last executing test programs:

9.260233399s ago: executing program 3 (id=2861):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r0], 0x48}}, 0x0)

9.191308135s ago: executing program 3 (id=2864):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kfree\x00', r0}, 0x18)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002a00)=@newtfilter={0x884, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x854, 0x2, [@TCA_ROUTE4_POLICE={0x850, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x3, 0x10, 0xcd, 0xd35, {0x4, 0x0, 0xcf, 0x5, 0x93ff, 0x9}, {0x5, 0x1, 0x1000, 0x200, 0xd2b, 0xfffff800}, 0x1, 0x1, 0x7abd}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0x7, 0x6, 0xfffffffa, 0x2, 0x8, 0x40, 0x9, 0x8, 0x3c, 0x4, 0x6, 0xffffff8f, 0xfffffff0, 0x27, 0xeeab, 0x1, 0xfffffffe, 0x3, 0x10, 0x590, 0x6, 0x8000, 0x5, 0x400, 0x6, 0x800, 0x59f7, 0xf, 0x8000, 0xb13c, 0x8eb, 0x27b9d059, 0x7fff, 0x8, 0x0, 0x1, 0x7, 0x7, 0x5, 0x7fff, 0x40, 0x9, 0x0, 0x0, 0x1940000, 0x4, 0x9, 0x400, 0x3, 0x800, 0x6, 0x5, 0x1796, 0x10, 0x1, 0xf4fb, 0x6, 0x3, 0x375, 0x6, 0x9, 0x1, 0x4, 0x6, 0x2, 0x94d, 0x8, 0x8, 0x5, 0xa2a1, 0x2, 0x7, 0x4, 0xe, 0x2, 0xe63b, 0x9, 0xffff0001, 0x3ff, 0x3, 0x0, 0x10000, 0x9, 0x1, 0x7fffffff, 0x8, 0x7fffffff, 0x7f, 0x1, 0x0, 0x3, 0x2a6, 0x40000, 0x1, 0x12000000, 0x6, 0x8000, 0x3, 0xb, 0xe1f, 0xa, 0x7, 0x10001, 0xff, 0x8, 0xfffff001, 0x5, 0x3, 0xfffffc75, 0x5, 0x25, 0x7f, 0x2, 0x3, 0x9, 0x0, 0x7, 0x0, 0x8000, 0x9, 0xfffff800, 0x10000, 0x100, 0x7, 0xa, 0x6, 0x0, 0xfffffff8, 0x4, 0x3, 0x8, 0x7, 0xbc8f, 0xf84, 0x8, 0x4, 0x6, 0x80000000, 0x9, 0x6, 0x9, 0xad32, 0x80000001, 0x4, 0x0, 0x7ff, 0xeb, 0x8, 0x401, 0x0, 0x3, 0x3, 0x7, 0x2, 0x0, 0x539, 0x5, 0x4, 0x78e1, 0x28c7, 0x59c1, 0x5, 0x2baf, 0x9, 0x3, 0x8, 0x8, 0x3, 0x4, 0x131682ab, 0x1, 0x3, 0x7, 0x3, 0x7, 0x3, 0xd, 0xffff2ac2, 0x7, 0x4, 0x6, 0x3, 0x80000001, 0x80000001, 0x7d, 0x2, 0x38, 0x9, 0x8, 0x9ed, 0x4, 0x4, 0x9, 0xfffff800, 0x5, 0x4, 0xffff8001, 0x8, 0x1, 0x9d6, 0x6d6, 0x9, 0x6, 0x101, 0x6, 0x37, 0xfffffffb, 0xfffffff8, 0x7, 0x7, 0x6, 0x9, 0x3ff, 0x1, 0x4, 0x4, 0xa, 0xf, 0x1, 0x8, 0x6d, 0x1, 0x7, 0x80000000, 0x4, 0xa23a, 0x59b4, 0x90, 0x41, 0x6, 0x361, 0x6, 0x0, 0x4db, 0x0, 0x5, 0x3ff, 0x80000001, 0x2, 0xfffffffd, 0x3, 0x8, 0xa, 0x5a, 0x1, 0x5, 0x6, 0xff, 0x1, 0x2, 0x3ff, 0x6, 0x10, 0x8000, 0x2]}, @TCA_POLICE_RATE={0x404, 0x2, [0x2, 0x5, 0xfffffff9, 0xf5af, 0x2, 0x3, 0x8, 0x8, 0x344, 0x7, 0x465, 0x9, 0x828, 0x3, 0x7fff, 0x7f, 0x6, 0x8, 0x1, 0xfffff801, 0x7f, 0xff, 0x1c, 0x9, 0x0, 0x8001, 0x5a92, 0x0, 0x400, 0x2, 0xfffff5c7, 0xffff, 0x400, 0x2, 0xa20, 0xdaa0, 0x0, 0x7, 0x81, 0x1, 0x1, 0x3, 0x4, 0x7f, 0x8000000, 0x8, 0xfffff801, 0xf, 0x1ff, 0xdf199ca6, 0x1, 0x5, 0x1, 0x9, 0x4, 0x4, 0x9, 0xfffff3e8, 0x14000000, 0x5, 0xe047, 0x4, 0x9, 0x2, 0x0, 0x7, 0x6, 0x7, 0xd, 0x2, 0x9, 0x81, 0x80000000, 0x0, 0x86, 0x10, 0x0, 0x1ff, 0xc, 0x9, 0x3, 0x3, 0x200, 0x6, 0x5, 0xdd1, 0xffff8000, 0xedff, 0x3, 0x3, 0x4, 0xb, 0x2, 0x8, 0x8, 0x4, 0x6, 0x1ff, 0xffffff04, 0x5, 0x5a8, 0x0, 0xffffffff, 0x7, 0x81, 0x1, 0x0, 0x8, 0x2, 0x200, 0x2, 0xfffffe00, 0xab1, 0x6, 0x1, 0x7, 0x9, 0x480000, 0x6, 0x6, 0x0, 0x4, 0x12, 0x3, 0xff, 0x6, 0x2, 0x8, 0x7, 0xcd, 0xffffffff, 0x400, 0x8, 0xffffffa4, 0x4, 0x1c3596f7, 0x2, 0xfffffffb, 0x401, 0x1000, 0x9, 0xffff8000, 0x8, 0x4, 0x2, 0x7, 0x7, 0x4, 0x8001, 0x6, 0x7, 0x7, 0x6, 0x7, 0xfd4, 0x5, 0x0, 0xfffffbff, 0x4, 0x4, 0x200, 0x4, 0x1, 0x1e4e, 0xb90b, 0x6fd, 0xaa3, 0x6, 0x0, 0x8, 0x9, 0x8, 0x4, 0x0, 0x81, 0x3, 0x8001, 0x401, 0x7, 0x7, 0x8001, 0x80000000, 0x9, 0x401, 0x5, 0x4, 0x40, 0x8, 0x9, 0x0, 0xff, 0xf, 0x5, 0x2, 0x2d1, 0x4d, 0x7aa6, 0x8, 0x8c9, 0x1050c138, 0x7, 0x1, 0x0, 0x5, 0x6, 0x4, 0xe, 0xf2, 0x8, 0xb, 0x1000, 0xffffffff, 0x6, 0x6, 0x10001, 0x7, 0x3, 0x81, 0x80000001, 0xc, 0xe, 0x0, 0x400, 0x40, 0x64, 0xb, 0xb889, 0x1, 0x1, 0x4, 0x2, 0x7bb6, 0x3, 0x6, 0x9, 0x0, 0x2, 0x7, 0x6, 0xa, 0x6, 0x8001, 0x2, 0x9, 0x0, 0x6, 0xe, 0xe7, 0x1000, 0x7, 0x1, 0x9, 0x4c0000, 0x7, 0x4, 0x9]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x7}]}]}}]}, 0x884}}, 0x0)

8.948795498s ago: executing program 3 (id=2867):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB="840100001900010000000000000000001d0109004d001280d09178d2da3477ec73a38ffffcd82caf103bc848e79022290bd6c0375f437b167f431ad24706d7263978db87dbaa159b0fdec8e129e835688cf370555aa8c6dffe261622b114299d6f0000001e010680"], 0x184}, 0x1, 0x0, 0x0, 0x14}, 0x0)

8.833229146s ago: executing program 3 (id=2870):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)='%ps    \x00'}, 0x20)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, 0x0, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x5, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x3, 0x48000000, 0x4, 0x0, 0x0})

8.652183124s ago: executing program 3 (id=2872):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x168, 0x10, 0x190, 0xb, 0x388, 0x250, 0x250, 0x388, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth1_to_batadv\x00', 'veth1_to_hsr\x00', {}, {}, 0x3a, 0x0, 0x0, 0x56}, 0x6000000, 0x128, 0x190, 0x0, {0x0, 0x28e}, [@inet=@rpfilter={{0x28}, {0xc}}, @common=@inet=@hashlimit1={{0x58}, {'netdevsim0\x00', {0x0, 0x0, 0x9, 0x1, 0x0, 0x10000, 0x80000401, 0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:usb_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)

