5935] usb 4-1: USB disconnect, device number 89
[ 1459.583972][T20538] overlayfs: conflicting options: nfs_export=on,index=off
[ 1459.705663][ T5841] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1459.907558][ T5841] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1459.916197][ T5841] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1459.931992][ T5841] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1459.946867][ T5841] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1459.955734][ T5841] usb 5-1: Manufacturer: syz
[ 1459.976549][ T5841] usb 5-1: config 0 descriptor??
[ 1460.077402][ T5841] rc_core: IR keymap rc-hauppauge not found
[ 1460.084831][ T5841] Registered IR keymap rc-empty
[ 1460.093095][ T5841] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1460.107260][ T5841] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input32
[ 1460.221619][    C0] igorplugusb 5-1:0.0: Error: urb status = -32
[ 1460.223225][T20535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1460.236969][T20535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1460.336182][ T5935] usb 5-1: USB disconnect, device number 89
[ 1460.444278][T11419] net_ratelimit: 17 callbacks suppressed
[ 1460.444295][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1460.731980][T11419] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[ 1460.895276][T11419] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1460.907458][T11419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1460.920055][T11419] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1460.932733][T11419] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1460.958184][ T5841] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[ 1460.966343][T11419] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1460.980948][T11419] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1460.991459][T11419] usb 4-1: Manufacturer: syz
[ 1460.999854][T11419] usb 4-1: config 0 descriptor??
[ 1461.151380][ T5841] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1461.163424][ T5841] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1461.173567][ T5841] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1461.183199][ T5841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1461.197498][T20558] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[ 1461.233851][ T5841] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1461.391053][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1461.461436][T11419] appleir 0003:05AC:8243.0025: unknown main item tag 0x0
[ 1461.462433][   T24] usb 6-1: USB disconnect, device number 81
[ 1461.470446][T11419] appleir 0003:05AC:8243.0025: No inputs registered, leaving
[ 1461.540577][T11419] appleir 0003:05AC:8243.0025: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1461.561061][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1462.399930][   T24] usb 4-1: USB disconnect, device number 90
[ 1462.502266][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1462.511072][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1462.578589][T20535] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[ 1462.589356][T20561] IPv6: sit1: Disabled Multicast RS
[ 1462.610382][T20561] sit1: entered allmulticast mode
[ 1462.618801][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1462.667238][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1462.683588][T20562] netlink: 830 bytes leftover after parsing attributes in process `syz.5.3933'.
[ 1462.694407][T20562] bond_slave_0: entered promiscuous mode
[ 1462.700705][T20562] bond_slave_1: entered promiscuous mode
[ 1462.709222][T20534] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[ 1463.463353][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1463.721896][T20576] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3936'.
[ 1463.789883][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1463.889724][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1463.908851][T20578] netlink: 136 bytes leftover after parsing attributes in process `syz.3.3938'.
[ 1464.957664][T11419] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1465.065536][T20594] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3944'.
[ 1465.125602][T11419] usb 5-1: Using ep0 maxpacket: 8
[ 1465.133234][T11419] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1465.146072][T11419] usb 5-1: config 179 has no interface number 0
[ 1465.156143][T11419] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[ 1465.168418][T11419] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[ 1465.175736][T20599] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(4)
[ 1465.180434][T11419] usb 5-1: config 179 interface 65 altsetting 12 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1465.186292][T20599] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1465.215621][T20599] vhci_hcd vhci_hcd.0: Device attached
[ 1465.222118][T11419] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1465.241034][T20600] vhci_hcd: connection closed
[ 1465.241343][T13700] vhci_hcd: stop threads
[ 1465.256065][T11419] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1465.256098][T11419] usb 5-1: config 179 interface 65 has no altsetting 0
[ 1465.256138][T11419] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[ 1465.256160][T11419] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1465.259686][T13700] vhci_hcd: release socket
[ 1465.259715][T13700] vhci_hcd: disconnect device
[ 1465.290432][T11419] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input33
[ 1465.361340][ T5831] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[ 1465.468274][ T5180] input input33: unable to receive magic message: -110
[ 1465.564405][ T5831] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1465.573073][ T5831] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1465.605564][ T5180] input input33: unable to receive magic message: -32
[ 1465.621834][ T5831] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 66
[ 1465.631464][ T5180] input input33: unable to receive magic message: -32
[ 1465.647072][ T5180] input input33: unable to receive magic message: -32
[ 1465.658495][ T5831] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1465.676126][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1465.684696][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1
[ 1465.684707][ T5831] usb 4-1: Product: syz
[ 1465.684725][ T5831] usb 4-1: Manufacturer: syz
[ 1465.702561][T11419] usb 5-1: USB disconnect, device number 90
[ 1465.708628][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1465.750970][T11419] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[ 1465.832853][ T5831] net_ratelimit: 17 callbacks suppressed
[ 1465.832872][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1465.939609][ T5831] usb 4-1: USB disconnect, device number 91
[ 1466.144860][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1466.319589][T17028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1466.829095][T17028] usb 7-1: new high-speed USB device number 74 using dummy_hcd
[ 1466.958065][T20619] netlink: 148 bytes leftover after parsing attributes in process `syz.4.3951'.
[ 1466.968116][T20619] A link change request failed with some changes committed already. Interface ip6gre0 may have been left with an inconsistent configuration, please check.
[ 1467.146161][T17028] usb 7-1: Using ep0 maxpacket: 32
[ 1467.165114][T17028] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1467.177932][T17028] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1467.188335][T17028] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1467.203717][T17028] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1467.420295][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1467.431219][T17028] usb 7-1: config 0 descriptor??
[ 1467.456482][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1468.517413][ T5831] TC_ACT_REPEAT abuse ?
[ 1468.559732][T17028] ft260 0003:0403:6030.0026: unbalanced collection at end of report description
[ 1468.573584][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1468.986354][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1469.008571][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1469.113652][T17028] ft260 0003:0403:6030.0026: failed to parse HID
[ 1469.132012][T17028] ft260 0003:0403:6030.0026: probe with driver ft260 failed with error -22
[ 1469.497008][T20640] binder: 20639:20640 ioctl c0306201 200000000240 returned -11
[ 1470.327876][ T5886] usb 7-1: USB disconnect, device number 74
[ 1471.235774][T18702] net_ratelimit: 2 callbacks suppressed
[ 1471.235790][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1472.333460][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1472.424289][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1473.444329][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1473.708210][T20721] sg_write: data in/out 2387/42 bytes for SCSI command 0x0-- guessing data in;
[ 1473.708210][T20721]    program syz.6.3975 not setting count and/or reply_len properly
[ 1473.725435][   T24] usb 4-1: new low-speed USB device number 92 using dummy_hcd
[ 1473.924970][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1473.959039][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1474.043321][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[ 1474.076187][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1474.096795][   T24] usb 4-1: config 0 descriptor??
[ 1475.293433][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1475.335839][   T24] logitech-djreceiver 0003:046D:C52F.0027: hidraw0: USB HID v0.00 Device [HID 046d:c52f] on usb-dummy_hcd.3-1/input0
[ 1475.453301][ T5886] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[ 1475.638655][ T5886] usb 6-1: Using ep0 maxpacket: 16
[ 1475.650615][ T5886] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1475.658034][   T24] usb 4-1: USB disconnect, device number 92
[ 1475.667498][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1475.707233][ T5886] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1475.731332][ T5886] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1475.740444][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1475.843483][T20751] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3984'.
[ 1476.285810][ T5886] usb 6-1: Product: syz
[ 1476.290074][ T5886] usb 6-1: Manufacturer: syz
[ 1476.294718][ T5886] usb 6-1: SerialNumber: syz
[ 1476.316689][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1476.436976][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1476.547738][ T5886] usb 6-1: 0:2 : does not exist
[ 1476.560559][ T5886] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1476.581346][ T5886] usb 6-1: USB disconnect, device number 82
[ 1476.619465][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1476.789429][T18702] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 1476.981506][T18702] usb 5-1: device descriptor read/64, error -71
[ 1477.563292][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1477.580016][T20764] bridge0: port 3(erspan0) entered blocking state
[ 1477.591848][T20764] bridge0: port 3(erspan0) entered disabled state
[ 1477.600055][T20764] erspan0: entered allmulticast mode
[ 1477.613902][T20764] erspan0: entered promiscuous mode
[ 1477.629840][T20764] bridge0: port 3(erspan0) entered blocking state
[ 1477.636478][T20764] bridge0: port 3(erspan0) entered forwarding state
[ 1477.721158][T20768] netlink: 288 bytes leftover after parsing attributes in process `syz.6.3991'.
[ 1477.868927][T18702] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[ 1478.904928][T20785] Invalid source name
[ 1478.909192][T20785] UBIFS error (pid: 20785): cannot open "./file0", error -22
[ 1479.194519][T18702] usb 5-1: device descriptor read/64, error -71
[ 1479.615404][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1479.715799][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1479.718386][ T5831] TC_ACT_REPEAT abuse ?
[ 1479.837629][T18702] usb usb5-port1: attempt power cycle
[ 1480.997897][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1482.092027][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1482.151994][T20824] wg1 speed is unknown, defaulting to 1000
[ 1482.158984][T20832] tmpfs: Bad value for 'mpol'
[ 1482.946885][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1483.674420][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1484.015459][T20829] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4002'.
[ 1484.058724][ T5935] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[ 1484.307246][ T5935] usb 4-1: no configurations
[ 1484.315368][ T5935] usb 4-1: can't read configurations, error -22
[ 1484.507649][ T5935] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[ 1484.582812][   T24] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[ 1484.691988][ T5935] usb 4-1: no configurations
[ 1484.696908][ T5935] usb 4-1: can't read configurations, error -22
[ 1484.697829][T20869] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4013'.
