last executing test programs:

12m10.620756807s ago: executing program 1 (id=2):
r0 = socket$kcm(0x10, 0x2, 0x10)
close(0x3)
io_setup(0x401, &(0x7f0000000280)=<r1=>0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c09c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
futimesat(r2, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={{0x0, 0x2710}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
io_submit(r1, 0x3, &(0x7f0000001b00)=[0x0, 0x0, 0x0])
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose, 0x8}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x1000010, 0x40010, r4, 0xf3a23000)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="a00000001a000000000000000000008400130000000000000000000000000000000000000000000000000000185d00"/147], 0xa0}}, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r5, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r5, 0x80)
accept$netrom(r5, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

12m9.525177038s ago: executing program 1 (id=11):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000060000000405"], 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
bind$inet6(r2, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c)
listen(r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c)
listen(r1, 0x0)
epoll_create1(0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcdd, r0}, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r5, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r3], 0x44}, 0x1, 0x0, 0x0, 0x240448e0}, 0x0)

11m54.239113262s ago: executing program 32 (id=11):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000060000000405"], 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
bind$inet6(r2, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c)
listen(r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x6e22, 0x9, @empty, 0x6}, 0x1c)
listen(r1, 0x0)
epoll_create1(0x0)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcdd, r0}, 0x38)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x803, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001d0025bd7000fadbdf2500000000", @ANYRES32=r5, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r3], 0x44}, 0x1, 0x0, 0x0, 0x240448e0}, 0x0)

6m4.942381408s ago: executing program 4 (id=1466):
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180))
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r3)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x20000, 0x2)
fcntl$setlease(r5, 0x400, 0x1)
r6 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5`\xda\xca\xd1\xab:\x18\x10\x9b\xd0w', 0x0)
write$binfmt_misc(r6, &(0x7f0000000180)="e502", 0x2)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r7=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r8, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(r8, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x3}}, 0x10, 0x0}, 0x4880)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x2020, &(0x7f0000000100)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x2, {0xa, 0x4e22, 0x2, @loopback, 0x6}}}, 0x80)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r9, 0x400452c8, &(0x7f0000000100))
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000540)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000500)=0x1, r7, 0x0, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000200)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e23, 0x5, @loopback, 0x5}, r7}}, 0x30)

6m3.735135366s ago: executing program 4 (id=1470):
mount(&(0x7f0000000000)=@sr0, &(0x7f0000000440)='./cgroup\x00', &(0x7f00000000c0)='ext4\x00', 0x69811, 0x0)
r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind(r0, &(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e20, @loopback}, 0x0, 0x1, 0x4, 0x4}}, 0x80)

6m3.625140748s ago: executing program 4 (id=1471):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x32)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b", 0x44}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xa3}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1}, 0x20002100)

6m3.423955782s ago: executing program 4 (id=1472):
syz_usb_connect(0x3, 0xca, &(0x7f00000000c0)=ANY=[], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0})
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r1)
socket(0x28, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040)=0x3, 0x4)
epoll_create1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r2 = getpid()
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r2, 0x2, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x3, 0x0, 'queue0\x00'})
write$sndseq(r6, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @result={0x0, 0x1}}], 0x1c)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x311200, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)})
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r7, 0xc01864b1, &(0x7f0000000300)={r9, 0x3, 0x101, 0x0, &(0x7f0000000180)})

6m0.166602072s ago: executing program 4 (id=1480):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'veth1_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
fremovexattr(r1, &(0x7f0000000000)=@known='system.posix_acl_default\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000140)={0x3, &(0x7f0000000080)=[{0x81, 0x3, 0x2, 0x6}, {0xfff9, 0x3, 0x1, 0x6}, {0x8, 0x3, 0x7f, 0x3ff}]})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (fail_nth: 3)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r2, 0x0, 0x2, 0x0)
syz_clone(0x80100, 0x0, 0x62, 0x0, 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_pid(r4, 0x0, 0x0)
splice(r0, &(0x7f0000000000)=0x7, r0, 0x0, 0x400, 0x4)

5m59.208132514s ago: executing program 4 (id=1483):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x0, @private2}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x200001c0)
listen(r0, 0xfff)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680)) (fail_nth: 3)

5m44.123227853s ago: executing program 33 (id=1483):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x0, @private2}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x200001c0)
listen(r0, 0xfff)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680)) (fail_nth: 3)

1m50.788937099s ago: executing program 2 (id=2601):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000100)={0x7})
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000040))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b043900000000000000020000002400048020000180070001006374000014000280080001400000000d080002400000000f0900010073797a30000000000900020073797a320000000014000000110001"], 0x78}}, 0x0)
ioctl$DVB_DVR_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000180)={0x7ae, 0x80000, <r4=>r3})
ioctl$INOTIFY_IOC_SETNEXTWD(r4, 0x40044900, 0x1)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0x38, 0x24, 0xf0b, 0x70bd2c, 0x3, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2, 0xc}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8, 0x4, 0x8001}]}}]}, 0x38}}, 0x4000010)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_usb_connect(0x2, 0x64, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000cb8be7406d04230848390102030109025200010000000009044000000e0100000a240608000b020102000600040007000300390c2402050302161d03f957a31941"], 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e0ffff20000000ff84000aac141440e0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0x10000, 0x1, 0x401, 0x7fffffff, 0x0, [{0x7, 0x2, 0xff, '\x00', 0x38}, {0x4, 0xfe, 0x7c, '\x00', 0x31}, {0x45, 0xb3, 0x81, '\x00', 0xd}, {0x5, 0x9, 0x10, '\x00', 0x6}, {0x5, 0x7f, 0x6, '\x00', 0x79}, {0x7, 0x80, 0x0, '\x00', 0x6}, {0x6, 0x8, 0x1, '\x00', 0x45}, {0x52, 0x9, 0x3, '\x00', 0x9}, {0x40, 0x2, 0x73, '\x00', 0xff}, {0x0, 0xb6, 0x89, '\x00', 0x80}, {0x6, 0xa, 0xa0, '\x00', 0x1}, {0x1, 0x1, 0x3, '\x00', 0x4}, {0x8, 0xc, 0x5, '\x00', 0x8}, {0xd, 0x10, 0x8c, '\x00', 0x7}, {0x0, 0xc0, 0x7, '\x00', 0x3}, {0x8, 0x2, 0xf6, '\x00', 0x2}, {0x7, 0x6, 0x8, '\x00', 0x5}, {0x9, 0x40, 0xfa, '\x00', 0x5}, {0x1, 0x4, 0xbc, '\x00', 0x6}, {0xf8, 0x8, 0xa, '\x00', 0xf8}, {0x8, 0x1, 0xcc, '\x00', 0xb7}, {0x6, 0x6, 0xfe, '\x00', 0xa}, {0xff, 0x0, 0x3, '\x00', 0x7}, {0x16, 0x99, 0x2, '\x00', 0xff}]}})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000100)={r0, 0x7fffffffffffffff, 0xffffffffffff1790, 0xac})
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x88400)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r7, 0x40485404, &(0x7f0000000600)={{0x1, 0x1, 0x7, 0x3}, 0x1, 0x405})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1m48.779491576s ago: executing program 2 (id=2616):
ioctl$XFS_IOC_PATH_TO_HANDLE(0xffffffffffffffff, 0xc0385869, &(0x7f0000000200)={<r0=>0xffffffffffffffff, 0x0, 0x14782, 0x0, 0x4, 0x0, 0x0})
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc22e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x1, "", [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7f7d, 0x0, 0x1, {0x22, 0xeb}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x1}}}}}]}}]}}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x9, &(0x7f00000000c0)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @generic={0x8, 0x3, 0x6, 0x3a3, 0x3ff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xffff}], &(0x7f0000000000)='GPL\x00', 0x101, 0x61, &(0x7f0000000140)=""/97, 0x41100, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0xc, 0x87, 0x7}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[r0], &(0x7f0000000300)=[{0x3, 0x5, 0xe, 0x8}], 0x10, 0x6}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000400)=r2, 0x4)
ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0xc)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = mq_open(&(0x7f0000000080)='\x00', 0x40, 0x8, &(0x7f00000001c0)={0x0, 0x80000000, 0x1, 0xffffffffffffff59})
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r4, 0x8008f511, &(0x7f00000006c0))
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000480)={0x14, &(0x7f0000000440)={0x40, 0x1, 0xc, {0xc, 0x23, "7fa6374e6fff6ed2305d"}}, 0xfffffffffffffffe}, &(0x7f0000000680)={0x1c, &(0x7f0000000540)={0x40, 0x1, 0xed, "480df8d6b351432c94c0b74ef44aa25350b5a56fa376f3c89585b69560850d180d3b46713c815b91fde946149ecf06a84fd65f85ba36d67120dbf3a0948ef924f120f004e6332a36fc97957c4cd856f4e244b9adc022efb92baaee4f7da79d3291614511375191b7614abd1916333cb6f949cc7ab0c054169445787e167489f0528dbbdae4ef9a91c6bac49a801dd7569336ca4c06f5ac11b38b1be8d4bf651495e20944f6d75bd152e48ddeb1df7444e295db2e586b64144e300b2706db1a22ca1f5cba75447c218bb8a320711befea0a56c9b031bf32645f5320ff4258fd2cacb323f8f1a8d5ace0eceb7f32"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x6}})

1m46.867649865s ago: executing program 2 (id=2630):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x18, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (fail_nth: 4)

1m46.348955224s ago: executing program 2 (id=2635):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x3}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x400}]}}]}, 0x3c}}, 0x0)
r0 = io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x2c60, 0x800, 0x10020001, 0x2})
close_range(r0, 0xffffffffffffffff, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x40800, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x800, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x2, 0xa, 0x8, 0x3, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x4)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000003e40)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x5}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x6}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48881}, 0xc0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m45.171871533s ago: executing program 2 (id=2644):
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f00000002c0)='\\ S', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50)
r0 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, &(0x7f0000000200)}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x6000, @fd_index=0x5, 0x73, 0x0, 0x0, 0x1e, 0x1, {0x3}})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m43.467089789s ago: executing program 2 (id=2650):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r0 = socket(0x28, 0x801, 0x0)
close(0x3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4)
recvmmsg(r4, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x40002102, 0x0)
write$binfmt_misc(r3, &(0x7f00000000c0)='J', 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000009702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b7040000100000207207f0ff00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x29}, 0x48)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r5, 0x4040942c, &(0x7f0000000000)={0x0, 0x400, [0x633, 0x6, 0xc, 0x2, 0x5, 0x7]})

1m28.252408207s ago: executing program 34 (id=2650):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r0 = socket(0x28, 0x801, 0x0)
close(0x3)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000780))
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$sock_int(r4, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4)
recvmmsg(r4, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}, 0xfffffffd}], 0x1, 0x40002102, 0x0)
write$binfmt_misc(r3, &(0x7f00000000c0)='J', 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000009702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b7040000100000207207f0ff00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x29}, 0x48)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r5, 0x4040942c, &(0x7f0000000000)={0x0, 0x400, [0x633, 0x6, 0xc, 0x2, 0x5, 0x7]})

16.167461783s ago: executing program 7 (id=2935):
r0 = syz_io_uring_setup(0x315b, &(0x7f0000000080)={0x0, 0xcfca, 0x1042, 0x4, 0x354}, &(0x7f0000000100), &(0x7f0000000300))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x180880, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xc1)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
mount$9p_virtio(0x0, 0x0, 0x0, 0x8c, 0x0)
r6 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f2400190604"], 0x7)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @xdp}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0})
io_uring_enter(r6, 0x3516, 0xc2de, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000140), 0x0)

11.994902514s ago: executing program 7 (id=2940):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0x40000000, &(0x7f0000000140)={0x3, 0x1, 0x365dafa61f90d232, "ee4f6da8d2cf4011ac7b00", 0x33524742})

11.338578747s ago: executing program 3 (id=2943):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00'}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="3800000040000701feffffff44000000017c0000040042800c00018006000600800a0000140002800d0014800400188004000d"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="400b1f00000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYRESDEC=r1], 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r4, 0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
fcntl$notify(r3, 0x402, 0x80000021)

11.318586999s ago: executing program 7 (id=2944):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x114)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10})

10.999873369s ago: executing program 7 (id=2945):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd4}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x1, &(0x7f0000000280)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r6 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r7 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000000840)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b1a03dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc95b4b88e2afb", 0x96, 0xfffffffffffffffe)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x100e}]}, 0x6c}}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r11=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@ipv6_newnexthop={0x34, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x4, {}, [@NHA_OIF={0x8, 0x5, r11}, @NHA_GATEWAY={0x14, 0x6, @in6_addr=@mcast1}]}, 0x34}}, 0x40044)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r6, r7}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha256\x00'}})
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
r12 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$instantiate(0xc, r7, &(0x7f00000000c0)=@encrypted_update={'update ', 'default', 0x20, 'trusted:'}, 0x18, r12)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f00000003c0)=ANY=[@ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000180)={0x0, 0xa, 0x2, "9c7e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

8.413953803s ago: executing program 3 (id=2951):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000240)=ANY=[], 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
mkdirat(0xffffffffffffff9c, 0x0, 0x1e)
mount(0x0, 0x0, &(0x7f0000000080)='debugfs\x00', 0x0, 0x0)
mount$bpf(0x0, 0x0, 0x0, 0x30728a2, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x50000000}}]})
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000100), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@generic={0x88, 0x2}]}}, @dest_unreach={0x3, 0x4, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xffffeff7, 0x40, 0x40000006}, 0x3c)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r6], 0x1c}}, 0x4008054)
socket(0x2, 0x3, 0xff)
socket(0x2, 0x3, 0xff)
syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc)
r7 = socket(0x1e, 0x4, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="900400002c00070100000000ffdbdf25037c000018000180d52a6a1608003500000000000800d200", @ANYRES32=r8, @ANYBLOB="64040280600402800c"], 0x490}, 0x1, 0x0, 0x0, 0x8000}, 0xc010)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="5001", @ANYRES8=r4, @ANYRES16=r7], 0x14)

8.28802894s ago: executing program 0 (id=2952):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0xa, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000075266f83000000000000000004000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x94)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x101040, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = getpid()
getpriority(0x0, r4)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x4, 0x26, 0x8, 0x2, 0x3, 0x101, 0x1, 0x36})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xb0}}, 0x0)

6.922385535s ago: executing program 0 (id=2955):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x114)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10})