8.602833957s ago: executing program 3 (id=2874):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r0], 0x48}}, 0x0)

3.031727386s ago: executing program 2 (id=2938):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0x10, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x8}, @TCA_FW_ACT={0x4}]}}]}, 0x3c}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.021573792s ago: executing program 0 (id=2939):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000240)=[{0x200000000006, 0x4, 0x0, 0x7ffc0001}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x20)

2.644322197s ago: executing program 0 (id=2943):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000001000)={0x2, 0x4e21, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000540)}, 0x0)

2.581480155s ago: executing program 0 (id=2945):
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000300)={0x84, @loopback, 0x4e22, 0x1, 'nq\x00', 0x0, 0x10000}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000200)={0x20000000000084, @dev={0xac, 0x14, 0x14, 0xb}, 0x0, 0x1, 'lblcr\x00', 0x20}, 0x2c)

2.456338516s ago: executing program 0 (id=2947):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x1)
fchdir(r1)
r2 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r2, 0x0, 0x0)
getdents(r2, 0x0, 0x0)

2.415206193s ago: executing program 0 (id=2948):
pipe2(&(0x7f0000000280)={<r0=>0xffffffffffffffff}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
fchmod(r0, 0x43)

2.322126658s ago: executing program 0 (id=2949):
unshare(0x62040200)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
shutdown(r0, 0x1)
recvfrom(r0, &(0x7f0000000480)=""/110, 0xffffffffffffff8c, 0x734, 0x0, 0xfffffffffffffecb)

1.525491317s ago: executing program 2 (id=2957):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000a50000002a00000095"], &(0x7f0000000b40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000400)={&(0x7f00000008c0), 0x58, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20)

1.456364323s ago: executing program 4 (id=2958):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000023c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

1.34431667s ago: executing program 4 (id=2960):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fffffff7850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000000)='kfree\x00', r2}, 0x30)
close(r1)

1.29642203s ago: executing program 2 (id=2961):
r0 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={0x0})

1.20053958s ago: executing program 4 (id=2963):
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f608ce27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e30400000000000000000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a95d32f46ed9bd1f00fb8191bbab2dc599dda61ee2010000294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bfe2777e808fcba821a00e8c5c39609ff854256cb490000000000c1fee30a3f7a85d1b2b458c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd210819203828b202779d386ed295f023c67d867014d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff00004043060000005dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df40600000000000000e9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b0600b805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1202000000b59fed817072a0da60160761fd3dffda0f7c742eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7000000000000000542954c167dd9b4acd946ffffffffffffffff1389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c9e281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b630500163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f700400fa0c61d5fe6d8ff353f631080405547d65375ae04f44f0c2543c772c5ccb137be7dc87746e1785a8214454d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b036e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e010000005a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb3985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1428c0805b4031a667e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a9cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab9100781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c1227c8bed10591958c906321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b863af34bac64c247672a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f27080ece2a94c360b002c77f82662675a7713c7067081cac1599a998c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc215a18ca0265400abf38e90000000000000000008faf2cddffbfa66bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942ce18e57bb7f337df5435bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de286553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c03f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c872a4882d21db2046a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265441d513a1294b8439276394945d94a589708e32a1cb30a8b07b391201385e0b92ecbb7b13d7a87284164018ace6ce58a82c5de321452461089cdd69259f5390f5f508646a524490583c30630bedb47e158ad41c0a653e86a4f4f255cd2a6e95f33b586823aef5564d9de1f5bdd8c80e193f0597b8003860302cd243c00bc5a82c52afb115d16258d507937966bb89409d6d47b8b652d0761d7c72875ae1efb9bc7c6807c2d783e31fd9cd7e84d3d50d8fc44ab8ac9ccd2c0d42e3bd4c029241320446bbf47e23d1320de30fbdf7ed13f80c28fb5c13fccc2e3f73509bdcddad8a2fe48cdd61f2f43611704af64eed8b0cbbd08754f93b8f3d6347aad5cde1ccc5cbd5eaa87e52cea257c856a4af5243eeb5e89f0000000000000000f420df5e4c6d856b3d55e455c08110b2ef4255a38f81555e8e1f22d59c0bc3c9013e66a1f5bda1b695e1602c0afb5c35b2f68f3b151b1e869f40ff4d1bef5e926e1ff95f6321131e4cb797f53455a093a95e67605222d6acc29c46e5db1ef3b8b07e2169fb24ced4b3ae87ebeca06df93212e465bbd1a7e41df2e1a0d508f86cfc7a469ac682685c44692877d03c34c23a65d2677acc73b5d276fdebd685c9b7a079eae228d8426188cb19b083548f5f29e493ab079f33d1965dcbb165015c46998ad410d60cc65fcfa73bd65a43fc024455c4bf530d663976cf71490577251780ab6b1cf8d397444b5be575229f687a3d95ea6b2aa62fce8acb3d4a6a130b4fefa55d0c1d6f3fa448ee24e588e2965c9a442f0baf90923dda91a6850fb7b9c7f432b63001423fedcf053fa28024cc9a178a07042dabc07176fc524032c2edb340c9c18a83565c431aeb0c869683507255254430f90f61e4eca9c8fa98c000b35fec357ee1ebd08439bd95c1ab0753dfd2603d1608bd8c589a1e160000a6ee0ad13346e08738c2d7b00b5d121d918f1dc8bceded939fa8605b54b37cdfcea0bf2bc63e655dc04a2e50212ff89d6587d49896ce18916cf3adc12839c345ca91bb232b891fae2fdd68aaa38281c0feb2c107af3e080d6cdd1c6646ec6804d7e9960c02aa0db9eda24bbcb287fd2a890fa7f9d6ae0c0b1f8dd1603c9ea2f66b572276f96a28b5b6dd9f9bf6ad4bdaa2139b90faf1f40b0f141258578bd825daaaf718d21b7ac05fe5d1b699e5422ca341fe1c944f68fe3a6d783dcf30b0e09d7688f696883b61cb64464b04d351a0a69b0733c348049b0430ed40e200f4ff0000000000000000000000996bcc1b721b152c892fab887e7d20466d90c049c0fdf51dcc16d226a2619c6f47bc25b7f5df5c09fed638922ed127ab36aa7b0c58a2ce5894b1b0f5375d340d96b69b966b05daaf585121a9c7605ed8e9964eef1f14b74cbb2ccdadc6d0b77cf0492b75e1cd11bfdcfddde91b20366715ba0cbe1041be2a65c25d7ca15ef8b71bd2ab9a4294899a1964b0152518fc2ac15a728bcb9e2bc4b551dfdf9011a2a607bc39ad2c4d7c64dcf967724e9b63c397d5265ad3f1da4395a5a800d8845257dcbf210d4f00fe0bd3deed05e506736e6bb6d40ee6cb960bcdb33633ee87f82beb665a9a4c2d4d2b06479ade3a4cd6bba765c9f52b52a0bdd0849ab92baae3775570accb5a57ee9f0035fc6d3df4eebec2e7eb4ff863d3979a20f4428ddca471037b49d4fd130743a97faa02c293b721e52bf53d64c6585e138162331ef98792e1e9b21a6a084fb7b42c64062ef1323a8a65a8ed6038f274f28ff4f78136a1ef108efbe8c4f4e347d50dcdbc33bf3ade4c3a39d316061930d7dd39b8acdecc3f27830e3eda40e648328d95a9aee65a9dd09fd4e96d5b852025dc53ec3f30cc753e6a796084b4e34f521dbb230ae0f3b79142073d437e1fd22d3b7503ffa95b1d5c7740b0ecbfd35dc0f8af895583dfcc2689f6e02c2dd4b57f3dcac54f40da013eb221fa3d65de760576031052c25a96ed4b20230b36d46d3d3fd6bb1d77cc8a48a6b10fa0149e55ccde4a2b26cca2d1ca9191c74ab006a602543fc24d1283e353cfb917620000000024bf3eed258c02a591ec4cd295212d9a98d38745f6f6c4530900000000000000f184f239098bf32551c7cf454e2865974f6520112743f73c619c3cab5609e00178f7393e53462f31559220c026bbde09837bf1b3ffe748a3247c9569f0c5e99f4494f93e0fa1badca90c888616eca97bddabd8003fc12a084d4b11d841979e161b998ddda92f194c4ec7947b7b303be11e0962d429a2c542a28c4932e14c123dfe2b8ec47a11cce134fd6e42a9f4e00ab6de6b45"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18)
r1 = open_tree(0xffffffffffffff9c, 0x0, 0x81000)
renameat2(r1, 0x0, r1, 0x0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x104)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000001100)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f00000010c0)='./file0\x00', 0x0)

