last executing test programs:

11.099028995s ago: executing program 0 (id=1892):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

9.92103562s ago: executing program 0 (id=1895):
r0 = io_uring_setup(0x194e, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x89c0, &(0x7f0000000080)={0xa, 0x4e1e, 0x2, @loopback, 0x7ff}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x40040d4, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000a00)={0x3, @vbi={0x30d, 0x5, 0x1004, 0x4733415c, [0xfffffffd, 0x36fe], [0x8, 0x401], 0x108}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x12, 0x4, &(0x7f0000000880)=ANY=[], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080)
r4 = socket(0x26, 0x803, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/62, 0x3e}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYRES64=r2, @ANYRES16=0x0, @ANYRESDEC=r0], 0x44}, 0x1, 0x0, 0x0, 0x8041}, 0x8840)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, 0x0)
kexec_load(0x3, 0x1, &(0x7f0000000500)=[{0x0, 0x0, 0x0, 0x100000000}], 0x3e0000)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20040884}, 0x40000)
socket(0x2b, 0x3, 0xad2)

9.690645577s ago: executing program 4 (id=1899):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r1, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x4, 0x5a}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x8001}, 0x10) (async)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_newrule={0x28, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x1ff}]}, 0x28}}, 0x4000000)

8.444072186s ago: executing program 4 (id=1901):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f00000000000000000000000010000000000000", @ANYRES32, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50)
syz_io_uring_setup(0x1147, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={@mcast2, @local, @empty, 0xfffffffc, 0xfff, 0x8, 0x100, 0x4, 0x4000a0, r2})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r7 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, &(0x7f0000000300)=r7, 0x1)
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$inet(r8, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x15}], 0x1}}], 0x1, 0x20008000)
msgrcv(0x0, 0x0, 0x0, 0x5, 0x4c00)

8.443476445s ago: executing program 1 (id=1902):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(0xffffffffffffffff, &(0x7f0000004f00)={0x2020}, 0x2020)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, r1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r4, 0x0, 0x7fffffc}, 0x18)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0xa, 0x7, {0x0, r6, 0x1000000}}, 0x18)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}, @IFLA_XFRM_LINK={0x8, 0x1, 0x4}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x58}}, 0x4048010)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x68, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0xfc}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x20}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x68}}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400", <r8=>0xffffffffffffffff})
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f00000000c0)={0x40000001})
epoll_wait(r9, &(0x7f0000000580)=[{}], 0x1, 0x800)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r10)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="28000000ef22e2ef3446ead5c1", @ANYRES16=r11, @ANYBLOB="010028bd7000ffdbdf25310000000a0001007770616e310000000500330021000000"], 0x28}, 0x1, 0x0, 0x0, 0x24008004}, 0x40890)

8.124297452s ago: executing program 2 (id=1903):
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x3000)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
r5 = accept$alg(r4, 0x0, 0x0)
r6 = syz_io_uring_setup(0x499, 0x0, &(0x7f0000000100), 0x0)
io_uring_enter(r6, 0x3516, 0x0, 0x4, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000000b80)=[{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)='v', 0xf4240}], 0x1}], 0x1, 0x8004)
setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000200)=0x1, 0x4)

7.953999103s ago: executing program 0 (id=1904):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000e00), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r0, 0x3ba0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000000080)=0x7fff)
fsopen(&(0x7f00000025c0)='f2fs\x00', 0x0)
recvmmsg(r2, &(0x7f0000007900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x30102, 0x0)
sendmsg$inet(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000002000)="f3", 0x1}], 0x1}, 0x8801)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x240, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r4, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1)
syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7f, 0x10, 0x6, [{{0x9, 0x4, 0x0, 0x7, 0x1, 0x7, 0x1, 0x6, 0x5, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x4, 0xc, 0xab}}}}}]}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x300, 0x3, 0xf, 0x9, 0x20, 0x2}, 0xbb, &(0x7f0000000340)={0x5, 0xf, 0xbb, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0xff, "8376db4ed81967e69ac057d71aeb2da4"}, @generic={0xa2, 0x10, 0xa, "116ab05778d7cdf4dc11b44c425c5501042c2fdbdd76a96091f66f0f15f90c94615adf6632b4fe69679d42025d438600183858268c1424d29be048f60e75f7fbe5cf3fbb91d9ca63b67193da307f24a5e41614df7b2e218fae4b3ac52d1f2582e7bb0c36cbc4953141e98472761ef4cd743ef347bff4032c26a79a75fd4103ecdfcf418954269fa226e9cf805ea2c8c73f0c22f7b40c3d4869af714e4727a6"}]}, 0x1, [{0xf5, &(0x7f0000000400)=@string={0xf5, 0x3, "f8ec9c08f56e8c7e2e4231c53b85fc5a2024bff6dccf03d2bf5455e22de4bde6806d9be972c093cd4b7145a0ba7ba0fdee8d28fd45c6966b5761a0924ba629c86eb05618f2bce8e90adc1eb5b885597f23a09d11a773c22377e9009694722f0f53ad185c5263a1e2659e2e1437c9d1cfe0a2026a87d1ad97627bb3ca402ce265c246a22d104f96e14b86460199958b22597f53630ed3a4e286f25fc8d5ab002a6c62b6cfd5066710aa811b0b9c942f16595c607e144b73f3b88e505298b6cc558ca4a930e995cb1bbf7bb754c1120ad66522180b8155f276954be8d7965841e900d69ffe9780ca3d3408fe8d82391499922d2b"}}]})
setresuid(0x0, 0xee00, 0x0)
r5 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_set$pid(0x2, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/vmstat\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x20000023896)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bond0\x00', <r9=>0x0})
sendmsg$nl_xfrm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="c4000000190001050000000000000000fc000000000000000000000000000000e000000200000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00", @ANYRES32=r9, @ANYBLOB="04"], 0xc4}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@bridge_newneigh={0x38, 0x1c, 0x4, 0x70bd25, 0x25dfdbfd, {0x7, 0x0, 0x0, r9, 0x8, 0x83, 0x9}, [@NDA_DST_IPV6={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NDA_PORT={0x6, 0x6, 0x4e1e}]}, 0x38}}, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x91, &(0x7f0000000240)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffea4, 0x2, 0x1, 0x6, 0x10, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "a05f604fec89"}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0xf19, 0x2}, {0x6, 0x24, 0x1a, 0x7, 0x20}, [@country_functional={0xa, 0x24, 0x7, 0x6, 0xfff, [0xd32b, 0x4]}, @dmm={0x7, 0x24, 0x14, 0x0, 0x8}, @mbim={0xc, 0x24, 0x1b, 0x8, 0x6, 0x6, 0x3, 0x7, 0x6c}]}, {{0x9, 0x5, 0x81, 0x3, 0x208, 0x9, 0x3, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0xd, 0x2, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x2, 0xa0}}}}}}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xc, 0x1, 0xff, 0x40, 0x2}, 0x19, &(0x7f0000000080)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "e0c8f12fc93bebb9e02fdd4b30f47822"}]}})
recvmsg(r7, &(0x7f0000000cc0)={&(0x7f0000000680)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000003080)=""/4096, 0x1000}, {&(0x7f0000000700)}, {&(0x7f0000000740)=""/137, 0x89}, {&(0x7f0000000800)=""/180, 0xb4}, {&(0x7f00000008c0)=""/239, 0xef}, {&(0x7f00000009c0)=""/54, 0x36}, {&(0x7f0000000a00)=""/194, 0xc2}, {&(0x7f0000000b00)=""/113, 0x71}, {&(0x7f0000000b80)=""/76, 0x4c}], 0x9}, 0x12100)
syz_usb_control_io(r3, 0x0, 0x0)

7.467957173s ago: executing program 2 (id=1906):
syz_emit_ethernet(0xfc0, &(0x7f0000002700)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd606410a60f8a000000000000000000000700000000000000fe8000000000000000000000000000aa8400000000000000223427d5c9a46b9f85ba48070a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386c020000000000000017fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b653d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b5295e93496a6fdf5af8122257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c89fdaafc3334e877e464134baece883d301193a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c80b779eb826047466b60f7d78fd2e76e9b01f8706e27d8478f99bab2bc465b34716101963e60ee1a2d0653826395c52deeff831126649b4fb5b6e950a933a90846abc7fb13"], 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000380)='mm_page_alloc\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000180), &(0x7f0000000400)}, 0x20)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000000)={0x401, 0x0, 0x10000, 0xb998, 0x0, "194f2f83c2e798c3584770116cddc8819592b1"})
r5 = socket$inet6(0xa, 0x3, 0x2)
getsockname(r5, &(0x7f0000000d00)=@xdp={0x2c, 0x0, <r6=>0x0}, &(0x7f0000000c80)=0x80)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000810500"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012800a00010063616e"], 0x48}}, 0x0)
write$binfmt_aout(r4, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCSETS(r4, 0x5402, &(0x7f0000000080)={0xa04c, 0x35e8b534, 0x1, 0x18, 0x13, "53af0f0b4ece6c29bf81c173f4a8f5f73eb62f"})
write$cgroup_int(r3, &(0x7f00000000c0), 0x12)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000080)={@loopback, 0x2d})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xb3}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x80)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a)
syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0)
r9 = accept4(r8, 0x0, 0x0, 0x0)
write(r9, &(0x7f0000000040)="cb", 0xfffffdef)

7.40417843s ago: executing program 3 (id=1907):
socket$packet(0x11, 0x2, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x181002, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000200)={0xa0, 0x0, 0x0, {{0x0, 0x3, 0xff, 0x0, 0x9, 0x8, {0x3, 0x8, 0x2313, 0x9, 0xe2, 0x8, 0x8, 0x1, 0x0, 0xc000, 0x7, 0x0, 0x0, 0x0, 0x200}}, {0x0, 0x11}}}, 0xa0)
splice(r0, 0x0, r2, 0x0, 0xa0, 0x2)
sched_getaffinity(0x0, 0x8, &(0x7f0000000000))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000380)=0x5cd, 0x4)
sendmmsg$inet(r3, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r3, 0x0, 0x0, 0x2101, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x800)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"765bace9c307653f121a2d892000", 0x0, 0x0, {0xb, 0x50000b}, {0xd, 0x8}, 0x5, [0x6, 0x3, 0x8, 0x2, 0xfffffffffffffffd, 0x400, 0xfffffffffbffffff, 0x6, 0x8, 0x6, 0x80000000, 0x7fff, 0x10, 0x7fffffff, 0x9, 0x7]})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

7.326385367s ago: executing program 4 (id=1908):
lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r1, 0x4b72, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r2, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x4, 0x8, 0xb}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r4}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000005c0)={0x4, <r5=>0x0}, 0x8)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000600)=r5, 0x4)
r6 = openat$vcs(0xffffff9c, &(0x7f0000001100), 0x6a201, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000700)=0xdf0000)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r2, &(0x7f0000000580), 0x0, 0x10008095, 0x0, 0x0)

7.167894777s ago: executing program 3 (id=1909):
socket$unix(0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000010c0)={0xa, 0x0, 0x0, @loopback, 0x9}, 0x1c)
write$binfmt_misc(r0, &(0x7f0000000040), 0xfe46)
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$loop(&(0x7f0000000240), 0xfffffffffffffffe, 0x90080)
syz_open_dev$loop(0x0, 0x3, 0x10000)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024000000000000000010900010073797a30000000002c000000030a0102e8ffffff00000000020000000900010073797a30000000000900030073797a320000000020000000020a03"], 0xa0}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x6, 0x1, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x2801c0)

6.366783912s ago: executing program 2 (id=1910):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, &(0x7f0000000bc0)={0x4, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000400)=""/195, 0xc3}, {&(0x7f0000000600)=""/202, 0xca}, {&(0x7f0000000700)=""/151, 0x97}, {&(0x7f0000000500)=""/122, 0x7a}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/158, 0x9e}, {&(0x7f0000000880)=""/228, 0xe4}, {&(0x7f0000000980)=""/236, 0xec}, {&(0x7f0000000a80)=""/74, 0x4a}], 0x0, 0x9}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, 0x0)
r2 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r2, 0x9eff, 0x27, &(0x7f0000000280)={@multicast2, @local, @local}, 0xc)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000001a80)=@filter={'filter\x00', 0x42, 0x4, 0x2d8, 0xffffffff, 0xf8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x240, 0x240, 0x240, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x73}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x5}}, @common=@unspec=@connmark={{0x30}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x338)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f0000000380)=@newtfilter={0x64, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r7, {0xffff, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_EMATCHES={0x30, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xd8}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_META={0x20, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x9df1}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x0, 0x6, 0x1}, {0x0, 0x80}}}, @TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x7]}]}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4044841}, 0x20000000)
write$sndseq(r1, &(0x7f00000002c0)=[{0x2, 0xf, 0xff, 0x0, @time={0x800, 0x40}, {0x9}, {0xf9, 0xc}, @control={0x6, 0x9, 0x1}}, {0x0, 0x3, 0x4, 0x8, @time={0x0, 0x10000}, {0x9, 0x4}, {0x3, 0x7}, @raw8={"fdf4c7974b9cab8eca8f66c8"}}, {0x3, 0xb, 0x81, 0xb, @tick=0xfffffffa, {0x3, 0xc0}, {0x3, 0x6}, @time=@time={0x400, 0x2}}], 0x54)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x70800, 0x20)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}}, @NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4}]}], {0x14}}, 0x5c}, 0x1, 0x0, 0x0, 0x2000c045}, 0x0)

5.457727029s ago: executing program 2 (id=1911):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcfd0"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
prctl$PR_SET_SECUREBITS(0x1c, 0x38)
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, 0x0, 0x4000)
syz_usb_connect(0x5, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="12011003ae7a3208c6051292289103f80900080904030700b69fe0090904beff002bde7d0009046f0800ffffff000000000000000000"], &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000003, 0x20010, 0xffffffffffffffff, 0x3d73d000)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r5, 0x0, 0xffffffffffffffff}, 0x18)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e20, @broadcast}, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
ioctl$VIDIOC_QBUF(r4, 0xc058565d, &(0x7f0000000200)=@multiplanar_fd={0x6, 0x3, 0x4, 0x800, 0x1ff, {0x77359400}, {0x2, 0x8, 0xfa, 0xec, 0x2, 0x0, "32c62f11"}, 0x72c, 0x4, {&(0x7f00000000c0)=[{0x6, 0x1, {}, 0x69cf5022}, {0x10001, 0x4, {r3}, 0x31}]}, 0x40})
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}]}, &(0x7f0000000300)='GPL\x00', 0x5, 0xffd, &(0x7f0000002840)=""/4093, 0x0, 0x1}, 0x94)

5.392878001s ago: executing program 4 (id=1912):
r0 = socket(0x40000000015, 0x5, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000040)={[{@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x36]}}]})
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000080)=""/210, &(0x7f0000000000)=0xd2)
r1 = syz_open_dev$loop(&(0x7f0000000000), 0x2, 0x0)
r2 = syz_open_pts(0xffffffffffffffff, 0x40440)
ioctl$LOOP_SET_FD(r1, 0x4c00, r2)
r3 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r4, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r5, 0x30e0}], 0x1, 0x0, &(0x7f0000000080)={[0x8001a0effffffb]}, 0x8)
dup2(r4, r5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0xe, 0x1f, &(0x7f0000001480)=ANY=[@ANYBLOB="18000000022000000000000000000800711050000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000380), r6)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00000000853600001d359600711077000000000095"], 0x0}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r9, 0x34}, 0x10)
fcntl$setown(r5, 0x8, r3)
tkill(r3, 0x13)