6.702431886s ago: executing program 3 (id=2957):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
r1 = syz_io_uring_setup(0x2e8e, &(0x7f0000000400)={0x0, 0xa805, 0x800, 0x1, 0x400251}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000100)=0x2, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000300))
r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001980)={0x0, 0xaf7, 0x9, 0xab, 0x9, 0x8, 0x0, 0x200, {<r6=>0x0, @in6={{0xa, 0x4e22, 0x7ff, @private0}}, 0x8000, 0x6, 0x5, 0x91ff, 0x3}}, &(0x7f0000001a40)=0xb0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000001a80)={<r7=>0x0, 0x8d5}, &(0x7f0000001ac0)=0x8)
r8 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r8, &(0x7f0000000540)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0}}], 0x1, 0xc000)
r9 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f00000003c0)={r10, 0x0, 0x20}, 0xc)
sendmsg$inet_sctp(r5, &(0x7f0000001c00)={&(0x7f00000002c0)=@in={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f0000001900)=[{&(0x7f0000000500)="a9919099bb4acedc61a9bcaf967cd5b2db6e60e9ce2d79ef18a31bb009517d67a483bee5649f342782a54ba7d6dc63871ba4e11272718df9eecf090140e6cbacf0169ba86fcf516a5e9b3d3b69fabb013f0e60cd868199c7be130b181d000b53e90ecc313ffda511e08028ef94a0384bfd24dcd46481337d6d84219240b9ef83b21f85578123184316b1b11cfd30cdfa00d22fad2232c608aa624b4204a4b7b2c551cd3700", 0xa5}, {&(0x7f0000000700)="f2128792d5f7d1feff", 0x9}, {&(0x7f0000000780)="7aa2a09e294b0713583f3165ff8f88376236da1674012883beacb6883f152025cdad78c55df9d40f99e8e39743210a7eb2a977fd857a7d6a794088ebd530609e3d8b347eb9e6db9860a28142bfd493", 0x4f}, {&(0x7f0000000840)="68918c297c38c21923291f5059538a5b8039b43838eb0b69cba54590fb7d42de44af6310b32b9ce1746ca7fc99fa89bed9b2ee89b8cb953205d80becf2ced2185d0bd16e7a6e692f4885c5471c99ce49be9b003bdbd2349fc29b60ba307e1513f655819030f545d12831a89b10bb9a9bbd377ce92fc3865221fc75ea4d8967928224cedff723b10479b8e9b8c59816fcc078157013887e56ba3ce91cd03b5a798c31fb0a396a5792b011ac0bf7f3dd6df4f68335d31f0a59230f68413d412a57ca4eee2a02baacaccc9f91fe51662238e97726d6d36ad1192e26d14286c69c10b68edfba34973fd2c7bdfbfb4e8cca5128f8b61fa3d40f67235b45923c13df9baf2c34069967af114a09d9e1152628e2da63becca6d63e2ea26b040842ef49901564f35349eb39b4ca8bf8ce2b3fbc2d15df1f4565fec1f068383a9f08eb9470caa05e7829572c9fff07abf62273f5992f413aeaac8f122cd5f11755e0d8e39d262044bdea724f0a519d09c1a3ffac8e030ff99d403947c239cdb46681745bcfc240dcc79006a0ead93da157fdc0fbf48c70f3d7e1380a7cb06acf8460346768661f1453ab7c833958fa4a49e956bcf3404b440623576b63e59a20783c37f1827fd576ac2468c043a520344415a1c35dd437d210bc43749c2f7ebe1756d3893b7cff29d7f3d09a9f142ff901f0a9f8631861f12afc383bf7848d0fc9324fbb185a1a0b3eb278cce06523c160e2b6b57f3ad8783b1af2a6e1764a996118775d03f94e64e74f6483f4b7e280242e109cc155725dc862e3d31c4b0dac034ddee8342a9a5a9db0de3f49dc3d699a3e4576c8ee84873a108af9aee1bfdc3f9e5d005d2bbc6bb6226fa83555f54270a96a3364d6db587da8f5db1bb0962e043ee6ddf03e671fadc9dd1bbc2fe0c94d610b333581b1ca95932638a5c3e5299425cfd958005edf6d454a68520275b1eb1e2f7e2603675bef25e01c45d5b8b47bc8ff6ab349c2dc74fc682894948e363033d7d2afbafbbfa66fabbae1401a0b81ce7d344581a316ca336d47ee55183683af6dcf4ab391703c60712755dbfd4cc93c4a228594136b2a9554cbec09309806bd0fbdb00fde4fdf5ebdd2eff0cd64ffa20d0e80cd28037af5c79e72800849eac83baf467a1f253751217eb11b882407ebca215350342d925fa2b59bda4708fb8f182f102ce1bafd72bf4663a521d0a5ad1de126f4238b20a2bf9b44b7bba0f166c740dac0e988128c619d4ba15afe845ff2fb49c8ca2ea268e1aaa5a6a8655a44fb14f3d05eac85ac8ace83f56980d239f57bfed5e029f3edbfc537ad6fdc4c071a69099a3a488cfc58773d4319ca92c401cca5464725456175ea6ee3de79587a758e6dc242601cae432b616149f5b7a58fa695ef97c350ac1096941fe1720942c971c1b5747bf7033de9f758249d97b817d5366ac8e51cb9e3ab7f4f2547361ff93e63d0d81a8e8100b7b18729a9d53eaf923c85868a74471e00771024117aa0656be3b79f39bfbe6963cef13f1f9fbd51762b46a3f71808ecc093e1148a15b0e32d39b4415f29cb9a993928e9113a4b4b318a2b37206d763ea0ab866681b35c639c1bff6d5ea51248a1118e501db869c3ca3a2925d0d8761056552d227f2c95fcb450bc269291853bfef6b353abb2382c2f3e8d2bfb5d64ebd4aac05e03be18afbd6a825c1b397de66da7f689ae7baa087894c505f06bfba58ecd33868974fdf766a3809ec4cd3b3d909a0511e3b83f5865cdd5e2ef29f9c9ff5a422b9756c3d9c42847ba2c5676e5b6597a497597d91b21721f95e1c0426b90ec6d0a10bcc6373dd89ec5b80bfcd629803804a00f3589ad8726ac4d16f7aa944c40bd5addad105e4d38452cfa1f020040921ca6dff7d5aaec86cd6a6c2c0558b8e628c3ce0c8d9c2abdb6e0578a30419b902ddec760d369c24d206cf47d9787a36ac1f0ce4a08fb40697b167e2a482d9079eb6523c06ae3694402e7546cb1bb2219d83be5f3190a455a4f5d22f9f5c271de52296af7b64f0485e9b9f1333ad6d83dbc4e3bca683d5c2048296d1caa4f79cb9104b0dbf9d5b28d0d7dbdf9182b2563977b1442eae2397d4e177dcc99f02f27310be966f8402e6daf402dafe6e237426a6b27b3534b362b82679bb3c74cf4c3c2fdd04b3fd7990870ad19163c1d63c856957db24224bbac6721de19baa9d405389dd4bd92dc8320c30b1a80e6450c5fb15d1b84c4f770ca86c9fb5a220cf6953574ff6c53a64ee4fb95d90bb5971f220425e8a86996606101c56daa16fdb0dd84c07ce6e1c307f2a3d39a3b35b091c1d763fec19e363a9a68afeef535490ecc13972e7ddd4581c6f4ef5e9c2bbf3eb48b6506892b4e9a097dc1a6bed07fad613877f8376a4551e95168660eba88a3866867d94e25f00445e412848ccd73ffc24ef79986fbf2689440b59fabbc56d6df4d4460137815d41fecb390069b2aba76804fe5d80d240c5e4e278e8d22ee1e51a75ea0e51a49fc550040c568aedc968aee1da454e391d96227dfcc8787720d53c781168009a95af624aa2b0083e414ed77d140852bd7eac19cd21c84a787dc5a8fac9acb23365d22e591475711804a1e436a9c73ea91cd52bab0c3c4597c4e212d8b38d8307ced0810520cbec10f1169989cff03cadbb6f543c207d83a026bbbed4186b323ba62ccabaecf7164b6e89662e798886e265de7e77fa7988a8189cb27f0443fdc2a7dc6f3ef0e619c6c525b5a6a5cdb3318d46873eaeeac168966d625078485d4950307caa8f296505619d06530c7adb7e73e25b2d9901c1470dec0b21d42a2823c5ce3aabee0e8d94ccfc1457104cbf7e15ad707402041c1bd4392b16543fee2527f5bbc7021844f94cc707b115556351fcfe60ef274ff3f871a52d829e80c913fb2228c94fb76d6013d9e57775d0f56bc376873e1a4442ca847ab698c132a68645539d81a9fb675d7af0e657812930c52a40c6212412d3948c3b58a6b1defbf21bd4fba56638b114e40111efed777b0ca845eb62a6849db25d867ff154e412885881d1722dbc2820e08a358c1fe1990a7db25d8c52eb5b671169af37e6b5d7fdef0e4b1e3d9c9a58017be40265d98e52a0e795cccfac3f8bc8e56814213c671947ad62ee09404a9c667eb96a1ed6649db88a6db64e32846e218f13363f166e3f281a6d4a0cfc665223df157e09b1fe7030250d3095b0ca818005a274bfa301991ebd898adfef1c06f1f7c0aa99dae43333bd0c3227fdc0df21b35d7545f7a463965b3f8937e41733e49694972b0e4fffad3f2d82b40b8cdade18be2b88bd5252bdc231b03e73f6ee61ec7fb4e64204f75c3a36167a7c1a59328566c055e2ddd09a7a44d287bef09d0d2b1d22fbf00819983e42e86ddebfd1ea20792347ee0210ac0a909e12bec2def134f383f9b7919134624f033a6834a5f68974ff38d2250edc9c0b61f1c3f360190590490f256ee4c31aa9474a83346f3a1454978ff8d14d3321fcb698bbbd3092627f28046dda12789be9936b9cf071482542c1d551120aba73354aad648df2f797bd8cbeb608c41d969257b395947eeee64e29c1f784a65caf63fe16af878fa735bc584272e48eefa5ec38659147a264544848e2f7143463b0679b6b8d03226c280659f021761845e178d89af92b151fefb878b1432205bde7eb1b81419049c6e26fce78482b78002e3643b45a9fcb279d02d3e4c4773ced07f1482ecf7567103a368c25b934cacefb696c128ba762422abdbbb3b513f33bb0f792afdb4ec3bbdfa7fef44d59c5972348aad265795749a7ddc4b6903de6e4d1f3f90ea1b5af96dcd0f62879974f4fa2cd3f74c5687fab61ac5227fb177ac9ceb00f800ba828604c04320f0b0589932e84a34b267e1ab70253c41c26f632945a0e074f83bdd0fb8da152a37e6b9fcd17ff883608cbaf6c96cf944296b3e7c258a4dff45dfd95fac2f8b3f3405a258de27c339a562b50750f49dd94a99c2c3c5283f588b03dbe111dce672f4794ccbec166a5ddfffb24a17f5e35605e609e32b33b85c4f15b5ee4356dc22abfc3623acb1870cc4bc3105f79572f6179e14a2599b91622c05181b2f837acaed907aae9e94a2945ef9e971a7dbf8c73da1cdb160e84915039bf8bf8d6c1d8c9f3b4b1326933bb9e3ca61cdc69fb20ac56a01797d8d3872ec953eb33b95cb406cb978a212ae87e7528faf8250dad36d8f64a31c9848544ee756265aab89498422014afb90cb72dee4fed8248e97f4c20111ba19423bca7520df56f4fba964d8badb82aa4e36d487f7429a46a707cea24d87d482bd879e14c2968e4a4fcefdeb9a18b86f27b9fff5328bd27aa4f6a88bcd49d9d478aa914ef5786cdb2e4374e3b6ebc14c815e5ef82792185d363efa3c831524f4fe41c041a5be2e2bc5f0c1cfb69127e34d50aff2b69703a35326f3fc9af5610119eb93f2053db6a560bd1a9a25608d0e011c21ea76a72c5e60b311a93b30d7b6b4184b5a64911facf10c7bfadf9f262cc9ed72f9a7b4edf7bb14f832bec0972991d84c50d3e867d0f4c286378d7ceb035ce1c97d1be948b78468d41887df874921263073dea801b226b99c2e01dc1093d22f097d095e7a4805874485d56235060b0af66f93d039961f0d8739989e6a2d4ecde8f0cdb554f171d7f5cedc9949cfc98ec7bfa3513c0813b669553cc17cceaf907feb6a4a90446514f07d9d11c4545b28b200afb412d73ae817983b25e30bbdc2df43b5d624dc016b8437521a1507ed62d3573404a2d0384b6831223c11f573f6c421ce60b4f898bf34ea3af50e4c6e9a50f4d18ff7b0d2de6528013d4e3f29dd253955ba450799fe966433e72352374074acee52893e3a4725052288fbc4cd1f752a5a16dc37a2d56381e0e882515f814ac20e5da3314e9737a32ef5e343db19e5110c05ed5f6667b99ed5a11e449eee43f6833405773afe32c1a9028e26dec3ba8f6dc81aa88e1f80dad0ce8e707c1b440c18021e07b52313e3c121765c9946c4d93af49eff35d2184da49917e7ba863fd5850b698f873d176188553b5b7e5175194e52d48de2e724f9b9e0de141704df674291a53ccdaf99127ee80c551fcd0696fe88d9a06f2faa18aaf53f26478738ff230ccb1f8566443f12d5c4643ec2e9cb99ce4b49d706eeb6b9f6bfcf7d120b87b85cab04c696aace03f26535066d908280a30a9ca67a693371db11c6eaba2b1ab2c196734a0ee24d50f434a4b196399b3f06afbf7c3483a91b477cfa058e611be98942a22763a41a1308cbd0a20f74015a1100f6574193d19890f7fd2f6e0cea4ec3aa4e1c8001defe62b01f60c0d9ba9eaf92652b4ba86ef280b8433e291e1e208d740bb409195f79f7fa575eee15ecc106f9d91cad56d2a4594b0734e59798c1a1c493c2bc09a5c98f9c74c984045bbecdc3eef85c569f410f9e5d82afc453c15005fb467f1626d5c973b0442081e8c5bdd9abc411356f75b4ee175f163d9967381ef9aef76942b614228df3307806b577fd3df67b3420d85ca58ef205818c1dd5d75e00415b2b7835c56e5ffdfe76d248a01119b71348dfc746c15db86e4037927b4484bd13a45855e7cf88c9fde1f1d69d97dfcf45356765fb210685ed6da0e1d6e70be566a6e62c3df0f1c9af2f7b9e82db615b4ede0f2154396bf203459051c2d3d5bc69950ee6cf20da54a861a593ca444cb2e434c622b4e760d46cc70d27eeccad5151cbf6ee448663b3547935fcc417e1188afa48fb485ad9a9b1234965374871535085c8889c2621", 0x1000}, {&(0x7f0000001840)="9daf002bfa7c5bde46e8d33b620c7b878fc345fdec2b1dffa1cf367d213d3e311cdbf8931ac759e6f4633af0cc882d9aeae3c48fced7f5f790eb10885e23ef778e053854cbc7440ddbcefcdd133305fd111f07857a0ddcbd7514b823df671ed0dff263b946253a140b564adc733f64400777856ec0b3ca9130ec1c668f644f6dc91133ea742fd6bd9a977b2e57c1c921edbcf523fd230e580a2cca39e3f050863ceb2b", 0xa3}], 0x5, &(0x7f0000001b00)=[@dstaddrv6={0x20, 0x84, 0x8, @dev={0xfe, 0x80, '\x00', 0x3d}}, @init={0x18, 0x84, 0x0, {0x5, 0x6, 0x0, 0x9}}, @sndinfo={0x20, 0x84, 0x2, {0x2, 0x8002, 0xf955, 0x6, r6}}, @authinfo={0x18, 0x84, 0x6, {0x9}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x9}}, @sndinfo={0x20, 0x84, 0x2, {0x7, 0x7, 0x0, 0x14d400, r7}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x24}}, @sndrcv={0x30, 0x84, 0x1, {0xb, 0xc, 0x8001, 0x8000, 0x8, 0x5, 0x9, 0xd, r10}}], 0xf0}, 0x800)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r12, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r12], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r13, 0x0, 0x0}, 0x10)
write$UHID_CREATE2(r11, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r11, 0x0)
syz_io_uring_submit(r4, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456})
io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x20009090)

6.3493577s ago: executing program 0 (id=2958):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x4}}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x0, &(0x7f0000000100)})
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)=@v3={0x3000000, [{0x8}, {0x0, 0xfffffff6}]}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000001f40)=@usbdevfs_disconnect={0x8})
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x405}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8890}, 0x24008084)

5.453328593s ago: executing program 5 (id=2960):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x6c033, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3)
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) (fail_nth: 3)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0xb, 0xb, {0xffffffffffffffff}, {0xee01}, 0xffff, 0xcd09})
keyctl$get_persistent(0x16, 0x0, 0x0)
setreuid(0x0, 0x0)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x2a, 0x0, &(0x7f00000000c0))
ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000040), 0x0, 0x0)

5.299948535s ago: executing program 3 (id=2962):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x7, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x3, 0x0, 0x10000}, {0x10000002, 0x0, 0x0, 0x9}]}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
close(r0)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x100)
fallocate(r3, 0x56, 0x9, 0x7fffffffffffffff)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x2, @loopback}, 0x10, 0x0, 0x59}, 0x10)
r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
writev(r4, &(0x7f0000000240)=[{&(0x7f0000001680)='0', 0x1}], 0x1)
r5 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0)
writev(r8, &(0x7f0000000080)=[{&(0x7f0000000180)=' ', 0x1}], 0x1)
recvmsg$unix(r6, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r9=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r5, 0x84, 0x64, &(0x7f0000000000)=r9, 0x10)
setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10)

5.207844363s ago: executing program 0 (id=2963):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000280)=[{{&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000180)=[{&(0x7f0000000300)="caafd73e68d225b0af1ea6cd06f6fa82b9e560fd3de12ec71918aac2df125018db71ed36d64f262832553b23cce88659eb4010fb9f30c5cc243ef0e0a05ade1a4e883e01e9abee6571b77eb12434db219f04aa285ec206a0e2cd4b27fd98770c75e90364ece86a330811f03141880ec4000000000000003f7697a0baab1e6514f420c3d6bf7b554cd027ccaf9775f7d6b2990616abecae48423084320db83fb0ea966674a66e20d532d2280cd41c485c2a23d680cd86ca7917613bb5d852214f01b71c22b2a611b47c00061db7fff810769159c6bafe76116dd6b2d346902a59c9c4dc6308aa81120aceeaa7", 0xec}, {&(0x7f0000000400)="dd98c07e2a569299b19fce8d44b9243a549057b4eb406fef7c69c4fba56cffa55d48e4d55474cc7edad0e1790c8d94d13d1c1a9e5c4a719263b2473af6b1ecd3ce732a92f4357008f3413c1139d87fc17886a08bf6c3998c6c9fbb692b2241beeca2d2b53648fd1f943ea85ef0fb5d4b37d1647d362f376434baaeaa13c773c1e8133bcc1cc968393cfcf50f2054292dc98e9f7a377dcf1d1c6506f0588d4290344a860af4415a4fdec6d3661638bf7dfb5516cb80648bd8b6588545919782b6613a9b486cb66f75b3", 0xc9}, {&(0x7f00000000c0)="79d4bb1df0eb1f3de0bc544e9f3e472763d493c82f7260ee1fb6498559667ba2f02bc429c2d6c8818e23dd68508a6c491cffd3a260ae2c2b5bf88e4a9957bd3d99fd629dba65c1afd1b4b15a6578234b3be79d67708013daa16739ae5d7363960fcc26c1d84d3d4da69a939742e3aa", 0x6f}, {&(0x7f0000000500)="efa7775030a053d64991590ea7d7cc46a9200c3be5f0f177aa11096088b18a8251883cd23dbfa1c481a906194c4890dfe42e899b79101e086eaeceb2e57665e7f5df051d3161bb185dfe7d4d65708920bcbc9c567beb616cef916c923818dc08db8218099e9b1968429b425a55e790b36b5cdebc8887f4a030c0c09645848b4a14e11dffff3e2a436a2bba84a3ad422a0e8e2c4a3dff355421a37dc45959b101e2809d5def37c04104cac436de02d3813aa8bc4f3637ae9b0b955681322a3a65229adc5cddde2d7ad226aa800e9f56d4", 0xd0}, {&(0x7f0000000600)="f614a0d1ca18637d6b7fca11b545bec7de3b417d587e2b71c7b3d9248d09ec68279c358c4779ee2a5e79814d0fc436386aa60308a410a50519957dea61fb49713c2c93a9fe575b9b27f94f0d4a1087b8cdba0f4784105bb0d8eecc6aaebca618938728ff11b3fe13ca15f1b48f8442776d71cd84ea87487eb02cf103f9b933fc1fbb8dac2caac1b0c5875b2276", 0x8d}], 0x5, 0x0, 0x0, 0x44000}}], 0x1, 0x4000000)
sched_setaffinity(r0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
socket$inet6(0xa, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)

5.12987469s ago: executing program 5 (id=2964):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x101, 0x2})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs2/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x19040)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@host, 0x2})
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0xffff, 0x1800}], 0x1f4, 0x0)

4.331497961s ago: executing program 3 (id=2965):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0xa, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000075266f83000000000000000004000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x94)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x101040, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = getpid()
getpriority(0x0, r4)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x4, 0x26, 0x8, 0x2, 0x3, 0x101, 0x1, 0x36})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xb0}}, 0x0)

4.016808969s ago: executing program 5 (id=2966):
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' '], 0x20}, 0x1, 0x0, 0x0, 0x24048055}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000002c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x30}}, 0x1c, 0x0}}], 0x4000220, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
fcntl$dupfd(r1, 0x0, r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
keyctl$restrict_keyring(0x5, 0xfffffffffffffffe, 0x0, 0x0)
request_key(&(0x7f0000001040)='user\x00', &(0x7f0000001080)={'syz', 0x3}, &(0x7f00000010c0)='&\'-{\x00', 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x100008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$gtp(0x0, r3)
sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000", @ANYRES16=r4, @ANYBLOB="0100000000000000000003000000"], 0x14}}, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000003c0)='%/,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\bE\xd15ec>:D+\xb7+\xe7Ia\b\t\x86\xad&\x9a\x82PP\xd8\xac#<\x02\xfd\x94I\x93\xab\xc1T\f\xd0T\xc8\xb0\xf938\x12\xee_v\xebL\xb1A1\xf1i\xe3\x8a\xc2\x14\x97P$\xa6\x11\xdc\x99\xa2>\xeeFNZui\x9emWt\x8c\xadH\xd1<\x05[\x9c\x87H\xdes\xf7\xdf\xe9y\xd7\xb1\xc5\rh\xa5\xe3\xaf\xa1\x95\x1b\xdb\xa3\xf5\xdc\x18$\xf0\x93w', 0x0)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)

4.001482015s ago: executing program 6 (id=2967):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100002000) (fail_nth: 4)

3.295582601s ago: executing program 6 (id=2968):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x114)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10})

2.452507377s ago: executing program 5 (id=2969):
r0 = syz_open_pts(0xffffffffffffffff, 0x2002)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000))
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x0)
r1 = accept4$x25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x1000)
ioctl$SIOCX25GCAUSEDIAG(r1, 0x89e6, &(0x7f0000000080)={0x3, 0x3})
fcntl$getflags(r1, 0x408)
ioctl$TCSBRK(r0, 0x5409, 0x5)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
ioctl$DVB_DEMUX_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000100)={0x7, 0x0, <r3=>r2})
getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000140)={'icmp6\x00'}, &(0x7f0000000180)=0x1e)
r4 = accept$inet(r3, 0x0, &(0x7f00000001c0))
ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000200)=@generic={0x1, 0x5, 0x9})
ioctl$XFS_IOC_FSGROWFSLOG(r3, 0x4008586f, &(0x7f0000000240)={0x5, 0x200})
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/consoles\x00', 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r6, 0xc0045003, &(0x7f0000000340)=0x1)
ioctl$KDDELIO(r5, 0x4b35, 0x6)
ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000380)=0x7)
ioctl$XFS_IOC_FSGEOMETRY_V1(r4, 0x80705864, &(0x7f00000003c0))
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000440)=0x8)
setsockopt$inet_mreq(r3, 0x0, 0x23, &(0x7f0000000480)={@rand_addr=0x64010100, @local}, 0x8)
setsockopt$MRT_DONE(r5, 0x0, 0xc9, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
ioctl$FS_IOC_READ_VERITY_METADATA(r4, 0xc0286687, &(0x7f0000000640)={0x2, 0xe, 0xdd, &(0x7f0000000540)=""/221})
ioctl$SIOCX25SCAUSEDIAG(r5, 0x89ec, &(0x7f0000000680)={0x5, 0xf8})
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f00000006c0)={0x1, 0x7, [@empty, @empty, @link_local, @random="25d21ee43753", @broadcast, @empty, @remote]})
epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r6, 0x4018f514, &(0x7f0000000700)={0xe2e9, 0x80, 0x2})

2.450444971s ago: executing program 3 (id=2970):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000029c0)=@base={0x7, 0x4, 0x100, 0x3}, 0x50)
r1 = getpgrp(0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioprio_set$pid(0x2, r1, 0x4004)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001080)={0xffffffffffffffff, 0xffffffffffffffff, 0x4}, 0x6)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x88841, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000140)=[0x0], ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x2, 0x8, &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x3b, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x3f, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000740)={r4, r5, 0x25, 0x1a, @val=@kprobe_multi=@addrs={0x0, 0x6, 0x0, &(0x7f0000000700)=[0xd, 0x8, 0x80, 0x101, 0xfff, 0xfffffffffffffffb], 0x5}}, 0x30)

2.320802616s ago: executing program 0 (id=2971):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
close(r0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0xc81)
r2 = fcntl$dupfd(r1, 0x406, r1)
write$tun(r2, &(0x7f0000000480)=ANY=[], 0xa2)
readv(r0, &(0x7f00000002c0)=[{&(0x7f0000001480)=""/4078, 0xfee}], 0x1)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x10001, 0x7, 0xb, 0xffdffffe})
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r4, 0x1)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
sendfile(r4, r5, 0x0, 0xffffffff004)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x1)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r6, 0xc08c5334, &(0x7f0000000040)={0x9, 0x3, 0x0, 'queue0\x00', 0x80000001})
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x610980, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000340)={'dmm32at\x00', [0x8005, 0x5, 0x0, 0x100, 0x27, 0xcc7, 0x8, 0x7, 0x3, 0xff, 0x0, 0x0, 0xa, 0x2, 0x7, 0x2009, 0xfffffffe, 0x40ed, 0x43, 0x40000003, 0x89, 0x6beab93e, 0xf27, 0x6, 0x800b, 0x4, 0x2, 0x0, 0x4fa7f95b, 0x5, 0x5149]})