1.1283429s ago: executing program 2 (id=2964):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
faccessat2(r0, &(0x7f0000000000)='\x00', 0x2, 0x1100)

1.075820881s ago: executing program 1 (id=2965):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000ffff0c63b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x0, 0x0, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = openat$selinux_policy(0xffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
write$selinux_load(r2, 0x0, 0x603f)
tgkill(0x0, 0x0, 0x21)

1.030826342s ago: executing program 4 (id=2966):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0x10, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x8}, @TCA_FW_ACT={0x4}]}}]}, 0x3c}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

980.284979ms ago: executing program 2 (id=2967):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
r1 = inotify_init1(0x0)
r2 = inotify_add_watch(r1, &(0x7f0000000140)='.\x00', 0x40000022)
write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYRES8=r2], 0x69)
close(r0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000072100000000001d0081c781a7000000000000000000000000006f52e300af4e8a0965f4c701643998972269aa6fec3fc2c3b992197888c5ee04b9bcf1a93a17290cfc6c84686b63dbf2f86b4c4197e6e1238b661e0034a02f20972631b267643da09385528cf4afc1725eaca339560128246e42e8481024d66b77eea69d12bc053631adb3"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

918.545256ms ago: executing program 1 (id=2968):
r0 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000}, 0x0)

859.792733ms ago: executing program 1 (id=2969):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f00000023c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

837.158733ms ago: executing program 4 (id=2970):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r1 = socket(0x1e, 0x80004, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = dup3(r2, r1, 0x0)
recvmmsg(r3, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/179, 0x3514}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)

744.329455ms ago: executing program 1 (id=2971):
prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
r0 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r0, 0x0, 0x0, 0x0)
close(r0)
r1 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r2=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r2)
setxattr(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)=@known='user.incfs.size\x00', 0x0, 0x0, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
acct(0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1600000000000056a0991c00000000000047d4f2c10023ae23b1c52e154be38a3200e3fc3ac2317b5003207dcbb55504737837b7882647c3b6fc75"], 0x48)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
socket$netlink(0x10, 0x3, 0x0)
pipe2$9p(&(0x7f0000000340), 0x80000)

85.79735ms ago: executing program 1 (id=2972):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r1, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000580)="89", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}], 0x1, 0x0)
close(r1)

84.798032ms ago: executing program 1 (id=2973):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000013c0)={0x11, 0xc, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000680)={0xfff3, [0x80, 0x204], 0x40}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000)=0x6, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wg0\x00', <r2=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="8f384219c2edc3865fc1b4094e4ae17d7a12cd907c520dad54ae4560e831f989521bfcf9b2f03486e879c998fec59d9c9ea5f396fe880192a5a2a678a6995fd13be986705a0ccedfd422be83df44af8221f8b5df5cc076b4263c073c76289a8cf064346237584fefb2f062a8136bd3b717e638b2b6dc565f8b031ef01fc91c965f59c8fe5a1cc121111ab3e5cfe0875e10339f7004da6679a40fcae3a6f86b4012170f3505a1e6c8778672e2946047bf6885c0b7a2465028b0feef2fe4f1e0a7248fa483c222f0b17741763dbd578c877a248c4303a63b556557d108b7d747b61ad94aea4c018700634b77894b612cdeebe0587c16901cd4"], 0x0, 0x26, 0x0, 0x1, 0xffffffff, 0x0, @void, @value}, 0x28)
r3 = socket(0x10, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28)
write$binfmt_script(r4, &(0x7f0000000780)={'#! ', './file0'}, 0xb)
close_range(r3, r4, 0x0)
connect$inet6(r4, &(0x7f0000000640)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x4}, 0x1c)

8.119353ms ago: executing program 4 (id=2974):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000007000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141b82, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000640)='io_uring_create\x00', r1, 0x0, 0x102}, 0x18)
io_uring_setup(0x21e8, &(0x7f0000002400)={0x0, 0xffffffbc, 0x400, 0x2, 0x176})
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000008e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9971e43405d621ffbc9b0d8ca56b50f0c010d631f6dbc8486bc5d5bf2ca8285056892db03cf1c62d57c08a90b189d190c341035de53a9a53608c10556e5734eb84049761451ce540c772e069f80cb201b2de17dfdb4b60939d5d6aed4062049b87e03e2cd18a77dda613e0c64497fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8000000000000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be4248cdc138408ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100bd5828954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e113e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3eeec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e01506471e897bced7798509e64df360d95f9a4099f86438ac2bbcbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c590bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03444471c1dd660c87acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90106248f81d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b8134301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3bd9b1d742e334319c8979c322e92"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCGSKNS(r4, 0x894c, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r6], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

0s ago: executing program 2 (id=2975):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xc, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x804}, 0x44080)

kernel console output (not intermixed with test programs):