5.339245095s ago: executing program 3 (id=1913):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r2, 0xfffffffc)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
getresgid(0x0, &(0x7f0000000000)=<r8=>0x0, 0x0)
setresgid(r8, r8, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
fstat(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
map_shadow_stack(&(0x7f0000256000/0x4000)=nil, 0x4000, 0x1)
write$P9_RSTATu(r1, &(0x7f0000000280)={0x74, 0x7d, 0x1, {{0x0, 0x4e, 0x6, 0x6fa0c3e, {0x40, 0x3, 0x4}, 0x80000, 0x1, 0x6, 0x8001, 0x9, 'mptcp_pm\x00', 0x0, '', 0x11, 'memory.numa_stat\x00', 0x1, '\x00'}, 0x11, 'memory.numa_stat\x00', 0x0, r8, r9}}, 0x74)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x18, r10, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0xff07, 0x0, 0x44000}, 0x22000800)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000004000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a0100fff2000000c9b472080000230900010073797a30000000000900030073797a320000000050000000060a010400000000000000000100000008000b400000000028000401000000800c000100626974776973650014000280080003400000000c080001400000001479b97267a15773df968b25f7c4a20900010073797a3000000000140000001100010000000000000000000700000a34c20ddf7ef248acf10762965581e7d7a6198b202ae5fe7f54274b6841e217f5b956b62493bd5e1a28b7283455f82f0469c6a77cf32637bfdd48a25094d24e0c0d1018db704ab32018aef0d70f57de35d9f474acf0a9406d68bb35f7885005f6ce7bb7b2da5fd745e4394706c5e8e41efb4f6940bb4f3a367682c84759bf518c00"/353], 0xc4}}, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0/file0\x00', 0x201)
pipe2(&(0x7f0000004cc0)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff}, 0x0)
epoll_create1(0x0)
syz_kvm_setup_cpu$x86(r11, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000040)="0f07f000885d0000000f0f3a96d8f066baf80cb864c7228bef66bafc0cb000eec4c1f9517f000f1ed165650f23710f791e0f3809e9", 0x35}], 0x1, 0x33c12ae52eef0e81, &(0x7f0000000100)=[@cr4={0x1, 0x40000}, @cstype0={0x4, 0x3}], 0x2)
fcntl$setpipe(r12, 0x407, 0x0)
read$FUSE(r12, &(0x7f0000004d00)={0x2020, 0x0, 0x0, 0x0, <r13=>0x0}, 0x2020)
write$FUSE_ENTRY(r12, &(0x7f00000024c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x20000000000, 0xffff, 0x0, 0x4, 0x20000000000007f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, r13, 0x3, 0x2}}}, 0x90)

5.251928331s ago: executing program 1 (id=1914):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/power/sync_on_suspend', 0x0, 0x0)
ppoll(&(0x7f00000001c0)=[{r1, 0x218}], 0x1, 0x0, 0x0, 0x0)
io_uring_setup(0x2d81, &(0x7f00000000c0)={0x0, 0x657f, 0x2, 0x0, 0x6, 0x0, r1})
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
sendmsg$L2TP_CMD_SESSION_DELETE(r0, 0x0, 0x1)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xaece, 0x0)
preadv(r5, &(0x7f0000000540)=[{&(0x7f0000001dc0)=""/4100, 0x1012}], 0x100000000000004d, 0x8, 0x400000)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000240)={0x0, 0xf, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r7)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r7, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010028bd7000ffdbdf6e3100000005002b0001000000"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x0)
getrlimit(0xa, &(0x7f00000006c0))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x6, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)

4.519932431s ago: executing program 4 (id=1915):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0xff2e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4d, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TCFLSH(r0, 0x540b, 0x2)
r3 = syz_pidfd_open(0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x41007, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000000)={0x10, 0x1, 0x1, "a90037e7f30f000080df4832c305f70000000000004840080000000000008300", 0x50313459})
getsockopt$sock_buf(r2, 0x1, 0x1a, &(0x7f00000023c0)=""/4096, &(0x7f00000033c0)=0x1000)
r5 = dup(r3)
mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./cgroup/cgroup.procs\x00', &(0x7f00000001c0), 0x901000, 0x0)
read$FUSE(r5, &(0x7f0000000380)={0x2020}, 0x2020)
write$FUSE_INIT(r5, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000280)={&(0x7f00000059c0)=[0x0], 0x0, 0x0, 0x0, 0x8e, 0x0, 0x1})
set_mempolicy(0x3, 0x0, 0x5)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000e20000/0xb000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)

4.465207857s ago: executing program 0 (id=1916):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="93fc85ff30d22ecafcc67af208004500002000000000002f907800100000e0000001320088be000c907801000001"], 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000140)={0xffffffffffffffff, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000300)={<r4=>0x0, @in6={{0xa, 0x4e20, 0x9667, @mcast2, 0x6}}, 0x3, 0x8a}, &(0x7f00000000c0)=0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000100)={r4, 0x9, 0x10, 0x2c}, &(0x7f0000000180)=0x18)
wait4(0xffffffffffffffff, 0x0, 0x8, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="78000000020605000000000000000000000000000c000300686173683a697000050004000000000040000780404e2000000500140006000000050003000500000005001400cd00000008000940000000050c00018008000140ac1e0001060005404e23000005000400020000000500050007000000000000"], 0x78}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000090601020000000000000000000018420900020073797a310000000005000100070000001c0007800c0008000140e000400100b8000000000000000000000009"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0)

4.339930276s ago: executing program 1 (id=1917):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

4.339463983s ago: executing program 3 (id=1918):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1f00000000000000000000000010000000000000", @ANYRES32, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50)
syz_io_uring_setup(0x1147, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000040)=<r1=>0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={@mcast2, @local, @empty, 0xfffffffc, 0xfff, 0x8, 0x100, 0x4, 0x4000a0, r2})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r7 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, &(0x7f0000000300)=r7, 0x1)
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg$inet(r8, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x15}], 0x1}}], 0x1, 0x20008000)
msgrcv(0x0, 0x0, 0x0, 0x5, 0x4c00)

3.348295401s ago: executing program 0 (id=1919):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB="84010000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000fffe00"], 0x184}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x5b, 0xe, 0x8c, 0x10, 0x17ef, 0x720c, 0x5190, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe3, 0x9c, 0xcb}}]}}]}}, 0x0)

3.123988584s ago: executing program 1 (id=1920):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
munmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f00000000c0)={0x18, 0x1, 0x0, {0x4}}, 0x18)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
brk(0x400000ffc020)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4f400, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
munmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$FUSE_NOTIFY_POLL(r1, &(0x7f00000000c0)={0x18, 0x1, 0x0, {0x4}}, 0x18) (async)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) (async)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) (async)
brk(0x400000ffc020) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4f400, 0x0) (async)

2.439947788s ago: executing program 3 (id=1921):
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdir(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={0x0}, 0x18)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e22, 0x4, @loopback}, 0x1c)
listen(r2, 0x5)
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
accept4(r2, &(0x7f0000000240)=@x25, 0x0, 0x80000)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r4, &(0x7f0000000040)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x10e, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @bcast, @null, @bcast]}, 0x40)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r6 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg$unix(r6, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)

2.289572888s ago: executing program 2 (id=1922):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[@ANYBLOB="140000001000010000000000000006000000000a140000000e0a01020000000000000000010000e71300000010000100eeffffffffffffff0000000a"], 0x3c}}, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, <r1=>0x0})
r2 = getpgrp(0x0)
rt_tgsigqueueinfo(r1, r2, 0x14, &(0x7f0000000080)={0x29, 0x2000, 0x2})
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r7, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r7, 0x0, &(0x7f0000000000/0x1000)=nil, 0x1000, 0x5})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r6, 0x3ba0, &(0x7f0000000540)={0xff02, 0x8, r8, 0x0, 0x2fff, 0x2, &(0x7f00000000c0)="7a16", 0x4})
read(r0, &(0x7f0000000100)=""/248, 0xf8)

1.309148913s ago: executing program 2 (id=1923):
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000100)={0x0, 0x5, 0x4, {0x2, @pix_mp={0x8, 0x41, 0x0, 0x3, 0xb, [{0xaef, 0x1}, {0x4, 0x3}, {0xffffffff, 0x5}, {0x9, 0x10}, {0x5, 0x2}, {0x8, 0x6}, {0x100, 0x9}, {0x0, 0x7}], 0xb, 0x7, 0x7, 0x2, 0x5}}, 0x8})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000600)=0x2)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@can_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}, @CGW_FILTER={0xc, 0xb, {{0x1, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1}}}]}, 0x30}}, 0x0)
open(0x0, 0x40000, 0x122)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0xfded4000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = accept(r2, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r6}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xd0}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0)
connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r9, r8, &(0x7f00000000c0)=0x58, 0x5)

1.031922755s ago: executing program 1 (id=1924):
socket$unix(0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f00000010c0)={0xa, 0x0, 0x0, @loopback, 0x9}, 0x1c)
write$binfmt_misc(r0, &(0x7f0000000040), 0xfe46)
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$loop(&(0x7f0000000240), 0xfffffffffffffffe, 0x90080)
syz_open_dev$loop(0x0, 0x3, 0x10000)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024000000000000000010900010073797a30000000002c000000030a0102e8ffffff00000000020000000900010073797a30000000000900030073797a320000000020000000020a03"], 0xa0}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x6, 0x1, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000880}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0xc0, 0x61)
mount(&(0x7f0000000500)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x2801c0)

946.457207ms ago: executing program 3 (id=1925):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
ioctl$VIDIOC_G_PARM(r3, 0xc0cc5615, &(0x7f0000000100)={0xc, @capture={0x1000, 0x0, {0x1d8, 0x10}, 0x6, 0x7}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x3a, 0xb, 0x0, 0x0, {0x4}, [@nested={0x4}, @nested={0x4, 0x9}]}, 0x1c}}, 0x0)
pipe2(&(0x7f0000001cc0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_none}, {@cache_readahead}, {@cache_none}, {@afid={'afid', 0x3d, 0x7}}, {@uname={'uname', 0x3d, '/dev/kvm\x00'}}, {@access_any}, {@cache_readahead}, {@uname={'uname', 0x3d, '/dev/kvm\x00'}}, {@cache_fscache}], [{@seclabel}, {@smackfsfloor={'smackfsfloor', 0x3d, '\xe9,\xfd//-!@'}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x39, 0x64, 0x38, 0x65, 0x66, 0x33, 0x32], 0x2d, [0x39, 0x33, 0x0, 0x61], 0x2d, [0x33, 0x61, 0x37, 0x65], 0x2d, [0x30, 0x35, 0x64, 0x33], 0x2d, [0x33, 0x30, 0x62, 0x34, 0x62, 0x65, 0x32, 0x30]}}}]}})
r7 = syz_io_uring_setup(0x26c2, &(0x7f0000000500)={0x0, 0x5bda, 0x1000, 0x3, 0x307}, &(0x7f0000000480), &(0x7f0000000580))
r8 = syz_io_uring_setup(0x4bf9, &(0x7f0000000340)={0x0, 0x0, 0x8000, 0x10, 0x21e, 0x0, r7}, &(0x7f00000002c0)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x23}})
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r11, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9, 0x10012, r4, 0x0)
fsopen(&(0x7f0000000140)='fuseblk\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@bridge_dellink={0x2c, 0x13, 0x0, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4}}]}]}, 0x2c}}, 0x0)
io_uring_enter(r8, 0x27e2, 0x0, 0x0, 0x0, 0x0)
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1445d185", @ANYRES16=0x0, @ANYBLOB="18012dbd7000fcdbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x40000)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x200000c4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

163.934033ms ago: executing program 0 (id=1926):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}, {0x85, 0x0, 0x0, 0xd1}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000001780)=0x100000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)

48.354627ms ago: executing program 4 (id=1927):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x2, 0x3, 0x340, 0x0, 0xb8, 0x0, 0xb8, 0x0, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x2a8, 0x3, 0x0, {[{{@ip={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'bond_slave_1\x00', 'veth1\x00'}, 0x0, 0x70, 0xb8, 0x0, {0x6020000}}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x3f}}}, {{@ip={@local, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'nr0\x00'}, 0x0, 0x1c8, 0x1f0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'bridge_slave_1\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]})

0s ago: executing program 1 (id=1928):
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0x23d, &(0x7f0000000200)={0x0, 0x0, 0x10100}, 0x0, 0x0)
unshare(0x22020400)
pselect6(0x40, &(0x7f0000000100)={0x0, 0xfffffdfe, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0x0, 0x0, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

kernel console output (not intermixed with test programs):