2.260130999s ago: executing program 6 (id=2972):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d40), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000d80)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x1c, r2, 0x6c012efbdf78a5a5, 0x70bd2c, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000080)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x2, 0x80805, 0x0)
accept$alg(r5, 0x0, 0x0)
getsockopt$bt_hci(r5, 0x84, 0x3, &(0x7f0000001ec0)=""/4106, &(0x7f0000000180)=0xfffffffffffffd64)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x54, r6, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x101}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000000)
sendmsg$NL802154_CMD_NEW_SEC_KEY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000640)={0x1bc, r0, 0x200, 0x70bd2d, 0xfffffff7, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_SEC_KEY={0x198, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "377fdb5976974dec04f5504371c48032fa9d836ed74cd1992b8d8a0b7709e4be"}, @NL802154_KEY_ATTR_ID={0x60, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x54, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0xd}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}]}, @NL802154_KEY_ATTR_ID={0x10, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "aa84092ab30e55d8df8c69455b64d008"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x2}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "e82a25060743b65ffd767b17ef6cc9654af598803f0f229f4d6c5d544c552104"}, @NL802154_KEY_ATTR_ID={0x50, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8001}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}]}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "1fefc28df5fbe7b36f731e5109e3f670"}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "94d341e9ffb4a22ab8a95e8957062d69"}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "67032c384ac71f21090821729f12836200"}, @NL802154_KEY_ATTR_USAGE_CMDS={0xfffffffffffffd93, 0x3, "a5a2f11a12f016ec46916b55f3b61e60f085b1e45b13ae2837f44f4170e6e447"}]}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x800}, 0x48040)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x40102, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r8, 0x3ba0, &(0x7f0000000080)={0x48, 0x17, 0x0, 0x0, 0x0, 0x0, 0xd32a})

1.97555249s ago: executing program 5 (id=2973):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x4}}, 0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x0, &(0x7f0000000100)})
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)=@v3={0x3000000, [{0x8}, {0x0, 0xfffffff6}]}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, 0x0)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000001f40)=@usbdevfs_disconnect={0x8})
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x405}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x8890}, 0x24008084)

1.941833427s ago: executing program 7 (id=2974):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000600)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e1e, 0x5, @rand_addr=' \x01\x00', 0x8}}, 0x5, 0x12, 0x0, 0x8001}, 0x9c)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x2004, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r5, @ANYRESHEX=r0], 0x270}, 0x1, 0x0, 0x0, 0x40015}, 0x0)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_buf(r7, 0x0, 0x30, &(0x7f0000016680)="d81716c4dd5507c696fed82eeb089d0ec6f2901792119361521629d076a72cd9bf9018b6ad3ceceaf9642355a699098b62dd2d096e2beeafe9f26b2c266327776525ad644e493961de04a8f2bf5aab07f6383aa15e265707154fec91d24e02e7a3f50dbbeb1286d5b2f45d76f5d4c6991e056698791eb35250a8ae7fd5395a1d44ae98fc1e4616d2c261e0a616e3e7e0", 0x90)
ppoll(0xfffffffffffffffc, 0x0, &(0x7f0000000000), 0x0, 0x0)

1.83992047s ago: executing program 6 (id=2975):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) (fail_nth: 4)

1.084983649s ago: executing program 5 (id=2976):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="02000001000000090090741f1b5d05b37c11e8cb1f73e8f7a3e1a4e7fabb8c0f8d36043a85ee"], 0x0, 0x0, 0x0, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)

957.587411ms ago: executing program 0 (id=2977):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x101, 0x2})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs2/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x19040)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@host, 0x2})
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0xffff, 0x1800}], 0x1f4, 0x0)

895.492569ms ago: executing program 7 (id=2978):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x1c3203, 0x2)
getdents(r4, &(0x7f0000000380)=""/228, 0xe4)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(0xffffffffffffffff, 0x0, 0x1)
fchdir(r5)
r6 = openat$cgroup_ro(r5, &(0x7f0000000100)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r6, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mreq(r6, 0x0, 0x20, &(0x7f0000000040)={@multicast2, @empty}, 0x8)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x6a, 0x4)
bind$inet(r7, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r7, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x81}]}, 0x10)
sendto(r7, &(0x7f0000000900)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3ae52a6b2cdb77ef9af2a603a3e78e0355c09f3bdec242443011f0101251bcef800000000000000006dd50205000000a335445845ad1eaedbe2a4242113527efa170af26f1725", 0x5f, 0x4008044, 0x0, 0x0)
sendto$inet(r7, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x0, 0x0, 0x0)

799.539151ms ago: executing program 6 (id=2979):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x101, 0x2})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs2/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x19040)
sched_getscheduler(0x0)

0s ago: executing program 6 (id=2980):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x86}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket(0xa, 0x5, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000075266f83000000000000000004000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x94)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x101040, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = getpid()
getpriority(0x0, r4)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x4, 0x26, 0x8, 0x2, 0x3, 0x101, 0x1, 0x36})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}}, @NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x68, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x0)

kernel console output (not intermixed with test programs):