[ 1484.738645][ T5935] usb usb4-port1: attempt power cycle
[ 1484.785624][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1484.797097][   T24] usb 6-1: too many configurations: 39, using maximum allowed: 8
[ 1484.826419][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1484.835483][   T24] usb 6-1: can't read configurations, error -61
[ 1484.929011][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1485.539660][   T24] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[ 1485.671995][ T5935] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[ 1485.728871][ T5935] usb 4-1: no configurations
[ 1485.733529][ T5935] usb 4-1: can't read configurations, error -22
[ 1485.775302][T20884] 9pnet_fd: Insufficient options for proto=fd
[ 1485.845705][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1485.910959][ T5935] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1485.940362][   T24] usb 6-1: too many configurations: 39, using maximum allowed: 8
[ 1485.959489][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1485.961607][ T5841] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1485.971868][   T24] usb 6-1: can't read configurations, error -61
[ 1485.982377][ T5935] usb 4-1: no configurations
[ 1485.987717][ T5935] usb 4-1: can't read configurations, error -22
[ 1485.998723][   T24] usb usb6-port1: attempt power cycle
[ 1486.005780][ T5935] usb usb4-port1: unable to enumerate USB device
[ 1486.030446][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1486.120187][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1486.208083][ T5841] usb 5-1: Using ep0 maxpacket: 16
[ 1486.452110][ T5841] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1486.573941][ T5841] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1486.695058][ T5841] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1486.713685][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1486.726545][ T5841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1486.734863][ T5841] usb 5-1: Product: syz
[ 1486.739088][ T5841] usb 5-1: Manufacturer: syz
[ 1486.743796][ T5841] usb 5-1: SerialNumber: syz
[ 1486.785017][   T24] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[ 1486.818451][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1486.824283][   T24] usb 6-1: too many configurations: 39, using maximum allowed: 8
[ 1486.834338][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1486.842005][   T24] usb 6-1: can't read configurations, error -61
[ 1486.971016][ T5841] usb 5-1: 0:2 : does not exist
[ 1486.984938][ T5841] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1487.000355][   T24] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[ 1487.013456][ T5841] usb 5-1: USB disconnect, device number 94
[ 1487.052425][   T24] usb 6-1: Using ep0 maxpacket: 8
[ 1487.058127][   T24] usb 6-1: too many configurations: 39, using maximum allowed: 8
[ 1487.078452][   T24] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1487.080455][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1487.107281][   T24] usb 6-1: can't read configurations, error -61
[ 1487.117555][   T24] usb usb6-port1: unable to enumerate USB device
[ 1487.212952][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1487.394239][T18227] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[ 1487.580608][T18227] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1487.604735][T18227] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1487.626071][T18227] usb 4-1: config 0 descriptor??
[ 1487.693320][T20900] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (288 ns). Using initial count to start timer.
[ 1487.711319][T20900] FAULT_INJECTION: forcing a failure.
[ 1487.711319][T20900] name failslab, interval 1, probability 0, space 0, times 0
[ 1487.724933][T20900] CPU: 0 UID: 0 PID: 20900 Comm: syz.4.4024 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1487.724967][T20900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1487.724978][T20900] Call Trace:
[ 1487.724986][T20900]  <TASK>
[ 1487.724995][T20900]  dump_stack_lvl+0x189/0x250
[ 1487.725025][T20900]  ? __pfx____ratelimit+0x10/0x10
[ 1487.725050][T20900]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1487.725074][T20900]  ? __pfx__printk+0x10/0x10
[ 1487.725098][T20900]  ? __pfx___might_resched+0x10/0x10
[ 1487.725120][T20900]  ? fs_reclaim_acquire+0x7d/0x100
[ 1487.725148][T20900]  should_fail_ex+0x414/0x560
[ 1487.725176][T20900]  should_failslab+0xa8/0x100
[ 1487.725199][T20900]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1487.725220][T20900]  ? alloc_vmap_area+0x26a/0x1490
[ 1487.725245][T20900]  alloc_vmap_area+0x26a/0x1490
[ 1487.725282][T20900]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1487.725302][T20900]  ? __kasan_kmalloc+0x93/0xb0
[ 1487.725322][T20900]  ? __kmalloc_cache_node_noprof+0x234/0x3d0
[ 1487.725344][T20900]  ? __get_vm_area_node+0x13f/0x300
[ 1487.725364][T20900]  ? copy_process+0x54b/0x3c00
[ 1487.725388][T20900]  __get_vm_area_node+0x1f8/0x300
[ 1487.725416][T20900]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1487.725436][T20900]  ? copy_process+0x54b/0x3c00
[ 1487.725467][T20900]  ? percpu_ref_get_many+0x19/0x140
[ 1487.725488][T20900]  ? percpu_ref_get_many+0x19/0x140
[ 1487.725524][T20900]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1487.725549][T20900]  ? memcpy_and_pad+0x48/0x80
[ 1487.725573][T20900]  __vmalloc_node_noprof+0xc2/0x110
[ 1487.725596][T20900]  ? copy_process+0x54b/0x3c00
[ 1487.725618][T20900]  ? copy_process+0x54b/0x3c00
[ 1487.725643][T20900]  dup_task_struct+0x3e7/0x860
[ 1487.725674][T20900]  copy_process+0x54b/0x3c00
[ 1487.725728][T20900]  ? __pfx_copy_process+0x10/0x10
[ 1487.725766][T20900]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1487.725788][T20900]  vhost_task_create+0x1c4/0x290
[ 1487.725807][T20900]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1487.725830][T20900]  ? __pfx_vhost_task_create+0x10/0x10
[ 1487.725856][T20900]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1487.725885][T20900]  ? kasan_save_track+0x4f/0x80
[ 1487.725901][T20900]  ? kasan_save_track+0x3e/0x80
[ 1487.725925][T20900]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1487.725960][T20900]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1487.725986][T20900]  ? __mutex_trylock_common+0x153/0x260
[ 1487.726015][T20900]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1487.726038][T20900]  ? rcu_is_watching+0x15/0xb0
[ 1487.726061][T20900]  ? look_up_lock_class+0x74/0x170
[ 1487.726088][T20900]  ? register_lock_class+0x51/0x320
[ 1487.726115][T20900]  ? __lock_acquire+0xab9/0xd20
[ 1487.726167][T20900]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1487.726191][T20900]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1487.726215][T20900]  ? __lock_acquire+0xab9/0xd20
[ 1487.726239][T20900]  ? __asan_memset+0x22/0x50
[ 1487.726257][T20900]  ? smack_file_ioctl+0x302/0x340
[ 1487.726280][T20900]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1487.726311][T20900]  ? __fget_files+0x2a/0x420
[ 1487.726336][T20900]  ? __fget_files+0x3a0/0x420
[ 1487.726356][T20900]  ? __fget_files+0x2a/0x420
[ 1487.726381][T20900]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1487.726404][T20900]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1487.726429][T20900]  __se_sys_ioctl+0xfc/0x170
[ 1487.726451][T20900]  do_syscall_64+0xfa/0x3b0
[ 1487.726474][T20900]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1487.726497][T20900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1487.726515][T20900]  ? clear_bhb_loop+0x60/0xb0
[ 1487.726537][T20900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1487.726553][T20900] RIP: 0033:0x7f5ce338e929
[ 1487.726570][T20900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1487.726585][T20900] RSP: 002b:00007f5ce41b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1487.726604][T20900] RAX: ffffffffffffffda RBX: 00007f5ce35b5fa0 RCX: 00007f5ce338e929
[ 1487.726617][T20900] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1487.726629][T20900] RBP: 00007f5ce41b7090 R08: 0000000000000000 R09: 0000000000000000
[ 1487.726640][T20900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1487.726651][T20900] R13: 0000000000000000 R14: 00007f5ce35b5fa0 R15: 00007ffc85ed2eb8
[ 1487.726681][T20900]  </TASK>
[ 1487.823212][T18227] cp210x 4-1:0.0: cp210x converter detected
[ 1487.852278][T20900] warn_alloc: 3 callbacks suppressed
[ 1487.852293][T20900] syz.4.4024: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[ 1487.866779][T20894] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1487.884162][T20900] ,cpuset=
[ 1488.115086][T20894] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4021'.
[ 1488.126346][T20900] /
[ 1488.193681][ T5886] usb 6-1: new high-speed USB device number 87 using dummy_hcd
[ 1488.205479][T20900] ,mems_allowed=0-1
[ 1488.211178][T20900] CPU: 0 UID: 0 PID: 20900 Comm: syz.4.4024 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1488.211201][T20900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1488.211211][T20900] Call Trace:
[ 1488.211218][T20900]  <TASK>
[ 1488.211226][T20900]  dump_stack_lvl+0x189/0x250
[ 1488.211253][T20900]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1488.211271][T20900]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1488.211292][T20900]  ? __pfx__printk+0x10/0x10
[ 1488.211309][T20900]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1488.211333][T20900]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1488.211364][T20900]  warn_alloc+0x214/0x310
[ 1488.211385][T20900]  ? kasan_quarantine_put+0xdd/0x220
[ 1488.211403][T20900]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1488.211427][T20900]  ? __pfx_warn_alloc+0x10/0x10
[ 1488.211449][T20900]  ? kfree+0x18e/0x440
[ 1488.211465][T20900]  ? __get_vm_area_node+0x13f/0x300
[ 1488.211487][T20900]  ? copy_process+0x54b/0x3c00
[ 1488.211511][T20900]  ? __get_vm_area_node+0x211/0x300
[ 1488.211539][T20900]  __vmalloc_node_range_noprof+0x326/0x12f0
[ 1488.211574][T20900]  ? percpu_ref_get_many+0x19/0x140
[ 1488.211596][T20900]  ? percpu_ref_get_many+0x19/0x140
[ 1488.211632][T20900]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1488.211657][T20900]  ? memcpy_and_pad+0x48/0x80
[ 1488.211682][T20900]  __vmalloc_node_noprof+0xc2/0x110
[ 1488.211704][T20900]  ? copy_process+0x54b/0x3c00
[ 1488.211724][T20900]  ? copy_process+0x54b/0x3c00
[ 1488.211750][T20900]  dup_task_struct+0x3e7/0x860
[ 1488.211780][T20900]  copy_process+0x54b/0x3c00
[ 1488.211834][T20900]  ? __pfx_copy_process+0x10/0x10
[ 1488.211870][T20900]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1488.211892][T20900]  vhost_task_create+0x1c4/0x290
[ 1488.211920][T20900]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1488.211943][T20900]  ? __pfx_vhost_task_create+0x10/0x10
[ 1488.211969][T20900]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1488.211998][T20900]  ? kasan_save_track+0x4f/0x80
[ 1488.212015][T20900]  ? kasan_save_track+0x3e/0x80
[ 1488.212038][T20900]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1488.212065][T20900]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1488.212092][T20900]  ? __mutex_trylock_common+0x153/0x260
[ 1488.212121][T20900]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1488.212145][T20900]  ? rcu_is_watching+0x15/0xb0