 attempt to access beyond end of device
[  575.811846][T10837] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  575.824974][T10837] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  575.835221][T10837] syz.3.1398: attempt to access beyond end of device
[  575.835221][T10837] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  575.848756][T10837] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  575.858882][T10837] syz.3.1398: attempt to access beyond end of device
[  575.858882][T10837] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  575.872375][T10837] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  575.882410][T10837] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  575.892188][T10837] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  576.689872][ T5871] ax88179_178a 2-1:12.214: probe with driver ax88179_178a failed with error -22
[  576.723625][ T5871] usb 2-1: USB disconnect, device number 20
[  577.128934][   T24] usb 1-1: USB disconnect, device number 35
[  587.510177][T10853] netlink: 9280 bytes leftover after parsing attributes in process `syz.4.1403'.
[  588.852869][T10870] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  589.373397][T10886] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1410'.
[  589.977143][T10890] kvm: user requested TSC rate below hardware speed
[  590.375828][T10895] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1414'.
[  590.567912][T10898] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1415'.
[  590.614425][T10898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1415'.
[  590.770055][T10903] netlink: 'syz.4.1414': attribute type 10 has an invalid length.
[  591.009502][T10906] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1416'.
[  593.419368][ T5815] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  593.729485][ T5871] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  593.834846][ T5815] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  593.955535][T10938] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1424'.
[  594.017505][ T5815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.029575][ T5815] usb 1-1: Product: syz
[  594.033904][ T5815] usb 1-1: Manufacturer: syz
[  594.038685][ T5815] usb 1-1: SerialNumber: syz
[  594.056646][ T5871] usb 4-1: config 0 has no interfaces?
[  594.085709][T10939] bio_check_eod: 2 callbacks suppressed
[  594.085753][T10939] syz.4.1424: attempt to access beyond end of device
[  594.085753][T10939] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  594.107580][T10939] syz.4.1424: attempt to access beyond end of device
[  594.107580][T10939] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  594.121855][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  594.134275][T10939] syz.4.1424: attempt to access beyond end of device
[  594.134275][T10939] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  594.148114][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  594.161693][T10939] syz.4.1424: attempt to access beyond end of device
[  594.161693][T10939] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  594.177217][T10939] syz.4.1424: attempt to access beyond end of device
[  594.177217][T10939] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  594.190661][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  594.202270][T10939] syz.4.1424: attempt to access beyond end of device
[  594.202270][T10939] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  594.216183][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  594.233600][T10939] syz.4.1424: attempt to access beyond end of device
[  594.233600][T10939] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  594.248747][T10939] syz.4.1424: attempt to access beyond end of device
[  594.248747][T10939] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  594.264550][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  594.276032][T10939] syz.4.1424: attempt to access beyond end of device
[  594.276032][T10939] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  594.289966][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  594.304469][T10939] syz.4.1424: attempt to access beyond end of device
[  594.304469][T10939] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  594.319837][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  594.330862][T10939] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  594.340537][T10939] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  594.690990][ T5871] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  594.700192][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.708201][ T5871] usb 4-1: Product: syz
[  594.713156][ T5871] usb 4-1: Manufacturer: syz
[  594.717776][ T5871] usb 4-1: SerialNumber: syz
[  594.726693][ T5815] usb 1-1: config 0 descriptor??
[  594.746442][ T5815] gspca_main: sunplus-2.14.0 probing 055f:c230
[  594.776812][ T5871] usb 4-1: config 0 descriptor??
[  595.139591][ T5871] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  595.172697][T10947] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1427'.
[  595.230815][T10920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.240060][T10920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.461449][T10949] netlink: 'syz.4.1427': attribute type 10 has an invalid length.
[  595.624525][T10920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.637109][T10920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.647221][ T5871] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  595.655449][ T5871] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  595.666468][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86
[  595.669406][ T5946] usb 1-1: USB disconnect, device number 36
[  595.684148][ T5871] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  595.694603][ T5871] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  595.713203][ T5871] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  595.738493][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.751662][ T5871] usb 2-1: Product: syz
[  595.759296][ T5871] usb 2-1: Manufacturer: syz
[  595.770182][ T5871] usb 2-1: SerialNumber: syz
[  595.844076][T10952] Invalid ELF header magic: != ELF
[  595.907851][ T5871] usb 2-1: config 0 descriptor??
[  595.938754][ T5871] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  596.699368][T10960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1431'.
[  596.708418][T10960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1431'.
[  596.783641][ T5871] input: gspca_pac7302 as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11
[  596.904781][ T5946] usb 4-1: USB disconnect, device number 35
[  596.994285][T10967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.036660][T10967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.245095][T10973] FAULT_INJECTION: forcing a failure.
[  598.245095][T10973] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.273865][ T5880] usb 2-1: USB disconnect, device number 21
[  598.402558][T10973] CPU: 1 UID: 0 PID: 10973 Comm: syz.3.1435 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  598.402591][T10973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  598.402605][T10973] Call Trace:
[  598.402614][T10973]  <TASK>
[  598.402623][T10973]  dump_stack_lvl+0x189/0x250
[  598.402659][T10973]  ? __pfx____ratelimit+0x10/0x10
[  598.402688][T10973]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.402719][T10973]  ? __pfx__printk+0x10/0x10
[  598.402739][T10973]  ? __might_fault+0xb0/0x130
[  598.402776][T10973]  should_fail_ex+0x414/0x560
[  598.402804][T10973]  _copy_from_user+0x2d/0xb0
[  598.402836][T10973]  ___sys_recvmsg+0x12e/0x510
[  598.402867][T10973]  ? __pfx____sys_recvmsg+0x10/0x10
[  598.402925][T10973]  ? __might_fault+0xb0/0x130
[  598.402953][T10973]  do_recvmmsg+0x307/0x770
[  598.402987][T10973]  ? __pfx_do_recvmmsg+0x10/0x10
[  598.403025][T10973]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  598.403075][T10973]  __x64_sys_recvmmsg+0x190/0x240
[  598.403102][T10973]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  598.403132][T10973]  ? rcu_is_watching+0x15/0xb0
[  598.403167][T10973]  ? do_syscall_64+0xbe/0x3b0
[  598.403201][T10973]  do_syscall_64+0xfa/0x3b0
[  598.403228][T10973]  ? lockdep_hardirqs_on+0x9c/0x150
[  598.403255][T10973]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.403275][T10973]  ? clear_bhb_loop+0x60/0xb0
[  598.403300][T10973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.403319][T10973] RIP: 0033:0x7f831178e929
[  598.403338][T10973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.403355][T10973] RSP: 002b:00007f83125d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  598.403377][T10973] RAX: ffffffffffffffda RBX: 00007f83119b5fa0 RCX: 00007f831178e929
[  598.403393][T10973] RDX: 0000000000000002 RSI: 0000200000002400 RDI: 0000000000000004
[  598.403406][T10973] RBP: 00007f83125d7090 R08: 0000000000000000 R09: 0000000000000000
[  598.403418][T10973] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  598.403430][T10973] R13: 0000000000000000 R14: 00007f83119b5fa0 R15: 00007fff3f947248
[  598.403462][T10973]  </TASK>
[  599.512936][T10983] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1438'.
[  599.567045][T10986] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1440'.
[  599.763537][T10989] vlan1: entered allmulticast mode
[  599.778636][T10989] veth0_vlan: entered allmulticast mode
[  599.849818][T10992] netlink: 'syz.1.1440': attribute type 10 has an invalid length.
[  600.267031][T10994] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  601.103673][T10996] netlink: 'syz.3.1442': attribute type 7 has an invalid length.
[  601.257240][T11002] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1441'.
[  601.973936][T10384] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  602.455078][T10384] usb 5-1: config 0 has no interfaces?
[  602.466853][T10384] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  602.486124][T10384] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.502628][T10384] usb 5-1: Product: syz
[  602.507011][T10384] usb 5-1: Manufacturer: syz
[  602.514290][T10384] usb 5-1: SerialNumber: syz
[  602.530086][T10384] usb 5-1: config 0 descriptor??
[  603.524142][T11006] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1444'.
[  603.646203][T11018] ������: renamed from lo (while UP)
[  603.736950][T11027] FAULT_INJECTION: forcing a failure.
[  603.736950][T11027] name failslab, interval 1, probability 0, space 0, times 0
[  603.751482][T11027] CPU: 1 UID: 0 PID: 11027 Comm: syz.0.1452 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  603.751512][T11027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  603.751525][T11027] Call Trace:
[  603.751534][T11027]  <TASK>
[  603.751544][T11027]  dump_stack_lvl+0x189/0x250
[  603.751581][T11027]  ? __pfx____ratelimit+0x10/0x10
[  603.751612][T11027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  603.751643][T11027]  ? __pfx__printk+0x10/0x10
[  603.751680][T11027]  should_fail_ex+0x414/0x560
[  603.751711][T11027]  should_failslab+0xa8/0x100
[  603.751741][T11027]  kmem_cache_alloc_noprof+0x73/0x3c0
[  603.751765][T11027]  ? skb_clone+0x212/0x3a0
[  603.751796][T11027]  skb_clone+0x212/0x3a0
[  603.751825][T11027]  __netlink_deliver_tap+0x404/0x850
[  603.751863][T11027]  ? netlink_deliver_tap+0x2e/0x1b0
[  603.751889][T11027]  netlink_deliver_tap+0x19c/0x1b0
[  603.751913][T11027]  netlink_sendskb+0x68/0x140
[  603.751943][T11027]  netlink_rcv_skb+0x28c/0x470
[  603.751960][T11027]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  603.751979][T11027]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  603.752006][T11027]  ? netlink_deliver_tap+0x2e/0x1b0
[  603.752021][T11027]  ? netlink_deliver_tap+0x2e/0x1b0
[  603.752039][T11027]  xfrm_netlink_rcv+0x79/0x90
[  603.752055][T11027]  netlink_unicast+0x758/0x8d0
[  603.752086][T11027]  netlink_sendmsg+0x805/0xb30
[  603.752109][T11027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  603.752132][T11027]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  603.752149][T11027]  ? __pfx_netlink_sendmsg+0x10/0x10
[  603.752166][T11027]  __sock_sendmsg+0x21c/0x270
[  603.752189][T11027]  ____sys_sendmsg+0x505/0x830
[  603.752211][T11027]  ? __pfx_____sys_sendmsg+0x10/0x10
[  603.752235][T11027]  ? import_iovec+0x74/0xa0
[  603.752260][T11027]  ___sys_sendmsg+0x21f/0x2a0
[  603.752279][T11027]  ? __pfx____sys_sendmsg+0x10/0x10
[  603.752324][T11027]  ? __fget_files+0x2a/0x420
[  603.752343][T11027]  ? __fget_files+0x3a0/0x420
[  603.752371][T11027]  __x64_sys_sendmsg+0x19b/0x260
[  603.752390][T11027]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  603.752420][T11027]  ? __pfx_ksys_write+0x10/0x10
[  603.752441][T11027]  ? rcu_is_watching+0x15/0xb0
[  603.752467][T11027]  ? do_syscall_64+0xbe/0x3b0
[  603.752492][T11027]  do_syscall_64+0xfa/0x3b0
[  603.752513][T11027]  ? lockdep_hardirqs_on+0x9c/0x150
[  603.752533][T11027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.752548][T11027]  ? clear_bhb_loop+0x60/0xb0
[  603.752566][T11027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.752581][T11027] RIP: 0033:0x7f2be0f8e929
[  603.752595][T11027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  603.752608][T11027] RSP: 002b:00007f2be1e30038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  603.752624][T11027] RAX: ffffffffffffffda RBX: 00007f2be11b5fa0 RCX: 00007f2be0f8e929
[  603.752636][T11027] RDX: 0000000020040000 RSI: 0000200000000200 RDI: 0000000000000003
[  603.752645][T11027] RBP: 00007f2be1e30090 R08: 0000000000000000 R09: 0000000000000000
[  603.752654][T11027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  603.752663][T11027] R13: 0000000000000000 R14: 00007f2be11b5fa0 R15: 00007ffd59159d58
[  603.752687][T11027]  </TASK>
[  604.161647][T11031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1454'.
[  605.001858][T11035] netlink: 'syz.2.1454': attribute type 10 has an invalid length.
[  605.337315][T11038] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1455'.
[  605.460131][T11039] bio_check_eod: 2 callbacks suppressed
[  605.460152][T11039] syz.0.1455: attempt to access beyond end of device
[  605.460152][T11039] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  605.484729][T11039] syz.0.1455: attempt to access beyond end of device
[  605.484729][T11039] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  605.546902][ T5946] usb 5-1: USB disconnect, device number 27
[  605.619796][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  605.743201][T11039] syz.0.1455: attempt to access beyond end of device
[  605.743201][T11039] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  605.923496][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  605.950886][T11039] syz.0.1455: attempt to access beyond end of device
[  605.950886][T11039] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  605.969354][T11039] syz.0.1455: attempt to access beyond end of device
[  605.969354][T11039] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  606.571888][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  606.586801][T11039] syz.0.1455: attempt to access beyond end of device
[  606.586801][T11039] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  606.603114][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  606.629443][T11039] syz.0.1455: attempt to access beyond end of device
[  606.629443][T11039] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  606.644403][T11039] syz.0.1455: attempt to access beyond end of device
[  606.644403][T11039] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  606.660353][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  606.671308][T11039] syz.0.1455: attempt to access beyond end of device
[  606.671308][T11039] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  606.685015][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  606.700822][T11039] syz.0.1455: attempt to access beyond end of device
[  606.700822][T11039] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  606.716072][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  606.727475][T11039] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  606.739389][T11039] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  606.906445][T11051] FAULT_INJECTION: forcing a failure.
[  606.906445][T11051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  606.920015][T11051] CPU: 0 UID: 0 PID: 11051 Comm: syz.4.1458 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  606.920047][T11051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  606.920062][T11051] Call Trace:
[  606.920069][T11051]  <TASK>
[  606.920076][T11051]  dump_stack_lvl+0x189/0x250
[  606.920104][T11051]  ? __pfx____ratelimit+0x10/0x10
[  606.920126][T11051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.920188][T11051]  ? __pfx__printk+0x10/0x10
[  606.920214][T11051]  should_fail_ex+0x414/0x560
[  606.920235][T11051]  _copy_from_iter+0x1db/0x16f0
[  606.920258][T11051]  ? rcu_is_watching+0x15/0xb0
[  606.920281][T11051]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  606.920301][T11051]  ? __pfx__copy_from_iter+0x10/0x10
[  606.920322][T11051]  ? __build_skb_around+0x257/0x3e0
[  606.920339][T11051]  ? netlink_sendmsg+0x642/0xb30
[  606.920353][T11051]  ? skb_put+0x11b/0x210
[  606.920371][T11051]  netlink_sendmsg+0x6b2/0xb30
[  606.920393][T11051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.920420][T11051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.920437][T11051]  __sock_sendmsg+0x21c/0x270
[  606.920462][T11051]  ____sys_sendmsg+0x505/0x830
[  606.920484][T11051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.920510][T11051]  ? import_iovec+0x74/0xa0
[  606.920535][T11051]  ___sys_sendmsg+0x21f/0x2a0
[  606.920554][T11051]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.920597][T11051]  ? __fget_files+0x2a/0x420
[  606.920616][T11051]  ? __fget_files+0x3a0/0x420
[  606.920643][T11051]  __x64_sys_sendmsg+0x19b/0x260
[  606.920662][T11051]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  606.920697][T11051]  do_syscall_64+0xfa/0x3b0
[  606.920719][T11051]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.920733][T11051]  ? asm_sysvec_call_function_single+0x1a/0x20
[  606.920748][T11051]  ? clear_bhb_loop+0x60/0xb0
[  606.920766][T11051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.920779][T11051] RIP: 0033:0x7f5b26d8e929
[  606.920793][T11051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.920805][T11051] RSP: 002b:00007f5b24bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  606.920821][T11051] RAX: ffffffffffffffda RBX: 00007f5b26fb6160 RCX: 00007f5b26d8e929
[  606.920832][T11051] RDX: 0000000000000800 RSI: 0000200000000680 RDI: 0000000000000008
[  606.920841][T11051] RBP: 00007f5b24bd5090 R08: 0000000000000000 R09: 0000000000000000
[  606.920850][T11051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.920858][T11051] R13: 0000000000000000 R14: 00007f5b26fb6160 R15: 00007fff673b0e38
[  606.920880][T11051]  </TASK>
[  607.596660][T11054] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1459'.
[  611.549490][T11096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1471'.
[  611.610716][T11098] FAULT_INJECTION: forcing a failure.
[  611.610716][T11098] name fail_futex, interval 1, probability 0, space 0, times 1
[  611.623887][T11098] CPU: 0 UID: 0 PID: 11098 Comm: syz.0.1472 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  611.623917][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.623930][T11098] Call Trace:
[  611.623939][T11098]  <TASK>
[  611.623949][T11098]  dump_stack_lvl+0x189/0x250
[  611.623988][T11098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.624032][T11098]  ? __pfx__printk+0x10/0x10
[  611.624069][T11098]  should_fail_ex+0x414/0x560
[  611.624099][T11098]  get_futex_key+0x1a8/0x1640
[  611.624141][T11098]  ? preempt_schedule_irq+0xb5/0x150
[  611.624171][T11098]  ? __pfx_get_futex_key+0x10/0x10
[  611.624203][T11098]  ? __pfx___schedule+0x10/0x10
[  611.624228][T11098]  ? irqentry_exit+0x74/0x90
[  611.624265][T11098]  futex_wake+0xf8/0x560
[  611.624298][T11098]  ? __pfx_futex_wake+0x10/0x10
[  611.624324][T11098]  ? preempt_schedule_irq+0xde/0x150
[  611.624351][T11098]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  611.624391][T11098]  do_futex+0x395/0x420
[  611.624418][T11098]  ? __pfx_do_futex+0x10/0x10