16.177600][T20244] Call Trace:
[  716.177610][T20244]  <TASK>
[  716.177620][T20244]  dump_stack_lvl+0xe8/0x150
[  716.177663][T20244]  should_fail_ex+0x46b/0x600
[  716.177707][T20244]  prepare_alloc_pages+0x22a/0x6b0
[  716.177741][T20244]  __alloc_frozen_pages_noprof+0x12f/0x380
[  716.177772][T20244]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  716.177802][T20244]  ? __pfx_policy_nodemask+0x10/0x10
[  716.177845][T20244]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  716.177879][T20244]  ? lockdep_hardirqs_on+0x7a/0x110
[  716.177923][T20244]  alloc_pages_mpol+0xd1/0x380
[  716.177961][T20244]  alloc_pages_noprof+0xce/0x1e0
[  716.177988][T20244]  get_free_pages_noprof+0xf/0x80
[  716.178014][T20244]  __kasan_populate_vmalloc+0x38/0x1d0
[  716.178053][T20244]  ? rt_spin_unlock+0x160/0x200
[  716.178082][T20244]  alloc_vmap_area+0xd73/0x14b0
[  716.178133][T20244]  ? __pfx_alloc_vmap_area+0x10/0x10
[  716.178169][T20244]  ? __kmalloc_cache_node_noprof+0x27d/0x6c0
[  716.178207][T20244]  ? __get_vm_area_node+0x171/0x350
[  716.178238][T20244]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  716.178271][T20244]  __get_vm_area_node+0x226/0x350
[  716.178312][T20244]  __vmalloc_node_range_noprof+0x372/0x1730
[  716.178349][T20244]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  716.178394][T20244]  ? __lock_acquire+0x6b5/0x2cf0
[  716.178424][T20244]  ? kernel_text_address+0xa5/0xe0
[  716.178456][T20244]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  716.178491][T20244]  ? arch_stack_walk+0xfb/0x150
[  716.178527][T20244]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  716.178556][T20244]  __vmalloc_noprof+0xd2/0x120
[  716.178591][T20244]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[  716.178626][T20244]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[  716.178662][T20244]  bpf_prog_alloc+0x3c/0x1a0
[  716.178696][T20244]  bpf_prog_load+0x7ba/0x1ae0
[  716.178743][T20244]  ? __pfx_bpf_prog_load+0x10/0x10
[  716.178797][T20244]  ? bpf_lsm_bpf+0x9/0x20
[  716.178820][T20244]  ? security_bpf+0x7e/0x2d0
[  716.178858][T20244]  __sys_bpf+0x618/0x950
[  716.178897][T20244]  ? __pfx___sys_bpf+0x10/0x10
[  716.178924][T20244]  ? rt_mutex_slowunlock+0x1cb/0x300
[  716.178968][T20244]  ? ksys_write+0x248/0x270
[  716.179006][T20244]  ? __pfx_ksys_write+0x10/0x10
[  716.179050][T20244]  __x64_sys_bpf+0x7c/0x90
[  716.179077][T20244]  do_syscall_64+0x14d/0xf80
[  716.179109][T20244]  ? trace_irq_disable+0x3b/0x150
[  716.179138][T20244]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.179163][T20244]  ? clear_bhb_loop+0x40/0x90
[  716.179193][T20244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.179218][T20244] RIP: 0033:0x7feb060fc799
[  716.179240][T20244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  716.179262][T20244] RSP: 002b:00007feb0434e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  716.179286][T20244] RAX: ffffffffffffffda RBX: 00007feb06375fa0 RCX: 00007feb060fc799
[  716.179304][T20244] RDX: 0000000000000094 RSI: 0000200000000640 RDI: 0000000000000005
[  716.179319][T20244] RBP: 00007feb0434e090 R08: 0000000000000000 R09: 0000000000000000
[  716.179333][T20244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.179347][T20244] R13: 00007feb06376038 R14: 00007feb06375fa0 R15: 00007ffebde4ee98
[  716.179383][T20244]  </TASK>
[  717.565672][T20284] bond1: option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  717.770310][T20284] bond1 (unregistering): Released all slaves
[  717.915453][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  719.930712][T20425] netdevsim netdevsim6 : renamed from netdevsim0 (while UP)
[  720.637022][T20485] 9p: Bad value for 'wfdno'
[  721.677666][   T10] IPVS: starting estimator thread 0...
[  721.765407][T20529] IPVS: using max 7 ests per chain, 16800 per kthread
[  721.935585][ T5928] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  722.095374][ T5928] usb 6-1: Using ep0 maxpacket: 16
[  722.100097][ T5928] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.100133][ T5928] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  722.100159][ T5928] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  722.100205][ T5928] usb 6-1: New USB device found, idVendor=045e, idProduct=17da, bcdDevice= 0.00
[  722.100231][ T5928] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.168950][ T5928] usb 6-1: config 0 descriptor??
[  722.653445][ T5928] usbhid 6-1:0.0: can't add hid device: -71
[  722.653581][ T5928] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  722.699826][ T5928] usb 6-1: USB disconnect, device number 39
[  722.855844][T20583] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2584'.
[  723.175411][ T5928] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  723.305338][ T5928] usb 6-1: device descriptor read/64, error -71
[  723.365390][  T945] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  723.535392][  T945] usb 7-1: Using ep0 maxpacket: 32
[  723.537698][  T945] usb 7-1: config 0 has an invalid interface number: 188 but max is 0
[  723.537728][  T945] usb 7-1: config 0 has no interface number 0
[  723.537778][  T945] usb 7-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  723.540875][  T945] usb 7-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  723.540909][  T945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.540932][  T945] usb 7-1: Product: syz
[  723.540948][  T945] usb 7-1: Manufacturer: syz
[  723.540964][  T945] usb 7-1: SerialNumber: syz
[  723.554464][  T945] usb 7-1: config 0 descriptor??
[  723.555561][ T5928] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  723.556138][T20595] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  723.695327][ T5928] usb 6-1: device descriptor read/64, error -71
[  723.806312][ T5928] usb usb6-port1: attempt power cycle
[  724.414193][T20638] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  724.716943][  T945] asix 7-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  724.813760][  T945] asix 7-1:0.188: probe with driver asix failed with error -61
[  725.046570][ T5928] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  725.076039][ T5928] usb 6-1: device descriptor read/8, error -71
[  725.139835][T20644] FAULT_INJECTION: forcing a failure.
[  725.139835][T20644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.139873][T20644] CPU: 0 UID: 0 PID: 20644 Comm: syz.2.2599 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  725.139901][T20644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  725.139916][T20644] Call Trace:
[  725.139925][T20644]  <TASK>
[  725.139936][T20644]  dump_stack_lvl+0xe8/0x150
[  725.139976][T20644]  should_fail_ex+0x46b/0x600
[  725.140020][T20644]  _copy_from_iter+0x1d3/0x1670
[  725.140055][T20644]  ? trace_kmem_cache_alloc+0x29/0xf0
[  725.140089][T20644]  ? __alloc_skb+0x27d/0x7d0
[  725.140119][T20644]  ? __pfx__copy_from_iter+0x10/0x10
[  725.140143][T20644]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  725.140190][T20644]  ? __alloc_skb+0x27d/0x7d0
[  725.140229][T20644]  ? netlink_sendmsg+0x650/0xb40
[  725.140262][T20644]  ? skb_put+0x11b/0x210
[  725.140296][T20644]  netlink_sendmsg+0x6c0/0xb40
[  725.140332][T20644]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.140367][T20644]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  725.140405][T20644]  ____sys_sendmsg+0xa4e/0xac0
[  725.140447][T20644]  ? __pfx_____sys_sendmsg+0x10/0x10
[  725.140490][T20644]  ? import_iovec+0x73/0xa0
[  725.140522][T20644]  ___sys_sendmsg+0x2a5/0x360
[  725.140561][T20644]  ? __pfx____sys_sendmsg+0x10/0x10
[  725.140631][T20644]  ? __fget_files+0x2a/0x420
[  725.140658][T20644]  ? __fget_files+0x3a6/0x420
[  725.140698][T20644]  __x64_sys_sendmsg+0x1c3/0x2a0
[  725.140734][T20644]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  725.140779][T20644]  ? __pfx_ksys_write+0x10/0x10
[  725.140825][T20644]  do_syscall_64+0x14d/0xf80
[  725.140856][T20644]  ? trace_irq_disable+0x3b/0x150
[  725.140882][T20644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.140906][T20644]  ? clear_bhb_loop+0x40/0x90
[  725.140935][T20644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.140959][T20644] RIP: 0033:0x7feb060fc799
[  725.140980][T20644] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  725.141001][T20644] RSP: 002b:00007feb0434e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  725.141026][T20644] RAX: ffffffffffffffda RBX: 00007feb06375fa0 RCX: 00007feb060fc799
[  725.141044][T20644] RDX: 0000000004041080 RSI: 0000200000006040 RDI: 0000000000000003
[  725.141059][T20644] RBP: 00007feb0434e090 R08: 0000000000000000 R09: 0000000000000000
[  725.141074][T20644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.141088][T20644] R13: 00007feb06376038 R14: 00007feb06375fa0 R15: 00007ffebde4ee98
[  725.141123][T20644]  </TASK>
[  725.335764][ T5928] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  725.368714][ T5928] usb 6-1: device descriptor read/8, error -71
[  725.478934][ T5928] usb usb6-port1: unable to enumerate USB device
[  725.945503][ T5928] usb 3-1: new full-speed USB device number 76 using dummy_hcd
[  726.011063][T20686] FAULT_INJECTION: forcing a failure.
[  726.011063][T20686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.011101][T20686] CPU: 1 UID: 0 PID: 20686 Comm: syz.3.2608 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  726.011128][T20686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  726.011153][T20686] Call Trace:
[  726.011163][T20686]  <TASK>
[  726.011173][T20686]  dump_stack_lvl+0xe8/0x150
[  726.011214][T20686]  should_fail_ex+0x46b/0x600
[  726.011259][T20686]  _copy_from_iter+0x1d3/0x1670
[  726.011295][T20686]  ? trace_kmem_cache_alloc+0x29/0xf0
[  726.011329][T20686]  ? __alloc_skb+0x27d/0x7d0
[  726.011358][T20686]  ? __pfx__copy_from_iter+0x10/0x10
[  726.011382][T20686]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  726.011416][T20686]  ? __alloc_skb+0x27d/0x7d0
[  726.011451][T20686]  ? netlink_sendmsg+0x650/0xb40
[  726.011475][T20686]  ? skb_put+0x11b/0x210
[  726.011509][T20686]  netlink_sendmsg+0x6c0/0xb40
[  726.011546][T20686]  ? __pfx_netlink_sendmsg+0x10/0x10
[  726.011583][T20686]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  726.011620][T20686]  ____sys_sendmsg+0xa4e/0xac0
[  726.011663][T20686]  ? __pfx_____sys_sendmsg+0x10/0x10
[  726.011707][T20686]  ? import_iovec+0x73/0xa0
[  726.011739][T20686]  ___sys_sendmsg+0x2a5/0x360
[  726.011778][T20686]  ? __pfx____sys_sendmsg+0x10/0x10
[  726.011850][T20686]  ? __fget_files+0x2a/0x420
[  726.011877][T20686]  ? __fget_files+0x3a6/0x420
[  726.011917][T20686]  __x64_sys_sendmsg+0x1c3/0x2a0
[  726.011953][T20686]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  726.011997][T20686]  ? __pfx_ksys_write+0x10/0x10
[  726.012045][T20686]  do_syscall_64+0x14d/0xf80
[  726.012080][T20686]  ? trace_irq_disable+0x3b/0x150
[  726.012107][T20686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.012144][T20686]  ? clear_bhb_loop+0x40/0x90
[  726.012175][T20686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.012202][T20686] RIP: 0033:0x7fa3b3cdc799
[  726.012226][T20686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  726.012249][T20686] RSP: 002b:00007fa3b1f2e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  726.012274][T20686] RAX: ffffffffffffffda RBX: 00007fa3b3f55fa0 RCX: 00007fa3b3cdc799
[  726.012294][T20686] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[  726.012310][T20686] RBP: 00007fa3b1f2e090 R08: 0000000000000000 R09: 0000000000000000
[  726.012324][T20686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.012344][T20686] R13: 00007fa3b3f56038 R14: 00007fa3b3f55fa0 R15: 00007ffe8d53fa18
[  726.012387][T20686]  </TASK>
[  726.124768][ T5928] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  726.124851][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  726.124906][ T5928] usb 3-1: config 0 has no interface number 0
[  726.151420][ T5928] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  726.151514][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.151587][ T5928] usb 3-1: Product: syz
[  726.151630][ T5928] usb 3-1: Manufacturer: syz
[  726.151673][ T5928] usb 3-1: SerialNumber: syz
[  726.258017][ T5928] usb 3-1: config 0 descriptor??
[  726.555784][  T945] usb 7-1: USB disconnect, device number 20
[  726.630870][ T5928] uvcvideo 3-1:0.64: Found UVC 0.00 device syz (046d:0823)
[  726.630909][ T5928] uvcvideo 3-1:0.64: No valid video chain found.
[  726.637572][ T5928] usb 3-1: USB disconnect, device number 76
[  726.713362][T20709] FAULT_INJECTION: forcing a failure.
[  726.713362][T20709] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.713389][T20709] CPU: 0 UID: 0 PID: 20709 Comm: syz.6.2611 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  726.713408][T20709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  726.713418][T20709] Call Trace:
[  726.713425][T20709]  <TASK>
[  726.713433][T20709]  dump_stack_lvl+0xe8/0x150
[  726.713463][T20709]  should_fail_ex+0x46b/0x600
[  726.713496][T20709]  _copy_to_user+0x31/0xb0
[  726.713519][T20709]  simple_read_from_buffer+0xe1/0x170
[  726.713544][T20709]  proc_fail_nth_read+0x1be/0x230
[  726.713567][T20709]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  726.713597][T20709]  ? rw_verify_area+0x2ac/0x4e0
[  726.713621][T20709]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  726.713642][T20709]  vfs_read+0x212/0xa80
[  726.713672][T20709]  ? __pfx_vfs_read+0x10/0x10
[  726.713697][T20709]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  726.713722][T20709]  ? lockdep_hardirqs_on+0x7a/0x110
[  726.713746][T20709]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  726.713769][T20709]  ? mutex_lock_nested+0x152/0x1d0
[  726.713786][T20709]  ? fdget_pos+0x252/0x320
[  726.713813][T20709]  ksys_read+0x156/0x270
[  726.713839][T20709]  ? __pfx_ksys_read+0x10/0x10
[  726.713862][T20709]  ? __pfx_sock_ioctl+0x10/0x10
[  726.713885][T20709]  do_syscall_64+0x14d/0xf80
[  726.713908][T20709]  ? trace_irq_disable+0x3b/0x150
[  726.713928][T20709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.713945][T20709]  ? clear_bhb_loop+0x40/0x90
[  726.713965][T20709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.713982][T20709] RIP: 0033:0x7f594a85cfce
[  726.713998][T20709] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  726.714013][T20709] RSP: 002b:00007f5948ad4fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  726.714030][T20709] RAX: ffffffffffffffda RBX: 00007f5948ad56c0 RCX: 00007f594a85cfce
[  726.714042][T20709] RDX: 000000000000000f RSI: 00007f5948ad50a0 RDI: 0000000000000003
[  726.714053][T20709] RBP: 00007f5948ad5090 R08: 0000000000000000 R09: 0000000000000000
[  726.714063][T20709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.714073][T20709] R13: 00007f594ab16128 R14: 00007f594ab16090 R15: 00007ffd57b9d538
[  726.714100][T20709]  </TASK>
[  727.000542][T20706] macsec1: entered promiscuous mode
[  727.000573][T20706] macvlan0: entered promiscuous mode
[  727.165232][T20706] macvlan0: left promiscuous mode
[  727.408040][T20728] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  727.645428][ T5928] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  727.810113][ T5928] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  727.810171][ T5928] usb 3-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[  727.810200][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.823221][ T5928] usb 3-1: config 0 descriptor??
[  727.982770][T20764] FAULT_INJECTION: forcing a failure.
[  727.982770][T20764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  727.982818][T20764] CPU: 1 UID: 0 PID: 20764 Comm: syz.3.2622 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  727.982845][T20764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  727.982861][T20764] Call Trace:
[  727.982872][T20764]  <TASK>
[  727.982882][T20764]  dump_stack_lvl+0xe8/0x150
[  727.982920][T20764]  should_fail_ex+0x46b/0x600
[  727.982987][T20764]  _copy_from_user+0x2d/0xb0
[  727.983019][T20764]  snd_seq_oss_write+0x5b1/0x8e0
[  727.983135][T20764]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  727.983181][T20764]  odev_write+0x5d/0x80
[  727.983203][T20764]  ? __pfx_odev_write+0x10/0x10
[  727.983226][T20764]  vfs_write+0x2a3/0xba0
[  727.983272][T20764]  ? __pfx_vfs_write+0x10/0x10
[  727.983315][T20764]  ? __fget_files+0x2a/0x420
[  727.983349][T20764]  ? __fget_files+0x2a/0x420
[  727.983377][T20764]  ? __fget_files+0x3a6/0x420
[  727.983404][T20764]  ? __fget_files+0x2a/0x420
[  727.983442][T20764]  ksys_write+0x156/0x270
[  727.983480][T20764]  ? __pfx_ksys_write+0x10/0x10
[  727.983527][T20764]  do_syscall_64+0x14d/0xf80
[  727.983569][T20764]  ? trace_irq_disable+0x3b/0x150
[  727.983596][T20764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.983622][T20764]  ? clear_bhb_loop+0x40/0x90
[  727.983677][T20764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.983703][T20764] RIP: 0033:0x7fa3b3cdc799
[  727.983726][T20764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  727.983746][T20764] RSP: 002b:00007fa3b1f2e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  727.983771][T20764] RAX: ffffffffffffffda RBX: 00007fa3b3f55fa0 RCX: 00007fa3b3cdc799
[  727.983789][T20764] RDX: 000000000000021e RSI: 0000200000000580 RDI: 0000000000000003
[  727.983806][T20764] RBP: 00007fa3b1f2e090 R08: 0000000000000000 R09: 0000000000000000
[  727.983821][T20764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.983835][T20764] R13: 00007fa3b3f56038 R14: 00007fa3b3f55fa0 R15: 00007ffe8d53fa18
[  727.983872][T20764]  </TASK>
[  728.005286][  T945] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  728.231604][  T945] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  728.231640][  T945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.258478][  T945] usb 1-1: config 0 descriptor??
[  728.281411][  T945] gspca_main: cpia1-2.14.0 probing 0813:0001
[  728.370619][T20768] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2613'.
[  728.511012][T20734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  728.521828][T20734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  728.560207][ T5928] usbhid 3-1:0.0: can't add hid device: -71
[  728.560339][ T5928] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  728.590612][ T5928] usb 3-1: USB disconnect, device number 77
[  728.703284][T20752] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  728.704593][  T945] cpia1 1-1:0.0: unexpected state after lo power cmd: 01
[  729.216606][T20752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.222602][T20752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.282967][T20801] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  729.302578][  T945] gspca_cpia1: usb_control_msg 02, error -71
[  729.302992][  T945] gspca_cpia1: usb_control_msg 05, error -71
[  729.303009][  T945] cpia1 1-1:0.0: unexpected systemstate: 01
[  729.334540][  T945] usb 1-1: USB disconnect, device number 75
[  729.430786][T20818] FAULT_INJECTION: forcing a failure.
[  729.430786][T20818] name failslab, interval 1, probability 0, space 0, times 0
[  729.430815][T20818] CPU: 0 UID: 0 PID: 20818 Comm: syz.2.2630 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  729.430834][T20818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  729.430898][T20818] Call Trace:
[  729.430905][T20818]  <TASK>
[  729.430912][T20818]  dump_stack_lvl+0xe8/0x150
[  729.430942][T20818]  should_fail_ex+0x46b/0x600
[  729.430975][T20818]  should_failslab+0xa8/0x100
[  729.431003][T20818]  kmem_cache_alloc_noprof+0x87/0x680
[  729.431028][T20818]  ? skb_clone+0x212/0x3a0
[  729.431057][T20818]  skb_clone+0x212/0x3a0
[  729.431083][T20818]  __netlink_deliver_tap+0x404/0x850
[  729.431111][T20818]  ? netlink_deliver_tap+0x2e/0x1b0
[  729.431131][T20818]  netlink_deliver_tap+0x19c/0x1b0
[  729.431150][T20818]  netlink_unicast+0x805/0x9f0
[  729.431255][T20818]  ? __pfx_netlink_unicast+0x10/0x10
[  729.431283][T20818]  ? netlink_sendmsg+0x650/0xb40
[  729.431300][T20818]  ? skb_put+0x11b/0x210
[  729.431324][T20818]  netlink_sendmsg+0x813/0xb40
[  729.431351][T20818]  ? __pfx_netlink_sendmsg+0x10/0x10
[  729.431378][T20818]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  729.431405][T20818]  ____sys_sendmsg+0xa4e/0xac0
[  729.431435][T20818]  ? __pfx_____sys_sendmsg+0x10/0x10
[  729.431466][T20818]  ? import_iovec+0x73/0xa0
[  729.431489][T20818]  ___sys_sendmsg+0x2a5/0x360
[  729.431517][T20818]  ? __pfx____sys_sendmsg+0x10/0x10
[  729.431567][T20818]  ? __fget_files+0x2a/0x420
[  729.431586][T20818]  ? __fget_files+0x3a6/0x420
[  729.431615][T20818]  __x64_sys_sendmsg+0x1c3/0x2a0
[  729.431640][T20818]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  729.431671][T20818]  ? __pfx_ksys_write+0x10/0x10
[  729.431704][T20818]  do_syscall_64+0x14d/0xf80
[  729.431727][T20818]  ? trace_irq_disable+0x3b/0x150
[  729.431747][T20818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.431764][T20818]  ? clear_bhb_loop+0x40/0x90
[  729.431784][T20818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.431801][T20818] RIP: 0033:0x7feb060fc799
[  729.431816][T20818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  729.431831][T20818] RSP: 002b:00007feb0434e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  729.431854][T20818] RAX: ffffffffffffffda RBX: 00007feb06375fa0 RCX: 00007feb060fc799
[  729.431867][T20818] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003
[  729.431878][T20818] RBP: 00007feb0434e090 R08: 0000000000000000 R09: 0000000000000000
[  729.431889][T20818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.431899][T20818] R13: 00007feb06376038 R14: 00007feb06375fa0 R15: 00007ffebde4ee98
[  729.431924][T20818]  </TASK>
[  729.843293][T20826] FAULT_INJECTION: forcing a failure.
[  729.843293][T20826] name failslab, interval 1, probability 0, space 0, times 0
[  729.843339][T20826] CPU: 0 UID: 0 PID: 20826 Comm: syz.6.2632 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  729.843359][T20826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  729.843370][T20826] Call Trace:
[  729.843377][T20826]  <TASK>
[  729.843384][T20826]  dump_stack_lvl+0xe8/0x150
[  729.843414][T20826]  should_fail_ex+0x46b/0x600
[  729.843447][T20826]  should_failslab+0xa8/0x100
[  729.843476][T20826]  __kmalloc_noprof+0xdf/0x7b0
[  729.843519][T20826]  ? tomoyo_encode+0x28b/0x550
[  729.843540][T20826]  tomoyo_encode+0x28b/0x550
[  729.843560][T20826]  tomoyo_realpath_from_path+0x58d/0x5d0
[  729.843584][T20826]  ? tomoyo_path_number_perm+0x219/0x630
[  729.843608][T20826]  tomoyo_path_number_perm+0x246/0x630
[  729.843632][T20826]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  729.843657][T20826]  ? __lock_acquire+0x6b5/0x2cf0
[  729.843698][T20826]  ? __fget_files+0x2a/0x420
[  729.843721][T20826]  ? __fget_files+0x2a/0x420
[  729.843740][T20826]  ? __fget_files+0x3a6/0x420
[  729.843759][T20826]  ? __fget_files+0x2a/0x420
[  729.843782][T20826]  security_file_ioctl+0xc3/0x2a0
[  729.843808][T20826]  __se_sys_ioctl+0x47/0x170
[  729.843842][T20826]  do_syscall_64+0x14d/0xf80
[  729.843866][T20826]  ? trace_irq_disable+0x3b/0x150
[  729.843885][T20826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.843902][T20826]  ? clear_bhb_loop+0x40/0x90
[  729.843922][T20826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.843939][T20826] RIP: 0033:0x7f594a89c799
[  729.843955][T20826] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  729.843969][T20826] RSP: 002b:00007f5948af6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  729.843986][T20826] RAX: ffffffffffffffda RBX: 00007f594ab15fa0 RCX: 00007f594a89c799
[  729.843999][T20826] RDX: 0000200000000500 RSI: 00000000c05064a7 RDI: 0000000000000003
[  729.844010][T20826] RBP: 00007f5948af6090 R08: 0000000000000000 R09: 0000000000000000
[  729.844020][T20826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.844030][T20826] R13: 00007f594ab16038 R14: 00007f594ab15fa0 R15: 00007ffd57b9d538
[  729.844056][T20826]  </TASK>
[  729.844072][T20826] ERROR: Out of memory at tomoyo_realpath_from_path.
[  730.505463][ T5800] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  730.556605][T20867] FAULT_INJECTION: forcing a failure.
[  730.556605][T20867] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  730.556644][T20867] CPU: 0 UID: 0 PID: 20867 Comm: syz.0.2641 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  730.556677][T20867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  730.556693][T20867] Call Trace:
[  730.556702][T20867]  <TASK>
[  730.556713][T20867]  dump_stack_lvl+0xe8/0x150
[  730.556754][T20867]  should_fail_ex+0x46b/0x600
[  730.556801][T20867]  prepare_alloc_pages+0x22a/0x6b0
[  730.556835][T20867]  __alloc_frozen_pages_noprof+0x12f/0x380
[  730.556866][T20867]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  730.556910][T20867]  alloc_pages_bulk_noprof+0x5f1/0x7d0
[  730.556942][T20867]  ? copy_splice_read+0x16f/0xab0
[  730.557084][T20867]  copy_splice_read+0x19f/0xab0
[  730.557125][T20867]  ? __pfx_copy_splice_read+0x10/0x10
[  730.557152][T20867]  ? rcu_is_watching+0x15/0xb0
[  730.557181][T20867]  ? look_up_lock_class+0x57/0x110
[  730.557216][T20867]  ? register_lock_class+0x31/0x2e0
[  730.557260][T20867]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  730.557302][T20867]  ? alloc_pipe_info+0x373/0x4d0
[  730.557348][T20867]  ? __pfx_copy_splice_read+0x10/0x10
[  730.557376][T20867]  splice_direct_to_actor+0x483/0xc80
[  730.557418][T20867]  ? __pfx_direct_splice_actor+0x10/0x10
[  730.557458][T20867]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  730.557499][T20867]  do_splice_direct+0x19b/0x2a0
[  730.557532][T20867]  ? __pfx_do_splice_direct+0x10/0x10
[  730.557563][T20867]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  730.557602][T20867]  ? rw_verify_area+0x25b/0x4e0
[  730.557640][T20867]  do_sendfile+0x547/0x7e0
[  730.557667][T20867]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  730.557708][T20867]  ? __pfx_do_sendfile+0x10/0x10
[  730.557749][T20867]  __se_sys_sendfile64+0x144/0x1a0
[  730.557777][T20867]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  730.557815][T20867]  do_syscall_64+0x14d/0xf80
[  730.557847][T20867]  ? trace_irq_disable+0x3b/0x150
[  730.557874][T20867]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.557899][T20867]  ? clear_bhb_loop+0x40/0x90
[  730.557929][T20867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  730.557953][T20867] RIP: 0033:0x7f008067c799
[  730.557975][T20867] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  730.557995][T20867] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  730.558021][T20867] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  730.558039][T20867] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  730.558053][T20867] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  730.558069][T20867] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  730.558082][T20867] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  730.558118][T20867]  </TASK>
[  730.695984][ T5800] usb 7-1: Using ep0 maxpacket: 32
[  730.850257][ T5800] usb 7-1: config 0 has an invalid interface number: 188 but max is 0
[  730.850312][ T5800] usb 7-1: config 0 has no interface number 0
[  730.850454][ T5800] usb 7-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  730.889030][ T5800] usb 7-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  730.889064][ T5800] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.889086][ T5800] usb 7-1: Product: syz
[  730.889102][ T5800] usb 7-1: Manufacturer: syz
[  730.889117][ T5800] usb 7-1: SerialNumber: syz
[  730.931756][ T5800] usb 7-1: config 0 descriptor??
[  730.932947][T20843] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  731.834747][T20889] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  732.675357][ T5800] asix 7-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  732.675651][ T5800] asix 7-1:0.188: probe with driver asix failed with error -61
[  733.592152][T20928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2649'.
[  733.688507][T20937] FAULT_INJECTION: forcing a failure.
[  733.688507][T20937] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  733.688535][T20937] CPU: 1 UID: 0 PID: 20937 Comm: syz.3.2661 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  733.688555][T20937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  733.688566][T20937] Call Trace:
[  733.688572][T20937]  <TASK>
[  733.688580][T20937]  dump_stack_lvl+0xe8/0x150
[  733.688609][T20937]  should_fail_ex+0x46b/0x600
[  733.688641][T20937]  _copy_from_user+0x2d/0xb0
[  733.688664][T20937]  __se_sys_mount+0x18b/0x420
[  733.688689][T20937]  ? __pfx___se_sys_mount+0x10/0x10
[  733.688714][T20937]  ? __x64_sys_mount+0x20/0xc0
[  733.688736][T20937]  do_syscall_64+0x14d/0xf80
[  733.688759][T20937]  ? trace_irq_disable+0x3b/0x150
[  733.688779][T20937]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.688796][T20937]  ? clear_bhb_loop+0x40/0x90
[  733.688817][T20937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.688833][T20937] RIP: 0033:0x7fa3b3cdc799
[  733.688849][T20937] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  733.688863][T20937] RSP: 002b:00007fa3b1f2e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  733.688884][T20937] RAX: ffffffffffffffda RBX: 00007fa3b3f55fa0 RCX: 00007fa3b3cdc799
[  733.688897][T20937] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  733.688908][T20937] RBP: 00007fa3b1f2e090 R08: 0000200000000140 R09: 0000000000000000
[  733.688919][T20937] R10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000001
[  733.688930][T20937] R13: 00007fa3b3f56038 R14: 00007fa3b3f55fa0 R15: 00007ffe8d53fa18
[  733.688955][T20937]  </TASK>
[  733.690552][T20937] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  734.050201][T13239] usb 7-1: USB disconnect, device number 21
[  734.178124][T20949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2663'.
[  734.348153][T20957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2663'.
[  734.819082][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  735.105477][   T10] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  735.106597][T20981] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  735.257177][T20990] batadv_slave_0: entered promiscuous mode
[  735.260298][T20990] batman_adv: batadv0: Adding interface: macsec1
[  735.260317][T20990] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  735.260351][T20990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  735.260369][T20990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  735.260387][T20990] batman_adv: batadv0: Interface activated: macsec1
[  735.286175][   T10] usb 1-1: Using ep0 maxpacket: 32
[  735.293312][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  735.293395][   T10] usb 1-1: config 0 has no interface number 0
[  735.314798][   T10] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  735.314938][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.315004][   T10] usb 1-1: Product: syz
[  735.315048][   T10] usb 1-1: Manufacturer: syz
[  735.315100][   T10] usb 1-1: SerialNumber: syz
[  735.396213][   T10] usb 1-1: config 0 descriptor??
[  735.422829][   T10] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  735.422916][   T10] usb 1-1: selecting invalid altsetting 1
[  735.422930][   T10] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  735.469292][   T10] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  735.469810][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  735.469889][   T10] usb 1-1: media controller created
[  735.534906][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  735.654189][T21009] FAULT_INJECTION: forcing a failure.
[  735.654189][T21009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.654221][T21009] CPU: 1 UID: 0 PID: 21009 Comm: syz.3.2673 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  735.654243][T21009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  735.654255][T21009] Call Trace:
[  735.654262][T21009]  <TASK>
[  735.654270][T21009]  dump_stack_lvl+0xe8/0x150
[  735.654305][T21009]  should_fail_ex+0x46b/0x600
[  735.654344][T21009]  _copy_from_user+0x2d/0xb0
[  735.654371][T21009]  vt_ioctl+0xab2/0x20c0
[  735.654521][T21009]  ? __pfx_vt_ioctl+0x10/0x10
[  735.654549][T21009]  ? __asan_memset+0x22/0x50
[  735.654574][T21009]  ? smack_file_ioctl+0x263/0x360
[  735.654614][T21009]  ? __fget_files+0x3a6/0x420
[  735.654637][T21009]  ? __fget_files+0x2a/0x420
[  735.654663][T21009]  tty_ioctl+0x92e/0xde0
[  735.654755][T21009]  ? __pfx_tty_ioctl+0x10/0x10
[  735.654779][T21009]  __se_sys_ioctl+0xff/0x170
[  735.654812][T21009]  do_syscall_64+0x14d/0xf80
[  735.654843][T21009]  ? trace_irq_disable+0x3b/0x150
[  735.654869][T21009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.654891][T21009]  ? clear_bhb_loop+0x40/0x90
[  735.654915][T21009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.654933][T21009] RIP: 0033:0x7fa3b3cdc799
[  735.654951][T21009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.654968][T21009] RSP: 002b:00007fa3b1f2e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  735.654988][T21009] RAX: ffffffffffffffda RBX: 00007fa3b3f55fa0 RCX: 00007fa3b3cdc799
[  735.655002][T21009] RDX: 0000200000000080 RSI: 0000000000004b72 RDI: 0000000000000003
[  735.655013][T21009] RBP: 00007fa3b1f2e090 R08: 0000000000000000 R09: 0000000000000000
[  735.655025][T21009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.655035][T21009] R13: 00007fa3b3f56038 R14: 00007fa3b3f55fa0 R15: 00007ffe8d53fa18
[  735.655061][T21009]  </TASK>
[  735.734216][   T10] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  735.734711][   T10] zl10353_read_register: readreg error (reg=127, ret==-71)
[  735.743842][   T10] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  736.030576][   T10] usb 1-1: USB disconnect, device number 76
[  736.492006][T13239] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  736.757324][T13239] usb 7-1: device descriptor read/64, error -71
[  736.955958][T21045] FAULT_INJECTION: forcing a failure.
[  736.955958][T21045] name failslab, interval 1, probability 0, space 0, times 0
[  736.956110][T21045] CPU: 0 UID: 0 PID: 21045 Comm: syz.0.2679 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  736.956139][T21045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  736.956154][T21045] Call Trace:
[  736.956171][T21045]  <TASK>
[  736.956182][T21045]  dump_stack_lvl+0xe8/0x150
[  736.956224][T21045]  should_fail_ex+0x46b/0x600
[  736.956268][T21045]  should_failslab+0xa8/0x100
[  736.956308][T21045]  __kmalloc_noprof+0xdf/0x7b0
[  736.956344][T21045]  ? sk_prot_alloc+0xe7/0x210
[  736.956374][T21045]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  736.956406][T21045]  sk_prot_alloc+0xe7/0x210
[  736.956434][T21045]  ? sk_alloc+0x27/0x390
[  736.956465][T21045]  sk_alloc+0x3a/0x390
[  736.956499][T21045]  __netlink_create+0x65/0x260
[  736.956524][T21045]  ? __pfx_genl_release+0x10/0x10
[  736.956556][T21045]  netlink_create+0x3be/0x580
[  736.956585][T21045]  ? __pfx_genl_unbind+0x10/0x10
[  736.956614][T21045]  ? __pfx_genl_bind+0x10/0x10
[  736.956649][T21045]  __sock_create+0x4b2/0x9d0
[  736.956684][T21045]  __sys_socket+0xd6/0x1b0
[  736.956714][T21045]  __x64_sys_socket+0x7a/0x90
[  736.956740][T21045]  do_syscall_64+0x14d/0xf80
[  736.956776][T21045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.956800][T21045]  ? clear_bhb_loop+0x40/0x90
[  736.956828][T21045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.956851][T21045] RIP: 0033:0x7f008067e007
[  736.956874][T21045] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  736.956894][T21045] RSP: 002b:00007f007e8abf98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  736.956919][T21045] RAX: ffffffffffffffda RBX: 00007f00808f6090 RCX: 00007f008067e007
[  736.956936][T21045] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  736.956949][T21045] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  736.956963][T21045] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000001
[  736.956979][T21045] R13: 00007f00808f6128 R14: 00007f00808f6090 R15: 00007ffeed7919e8
[  736.957014][T21045]  </TASK>
[  737.065997][T13239] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  737.375348][T13239] usb 7-1: device descriptor read/64, error -71
[  737.485629][T13239] usb usb7-port1: attempt power cycle
[  737.829804][T13239] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  737.846215][T13239] usb 7-1: device descriptor read/8, error -71
[  737.944360][T21069] FAULT_INJECTION: forcing a failure.
[  737.944360][T21069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  737.944402][T21069] CPU: 0 UID: 0 PID: 21069 Comm: syz.0.2688 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  737.944433][T21069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  737.944448][T21069] Call Trace:
[  737.944458][T21069]  <TASK>
[  737.944468][T21069]  dump_stack_lvl+0xe8/0x150
[  737.944510][T21069]  should_fail_ex+0x46b/0x600
[  737.944554][T21069]  _copy_from_iter+0x1d3/0x1670
[  737.944590][T21069]  ? trace_kmem_cache_alloc+0x29/0xf0
[  737.944622][T21069]  ? __alloc_skb+0x27d/0x7d0
[  737.944650][T21069]  ? __pfx__copy_from_iter+0x10/0x10
[  737.944674][T21069]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  737.944707][T21069]  ? __alloc_skb+0x27d/0x7d0
[  737.944740][T21069]  ? netlink_sendmsg+0x650/0xb40
[  737.944765][T21069]  ? skb_put+0x11b/0x210
[  737.944798][T21069]  netlink_sendmsg+0x6c0/0xb40
[  737.944833][T21069]  ? __pfx_netlink_sendmsg+0x10/0x10
[  737.944868][T21069]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  737.944904][T21069]  ____sys_sendmsg+0xa4e/0xac0
[  737.944946][T21069]  ? __pfx_____sys_sendmsg+0x10/0x10
[  737.944987][T21069]  ? import_iovec+0x73/0xa0
[  737.945020][T21069]  ___sys_sendmsg+0x2a5/0x360
[  737.945058][T21069]  ? __pfx____sys_sendmsg+0x10/0x10
[  737.945127][T21069]  ? __fget_files+0x2a/0x420
[  737.945153][T21069]  ? __fget_files+0x3a6/0x420
[  737.945199][T21069]  __x64_sys_sendmsg+0x1c3/0x2a0
[  737.945235][T21069]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  737.945276][T21069]  ? __pfx_ksys_write+0x10/0x10
[  737.945319][T21069]  do_syscall_64+0x14d/0xf80
[  737.945350][T21069]  ? trace_irq_disable+0x3b/0x150
[  737.945378][T21069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.945402][T21069]  ? clear_bhb_loop+0x40/0x90
[  737.945432][T21069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.945457][T21069] RIP: 0033:0x7f008067c799
[  737.945479][T21069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  737.945500][T21069] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  737.945525][T21069] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  737.945542][T21069] RDX: 0000000000004054 RSI: 00002000000002c0 RDI: 0000000000000003
[  737.945557][T21069] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  737.945571][T21069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  737.945585][T21069] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  737.945620][T21069]  </TASK>
[  738.280328][T13239] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  738.296146][T13239] usb 7-1: device descriptor read/8, error -71
[  738.333991][T16197] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  738.371342][T16197] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  738.374500][T16197] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  738.401092][T16197] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  738.413083][T13239] usb usb7-port1: unable to enumerate USB device
[  738.415725][T16197] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  738.623169][T21070] lo speed is unknown, defaulting to 1000
[  738.715471][T13920] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  738.867610][T13920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  738.867644][T13920] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  738.867672][T13920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  738.867696][T13920] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  738.867737][T13920] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  738.867764][T13920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.923218][T13920] usb 1-1: config 0 descriptor??
[  739.673525][T13920] hdpvr 1-1:0.0: unexpected answer of status request, len -71
[  739.673553][T13920] hdpvr 1-1:0.0: device init failed
[  739.673641][T13920] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12
[  739.723200][T13920] usb 1-1: USB disconnect, device number 77
[  739.785323][T13239] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  739.935392][T13239] usb 7-1: Using ep0 maxpacket: 8
[  739.938184][T13239] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  739.938215][T13239] usb 7-1: config 0 has no interfaces?
[  739.938252][T13239] usb 7-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  739.938271][T13239] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.943926][T21129] vivid-001: disconnect
[  739.943943][T13239] usb 7-1: config 0 descriptor??
[  740.186375][  T945] usb 7-1: USB disconnect, device number 26
[  740.574736][T16197] Bluetooth: hci1: command tx timeout
[  740.608188][T21124] vivid-001: reconnect
[  740.684447][   T57] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  740.950798][T21173] netlink: 228 bytes leftover after parsing attributes in process `syz.6.2700'.
[  741.130837][   T57] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.275487][T13239] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  741.418857][T13239] usb 7-1: device descriptor read/64, error -71
[  741.509116][   T57] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.655600][T13239] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  741.785535][T13239] usb 7-1: device descriptor read/64, error -71
[  741.874120][   T57] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  741.909164][T13239] usb usb7-port1: attempt power cycle
[  742.113074][T21070] chnl_net:caif_netlink_parms(): no params data found
[  742.255597][T13239] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  742.276083][ T5867] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  742.281902][T13239] usb 7-1: device descriptor read/8, error -71
[  742.425359][ T5867] usb 6-1: Using ep0 maxpacket: 32
[  742.428096][ T5867] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  742.428126][ T5867] usb 6-1: config 0 has no interface number 0
[  742.428177][ T5867] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  742.432618][ T5867] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  742.432649][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.432672][ T5867] usb 6-1: Product: syz
[  742.432688][ T5867] usb 6-1: Manufacturer: syz
[  742.432704][ T5867] usb 6-1: SerialNumber: syz
[  742.504454][ T5867] usb 6-1: config 0 descriptor??
[  742.506477][T21230] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  742.557417][T13239] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  742.582506][T13239] usb 7-1: device descriptor read/8, error -71
[  742.637262][T16197] Bluetooth: hci1: command tx timeout
[  742.687625][T13239] usb usb7-port1: unable to enumerate USB device
[  742.758286][T21291] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2708'.
[  742.758328][T21291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2708'.
[  742.916626][T21070] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.916838][T21070] bridge0: port 1(bridge_slave_0) entered disabled state
[  742.917099][T21070] bridge_slave_0: entered allmulticast mode
[  742.923712][T21070] bridge_slave_0: entered promiscuous mode
[  742.968653][T21070] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.969541][T21070] bridge0: port 2(bridge_slave_1) entered disabled state
[  742.969819][T21070] bridge_slave_1: entered allmulticast mode
[  742.982654][T21070] bridge_slave_1: entered promiscuous mode
[  743.121939][ T5867] asix 6-1:0.188: probe with driver asix failed with error -71
[  743.150566][ T5867] usb 6-1: USB disconnect, device number 44
[  743.309414][   T57] bridge_slave_1: left allmulticast mode
[  743.309444][   T57] bridge_slave_1: left promiscuous mode
[  743.309652][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.511615][T21352] vivid-001: disconnect
[  744.088650][T21350] vivid-001: reconnect
[  744.532905][T21364] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2714'.
[  744.725332][T16197] Bluetooth: hci1: command tx timeout
[  745.066894][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  745.108614][   T57] bond_slave_0: left promiscuous mode
[  745.204634][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  745.224322][   T57] bond_slave_1: left promiscuous mode
[  745.226345][   T57] bond0 (unregistering): Released all slaves
[  745.301591][T21070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  745.440521][T21070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  745.588018][T21070] team0: Port device team_slave_0 added
[  745.591746][T21070] team0: Port device team_slave_1 added
[  745.677606][T21070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  745.677626][T21070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  745.677657][T21070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  745.680426][T21070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  745.680443][T21070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  745.680475][T21070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  745.725679][T13920] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  745.940686][T13920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  745.940724][T13920] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  745.940766][T13920] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  745.940793][T13920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.039097][   T57] IPVS: stopping master sync thread 7174 ...
[  746.053051][T21070] hsr_slave_0: entered promiscuous mode
[  746.054612][T21070] hsr_slave_1: entered promiscuous mode
[  746.068280][T21070] debugfs: 'hsr0' already exists in 'hsr'
[  746.068304][T21070] Cannot create hsr debugfs directory
[  746.088917][T13920] usb 7-1: config 0 descriptor??
[  746.235390][   T10] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  746.425359][   T10] usb 1-1: Using ep0 maxpacket: 16
[  746.426390][   T10] usb 1-1: no configurations
[  746.426408][   T10] usb 1-1: can't read configurations, error -22
[  746.545439][T13920] usbhid 7-1:0.0: can't add hid device: -71
[  746.545595][T13920] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  746.556230][T13920] usb 7-1: USB disconnect, device number 31
[  746.565788][   T10] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  746.715379][   T10] usb 1-1: Using ep0 maxpacket: 16
[  746.718185][   T10] usb 1-1: no configurations
[  746.718207][   T10] usb 1-1: can't read configurations, error -22
[  746.721815][   T10] usb usb1-port1: attempt power cycle
[  746.796045][T16197] Bluetooth: hci1: command tx timeout
[  747.071187][   T10] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  747.096426][   T10] usb 1-1: Using ep0 maxpacket: 16
[  747.097294][   T10] usb 1-1: no configurations
[  747.097312][   T10] usb 1-1: can't read configurations, error -22
[  747.225342][   T10] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  747.246628][   T10] usb 1-1: Using ep0 maxpacket: 16
[  747.247537][   T10] usb 1-1: no configurations
[  747.247556][   T10] usb 1-1: can't read configurations, error -22
[  747.248209][   T10] usb usb1-port1: unable to enumerate USB device
[  748.093367][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  748.093429][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  748.888129][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  748.903348][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  748.921501][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  748.923405][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  748.959141][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  750.195122][T21547] lo speed is unknown, defaulting to 1000
[  750.245353][T13239] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  750.255319][ T5867] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  750.407705][T13239] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.407744][T13239] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  750.407786][T13239] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  750.407813][T13239] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.415025][ T5867] usb 7-1: Using ep0 maxpacket: 8
[  750.421553][ T5867] usb 7-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  750.421658][ T5867] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.527915][T13239] usb 1-1: config 0 descriptor??
[  750.639404][ T5867] usb 7-1: config 0 descriptor??
[  750.940958][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  750.941472][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  750.941979][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  750.942188][T13239] usbhid 1-1:0.0: can't add hid device: -32