[ 1488.212167][T20900]  ? look_up_lock_class+0x74/0x170
[ 1488.212192][T20900]  ? register_lock_class+0x51/0x320
[ 1488.212220][T20900]  ? __lock_acquire+0xab9/0xd20
[ 1488.212271][T20900]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1488.212295][T20900]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1488.212318][T20900]  ? __lock_acquire+0xab9/0xd20
[ 1488.212343][T20900]  ? __asan_memset+0x22/0x50
[ 1488.212360][T20900]  ? smack_file_ioctl+0x302/0x340
[ 1488.212383][T20900]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1488.212413][T20900]  ? __fget_files+0x2a/0x420
[ 1488.212434][T20900]  ? __fget_files+0x3a0/0x420
[ 1488.212454][T20900]  ? __fget_files+0x2a/0x420
[ 1488.212479][T20900]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1488.212502][T20900]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1488.212527][T20900]  __se_sys_ioctl+0xfc/0x170
[ 1488.212549][T20900]  do_syscall_64+0xfa/0x3b0
[ 1488.212573][T20900]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1488.212595][T20900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.212613][T20900]  ? clear_bhb_loop+0x60/0xb0
[ 1488.212635][T20900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.212652][T20900] RIP: 0033:0x7f5ce338e929
[ 1488.212668][T20900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1488.212682][T20900] RSP: 002b:00007f5ce41b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1488.212702][T20900] RAX: ffffffffffffffda RBX: 00007f5ce35b5fa0 RCX: 00007f5ce338e929
[ 1488.212716][T20900] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1488.212728][T20900] RBP: 00007f5ce41b7090 R08: 0000000000000000 R09: 0000000000000000
[ 1488.212739][T20900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1488.212751][T20900] R13: 0000000000000000 R14: 00007f5ce35b5fa0 R15: 00007ffc85ed2eb8
[ 1488.212782][T20900]  </TASK>
[ 1488.212789][T20900] Mem-Info:
[ 1488.620058][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1488.630336][T20900] active_anon:273 inactive_anon:7441 isolated_anon:0
[ 1488.630336][T20900]  active_file:19339 inactive_file:41227 isolated_file:0
[ 1488.630336][T20900]  unevictable:768 dirty:169 writeback:0
[ 1488.630336][T20900]  slab_reclaimable:12043 slab_unreclaimable:112766
[ 1488.630336][T20900]  mapped:33915 shmem:4306 pagetables:1357
[ 1488.630336][T20900]  sec_pagetables:0 bounce:0
[ 1488.630336][T20900]  kernel_misc_reclaimable:0
[ 1488.630336][T20900]  free:1278652 free_pcp:13837 free_cma:0
[ 1488.636240][T18227] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -71
[ 1488.687905][T20900] Node 0 active_anon:1092kB inactive_anon:29764kB active_file:77032kB inactive_file:164908kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135576kB dirty:676kB writeback:0kB shmem:15688kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12272kB pagetables:5304kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1488.692405][T18227] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 1488.726428][ T5886] usb 6-1: Using ep0 maxpacket: 16
[ 1488.729689][T18227] cp210x 4-1:0.0: GPIO initialisation failed: -71
[ 1488.735339][T20900] Node 1 active_anon:0kB inactive_anon:0kB active_file:324kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:84kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1488.735390][T20900] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1488.806477][T18227] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1488.813558][ T5886] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1488.823893][ T5886] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1488.833294][T20900] lowmem_reserve[]: 0 2501 2503 2503 2503
[ 1488.839396][T20900] Node 0 DMA32 free:1196060kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1088kB inactive_anon:29720kB active_file:75272kB inactive_file:164840kB unevictable:1536kB writepending:676kB present:3129332kB managed:2561484kB mlocked:0kB bounce:0kB free_pcp:39928kB local_pcp:22036kB free_cma:0kB
[ 1488.848278][T18227] usb 4-1: USB disconnect, device number 97
[ 1488.872937][T20900] lowmem_reserve[]: 0 0 1 1 1
[ 1488.883989][T20900] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1760kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[ 1488.914344][T20900] lowmem_reserve[]: 0 0 0 0 0
[ 1488.919146][T20900] Node 1 Normal free:3903168kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:324kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15680kB local_pcp:10176kB free_cma:0kB
[ 1488.964553][T20900] lowmem_reserve[]: 0 0 0 0 0
[ 1488.969439][T20900] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1488.988327][T20900] Node 0 DMA32: 1781*4kB (UE) 1551*8kB (UE) 1645*16kB (UME) 1426*32kB (UM) 761*64kB (UME) 291*128kB (UME) 101*256kB (UM) 47*512kB (UM) 10*1024kB (UM) 4*2048kB (M) 232*4096kB (UM) = 1196060kB
[ 1489.007874][T20900] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 1489.030698][ T5886] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1489.031788][T18227] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1489.039767][ T5886] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1489.056706][T18227] cp210x 4-1:0.0: device disconnected
[ 1489.078904][T20900] Node 1 Normal: 202*4kB (UME) 47*8kB (UME) 36*16kB (UME) 171*32kB (UME) 48*64kB (UE) 9*128kB (UME) 6*256kB (UME) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 948*4096kB (M) = 3903168kB
[ 1489.102904][ T5886] usb 6-1: Product: syz
[ 1489.113610][ T5886] usb 6-1: Manufacturer: syz
[ 1489.125994][ T5886] usb 6-1: SerialNumber: syz
[ 1489.165329][T20900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1489.197023][T20900] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1489.214964][T20900] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1489.236195][T20900] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1489.257708][T20900] 61999 total pagecache pages
[ 1489.273519][T20900] 0 pages in swap cache
[ 1489.279342][T20900] Free swap  = 124996kB
[ 1489.283546][T20900] Total swap = 124996kB
[ 1489.300536][T20900] 2097051 pages RAM
[ 1489.308495][T20900] 0 pages HighMem/MovableOnly
[ 1489.313347][T20900] 424573 pages reserved
[ 1489.317643][T20900] 0 pages cma reserved
[ 1489.389130][ T5886] usb 6-1: 0:2 : does not exist
[ 1489.436441][   T24] TC_ACT_REPEAT abuse ?
[ 1489.576767][ T5886] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1490.174569][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1490.184126][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1490.303550][ T5886] usb 6-1: USB disconnect, device number 87
[ 1490.471689][T20926] xt_l2tp: missing protocol rule (udp|l2tpip)
[ 1490.637058][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1490.782122][   T24] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1493.625806][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1494.264939][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1494.919756][T20943] TC_ACT_REPEAT abuse ?
[ 1494.925334][T20943] TC_ACT_REPEAT abuse ?
[ 1494.930627][T20943] TC_ACT_REPEAT abuse ?
[ 1494.950010][T20943] TC_ACT_REPEAT abuse ?
[ 1494.954714][T20943] TC_ACT_REPEAT abuse ?
[ 1494.959342][T20943] TC_ACT_REPEAT abuse ?
[ 1494.964467][T20943] TC_ACT_REPEAT abuse ?
[ 1494.969391][T20943] TC_ACT_REPEAT abuse ?
[ 1495.122565][T20943] TC_ACT_REPEAT abuse ?
[ 1495.405761][T20946] binder: 20945:20946 ioctl c0306201 200000000540 returned -22
[ 1495.479439][T20947] binder: 20945:20947 ioctl c0306201 200000000640 returned -22
[ 1495.530660][   T24] usb 5-1: device descriptor read/64, error -71
[ 1495.820725][   T24] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[ 1495.864111][T20954] FAULT_INJECTION: forcing a failure.
[ 1495.864111][T20954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1495.877413][T20954] CPU: 1 UID: 0 PID: 20954 Comm: syz.6.4041 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1495.877438][T20954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1495.877449][T20954] Call Trace:
[ 1495.877457][T20954]  <TASK>
[ 1495.877465][T20954]  dump_stack_lvl+0x189/0x250
[ 1495.877492][T20954]  ? __pfx____ratelimit+0x10/0x10
[ 1495.877516][T20954]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1495.877538][T20954]  ? __pfx__printk+0x10/0x10
[ 1495.877555][T20954]  ? __might_fault+0xb0/0x130
[ 1495.877581][T20954]  should_fail_ex+0x414/0x560
[ 1495.877602][T20954]  _copy_from_iter+0x1db/0x16f0
[ 1495.877624][T20954]  ? rcu_is_watching+0x15/0xb0
[ 1495.877644][T20954]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1495.877662][T20954]  ? __pfx__copy_from_iter+0x10/0x10
[ 1495.877681][T20954]  ? __build_skb_around+0x257/0x3e0
[ 1495.877698][T20954]  ? netlink_sendmsg+0x642/0xb30
[ 1495.877713][T20954]  ? skb_put+0x11b/0x210
[ 1495.877730][T20954]  netlink_sendmsg+0x6b2/0xb30
[ 1495.877753][T20954]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1495.877773][T20954]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1495.877789][T20954]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1495.877805][T20954]  __sock_sendmsg+0x21c/0x270
[ 1495.877827][T20954]  ____sys_sendmsg+0x505/0x830
[ 1495.877847][T20954]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1495.877869][T20954]  ? import_iovec+0x74/0xa0
[ 1495.877885][T20954]  ___sys_sendmsg+0x21f/0x2a0
[ 1495.877903][T20954]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1495.877945][T20954]  ? __fget_files+0x2a/0x420
[ 1495.877962][T20954]  ? __fget_files+0x3a0/0x420
[ 1495.877986][T20954]  __x64_sys_sendmsg+0x19b/0x260
[ 1495.878004][T20954]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1495.878044][T20954]  ? __pfx_ksys_write+0x10/0x10
[ 1495.878059][T20954]  ? rcu_is_watching+0x15/0xb0
[ 1495.878080][T20954]  ? do_syscall_64+0xbe/0x3b0
[ 1495.878101][T20954]  do_syscall_64+0xfa/0x3b0
[ 1495.878119][T20954]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1495.878137][T20954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1495.878150][T20954]  ? clear_bhb_loop+0x60/0xb0
[ 1495.878166][T20954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1495.878185][T20954] RIP: 0033:0x7f30b638e929
[ 1495.878198][T20954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1495.878210][T20954] RSP: 002b:00007f30b72c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1495.878226][T20954] RAX: ffffffffffffffda RBX: 00007f30b65b5fa0 RCX: 00007f30b638e929
[ 1495.878236][T20954] RDX: 0000000000008000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1495.878246][T20954] RBP: 00007f30b72c0090 R08: 0000000000000000 R09: 0000000000000000
[ 1495.878255][T20954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1495.878264][T20954] R13: 0000000000000000 R14: 00007f30b65b5fa0 R15: 00007fff0f0f3f28
[ 1495.878285][T20954]  </TASK>
[ 1496.257081][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1496.304050][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1496.315056][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1496.324823][   T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1496.364030][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[ 1496.373662][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1496.381795][   T24] usb 5-1: Product: syz
[ 1496.386710][   T24] usb 5-1: Manufacturer: syz
[ 1496.391491][   T24] usb 5-1: SerialNumber: syz
[ 1496.431287][   T24] usb 5-1: config 0 descriptor??