[  611.624439][T11098]  ? __might_fault+0xb0/0x130
[  611.624472][T11098]  mm_release+0x188/0x390
[  611.624503][T11098]  ? __pfx_mm_release+0x10/0x10
[  611.624548][T11098]  exit_mm+0xa8/0x2c0
[  611.624573][T11098]  ? __pfx_exit_mm+0x10/0x10
[  611.624598][T11098]  ? rcu_is_watching+0x15/0xb0
[  611.624633][T11098]  do_exit+0x648/0x22e0
[  611.624663][T11098]  ? irqentry_exit+0x74/0x90
[  611.624691][T11098]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.624720][T11098]  ? __pfx_do_exit+0x10/0x10
[  611.624759][T11098]  do_group_exit+0x21c/0x2d0
[  611.624788][T11098]  get_signal+0x125e/0x1310
[  611.624842][T11098]  arch_do_signal_or_restart+0x9a/0x750
[  611.624875][T11098]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  611.624909][T11098]  ? irqentry_exit+0x74/0x90
[  611.624944][T11098]  ? exit_to_user_mode_loop+0x40/0x110
[  611.624976][T11098]  exit_to_user_mode_loop+0x75/0x110
[  611.625023][T11098]  do_syscall_64+0x2bd/0x3b0
[  611.625056][T11098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.625075][T11098]  ? asm_sysvec_call_function_single+0x1a/0x20
[  611.625097][T11098]  ? clear_bhb_loop+0x60/0xb0
[  611.625123][T11098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.625143][T11098] RIP: 0033:0x7f2be0f8e929
[  611.625162][T11098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.625180][T11098] RSP: 002b:00007f2be1e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  611.625203][T11098] RAX: ffffffffffffffea RBX: 00007f2be11b6080 RCX: 00007f2be0f8e929
[  611.625218][T11098] RDX: 0000000000000048 RSI: 00002000000006c0 RDI: 0000000000000000
[  611.625232][T11098] RBP: 00007f2be1e0f090 R08: 0000000000000000 R09: 0000000000000000
[  611.625245][T11098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.625257][T11098] R13: 0000000000000001 R14: 00007f2be11b6080 R15: 00007ffd59159d58
[  611.625290][T11098]  </TASK>
[  612.227069][T11114] set match dimension is over the limit!
[  612.258778][T11112] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1475'.
[  612.427761][T11111] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1476'.
[  613.899459][T11105] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  614.518191][T11105] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  614.605435][T11105] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  614.629093][T11105] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  614.779833][T11105] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  614.799030][T11105] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  614.815411][T11105] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  614.825075][T11105] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.833379][T11105] usb 5-1: Product: syz
[  614.837555][T11105] usb 5-1: Manufacturer: syz
[  615.468811][T11105] usb 5-1: SerialNumber: syz
[  615.476902][T11105] usb 5-1: config 0 descriptor??
[  615.667184][T11105] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13
[  616.175630][T11145] fuse: Bad value for 'fd'
[  616.955495][T11157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1489'.
[  616.988896][T11157] bio_check_eod: 2 callbacks suppressed
[  616.988911][T11157] syz.0.1489: attempt to access beyond end of device
[  616.988911][T11157] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  617.008574][T11157] syz.0.1489: attempt to access beyond end of device
[  617.008574][T11157] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  617.021775][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  617.031600][T11157] syz.0.1489: attempt to access beyond end of device
[  617.031600][T11157] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  617.044597][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  617.054945][T11157] syz.0.1489: attempt to access beyond end of device
[  617.054945][T11157] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  617.068016][T11157] syz.0.1489: attempt to access beyond end of device
[  617.068016][T11157] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  617.081030][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  617.090844][T11157] syz.0.1489: attempt to access beyond end of device
[  617.090844][T11157] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  617.104311][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  617.114757][T11157] syz.0.1489: attempt to access beyond end of device
[  617.114757][T11157] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  617.127809][T11157] syz.0.1489: attempt to access beyond end of device
[  617.127809][T11157] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  617.140906][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  617.150696][T11157] syz.0.1489: attempt to access beyond end of device
[  617.150696][T11157] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  617.163897][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  617.173874][T11157] syz.0.1489: attempt to access beyond end of device
[  617.173874][T11157] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  617.187027][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  617.196794][T11157] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  617.206749][T11157] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  617.253101][T11163] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1491'.
[  617.286382][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  617.286401][   T30] audit: type=1326 audit(1751188018.658:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.395045][   T30] audit: type=1326 audit(1751188018.658:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.416802][    C1] vkms_vblank_simulate: vblank timer overrun
[  617.430278][   T30] audit: type=1326 audit(1751188018.658:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.452069][    C1] vkms_vblank_simulate: vblank timer overrun
[  617.516279][   T30] audit: type=1326 audit(1751188018.658:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.537998][    C1] vkms_vblank_simulate: vblank timer overrun
[  617.544960][   T30] audit: type=1326 audit(1751188018.658:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.566693][    C1] vkms_vblank_simulate: vblank timer overrun
[  617.690651][ T5880] usb 5-1: USB disconnect, device number 28
[  617.703758][   T30] audit: type=1326 audit(1751188018.658:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.768483][   T30] audit: type=1326 audit(1751188018.658:1231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  617.822045][   T30] audit: type=1326 audit(1751188018.658:1232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  618.457756][   T30] audit: type=1326 audit(1751188018.678:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  618.490394][   T30] audit: type=1326 audit(1751188018.678:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11160 comm="syz.2.1492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f712cd8e929 code=0x7ffc0000
[  618.973580][T11188] overlayfs: failed to resolve './file0': -2
[  619.646585][T11187] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1499'.
[  621.319377][  T891] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  621.389658][ T5894] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  621.449330][  T891] usb 5-1: device descriptor read/64, error -71
[  621.562023][ T5894] usb 4-1: Using ep0 maxpacket: 8
[  621.570088][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  621.605834][ T5894] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  621.724125][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.744699][ T5894] usb 4-1: Product: syz
[  621.754556][ T5894] usb 4-1: Manufacturer: syz
[  621.759791][ T5894] usb 4-1: SerialNumber: syz
[  621.769357][  T891] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  621.782168][ T5894] usb 4-1: config 0 descriptor??
[  621.791535][ T5894] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  621.939440][  T891] usb 5-1: device descriptor read/64, error -71
[  621.995485][ T5894] gspca_zc3xx: reg_w_i err -71
[  622.049785][  T891] usb usb5-port1: attempt power cycle
[  622.052192][T11219] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1508'.
[  622.065939][T11218] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1508'.
[  622.568357][  T891] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  622.625606][ T5894] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  622.728486][ T5894] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  622.738548][  T891] usb 5-1: device descriptor read/8, error -71
[  622.747522][ T5894] usb 4-1: USB disconnect, device number 36
[  623.029420][  T891] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  623.049932][  T891] usb 5-1: device descriptor read/8, error -71
[  623.175504][  T891] usb usb5-port1: unable to enumerate USB device
[  623.208906][T11238] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  624.364302][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  624.685384][T11258] mkiss: ax0: crc mode is auto.
[  624.761923][T11258] x_tables: duplicate underflow at hook 3
[  624.870038][T11262] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1518'.
[  624.986836][T11263] bio_check_eod: 2 callbacks suppressed
[  624.986881][T11263] syz.4.1518: attempt to access beyond end of device
[  624.986881][T11263] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  625.009881][T11263] syz.4.1518: attempt to access beyond end of device
[  625.009881][T11263] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  625.093726][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  625.140493][T11263] syz.4.1518: attempt to access beyond end of device
[  625.140493][T11263] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  625.158513][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  625.191944][T11263] syz.4.1518: attempt to access beyond end of device
[  625.191944][T11263] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  625.212417][T11263] syz.4.1518: attempt to access beyond end of device
[  625.212417][T11263] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  625.229880][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  625.241615][T11263] syz.4.1518: attempt to access beyond end of device
[  625.241615][T11263] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  625.257384][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  625.278576][T11263] syz.4.1518: attempt to access beyond end of device
[  625.278576][T11263] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  625.301056][T11263] syz.4.1518: attempt to access beyond end of device
[  625.301056][T11263] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  625.319087][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  625.338072][T11263] syz.4.1518: attempt to access beyond end of device
[  625.338072][T11263] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  625.354047][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  625.386376][T11263] syz.4.1518: attempt to access beyond end of device
[  625.386376][T11263] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  625.420610][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  625.437997][T11263] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  625.448437][T11263] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  626.988117][T11287] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  627.423525][T10469] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  627.699381][T10469] usb 5-1: Using ep0 maxpacket: 16
[  627.812856][ T1868] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  627.937000][T10469] usb 5-1: unable to get BOS descriptor or descriptor too short
[  627.945467][T10469] usb 5-1: no configurations
[  627.953485][T10469] usb 5-1: can't read configurations, error -22
[  628.071737][ T1868] usb 4-1: config index 0 descriptor too short (expected 45, got 36)
[  628.089377][ T1868] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  628.110248][ T1868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  628.121639][ T1868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  628.131858][ T1868] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  628.149816][ T1868] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  628.163434][ T1868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.174862][ T1868] usb 4-1: config 0 descriptor??
[  628.213891][T11306] tipc: Enabled bearer <ib:ip6gre0>, priority 10
[  628.621570][ T1868] plantronics 0003:047F:FFFF.000F: reserved main item tag 0xd
[  629.384850][ T1868] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  629.958110][  T891] usb 4-1: USB disconnect, device number 37
[  630.086329][T11320] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1535'.
[  631.970507][T11338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1539'.
[  631.980175][T11338] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1539'.
[  631.989110][T11338] netlink: 15 bytes leftover after parsing attributes in process `syz.1.1539'.
[  632.063981][T11338] tc_dump_action: action bad kind
[  632.470795][T11340] SET target dimension over the limit!
[  633.465533][T11348] support for cryptoloop has been removed.  Use dm-crypt instead.
[  634.853808][T11365] new mount options do not match the existing superblock, will be ignored
[  635.985381][T11368] kAFS: No cell specified
[  636.896910][T11377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1548'.
[  637.100151][T11377] bio_check_eod: 2 callbacks suppressed
[  637.100176][T11377] syz.0.1548: attempt to access beyond end of device
[  637.100176][T11377] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  637.130385][T11377] syz.0.1548: attempt to access beyond end of device
[  637.130385][T11377] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  637.145669][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  637.159371][T11377] syz.0.1548: attempt to access beyond end of device
[  637.159371][T11377] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  637.192474][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  637.213717][T11377] syz.0.1548: attempt to access beyond end of device
[  637.213717][T11377] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  637.237444][T11377] syz.0.1548: attempt to access beyond end of device
[  637.237444][T11377] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  637.259365][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  637.286337][T11377] syz.0.1548: attempt to access beyond end of device
[  637.286337][T11377] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  637.303932][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  637.347423][T11377] syz.0.1548: attempt to access beyond end of device
[  637.347423][T11377] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  637.372164][T11377] syz.0.1548: attempt to access beyond end of device
[  637.372164][T11377] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  637.386829][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  637.400684][T11377] syz.0.1548: attempt to access beyond end of device
[  637.400684][T11377] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  637.415525][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  637.429509][T11384] netlink: 'syz.2.1551': attribute type 10 has an invalid length.
[  637.447212][T11377] syz.0.1548: attempt to access beyond end of device
[  637.447212][T11377] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  637.466112][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  637.480066][T11377] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  637.489933][T11377] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  637.619592][T11384] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1551'.
[  637.692727][T11384] dummy0: entered promiscuous mode
[  638.132480][T10469] libceph: connect (1)[c::]:6789 error -101
[  638.140645][T10469] libceph: mon0 (1)[c::]:6789 connect error
[  638.148833][T11384] bridge0: port 3(dummy0) entered blocking state
[  638.438686][T10469] libceph: connect (1)[c::]:6789 error -101
[  638.466445][T10469] libceph: mon0 (1)[c::]:6789 connect error
[  638.542201][T11388] ceph: No mds server is up or the cluster is laggy
[  638.711456][T11384] bridge0: port 3(dummy0) entered disabled state
[  639.715648][T11384] dummy0: entered allmulticast mode
[  641.037563][T11410] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1557'.
[  641.060417][T10469] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  641.152276][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  641.168691][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  641.254887][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  641.269467][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  641.288865][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  641.302842][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  641.322124][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  641.334368][T11406] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  641.344542][T11406] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  641.469819][T10469] usb 5-1: Using ep0 maxpacket: 16
[  641.476628][T10469] usb 5-1: config 1 has an invalid descriptor of length 171, skipping remainder of the config
[  641.494508][T10469] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  641.538132][T10469] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  641.549072][T11413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1560'.
[  641.558193][T10469] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.586629][T10469] usb 5-1: Product: syz
[  641.595377][T11413] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1560'.
[  641.599173][T10469] usb 5-1: Manufacturer: syz
[  641.619657][T10469] usb 5-1: SerialNumber: syz
[  641.648278][T11413] gretap1: entered promiscuous mode
[  641.906797][ T5826] Bluetooth: hci4: unexpected event for opcode 0x0c05
[  642.075973][T10469] usb 5-1: 0:2 : does not exist
[  642.087027][T10469] usb 5-1: unit 9 not found!
[  642.958433][T10469] usb 5-1: USB disconnect, device number 35
[  642.977795][T11435] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1567'.
[  643.007104][T11434] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1567'.
[  643.043712][T11319] udevd[11319]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  643.555376][T11454] netlink: 'syz.0.1572': attribute type 4 has an invalid length.
[  643.563369][T11454] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1572'.
[  644.202309][ T5880] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  644.288484][T11457] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  644.325334][T10469] libceph: connect (1)[c::]:6789 error -101
[  644.336947][T11457] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  644.349480][T10469] libceph: mon0 (1)[c::]:6789 connect error
[  644.404474][ T5880] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  644.615911][ T5880] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  644.891396][ T5880] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  644.909067][T10469] libceph: connect (1)[c::]:6789 error -101
[  644.920870][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  644.934986][ T5880] usb 4-1: SerialNumber: syz
[  644.967743][T10469] libceph: mon0 (1)[c::]:6789 connect error
[  645.027301][T11462] ceph: No mds server is up or the cluster is laggy
[  645.955366][  T891] libceph: connect (1)[c::]:6789 error -101
[  646.164702][ T5880] usb 4-1: 0:2 : does not exist
[  646.176429][  T891] libceph: mon0 (1)[c::]:6789 connect error
[  646.669633][ T5880] usb 4-1: USB disconnect, device number 38
[  646.783628][T11319] udevd[11319]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  647.785809][T11503] FAULT_INJECTION: forcing a failure.
[  647.785809][T11503] name failslab, interval 1, probability 0, space 0, times 0
[  647.804420][T11503] CPU: 0 UID: 0 PID: 11503 Comm: syz.4.1590 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  647.804451][T11503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.804466][T11503] Call Trace:
[  647.804475][T11503]  <TASK>
[  647.804484][T11503]  dump_stack_lvl+0x189/0x250
[  647.804521][T11503]  ? __pfx____ratelimit+0x10/0x10
[  647.804552][T11503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.804583][T11503]  ? __pfx__printk+0x10/0x10
[  647.804608][T11503]  ? __pfx___might_resched+0x10/0x10
[  647.804666][T11503]  should_fail_ex+0x414/0x560