[  750.942426][T13239] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[  751.035849][ T5802] Bluetooth: hci2: command tx timeout
[  751.097173][ T5867] usb 7-1: string descriptor 0 read error: -71
[  751.097220][ T5867] uvcvideo 7-1:0.0: Found UVC 0.00 device <unnamed> (2833:0201)
[  751.097241][ T5867] uvcvideo 7-1:0.0: No valid video chain found.
[  751.135409][T13239] usb 1-1: USB disconnect, device number 82
[  751.252156][ T5867] usb 7-1: USB disconnect, device number 32
[  751.362146][   T57] hsr_slave_0: left promiscuous mode
[  751.663921][   T57] hsr_slave_1: left promiscuous mode
[  751.680079][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  751.680112][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  751.724899][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  751.724931][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  751.850188][   T57] veth1_macvtap: left promiscuous mode
[  751.875757][   T57] veth0_macvtap: left promiscuous mode
[  751.876051][   T57] veth1_vlan: left promiscuous mode
[  751.876242][   T57] veth0_vlan: left promiscuous mode
[  753.174062][ T5802] Bluetooth: hci2: command tx timeout
[  753.686147][   T57] team0 (unregistering): Port device team_slave_1 removed
[  753.739401][   T57] team0 (unregistering): Port device team_slave_0 removed
[  753.957882][T13239] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  754.175398][T13239] usb 6-1: Using ep0 maxpacket: 32
[  754.178200][T13239] usb 6-1: config 0 has an invalid interface number: 188 but max is 0
[  754.178233][T13239] usb 6-1: config 0 has no interface number 0
[  754.178281][T13239] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  754.180815][T13239] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  754.180844][T13239] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.180866][T13239] usb 6-1: Product: syz
[  754.180881][T13239] usb 6-1: Manufacturer: syz
[  754.180898][T13239] usb 6-1: SerialNumber: syz
[  754.229440][T13239] usb 6-1: config 0 descriptor??
[  754.254709][T21707] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  754.858129][T13239] asix 6-1:0.188: probe with driver asix failed with error -71
[  754.877340][T13239] usb 6-1: USB disconnect, device number 45
[  755.195381][ T5802] Bluetooth: hci2: command tx timeout
[  755.307088][T21756] FAULT_INJECTION: forcing a failure.
[  755.307088][T21756] name failslab, interval 1, probability 0, space 0, times 0
[  755.307118][T21756] CPU: 0 UID: 0 PID: 21756 Comm: syz.6.2750 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  755.307138][T21756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  755.307148][T21756] Call Trace:
[  755.307154][T21756]  <TASK>
[  755.307162][T21756]  dump_stack_lvl+0xe8/0x150
[  755.307227][T21756]  should_fail_ex+0x46b/0x600
[  755.307259][T21756]  should_failslab+0xa8/0x100
[  755.307288][T21756]  __kmalloc_noprof+0xdf/0x7b0
[  755.307314][T21756]  ? iter_file_splice_write+0x1dd/0x10f0
[  755.307340][T21756]  iter_file_splice_write+0x1dd/0x10f0
[  755.307378][T21756]  ? __pfx_iter_file_splice_write+0x10/0x10
[  755.307411][T21756]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  755.307437][T21756]  ? __pfx_iter_file_splice_write+0x10/0x10
[  755.307458][T21756]  direct_splice_actor+0x104/0x160
[  755.307482][T21756]  splice_direct_to_actor+0x545/0xc80
[  755.307510][T21756]  ? __pfx_direct_splice_actor+0x10/0x10
[  755.307537][T21756]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  755.307566][T21756]  do_splice_direct+0x19b/0x2a0
[  755.307588][T21756]  ? __pfx_do_splice_direct+0x10/0x10
[  755.307609][T21756]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  755.307636][T21756]  ? rw_verify_area+0x25b/0x4e0
[  755.307662][T21756]  do_sendfile+0x547/0x7e0
[  755.307680][T21756]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  755.307709][T21756]  ? __pfx_do_sendfile+0x10/0x10
[  755.307737][T21756]  __se_sys_sendfile64+0x144/0x1a0
[  755.307757][T21756]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  755.307782][T21756]  do_syscall_64+0x14d/0xf80
[  755.307805][T21756]  ? trace_irq_disable+0x3b/0x150
[  755.307824][T21756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.307841][T21756]  ? clear_bhb_loop+0x40/0x90
[  755.307868][T21756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.307885][T21756] RIP: 0033:0x7f594a89c799
[  755.307901][T21756] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  755.307915][T21756] RSP: 002b:00007f5948af6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  755.307932][T21756] RAX: ffffffffffffffda RBX: 00007f594ab15fa0 RCX: 00007f594a89c799
[  755.307944][T21756] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  755.307954][T21756] RBP: 00007f5948af6090 R08: 0000000000000000 R09: 0000000000000000
[  755.307965][T21756] R10: 00000000002000fb R11: 0000000000000246 R12: 0000000000000001
[  755.307975][T21756] R13: 00007f594ab16038 R14: 00007f594ab15fa0 R15: 00007ffd57b9d538
[  755.308000][T21756]  </TASK>
[  755.355701][T13239] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  755.508037][T13239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  755.508075][T13239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  755.508121][T13239] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  755.508149][T13239] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.528241][T13239] usb 6-1: config 0 descriptor??
[  755.666703][T21755] netlink: 'syz.0.2748': attribute type 3 has an invalid length.
[  755.666745][T21755] netlink: 666 bytes leftover after parsing attributes in process `syz.0.2748'.
[  755.950847][T13239] usbhid 6-1:0.0: can't add hid device: -71
[  755.950979][T13239] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  755.987145][T13239] usb 6-1: USB disconnect, device number 46
[  757.285223][ T5802] Bluetooth: hci2: command tx timeout
[  757.695793][T21070] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  757.730424][T21547] chnl_net:caif_netlink_parms(): no params data found
[  757.764392][T21070] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  758.158511][  T945] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  758.291029][T21881] fuse: Bad value for 'fd'
[  758.568250][  T945] usb 1-1: unable to get BOS descriptor or descriptor too short
[  758.862827][  T945] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 181, changing to 7
[  758.879016][  T945] usb 1-1: New USB device found, idVendor=2b73, idProduct=003c, bcdDevice= 0.40
[  758.879051][  T945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.879075][  T945] usb 1-1: Product: syz
[  758.879092][  T945] usb 1-1: Manufacturer: syz
[  758.879108][  T945] usb 1-1: SerialNumber: syz
[  759.627921][T21070] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  759.812480][T21070] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  759.832119][   T57] IPVS: stop unused estimator thread 0...
[  760.487703][T21547] bridge0: port 1(bridge_slave_0) entered blocking state
[  760.487835][T21547] bridge0: port 1(bridge_slave_0) entered disabled state
[  760.488107][T21547] bridge_slave_0: entered allmulticast mode
[  760.490831][T21547] bridge_slave_0: entered promiscuous mode
[  760.566035][T21547] bridge0: port 2(bridge_slave_1) entered blocking state
[  760.566666][T21547] bridge0: port 2(bridge_slave_1) entered disabled state
[  760.567619][T21547] bridge_slave_1: entered allmulticast mode
[  760.606123][T21547] bridge_slave_1: entered promiscuous mode
[  760.930941][T21547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  760.967470][T21547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  761.224394][T21547] team0: Port device team_slave_0 added
[  761.257358][  T945] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  761.258045][  T945] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  761.299570][T21547] team0: Port device team_slave_1 added
[  761.356670][  T945] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -71
[  761.394564][  T945] usb 1-1: USB disconnect, device number 83
[  761.460659][ T5930] udevd[5930]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  761.676475][T21547] batman_adv: batadv0: Adding interface: batadv_slave_0
[  761.676494][T21547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  761.676520][T21547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  761.731888][T21547] batman_adv: batadv0: Adding interface: batadv_slave_1
[  761.731908][T21547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  761.731941][T21547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  762.319478][T21547] hsr_slave_0: entered promiscuous mode
[  762.333743][T21547] hsr_slave_1: entered promiscuous mode
[  762.370039][T21547] debugfs: 'hsr0' already exists in 'hsr'
[  762.370074][T21547] Cannot create hsr debugfs directory
[  762.379937][   T10] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  762.563689][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  762.563727][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  762.563770][   T10] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  762.563797][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.607497][   T10] usb 6-1: config 0 descriptor??
[  762.838127][T21070] 8021q: adding VLAN 0 to HW filter on device bond0
[  763.148887][T21070] 8021q: adding VLAN 0 to HW filter on device team0
[  763.231067][ T1054] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.231366][ T1054] bridge0: port 1(bridge_slave_0) entered forwarding state
[  763.306391][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  763.306522][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  763.373847][   T10] usb 6-1: USB disconnect, device number 47
[  763.390167][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.390308][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  763.666774][T21547] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  763.740142][T21547] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  763.782082][T21547] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  763.833179][T21547] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  764.225498][T13920] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  764.252595][T21547] 8021q: adding VLAN 0 to HW filter on device bond0
[  764.301943][T21547] 8021q: adding VLAN 0 to HW filter on device team0
[  764.340745][T19576] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.341084][T19576] bridge0: port 1(bridge_slave_0) entered forwarding state
[  764.369246][T19576] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.369542][T19576] bridge0: port 2(bridge_slave_1) entered forwarding state
[  764.398115][T13920] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  764.398151][T13920] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.420383][T13920] usb 6-1: config 0 descriptor??
[  764.490479][T13920] gspca_main: cpia1-2.14.0 probing 0813:0001
[  764.982392][T22195] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  764.990367][T13920] cpia1 6-1:0.0: unexpected state after lo power cmd: 01
[  766.217811][T21070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  766.469103][T13920] gspca_cpia1: usb_control_msg 02, error -71
[  766.469442][T13920] gspca_cpia1: usb_control_msg 05, error -71
[  766.469454][T13920] cpia1 6-1:0.0: unexpected systemstate: 01
[  766.475920][T13920] usb 6-1: USB disconnect, device number 48
[  766.575318][  T945] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  766.725594][  T945] usb 7-1: Using ep0 maxpacket: 8
[  766.732552][  T945] usb 7-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  766.732586][  T945] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.770739][T22241] netlink: 228 bytes leftover after parsing attributes in process `syz.5.2770'.
[  766.775426][ T5925] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  766.792536][T21070] veth0_vlan: entered promiscuous mode
[  766.801918][  T945] usb 7-1: config 0 descriptor??
[  766.857547][T21070] veth1_vlan: entered promiscuous mode
[  766.925791][ T5925] usb 1-1: Using ep0 maxpacket: 32
[  766.934227][ T5925] usb 1-1: config 9 has an invalid interface number: 184 but max is 3
[  766.934261][ T5925] usb 1-1: config 9 has an invalid interface number: 8 but max is 3
[  766.934283][ T5925] usb 1-1: config 9 has an invalid interface number: 250 but max is 3
[  766.934307][ T5925] usb 1-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[  766.934329][ T5925] usb 1-1: config 9 has an invalid interface number: 14 but max is 3
[  766.934354][ T5925] usb 1-1: config 9 contains an unexpected descriptor of type 0x1, skipping
[  766.934374][ T5925] usb 1-1: config 9 has an invalid interface number: 140 but max is 3
[  766.934396][ T5925] usb 1-1: config 9 has 5 interfaces, different from the descriptor's value: 4
[  766.934420][ T5925] usb 1-1: config 9 has no interface number 0
[  766.934439][ T5925] usb 1-1: config 9 has no interface number 1
[  766.934457][ T5925] usb 1-1: config 9 has no interface number 2
[  766.934475][ T5925] usb 1-1: config 9 has no interface number 3
[  766.934494][ T5925] usb 1-1: config 9 has no interface number 4
[  766.934588][ T5925] usb 1-1: config 9 interface 184 altsetting 4 bulk endpoint 0x6 has invalid maxpacket 1024
[  766.934618][ T5925] usb 1-1: too many endpoints for config 9 interface 8 altsetting 7: 37, using maximum allowed: 30
[  766.934673][ T5925] usb 1-1: config 9 interface 8 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  766.934722][ T5925] usb 1-1: config 9 interface 250 altsetting 5 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  766.934762][ T5925] usb 1-1: config 9 interface 250 altsetting 5 has a duplicate endpoint with address 0x2, skipping
[  766.934791][ T5925] usb 1-1: config 9 interface 250 altsetting 5 has a duplicate endpoint with address 0x88, skipping
[  766.934818][ T5925] usb 1-1: config 9 interface 250 altsetting 5 has a duplicate endpoint with address 0xF, skipping
[  766.934845][ T5925] usb 1-1: config 9 interface 250 altsetting 5 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  766.934874][ T5925] usb 1-1: config 9 interface 250 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  766.934956][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0x6, skipping
[  766.934984][ T5925] usb 1-1: config 9 interface 14 altsetting 129 endpoint 0xD has invalid maxpacket 22061, setting to 64
[  766.935017][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has an invalid descriptor for endpoint zero, skipping
[  766.935043][ T5925] usb 1-1: config 9 interface 14 altsetting 129 endpoint 0xE has invalid maxpacket 512, setting to 64
[  766.935074][ T5925] usb 1-1: config 9 interface 14 altsetting 129 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  766.935104][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0x3, skipping
[  766.938322][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0x2, skipping
[  766.938418][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has an invalid descriptor for endpoint zero, skipping
[  766.938445][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0x5, skipping
[  766.938494][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0xE, skipping
[  766.938577][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has a duplicate endpoint with address 0x5, skipping
[  766.938604][ T5925] usb 1-1: config 9 interface 14 altsetting 129 has 14 endpoint descriptors, different from the interface descriptor's value: 15
[  766.938716][ T5925] usb 1-1: config 9 interface 140 altsetting 166 has a duplicate endpoint with address 0x6, skipping
[  766.938758][ T5925] usb 1-1: config 9 interface 140 altsetting 166 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  766.938805][ T5925] usb 1-1: config 9 interface 184 has no altsetting 0
[  766.938860][ T5925] usb 1-1: config 9 interface 8 has no altsetting 0
[  766.938902][ T5925] usb 1-1: config 9 interface 250 has no altsetting 0
[  766.938924][ T5925] usb 1-1: config 9 interface 14 has no altsetting 0
[  766.938944][ T5925] usb 1-1: config 9 interface 140 has no altsetting 0
[  767.068274][ T5925] usb 1-1: New USB device found, idVendor=19d2, idProduct=1136, bcdDevice= 0.fc
[  767.068368][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  767.068432][ T5925] usb 1-1: Product: 춆濻뱞篂쥟炊딊㍶幩㝭钎秝嬮ᢒ穨▋륾ﻈ縰瀮対ﴤ⠉띻䆕峱᜕㠞襟㇢쭥Ꚇ뚡偆쾦뻻쵾᫫䏧犈혤쉱杼툴ਖﱔ⫠Ț櫙墣疌鿵杧膑棘뚳䰰ᕴ閮䜍急댒쥎킁兪闟煏ᜋ箋朌앞㔺귥䒖⚷퍥呡
[  767.068517][ T5925] usb 1-1: Manufacturer: ࿶菉龓꨿茜遅骥썭膙駽᠓ݙ峚䬲ؗ萫♪簘ඖ欛㯃瞾雽梥융ቇ뜼묲㿲ூ둧┽क़椭彖␌랦㝸魟킙䵝╂種⢐ﭣ卵傁閦냷떟ᕷ潕橼朷⊺䮡⺕䲁ꗱ鲟㐥콦퇨ㅩꌸ꫹㩇ꧮ泍㼑퍥踱쵕䦪嫛Ḓ徆군᪤魩祯꼀羫麸㎽㪥척Ÿ䋟匄ឧ堰ቧ츢豲鈀ꅪ
[  767.068620][ T5925] usb 1-1: SerialNumber: 䀊
[  767.439305][T22224] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  767.465413][  T945] usb 7-1: string descriptor 0 read error: -71
[  767.465481][  T945] uvcvideo 7-1:0.0: Found UVC 0.00 device <unnamed> (2833:0201)
[  767.465514][  T945] uvcvideo 7-1:0.0: No valid video chain found.
[  767.481258][  T945] usb 7-1: USB disconnect, device number 33
[  767.579531][T21070] veth0_macvtap: entered promiscuous mode
[  767.685890][T21070] veth1_macvtap: entered promiscuous mode
[  767.772713][T21070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  767.804435][T21070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  767.880818][T22224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  767.881400][T22224] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  767.931194][   T68] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  767.938021][   T68] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  767.953989][   T68] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  767.972126][   T68] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  768.186149][T21547] 8021q: adding VLAN 0 to HW filter on device batadv0
[  768.776883][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  768.776907][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  769.411116][  T818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  769.411141][  T818] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  769.535951][ T5925] option 1-1:9.184: GSM modem (1-port) converter detected
[  769.794170][ T5925] usb 1-1: USB disconnect, device number 84
[  769.863989][ T5925] option 1-1:9.184: device disconnected
[  770.246674][T21547] veth0_vlan: entered promiscuous mode
[  770.262528][T21547] veth1_vlan: entered promiscuous mode
[  770.277096][  T807] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  770.418388][  T807] usb 4-1: device descriptor read/64, error -71
[  770.675291][  T807] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  770.679929][T21547] veth0_macvtap: entered promiscuous mode
[  770.805297][  T807] usb 4-1: device descriptor read/64, error -71
[  770.896809][T21547] veth1_macvtap: entered promiscuous mode
[  770.918350][  T807] usb usb4-port1: attempt power cycle
[  771.235914][T22341] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.287131][  T807] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  771.316762][  T807] usb 4-1: device descriptor read/8, error -71
[  771.365517][T21547] batman_adv: batadv0: Interface activated: batadv_slave_0
[  771.396714][T21547] batman_adv: batadv0: Interface activated: batadv_slave_1
[  771.565372][  T807] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  771.616224][  T807] usb 4-1: device descriptor read/8, error -71
[  771.638967][T22341] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.707184][ T6227] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  771.708273][T22335] syzkaller1: entered promiscuous mode
[  771.708298][T22335] syzkaller1: entered allmulticast mode
[  771.710013][ T6227] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  771.711330][ T6227] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  771.711577][ T6227] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  771.735455][  T807] usb usb4-port1: unable to enumerate USB device
[  772.180450][T22341] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  772.358696][T22352] bond1: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  772.388279][T22352] bond1 (unregistering): Released all slaves
[  772.485644][   T10] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  772.655318][   T10] usb 1-1: Using ep0 maxpacket: 32
[  772.662670][   T10] usb 1-1: config 0 has an invalid interface number: 110 but max is 0
[  772.662701][   T10] usb 1-1: config 0 has no interface number 0
[  772.662750][   T10] usb 1-1: config 0 interface 110 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  772.662775][   T10] usb 1-1: config 0 interface 110 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  772.662804][   T10] usb 1-1: config 0 interface 110 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  772.662833][   T10] usb 1-1: config 0 interface 110 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  772.662860][   T10] usb 1-1: config 0 interface 110 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  772.662885][   T10] usb 1-1: config 0 interface 110 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  772.662911][   T10] usb 1-1: config 0 interface 110 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  772.780282][   T10] usb 1-1: New USB device found, idVendor=04fc, idProduct=0231, bcdDevice=6f.a9
[  772.780318][   T10] usb 1-1: New USB device strings: Mfr=1, Product=237, SerialNumber=2
[  772.780341][   T10] usb 1-1: Product: syz
[  772.780358][   T10] usb 1-1: Manufacturer: syz
[  772.780375][   T10] usb 1-1: SerialNumber: syz
[  772.828632][   T10] usb 1-1: config 0 descriptor??
[  772.845711][   T10] spcp8x5 1-1:0.110: SPCP8x5 converter detected
[  772.852670][   T10] usb 1-1: SPCP8x5 converter now attached to ttyUSB0
[  773.070530][T22341] netdevsim netdevsim5 netdevsim0 (unregistering): left allmulticast mode
[  773.133001][  T945] usb 1-1: USB disconnect, device number 85
[  773.188766][  T945] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0
[  773.189864][  T945] spcp8x5 1-1:0.110: device disconnected
[  773.219274][T22341] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  773.366920][   T10] usb 7-1: new full-speed USB device number 34 using dummy_hcd
[  773.579984][   T10] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  773.580034][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.580055][   T10] usb 7-1: Product: syz
[  773.580070][   T10] usb 7-1: Manufacturer: syz
[  773.580086][   T10] usb 7-1: SerialNumber: syz
[  773.669508][   T10] usb 7-1: config 0 descriptor??
[  774.291009][  T818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  774.291035][  T818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  774.371766][   T10] usb 7-1: Firmware version (0.0) predates our first public release.
[  774.371797][   T10] usb 7-1: Please update to version 0.2 or newer
[  774.401115][    T9] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  774.583370][    T9] usb 1-1: Using ep0 maxpacket: 8
[  774.600746][    T9] usb 1-1: config 0 interface 0 altsetting 144 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  774.600790][    T9] usb 1-1: config 0 interface 0 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0
[  774.600816][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  774.600859][    T9] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00
[  774.600878][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.658035][    T9] usb 1-1: config 0 descriptor??
[  774.769741][T22496] rdma_rxe: rxe_newlink: failed to add lo
[  774.913230][    T9] smartjoyplus 0003:6666:8804.000D: item fetching failed at offset 3/5
[  774.914066][    T9] smartjoyplus 0003:6666:8804.000D: parse failed
[  774.914145][    T9] smartjoyplus 0003:6666:8804.000D: probe with driver smartjoyplus failed with error -22
[  774.996561][   T10] usb 7-1: USB disconnect, device number 34
[  775.080880][T22508] FAULT_INJECTION: forcing a failure.
[  775.080880][T22508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  775.080920][T22508] CPU: 0 UID: 0 PID: 22508 Comm: syz.3.2788 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  775.080946][T22508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  775.080961][T22508] Call Trace:
[  775.080971][T22508]  <TASK>
[  775.080981][T22508]  dump_stack_lvl+0xe8/0x150
[  775.081022][T22508]  should_fail_ex+0x46b/0x600
[  775.081068][T22508]  _copy_from_user+0x2d/0xb0
[  775.081098][T22508]  snd_seq_write+0x314/0x830
[  775.081131][T22508]  ? __pfx_snd_seq_write+0x10/0x10
[  775.081159][T22508]  ? rw_verify_area+0x25b/0x4e0
[  775.081197][T22508]  vfs_writev+0x4c6/0x9a0