075.075187][T14756] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1075.075220][T14756] Node 0 DMA32 free:1337764kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:33988kB inactive_anon:0kB active_file:46680kB inactive_file:154080kB unevictable:1536kB writepending:1196kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:11012kB local_pcp:9752kB free_cma:0kB
[ 1075.075266][T14756] lowmem_reserve[]: 0 0 1 1 1
[ 1075.075299][T14756] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[ 1075.075342][T14756] lowmem_reserve[]: 0 0 0 0 0
[ 1075.075374][T14756] Node 1 Normal free:3910956kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1075.075419][T14756] lowmem_reserve[]: 0 0 0 0 0
[ 1075.075451][T14756] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1075.075557][T14756] Node 0 DMA32: 6*4kB (E) 5*8kB (E) 539*16kB (ME) 354*32kB (ME) 248*64kB (UME) 100*128kB (UME) 55*256kB (UME) 30*512kB (UME) 16*1024kB (UME) 11*2048kB (UME) 298*4096kB (UM) = 1337648kB
[ 1075.075706][T14756] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1075.075807][T14756] Node 1 Normal: 217*4kB (UM) 55*8kB (UME) 43*16kB (UME) 161*32kB (UME) 81*64kB (UME) 28*128kB (UME) 11*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910956kB
[ 1075.075954][T14756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1075.075969][T14756] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1075.075982][T14756] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1075.075996][T14756] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1075.076010][T14756] 54948 total pagecache pages
[ 1075.076017][T14756] 0 pages in swap cache
[ 1075.076022][T14756] Free swap  = 124996kB
[ 1075.076029][T14756] Total swap = 124996kB
[ 1075.076035][T14756] 2097051 pages RAM
[ 1075.076040][T14756] 0 pages HighMem/MovableOnly
[ 1075.076046][T14756] 429631 pages reserved
[ 1075.076052][T14756] 0 pages cma reserved
[ 1075.437716][   T59] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1075.507769][T10800] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 1075.647333][T14801] serio: Serial port ptm0
[ 1075.753558][T10800] usb 5-1: Using ep0 maxpacket: 16
[ 1075.758298][T10800] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1075.758350][T10800] usb 5-1: config 0 has no interface number 0
[ 1075.758474][T10800] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1075.758523][T10800] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1075.765557][T10800] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1075.765610][T10800] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1075.765659][T10800] usb 5-1: Product: syz
[ 1075.765698][T10800] usb 5-1: Manufacturer: syz
[ 1075.765737][T10800] usb 5-1: SerialNumber: syz
[ 1075.778161][T10800] usb 5-1: config 0 descriptor??
[ 1075.790765][T14795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1075.791282][T14795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1075.993475][   T59] usb 4-1: Using ep0 maxpacket: 16
[ 1075.995844][   T59] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1075.995868][   T59] usb 4-1: config 0 has no interface number 0
[ 1075.995912][   T59] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1075.995934][   T59] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1075.997602][   T59] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1075.997625][   T59] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1075.997641][   T59] usb 4-1: Product: syz
[ 1075.997654][   T59] usb 4-1: Manufacturer: syz
[ 1075.997668][   T59] usb 4-1: SerialNumber: syz
[ 1076.000258][   T59] usb 4-1: config 0 descriptor??
[ 1076.001920][T14794] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1076.002004][T14794] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1076.040981][T14795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1076.041511][T14795] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1076.256997][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1076.321448][T14794] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1076.321540][T14794] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1076.888740][T10800] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1076.888761][T10800] asix 5-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffc3
[ 1076.888896][T10800] asix 5-1:0.251: probe with driver asix failed with error -61
[ 1081.425125][   T59] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -110
[ 1081.748605][   T59] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -110
[ 1081.748817][   T59] asix 4-1:0.251: probe with driver asix failed with error -5
[ 1081.820460][   T59] usb 4-1: USB disconnect, device number 16
[ 1081.823491][T10800] usb 5-1: USB disconnect, device number 20
[ 1083.349352][T14852] pty pty23: ldisc open failed (-12), clearing slot 23
[ 1084.025067][T14868] serio: Serial port ptm0
[ 1088.587744][T14889] syz.2.2077: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1088.605738][T14889] CPU: 0 UID: 0 PID: 14889 Comm: syz.2.2077 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1088.605761][T14889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1088.605771][T14889] Call Trace:
[ 1088.605777][T14889]  <TASK>
[ 1088.605783][T14889]  dump_stack_lvl+0x16c/0x1f0
[ 1088.605811][T14889]  warn_alloc+0x248/0x3a0
[ 1088.605830][T14889]  ? __pfx_warn_alloc+0x10/0x10
[ 1088.605855][T14889]  ? __get_vm_area_node+0x1b9/0x300
[ 1088.605876][T14889]  ? __get_vm_area_node+0x1e5/0x300
[ 1088.605903][T14889]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1088.605935][T14889]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1088.605961][T14889]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1088.605994][T14889]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1088.606014][T14889]  vmalloc_user_noprof+0x6b/0x90
[ 1088.606035][T14889]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1088.606053][T14889]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1088.606071][T14889]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1088.606089][T14889]  __vb2_queue_alloc+0x8c6/0x1280
[ 1088.606121][T14889]  vb2_core_reqbufs+0xa90/0xfe0
[ 1088.606147][T14889]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1088.606181][T14889]  __vb2_init_fileio+0x3f1/0x1100
[ 1088.606210][T14889]  vb2_core_poll+0x486/0x700
[ 1088.606231][T14889]  vb2_poll+0x33/0x150
[ 1088.606249][T14889]  vb2_fop_poll+0x10f/0x2c0
[ 1088.606268][T14889]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1088.606286][T14889]  v4l2_poll+0x160/0x320
[ 1088.606310][T14889]  ? __pfx_v4l2_poll+0x10/0x10
[ 1088.606332][T14889]  do_sys_poll+0x523/0xe00
[ 1088.606357][T14889]  ? trace_sched_exit_tp+0xde/0x130
[ 1088.606392][T14889]  ? __pfx_do_sys_poll+0x10/0x10
[ 1088.606416][T14889]  ? __lock_acquire+0x5ca/0x1ba0
[ 1088.606456][T14889]  ? schedule+0xf1/0x3a0
[ 1088.606478][T14889]  ? futex_wait_queue+0x14c/0x220
[ 1088.606508][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606536][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606562][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606589][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606617][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606644][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606672][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606699][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606726][T14889]  ? __pfx_pollwake+0x10/0x10
[ 1088.606752][T14889]  ? do_futex+0x122/0x350
[ 1088.606776][T14889]  ? __pfx_do_futex+0x10/0x10
[ 1088.606798][T14889]  ? set_user_sigmask+0x21b/0x2b0
[ 1088.606819][T14889]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1088.606844][T14889]  __x64_sys_ppoll+0x254/0x2d0
[ 1088.606863][T14889]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1088.606880][T14889]  ? syscall_user_dispatch+0x78/0x140
[ 1088.606908][T14889]  do_syscall_64+0xcd/0x260
[ 1088.606934][T14889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1088.606951][T14889] RIP: 0033:0x7faee618e169
[ 1088.606965][T14889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1088.606982][T14889] RSP: 002b:00007faee70c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1088.606998][T14889] RAX: ffffffffffffffda RBX: 00007faee63b5fa0 RCX: 00007faee618e169
[ 1088.607009][T14889] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1088.607020][T14889] RBP: 00007faee6210a68 R08: 0000000000000000 R09: 0000000000000000
[ 1088.607030][T14889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1088.607040][T14889] R13: 0000000000000000 R14: 00007faee63b5fa0 R15: 00007ffc1caaeec8
[ 1088.607063][T14889]  </TASK>
[ 1088.607069][T14889] Mem-Info:
[ 1088.945857][T14889] active_anon:11418 inactive_anon:0 isolated_anon:0
[ 1088.945857][T14889]  active_file:11670 inactive_file:38935 isolated_file:0
[ 1088.945857][T14889]  unevictable:768 dirty:320 writeback:0
[ 1088.945857][T14889]  slab_reclaimable:11166 slab_unreclaimable:98571
[ 1088.945857][T14889]  mapped:36065 shmem:7221 pagetables:884
[ 1088.945857][T14889]  sec_pagetables:0 bounce:0
[ 1088.945857][T14889]  kernel_misc_reclaimable:0
[ 1088.945857][T14889]  free:1315043 free_pcp:1051 free_cma:0
[ 1088.991035][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1089.086631][T14889] Node 0 active_anon:57072kB inactive_anon:0kB active_file:46680kB inactive_file:155672kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:155760kB dirty:1280kB writeback:0kB shmem:38748kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10620kB pagetables:3536kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1089.148075][T14889] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1089.184591][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1089.190795][T14889] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1089.217847][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1089.224541][T14889] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1089.230415][T14889] Node 0 DMA32 free:1316976kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:57044kB inactive_anon:0kB active_file:46680kB inactive_file:154096kB unevictable:1536kB writepending:1280kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:8524kB local_pcp:4668kB free_cma:0kB
[ 1089.260833][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1089.275480][T14889] lowmem_reserve[]: 0 0 1 1 1