[ 1496.460571][   T24] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[ 1496.467916][   T24] gspca_stv06xx: st6422 sensor detected
[ 1496.803710][   T24] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[ 1496.849076][   T24] usb 5-1: USB disconnect, device number 96
[ 1498.972577][ T5886] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1499.707296][ T5886] usb 5-1: Using ep0 maxpacket: 16
[ 1499.736571][ T5886] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1499.766989][ T5886] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1499.820165][ T5886] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1499.839513][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1499.877076][ T5886] usb 5-1: Product: syz
[ 1499.881840][ T5886] usb 5-1: Manufacturer: syz
[ 1499.886459][ T5886] usb 5-1: SerialNumber: syz
[ 1500.042126][T11419] net_ratelimit: 38 callbacks suppressed
[ 1500.042146][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1500.694266][ T5886] usb 5-1: 0:2 : does not exist
[ 1500.709650][ T5886] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1500.881640][ T5886] usb 5-1: USB disconnect, device number 97
[ 1500.918009][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1501.155059][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1501.164513][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1502.167285][T21014] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1502.183392][T21016] FAULT_INJECTION: forcing a failure.
[ 1502.183392][T21016] name failslab, interval 1, probability 0, space 0, times 0
[ 1502.196954][T21016] CPU: 1 UID: 0 PID: 21016 Comm: syz.5.4059 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1502.196980][T21016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1502.196991][T21016] Call Trace:
[ 1502.196998][T21016]  <TASK>
[ 1502.197007][T21016]  dump_stack_lvl+0x189/0x250
[ 1502.197035][T21016]  ? __pfx____ratelimit+0x10/0x10
[ 1502.197059][T21016]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1502.197082][T21016]  ? __pfx__printk+0x10/0x10
[ 1502.197106][T21016]  ? __pfx___might_resched+0x10/0x10
[ 1502.197128][T21016]  ? fs_reclaim_acquire+0x7d/0x100
[ 1502.197156][T21016]  should_fail_ex+0x414/0x560
[ 1502.197183][T21016]  should_failslab+0xa8/0x100
[ 1502.197206][T21016]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1502.197228][T21016]  ? __alloc_skb+0x112/0x2d0
[ 1502.197252][T21016]  __alloc_skb+0x112/0x2d0
[ 1502.197273][T21016]  netlink_ack+0x146/0xa50
[ 1502.197291][T21016]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1502.197321][T21016]  ? rcu_is_watching+0x15/0xb0
[ 1502.197355][T21016]  netlink_rcv_skb+0x28c/0x470
[ 1502.197376][T21016]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 1502.197398][T21016]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1502.197452][T21016]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1502.197470][T21016]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1502.197493][T21016]  xfrm_netlink_rcv+0x79/0x90
[ 1502.197514][T21016]  netlink_unicast+0x758/0x8d0
[ 1502.197543][T21016]  netlink_sendmsg+0x805/0xb30
[ 1502.197573][T21016]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1502.197606][T21016]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1502.197626][T21016]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1502.197647][T21016]  __sock_sendmsg+0x21c/0x270
[ 1502.197676][T21016]  ____sys_sendmsg+0x505/0x830
[ 1502.197702][T21016]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1502.197732][T21016]  ? import_iovec+0x74/0xa0
[ 1502.197753][T21016]  ___sys_sendmsg+0x21f/0x2a0
[ 1502.197776][T21016]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1502.197835][T21016]  ? __fget_files+0x2a/0x420
[ 1502.197855][T21016]  ? __fget_files+0x3a0/0x420
[ 1502.197887][T21016]  __x64_sys_sendmsg+0x19b/0x260
[ 1502.197912][T21016]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1502.197943][T21016]  ? __pfx_ksys_write+0x10/0x10
[ 1502.197960][T21016]  ? rcu_is_watching+0x15/0xb0
[ 1502.197988][T21016]  ? do_syscall_64+0xbe/0x3b0
[ 1502.198016][T21016]  do_syscall_64+0xfa/0x3b0
[ 1502.198038][T21016]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1502.198061][T21016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1502.198079][T21016]  ? clear_bhb_loop+0x60/0xb0
[ 1502.198100][T21016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1502.198117][T21016] RIP: 0033:0x7f757cf8e929
[ 1502.198133][T21016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1502.198147][T21016] RSP: 002b:00007f757dd17038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1502.198166][T21016] RAX: ffffffffffffffda RBX: 00007f757d1b5fa0 RCX: 00007f757cf8e929
[ 1502.198178][T21016] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[ 1502.198191][T21016] RBP: 00007f757dd17090 R08: 0000000000000000 R09: 0000000000000000
[ 1502.198202][T21016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1502.198212][T21016] R13: 0000000000000000 R14: 00007f757d1b5fa0 R15: 00007ffe9f1f7e68
[ 1502.198243][T21016]  </TASK>
[ 1502.536863][ T5886] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1502.834842][ T5935] usb 7-1: new high-speed USB device number 75 using dummy_hcd
[ 1503.536955][ T5935] usb 7-1: Using ep0 maxpacket: 16
[ 1503.544484][ T5935] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1503.558763][ T5935] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1503.574002][ T5935] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1503.583352][ T5935] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1503.591462][ T5935] usb 7-1: Product: syz
[ 1503.595680][ T5935] usb 7-1: Manufacturer: syz
[ 1503.606279][ T5935] usb 7-1: SerialNumber: syz
[ 1503.636958][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1503.835276][ T5935] usb 7-1: 0:2 : does not exist
[ 1503.845705][ T5935] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[ 1503.879935][ T5935] usb 7-1: USB disconnect, device number 75
[ 1503.908064][ T5841] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[ 1503.930137][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1504.083993][ T5841] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1504.093333][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1504.103326][ T5841] usb 4-1: config 0 descriptor??
[ 1504.185989][ T5841] cp210x 4-1:0.0: cp210x converter detected
[ 1504.409761][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1504.422055][T21031] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1504.504687][ T5935] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[ 1504.676288][T21031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4064'.
[ 1504.745471][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1504.797868][ T5841] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -71
[ 1504.813124][ T5841] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 1504.821377][ T5841] cp210x 4-1:0.0: GPIO initialisation failed: -71
[ 1504.833124][ T5841] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1505.399511][ T5841] usb 4-1: USB disconnect, device number 98
[ 1505.482670][ T5841] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1505.500153][ T5841] cp210x 4-1:0.0: device disconnected
[ 1505.624772][ T5935] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1505.636118][ T5935] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1505.683860][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.697235][ T5935] usb 6-1: config 0 descriptor??
[ 1505.717316][ T5935] pwc: Askey VC010 type 2 USB webcam detected.
[ 1505.751693][T21040] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4068'.
[ 1505.860872][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1505.942759][T21053] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4071'.
[ 1505.992273][T21055] netlink: 'syz.6.4072': attribute type 30 has an invalid length.
[ 1506.306389][ T5935] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1506.327856][ T5935] pwc: recv_control_msg error -32 req 02 val 2700
[ 1506.346320][ T5935] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1506.373059][ T5935] pwc: recv_control_msg error -32 req 04 val 1000
[ 1506.405335][ T5935] pwc: recv_control_msg error -32 req 04 val 1300
[ 1506.421941][ T5935] pwc: recv_control_msg error -32 req 04 val 1400
[ 1506.438410][ T5935] pwc: recv_control_msg error -32 req 02 val 2000
[ 1506.452701][T21035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1506.462857][ T5935] pwc: recv_control_msg error -32 req 02 val 2100
[ 1506.476116][T21035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1506.485959][ T5935] pwc: recv_control_msg error -32 req 04 val 1500
[ 1506.496296][T21035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1506.508548][T21035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1506.518353][ T5935] pwc: recv_control_msg error -32 req 02 val 2500
[ 1506.541526][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1506.740924][ T5935] pwc: recv_control_msg error -32 req 02 val 2600
[ 1506.749108][T21035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1506.758609][T21035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1506.768352][ T5935] pwc: recv_control_msg error -32 req 02 val 2900
[ 1506.776472][ T5935] pwc: recv_control_msg error -32 req 02 val 2800
[ 1506.969075][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1506.998586][ T5935] pwc: recv_control_msg error -32 req 04 val 1200
[ 1507.017909][ T5935] pwc: Registered as video103.
[ 1507.042289][ T5935] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input34
[ 1507.281545][T21071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.290484][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.373777][T21073] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.417421][T21073] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.432868][T21073] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.442405][T21071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1507.470029][T21071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1508.123266][ T5935] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[ 1508.188018][   T24] usb 6-1: USB disconnect, device number 88
[ 1508.312203][ T5935] usb 5-1: config 64 has an invalid interface number: 73 but max is 0
[ 1508.359285][ T5935] usb 5-1: config 64 has no interface number 0
[ 1508.365524][ T5935] usb 5-1: config 64 interface 73 has no altsetting 0
[ 1508.661955][ T5935] usb 5-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=a8.de
[ 1508.823271][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.943134][ T5935] usb 5-1: Product: syz
[ 1508.992958][ T5935] usb 5-1: Manufacturer: syz
[ 1508.997604][ T5935] usb 5-1: SerialNumber: syz
[ 1509.873231][T21097] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4081'.
[ 1510.880926][ T5935] usb 5-1: can't set config #64, error -71
[ 1510.916522][ T5935] usb 5-1: USB disconnect, device number 98
[ 1511.171582][T21106] FAULT_INJECTION: forcing a failure.