[  647.804697][T11503]  should_failslab+0xa8/0x100
[  647.804727][T11503]  kmem_cache_alloc_noprof+0x73/0x3c0
[  647.804752][T11503]  ? radix_tree_node_alloc+0x7e/0x3a0
[  647.804786][T11503]  radix_tree_node_alloc+0x7e/0x3a0
[  647.804822][T11503]  idr_get_free+0x2b3/0xa70
[  647.804864][T11503]  idr_alloc_u32+0x159/0x2d0
[  647.804900][T11503]  ? __pfx_idr_alloc_u32+0x10/0x10
[  647.804944][T11503]  ? tcf_idr_check_alloc+0xc8/0x7b0
[  647.804980][T11503]  tcf_idr_check_alloc+0x5de/0x7b0
[  647.805010][T11503]  ? tcf_idr_check_alloc+0xc8/0x7b0
[  647.805050][T11503]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[  647.805083][T11503]  ? __nla_parse+0x40/0x60
[  647.805117][T11503]  tcf_mpls_init+0x2b8/0x11e0
[  647.805154][T11503]  ? __pfx_tcf_mpls_init+0x10/0x10
[  647.805202][T11503]  ? nla_memcpy+0x5b/0xc0
[  647.805241][T11503]  tcf_action_init_1+0x463/0x6d0
[  647.805280][T11503]  ? __pfx_tcf_action_init_1+0x10/0x10
[  647.805311][T11503]  ? _raw_read_unlock+0x28/0x50
[  647.805337][T11503]  ? tc_action_load_ops+0x214/0x4e0
[  647.805385][T11503]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  647.805413][T11503]  ? __nla_parse+0x40/0x60
[  647.805449][T11503]  tcf_action_init+0x2cf/0xab0
[  647.805493][T11503]  ? __pfx_tcf_action_init+0x10/0x10
[  647.805556][T11503]  ? __pfx___nla_validate_parse+0x10/0x10
[  647.805627][T11503]  tc_ctl_action+0x430/0xbd0
[  647.805670][T11503]  ? __pfx_tc_ctl_action+0x10/0x10
[  647.805710][T11503]  ? rcu_is_watching+0x15/0xb0
[  647.805790][T11503]  ? __pfx_tc_ctl_action+0x10/0x10
[  647.805821][T11503]  rtnetlink_rcv_msg+0x779/0xb70
[  647.805859][T11503]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  647.805891][T11503]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  647.805922][T11503]  ? ref_tracker_free+0x63a/0x7d0
[  647.805947][T11503]  ? __copy_skb_header+0xa7/0x550
[  647.805974][T11503]  ? __pfx_ref_tracker_free+0x10/0x10
[  647.806013][T11503]  netlink_rcv_skb+0x205/0x470
[  647.806044][T11503]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  647.806079][T11503]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  647.806116][T11503]  ? netlink_deliver_tap+0x2e/0x1b0
[  647.806137][T11503]  ? netlink_deliver_tap+0x2e/0x1b0
[  647.806166][T11503]  netlink_unicast+0x758/0x8d0
[  647.806212][T11503]  netlink_sendmsg+0x805/0xb30
[  647.806246][T11503]  ? __pfx_netlink_sendmsg+0x10/0x10
[  647.806279][T11503]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  647.806304][T11503]  ? __pfx_netlink_sendmsg+0x10/0x10
[  647.806328][T11503]  __sock_sendmsg+0x21c/0x270
[  647.806363][T11503]  ____sys_sendmsg+0x505/0x830
[  647.806394][T11503]  ? __pfx_____sys_sendmsg+0x10/0x10
[  647.806429][T11503]  ? import_iovec+0x74/0xa0
[  647.806465][T11503]  ___sys_sendmsg+0x21f/0x2a0
[  647.806493][T11503]  ? __pfx____sys_sendmsg+0x10/0x10
[  647.806560][T11503]  ? __fget_files+0x2a/0x420
[  647.806588][T11503]  ? __fget_files+0x3a0/0x420
[  647.806629][T11503]  __x64_sys_sendmsg+0x19b/0x260
[  647.806658][T11503]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  647.806694][T11503]  ? __pfx_ksys_write+0x10/0x10
[  647.806715][T11503]  ? rcu_is_watching+0x15/0xb0
[  647.806752][T11503]  ? do_syscall_64+0xbe/0x3b0
[  647.806787][T11503]  do_syscall_64+0xfa/0x3b0
[  647.806816][T11503]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.806845][T11503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.806866][T11503]  ? clear_bhb_loop+0x60/0xb0
[  647.806893][T11503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.806914][T11503] RIP: 0033:0x7f5b26d8e929
[  647.806933][T11503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.806953][T11503] RSP: 002b:00007f5b27b26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  647.806976][T11503] RAX: ffffffffffffffda RBX: 00007f5b26fb5fa0 RCX: 00007f5b26d8e929
[  647.806992][T11503] RDX: 0000000024004084 RSI: 00002000000001c0 RDI: 0000000000000003
[  647.807007][T11503] RBP: 00007f5b27b26090 R08: 0000000000000000 R09: 0000000000000000
[  647.807021][T11503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.807041][T11503] R13: 0000000000000000 R14: 00007f5b26fb5fa0 R15: 00007fff673b0e38
[  647.807075][T11503]  </TASK>
[  648.496444][  T891] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  648.509653][T11507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1591'.
[  648.732174][T11505] delete_channel: no stack
[  648.800961][  T891] usb 2-1: Using ep0 maxpacket: 32
[  648.808127][  T891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  648.819116][  T891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  648.829254][  T891] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  648.838343][  T891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.850304][  T891] usb 2-1: config 0 descriptor??
[  649.350581][  T891] ft260 0003:0403:6030.0010: unknown main item tag 0x0
[  649.542335][  T891] ft260 0003:0403:6030.0010: chip code: 6424 8183
[  649.772777][T11530] overlayfs: failed to resolve './file0': -2
[  650.453205][  T891] ft260 0003:0403:6030.0010: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0
[  650.715523][  T891] ft260 0003:0403:6030.0010: failed to retrieve status: -71
[  651.138546][  T891] ft260 0003:0403:6030.0010: failed to reset I2C controller: -71
[  651.166885][  T891] usb 2-1: USB disconnect, device number 22
[  651.373679][T11549] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1602'.
[  653.601201][T11576] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1609'.
[  654.434115][T11592] netlink: 'syz.4.1609': attribute type 10 has an invalid length.
[  655.531869][T11621] overlayfs: failed to resolve './file0': -2
[  655.859178][   T24] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  656.440624][   T24] usb 4-1: no configurations
[  656.445447][   T24] usb 4-1: can't read configurations, error -22
[  656.523881][T11627] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1616'.
[  656.629728][   T24] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  656.906311][   T24] usb 4-1: no configurations
[  656.944311][   T24] usb 4-1: can't read configurations, error -22
[  656.980258][   T24] usb usb4-port1: attempt power cycle
[  657.023163][T11627] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  657.109349][T11627] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  657.118257][T11627] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  657.137349][T11627] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  657.174654][T11627] geneve3: entered promiscuous mode
[  657.334516][   T24] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  657.498898][   T24] usb 4-1: no configurations
[  657.548466][   T24] usb 4-1: can't read configurations, error -22
[  657.760423][   T24] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  657.840889][   T24] usb 4-1: no configurations
[  657.845564][   T24] usb 4-1: can't read configurations, error -22
[  657.894409][   T24] usb usb4-port1: unable to enumerate USB device
[  658.288711][T11648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1620'.
[  658.516381][T11651] bio_check_eod: 14 callbacks suppressed
[  658.516509][T11651] syz.0.1620: attempt to access beyond end of device
[  658.516509][T11651] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  658.592451][T11651] syz.0.1620: attempt to access beyond end of device
[  658.592451][T11651] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  658.608485][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  658.653255][T11657] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  658.678386][T11651] syz.0.1620: attempt to access beyond end of device
[  658.678386][T11651] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  658.706725][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  658.751766][T11651] syz.0.1620: attempt to access beyond end of device
[  658.751766][T11651] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  658.766280][T11651] syz.0.1620: attempt to access beyond end of device
[  658.766280][T11651] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  658.780089][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  658.790551][T11651] syz.0.1620: attempt to access beyond end of device
[  658.790551][T11651] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  658.803850][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  658.814411][T11651] syz.0.1620: attempt to access beyond end of device
[  658.814411][T11651] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  658.828001][T11651] syz.0.1620: attempt to access beyond end of device
[  658.828001][T11651] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  658.841332][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  658.851307][T11651] syz.0.1620: attempt to access beyond end of device
[  658.851307][T11651] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  658.864568][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  658.875923][T11651] syz.0.1620: attempt to access beyond end of device
[  658.875923][T11651] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  658.889561][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  658.899663][T11651] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  658.909533][T11651] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  660.415333][T11682] netlink: 'syz.4.1626': attribute type 1 has an invalid length.
[  660.423591][T11682] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1626'.
[  660.454148][T11684] IPVS: ip_vs_add_dest(): server weight less than zero
[  660.892845][T11689] netlink: 'syz.0.1630': attribute type 13 has an invalid length.
[  662.236147][T11689] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  662.261812][T11700] veth0_to_bond: entered allmulticast mode
[  662.533834][T11711] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1639'.
[  662.569363][T11105] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  662.709727][  T891] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  662.737972][T11105] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.351641][T11715] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1638'.
[  663.501510][T11105] usb 5-1: config 0 has no interfaces?
[  663.717061][T11715] bio_check_eod: 2 callbacks suppressed
[  663.717153][T11715] syz.0.1638: attempt to access beyond end of device
[  663.717153][T11715] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  663.749325][T11715] syz.0.1638: attempt to access beyond end of device
[  663.749325][T11715] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  663.763904][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  663.779322][T11715] syz.0.1638: attempt to access beyond end of device
[  663.779322][T11715] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  663.795006][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  663.826460][T11105] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  663.878829][T11715] syz.0.1638: attempt to access beyond end of device
[  663.878829][T11715] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  663.892557][T11715] syz.0.1638: attempt to access beyond end of device
[  663.892557][T11715] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  663.909282][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  663.922976][T11715] syz.0.1638: attempt to access beyond end of device
[  663.922976][T11715] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  663.939783][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  663.958815][T11715] syz.0.1638: attempt to access beyond end of device
[  663.958815][T11715] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  663.973543][T11715] syz.0.1638: attempt to access beyond end of device
[  663.973543][T11715] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  663.989265][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  664.003291][T11715] syz.0.1638: attempt to access beyond end of device
[  664.003291][T11715] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  664.018137][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  664.039735][  T891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  664.069843][T11105] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.082332][  T891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  664.104545][T11105] usb 5-1: Product: syz
[  664.106625][T11715] syz.0.1638: attempt to access beyond end of device
[  664.106625][T11715] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  664.190172][T11105] usb 5-1: Manufacturer: syz
[  664.243788][  T891] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  664.271412][T11105] usb 5-1: SerialNumber: syz
[  664.277857][T11723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1641'.
[  664.289756][  T891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.299149][T11105] usb 5-1: config 0 descriptor??
[  664.306482][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  664.318026][T11715] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  664.337072][T11715] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  664.340576][  T891] usb 4-1: config 0 descriptor??
[  664.687635][T10469] usb 5-1: USB disconnect, device number 36
[  664.900617][  T891] usbhid 4-1:0.0: can't add hid device: -71
[  664.906696][  T891] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  664.937439][T11729] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1643'.
[  664.996897][  T891] usb 4-1: USB disconnect, device number 43
[  666.484470][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  666.484489][   T30] audit: type=1326 audit(1751188067.858:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11745 comm="syz.2.1645" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f712cd8e929 code=0x0
[  666.989360][   T24] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  667.094424][T11769] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1650'.
[  667.166072][T11771] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  667.183359][   T24] usb 4-1: Using ep0 maxpacket: 32
[  667.210709][   T24] usb 4-1: config 0 has no interfaces?
[  667.216484][   T24] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  667.235467][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.264501][   T24] usb 4-1: config 0 descriptor??
[  667.844922][T11776] XFS (nullb0): Invalid superblock magic number
[  668.059851][ T1868] usb 4-1: USB disconnect, device number 44
[  668.197172][T11792] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(0)
[  668.203973][T11792] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  668.245833][T11792] vhci_hcd vhci_hcd.0: Device attached
[  668.739368][  T891] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  669.884548][T11793] vhci_hcd: connection reset by peer
[  670.009291][ T8443] vhci_hcd: stop threads
[  670.026618][ T8443] vhci_hcd: release socket
[  670.052455][ T8443] vhci_hcd: disconnect device
[  670.060299][T11798] bond0: (slave batadv0): Releasing backup interface
[  670.220193][T11798] bridge_slave_0: left allmulticast mode
[  670.286672][T11798] bridge0: port 1(bridge_slave_0) entered disabled state
[  670.630895][T11798] bridge_slave_1: left allmulticast mode
[  670.636576][T11798] bridge_slave_1: left promiscuous mode
[  670.699638][T11798] bridge0: port 2(bridge_slave_1) entered disabled state
[  670.762480][T11819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1663'.
[  670.777527][T11798] bond0: (slave bond_slave_0): Releasing backup interface
[  670.783202][T11819] netlink: 'syz.2.1663': attribute type 9 has an invalid length.
[  670.798033][T11798] bond0: (slave bond_slave_1): Releasing backup interface
[  670.862186][T11798] team0: Port device team_slave_0 removed
[  670.883860][T11798] team0: Port device team_slave_1 removed
[  670.895455][T11798] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  670.906588][T11798] batman_adv: batadv0: Removing interface: batadv_slave_0
[  670.918360][T11798] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  670.928495][T11798] batman_adv: batadv0: Removing interface: batadv_slave_1
[  670.935858][ T1868] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  671.006732][T11803] team0: Mode changed to "loadbalance"
[  671.115811][ T1868] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 61, changing to 9
[  671.151607][ T1868] usb 4-1: config 1 interface 0 has no altsetting 0
[  671.174108][T11819] macvlan2: entered allmulticast mode
[  671.180636][T10469] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  671.199684][T11819] veth0_macvtap: entered allmulticast mode
[  671.209973][ T1868] usb 4-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40
[  671.235615][T11827] syzkaller0: entered promiscuous mode
[  671.244693][ T1868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.255152][ T1868] usb 4-1: Product: syz
[  671.262414][T11827] syzkaller0: entered allmulticast mode
[  671.268863][ T1868] usb 4-1: Manufacturer: syz
[  671.276690][ T1868] usb 4-1: SerialNumber: syz
[  671.305727][T11822] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  671.323851][T11822] tipc: Resetting bearer <eth:syzkaller0>
[  671.356988][T11822] tipc: Disabling bearer <eth:syzkaller0>
[  671.374894][T10469] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  671.573760][T10469] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  671.627070][T10469] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  671.640456][T10469] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  671.652319][T10469] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  671.740889][T11843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1667'.
[  671.819960][T11844] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  671.829278][T11844] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  671.838321][T11844] overlayfs: missing 'lowerdir'
[  671.906280][T11845] overlayfs: failed to clone upperpath
[  672.690236][T10469] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  672.702632][T10469] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  672.712128][T10469] usb 1-1: Product: syz
[  672.716335][T10469] usb 1-1: Manufacturer: syz
[  672.742387][T10469] cdc_wdm 1-1:1.0: skipping garbage
[  672.747660][T10469] cdc_wdm 1-1:1.0: skipping garbage
[  672.793342][T10469] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  672.814404][T10469] cdc_wdm 1-1:1.0: Unknown control protocol
[  673.902910][ T1868] usbhid 4-1:1.0: can't add hid device: -71
[  674.033044][  T891] vhci_hcd: vhci_device speed not set
[  674.337796][ T1868] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  674.369937][ T1868] usb 4-1: USB disconnect, device number 45
[  674.492373][T11860] loop8: detected capacity change from 0 to 1
[  674.512512][T11319] Dev loop8: unable to read RDB block 1
[  674.518180][T11319]  loop8: unable to read partition table
[  674.573290][T11319] loop8: partition table beyond EOD, truncated
[  674.631325][T11860] Dev loop8: unable to read RDB block 1
[  674.645799][T11860]  loop8: unable to read partition table
[  674.672842][T11870] overlayfs: failed to resolve './file0': -2
[  674.689597][T11860] loop8: partition table beyond EOD, truncated
[  674.702864][T11871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1674'.
[  674.725534][T11871] bio_check_eod: 2 callbacks suppressed
[  674.725567][T11871] syz.4.1674: attempt to access beyond end of device
[  674.725567][T11871] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  674.745777][T11871] syz.4.1674: attempt to access beyond end of device
[  674.745777][T11871] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  674.763095][T11860] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  674.788676][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  674.799825][T11873] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1675'.
[  674.829729][ T5894] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  674.982995][T11871] syz.4.1674: attempt to access beyond end of device
[  674.982995][T11871] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  674.996042][ T1868] usb 1-1: USB disconnect, device number 37
[  675.018866][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  675.103682][T11876] netlink: 'syz.1.1675': attribute type 10 has an invalid length.
[  675.829269][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  675.835093][T11871] syz.4.1674: attempt to access beyond end of device