[ 1089.284874][T14889] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[ 1089.405316][T14889] lowmem_reserve[]: 0 0 0 0 0
[ 1089.410079][T14889] Node 1 Normal free:3910960kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1089.466125][T14889] lowmem_reserve[]: 0 0 0 0 0
[ 1089.466168][T14889] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1089.466277][T14889] Node 0 DMA32: 37*4kB (UE) 5*8kB (E) 154*16kB (UE) 307*32kB (UME) 198*64kB (UME) 44*128kB (UE) 5*256kB (UM) 16*512kB (UME) 13*1024kB (UM) 11*2048kB (UME) 299*4096kB (UME) = 1300796kB
[ 1089.466424][T14889] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1089.466529][T14889] Node 1 Normal: 218*4kB (UM) 55*8kB (UME) 43*16kB (UME) 161*32kB (UME) 81*64kB (UME) 28*128kB (UME) 11*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910960kB
[ 1089.466679][T14889] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.466693][T14889] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1089.466707][T14889] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.466719][T14889] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1089.466733][T14889] 63551 total pagecache pages
[ 1089.466739][T14889] 0 pages in swap cache
[ 1089.466746][T14889] Free swap  = 124996kB
[ 1089.466752][T14889] Total swap = 124996kB
[ 1089.466759][T14889] 2097051 pages RAM
[ 1089.466766][T14889] 0 pages HighMem/MovableOnly
[ 1089.466772][T14889] 429631 pages reserved
[ 1089.466778][T14889] 0 pages cma reserved
[ 1095.818176][  T973] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1100.360508][T15004] ubi: mtd0 is already attached to ubi31
[ 1102.664017][T15018] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2105'.
[ 1103.266808][   T92] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1103.423493][   T92] usb 2-1: Using ep0 maxpacket: 16
[ 1103.471021][   T92] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1104.112861][   T92] usb 2-1: config 0 has no interface number 0
[ 1104.133504][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1104.199158][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1104.212664][   T92] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1104.225020][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1104.235621][   T92] usb 2-1: Product: syz
[ 1104.239797][   T92] usb 2-1: Manufacturer: syz
[ 1104.246830][   T92] usb 2-1: SerialNumber: syz
[ 1104.254390][   T92] usb 2-1: config 0 descriptor??
[ 1104.260113][T15009] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1104.464581][T15009] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1105.311040][   T92] asix 2-1:0.251: probe with driver asix failed with error -71
[ 1105.563839][   T92] usb 2-1: USB disconnect, device number 19
[ 1105.587095][T15042] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2111'.
[ 1105.948754][    T9] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1106.447188][    T9] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1106.561027][    T9] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1106.599247][    T9] usb 4-1: Product: syz
[ 1106.722756][    T9] usb 4-1: SerialNumber: syz
[ 1106.736304][    T9] usb 4-1: config 0 descriptor??
[ 1107.181914][    T9] hso 4-1:0.0: Not our interface
[ 1107.200315][T15044] syz.2.2113: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1107.248261][T15044] CPU: 1 UID: 0 PID: 15044 Comm: syz.2.2113 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1107.248290][T15044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1107.248300][T15044] Call Trace:
[ 1107.248306][T15044]  <TASK>
[ 1107.248313][T15044]  dump_stack_lvl+0x16c/0x1f0
[ 1107.248340][T15044]  warn_alloc+0x248/0x3a0
[ 1107.248360][T15044]  ? __pfx_warn_alloc+0x10/0x10
[ 1107.248386][T15044]  ? __get_vm_area_node+0x1b9/0x300
[ 1107.248409][T15044]  ? __get_vm_area_node+0x1e5/0x300
[ 1107.248437][T15044]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1107.248478][T15044]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1107.248505][T15044]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1107.248536][T15044]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1107.248555][T15044]  vmalloc_user_noprof+0x6b/0x90
[ 1107.248578][T15044]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1107.248597][T15044]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1107.248617][T15044]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1107.248636][T15044]  __vb2_queue_alloc+0x8c6/0x1280
[ 1107.248669][T15044]  vb2_core_reqbufs+0xa90/0xfe0
[ 1107.248694][T15044]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1107.248724][T15044]  __vb2_init_fileio+0x3f1/0x1100
[ 1107.248753][T15044]  vb2_core_poll+0x486/0x700
[ 1107.248772][T15044]  vb2_poll+0x33/0x150
[ 1107.248790][T15044]  vb2_fop_poll+0x10f/0x2c0
[ 1107.248808][T15044]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1107.248824][T15044]  v4l2_poll+0x160/0x320
[ 1107.248847][T15044]  ? __pfx_v4l2_poll+0x10/0x10
[ 1107.248866][T15044]  do_sys_poll+0x523/0xe00
[ 1107.248891][T15044]  ? trace_sched_exit_tp+0xde/0x130
[ 1107.248924][T15044]  ? __pfx_do_sys_poll+0x10/0x10
[ 1107.248973][T15044]  ? schedule+0xf1/0x3a0
[ 1107.248995][T15044]  ? futex_wait_queue+0x14c/0x220
[ 1107.249073][T15044]  ? do_futex+0x122/0x350
[ 1107.249097][T15044]  ? __pfx_do_futex+0x10/0x10
[ 1107.249119][T15044]  ? set_user_sigmask+0x21b/0x2b0
[ 1107.249139][T15044]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1107.249163][T15044]  __x64_sys_ppoll+0x254/0x2d0
[ 1107.249178][T15044]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1107.249194][T15044]  ? syscall_user_dispatch+0x78/0x140
[ 1107.249218][T15044]  do_syscall_64+0xcd/0x260
[ 1107.249244][T15044]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1107.249262][T15044] RIP: 0033:0x7faee618e169
[ 1107.249277][T15044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1107.249293][T15044] RSP: 002b:00007faee70c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1107.249309][T15044] RAX: ffffffffffffffda RBX: 00007faee63b5fa0 RCX: 00007faee618e169
[ 1107.249320][T15044] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1107.249330][T15044] RBP: 00007faee6210a68 R08: 0000000000000000 R09: 0000000000000000
[ 1107.249340][T15044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1107.249351][T15044] R13: 0000000000000000 R14: 00007faee63b5fa0 R15: 00007ffc1caaeec8
[ 1107.249375][T15044]  </TASK>
[ 1107.249382][T15044] Mem-Info:
[ 1107.552309][   T92] usb 4-1: USB disconnect, device number 17
[ 1107.588153][T15044] active_anon:11389 inactive_anon:0 isolated_anon:0
[ 1107.588153][T15044]  active_file:11670 inactive_file:38943 isolated_file:0
[ 1107.588153][T15044]  unevictable:768 dirty:237 writeback:0
[ 1107.588153][T15044]  slab_reclaimable:11226 slab_unreclaimable:98099
[ 1107.588153][T15044]  mapped:36092 shmem:7207 pagetables:898
[ 1107.588153][T15044]  sec_pagetables:0 bounce:0
[ 1107.588153][T15044]  kernel_misc_reclaimable:0
[ 1107.588153][T15044]  free:1311554 free_pcp:4722 free_cma:0
[ 1107.948405][T15044] Node 0 active_anon:65576kB inactive_anon:0kB active_file:46680kB inactive_file:155704kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:164868kB dirty:948kB writeback:0kB shmem:47196kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10788kB pagetables:3592kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1107.948460][T15044] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1107.948503][T15044] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1107.948549][T15044] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1107.948584][T15044] Node 0 DMA32 free:1304632kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:65548kB inactive_anon:0kB active_file:46680kB inactive_file:154128kB unevictable:1536kB writepending:948kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:13392kB local_pcp:13140kB free_cma:0kB
[ 1107.948631][T15044] lowmem_reserve[]: 0 0 1 1 1
[ 1107.948664][T15044] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[ 1107.948707][T15044] lowmem_reserve[]: 0 0 0 0 0
[ 1107.948741][T15044] Node 1 Normal free:3910960kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1107.948784][T15044] lowmem_reserve[]: 0 0 0 0 0
[ 1107.948817][T15044] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1107.948931][T15044] Node 0 DMA32: 1*4kB (M) 2*8kB (ME) 16*16kB (UME) 14*32kB (E) 67*64kB (UME) 97*128kB (UME) 46*256kB (UM) 23*512kB (UME) 16*1024kB (UM) 11*2048kB (UME) 299*4096kB (UME) = 1304596kB
[ 1107.949101][T15044] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1107.949210][T15044] Node 1 Normal: 218*4kB (UM) 55*8kB (UME) 43*16kB (UME) 161*32kB (UME) 81*64kB (UME) 28*128kB (UME) 11*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910960kB
[ 1107.949363][T15044] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1107.949377][T15044] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1107.949390][T15044] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1107.949403][T15044] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1107.949416][T15044] 62796 total pagecache pages
[ 1107.949423][T15044] 0 pages in swap cache
[ 1107.949429][T15044] Free swap  = 124996kB
[ 1107.949436][T15044] Total swap = 124996kB
[ 1107.949442][T15044] 2097051 pages RAM
[ 1107.949448][T15044] 0 pages HighMem/MovableOnly
[ 1107.949454][T15044] 429631 pages reserved
[ 1107.949461][T15044] 0 pages cma reserved
[ 1109.978551][T15079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2120'.
[ 1110.791643][T15091] serio: Serial port ptm0
[ 1112.251705][T15098] serio: Serial port ptm0
[ 1115.036878][   T92] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1115.206017][   T92] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.756487][   T92] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1115.772057][   T92] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1115.774777][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.787818][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.813737][   T92] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1115.903477][   T92] usb 2-1: Product: syz
[ 1115.907704][   T92] usb 2-1: SerialNumber: syz
[ 1116.070962][   T92] usb 2-1: config 0 descriptor??
[ 1117.668654][T15146] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2128'.