[  775.081224][T22508]  ? __pfx_snd_seq_write+0x10/0x10
[  775.081265][T22508]  ? __pfx_vfs_writev+0x10/0x10
[  775.081303][T22508]  ? __fget_files+0x2a/0x420
[  775.081341][T22508]  ? __fget_files+0x3a6/0x420
[  775.081369][T22508]  ? __fget_files+0x2a/0x420
[  775.081404][T22508]  do_writev+0x15a/0x2e0
[  775.081433][T22508]  ? __pfx_do_writev+0x10/0x10
[  775.081472][T22508]  do_syscall_64+0x14d/0xf80
[  775.081502][T22508]  ? trace_irq_disable+0x3b/0x150
[  775.081530][T22508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.081558][T22508]  ? clear_bhb_loop+0x40/0x90
[  775.081582][T22508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.081600][T22508] RIP: 0033:0x7fe08c43c799
[  775.081618][T22508] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  775.081635][T22508] RSP: 002b:00007fe08a68e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  775.081655][T22508] RAX: ffffffffffffffda RBX: 00007fe08c6b5fa0 RCX: 00007fe08c43c799
[  775.081669][T22508] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000003
[  775.081692][T22508] RBP: 00007fe08a68e090 R08: 0000000000000000 R09: 0000000000000000
[  775.081704][T22508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  775.081715][T22508] R13: 00007fe08c6b6038 R14: 00007fe08c6b5fa0 R15: 00007ffd210d2088
[  775.081745][T22508]  </TASK>
[  775.178827][  T945] usb 1-1: USB disconnect, device number 86
[  775.848942][   T57] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  775.854689][T22518] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  776.503422][ T6227] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.503450][ T6227] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.040376][   T12] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  777.100295][   T37] audit: type=1326 audit(1772618551.505:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.101476][   T37] audit: type=1326 audit(1772618551.505:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.101527][   T37] audit: type=1326 audit(1772618551.505:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f594a858bec code=0x7ffc0000
[  777.101576][   T37] audit: type=1326 audit(1772618551.505:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f594a858c4e code=0x7ffc0000
[  777.101625][   T37] audit: type=1326 audit(1772618551.505:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.173043][   T37] audit: type=1326 audit(1772618551.555:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f594a8594fb code=0x7ffc0000
[  777.173241][   T37] audit: type=1326 audit(1772618551.555:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.214321][   T37] audit: type=1326 audit(1772618551.605:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f594a85cfce code=0x7ffc0000
[  777.351380][   T37] audit: type=1326 audit(1772618551.755:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.351452][   T37] audit: type=1326 audit(1772618551.755:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22538 comm="syz.6.2794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f594a89c799 code=0x7ffc0000
[  777.447158][T22551] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2792'.
[  777.955460][   T10] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  778.105388][   T10] usb 7-1: device descriptor read/64, error -71
[  778.377214][   T10] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  778.541344][   T10] usb 7-1: device descriptor read/64, error -71
[  778.589989][T22341] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  778.648074][   T10] usb usb7-port1: attempt power cycle
[  779.115522][   T10] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  779.156312][   T10] usb 7-1: device descriptor read/8, error -71
[  779.335466][T22341] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  779.425586][   T10] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  779.464468][   T10] usb 7-1: device descriptor read/8, error -71
[  779.571113][   T10] usb usb7-port1: unable to enumerate USB device
[  781.232426][T22598] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  782.508244][T22609] FAULT_INJECTION: forcing a failure.
[  782.508244][T22609] name failslab, interval 1, probability 0, space 0, times 0
[  782.508283][T22609] CPU: 0 UID: 0 PID: 22609 Comm: syz.0.2804 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  782.508311][T22609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  782.508327][T22609] Call Trace:
[  782.508337][T22609]  <TASK>
[  782.508347][T22609]  dump_stack_lvl+0xe8/0x150
[  782.508389][T22609]  should_fail_ex+0x46b/0x600
[  782.508435][T22609]  should_failslab+0xa8/0x100
[  782.508475][T22609]  __kmalloc_cache_noprof+0x84/0x690
[  782.508544][T22609]  ? vmci_ctx_create+0xb7/0x630
[  782.508663][T22609]  vmci_ctx_create+0xb7/0x630
[  782.508685][T22609]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  782.508721][T22609]  ? mutex_lock_nested+0x152/0x1d0
[  782.508745][T22609]  ? vmci_host_unlocked_ioctl+0xcb6/0x2850
[  782.508814][T22609]  vmci_host_unlocked_ioctl+0x1c33/0x2850
[  782.508857][T22609]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  782.508925][T22609]  ? kasan_quarantine_put+0xbb/0x1f0
[  782.508969][T22609]  ? tomoyo_path_number_perm+0x219/0x630
[  782.509006][T22609]  ? tomoyo_path_number_perm+0x219/0x630
[  782.509210][T22609]  ? do_vfs_ioctl+0x117b/0x1540
[  782.509264][T22609]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  782.509305][T22609]  ? vfs_write+0x9ce/0xba0
[  782.509352][T22609]  ? __asan_memset+0x22/0x50
[  782.509383][T22609]  ? smack_file_ioctl+0x263/0x360
[  782.509417][T22609]  ? __pfx_smack_file_ioctl+0x10/0x10
[  782.509466][T22609]  ? ksys_write+0x202/0x270
[  782.509507][T22609]  ? bpf_lsm_file_ioctl+0x9/0x20
[  782.509534][T22609]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[  782.509567][T22609]  __se_sys_ioctl+0xff/0x170
[  782.509607][T22609]  do_syscall_64+0x14d/0xf80
[  782.509642][T22609]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.509668][T22609]  ? clear_bhb_loop+0x40/0x90
[  782.509698][T22609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  782.509725][T22609] RIP: 0033:0x7f008067c799
[  782.509750][T22609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  782.509772][T22609] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  782.509798][T22609] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  782.509815][T22609] RDX: 0000200000000500 RSI: 00000000000007a0 RDI: 0000000000000003
[  782.509831][T22609] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  782.509846][T22609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  782.509860][T22609] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  782.509898][T22609]  </TASK>
[  782.509959][T22609] Failed to allocate memory for VMCI context
[  786.791309][T22658] FAULT_INJECTION: forcing a failure.
[  786.791309][T22658] name failslab, interval 1, probability 0, space 0, times 0
[  786.791347][T22658] CPU: 0 UID: 0 PID: 22658 Comm: syz.0.2809 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  786.791373][T22658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  786.791387][T22658] Call Trace:
[  786.791397][T22658]  <TASK>
[  786.791408][T22658]  dump_stack_lvl+0xe8/0x150
[  786.791449][T22658]  should_fail_ex+0x46b/0x600
[  786.791494][T22658]  should_failslab+0xa8/0x100
[  786.791532][T22658]  __kmalloc_noprof+0xdf/0x7b0
[  786.791567][T22658]  ? tomoyo_encode+0x28b/0x550
[  786.791595][T22658]  tomoyo_encode+0x28b/0x550
[  786.791625][T22658]  tomoyo_realpath_from_path+0x58d/0x5d0
[  786.791661][T22658]  ? tomoyo_path_number_perm+0x219/0x630
[  786.791692][T22658]  tomoyo_path_number_perm+0x246/0x630
[  786.791728][T22658]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  786.791763][T22658]  ? __lock_acquire+0x6b5/0x2cf0
[  786.791822][T22658]  ? __fget_files+0x2a/0x420
[  786.791856][T22658]  ? __fget_files+0x2a/0x420
[  786.791884][T22658]  ? __fget_files+0x3a6/0x420
[  786.791913][T22658]  ? __fget_files+0x2a/0x420
[  786.791946][T22658]  security_file_ioctl+0xc3/0x2a0
[  786.791983][T22658]  __se_sys_ioctl+0x47/0x170
[  786.792023][T22658]  do_syscall_64+0x14d/0xf80
[  786.792056][T22658]  ? trace_irq_disable+0x3b/0x150
[  786.792083][T22658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.792117][T22658]  ? clear_bhb_loop+0x40/0x90
[  786.792146][T22658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.792170][T22658] RIP: 0033:0x7f008067c799
[  786.792193][T22658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  786.792214][T22658] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  786.792239][T22658] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  786.792257][T22658] RDX: 0000200000000000 RSI: 0000000000004b72 RDI: 0000000000000003
[  786.792272][T22658] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  786.792287][T22658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  786.792300][T22658] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  786.792337][T22658]  </TASK>
[  786.792360][T22658] ERROR: Out of memory at tomoyo_realpath_from_path.
[  786.985316][T13239] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  787.135424][T13239] usb 4-1: Using ep0 maxpacket: 32
[  787.138125][T13239] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[  787.138155][T13239] usb 4-1: config 0 has no interface number 0
[  787.138204][T13239] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  787.141216][T13239] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  787.141249][T13239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.141272][T13239] usb 4-1: Product: syz
[  787.141288][T13239] usb 4-1: Manufacturer: syz
[  787.141305][T13239] usb 4-1: SerialNumber: syz
[  787.173719][T13239] usb 4-1: config 0 descriptor??
[  787.220310][T22650] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  787.341336][T22668] netlink: 'syz.7.2813': attribute type 62 has an invalid length.
[  787.476395][T22674] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  788.234563][T22681] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  788.921854][T13239] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  788.922155][T13239] asix 4-1:0.188: probe with driver asix failed with error -32
[  789.275295][   T10] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  789.929296][   T10] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[  789.929329][   T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253
[  789.946803][   T10] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[  789.946900][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.946985][   T10] usb 1-1: Product: syz
[  789.947028][   T10] usb 1-1: Manufacturer: syz
[  789.947078][   T10] usb 1-1: SerialNumber: syz
[  790.034234][   T10] usb 1-1: config 0 descriptor??
[  790.060987][   T10] gspca_main: sunplus-2.14.0 probing 055f:c630
[  790.417861][T13239] usb 4-1: USB disconnect, device number 87
[  790.850494][T22722] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2822'.
[  790.857114][   T10] gspca_sunplus: reg_r err -71
[  790.857209][   T10] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  790.920407][   T10] usb 1-1: USB disconnect, device number 87
[  791.179485][T22741] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  791.370096][T22722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  791.489752][   T31] kernel write not supported for file /sg0 (pid: 31 comm: kworker/1:0)
[  791.494132][T22746] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  792.192026][T22756] netlink: 'syz.6.2829': attribute type 83 has an invalid length.
[  792.379155][T22763] openvswitch: netlink: Multiple metadata blocks provided
[  792.470648][T22771] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  792.819168][T22781] vivid-003: disconnect
[  793.879495][T22780] vivid-003: reconnect
[  794.432361][T22803] tipc: Enabling of bearer <eth:vlan0> rejected, already enabled
[  796.513394][ T5925] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  796.626775][T22829] netlink: 48 bytes leftover after parsing attributes in process `syz.7.2844'.
[  796.638383][T22829] netlink: 36 bytes leftover after parsing attributes in process `syz.7.2844'.
[  796.716248][ T5852] kernel write not supported for file /sg0 (pid: 5852 comm: kworker/1:3)
[  797.434225][ T5925] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  797.454745][ T5925] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  797.454777][ T5925] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  797.455779][ T5925] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  797.455815][ T5925] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7
[  797.455851][ T5925] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024
[  797.735792][ T5925] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  797.735826][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  797.735848][ T5925] usb 1-1: Product: syz
[  797.735864][ T5925] usb 1-1: Manufacturer: syz
[  798.198614][ T5925] usb 1-1: can't set config #1, error -71
[  798.237237][ T5925] usb 1-1: USB disconnect, device number 88
[  798.321024][T22857] vivid-002: disconnect
[  798.337074][T22850] vivid-002: reconnect
[  798.666444][T22870] tipc: Started in network mode
[  798.666482][T22870] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  798.666874][T22870] tipc: Enabled bearer <eth:vlan0>, priority 14
[  799.197998][T22886] FAULT_INJECTION: forcing a failure.
[  799.197998][T22886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  799.198031][T22886] CPU: 1 UID: 0 PID: 22886 Comm: syz.0.2858 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  799.198052][T22886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  799.198063][T22886] Call Trace:
[  799.198071][T22886]  <TASK>
[  799.198079][T22886]  dump_stack_lvl+0xe8/0x150
[  799.198119][T22886]  should_fail_ex+0x46b/0x600
[  799.198154][T22886]  _copy_to_user+0x31/0xb0
[  799.198182][T22886]  simple_read_from_buffer+0xe1/0x170
[  799.198214][T22886]  proc_fail_nth_read+0x1be/0x230
[  799.198239][T22886]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  799.198263][T22886]  ? rw_verify_area+0x2ac/0x4e0
[  799.198289][T22886]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  799.198311][T22886]  vfs_read+0x212/0xa80
[  799.198343][T22886]  ? __pfx_vfs_read+0x10/0x10
[  799.198371][T22886]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  799.198397][T22886]  ? lockdep_hardirqs_on+0x7a/0x110
[  799.198422][T22886]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  799.198448][T22886]  ? mutex_lock_nested+0x152/0x1d0
[  799.198466][T22886]  ? fdget_pos+0x252/0x320
[  799.198496][T22886]  ksys_read+0x156/0x270
[  799.198523][T22886]  ? __pfx_ksys_read+0x10/0x10
[  799.198558][T22886]  do_syscall_64+0x14d/0xf80
[  799.198582][T22886]  ? trace_irq_disable+0x3b/0x150
[  799.198604][T22886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.198623][T22886]  ? clear_bhb_loop+0x40/0x90
[  799.198645][T22886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.198670][T22886] RIP: 0033:0x7f008063cfce
[  799.198689][T22886] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  799.198705][T22886] RSP: 002b:00007f007e8cdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  799.198725][T22886] RAX: ffffffffffffffda RBX: 00007f007e8ce6c0 RCX: 00007f008063cfce
[  799.198739][T22886] RDX: 000000000000000f RSI: 00007f007e8ce0a0 RDI: 0000000000000003
[  799.198750][T22886] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  799.198762][T22886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  799.198773][T22886] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  799.198801][T22886]  </TASK>
[  799.806575][ T5852] tipc: Node number set to 10005162
[  800.549638][T22894] netlink: 'syz.0.2860': attribute type 1 has an invalid length.
[  800.559452][T22894] tmpfs: Bad value for 'smackfsroot'
[  801.772257][T22927] FAULT_INJECTION: forcing a failure.
[  801.772257][T22927] name failslab, interval 1, probability 0, space 0, times 0
[  801.772296][T22927] CPU: 1 UID: 0 PID: 22927 Comm: syz.0.2866 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  801.772323][T22927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  801.772338][T22927] Call Trace:
[  801.772347][T22927]  <TASK>
[  801.772357][T22927]  dump_stack_lvl+0xe8/0x150
[  801.772399][T22927]  should_fail_ex+0x46b/0x600
[  801.772444][T22927]  should_failslab+0xa8/0x100
[  801.772492][T22927]  kmem_cache_alloc_noprof+0x87/0x680
[  801.772526][T22927]  ? rcu_is_watching+0x15/0xb0
[  801.772549][T22927]  ? security_file_alloc+0x34/0x310
[  801.772588][T22927]  security_file_alloc+0x34/0x310
[  801.772622][T22927]  init_file+0x96/0x2d0
[  801.772651][T22927]  alloc_empty_file+0x6e/0x1d0
[  801.772680][T22927]  path_openat+0x11b/0x38a0
[  801.772713][T22927]  ? count_memcg_event_mm+0x21/0x260
[  801.772754][T22927]  ? try_to_take_rt_mutex+0x840/0xb00
[  801.772784][T22927]  ? count_memcg_event_mm+0x21/0x260
[  801.772826][T22927]  ? rtlock_slowlock_locked+0xfb/0x3c80
[  801.772872][T22927]  ? __pfx_path_openat+0x10/0x10
[  801.772908][T22927]  ? __lock_acquire+0x6b5/0x2cf0
[  801.772945][T22927]  ? do_raw_spin_lock+0x12b/0x2f0
[  801.772987][T22927]  do_file_open+0x23e/0x4a0
[  801.773021][T22927]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  801.773058][T22927]  ? __pfx_do_file_open+0x10/0x10
[  801.773090][T22927]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  801.773141][T22927]  ? alloc_fd+0x64e/0x6c0
[  801.773182][T22927]  do_sys_openat2+0x113/0x200
[  801.773213][T22927]  ? __pfx_do_sys_openat2+0x10/0x10
[  801.773242][T22927]  ? ksys_write+0x248/0x270
[  801.773279][T22927]  ? __pfx_ksys_write+0x10/0x10
[  801.773319][T22927]  __x64_sys_creat+0x8f/0xc0
[  801.773353][T22927]  do_syscall_64+0x14d/0xf80
[  801.773386][T22927]  ? trace_irq_disable+0x3b/0x150
[  801.773413][T22927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.773439][T22927]  ? clear_bhb_loop+0x40/0x90
[  801.773469][T22927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.773493][T22927] RIP: 0033:0x7f008067c799
[  801.773516][T22927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  801.773536][T22927] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  801.773561][T22927] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  801.773579][T22927] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  801.773594][T22927] RBP: 00007f007e8ce090 R08: 0000000000000000 R09: 0000000000000000
[  801.773610][T22927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  801.773625][T22927] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  801.773660][T22927]  </TASK>
[  802.241392][T22929] tipc: Started in network mode
[  802.241427][T22929] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  802.244384][T22929] tipc: Enabled bearer <eth:vlan0>, priority 14
[  802.467624][T22948] ������: renamed from vlan0 (while UP)
[  802.548719][T22948] tipc: Disabling bearer <eth:vlan0>
[  803.355377][ T5925] tipc: Node number set to 10005162
[  804.628973][T22981] FAULT_INJECTION: forcing a failure.
[  804.628973][T22981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  804.629001][T22981] CPU: 0 UID: 0 PID: 22981 Comm: syz.6.2878 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  804.629021][T22981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  804.629031][T22981] Call Trace:
[  804.629037][T22981]  <TASK>
[  804.629045][T22981]  dump_stack_lvl+0xe8/0x150
[  804.629074][T22981]  should_fail_ex+0x46b/0x600
[  804.629106][T22981]  _copy_from_user+0x2d/0xb0
[  804.629134][T22981]  dev_ethtool+0xcf/0x1ae0
[  804.629163][T22981]  ? kasan_quarantine_put+0xbb/0x1f0
[  804.629189][T22981]  ? __pfx_dev_ethtool+0x10/0x10
[  804.629219][T22981]  ? dev_load+0x21/0x1f0
[  804.629308][T22981]  ? dev_load+0x21/0x1f0
[  804.629327][T22981]  dev_ioctl+0x392/0x1150
[  804.629349][T22981]  sock_do_ioctl+0x23e/0x320
[  804.629368][T22981]  ? __pfx_sock_do_ioctl+0x10/0x10
[  804.629388][T22981]  ? __asan_memset+0x22/0x50
[  804.629409][T22981]  ? smack_file_ioctl+0x263/0x360
[  804.629434][T22981]  sock_ioctl+0x5c9/0x7f0
[  804.629452][T22981]  ? __pfx_sock_ioctl+0x10/0x10
[  804.629468][T22981]  ? __fget_files+0x2a/0x420
[  804.629488][T22981]  ? __fget_files+0x3a6/0x420
[  804.629507][T22981]  ? __fget_files+0x2a/0x420
[  804.629529][T22981]  ? bpf_lsm_file_ioctl+0x9/0x20
[  804.629546][T22981]  ? __pfx_sock_ioctl+0x10/0x10
[  804.629562][T22981]  __se_sys_ioctl+0xff/0x170
[  804.629589][T22981]  do_syscall_64+0x14d/0xf80
[  804.629619][T22981]  ? trace_irq_disable+0x3b/0x150
[  804.629640][T22981]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.629658][T22981]  ? clear_bhb_loop+0x40/0x90
[  804.629678][T22981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.629695][T22981] RIP: 0033:0x7f594a89c799
[  804.629710][T22981] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  804.629725][T22981] RSP: 002b:00007f5948af6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  804.629742][T22981] RAX: ffffffffffffffda RBX: 00007f594ab15fa0 RCX: 00007f594a89c799
[  804.629755][T22981] RDX: 00002000000003c0 RSI: 0000000000008946 RDI: 0000000000000003
[  804.629766][T22981] RBP: 00007f5948af6090 R08: 0000000000000000 R09: 0000000000000000
[  804.629777][T22981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  804.629787][T22981] R13: 00007f594ab16038 R14: 00007f594ab15fa0 R15: 00007ffd57b9d538
[  804.629812][T22981]  </TASK>
[  805.216013][T22988] tipc: Enabling of bearer <eth:vlan0> rejected, failed to enable media
[  805.971532][T23023] 9p: Bad value for 'rfdno'
[  806.710792][T23030] FAULT_INJECTION: forcing a failure.
[  806.710792][T23030] name failslab, interval 1, probability 0, space 0, times 0
[  806.710856][T23030] CPU: 0 UID: 0 PID: 23030 Comm: syz.0.2889 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  806.710885][T23030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  806.710899][T23030] Call Trace:
[  806.710908][T23030]  <TASK>
[  806.710919][T23030]  dump_stack_lvl+0xe8/0x150
[  806.710969][T23030]  should_fail_ex+0x46b/0x600
[  806.711001][T23030]  should_failslab+0xa8/0x100
[  806.711030][T23030]  kmem_cache_alloc_noprof+0x87/0x680
[  806.711056][T23030]  ? security_file_alloc+0x34/0x310
[  806.711083][T23030]  security_file_alloc+0x34/0x310
[  806.711108][T23030]  init_file+0x96/0x2d0
[  806.711129][T23030]  alloc_empty_file+0x6e/0x1d0
[  806.711149][T23030]  path_openat+0x11b/0x38a0
[  806.711176][T23030]  ? rcu_is_watching+0x15/0xb0
[  806.711195][T23030]  ? trace_sched_exit_tp+0x3a/0x150
[  806.711215][T23030]  ? __schedule+0x1569/0x5240
[  806.711253][T23030]  ? __pfx_path_openat+0x10/0x10
[  806.711279][T23030]  ? __pfx___schedule+0x10/0x10
[  806.711301][T23030]  ? lockdep_hardirqs_on+0x7a/0x110
[  806.711323][T23030]  ? irqentry_exit+0x59e/0x620
[  806.711344][T23030]  ? rcu_is_watching+0x15/0xb0
[  806.711367][T23030]  ? preempt_schedule_thunk+0x16/0x30
[  806.711391][T23030]  do_file_open+0x23e/0x4a0
[  806.711419][T23030]  ? __pfx_do_file_open+0x10/0x10
[  806.711449][T23030]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  806.711487][T23030]  ? alloc_fd+0x64e/0x6c0
[  806.711515][T23030]  do_sys_openat2+0x113/0x200
[  806.711536][T23030]  ? __pfx___schedule+0x10/0x10
[  806.711557][T23030]  ? __pfx_do_sys_openat2+0x10/0x10
[  806.711587][T23030]  __x64_sys_openat+0x138/0x170
[  806.711611][T23030]  do_syscall_64+0x14d/0xf80
[  806.711634][T23030]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.711651][T23030]  ? clear_bhb_loop+0x40/0x90
[  806.711672][T23030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  806.711688][T23030] RIP: 0033:0x7f008063cfce
[  806.711704][T23030] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  806.711719][T23030] RSP: 002b:00007f007e8acec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  806.711737][T23030] RAX: ffffffffffffffda RBX: 00007f007e8ad6c0 RCX: 00007f008063cfce
[  806.711750][T23030] RDX: 0000000000000002 RSI: 00007f007e8acf90 RDI: ffffffffffffff9c
[  806.711762][T23030] RBP: 00007f007e8ad090 R08: 0000000000000000 R09: 0000000000000000
[  806.711772][T23030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  806.711788][T23030] R13: 00007f00808f6128 R14: 00007f00808f6090 R15: 00007ffeed7919e8
[  806.711814][T23030]  </TASK>
[  808.021737][T23029] vivid-001: disconnect
[  809.065963][T23027] vivid-001: reconnect
[  809.448119][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  809.448196][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  811.057074][T23066] 9p: Bad value for 'rfdno'
[  811.242392][T23071] FAULT_INJECTION: forcing a failure.