[  675.835093][T11871] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  675.877399][T11871] syz.4.1674: attempt to access beyond end of device
[  675.877399][T11871] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  675.909075][ T5894] usb 4-1: config 0 has an invalid interface number: 218 but max is 0
[  675.929503][ T5894] usb 4-1: config 0 has no interface number 0
[  675.944418][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  675.980011][ T5894] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=74.07
[  675.995820][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.005384][T11878] xt_TPROXY: Can be used only with -p tcp or -p udp
[  676.016514][ T5894] usb 4-1: Product: syz
[  676.047593][ T5894] usb 4-1: Manufacturer: syz
[  676.052409][ T5894] usb 4-1: SerialNumber: syz
[  676.074490][ T5894] usb 4-1: config 0 descriptor??
[  676.080716][T11871] syz.4.1674: attempt to access beyond end of device
[  676.080716][T11871] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  676.121823][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  676.135261][T11882] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  676.196350][T11871] syz.4.1674: attempt to access beyond end of device
[  676.196350][T11871] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  676.246211][T11871] syz.4.1674: attempt to access beyond end of device
[  676.246211][T11871] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  676.261232][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  676.275133][T11871] syz.4.1674: attempt to access beyond end of device
[  676.275133][T11871] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  676.309159][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  676.383029][ T5880] usb 4-1: USB disconnect, device number 46
[  676.448921][T11871] syz.4.1674: attempt to access beyond end of device
[  676.448921][T11871] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  676.504420][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  676.518214][T11871] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  676.528100][   T30] audit: type=1326 audit(1751188077.878:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  676.576171][T11871] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  676.578067][   T30] audit: type=1326 audit(1751188077.878:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  676.627740][   T30] audit: type=1326 audit(1751188077.878:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2be0f8d290 code=0x7ffc0000
[  676.653441][   T30] audit: type=1326 audit(1751188077.878:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2be0f90157 code=0x7ffc0000
[  676.680585][   T30] audit: type=1326 audit(1751188077.878:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  676.707459][   T30] audit: type=1326 audit(1751188077.878:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f2be0f90157 code=0x7ffc0000
[  676.740165][   T30] audit: type=1326 audit(1751188077.898:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f2be0f8d58a code=0x7ffc0000
[  676.829484][ T1868] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  677.291081][ T1868] usb 1-1: config 0 has an invalid interface number: 197 but max is 0
[  677.299680][ T1868] usb 1-1: config 0 has no interface number 0
[  677.306095][ T1868] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[  677.325419][ T1868] usb 1-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  677.340034][ T1868] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  677.366350][   T30] audit: type=1326 audit(1751188077.898:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  677.367948][ T1868] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42
[  677.399328][   T30] audit: type=1326 audit(1751188077.898:1245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  677.470475][   T30] audit: type=1326 audit(1751188077.898:1246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11890 comm="syz.0.1681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be0f8e929 code=0x7ffc0000
[  677.493031][ T1868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.517557][ T1868] usb 1-1: Product: syz
[  677.523136][ T1868] usb 1-1: Manufacturer: syz
[  677.538063][ T1868] usb 1-1: SerialNumber: syz
[  677.582823][ T1868] usb 1-1: config 0 descriptor??
[  677.671103][T11894] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  677.691192][T11894] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  678.002288][T11905] Invalid ELF header magic: != ELF
[  678.318168][T11894] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  678.337062][T11894] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  678.377750][ T1868] qmi_wwan 1-1:0.197: probe with driver qmi_wwan failed with error -22
[  678.827004][ T1868] usb 1-1: USB disconnect, device number 38
[  679.623544][T11921] vlan2: entered promiscuous mode
[  679.653508][T11921] erspan0: entered promiscuous mode
[  679.747893][T11925] FAULT_INJECTION: forcing a failure.
[  679.747893][T11925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.763097][T11925] CPU: 0 UID: 0 PID: 11925 Comm: syz.0.1690 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  679.763121][T11925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  679.763131][T11925] Call Trace:
[  679.763137][T11925]  <TASK>
[  679.763145][T11925]  dump_stack_lvl+0x189/0x250
[  679.763178][T11925]  ? __pfx____ratelimit+0x10/0x10
[  679.763200][T11925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  679.763223][T11925]  ? __pfx__printk+0x10/0x10
[  679.763247][T11925]  should_fail_ex+0x414/0x560
[  679.763268][T11925]  _copy_to_user+0x31/0xb0
[  679.763304][T11925]  simple_read_from_buffer+0xe1/0x170
[  679.763337][T11925]  proc_fail_nth_read+0x1df/0x250
[  679.763373][T11925]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.763405][T11925]  ? rw_verify_area+0x258/0x650
[  679.763427][T11925]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  679.763457][T11925]  vfs_read+0x1fd/0x980
[  679.763489][T11925]  ? __pfx_vfs_read+0x10/0x10
[  679.763516][T11925]  ? set_user_sigmask+0xc7/0x1b0
[  679.763545][T11925]  ? __pfx_set_user_sigmask+0x10/0x10
[  679.763592][T11925]  ksys_read+0x145/0x250
[  679.763618][T11925]  ? __pfx_ksys_read+0x10/0x10
[  679.763639][T11925]  ? rcu_is_watching+0x15/0xb0
[  679.763675][T11925]  ? do_syscall_64+0xbe/0x3b0
[  679.763711][T11925]  do_syscall_64+0xfa/0x3b0
[  679.763741][T11925]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.763770][T11925]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.763791][T11925]  ? clear_bhb_loop+0x60/0xb0
[  679.763817][T11925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.763838][T11925] RIP: 0033:0x7f2be0f8d33c
[  679.763856][T11925] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  679.763875][T11925] RSP: 002b:00007f2be1e30030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  679.763898][T11925] RAX: ffffffffffffffda RBX: 00007f2be11b5fa0 RCX: 00007f2be0f8d33c
[  679.763915][T11925] RDX: 000000000000000f RSI: 00007f2be1e300a0 RDI: 0000000000000004
[  679.763928][T11925] RBP: 00007f2be1e30090 R08: 0000000000000000 R09: 0000000000000000
[  679.763941][T11925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.763953][T11925] R13: 0000000000000000 R14: 00007f2be11b5fa0 R15: 00007ffd59159d58
[  679.763986][T11925]  </TASK>
[  680.861591][T11931] vlan2: entered allmulticast mode
[  680.866829][T11931] veth1: entered allmulticast mode
[  681.444298][ T5894] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  681.780227][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  681.911861][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  682.008701][ T5894] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  682.019348][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.033530][ T5894] usb 4-1: config 0 descriptor??
[  682.248035][T11936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.257541][T11936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.268596][   T30] kauditd_printk_skb: 50 callbacks suppressed
[  682.268615][   T30] audit: type=1400 audit(1751188083.638:1297): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=11929 comm="syz.3.1691" opid=11929 ocomm="syz.3.1691"
[  682.307941][   T30] audit: type=1400 audit(1751188083.638:1298): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=11929 comm="syz.3.1691" path="/dev/raw-gadget" dev="devtmpfs" ino=820
[  682.557677][  T891] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  683.329329][  T891] usb 1-1: Using ep0 maxpacket: 8
[  683.342983][  T891] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  683.361347][  T891] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  683.370976][  T891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.379111][  T891] usb 1-1: Product: syz
[  683.383436][  T891] usb 1-1: Manufacturer: syz
[  683.388173][  T891] usb 1-1: SerialNumber: syz
[  683.465881][  T891] usb 1-1: config 0 descriptor??
[  683.485305][  T891] gspca_main: stk014-2.14.0 probing 05e1:0893
[  683.502886][  T891] usb 1-1: selecting invalid altsetting 1
[  683.988402][T10469] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  684.061624][  T891] gspca_stk014: reg_r err -110
[  684.189633][  T891] stk014 1-1:0.0: probe with driver stk014 failed with error -110
[  684.329144][ T5894] usbhid 4-1:0.0: can't add hid device: -71
[  684.338895][ T5894] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  684.351571][ T5894] usb 4-1: USB disconnect, device number 47
[  684.881952][T10469] usb 2-1: unable to read config index 0 descriptor/start: -71
[  685.038220][T10469] usb 2-1: can't read configurations, error -71
[  685.091968][T11970] netlink: 'syz.4.1705': attribute type 12 has an invalid length.
[  685.819928][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  688.056661][T10469] usb 1-1: USB disconnect, device number 39
[  688.931806][T12024] kAFS: No cell specified
[  689.682682][ T1868] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  689.930702][ T1868] usb 5-1: Using ep0 maxpacket: 8
[  689.940342][ T1868] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  689.949742][ T1868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.983205][ T1868] usb 5-1: config 0 descriptor??
[  693.480914][T12055] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  693.758193][ T1868] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  693.768565][ T1868] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  693.804676][ T1868] asix 5-1:0.0: probe with driver asix failed with error -71
[  693.833915][ T1868] usb 5-1: USB disconnect, device number 37
[  696.308141][T12078] input: syz1 as /devices/virtual/input/input15
[  697.212903][T12086] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.1736'.
[  697.578457][T12095] netlink: 'syz.1.1738': attribute type 3 has an invalid length.
[  697.653458][T12095] netlink: 'syz.1.1738': attribute type 1 has an invalid length.
[  697.720104][T12095] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1738'.
[  697.789300][T12095] NCSI netlink: No device for ifindex 33022
[  698.946702][T12106] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1741'.
[  699.154843][T12108] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1742'.
[  699.407255][T12110] netlink: 'syz.1.1741': attribute type 10 has an invalid length.
[  700.611288][T12111] netlink: 'syz.2.1742': attribute type 10 has an invalid length.
[  701.219375][ T5880] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  701.391695][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  701.404241][ T5880] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  701.414072][ T5880] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  701.423687][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.463999][ T5880] usb 2-1: config 0 descriptor??
[  701.483986][ T5880] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  701.492598][ T5880] dvb-usb: bulk message failed: -22 (3/0)
[  701.530233][ T5880] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  701.541914][ T5880] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  701.549661][ T5880] usb 2-1: media controller created
[  701.580866][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  701.647337][ T5880] dvb-usb: bulk message failed: -22 (6/0)
[  701.654940][ T5880] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  701.727727][ T5880] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input16
[  701.849407][   T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  702.062157][ T5880] dvb-usb: schedule remote query interval to 150 msecs.
[  702.073418][ T5880] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  702.194311][   T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  702.214186][   T24] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  702.233281][ T5880] dvb-usb: bulk message failed: -22 (1/0)
[  702.243702][ T5880] dvb-usb: error while querying for an remote control event.
[  702.258672][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  702.270027][T10384] usb 2-1: USB disconnect, device number 25
[  702.285883][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  702.305584][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  702.322539][   T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  702.331971][   T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  702.341881][T10384] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  702.343734][   T24] usb 4-1: Product: syz
[  702.354850][   T24] usb 4-1: Manufacturer: syz
[  702.584589][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  702.626649][   T24] cdc_wdm 4-1:1.0: skipping garbage
[  702.801740][   T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  702.920982][   T24] cdc_wdm 4-1:1.0: Unknown control protocol
[  703.116286][   T24] usb 4-1: USB disconnect, device number 48
[  703.300176][T12153] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1754'.
[  703.651288][T12157] netlink: 'syz.1.1754': attribute type 10 has an invalid length.
[  704.478737][T12160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1753'.
[  704.721221][T12160] bio_check_eod: 2 callbacks suppressed
[  704.721272][T12160] syz.4.1753: attempt to access beyond end of device
[  704.721272][T12160] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  704.743487][T12160] syz.4.1753: attempt to access beyond end of device
[  704.743487][T12160] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  704.762041][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  704.789403][T12160] syz.4.1753: attempt to access beyond end of device
[  704.789403][T12160] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  704.807043][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  704.827357][T12160] syz.4.1753: attempt to access beyond end of device
[  704.827357][T12160] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  704.843128][T12160] syz.4.1753: attempt to access beyond end of device
[  704.843128][T12160] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  704.859005][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  704.873204][T12160] syz.4.1753: attempt to access beyond end of device
[  704.873204][T12160] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  704.889569][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  704.939741][T12160] syz.4.1753: attempt to access beyond end of device
[  704.939741][T12160] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  704.979291][T12160] syz.4.1753: attempt to access beyond end of device
[  704.979291][T12160] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  705.007714][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  705.019067][T12160] syz.4.1753: attempt to access beyond end of device
[  705.019067][T12160] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  705.032804][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  705.051759][T12165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1755'.
[  705.062365][T12160] syz.4.1753: attempt to access beyond end of device
[  705.062365][T12160] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  705.079443][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  705.093471][T12160] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  705.095633][T12165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'.
[  705.130495][T12165] netlink: 'syz.1.1755': attribute type 12 has an invalid length.
[  705.138586][T12165] netlink: 'syz.1.1755': attribute type 11 has an invalid length.
[  705.182904][T12160] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  705.304066][T12165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1755'.
[  705.509973][T12177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1758'.
[  705.525461][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  705.535257][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  705.545691][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  705.555371][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  705.565554][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  705.575928][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  705.586094][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  705.595799][T12177] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  705.605507][T12177] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  705.734420][T12182] openvswitch: netlink: Key 22 has unexpected len 2 expected 4
[  707.321916][T12198] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1765'.
[  707.484140][T12203] loop2: detected capacity change from 0 to 7
[  708.012083][T12203] Dev loop2: unable to read RDB block 7
[  708.017797][T12203]  loop2: AHDI p1 p2 p3
[  708.022102][T12203] loop2: partition table partially beyond EOD, truncated
[  708.029832][T12203] loop2: p1 start 1601398130 is beyond EOD, truncated
[  708.036650][T12203] loop2: p2 start 1702059890 is beyond EOD, truncated
[  708.405521][T12207] netlink: 'syz.2.1765': attribute type 10 has an invalid length.
[  709.775808][T12228] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1773'.
[  709.849410][T11105] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  710.079826][T11105] usb 2-1: device descriptor read/64, error -71
[  710.202678][T12230] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1774'.
[  710.439624][T11105] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  711.065477][T11105] usb 2-1: device descriptor read/64, error -71
[  711.436241][T11105] usb usb2-port1: attempt power cycle
[  711.789379][T11105] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  711.831262][T11105] usb 2-1: device descriptor read/8, error -71
[  713.802720][T12271] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1787'.
[  713.954775][T11105] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  713.993040][T12273] bio_check_eod: 14 callbacks suppressed
[  713.993056][T12273] syz.3.1787: attempt to access beyond end of device
[  713.993056][T12273] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  714.039821][T11105] usb 2-1: device descriptor read/8, error -71
[  714.201430][T12273] syz.3.1787: attempt to access beyond end of device
[  714.201430][T12273] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  714.220211][T11105] usb usb2-port1: unable to enumerate USB device
[  714.233006][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  714.362347][T12273] syz.3.1787: attempt to access beyond end of device
[  714.362347][T12273] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  714.414323][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  714.459629][T12273] syz.3.1787: attempt to access beyond end of device
[  714.459629][T12273] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  714.499526][T12273] syz.3.1787: attempt to access beyond end of device
[  714.499526][T12273] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  714.539810][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  714.564064][T12273] syz.3.1787: attempt to access beyond end of device
[  714.564064][T12273] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  714.622675][T12285] netlink: 'syz.4.1792': attribute type 1 has an invalid length.
[  714.631917][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  714.648780][T12273] syz.3.1787: attempt to access beyond end of device
[  714.648780][T12273] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  714.650159][   T30] audit: type=1326 audit(1751188116.018:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12284 comm="syz.4.1792" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5b26d8e929 code=0x0