[ 1511.171582][T21106] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1511.221225][T21106] CPU: 1 UID: 0 PID: 21106 Comm: syz.4.4087 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1511.221254][T21106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1511.221265][T21106] Call Trace:
[ 1511.221273][T21106]  <TASK>
[ 1511.221281][T21106]  dump_stack_lvl+0x189/0x250
[ 1511.221311][T21106]  ? __pfx____ratelimit+0x10/0x10
[ 1511.221335][T21106]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1511.221358][T21106]  ? __pfx__printk+0x10/0x10
[ 1511.221377][T21106]  ? fs_reclaim_acquire+0x7d/0x100
[ 1511.221408][T21106]  should_fail_ex+0x414/0x560
[ 1511.221433][T21106]  prepare_alloc_pages+0x213/0x610
[ 1511.221463][T21106]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1511.221491][T21106]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1511.221523][T21106]  ? policy_nodemask+0x27c/0x720
[ 1511.221551][T21106]  alloc_pages_mpol+0x232/0x4a0
[ 1511.221578][T21106]  alloc_pages_noprof+0xa9/0x190
[ 1511.221601][T21106]  get_zeroed_page_noprof+0x1a/0x90
[ 1511.221625][T21106]  rds_cong_from_addr+0xd8/0x370
[ 1511.221653][T21106]  rds_cong_get_maps+0x28/0xb0
[ 1511.221676][T21106]  __rds_conn_create+0x9a9/0x2060
[ 1511.221697][T21106]  ? __rds_conn_create+0x2e3/0x2060
[ 1511.221733][T21106]  ? __pfx___rds_conn_create+0x10/0x10
[ 1511.221787][T21106]  ? __raw_spin_lock_init+0x45/0x100
[ 1511.221811][T21106]  rds_conn_create_outgoing+0x43/0x60
[ 1511.221839][T21106]  rds_sendmsg+0x1001/0x1f00
[ 1511.221873][T21106]  ? __pfx_rds_sendmsg+0x10/0x10
[ 1511.221900][T21106]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[ 1511.221930][T21106]  ? __lock_acquire+0xab9/0xd20
[ 1511.221953][T21106]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1511.221973][T21106]  ? __pfx_rds_sendmsg+0x10/0x10
[ 1511.221992][T21106]  __sock_sendmsg+0x21c/0x270
[ 1511.222020][T21106]  ____sys_sendmsg+0x505/0x830
[ 1511.222046][T21106]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1511.222076][T21106]  ? import_iovec+0x74/0xa0
[ 1511.222096][T21106]  ___sys_sendmsg+0x21f/0x2a0
[ 1511.222120][T21106]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1511.222175][T21106]  ? __fget_files+0x2a/0x420
[ 1511.222197][T21106]  ? __fget_files+0x3a0/0x420
[ 1511.222228][T21106]  __x64_sys_sendmsg+0x19b/0x260
[ 1511.222251][T21106]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1511.222281][T21106]  ? __pfx_ksys_write+0x10/0x10
[ 1511.222298][T21106]  ? rcu_is_watching+0x15/0xb0
[ 1511.222326][T21106]  ? do_syscall_64+0xbe/0x3b0
[ 1511.222354][T21106]  do_syscall_64+0xfa/0x3b0
[ 1511.222377][T21106]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1511.222399][T21106]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.222417][T21106]  ? clear_bhb_loop+0x60/0xb0
[ 1511.222437][T21106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1511.222454][T21106] RIP: 0033:0x7f5ce338e929
[ 1511.222471][T21106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1511.222484][T21106] RSP: 002b:00007f5ce41b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1511.222503][T21106] RAX: ffffffffffffffda RBX: 00007f5ce35b5fa0 RCX: 00007f5ce338e929
[ 1511.222517][T21106] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003
[ 1511.222528][T21106] RBP: 00007f5ce41b7090 R08: 0000000000000000 R09: 0000000000000000
[ 1511.222539][T21106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1511.222550][T21106] R13: 0000000000000000 R14: 00007f5ce35b5fa0 R15: 00007ffc85ed2eb8
[ 1511.222578][T21106]  </TASK>
[ 1511.867275][ T5935] net_ratelimit: 7 callbacks suppressed
[ 1511.867295][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1511.881038][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1511.951169][T18227] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[ 1512.279977][T18227] usb 6-1: Using ep0 maxpacket: 16
[ 1512.306330][T18227] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1512.482362][T18227] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1512.491715][T18227] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1512.503615][T18227] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1512.516059][T18227] usb 6-1: config 0 descriptor??
[ 1512.755147][   T30] kauditd_printk_skb: 20 callbacks suppressed
[ 1512.755164][   T30] audit: type=1326 audit(1737.964:3027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21124 comm="syz.7.4095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed72b8e929 code=0x7ffc0000
[ 1512.955640][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1513.068914][T18227] nzxt-smart2 0003:1E71:2009.0028: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[ 1513.230239][T21134] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4096'.
[ 1513.721454][T18227] usb 6-1: USB disconnect, device number 89
[ 1514.147536][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1514.167732][T21135] fido_id[21135]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1514.289562][T21141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4098'.
[ 1515.113222][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1515.511191][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1515.728464][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1516.787003][T21180] wg1 speed is unknown, defaulting to 1000
[ 1516.804499][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1516.816407][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1518.346982][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1518.355411][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1518.419689][T21197] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4110'.
[ 1519.585495][ T3015] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1519.594978][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1520.297070][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1520.324035][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1521.310982][T18227] TC_ACT_REPEAT abuse ?
[ 1521.320078][T21209] netlink: 1004 bytes leftover after parsing attributes in process `syz.6.4113'.
[ 1521.335763][   T49] TC_ACT_REPEAT abuse ?
[ 1521.357590][  T977] TC_ACT_REPEAT abuse ?
[ 1521.397505][T18227] TC_ACT_REPEAT abuse ?
[ 1522.462475][T21226] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4119'.
[ 1522.683825][  T977] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[ 1522.928107][T18227] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1522.936966][  T977] usb 6-1: device descriptor read/64, error -71
[ 1523.049526][T21234] /dev/nullb0: Can't lookup blockdev
[ 1523.613978][T18227] usb 4-1: Using ep0 maxpacket: 16
[ 1523.621362][T18227] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1523.633595][T18227] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1523.652640][T18227] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1523.667429][  T977] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[ 1523.674415][T18227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1523.693361][T18227] usb 4-1: Product: syz
[ 1523.697645][T18227] usb 4-1: Manufacturer: syz
[ 1523.712015][T18227] usb 4-1: SerialNumber: syz
[ 1523.870560][  T977] usb 6-1: device descriptor read/64, error -71
[ 1523.979533][T18227] usb 4-1: 0:2 : does not exist
[ 1523.988379][  T977] usb usb6-port1: attempt power cycle
[ 1523.992010][T18227] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1524.462810][  T977] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 1524.538467][T18227] usb 4-1: USB disconnect, device number 99
[ 1524.556481][  T977] usb 6-1: device descriptor read/8, error -71
[ 1524.590681][T21242] delete_channel: no stack
[ 1524.616687][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1524.811332][  T977] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 1524.854737][  T977] usb 6-1: device descriptor read/8, error -71
[ 1525.052704][  T977] usb usb6-port1: unable to enumerate USB device
[ 1525.894357][  T977] net_ratelimit: 4 callbacks suppressed
[ 1525.894392][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1526.385812][T17245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1526.395045][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1526.407389][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1526.532591][T18227] usb 7-1: new high-speed USB device number 76 using dummy_hcd
[ 1526.743127][T18227] usb 7-1: Using ep0 maxpacket: 16
[ 1526.813932][T21278] binder: 21277:21278 ioctl c0306201 200000000540 returned -22
[ 1526.843749][T18227] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1526.907355][T21279] binder: 21277:21279 ioctl c0306201 200000000640 returned -22
[ 1526.915557][T18227] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1526.990533][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1526.998692][T18227] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1527.023492][T18227] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1527.035731][T18227] usb 7-1: config 0 descriptor??
[ 1527.067379][ T5935] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1527.334610][T11419] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1527.441390][  T977] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[ 1527.503282][T18227] nzxt-smart2 0003:1E71:2009.0029: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0
[ 1527.505368][T11419] usb 4-1: Using ep0 maxpacket: 32
[ 1527.571484][T11419] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1527.590803][  T977] usb 6-1: device descriptor read/64, error -71
[ 1527.601260][T11419] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1527.629424][T11419] usb 4-1: Product: syz
[ 1527.652400][T11419] usb 4-1: Manufacturer: syz
[ 1527.674670][T11419] usb 4-1: SerialNumber: syz
[ 1527.695066][ T5886] usb 7-1: USB disconnect, device number 76
[ 1527.728217][T11419] usb 4-1: config 0 descriptor??
[ 1527.785610][T21290] fido_id[21290]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[ 1527.868784][  T977] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 1528.018640][  T977] usb 6-1: device descriptor read/64, error -71
[ 1528.099196][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1528.138456][  T977] usb usb6-port1: attempt power cycle
[ 1528.215431][T11419] airspy 4-1:0.0: Board ID: 00
[ 1528.232034][T11419] airspy 4-1:0.0: Firmware version: 
[ 1528.323629][T21295] block nbd6: NBD_DISCONNECT
[ 1528.510380][  T977] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[ 1528.544086][  T977] usb 6-1: device descriptor read/8, error -71
[ 1528.665094][T11419] airspy 4-1:0.0: usb_control_msg() failed -71 request 0e
[ 1528.703962][T11419] airspy 4-1:0.0: Registered as swradio24
[ 1528.711173][T11419] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 1528.774583][T11419] usb 4-1: USB disconnect, device number 100
[ 1528.820501][  T977] usb 6-1: new high-speed USB device number 97 using dummy_hcd
[ 1529.361991][ T5841] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1529.401902][  T977] usb 6-1: device descriptor read/8, error -71
[ 1529.577979][  T977] usb usb6-port1: unable to enumerate USB device
[ 1529.672470][T18227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1530.018608][T21319] FAULT_INJECTION: forcing a failure.
[ 1530.018608][T21319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1530.032516][T21319] CPU: 0 UID: 0 PID: 21319 Comm: syz.3.4150 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1530.032541][T21319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1530.032552][T21319] Call Trace:
[ 1530.032559][T21319]  <TASK>
[ 1530.032566][T21319]  dump_stack_lvl+0x189/0x250
[ 1530.032603][T21319]  ? __pfx____ratelimit+0x10/0x10
[ 1530.032627][T21319]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1530.032650][T21319]  ? __pfx__printk+0x10/0x10
[ 1530.032680][T21319]  should_fail_ex+0x414/0x560
[ 1530.032704][T21319]  _copy_to_user+0x31/0xb0
[ 1530.032722][T21319]  simple_read_from_buffer+0xe1/0x170
[ 1530.032751][T21319]  proc_fail_nth_read+0x1df/0x250
[ 1530.032777][T21319]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1530.032803][T21319]  ? rw_verify_area+0x258/0x650
[ 1530.032823][T21319]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1530.032848][T21319]  vfs_read+0x200/0x980
[ 1530.032873][T21319]  ? __pfx___mutex_lock+0x10/0x10
[ 1530.032898][T21319]  ? __pfx_vfs_read+0x10/0x10
[ 1530.032919][T21319]  ? __fget_files+0x2a/0x420
[ 1530.032946][T21319]  ? __fget_files+0x3a0/0x420
[ 1530.032967][T21319]  ? __fget_files+0x2a/0x420
[ 1530.032998][T21319]  ksys_read+0x145/0x250
[ 1530.033019][T21319]  ? __pfx_ksys_read+0x10/0x10
[ 1530.033035][T21319]  ? rcu_is_watching+0x15/0xb0
[ 1530.033065][T21319]  ? do_syscall_64+0xbe/0x3b0
[ 1530.033100][T21319]  do_syscall_64+0xfa/0x3b0
[ 1530.033123][T21319]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1530.033145][T21319]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.033162][T21319]  ? clear_bhb_loop+0x60/0xb0
[ 1530.033184][T21319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1530.033201][T21319] RIP: 0033:0x7f2da5d8d33c
[ 1530.033218][T21319] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1530.033234][T21319] RSP: 002b:00007f2da6ba5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1530.033253][T21319] RAX: ffffffffffffffda RBX: 00007f2da5fb5fa0 RCX: 00007f2da5d8d33c
[ 1530.033266][T21319] RDX: 000000000000000f RSI: 00007f2da6ba50a0 RDI: 000000000000000b
[ 1530.033278][T21319] RBP: 00007f2da6ba5090 R08: 0000000000000000 R09: 0000000000000000
[ 1530.033289][T21319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1530.033300][T21319] R13: 0000000000000000 R14: 00007f2da5fb5fa0 R15: 00007ffd6b2539f8
[ 1530.033329][T21319]  </TASK>
[ 1530.264007][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1530.327807][T18227] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1530.488357][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1530.574670][T18227] usb 5-1: device descriptor read/64, error -71
[ 1530.723240][T14703] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1531.406663][ T5935] net_ratelimit: 39 callbacks suppressed
[ 1531.406696][ T5935] TC_ACT_REPEAT abuse ?