[ 1119.213678][T15165] serio: Serial port ptm0
[ 1119.946895][T10800] usb 2-1: USB disconnect, device number 20
[ 1121.374392][T15171] input: syz0 as /devices/virtual/input/input89
[ 1122.069869][T15193] serio: Serial port ptm0
[ 1123.239889][T15204] input: syz0 as /devices/virtual/input/input90
[ 1124.605098][T15201] warn_alloc: 1 callbacks suppressed
[ 1124.605115][T15201] syz.3.2144: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1124.667276][T15201] CPU: 0 UID: 0 PID: 15201 Comm: syz.3.2144 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1124.667294][T15201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1124.667300][T15201] Call Trace:
[ 1124.667304][T15201]  <TASK>
[ 1124.667309][T15201]  dump_stack_lvl+0x16c/0x1f0
[ 1124.667327][T15201]  warn_alloc+0x248/0x3a0
[ 1124.667340][T15201]  ? __pfx_warn_alloc+0x10/0x10
[ 1124.667355][T15201]  ? __get_vm_area_node+0x1b9/0x300
[ 1124.667370][T15201]  ? __get_vm_area_node+0x1e5/0x300
[ 1124.667387][T15201]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1124.667408][T15201]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1124.667425][T15201]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1124.667445][T15201]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1124.667458][T15201]  vmalloc_user_noprof+0x6b/0x90
[ 1124.667473][T15201]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1124.667485][T15201]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1124.667498][T15201]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1124.667511][T15201]  __vb2_queue_alloc+0x8c6/0x1280
[ 1124.667532][T15201]  vb2_core_reqbufs+0xa90/0xfe0
[ 1124.667548][T15201]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1124.667568][T15201]  __vb2_init_fileio+0x3f1/0x1100
[ 1124.667585][T15201]  vb2_core_poll+0x486/0x700
[ 1124.667598][T15201]  vb2_poll+0x33/0x150
[ 1124.667609][T15201]  vb2_fop_poll+0x10f/0x2c0
[ 1124.667620][T15201]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1124.667631][T15201]  v4l2_poll+0x160/0x320
[ 1124.667648][T15201]  ? __pfx_v4l2_poll+0x10/0x10
[ 1124.667667][T15201]  do_sys_poll+0x523/0xe00
[ 1124.667689][T15201]  ? trace_sched_exit_tp+0xde/0x130
[ 1124.667710][T15201]  ? __pfx_do_sys_poll+0x10/0x10
[ 1124.667739][T15201]  ? schedule+0xf1/0x3a0
[ 1124.667753][T15201]  ? futex_wait_queue+0x14c/0x220
[ 1124.667790][T15201]  ? do_futex+0x122/0x350
[ 1124.667805][T15201]  ? __pfx_do_futex+0x10/0x10
[ 1124.667819][T15201]  ? set_user_sigmask+0x21b/0x2b0
[ 1124.667832][T15201]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1124.667848][T15201]  __x64_sys_ppoll+0x254/0x2d0
[ 1124.667859][T15201]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1124.667869][T15201]  ? syscall_user_dispatch+0x78/0x140
[ 1124.667886][T15201]  do_syscall_64+0xcd/0x260
[ 1124.667902][T15201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1124.667913][T15201] RIP: 0033:0x7f564c18e169
[ 1124.667922][T15201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1124.667932][T15201] RSP: 002b:00007f5649ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1124.667942][T15201] RAX: ffffffffffffffda RBX: 00007f564c3b5fa0 RCX: 00007f564c18e169
[ 1124.667949][T15201] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1124.667955][T15201] RBP: 00007f564c210a68 R08: 0000000000000000 R09: 0000000000000000
[ 1124.667961][T15201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1124.667967][T15201] R13: 0000000000000000 R14: 00007f564c3b5fa0 R15: 00007ffd366ecf28
[ 1124.667985][T15201]  </TASK>
[ 1124.669073][T15201] Mem-Info:
[ 1125.098805][T15201] active_anon:17330 inactive_anon:0 isolated_anon:0
[ 1125.098805][T15201]  active_file:11670 inactive_file:38949 isolated_file:0
[ 1125.098805][T15201]  unevictable:768 dirty:349 writeback:0
[ 1125.098805][T15201]  slab_reclaimable:11314 slab_unreclaimable:98231
[ 1125.098805][T15201]  mapped:42878 shmem:12929 pagetables:933
[ 1125.098805][T15201]  sec_pagetables:0 bounce:0
[ 1125.098805][T15201]  kernel_misc_reclaimable:0
[ 1125.098805][T15201]  free:1309094 free_pcp:1091 free_cma:0
[ 1125.144147][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.363960][T15201] Node 0 active_anon:69320kB inactive_anon:0kB active_file:46680kB inactive_file:155728kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:175612kB dirty:1396kB writeback:0kB shmem:50180kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10840kB pagetables:3732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1125.398481][T15201] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1125.429589][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.439778][T15201] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1125.466934][T15201] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1125.513663][T15201] Node 0 DMA32 free:1309608kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:58324kB inactive_anon:0kB active_file:46680kB inactive_file:154152kB unevictable:1536kB writepending:1404kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:14908kB local_pcp:3628kB free_cma:0kB
[ 1125.567748][T15201] lowmem_reserve[]: 0 0 1 1 1
[ 1125.619651][T15201] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[ 1125.670163][T15201] lowmem_reserve[]: 0 0 0 0 0
[ 1125.695334][T15201] Node 1 Normal free:3910960kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1125.724013][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1125.736833][T15201] lowmem_reserve[]: 0 0 0 0 0
[ 1125.741567][T15201] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1125.827863][T15230] ubi: mtd0 is already attached to ubi31
[ 1125.927228][T15201] Node 0 DMA32: 2*4kB (UM) 1*8kB (E) 17*16kB (UE) 42*32kB (UE) 153*64kB (UME) 129*128kB (UME) 46*256kB (UM) 20*512kB (UME) 15*1024kB (UM) 13*2048kB (UME) 298*4096kB (UME) = 1312544kB
[ 1125.959240][T15201] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1126.021214][T15201] Node 1 Normal: 218*4kB (UM) 55*8kB (UME) 43*16kB (UME) 161*32kB (UME) 81*64kB (UME) 28*128kB (UME) 11*256kB (UM) 10*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910960kB
[ 1126.054417][T15201] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1126.078252][T15201] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1126.130664][T15201] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1126.140692][T15201] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1126.153005][T15201] 63592 total pagecache pages
[ 1126.158086][T15201] 0 pages in swap cache
[ 1126.162426][T15201] Free swap  = 124996kB
[ 1126.169592][T15201] Total swap = 124996kB
[ 1126.174120][T15201] 2097051 pages RAM
[ 1126.177998][T15201] 0 pages HighMem/MovableOnly
[ 1126.182740][T15201] 429631 pages reserved
[ 1126.190020][T15201] 0 pages cma reserved
[ 1133.534678][   T92] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1133.699421][T15297] serio: Serial port ptm0
[ 1134.153442][   T92] usb 2-1: Using ep0 maxpacket: 16
[ 1134.164956][   T92] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1134.173259][   T92] usb 2-1: config 0 has no interface number 0
[ 1134.193500][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1134.523188][T15303] serio: Serial port ptm0
[ 1134.794601][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1134.807450][   T92] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1134.949228][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.992929][   T92] usb 2-1: Product: syz
[ 1135.086757][   T92] usb 2-1: Manufacturer: syz
[ 1135.086777][   T92] usb 2-1: SerialNumber: syz
[ 1135.114511][   T92] usb 2-1: config 0 descriptor??
[ 1135.115305][T15292] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1135.115413][T15292] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1136.495929][   T92] asix 2-1:0.251: probe with driver asix failed with error -71
[ 1136.507901][   T92] usb 2-1: USB disconnect, device number 21
[ 1138.278009][   T92] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1138.449688][   T92] usb 4-1: Using ep0 maxpacket: 16
[ 1138.517792][   T92] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1138.538084][   T92] usb 4-1: config 0 has no interface number 0
[ 1138.540768][   T92] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1138.540794][   T92] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1138.546605][   T92] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1138.546630][   T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.546648][   T92] usb 4-1: Product: syz
[ 1138.546661][   T92] usb 4-1: Manufacturer: syz
[ 1138.546675][   T92] usb 4-1: SerialNumber: syz
[ 1138.548436][   T92] usb 4-1: config 0 descriptor??
[ 1138.550223][T15330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1138.550330][T15330] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1139.122551][ T5877] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 1139.139612][T15328] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1139.139687][T15328] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1139.333557][ T5877] usb 5-1: Using ep0 maxpacket: 16
[ 1139.451883][ T5877] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[ 1139.527814][ T5877] usb 5-1: config 0 has no interface number 0
[ 1139.536649][ T5877] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1139.552831][ T5877] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1139.575525][ T5877] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1139.585476][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1139.594061][ T5877] usb 5-1: Product: syz
[ 1139.600134][ T5877] usb 5-1: Manufacturer: syz
[ 1139.720139][ T5877] usb 5-1: SerialNumber: syz
[ 1139.766786][   T92] asix 4-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xb8
[ 1139.816604][ T5877] usb 5-1: config 0 descriptor??
[ 1139.834334][T15336] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1139.841592][T15336] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1140.100162][T15333] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1140.100247][T15333] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1140.301013][ T5877] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1140.301033][ T5877] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[ 1140.301135][ T5877] asix 5-1:0.251: probe with driver asix failed with error -5