[  714.662975][T12273] syz.3.1787: attempt to access beyond end of device
[  714.662975][T12273] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  714.757885][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  714.790614][T12273] syz.3.1787: attempt to access beyond end of device
[  714.790614][T12273] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  714.824788][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  714.835509][T12273] syz.3.1787: attempt to access beyond end of device
[  714.835509][T12273] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  714.850244][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  714.902951][T12273] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  714.912944][T12273] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  715.570152][   T30] audit: type=1326 audit(1751188116.948:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12300 comm="syz.3.1797" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f831178e929 code=0x0
[  715.591402][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.285723][T12321] netlink: 'syz.3.1803': attribute type 1 has an invalid length.
[  716.365442][T12321] 8021q: adding VLAN 0 to HW filter on device bond1
[  716.448533][T12321] bond1: (slave geneve2): making interface the new active one
[  716.461235][T12321] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  716.495508][T12321] bond1: entered promiscuous mode
[  716.513031][T12321] geneve2: entered promiscuous mode
[  716.619326][T12141] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  716.840231][T12141] usb 5-1: Using ep0 maxpacket: 32
[  716.929003][T12141] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  717.501544][T12141] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  717.511194][T12141] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.540671][T12141] usb 5-1: config 0 descriptor??
[  718.043418][T12344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.053083][T12344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  718.129142][   T30] audit: type=1400 audit(1751188119.498:1301): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=12307 comm="syz.4.1798" opid=12307 ocomm="syz.4.1798"
[  718.387916][T12346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1808'.
[  718.400635][T12347] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1807'.
[  718.413728][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  718.423610][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  718.434192][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  718.444196][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  718.454456][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  718.464279][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  718.475192][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  718.484927][T12346] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  718.494487][T12346] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  718.508736][   T30] audit: type=1400 audit(1751188119.888:1302): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=12307 comm="syz.4.1798" path="/dev/raw-gadget" dev="devtmpfs" ino=820
[  718.656206][T12351] netlink: 'syz.3.1810': attribute type 25 has an invalid length.
[  718.666162][T12351] netlink: 'syz.3.1810': attribute type 7 has an invalid length.
[  718.685208][T12352] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1809'.
[  719.077216][T12367] bridge0: entered promiscuous mode
[  719.088882][T12367] macvlan2: entered promiscuous mode
[  719.097939][T12367] bridge0: port 3(macvlan2) entered blocking state
[  719.108764][T12367] bridge0: port 3(macvlan2) entered disabled state
[  719.115978][T12367] macvlan2: entered allmulticast mode
[  719.124776][T12367] bridge0: entered allmulticast mode
[  719.133443][T12367] macvlan2: left allmulticast mode
[  719.133466][T12367] bridge0: left allmulticast mode
[  719.134925][T12367] bridge0: left promiscuous mode
[  719.439784][T11105] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  719.669466][T12141] usbhid 5-1:0.0: can't add hid device: -71
[  719.669585][T12141] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  719.769833][T11105] usb 2-1: Using ep0 maxpacket: 16
[  719.776600][T12141] usb 5-1: USB disconnect, device number 38
[  719.854262][T11105] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  719.854296][T11105] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.854317][T11105] usb 2-1: Product: syz
[  719.854334][T11105] usb 2-1: Manufacturer: syz
[  719.854350][T11105] usb 2-1: SerialNumber: syz
[  719.867558][T11105] usb 2-1: config 0 descriptor??
[  719.891047][T11105] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  719.891078][T11105] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  720.321607][T12141] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  720.350262][T12396] SET target dimension over the limit!
[  720.470123][T12141] usb 1-1: Using ep0 maxpacket: 16
[  720.475061][T12141] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  720.507868][T12141] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  720.520886][T12141] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  720.565083][T12141] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  720.565117][T12141] usb 1-1: Product: syz
[  720.565136][T12141] usb 1-1: Manufacturer: syz
[  720.565153][T12141] usb 1-1: SerialNumber: syz
[  721.276962][T12141] usb 1-1: 0:2 : does not exist
[  721.289702][T11105] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  721.330888][T12141] usb 1-1: USB disconnect, device number 40
[  721.372577][T11105] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  721.372704][T11105] em28xx 2-1:0.0: board has no eeprom
[  721.439362][T11105] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  721.439396][T11105] em28xx 2-1:0.0: dvb set to bulk mode.
[  721.441518][T10469] em28xx 2-1:0.0: Binding DVB extension
[  721.567465][T10469] em28xx 2-1:0.0: Registering input extension
[  721.771999][T12423] xt_hashlimit: overflow, rate too high: 0
[  722.714831][T12422] delete_channel: no stack
[  722.812394][   T24] usb 2-1: USB disconnect, device number 30
[  722.836886][   T24] em28xx 2-1:0.0: Disconnecting em28xx
[  722.903781][   T24] em28xx 2-1:0.0: Closing input extension
[  722.989629][   T24] em28xx 2-1:0.0: Freeing device
[  723.379542][T12141] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  723.548366][T12441] overlayfs: failed to resolve './file0': -2
[  723.610950][T12141] usb 1-1: Using ep0 maxpacket: 32
[  723.618140][T12141] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  723.630839][T12141] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  723.645941][T12141] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  723.658426][T12141] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.772632][T12141] usb 1-1: config 0 descriptor??
[  723.898928][T12446] bio_check_eod: 14 callbacks suppressed
[  723.898949][T12446] syz.1.1844: attempt to access beyond end of device
[  723.898949][T12446] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  723.920040][T12446] syz.1.1844: attempt to access beyond end of device
[  723.920040][T12446] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  723.933470][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  723.946509][T12446] syz.1.1844: attempt to access beyond end of device
[  723.946509][T12446] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  723.960574][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  723.974831][T12446] syz.1.1844: attempt to access beyond end of device
[  723.974831][T12446] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  723.989529][T12446] syz.1.1844: attempt to access beyond end of device
[  723.989529][T12446] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  724.004973][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  724.016350][T12446] syz.1.1844: attempt to access beyond end of device
[  724.016350][T12446] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  724.030135][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  724.052269][T12446] syz.1.1844: attempt to access beyond end of device
[  724.052269][T12446] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  724.071134][T12446] syz.1.1844: attempt to access beyond end of device
[  724.071134][T12446] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  724.086925][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  724.102231][T12446] syz.1.1844: attempt to access beyond end of device
[  724.102231][T12446] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  724.118305][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  724.131222][T12446] syz.1.1844: attempt to access beyond end of device
[  724.131222][T12446] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  724.141519][T12447] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1844'.
[  724.144504][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  724.165108][T12446] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  724.175081][T12446] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  724.287933][T12437] mmap: syz.0.1842 (12437) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  724.524592][T12141] ft260 0003:0403:6030.0011: unknown main item tag 0x0
[  724.833390][T12141] ft260 0003:0403:6030.0011: chip code: 6424 8183
[  725.099585][T12141] ft260 0003:0403:6030.0011: failed to retrieve system status
[  725.109713][T12437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.230494][T12437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.275681][T12141] ft260 0003:0403:6030.0011: probe with driver ft260 failed with error -32
[  725.344170][T12141] usb 1-1: USB disconnect, device number 41
[  727.604299][T12486] loop9: detected capacity change from 0 to 7
[  727.622539][T12486] buffer_io_error: 7 callbacks suppressed
[  727.622559][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  727.645091][T12475] warn_alloc: 1 callbacks suppressed
[  727.645111][T12475] syz.1.1852: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[  727.663678][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  727.696877][T12475] ,cpuset=/,mems_allowed=0-1
[  727.704668][T12475] CPU: 0 UID: 0 PID: 12475 Comm: syz.1.1852 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  727.704699][T12475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  727.704713][T12475] Call Trace:
[  727.704722][T12475]  <TASK>
[  727.704731][T12475]  dump_stack_lvl+0x189/0x250
[  727.704775][T12475]  ? __pfx_dump_stack_lvl+0x10/0x10
[  727.704808][T12475]  ? __pfx__printk+0x10/0x10
[  727.704832][T12475]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  727.704869][T12475]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  727.704908][T12475]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  727.704947][T12475]  warn_alloc+0x214/0x310
[  727.704985][T12475]  ? __pfx_warn_alloc+0x10/0x10
[  727.705025][T12475]  ? __get_vm_area_node+0x28f/0x300
[  727.705052][T12475]  ? packet_set_ring+0x6f4/0x2380
[  727.705083][T12475]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  727.705146][T12475]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  727.705171][T12475]  ? alloc_pages_mpol+0x3c4/0x4a0
[  727.705196][T12475]  ? packet_set_ring+0x6f4/0x2380
[  727.705218][T12475]  vzalloc_noprof+0xb2/0xf0
[  727.705241][T12475]  ? packet_set_ring+0x6f4/0x2380
[  727.705264][T12475]  packet_set_ring+0x6f4/0x2380
[  727.705305][T12475]  ? __pfx_packet_set_ring+0x10/0x10
[  727.705345][T12475]  ? _copy_from_user+0x94/0xb0
[  727.705376][T12475]  packet_setsockopt+0xc5a/0x12c0
[  727.705400][T12475]  ? __pfx_packet_setsockopt+0x10/0x10
[  727.705419][T12475]  ? futex_wait+0x285/0x360
[  727.705443][T12475]  ? __pfx_futex_wait+0x10/0x10
[  727.705481][T12475]  ? __lock_acquire+0xab9/0xd20
[  727.705513][T12475]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  727.705534][T12475]  ? __pfx_packet_setsockopt+0x10/0x10
[  727.705557][T12475]  do_sock_setsockopt+0x25a/0x3e0
[  727.705580][T12475]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  727.705604][T12475]  ? __fget_files+0x2a/0x420
[  727.705634][T12475]  __x64_sys_setsockopt+0x18b/0x220
[  727.705659][T12475]  do_syscall_64+0xfa/0x3b0
[  727.705684][T12475]  ? lockdep_hardirqs_on+0x9c/0x150
[  727.705709][T12475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.705727][T12475]  ? clear_bhb_loop+0x60/0xb0
[  727.705748][T12475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.705766][T12475] RIP: 0033:0x7f374af8e929
[  727.705782][T12475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.705798][T12475] RSP: 002b:00007f374bda4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  727.705817][T12475] RAX: ffffffffffffffda RBX: 00007f374b1b6240 RCX: 00007f374af8e929
[  727.705830][T12475] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000007
[  727.705841][T12475] RBP: 00007f374b010b39 R08: 000000000000001c R09: 0000000000000000
[  727.705852][T12475] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  727.705864][T12475] R13: 0000000000000000 R14: 00007f374b1b6240 R15: 00007ffdb79b5038
[  727.705890][T12475]  </TASK>
[  727.705913][T12475] Mem-Info:
[  727.783692][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  727.979248][T12475] active_anon:4362 inactive_anon:5439 isolated_anon:0
[  727.979248][T12475]  active_file:14367 inactive_file:37885 isolated_file:0
[  727.979248][T12475]  unevictable:768 dirty:52 writeback:0
[  727.979248][T12475]  slab_reclaimable:11041 slab_unreclaimable:110946
[  727.979248][T12475]  mapped:32191 shmem:5469 pagetables:1224
[  727.979248][T12475]  sec_pagetables:0 bounce:0
[  727.979248][T12475]  kernel_misc_reclaimable:0
[  727.979248][T12475]  free:1292343 free_pcp:18260 free_cma:0
[  727.982244][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  727.987902][T12475] Node 0 active_anon:17440kB inactive_anon:21820kB active_file:57264kB inactive_file:151540kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128768kB dirty:216kB writeback:0kB shmem:20340kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12072kB pagetables:4788kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  727.997732][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  728.089287][T12475] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  728.294041][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  728.322473][T12475] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  728.408227][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  728.618870][T12486] ldm_validate_partition_table(): Disk read failed.
[  728.628737][T12475] lowmem_reserve[]: 0 2501 2503 2503 2503
[  728.720923][T12475] Node 0 DMA32 free:1267132kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17436kB inactive_anon:38380kB active_file:55488kB inactive_file:151472kB unevictable:1536kB writepending:316kB present:3129332kB managed:2561452kB mlocked:0kB bounce:0kB free_pcp:27388kB local_pcp:18340kB free_cma:0kB
[  728.772765][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.060932][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.091148][T12486] Buffer I/O error on dev loop9, logical block 0, async page read
[  729.117281][T12475] lowmem_reserve[]: 0 0 1 1 1
[  729.125086][T12475] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1776kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  729.157799][T12475] lowmem_reserve[]: 0 0 0 0 0
[  729.165884][T12475] Node 1 Normal free:3886220kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:29892kB local_pcp:11028kB free_cma:0kB
[  729.199250][T12486] Dev loop9: unable to read RDB block 0
[  729.209505][T12486]  loop9: unable to read partition table
[  729.215418][T12486] loop9: partition table beyond EOD, truncated
[  729.239403][T12475] lowmem_reserve[]: 0 0 0 0 0
[  729.244252][T12475] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  729.258528][T12486] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  729.258528][T12486] 
) failed (rc=-5)
[  729.279109][T12508] netlink: 'syz.2.1862': attribute type 7 has an invalid length.
[  729.279330][T12475] Node 0 DMA32: 3*4kB (UME) 3*8kB (UME) 77*16kB (UME) 1121*32kB (UM) 308*64kB (UME) 92*128kB (UME) 67*256kB (UME) 24*512kB (M) 20*1024kB (UM) 4*2048kB (UME) 278*4096kB (UM) = 1265428kB
[  729.333130][T12475] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  729.364383][T12475] Node 1 Normal: 3*4kB (UE) 4*8kB (UME) 10*16kB (UME) 4*32kB (UME) 7*64kB (UME) 3*128kB (UM) 4*256kB (UME) 2*512kB (M) 2*1024kB (UM) 5*2048kB (U) 945*4096kB (UM) = 3886220kB
[  729.390510][T12475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  729.400405][T12475] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  729.409877][T12475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  729.431400][T12475] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  729.453025][T12475] 60684 total pagecache pages
[  729.463112][T12475] 0 pages in swap cache
[  729.470806][T12475] Free swap  = 124992kB
[  729.477338][T12475] Total swap = 124996kB
[  729.491344][T12475] 2097051 pages RAM
[  729.499411][T12475] 0 pages HighMem/MovableOnly
[  729.511364][T12475] 424581 pages reserved
[  729.520270][T12475] 0 pages cma reserved
[  729.699388][T10469] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  729.859446][T10469] usb 1-1: Using ep0 maxpacket: 32
[  729.868372][T10469] usb 1-1: config 0 has an invalid interface number: 193 but max is 0
[  729.886894][T10469] usb 1-1: config 0 has no interface number 0
[  729.905940][T10469] usb 1-1: New USB device found, idVendor=08d1, idProduct=0001, bcdDevice=f2.70
[  729.915566][T10469] usb 1-1: New USB device strings: Mfr=1, Product=21, SerialNumber=3
[  729.928776][T10469] usb 1-1: Product: syz
[  729.933844][T10469] usb 1-1: Manufacturer: syz
[  729.938665][T10469] usb 1-1: SerialNumber: syz
[  729.953227][T10469] usb 1-1: rejected 1 configuration due to insufficient available bus power
[  729.965102][T10469] usb 1-1: no configuration chosen from 1 choice
[  730.120941][ T5880] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  730.419856][ T5880] usb 5-1: Using ep0 maxpacket: 16
[  730.453413][ T5880] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11
[  730.492543][ T5880] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  730.582322][ T5880] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  730.653174][ T5880] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  730.762993][ T5880] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  730.829225][ T5880] usb 5-1: config 1 interface 0 has no altsetting 0
[  730.837948][ T5880] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  730.859850][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.329393][ T5880] usb 5-1: can't set config #1, error -71
[  731.354804][ T5880] usb 5-1: USB disconnect, device number 39
[  731.963193][T12546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1874'.
[  732.000809][T12546] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1874'.
[  732.292123][T12556] netlink: 'syz.3.1877': attribute type 1 has an invalid length.
[  732.321744][   T24] usb 1-1: USB disconnect, device number 42
[  732.405432][T12559] ipt_rpfilter: unknown options
[  733.283792][T12566] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1878'.
[  733.679716][T12566] bio_check_eod: 2 callbacks suppressed
[  733.679828][T12566] syz.0.1878: attempt to access beyond end of device
[  733.679828][T12566] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  733.711540][T12566] syz.0.1878: attempt to access beyond end of device
[  733.711540][T12566] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  733.725627][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  733.737851][T12566] syz.0.1878: attempt to access beyond end of device
[  733.737851][T12566] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  733.784196][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  733.850258][T12566] syz.0.1878: attempt to access beyond end of device
[  733.850258][T12566] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  733.875911][T12566] syz.0.1878: attempt to access beyond end of device
[  733.875911][T12566] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  733.941347][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  733.970202][T12566] syz.0.1878: attempt to access beyond end of device