[ 1531.483042][T18227] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1531.509734][T21329] TC_ACT_REPEAT abuse ?
[ 1531.525253][T14703] usb 4-1: device descriptor read/64, error -71
[ 1531.616042][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1531.642558][T18702] usb 7-1: new high-speed USB device number 77 using dummy_hcd
[ 1531.648310][T18227] usb 5-1: device descriptor read/64, error -71
[ 1531.702249][T21343] netlink: 65039 bytes leftover after parsing attributes in process `syz.5.4157'.
[ 1531.715979][T21343] FAULT_INJECTION: forcing a failure.
[ 1531.715979][T21343] name failslab, interval 1, probability 0, space 0, times 0
[ 1531.729956][T21343] CPU: 0 UID: 0 PID: 21343 Comm: syz.5.4157 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1531.729981][T21343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1531.729992][T21343] Call Trace:
[ 1531.730000][T21343]  <TASK>
[ 1531.730008][T21343]  dump_stack_lvl+0x189/0x250
[ 1531.730036][T21343]  ? __pfx____ratelimit+0x10/0x10
[ 1531.730061][T21343]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1531.730085][T21343]  ? __pfx__printk+0x10/0x10
[ 1531.730118][T21343]  should_fail_ex+0x414/0x560
[ 1531.730144][T21343]  should_failslab+0xa8/0x100
[ 1531.730168][T21343]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1531.730188][T21343]  ? skb_clone+0x212/0x3a0
[ 1531.730215][T21343]  skb_clone+0x212/0x3a0
[ 1531.730239][T21343]  __netlink_deliver_tap+0x404/0x850
[ 1531.730273][T21343]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1531.730294][T21343]  netlink_deliver_tap+0x19c/0x1b0
[ 1531.730314][T21343]  netlink_sendskb+0x68/0x140
[ 1531.730334][T21343]  netlink_rcv_skb+0x28c/0x470
[ 1531.730354][T21343]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1531.730375][T21343]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1531.730408][T21343]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1531.730426][T21343]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1531.730452][T21343]  netlink_unicast+0x758/0x8d0
[ 1531.730481][T21343]  netlink_sendmsg+0x805/0xb30
[ 1531.730510][T21343]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1531.730532][T21343]  ? __lock_acquire+0xab9/0xd20
[ 1531.730557][T21343]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1531.730578][T21343]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1531.730599][T21343]  __sock_sendmsg+0x21c/0x270
[ 1531.730627][T21343]  sock_write_iter+0x258/0x330
[ 1531.730652][T21343]  ? __pfx_sock_write_iter+0x10/0x10
[ 1531.730686][T21343]  ? bpf_lsm_file_permission+0x9/0x20
[ 1531.730707][T21343]  ? security_file_permission+0x75/0x290
[ 1531.730739][T21343]  vfs_write+0x548/0xa90
[ 1531.730764][T21343]  ? __pfx_sock_write_iter+0x10/0x10
[ 1531.730788][T21343]  ? __pfx_vfs_write+0x10/0x10
[ 1531.730819][T21343]  ? __fget_files+0x2a/0x420
[ 1531.730851][T21343]  ksys_write+0x145/0x250
[ 1531.730873][T21343]  ? __pfx_ksys_write+0x10/0x10
[ 1531.730890][T21343]  ? rcu_is_watching+0x15/0xb0
[ 1531.730920][T21343]  ? do_syscall_64+0xbe/0x3b0
[ 1531.730954][T21343]  do_syscall_64+0xfa/0x3b0
[ 1531.730977][T21343]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1531.731001][T21343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.731018][T21343]  ? clear_bhb_loop+0x60/0xb0
[ 1531.731040][T21343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1531.731057][T21343] RIP: 0033:0x7f757cf8e929
[ 1531.731073][T21343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1531.731088][T21343] RSP: 002b:00007f757dd17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1531.731107][T21343] RAX: ffffffffffffffda RBX: 00007f757d1b5fa0 RCX: 00007f757cf8e929
[ 1531.731120][T21343] RDX: 000000000000fe33 RSI: 0000200000000080 RDI: 0000000000000003
[ 1531.731132][T21343] RBP: 00007f757dd17090 R08: 0000000000000000 R09: 0000000000000000
[ 1531.731144][T21343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1531.731155][T21343] R13: 0000000000000000 R14: 00007f757d1b5fa0 R15: 00007ffe9f1f7e68
[ 1531.731185][T21343]  </TASK>
[ 1532.050711][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1532.058141][T18227] usb usb5-port1: attempt power cycle
[ 1532.058533][    C0] TC_ACT_REPEAT abuse ?
[ 1532.079030][T17245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1532.087893][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1532.097093][T18702] usb 7-1: Using ep0 maxpacket: 16
[ 1532.102935][  T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1532.112936][T14703] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1532.123969][T18702] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1532.135085][T18702] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1532.141784][T18702] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1532.150948][T18702] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1532.161887][T18702] usb 7-1: config 0 descriptor??
[ 1532.262646][T14703] usb 4-1: device descriptor read/64, error -71
[ 1532.380620][T14703] usb usb4-port1: attempt power cycle
[ 1532.433890][T18227] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1532.456257][ T5831] usb 6-1: new high-speed USB device number 98 using dummy_hcd
[ 1532.470026][T18227] usb 5-1: device descriptor read/8, error -71
[ 1532.607579][T18702] nzxt-smart2 0003:1E71:2009.002A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0
[ 1532.650460][ T5831] usb 6-1: Using ep0 maxpacket: 16
[ 1532.672383][ T5831] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1532.704393][ T5831] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1532.712913][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1532.728721][ T5831] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1532.738270][T18227] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[ 1532.753512][T14703] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1532.766608][ T5831] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1532.786814][ T5831] usb 6-1: Product: syz
[ 1532.791721][ T5831] usb 6-1: Manufacturer: syz
[ 1532.796624][ T5831] usb 6-1: SerialNumber: syz
[ 1532.819426][T14703] usb 4-1: device descriptor read/8, error -71
[ 1532.826492][T18227] usb 5-1: device descriptor read/8, error -71
[ 1532.831349][T11419] usb 7-1: USB disconnect, device number 77
[ 1532.959618][T18227] usb usb5-port1: unable to enumerate USB device
[ 1533.068039][ T5831] usb 6-1: 0:2 : does not exist
[ 1533.086008][T14703] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1533.099997][ T5831] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[ 1533.108248][T14703] usb 4-1: device descriptor read/8, error -71
[ 1533.132838][ T5831] usb 6-1: USB disconnect, device number 98
[ 1533.206003][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1533.237629][T14703] usb usb4-port1: unable to enumerate USB device
[ 1534.016020][T18702] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[ 1534.229515][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1534.370962][T18702] usb 5-1: device descriptor read/64, error -71
[ 1534.743406][T18702] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1534.930214][T21372] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4166'.
[ 1534.946202][T18702] usb 5-1: device descriptor read/64, error -71
[ 1535.059242][T21376] FAULT_INJECTION: forcing a failure.
[ 1535.059242][T21376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1535.066262][T18702] usb usb5-port1: attempt power cycle
[ 1535.094657][T21376] CPU: 1 UID: 0 PID: 21376 Comm: syz.7.4168 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1535.094683][T21376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1535.094694][T21376] Call Trace:
[ 1535.094703][T21376]  <TASK>
[ 1535.094711][T21376]  dump_stack_lvl+0x189/0x250
[ 1535.094741][T21376]  ? __pfx____ratelimit+0x10/0x10
[ 1535.094765][T21376]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1535.094787][T21376]  ? __pfx__printk+0x10/0x10
[ 1535.094819][T21376]  should_fail_ex+0x414/0x560
[ 1535.094846][T21376]  _copy_to_user+0x31/0xb0
[ 1535.094866][T21376]  simple_read_from_buffer+0xe1/0x170
[ 1535.094894][T21376]  proc_fail_nth_read+0x1df/0x250
[ 1535.094920][T21376]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1535.094943][T21376]  ? rw_verify_area+0x258/0x650
[ 1535.094958][T21376]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1535.094980][T21376]  vfs_read+0x200/0x980
[ 1535.095004][T21376]  ? __pfx___mutex_lock+0x10/0x10
[ 1535.095029][T21376]  ? __pfx_vfs_read+0x10/0x10
[ 1535.095049][T21376]  ? __fget_files+0x2a/0x420
[ 1535.095076][T21376]  ? __fget_files+0x3a0/0x420
[ 1535.095096][T21376]  ? __fget_files+0x2a/0x420
[ 1535.095127][T21376]  ksys_read+0x145/0x250
[ 1535.095148][T21376]  ? __pfx_ksys_read+0x10/0x10
[ 1535.095171][T21376]  ? do_syscall_64+0xbe/0x3b0
[ 1535.095199][T21376]  do_syscall_64+0xfa/0x3b0
[ 1535.095221][T21376]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1535.095244][T21376]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1535.095261][T21376]  ? clear_bhb_loop+0x60/0xb0
[ 1535.095285][T21376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1535.095301][T21376] RIP: 0033:0x7fed72b8d33c
[ 1535.095318][T21376] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1535.095332][T21376] RSP: 002b:00007fed739cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1535.095350][T21376] RAX: ffffffffffffffda RBX: 00007fed72db5fa0 RCX: 00007fed72b8d33c
[ 1535.095362][T21376] RDX: 000000000000000f RSI: 00007fed739cf0a0 RDI: 0000000000000003
[ 1535.095373][T21376] RBP: 00007fed739cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1535.095383][T21376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1535.095393][T21376] R13: 0000000000000001 R14: 00007fed72db5fa0 R15: 00007ffe01b0af98
[ 1535.095421][T21376]  </TASK>
[ 1535.363140][T14703] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1535.440058][T18702] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 1535.589605][T18702] usb 5-1: device descriptor read/8, error -71
[ 1535.994502][T18702] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 1536.139142][T18702] usb 5-1: device descriptor read/8, error -71
[ 1536.442701][T18702] usb usb5-port1: unable to enumerate USB device
[ 1536.549851][T18227] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[ 1536.678054][ T5831] usb 6-1: new high-speed USB device number 99 using dummy_hcd
[ 1536.702246][T18227] usb 7-1: device descriptor read/64, error -71
[ 1536.929182][ T5831] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1536.984782][ T5831] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1537.021881][T18227] usb 7-1: new high-speed USB device number 79 using dummy_hcd
[ 1537.061355][ T5831] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1537.224929][T18227] usb 7-1: device descriptor read/64, error -71
[ 1537.331051][T14703] net_ratelimit: 5 callbacks suppressed
[ 1537.331071][T14703] TC_ACT_REPEAT abuse ?