[ 1140.414472][T15349] ubi: mtd0 is already attached to ubi31
[ 1140.873801][T10800] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1141.036263][T10800] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1141.036287][T10800] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1141.036299][T10800] usb 3-1: Product: syz
[ 1141.036307][T10800] usb 3-1: SerialNumber: syz
[ 1141.037591][T10800] usb 3-1: config 0 descriptor??
[ 1141.122641][  T973] usb 4-1: USB disconnect, device number 18
[ 1141.145489][ T5877] usb 5-1: USB disconnect, device number 21
[ 1141.489439][T15344] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2177'.
[ 1141.515257][ T5877] usb 3-1: USB disconnect, device number 29
[ 1145.867329][T15399] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2188'.
[ 1145.900441][T15399] openvswitch: netlink: Flow key attr not present in new flow.
[ 1146.904178][T15412] input: syz0 as /devices/virtual/input/input91
[ 1148.179261][   T92] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1149.298549][   T92] usb 3-1: Using ep0 maxpacket: 16
[ 1149.306714][   T92] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[ 1149.306757][   T92] usb 3-1: config 0 has no interface number 0
[ 1149.306790][   T92] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1149.306812][   T92] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1149.309045][   T92] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1149.309069][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.309086][   T92] usb 3-1: Product: syz
[ 1149.309098][   T92] usb 3-1: Manufacturer: syz
[ 1149.309111][   T92] usb 3-1: SerialNumber: syz
[ 1149.315863][   T92] usb 3-1: config 0 descriptor??
[ 1149.318153][T15419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1149.318259][T15419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1149.830115][T15419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1149.830223][T15419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1149.875320][T15425] syz.3.2194: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1149.875366][T15425] CPU: 1 UID: 0 PID: 15425 Comm: syz.3.2194 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1149.875382][T15425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1149.875388][T15425] Call Trace:
[ 1149.875392][T15425]  <TASK>
[ 1149.875396][T15425]  dump_stack_lvl+0x16c/0x1f0
[ 1149.875415][T15425]  warn_alloc+0x248/0x3a0
[ 1149.875428][T15425]  ? __pfx_warn_alloc+0x10/0x10
[ 1149.875443][T15425]  ? __get_vm_area_node+0x1b9/0x300
[ 1149.875458][T15425]  ? __get_vm_area_node+0x1e5/0x300
[ 1149.875476][T15425]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1149.875497][T15425]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1149.875513][T15425]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1149.875533][T15425]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1149.875546][T15425]  vmalloc_user_noprof+0x6b/0x90
[ 1149.875563][T15425]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1149.875575][T15425]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1149.875588][T15425]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1149.875601][T15425]  __vb2_queue_alloc+0x8c6/0x1280
[ 1149.875619][T15425]  vb2_core_reqbufs+0xa90/0xfe0
[ 1149.875634][T15425]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1149.875654][T15425]  __vb2_init_fileio+0x3f1/0x1100
[ 1149.875671][T15425]  vb2_core_poll+0x486/0x700
[ 1149.875684][T15425]  vb2_poll+0x33/0x150
[ 1149.875694][T15425]  vb2_fop_poll+0x10f/0x2c0
[ 1149.875706][T15425]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1149.875716][T15425]  v4l2_poll+0x160/0x320
[ 1149.875732][T15425]  ? __pfx_v4l2_poll+0x10/0x10
[ 1149.875745][T15425]  do_sys_poll+0x523/0xe00
[ 1149.875761][T15425]  ? trace_sched_exit_tp+0xde/0x130
[ 1149.875782][T15425]  ? __pfx_do_sys_poll+0x10/0x10
[ 1149.875797][T15425]  ? __lock_acquire+0x5ca/0x1ba0
[ 1149.875824][T15425]  ? schedule+0xf1/0x3a0
[ 1149.875837][T15425]  ? futex_wait_queue+0x14c/0x220
[ 1149.875873][T15425]  ? do_futex+0x122/0x350
[ 1149.875888][T15425]  ? __pfx_do_futex+0x10/0x10
[ 1149.875902][T15425]  ? set_user_sigmask+0x21b/0x2b0
[ 1149.875915][T15425]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1149.875931][T15425]  __x64_sys_ppoll+0x254/0x2d0
[ 1149.875942][T15425]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1149.875953][T15425]  ? syscall_user_dispatch+0x78/0x140
[ 1149.875969][T15425]  do_syscall_64+0xcd/0x260
[ 1149.875985][T15425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.875997][T15425] RIP: 0033:0x7f564c18e169
[ 1149.876011][T15425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1149.876027][T15425] RSP: 002b:00007f5649ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1149.876043][T15425] RAX: ffffffffffffffda RBX: 00007f564c3b5fa0 RCX: 00007f564c18e169
[ 1149.876051][T15425] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1149.876058][T15425] RBP: 00007f564c210a68 R08: 0000000000000000 R09: 0000000000000000
[ 1149.876064][T15425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1149.876070][T15425] R13: 0000000000000000 R14: 00007f564c3b5fa0 R15: 00007ffd366ecf28
[ 1149.876083][T15425]  </TASK>
[ 1149.876087][T15425] Mem-Info:
[ 1149.876094][T15425] active_anon:12077 inactive_anon:0 isolated_anon:0
[ 1149.876094][T15425]  active_file:11670 inactive_file:38959 isolated_file:0
[ 1149.876094][T15425]  unevictable:791 dirty:326 writeback:0
[ 1149.876094][T15425]  slab_reclaimable:11171 slab_unreclaimable:99210
[ 1149.876094][T15425]  mapped:37163 shmem:7194 pagetables:923
[ 1149.876094][T15425]  sec_pagetables:0 bounce:0
[ 1149.876094][T15425]  kernel_misc_reclaimable:0
[ 1149.876094][T15425]  free:1308507 free_pcp:6023 free_cma:0
[ 1149.876120][T15425] Node 0 active_anon:48308kB inactive_anon:0kB active_file:46680kB inactive_file:155768kB unevictable:1628kB isolated(anon):0kB isolated(file):0kB mapped:148652kB dirty:1304kB writeback:0kB shmem:27240kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10920kB pagetables:3692kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1149.876148][T15425] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1149.876173][T15425] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1149.876200][T15425] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1149.876220][T15425] Node 0 DMA32 free:1307664kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:48280kB inactive_anon:0kB active_file:46680kB inactive_file:154192kB unevictable:1628kB writepending:1304kB present:3129332kB managed:2541512kB mlocked:92kB bounce:0kB free_pcp:24064kB local_pcp:11416kB free_cma:0kB
[ 1149.876248][T15425] lowmem_reserve[]: 0 0 1 1 1
[ 1149.876267][T15425] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[ 1149.876294][T15425] lowmem_reserve[]: 0 0 0 0 0
[ 1149.876313][T15425] Node 1 Normal free:3910992kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1149.876341][T15425] lowmem_reserve[]: 0 0 0 0 0
[ 1149.876360][T15425] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1149.876423][T15425] Node 0 DMA32: 57*4kB (UME) 32*8kB (ME) 17*16kB (UME) 8*32kB (ME) 84*64kB (UME) 116*128kB (UME) 43*256kB (UM) 25*512kB (UME) 15*1024kB (UM) 11*2048kB (UME) 299*4096kB (UME) = 1307636kB
[ 1149.876556][T15425] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1149.876642][T15425] Node 1 Normal: 218*4kB (UM) 55*8kB (UME) 43*16kB (UME) 160*32kB (UME) 80*64kB (UME) 27*128kB (UME) 10*256kB (UM) 11*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910992kB
[ 1149.876731][T15425] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1149.876739][T15425] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1149.876748][T15425] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1149.876756][T15425] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1149.876764][T15425] 57823 total pagecache pages
[ 1149.876769][T15425] 0 pages in swap cache
[ 1149.876772][T15425] Free swap  = 124996kB
[ 1149.876776][T15425] Total swap = 124996kB
[ 1149.876781][T15425] 2097051 pages RAM
[ 1149.876784][T15425] 0 pages HighMem/MovableOnly
[ 1149.876788][T15425] 429631 pages reserved
[ 1149.876792][T15425] 0 pages cma reserved
[ 1150.974007][   T92] asix 3-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xb8
[ 1150.975511][ T5877] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1151.177274][ T5877] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1151.177321][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1151.177340][ T5877] usb 1-1: Product: syz
[ 1151.177354][ T5877] usb 1-1: SerialNumber: syz
[ 1151.180552][ T5877] usb 1-1: config 0 descriptor??
[ 1151.389872][ T5877] hso 1-1:0.0: Failed to find BULK IN ep
[ 1152.142304][T15440] netlink: 892 bytes leftover after parsing attributes in process `syz.0.2198'.
[ 1152.148825][ T5877] usb 1-1: USB disconnect, device number 22
[ 1152.606184][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1152.661974][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1152.724337][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1153.069052][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1153.110376][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1153.218299][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1153.520996][ T5877] usb 3-1: USB disconnect, device number 30
[ 1154.005549][T15468] ubi: mtd0 is already attached to ubi31
[ 1154.652464][T15476] ubi: mtd0 is already attached to ubi31
[ 1157.633718][ T5877] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[ 1157.797711][ T5877] usb 2-1: Using ep0 maxpacket: 16
[ 1157.818705][ T5877] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1157.842762][ T5877] usb 2-1: config 0 has no interface number 0
[ 1157.860780][ T5877] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1157.914038][ T5877] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1157.967250][ T5877] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1158.004538][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.034479][ T5877] usb 2-1: Product: syz
[ 1158.056485][ T5877] usb 2-1: Manufacturer: syz
[ 1158.072713][ T5877] usb 2-1: SerialNumber: syz
[ 1158.089679][ T5877] usb 2-1: config 0 descriptor??