[  811.242392][T23071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  811.242432][T23071] CPU: 0 UID: 0 PID: 23071 Comm: syz.7.2900 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  811.242458][T23071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  811.242474][T23071] Call Trace:
[  811.242484][T23071]  <TASK>
[  811.242495][T23071]  dump_stack_lvl+0xe8/0x150
[  811.242536][T23071]  should_fail_ex+0x46b/0x600
[  811.242583][T23071]  _copy_from_iter+0x1d3/0x1670
[  811.242620][T23071]  ? trace_kmem_cache_alloc+0x29/0xf0
[  811.242653][T23071]  ? __alloc_skb+0x27d/0x7d0
[  811.242683][T23071]  ? __pfx__copy_from_iter+0x10/0x10
[  811.242708][T23071]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  811.242752][T23071]  ? __alloc_skb+0x27d/0x7d0
[  811.242786][T23071]  ? netlink_sendmsg+0x650/0xb40
[  811.242812][T23071]  ? skb_put+0x11b/0x210
[  811.242846][T23071]  netlink_sendmsg+0x6c0/0xb40
[  811.242882][T23071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  811.242918][T23071]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  811.242958][T23071]  ____sys_sendmsg+0xa4e/0xac0
[  811.243000][T23071]  ? __pfx_____sys_sendmsg+0x10/0x10
[  811.243044][T23071]  ? import_iovec+0x73/0xa0
[  811.243082][T23071]  ___sys_sendmsg+0x2a5/0x360
[  811.243122][T23071]  ? __pfx____sys_sendmsg+0x10/0x10
[  811.243194][T23071]  ? __fget_files+0x2a/0x420
[  811.243222][T23071]  ? __fget_files+0x3a6/0x420
[  811.243255][T23071]  __x64_sys_sendmsg+0x1c3/0x2a0
[  811.243294][T23071]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  811.243344][T23071]  ? __pfx_ksys_write+0x10/0x10
[  811.243407][T23071]  do_syscall_64+0x14d/0xf80
[  811.243442][T23071]  ? trace_irq_disable+0x3b/0x150
[  811.243469][T23071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.243494][T23071]  ? clear_bhb_loop+0x40/0x90
[  811.243524][T23071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.243549][T23071] RIP: 0033:0x7f3b517dc799
[  811.243572][T23071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  811.243593][T23071] RSP: 002b:00007f3b4fa36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  811.243618][T23071] RAX: ffffffffffffffda RBX: 00007f3b51a55fa0 RCX: 00007f3b517dc799
[  811.243635][T23071] RDX: 0000000004008054 RSI: 0000200000000200 RDI: 0000000000000004
[  811.243651][T23071] RBP: 00007f3b4fa36090 R08: 0000000000000000 R09: 0000000000000000
[  811.243665][T23071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  811.243679][T23071] R13: 00007f3b51a56038 R14: 00007f3b51a55fa0 R15: 00007fff67e76d08
[  811.243725][T23071]  </TASK>
[  811.687251][T23076] overlayfs: failed to resolve './file1': -2
[  812.565451][ T5925] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  812.692005][T23089] vivid-001: disconnect
[  812.725273][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  812.728200][ T5925] usb 7-1: config 0 has an invalid interface number: 188 but max is 0
[  812.728232][ T5925] usb 7-1: config 0 has no interface number 0
[  812.728282][ T5925] usb 7-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  812.732871][ T5925] usb 7-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  812.732906][ T5925] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.732930][ T5925] usb 7-1: Product: syz
[  812.732946][ T5925] usb 7-1: Manufacturer: syz
[  812.732963][ T5925] usb 7-1: SerialNumber: syz
[  812.823148][ T5925] usb 7-1: config 0 descriptor??
[  812.832406][T23079] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  812.952955][T23088] vivid-001: reconnect
[  814.883123][ T5925] asix 7-1:0.188: probe with driver asix failed with error -71
[  814.946624][ T5925] usb 7-1: USB disconnect, device number 39
[  815.388570][T23137] overlayfs: failed to resolve './file1': -2
[  816.604678][T23151] vivid-001: disconnect
[  816.738745][T23149] vivid-001: reconnect
[  817.435284][   T31] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  817.588210][   T31] usb 4-1: Using ep0 maxpacket: 16
[  817.616515][   T31] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  817.616551][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.616575][   T31] usb 4-1: Product: syz
[  817.616592][   T31] usb 4-1: Manufacturer: syz
[  817.616608][   T31] usb 4-1: SerialNumber: syz
[  817.665091][   T31] usb 4-1: config 0 descriptor??
[  817.705632][ T5800] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  817.878093][ T5800] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  817.878158][ T5800] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  817.878188][ T5800] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.902512][ T5800] usb 6-1: config 0 descriptor??
[  818.000714][ T5800] pwc: Askey VC010 type 2 USB webcam detected.
[  818.003537][T23169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  818.068689][T23169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  818.195698][   T31] dvb_usb_dtv5100 4-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  818.220229][ T5800] pwc: send_video_command error -71
[  818.220245][ T5800] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  818.220331][ T5800] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  818.262718][ T5800] usb 6-1: USB disconnect, device number 50
[  819.299382][   T31] usb 4-1: USB disconnect, device number 88
[  819.578548][T23232] overlayfs: failed to resolve './file0': -2
[  819.834508][T23242] vivid-001: disconnect
[  819.884398][T23234] vivid-001: reconnect
[  824.993185][T23285] overlayfs: failed to resolve './file0': -2
[  825.165408][ T5852] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  825.295343][ T5852] usb 6-1: device descriptor read/64, error -71
[  825.325734][   T10] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  825.491401][   T10] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  825.491438][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.535405][ T5852] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  825.554901][   T10] usb 4-1: config 0 descriptor??
[  825.572729][   T10] gspca_main: cpia1-2.14.0 probing 0813:0001
[  825.665801][ T5852] usb 6-1: device descriptor read/64, error -71
[  825.775747][ T5852] usb usb6-port1: attempt power cycle
[  825.939571][ T5925] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  826.407564][ T5852] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  826.526978][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  826.544906][T23287] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  826.558773][ T5852] usb 6-1: device descriptor read/8, error -71
[  826.571956][ T5925] usb 7-1: unable to get BOS descriptor or descriptor too short
[  826.572044][ T5925] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  826.572484][   T10] cpia1 4-1:0.0: unexpected state after lo power cmd: 01
[  826.575076][ T5925] usb 7-1: unable to read config index 0 descriptor/start: -61
[  826.581781][ T5925] usb 7-1: can't read configurations, error -61
[  826.725448][ T5925] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  826.795492][ T5852] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  826.866197][ T5852] usb 6-1: device descriptor read/8, error -71
[  826.886969][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  826.890499][ T5925] usb 7-1: unable to get BOS descriptor or descriptor too short
[  826.890563][ T5925] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  826.893113][ T5925] usb 7-1: unable to read config index 0 descriptor/start: -61
[  826.893140][ T5925] usb 7-1: can't read configurations, error -61
[  826.893561][ T5925] usb usb7-port1: attempt power cycle
[  826.979351][ T5852] usb usb6-port1: unable to enumerate USB device
[  827.018977][T23287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  827.021413][T23287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  827.093709][   T10] gspca_cpia1: usb_control_msg 02, error -71
[  827.094160][   T10] gspca_cpia1: usb_control_msg 05, error -71
[  827.094178][   T10] cpia1 4-1:0.0: unexpected systemstate: 01
[  827.110948][   T10] usb 4-1: USB disconnect, device number 89
[  827.227345][T23315] netlink: 'syz.0.2949': attribute type 1 has an invalid length.
[  827.234146][T23315] GUP no longer grows the stack in syz.0.2949 (23315): 200000005000-200000008000 (200000004000)
[  827.234190][T23315] CPU: 1 UID: 0 PID: 23315 Comm: syz.0.2949 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  827.234212][T23315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  827.234224][T23315] Call Trace:
[  827.234231][T23315]  <TASK>
[  827.234239][T23315]  dump_stack_lvl+0xe8/0x150
[  827.234274][T23315]  __get_user_pages+0x22b6/0x2800
[  827.234377][T23315]  ? __gup_longterm_locked+0xc4e/0x1630
[  827.234418][T23315]  __gup_longterm_locked+0xdcf/0x1630
[  827.234463][T23315]  gup_fast_fallback+0x1cf1/0x2240
[  827.234497][T23315]  ? trace_sched_exit_tp+0x3a/0x150
[  827.234532][T23315]  ? __pfx_gup_fast_fallback+0x10/0x10
[  827.234560][T23315]  ? is_valid_gup_args+0x11f/0x200
[  827.234587][T23315]  ? get_user_pages_fast+0x4d/0xb0
[  827.234614][T23315]  get_futex_key+0x962/0x1690
[  827.234646][T23315]  ? futex_unqueue+0x22/0x240
[  827.234671][T23315]  ? futex_unqueue+0x22/0x240
[  827.234697][T23315]  ? __pfx_get_futex_key+0x10/0x10
[  827.234720][T23315]  ? futex_unqueue+0x211/0x240
[  827.234807][T23315]  ? __futex_wait+0x1fe/0x420
[  827.234828][T23315]  ? __futex_wait+0x373/0x420
[  827.234855][T23315]  futex_requeue+0x23d/0x1bb0
[  827.234875][T23315]  ? __pfx___futex_wait+0x10/0x10
[  827.234906][T23315]  ? try_to_wake_up+0x7fc/0x1380
[  827.234931][T23315]  ? __pfx_futex_requeue+0x10/0x10
[  827.234959][T23315]  ? futex_wait+0x29a/0x380
[  827.234983][T23315]  ? __pfx_futex_wait+0x10/0x10
[  827.235008][T23315]  ? fdget+0x13f/0x1f0
[  827.235032][T23315]  ? map_update_elem+0x3aa/0x9d0
[  827.235060][T23315]  do_futex+0x362/0x420
[  827.235082][T23315]  ? __pfx_do_futex+0x10/0x10
[  827.235096][T23315]  ? vm_mmap_pgoff+0x3b4/0x4f0
[  827.235179][T23315]  __se_sys_futex+0x3a8/0x450
[  827.235211][T23315]  ? __pfx___se_sys_futex+0x10/0x10
[  827.235234][T23315]  ? rcu_is_watching+0x15/0xb0
[  827.235268][T23315]  ? __x64_sys_futex+0x21/0xf0
[  827.235295][T23315]  do_syscall_64+0x14d/0xf80
[  827.235330][T23315]  ? trace_irq_disable+0x3b/0x150
[  827.235368][T23315]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.235387][T23315]  ? clear_bhb_loop+0x40/0x90
[  827.235409][T23315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.235442][T23315] RIP: 0033:0x7f008067c799
[  827.235460][T23315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  827.235476][T23315] RSP: 002b:00007f007e8ce028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  827.235495][T23315] RAX: ffffffffffffffda RBX: 00007f00808f5fa0 RCX: 00007f008067c799
[  827.235508][T23315] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000200000004000
[  827.235520][T23315] RBP: 00007f0080712bd9 R08: 0000000000000000 R09: 0000000000000000
[  827.235531][T23315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  827.235541][T23315] R13: 00007f00808f6038 R14: 00007f00808f5fa0 R15: 00007ffeed7919e8
[  827.235568][T23315]  </TASK>
[  827.245332][ T5925] usb 7-1: new high-speed USB device number 42 using dummy_hcd
[  827.266989][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  827.270036][ T5925] usb 7-1: unable to get BOS descriptor or descriptor too short
[  827.270122][ T5925] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  827.297926][ T5925] usb 7-1: unable to read config index 0 descriptor/start: -61
[  827.297969][ T5925] usb 7-1: can't read configurations, error -61
[  827.675476][ T5925] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[  827.697067][ T5925] usb 7-1: Using ep0 maxpacket: 32
[  827.699509][ T5925] usb 7-1: unable to get BOS descriptor or descriptor too short
[  827.699595][ T5925] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  827.701604][ T5925] usb 7-1: unable to read config index 0 descriptor/start: -61
[  827.701643][ T5925] usb 7-1: can't read configurations, error -61
[  827.702038][ T5925] usb usb7-port1: unable to enumerate USB device
[  827.869908][T23338] syz_tun: entered allmulticast mode
[  828.021342][T23338] netlink: 'syz.3.2951': attribute type 1 has an invalid length.
[  828.021379][T23338] netlink: 'syz.3.2951': attribute type 2 has an invalid length.
[  828.041374][T23332] syz_tun: left allmulticast mode
[  829.532814][T23366] overlayfs: failed to resolve './file0': -2
[  830.856983][T23386] FAULT_INJECTION: forcing a failure.
[  830.856983][T23386] name failslab, interval 1, probability 0, space 0, times 0
[  830.857024][T23386] CPU: 0 UID: 0 PID: 23386 Comm: syz.5.2960 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  830.857051][T23386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  830.857067][T23386] Call Trace:
[  830.857076][T23386]  <TASK>
[  830.857087][T23386]  dump_stack_lvl+0xe8/0x150
[  830.857129][T23386]  should_fail_ex+0x46b/0x600
[  830.857174][T23386]  should_failslab+0xa8/0x100
[  830.857214][T23386]  __kmalloc_noprof+0xdf/0x7b0
[  830.857250][T23386]  ? process_vm_rw+0x3f9/0xba0
[  830.857279][T23386]  ? iovec_from_user+0x1ba/0x250
[  830.857312][T23386]  process_vm_rw+0x3f9/0xba0
[  830.857345][T23386]  ? __lock_acquire+0x6b5/0x2cf0
[  830.857374][T23386]  ? __pfx_process_vm_rw+0x10/0x10
[  830.857417][T23386]  ? do_raw_spin_lock+0x12b/0x2f0
[  830.857460][T23386]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  830.857494][T23386]  ? lockdep_hardirqs_on+0x7a/0x110
[  830.857548][T23386]  ? ksys_write+0x248/0x270
[  830.857584][T23386]  ? __pfx_ksys_write+0x10/0x10
[  830.857623][T23386]  __x64_sys_process_vm_writev+0xe0/0x100
[  830.857661][T23386]  do_syscall_64+0x14d/0xf80
[  830.857693][T23386]  ? trace_irq_disable+0x3b/0x150
[  830.857720][T23386]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.857745][T23386]  ? clear_bhb_loop+0x40/0x90
[  830.857773][T23386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  830.857798][T23386] RIP: 0033:0x7fdc818dc799
[  830.857820][T23386] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  830.857841][T23386] RSP: 002b:00007fdc7fb36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[  830.857865][T23386] RAX: ffffffffffffffda RBX: 00007fdc81b55fa0 RCX: 00007fdc818dc799
[  830.857883][T23386] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000377
[  830.857898][T23386] RBP: 00007fdc7fb36090 R08: 000000000000023a R09: 0000000000000000
[  830.857913][T23386] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001
[  830.857928][T23386] R13: 00007fdc81b56038 R14: 00007fdc81b55fa0 R15: 00007fff712be098
[  830.857973][T23386]  </TASK>
[  832.737497][T23408] FAULT_INJECTION: forcing a failure.
[  832.737497][T23408] name failslab, interval 1, probability 0, space 0, times 0
[  832.737539][T23408] CPU: 0 UID: 0 PID: 23408 Comm: syz.6.2967 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  832.737566][T23408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  832.737581][T23408] Call Trace:
[  832.737591][T23408]  <TASK>
[  832.737602][T23408]  dump_stack_lvl+0xe8/0x150
[  832.737645][T23408]  should_fail_ex+0x46b/0x600
[  832.737693][T23408]  should_failslab+0xa8/0x100
[  832.737735][T23408]  kmem_cache_alloc_noprof+0x87/0x680
[  832.737771][T23408]  ? vm_area_dup+0x2b/0x670
[  832.737801][T23408]  vm_area_dup+0x2b/0x670
[  832.737840][T23408]  __split_vma+0x1e4/0xa30
[  832.737886][T23408]  ? __pfx___split_vma+0x10/0x10
[  832.737922][T23408]  ? mas_find+0xb0e/0xd30
[  832.738030][T23408]  vms_gather_munmap_vmas+0x4fa/0x1370
[  832.738082][T23408]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  832.738138][T23408]  ? mas_find+0xa7d/0xd30
[  832.738179][T23408]  mmap_region+0x87f/0x2230
[  832.738217][T23408]  ? is_bpf_text_address+0x26/0x2b0
[  832.738258][T23408]  ? __pfx_mmap_region+0x10/0x10
[  832.738286][T23408]  ? unwind_get_return_address+0x4d/0x90
[  832.738312][T23408]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  832.738346][T23408]  ? arch_stack_walk+0xfb/0x150
[  832.738463][T23408]  ? stack_trace_save+0xa9/0x100
[  832.738494][T23408]  ? __pfx_stack_trace_save+0x10/0x10
[  832.738624][T23408]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  832.738674][T23408]  ? cap_mmap_addr+0xaf/0x100
[  832.738755][T23408]  ? bpf_lsm_mmap_addr+0x9/0x50
[  832.738777][T23408]  ? security_mmap_addr+0x71/0x240
[  832.738815][T23408]  ? shmem_mapping+0xd/0x50
[  832.738879][T23408]  ? memfd_check_seals_mmap+0xcb/0x210
[  832.738913][T23408]  do_mmap+0xc2f/0x10c0
[  832.738953][T23408]  ? lockdep_hardirqs_on+0x7a/0x110
[  832.738988][T23408]  ? __pfx_do_mmap+0x10/0x10
[  832.739019][T23408]  ? rwbase_write_lock+0x568/0x730
[  832.739071][T23408]  vm_mmap_pgoff+0x2cc/0x4f0
[  832.739115][T23408]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  832.739155][T23408]  ? __fget_files+0x2a/0x420
[  832.739184][T23408]  ? __fget_files+0x3a6/0x420
[  832.739227][T23408]  ? __fget_files+0x2a/0x420
[  832.739273][T23408]  ksys_mmap_pgoff+0x4e8/0x720
[  832.739309][T23408]  ? __x64_sys_mmap+0x7f/0x140
[  832.739348][T23408]  do_syscall_64+0x14d/0xf80
[  832.739388][T23408]  ? trace_irq_disable+0x3b/0x150
[  832.739417][T23408]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.739450][T23408]  ? clear_bhb_loop+0x40/0x90
[  832.739480][T23408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.739504][T23408] RIP: 0033:0x7f594a89c799
[  832.739529][T23408] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  832.739550][T23408] RSP: 002b:00007f5948af6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  832.739575][T23408] RAX: ffffffffffffffda RBX: 00007f594ab15fa0 RCX: 00007f594a89c799
[  832.739593][T23408] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  832.739609][T23408] RBP: 00007f5948af6090 R08: 0000000000000003 R09: 0000000100002000
[  832.739626][T23408] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  832.739641][T23408] R13: 00007f594ab16038 R14: 00007f594ab15fa0 R15: 00007ffd57b9d538
[  832.739683][T23408]  </TASK>
[  832.836838][T23411] overlayfs: failed to resolve './file0': -2
[  835.408413][    T9] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  835.568736][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  835.568776][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  835.568822][    T9] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  835.568850][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  835.719773][    T9] usb 6-1: config 0 descriptor??
[  836.129089][   T28] ------------[ cut here ]------------
[  836.129105][   T28] atomic_read(&sk->sk_rmem_alloc)
[  836.129121][   T28] WARNING: net/ipv4/af_inet.c:154 at inet_sock_destruct+0x603/0x740, CPU#1: rcuc/1/28
[  836.129190][   T28] Modules linked in:
[  836.129211][   T28] CPU: 1 UID: 0 PID: 28 Comm: rcuc/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  836.129237][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  836.129253][   T28] RIP: 0010:inet_sock_destruct+0x603/0x740
[  836.129284][   T28] Code: 00 41 0f b6 74 24 12 48 c7 c7 80 41 57 8c 4c 89 e2 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f3 dc 8a f7 e8 fe ca 27 f8 90 <0f> 0b 90 e9 58 fe ff ff e8 f0 ca 27 f8 90 0f 0b 90 e9 8b fe ff ff
[  836.129306][   T28] RSP: 0018:ffffc90000a2fb48 EFLAGS: 00010293
[  836.129328][   T28] RAX: ffffffff899c8522 RBX: dffffc0000000000 RCX: ffff88801d2bdb80
[  836.129352][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  836.129368][   T28] RBP: 00000000000003c0 R08: 0000000000000000 R09: 0000000000000000
[  836.129382][   T28] R10: dffffc0000000000 R11: ffffed1003666191 R12: ffff88801b330ac0
[  836.129399][   T28] R13: dffffc0000000000 R14: ffff88801b330c80 R15: ffffffff8f237900
[  836.129417][   T28] FS:  0000000000000000(0000) GS:ffff888126440000(0000) knlGS:0000000000000000
[  836.129435][   T28] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  836.129452][   T28] CR2: 0000001b30220ff8 CR3: 0000000058c3a000 CR4: 00000000003526f0
[  836.129472][   T28] Call Trace:
[  836.129483][   T28]  <TASK>
[  836.129507][   T28]  ? __pfx_udp_destruct_sock+0x10/0x10
[  836.129655][   T28]  __sk_destruct+0x85/0x880
[  836.129691][   T28]  ? __pfx___sk_destruct+0x10/0x10
[  836.129733][   T28]  rcu_cpu_kthread+0x99e/0x1470
[  836.129769][   T28]  ? rcu_cpu_kthread+0x205/0x1470
[  836.129822][   T28]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  836.129850][   T28]  ? schedule+0x90/0x360
[  836.129895][   T28]  ? smpboot_thread_fn+0x4d/0xa50
[  836.129931][   T28]  smpboot_thread_fn+0x541/0xa50
[  836.129970][   T28]  ? smpboot_thread_fn+0x4d/0xa50
[  836.130018][   T28]  kthread+0x388/0x470
[  836.130050][   T28]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  836.130085][   T28]  ? __pfx_kthread+0x10/0x10
[  836.130113][   T28]  ret_from_fork+0x51e/0xb90
[  836.130159][   T28]  ? __pfx_ret_from_fork+0x10/0x10
[  836.130204][   T28]  ? __switch_to+0xc7d/0x1450
[  836.130238][   T28]  ? __pfx_kthread+0x10/0x10
[  836.130266][   T28]  ret_from_fork_asm+0x1a/0x30
[  836.130309][   T28]  </TASK>
[  836.130329][   T28] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  836.130349][   T28] CPU: 1 UID: 0 PID: 28 Comm: rcuc/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  836.130376][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  836.130391][   T28] Call Trace:
[  836.130401][   T28]  <TASK>
[  836.130412][   T28]  vpanic+0x56c/0xa60
[  836.130471][   T28]  ? __pfx__printk+0x10/0x10
[  836.130498][   T28]  ? __pfx_vpanic+0x10/0x10
[  836.130533][   T28]  ? is_bpf_text_address+0x292/0x2b0
[  836.130567][   T28]  ? is_bpf_text_address+0x26/0x2b0
[  836.130611][   T28]  panic+0xc5/0xd0
[  836.130646][   T28]  ? __pfx_panic+0x10/0x10
[  836.130693][   T28]  ? ret_from_fork_asm+0x1a/0x30
[  836.130724][   T28]  __warn+0x315/0x4f0
[  836.130758][   T28]  ? inet_sock_destruct+0x603/0x740
[  836.130788][   T28]  ? inet_sock_destruct+0x603/0x740
[  836.130820][   T28]  __report_bug+0x29a/0x540
[  836.130894][   T28]  ? kasan_save_track+0x3e/0x80
[  836.130959][   T28]  ? kasan_save_free_info+0x46/0x50
[  836.130986][   T28]  ? __kasan_slab_free+0x5c/0x80
[  836.131026][   T28]  ? inet_sock_destruct+0x603/0x740
[  836.131055][   T28]  ? __pfx___report_bug+0x10/0x10
[  836.131107][   T28]  ? inet_sock_destruct+0x603/0x740
[  836.131137][   T28]  report_bug+0x16a/0x220
[  836.131179][   T28]  ? inet_sock_destruct+0x603/0x740
[  836.131207][   T28]  ? inet_sock_destruct+0x605/0x740
[  836.131236][   T28]  handle_bug+0x9c/0x200
[  836.131273][   T28]  exc_invalid_op+0x1a/0x50
[  836.131311][   T28]  asm_exc_invalid_op+0x1a/0x20
[  836.131335][   T28] RIP: 0010:inet_sock_destruct+0x603/0x740
[  836.131365][   T28] Code: 00 41 0f b6 74 24 12 48 c7 c7 80 41 57 8c 4c 89 e2 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f3 dc 8a f7 e8 fe ca 27 f8 90 <0f> 0b 90 e9 58 fe ff ff e8 f0 ca 27 f8 90 0f 0b 90 e9 8b fe ff ff
[  836.131385][   T28] RSP: 0018:ffffc90000a2fb48 EFLAGS: 00010293
[  836.131406][   T28] RAX: ffffffff899c8522 RBX: dffffc0000000000 RCX: ffff88801d2bdb80
[  836.131425][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  836.131440][   T28] RBP: 00000000000003c0 R08: 0000000000000000 R09: 0000000000000000
[  836.131454][   T28] R10: dffffc0000000000 R11: ffffed1003666191 R12: ffff88801b330ac0
[  836.131473][   T28] R13: dffffc0000000000 R14: ffff88801b330c80 R15: ffffffff8f237900
[  836.131501][   T28]  ? inet_sock_destruct+0x602/0x740
[  836.131539][   T28]  ? inet_sock_destruct+0x602/0x740
[  836.131569][   T28]  ? __pfx_udp_destruct_sock+0x10/0x10
[  836.131604][   T28]  __sk_destruct+0x85/0x880
[  836.131637][   T28]  ? __pfx___sk_destruct+0x10/0x10
[  836.131669][   T28]  rcu_cpu_kthread+0x99e/0x1470
[  836.131698][   T28]  ? rcu_cpu_kthread+0x205/0x1470
[  836.131734][   T28]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  836.131760][   T28]  ? schedule+0x90/0x360
[  836.131800][   T28]  ? smpboot_thread_fn+0x4d/0xa50
[  836.131837][   T28]  smpboot_thread_fn+0x541/0xa50
[  836.131877][   T28]  ? smpboot_thread_fn+0x4d/0xa50
[  836.131926][   T28]  kthread+0x388/0x470
[  836.131951][   T28]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  836.131985][   T28]  ? __pfx_kthread+0x10/0x10
[  836.132012][   T28]  ret_from_fork+0x51e/0xb90
[  836.132051][   T28]  ? __pfx_ret_from_fork+0x10/0x10
[  836.132083][   T28]  ? __switch_to+0xc7d/0x1450
[  836.132117][   T28]  ? __pfx_kthread+0x10/0x10
[  836.132145][   T28]  ret_from_fork_asm+0x1a/0x30
[  836.132197][   T28]  </TASK>
[  836.132807][   T28] Kernel Offset: disabled