[ 1537.344752][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1537.356215][   T49] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1537.365190][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1537.376116][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1537.390904][T18227] usb usb7-port1: attempt power cycle
[ 1537.530665][ T5831] usb 6-1: config 0 descriptor??
[ 1537.583585][ T5831] pwc: Askey VC010 type 2 USB webcam detected.
[ 1537.591652][T18702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1537.729959][T21402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4178'.
[ 1537.780571][T18227] usb 7-1: new high-speed USB device number 80 using dummy_hcd
[ 1537.790277][T21407] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4179'.
[ 1537.822731][T18227] usb 7-1: device descriptor read/8, error -71
[ 1537.873115][T21412] program syz.3.4180 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1537.986923][T21416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4182'.
[ 1537.997072][T21416] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4182'.
[ 1538.016475][ T1169] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1538.027080][ T5907] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1538.037735][ T5831] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1538.046200][T11419] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1538.055012][ T5831] pwc: recv_control_msg error -32 req 02 val 2700
[ 1538.065772][ T5831] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1538.073549][ T5831] pwc: recv_control_msg error -32 req 04 val 1000
[ 1538.083773][T18227] usb 7-1: new high-speed USB device number 81 using dummy_hcd
[ 1538.092951][ T5831] pwc: recv_control_msg error -32 req 04 val 1300
[ 1538.103509][ T5831] pwc: recv_control_msg error -32 req 04 val 1400
[ 1538.113472][ T5831] pwc: recv_control_msg error -32 req 02 val 2000
[ 1538.120686][ T5831] pwc: recv_control_msg error -32 req 02 val 2100
[ 1538.128022][T18227] usb 7-1: device descriptor read/8, error -71
[ 1538.260731][T18227] usb usb7-port1: unable to enumerate USB device
[ 1538.349872][ T5831] pwc: recv_control_msg error -32 req 02 val 2500
[ 1538.361630][ T5831] pwc: recv_control_msg error -32 req 02 val 2400
[ 1538.368847][ T5831] pwc: recv_control_msg error -32 req 02 val 2600
[ 1538.376084][ T5831] pwc: recv_control_msg error -32 req 02 val 2900
[ 1538.384107][T21387] TC_ACT_REPEAT abuse ?
[ 1538.398524][ T5831] pwc: recv_control_msg error -71 req 02 val 2800
[ 1538.414610][ T5831] pwc: recv_control_msg error -71 req 04 val 1100
[ 1538.420682][T18702] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1538.422297][ T5831] pwc: recv_control_msg error -71 req 04 val 1200
[ 1538.441073][ T5831] pwc: Registered as video103.
[ 1538.453824][ T5831] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input35
[ 1538.481783][ T5831] usb 6-1: USB disconnect, device number 99
[ 1538.602184][T18702] usb 4-1: Using ep0 maxpacket: 16
[ 1538.609700][T18702] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1538.637265][T18702] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1538.658269][T18702] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1538.681443][T18702] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1538.692853][T18702] usb 4-1: Product: syz
[ 1538.697137][T18702] usb 4-1: Manufacturer: syz
[ 1538.718748][T18702] usb 4-1: SerialNumber: syz
[ 1538.950484][T21420] netlink: 'syz.3.4184': attribute type 3 has an invalid length.
[ 1538.958519][T21420] netlink: 100 bytes leftover after parsing attributes in process `syz.3.4184'.
[ 1538.967837][T18227] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 1539.006632][T21420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1539.017939][T21420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1539.039287][T18702] usb 4-1: cannot find UAC_HEADER
[ 1539.051565][ T5831] usb 7-1: new high-speed USB device number 82 using dummy_hcd
[ 1539.079046][T18702] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1539.097263][T18702] usb 4-1: USB disconnect, device number 105
[ 1539.115421][T18227] usb 5-1: device descriptor read/64, error -71
[ 1539.143811][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1539.463555][T21430] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4188'.
[ 1539.853304][ T5831] usb 7-1: Using ep0 maxpacket: 16
[ 1539.979548][T11419] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1540.658591][ T5831] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1540.669408][ T5831] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1540.699692][ T5831] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1540.709319][ T5831] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.717481][ T5831] usb 7-1: Product: syz
[ 1540.722179][ T5831] usb 7-1: Manufacturer: syz
[ 1540.727018][ T5831] usb 7-1: SerialNumber: syz
[ 1540.761772][T18227] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1540.783578][T11419] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1540.818570][T21435] IPVS: Scheduler module ip_vs_sip not found
[ 1540.831493][T21438] IPVS: length: 8 != 169912274800
[ 1540.893327][T11419] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1540.904385][T11419] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1540.923599][T18227] usb 5-1: device descriptor read/64, error -71
[ 1540.957807][T11419] usb 4-1: SerialNumber: syz
[ 1541.061123][ T5831] usb 7-1: 0:2 : does not exist
[ 1541.069856][T18227] usb usb5-port1: attempt power cycle
[ 1541.216408][ T5831] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[ 1541.383990][ T5831] usb 7-1: USB disconnect, device number 82
[ 1541.499593][T18227] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1541.582044][T18227] usb 5-1: device descriptor read/8, error -71
[ 1541.584523][T20097] udevd[20097]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1541.841930][T18227] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 1542.093751][T11419] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[ 1542.121835][T18227] usb 5-1: device descriptor read/8, error -71
[ 1542.287741][T18227] usb usb5-port1: unable to enumerate USB device
[ 1542.500979][T18702] usb 4-1: USB disconnect, device number 106
[ 1542.509201][T18702] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[ 1542.801487][T11419] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[ 1542.817989][T13694] net_ratelimit: 7 callbacks suppressed
[ 1542.818006][T13694] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1542.833665][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1542.843359][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1542.985357][T18227] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 1543.006677][T11419] usb 7-1: Using ep0 maxpacket: 16
[ 1543.013502][T11419] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1543.025929][T11419] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1543.032913][T11419] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1543.042614][T11419] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1543.054859][T11419] usb 7-1: config 0 descriptor??
[ 1543.124613][T18227] usb 5-1: device descriptor read/64, error -71
[ 1543.230227][T21466] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4200'.
[ 1543.246869][T21466] xfrm1: entered promiscuous mode
[ 1543.252114][T21466] xfrm1: entered allmulticast mode
[ 1543.506985][T18227] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 1543.712588][T18227] usb 5-1: device descriptor read/64, error -71
[ 1543.877960][T18227] usb usb5-port1: attempt power cycle
[ 1544.353896][T18227] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 1544.414401][T18227] usb 5-1: device descriptor read/8, error -71
[ 1544.514448][ T5831] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1544.796503][T18227] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 1544.839977][T18227] usb 5-1: device descriptor read/8, error -71
[ 1545.000464][T18227] usb usb5-port1: unable to enumerate USB device
[ 1655.535886][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1655.542877][    C1] rcu: 	0-...!: (1 GPs behind) idle=599c/1/0x4000000000000000 softirq=121661/121662 fqs=45
[ 1655.554245][    C1] rcu: 	(detected by 1, t=10506 jiffies, g=107753, q=148 ncpus=2)
[ 1655.562070][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1655.562105][    C0] NMI backtrace for cpu 0
[ 1655.562121][    C0] CPU: 0 UID: 0 PID: 21465 Comm: syz.3.4199 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1655.562139][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1655.562149][    C0] RIP: 0010:_raw_spin_lock_irq+0x9d/0xf0
[ 1655.562174][    C0] Code: 02 00 00 74 05 e8 53 2f 66 f6 bf 01 00 00 00 e8 a9 17 2f f6 48 8d 7b 18 31 f6 31 d2 31 c9 41 b8 01 00 00 00 45 31 c9 ff 75 08 <e8> 8e 76 3c f6 48 83 c4 08 48 89 df e8 e2 1a 3d f6 48 c7 04 24 0e
[ 1655.562187][    C0] RSP: 0018:ffffc90000007c98 EFLAGS: 00000046
[ 1655.562202][    C0] RAX: 0000000000010002 RBX: ffff8880b8627ac0 RCX: 0000000000000000
[ 1655.562213][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880b8627ad8
[ 1655.562223][    C0] RBP: ffffc90000007d30 R08: 0000000000000001 R09: 0000000000000000
[ 1655.562234][    C0] R10: dffffc0000000000 R11: fffffbfff1f3fc7f R12: ffff888027af3340
[ 1655.562245][    C0] R13: dffffc0000000000 R14: 1ffff92000000f94 R15: dffffc0000000000
[ 1655.562257][    C0] FS:  00007f2da6ba56c0(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
[ 1655.562270][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1655.562281][    C0] CR2: 0000001b2d317ff8 CR3: 0000000057e80000 CR4: 00000000003526f0
[ 1655.562295][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1655.562305][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1655.562315][    C0] Call Trace:
[ 1655.562323][    C0]  <IRQ>
[ 1655.562330][    C0]  ? __hrtimer_run_queues+0x602/0xc60
[ 1655.562353][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 1655.562376][    C0]  __hrtimer_run_queues+0x602/0xc60
[ 1655.562405][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1655.562423][    C0]  ? read_tsc+0x9/0x20
[ 1655.562440][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1655.562463][    C0]  hrtimer_interrupt+0x45b/0xaa0
[ 1655.562511][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[ 1655.562532][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 1655.562552][    C0]  </IRQ>
[ 1655.562558][    C0]  <TASK>