[  733.970202][T12566] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  733.989567][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  734.065733][T12566] syz.0.1878: attempt to access beyond end of device
[  734.065733][T12566] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  734.099459][T12566] syz.0.1878: attempt to access beyond end of device
[  734.099459][T12566] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  734.141225][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  734.169421][T12566] syz.0.1878: attempt to access beyond end of device
[  734.169421][T12566] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  734.199392][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  734.224629][T12566] syz.0.1878: attempt to access beyond end of device
[  734.224629][T12566] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  734.275043][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  734.292239][T12566] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  734.309403][T10384] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  734.327263][T12566] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  734.479467][T10384] usb 5-1: Using ep0 maxpacket: 32
[  734.491699][T10384] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  734.511519][T10384] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  734.530391][T10384] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.774728][T12587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1886'.
[  734.902465][T10384] usb 5-1: config 0 descriptor??
[  734.976221][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  734.994294][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  735.029747][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  735.048962][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  735.083292][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  735.101176][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  735.123112][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  735.141155][T12587] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  735.151163][T12587] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  735.199777][T12579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.219018][T12579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.236653][   T30] audit: type=1400 audit(1751188136.608:1303): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=12575 comm="syz.4.1882" opid=12575 ocomm="syz.4.1882"
[  735.349313][   T30] audit: type=1400 audit(1751188136.608:1304): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=12575 comm="syz.4.1882" path="/dev/raw-gadget" dev="devtmpfs" ino=820
[  735.432662][T12589] netlink: 'syz.1.1887': attribute type 1 has an invalid length.
[  735.450566][T12589] netlink: 'syz.1.1887': attribute type 1 has an invalid length.
[  735.467426][T12589] netlink: 'syz.1.1887': attribute type 2 has an invalid length.
[  735.479495][T12589] netlink: 'syz.1.1887': attribute type 1 has an invalid length.
[  735.487502][T12589] netlink: 'syz.1.1887': attribute type 2 has an invalid length.
[  737.772688][T10384] usbhid 5-1:0.0: can't add hid device: -71
[  737.778802][T10384] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  737.799604][T10384] usb 5-1: USB disconnect, device number 40
[  738.652276][T12625] netlink: 'syz.4.1899': attribute type 12 has an invalid length.
[  740.348169][T12646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1906'.
[  740.425622][T11105] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  740.795084][T11105] usb 1-1: Using ep0 maxpacket: 32
[  740.964295][T11105] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  740.988087][T11105] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  741.029402][T11105] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.053377][T11105] usb 1-1: config 0 descriptor??
[  741.264731][T12643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  741.300319][T12643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  741.398643][   T30] audit: type=1400 audit(1751188142.758:1305): lsm=SMACK fn=smack_task_setioprio action=denied subject="w" object="_" requested=w pid=12640 comm="syz.0.1904" opid=12640 ocomm="syz.0.1904"
[  741.399717][T12658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1909'.
[  741.700768][   T30] audit: type=1400 audit(1751188143.078:1306): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=12640 comm="syz.0.1904" path="/dev/raw-gadget" dev="devtmpfs" ino=820
[  741.773850][T12657] bio_check_eod: 14 callbacks suppressed
[  741.773867][T12657] syz.3.1909: attempt to access beyond end of device
[  741.773867][T12657] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  741.792842][T12657] syz.3.1909: attempt to access beyond end of device
[  741.792842][T12657] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  741.806327][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  741.816170][T12657] syz.3.1909: attempt to access beyond end of device
[  741.816170][T12657] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  741.829767][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  741.840628][T12657] syz.3.1909: attempt to access beyond end of device
[  741.840628][T12657] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  741.853779][T12657] syz.3.1909: attempt to access beyond end of device
[  741.853779][T12657] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  741.866837][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  741.878188][T12657] syz.3.1909: attempt to access beyond end of device
[  741.878188][T12657] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  741.891571][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  741.901749][T12657] syz.3.1909: attempt to access beyond end of device
[  741.901749][T12657] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  741.914946][T12657] syz.3.1909: attempt to access beyond end of device
[  741.914946][T12657] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  741.928714][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  741.938449][T12657] syz.3.1909: attempt to access beyond end of device
[  741.938449][T12657] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  741.952143][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  741.962381][T12657] syz.3.1909: attempt to access beyond end of device
[  741.962381][T12657] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  741.975538][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  741.985274][T12657] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  741.994840][T12657] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  742.026346][T12662] ipt_REJECT: TCP_RESET invalid for non-tcp
[  742.351414][T12669] tmpfs: Cannot change global quota limit on remount
[  742.422065][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1912'.
[  742.832643][T12677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1913'.
[  743.163761][T11105] usbhid 1-1:0.0: can't add hid device: -71
[  743.174214][T11105] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  743.207660][T11105] usb 1-1: USB disconnect, device number 43
[  743.832495][T12695] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1916'.
[  745.146991][T12705] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1919'.
[  745.176654][T12705] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1919'.
[  745.381334][T12707] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  745.399851][T12707] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  745.459551][T11105] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  745.631715][T12707] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  745.699544][T11105] usb 1-1: Using ep0 maxpacket: 16
[  746.362213][T12707] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  746.364494][T11105] usb 1-1: unable to get BOS descriptor or descriptor too short
[  746.378184][T11105] usb 1-1: unable to read config index 0 descriptor/start: -71
[  746.396097][T11105] usb 1-1: can't read configurations, error -71
[  746.453439][T12707] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  746.475709][T12707] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  746.825603][T12726] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1924'.
[  746.886248][T12727] bio_check_eod: 2 callbacks suppressed
[  746.886283][T12727] syz.1.1924: attempt to access beyond end of device
[  746.886283][T12727] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  746.918563][T12727] syz.1.1924: attempt to access beyond end of device
[  746.918563][T12727] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  746.934661][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  746.946669][T12727] syz.1.1924: attempt to access beyond end of device
[  746.946669][T12727] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  746.960448][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  746.981447][T12727] syz.1.1924: attempt to access beyond end of device
[  746.981447][T12727] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  746.994713][T12727] syz.1.1924: attempt to access beyond end of device
[  746.994713][T12727] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  747.011550][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  747.023095][T12727] syz.1.1924: attempt to access beyond end of device
[  747.023095][T12727] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  747.036860][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  747.055079][T12727] syz.1.1924: attempt to access beyond end of device
[  747.055079][T12727] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  747.069779][T12727] syz.1.1924: attempt to access beyond end of device
[  747.069779][T12727] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  747.084317][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  747.094889][T12727] syz.1.1924: attempt to access beyond end of device
[  747.094889][T12727] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  747.108734][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  747.123775][T12727] syz.1.1924: attempt to access beyond end of device
[  747.123775][T12727] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  747.138951][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  747.151208][T12727] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  747.161239][T12727] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  747.459275][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[  747.462187][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.639374][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  747.757109][T12733] ------------[ cut here ]------------
[  747.763968][T12733] WARNING: CPU: 1 PID: 12733 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  747.775651][T12733] Modules linked in:
[  747.779928][T12733] CPU: 1 UID: 0 PID: 12733 Comm: syz.3.1925 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  747.792413][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  747.802803][T12733] RIP: 0010:folio_memcg+0x1a8/0x310
[  747.808072][T12733] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 e9 73 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  747.827884][T12733] RSP: 0018:ffffc9000c07f250 EFLAGS: 00010283
[  747.834244][T12733] RAX: ffffffff8205d987 RBX: 0000000000000000 RCX: 0000000000080000
[  747.842351][T12733] RDX: ffffc9000e8d3000 RSI: 0000000000001e03 RDI: 0000000000001e04
[  747.850565][T12733] RBP: 0000000000000000 R08: ffffea00013c93c7 R09: 1ffffd4000279278
[  747.858594][T12733] R10: dffffc0000000000 R11: fffff94000279279 R12: ffffea00013c93f0
[  747.867290][T12733] R13: dffffc0000000000 R14: ffff8880788c6a00 R15: 0000000000000002
[  747.875802][T12733] FS:  00007f83125b66c0(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000
[  747.885261][T12733] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  747.892042][T12733] CR2: 0000000000000000 CR3: 000000007a92e000 CR4: 00000000003526f0
[  747.900162][T12733] Call Trace:
[  747.903506][T12733]  <TASK>
[  747.906489][T12733]  workingset_activation+0x5f/0x4a0
[  747.911819][T12733]  ? folio_mark_accessed+0x2c1/0x4a0
[  747.917600][T12733]  folio_mark_accessed+0x3b5/0x4a0
[  747.922860][T12733]  kvm_release_page_clean+0x9a/0xe0
[  747.928134][T12733]  kvm_tdp_page_fault+0x2dd/0x370
[  747.933257][T12733]  kvm_mmu_do_page_fault+0x2c5/0x640
[  747.936910][T12741] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  747.938573][T12733]  ? vmx_vcpu_run+0xd8b/0x25d0
[  747.954548][T12733]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  747.960487][T12733]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  747.966691][T12733]  kvm_mmu_page_fault+0x22f/0xb70
[  747.972263][T12733]  ? __pfx_handle_ept_violation+0x10/0x10
[  747.978043][T12733]  vmx_handle_exit+0x1093/0x18a0
[  747.983141][T12733]  ? vcpu_run+0x361c/0x6f70
[  747.987831][T12733]  ? rcu_is_watching+0x15/0xb0
[  747.992876][T12733]  vcpu_run+0x432e/0x6f70
[  747.997288][T12733]  ? vcpu_run+0x361c/0x6f70
[  748.001982][T12733]  ? __pfx_vcpu_run+0x10/0x10
[  748.006716][T12733]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  748.012648][T12733]  ? rcu_is_watching+0x15/0xb0
[  748.017484][T12733]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  748.023159][T12733]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  748.028956][T12733]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  748.035178][T12733]  ? rcu_is_watching+0x15/0xb0
[  748.040097][T12733]  ? look_up_lock_class+0x74/0x170
[  748.045288][T12733]  ? register_lock_class+0x51/0x320
[  748.050707][T12733]  ? __lock_acquire+0xab9/0xd20
[  748.055735][T12733]  kvm_vcpu_ioctl+0x95c/0xe90
[  748.060582][T12733]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  748.066396][T12733]  ? __lock_acquire+0xab9/0xd20
[  748.071799][T12733]  ? __asan_memset+0x22/0x50
[  748.076467][T12733]  ? smack_file_ioctl+0x302/0x340
[  748.081650][T12733]  ? __pfx_smack_file_ioctl+0x10/0x10
[  748.087129][T12733]  ? __fget_files+0x2a/0x420
[  748.091849][T12733]  ? __fget_files+0x3a0/0x420
[  748.096580][T12733]  ? __fget_files+0x2a/0x420
[  748.101432][T12733]  ? bpf_lsm_file_ioctl+0x9/0x20
[  748.106456][T12733]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  748.111777][T12733]  __se_sys_ioctl+0xfc/0x170
[  748.116485][T12733]  do_syscall_64+0xfa/0x3b0
[  748.121107][T12733]  ? lockdep_hardirqs_on+0x9c/0x150
[  748.126363][T12733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.132632][T12733]  ? clear_bhb_loop+0x60/0xb0
[  748.137398][T12733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.144475][T12733] RIP: 0033:0x7f831178e929
[  748.148979][T12733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  748.169665][T12733] RSP: 002b:00007f83125b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  748.178232][T12733] RAX: ffffffffffffffda RBX: 00007f83119b6080 RCX: 00007f831178e929
[  748.186329][T12733] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  748.194427][T12733] RBP: 00007f8311810b39 R08: 0000000000000000 R09: 0000000000000000
[  748.202533][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  748.210593][T12733] R13: 0000000000000000 R14: 00007f83119b6080 R15: 00007fff3f947248
[  748.218673][T12733]  </TASK>
[  748.221894][T12733] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  748.229223][T12733] CPU: 1 UID: 0 PID: 12733 Comm: syz.3.1925 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
[  748.241350][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  748.251469][T12733] Call Trace:
[  748.254811][T12733]  <TASK>
[  748.257779][T12733]  dump_stack_lvl+0x99/0x250
[  748.262412][T12733]  ? __asan_memcpy+0x40/0x70
[  748.267019][T12733]  ? __pfx_dump_stack_lvl+0x10/0x10
[  748.272246][T12733]  ? __pfx__printk+0x10/0x10
[  748.276891][T12733]  panic+0x2db/0x790
[  748.280853][T12733]  ? __pfx_panic+0x10/0x10
[  748.285331][T12733]  __warn+0x31b/0x4b0
[  748.289345][T12733]  ? folio_memcg+0x1a8/0x310
[  748.293976][T12733]  ? folio_memcg+0x1a8/0x310
[  748.298653][T12733]  report_bug+0x2be/0x4f0
[  748.303010][T12733]  ? folio_memcg+0x1a8/0x310
[  748.307632][T12733]  ? folio_memcg+0x1a8/0x310
[  748.312254][T12733]  ? folio_memcg+0x1aa/0x310
[  748.316899][T12733]  handle_bug+0x84/0x160
[  748.321191][T12733]  exc_invalid_op+0x1a/0x50
[  748.325737][T12733]  asm_exc_invalid_op+0x1a/0x20
[  748.330644][T12733] RIP: 0010:folio_memcg+0x1a8/0x310
[  748.335906][T12733] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 e9 73 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  748.355646][T12733] RSP: 0018:ffffc9000c07f250 EFLAGS: 00010283
[  748.361746][T12733] RAX: ffffffff8205d987 RBX: 0000000000000000 RCX: 0000000000080000
[  748.369739][T12733] RDX: ffffc9000e8d3000 RSI: 0000000000001e03 RDI: 0000000000001e04
[  748.377733][T12733] RBP: 0000000000000000 R08: ffffea00013c93c7 R09: 1ffffd4000279278
[  748.385733][T12733] R10: dffffc0000000000 R11: fffff94000279279 R12: ffffea00013c93f0
[  748.393744][T12733] R13: dffffc0000000000 R14: ffff8880788c6a00 R15: 0000000000000002
[  748.401774][T12733]  ? folio_memcg+0x1a7/0x310
[  748.406428][T12733]  workingset_activation+0x5f/0x4a0
[  748.411668][T12733]  ? folio_mark_accessed+0x2c1/0x4a0
[  748.416983][T12733]  folio_mark_accessed+0x3b5/0x4a0
[  748.422123][T12733]  kvm_release_page_clean+0x9a/0xe0
[  748.427356][T12733]  kvm_tdp_page_fault+0x2dd/0x370
[  748.432412][T12733]  kvm_mmu_do_page_fault+0x2c5/0x640
[  748.437736][T12733]  ? vmx_vcpu_run+0xd8b/0x25d0
[  748.442538][T12733]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  748.448385][T12733]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  748.454057][T12733]  kvm_mmu_page_fault+0x22f/0xb70
[  748.459117][T12733]  ? __pfx_handle_ept_violation+0x10/0x10
[  748.464871][T12733]  vmx_handle_exit+0x1093/0x18a0
[  748.469840][T12733]  ? vcpu_run+0x361c/0x6f70
[  748.474373][T12733]  ? rcu_is_watching+0x15/0xb0
[  748.479188][T12733]  vcpu_run+0x432e/0x6f70
[  748.483601][T12733]  ? vcpu_run+0x361c/0x6f70
[  748.488186][T12733]  ? __pfx_vcpu_run+0x10/0x10
[  748.492895][T12733]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  748.498730][T12733]  ? rcu_is_watching+0x15/0xb0
[  748.503527][T12733]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  748.509110][T12733]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  748.514863][T12733]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  748.520870][T12733]  ? rcu_is_watching+0x15/0xb0
[  748.525667][T12733]  ? look_up_lock_class+0x74/0x170
[  748.530810][T12733]  ? register_lock_class+0x51/0x320
[  748.536038][T12733]  ? __lock_acquire+0xab9/0xd20
[  748.540944][T12733]  kvm_vcpu_ioctl+0x95c/0xe90
[  748.545651][T12733]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  748.550885][T12733]  ? __lock_acquire+0xab9/0xd20
[  748.555769][T12733]  ? __asan_memset+0x22/0x50
[  748.560382][T12733]  ? smack_file_ioctl+0x302/0x340
[  748.565436][T12733]  ? __pfx_smack_file_ioctl+0x10/0x10
[  748.570842][T12733]  ? __fget_files+0x2a/0x420
[  748.575456][T12733]  ? __fget_files+0x3a0/0x420
[  748.580165][T12733]  ? __fget_files+0x2a/0x420
[  748.584795][T12733]  ? bpf_lsm_file_ioctl+0x9/0x20
[  748.589766][T12733]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  748.595002][T12733]  __se_sys_ioctl+0xfc/0x170
[  748.599617][T12733]  do_syscall_64+0xfa/0x3b0
[  748.604244][T12733]  ? lockdep_hardirqs_on+0x9c/0x150
[  748.609486][T12733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.615572][T12733]  ? clear_bhb_loop+0x60/0xb0
[  748.620280][T12733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.626195][T12733] RIP: 0033:0x7f831178e929
[  748.630639][T12733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  748.650270][T12733] RSP: 002b:00007f83125b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  748.658715][T12733] RAX: ffffffffffffffda RBX: 00007f83119b6080 RCX: 00007f831178e929
[  748.666709][T12733] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  748.674711][T12733] RBP: 00007f8311810b39 R08: 0000000000000000 R09: 0000000000000000
[  748.682706][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  748.690697][T12733] R13: 0000000000000000 R14: 00007f83119b6080 R15: 00007fff3f947248
[  748.698708][T12733]  </TASK>
[  748.701901][T12733] Kernel Offset: disabled
[  748.706240][T12733] Rebooting in 86400 seconds..