[ 1655.562565][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1655.562581][    C0] RIP: 0010:lock_acquire+0x175/0x360
[ 1655.562599][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 2b 7e fb 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[ 1655.562611][    C0] RSP: 0018:ffffc9000f087518 EFLAGS: 00000206
[ 1655.562623][    C0] RAX: ffc700cffef93f00 RBX: 0000000000000000 RCX: ffc700cffef93f00
[ 1655.562634][    C0] RDX: 0000000000000000 RSI: ffffffff8db5a88e RDI: ffffffff8be1b800
[ 1655.562645][    C0] RBP: ffffffff820e8cbe R08: 0000000000000000 R09: ffffffff820e8cbe
[ 1655.562655][    C0] R10: dffffc0000000000 R11: fffff9400000a261 R12: 0000000000000000
[ 1655.562666][    C0] R13: ffff88801a47b078 R14: 0000000000000001 R15: 0000000000000246
[ 1655.562678][    C0]  ? __pte_offset_map_lock+0x13e/0x210
[ 1655.562696][    C0]  ? __pte_offset_map_lock+0x13e/0x210
[ 1655.562720][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1655.562741][    C0]  _raw_spin_lock+0x2e/0x40
[ 1655.562758][    C0]  ? __pte_offset_map_lock+0x13e/0x210
[ 1655.562773][    C0]  __pte_offset_map_lock+0x13e/0x210
[ 1655.562793][    C0]  ? kvm_vcpu_ioctl_x86_set_mce+0x61b/0x9e0
[ 1655.562811][    C0]  __text_poke+0x2e6/0xa10
[ 1655.562829][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[ 1655.562843][    C0]  ? kvm_vcpu_ioctl_x86_set_mce+0x61b/0x9e0
[ 1655.562865][    C0]  ? __pfx___text_poke+0x10/0x10
[ 1655.562878][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1655.562896][    C0]  ? trace_contention_end+0x39/0x120
[ 1655.562917][    C0]  smp_text_poke_batch_finish+0xd0a/0x1100
[ 1655.562936][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[ 1655.562955][    C0]  ? arch_jump_label_transform_queue+0x97/0x110
[ 1655.562973][    C0]  ? __jump_label_update+0x37e/0x3a0
[ 1655.562992][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 1655.563009][    C0]  static_key_slow_inc_cpuslocked+0x80/0xf0
[ 1655.563030][    C0]  static_key_slow_inc+0x1a/0x30
[ 1655.563043][    C0]  kvm_create_lapic+0x110/0x400
[ 1655.563061][    C0]  kvm_arch_vcpu_create+0x1ec/0x920
[ 1655.563082][    C0]  kvm_vm_ioctl_create_vcpu+0x429/0x930
[ 1655.563107][    C0]  kvm_vm_ioctl+0x7f7/0xc60
[ 1655.563126][    C0]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1655.563146][    C0]  ? do_vfs_ioctl+0x12ba/0x1990
[ 1655.563162][    C0]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1655.563181][    C0]  ? kasan_quarantine_put+0xdd/0x220
[ 1655.563202][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1655.563221][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1655.563238][    C0]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[ 1655.563254][    C0]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1655.563271][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1655.563297][    C0]  ? __lock_acquire+0xab9/0xd20
[ 1655.563316][    C0]  ? __asan_memset+0x22/0x50
[ 1655.563330][    C0]  ? smack_file_ioctl+0x302/0x340
[ 1655.563348][    C0]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1655.563369][    C0]  ? __fget_files+0x2a/0x420
[ 1655.563386][    C0]  ? __fget_files+0x3a0/0x420
[ 1655.563402][    C0]  ? __fget_files+0x2a/0x420
[ 1655.563421][    C0]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1655.563440][    C0]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1655.563457][    C0]  __se_sys_ioctl+0xfc/0x170
[ 1655.563474][    C0]  do_syscall_64+0xfa/0x3b0
[ 1655.563493][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1655.563512][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1655.563526][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1655.563543][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1655.563557][    C0] RIP: 0033:0x7f2da5d8e929
[ 1655.563572][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1655.563584][    C0] RSP: 002b:00007f2da6ba5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1655.563598][    C0] RAX: ffffffffffffffda RBX: 00007f2da5fb5fa0 RCX: 00007f2da5d8e929
[ 1655.563609][    C0] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000008
[ 1655.563618][    C0] RBP: 00007f2da5e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1655.563627][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1655.563636][    C0] R13: 0000000000000000 R14: 00007f2da5fb5fa0 R15: 00007ffd6b2539f8
[ 1655.563655][    C0]  </TASK>
[ 1655.564093][    C1] rcu: rcu_preempt kthread starved for 10200 jiffies! g107753 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1656.178589][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1656.188563][    C1] rcu: RCU grace-period kthread stack dump:
[ 1656.194449][    C1] task:rcu_preempt     state:R  running task     stack:27000 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1656.207957][    C1] Call Trace:
[ 1656.211234][    C1]  <TASK>
[ 1656.214170][    C1]  __schedule+0x16a2/0x4cb0
[ 1656.218705][    C1]  ? schedule+0x165/0x360
[ 1656.223067][    C1]  ? __pfx___schedule+0x10/0x10
[ 1656.227957][    C1]  ? schedule+0x91/0x360
[ 1656.232212][    C1]  schedule+0x165/0x360
[ 1656.236394][    C1]  schedule_timeout+0x12b/0x270
[ 1656.241251][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1656.246628][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1656.252527][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1656.257829][    C1]  ? prepare_to_swait_event+0x341/0x380
[ 1656.263385][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[ 1656.268256][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1656.274413][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1656.279700][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1656.284918][    C1]  ? finish_swait+0xcd/0x1f0
[ 1656.289521][    C1]  rcu_gp_kthread+0x99/0x390
[ 1656.294126][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1656.299338][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1656.304281][    C1]  ? __kthread_parkme+0x1a1/0x200
[ 1656.309318][    C1]  kthread+0x70e/0x8a0
[ 1656.313395][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1656.318600][    C1]  ? __pfx_kthread+0x10/0x10
[ 1656.323192][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1656.328393][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1656.333600][    C1]  ? __pfx_kthread+0x10/0x10
[ 1656.338196][    C1]  ret_from_fork+0x3f9/0x770
[ 1656.342792][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1656.347916][    C1]  ? __switch_to_asm+0x39/0x70
[ 1656.352680][    C1]  ? __switch_to_asm+0x33/0x70
[ 1656.357443][    C1]  ? __pfx_kthread+0x10/0x10
[ 1656.362035][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1656.366817][    C1]  </TASK>
[ 1656.369837][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1656.376159][    C1] CPU: 1 UID: 0 PID: 20194 Comm: udevd Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[ 1656.387786][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1656.397842][    C1] RIP: 0010:smp_call_function_many_cond+0xf6e/0x12d0
[ 1656.404529][    C1] Code: 89 ee 83 e6 01 31 ff e8 60 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 0b 74 0b 00 eb 37 f3 90 43 0f b6 04 2c <84> c0 75 10 41 f7 07 01 00 00 00 74 1e e8 f0 73 0b 00 eb e5 44 89
[ 1656.424133][    C1] RSP: 0018:ffffc9000bbd7580 EFLAGS: 00000293
[ 1656.430217][    C1] RAX: 0000000000000000 RBX: ffff8880b873c9c0 RCX: ffff888027628000
[ 1656.438188][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1656.446158][    C1] RBP: ffffc9000bbd76e0 R08: ffffffff8f9fe3f7 R09: 1ffffffff1f3fc7e
[ 1656.454129][    C1] R10: dffffc0000000000 R11: fffffbfff1f3fc7f R12: 1ffff110170c868d
[ 1656.462186][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8643468
[ 1656.470164][    C1] FS:  00007fe9a61d4880(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000
[ 1656.479095][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1656.485676][    C1] CR2: 00007fb10f6d04fe CR3: 00000000539e4000 CR4: 00000000003526f0
[ 1656.493656][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1656.501626][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1656.509602][    C1] Call Trace:
[ 1656.512882][    C1]  <TASK>
[ 1656.515827][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1656.522182][    C1]  ? free_pgd_range+0x144b/0x14c0
[ 1656.527248][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1656.532035][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1656.537244][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[ 1656.542369][    C1]  flush_tlb_mm_range+0x6b1/0x12c0
[ 1656.547506][    C1]  ? free_pgtables+0xa12/0xaf0
[ 1656.552282][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1656.557834][    C1]  ? __pfx_free_pgtables+0x10/0x10
[ 1656.562955][    C1]  tlb_flush_mmu+0x1a7/0x680
[ 1656.567560][    C1]  tlb_finish_mmu+0xc3/0x1d0
[ 1656.572167][    C1]  vms_clear_ptes+0x42c/0x540
[ 1656.576855][    C1]  ? __pfx_vms_clear_ptes+0x10/0x10
[ 1656.582078][    C1]  vms_complete_munmap_vmas+0x206/0x8a0
[ 1656.587640][    C1]  ? __mas_set_range+0x12f/0x3c0
[ 1656.592584][    C1]  do_vmi_align_munmap+0x358/0x420
[ 1656.597720][    C1]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[ 1656.603377][    C1]  ? mas_find+0x962/0xc10
[ 1656.607718][    C1]  do_vmi_munmap+0x253/0x2e0
[ 1656.612321][    C1]  __vm_munmap+0x23b/0x3d0
[ 1656.616751][    C1]  ? __pfx___vm_munmap+0x10/0x10
[ 1656.621698][    C1]  ? __pfx_fput_close_sync+0x10/0x10
[ 1656.627002][    C1]  __x64_sys_munmap+0x60/0x70
[ 1656.631695][    C1]  do_syscall_64+0xfa/0x3b0
[ 1656.636212][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1656.642280][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1656.648433][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1656.653118][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1656.659011][    C1] RIP: 0033:0x7fe9a5b1e097
[ 1656.663431][    C1] Code: 73 01 c3 48 8b 0d 61 2d 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 31 2d 0d 00 f7 d8 64 89 01 48
[ 1656.683038][    C1] RSP: 002b:00007ffdd9392298 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
[ 1656.691468][    C1] RAX: ffffffffffffffda RBX: 00005560dc768bf0 RCX: 00007fe9a5b1e097
[ 1656.699441][    C1] RDX: 0000000000000000 RSI: 00000000009480e8 RDI: 00007fe9a5000000
[ 1656.707413][    C1] RBP: 00005560dc768910 R08: 00005560dc77b110 R09: 0000000000000006
[ 1656.715388][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 00005560bef07588
[ 1656.723357][    C1] R13: 00007ffdd9392320 R14: 0000000000000000 R15: 0000000000000000
[ 1656.731345][    C1]  </TASK>