[ 1158.108371][T15491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1158.163541][T15491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1158.380355][T15491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1158.407735][T15491] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1159.443120][ T5877] asix 2-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xb8
[ 1160.023767][T15509] ubi: mtd0 is already attached to ubi31
[ 1160.468654][   T92] usb 2-1: USB disconnect, device number 22
[ 1162.864635][T15537] ubi: mtd0 is already attached to ubi31
[ 1175.937858][T15635] syz.1.2243: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1175.937908][T15635] CPU: 0 UID: 0 PID: 15635 Comm: syz.1.2243 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1175.937922][T15635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1175.937928][T15635] Call Trace:
[ 1175.937932][T15635]  <TASK>
[ 1175.937936][T15635]  dump_stack_lvl+0x16c/0x1f0
[ 1175.937955][T15635]  warn_alloc+0x248/0x3a0
[ 1175.937967][T15635]  ? __pfx_warn_alloc+0x10/0x10
[ 1175.937982][T15635]  ? __get_vm_area_node+0x1b9/0x300
[ 1175.937998][T15635]  ? __get_vm_area_node+0x1e5/0x300
[ 1175.938015][T15635]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1175.938035][T15635]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1175.938051][T15635]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1175.938071][T15635]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1175.938083][T15635]  vmalloc_user_noprof+0x6b/0x90
[ 1175.938099][T15635]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1175.938111][T15635]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1175.938123][T15635]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1175.938136][T15635]  __vb2_queue_alloc+0x8c6/0x1280
[ 1175.938154][T15635]  vb2_core_reqbufs+0xa90/0xfe0
[ 1175.938168][T15635]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1175.938187][T15635]  __vb2_init_fileio+0x3f1/0x1100
[ 1175.938203][T15635]  vb2_core_poll+0x486/0x700
[ 1175.938216][T15635]  vb2_poll+0x33/0x150
[ 1175.938226][T15635]  vb2_fop_poll+0x10f/0x2c0
[ 1175.938237][T15635]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1175.938252][T15635]  v4l2_poll+0x160/0x320
[ 1175.938268][T15635]  ? __pfx_v4l2_poll+0x10/0x10
[ 1175.938281][T15635]  do_sys_poll+0x523/0xe00
[ 1175.938297][T15635]  ? trace_sched_exit_tp+0xde/0x130
[ 1175.938319][T15635]  ? __pfx_do_sys_poll+0x10/0x10
[ 1175.938334][T15635]  ? __lock_acquire+0x5ca/0x1ba0
[ 1175.938355][T15635]  ? schedule+0xf1/0x3a0
[ 1175.938368][T15635]  ? futex_wait_queue+0x14c/0x220
[ 1175.938401][T15635]  ? do_futex+0x122/0x350
[ 1175.938416][T15635]  ? __pfx_do_futex+0x10/0x10
[ 1175.938430][T15635]  ? set_user_sigmask+0x21b/0x2b0
[ 1175.938444][T15635]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1175.938459][T15635]  __x64_sys_ppoll+0x254/0x2d0
[ 1175.938470][T15635]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1175.938480][T15635]  ? syscall_user_dispatch+0x78/0x140
[ 1175.938496][T15635]  do_syscall_64+0xcd/0x260
[ 1175.938511][T15635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.938522][T15635] RIP: 0033:0x7fdbeef8e169
[ 1175.938532][T15635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1175.938542][T15635] RSP: 002b:00007fdbefd23038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1175.938551][T15635] RAX: ffffffffffffffda RBX: 00007fdbef1b5fa0 RCX: 00007fdbeef8e169
[ 1175.938558][T15635] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1175.938564][T15635] RBP: 00007fdbef010a68 R08: 0000000000000000 R09: 0000000000000000
[ 1175.938570][T15635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1175.938576][T15635] R13: 0000000000000000 R14: 00007fdbef1b5fa0 R15: 00007fffba6cc1c8
[ 1175.938589][T15635]  </TASK>
[ 1175.938593][T15635] Mem-Info:
[ 1175.938599][T15635] active_anon:14451 inactive_anon:0 isolated_anon:0
[ 1175.938599][T15635]  active_file:11670 inactive_file:38969 isolated_file:0
[ 1175.938599][T15635]  unevictable:768 dirty:345 writeback:0
[ 1175.938599][T15635]  slab_reclaimable:11100 slab_unreclaimable:99034
[ 1175.938599][T15635]  mapped:35117 shmem:10108 pagetables:899
[ 1175.938599][T15635]  sec_pagetables:0 bounce:0
[ 1175.938599][T15635]  kernel_misc_reclaimable:0
[ 1175.938599][T15635]  free:1308049 free_pcp:4479 free_cma:0
[ 1175.938625][T15635] Node 0 active_anon:57804kB inactive_anon:0kB active_file:46680kB inactive_file:155808kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140468kB dirty:1380kB writeback:0kB shmem:38896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10752kB pagetables:3596kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1175.938653][T15635] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1175.938678][T15635] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1175.938706][T15635] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1175.938726][T15635] Node 0 DMA32 free:1305832kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:57776kB inactive_anon:0kB active_file:46680kB inactive_file:154232kB unevictable:1536kB writepending:1380kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:17888kB local_pcp:17376kB free_cma:0kB
[ 1175.938755][T15635] lowmem_reserve[]: 0 0 1 1 1
[ 1175.938774][T15635] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[ 1175.938802][T15635] lowmem_reserve[]: 0 0 0 0 0
[ 1175.938820][T15635] Node 1 Normal free:3910992kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1175.938848][T15635] lowmem_reserve[]: 0 0 0 0 0
[ 1175.938867][T15635] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1175.938931][T15635] Node 0 DMA32: 88*4kB (UME) 31*8kB (ME) 38*16kB (UME) 19*32kB (UME) 203*64kB (UME) 137*128kB (UME) 62*256kB (UM) 28*512kB (UME) 22*1024kB (UM) 18*2048kB (UME) 289*4096kB (UM) = 1305688kB
[ 1175.939020][T15635] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1175.939080][T15635] Node 1 Normal: 218*4kB (UM) 55*8kB (UME) 43*16kB (UME) 160*32kB (UME) 80*64kB (UME) 27*128kB (UME) 10*256kB (UM) 11*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910992kB
[ 1175.939168][T15635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1175.939177][T15635] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1175.939185][T15635] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1175.939193][T15635] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1175.939201][T15635] 60747 total pagecache pages
[ 1175.939206][T15635] 0 pages in swap cache
[ 1175.939209][T15635] Free swap  = 124996kB
[ 1175.939213][T15635] Total swap = 124996kB
[ 1175.939218][T15635] 2097051 pages RAM
[ 1175.939221][T15635] 0 pages HighMem/MovableOnly
[ 1175.939225][T15635] 429631 pages reserved
[ 1175.939229][T15635] 0 pages cma reserved
[ 1176.610225][   T92] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[ 1176.916454][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.916486][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.250399][   T92] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1177.250417][   T92] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1177.250433][   T92] usb 2-1: Product: syz
[ 1177.250441][   T92] usb 2-1: SerialNumber: syz
[ 1177.251844][   T92] usb 2-1: config 0 descriptor??
[ 1177.726674][   T92] hso 2-1:0.0: Failed to find BULK IN ep
[ 1178.145180][T15654] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2248'.
[ 1178.147621][   T59] usb 2-1: USB disconnect, device number 23
[ 1179.779471][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1179.815459][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1180.103198][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1180.133079][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1180.194556][T15676] ubi: mtd0 is already attached to ubi31
[ 1180.850931][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1180.888918][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1184.621064][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1186.061352][   T30] kauditd_printk_skb: 15 callbacks suppressed
[ 1186.061372][   T30] audit: type=1400 audit(1744990496.190:1696): avc:  denied  { unmount } for  pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1187.332333][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1188.091541][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1191.123566][   T92] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[ 1191.373457][   T92] usb 2-1: Using ep0 maxpacket: 16
[ 1191.379936][   T92] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[ 1191.389718][   T92] usb 2-1: config 0 has no interface number 0
[ 1191.488094][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1191.528979][   T92] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1191.567643][   T92] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1191.577926][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.587955][   T92] usb 2-1: Product: syz
[ 1191.592108][   T92] usb 2-1: Manufacturer: syz
[ 1191.596707][   T92] usb 2-1: SerialNumber: syz
[ 1191.617694][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1191.618305][   T92] usb 2-1: config 0 descriptor??
[ 1191.644853][T15758] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1191.656441][T15758] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1192.013012][T15758] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1192.066347][T15758] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1192.284511][   T92] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1192.294726][   T92] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[ 1192.316612][   T92] asix 2-1:0.251: probe with driver asix failed with error -5
[ 1192.552776][   T92] usb 2-1: USB disconnect, device number 24
[ 1193.100188][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1193.943495][ T5905] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[ 1194.195845][ T5905] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1194.195900][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1194.195951][ T5905] usb 2-1: Product: syz
[ 1194.195998][ T5905] usb 2-1: SerialNumber: syz
[ 1194.362526][ T5905] usb 2-1: config 0 descriptor??
[ 1194.639045][ T5905] hso 2-1:0.0: Failed to find BULK IN ep
[ 1194.785162][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1194.794965][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1194.861674][ T5905] usb 2-1: USB disconnect, device number 25
[ 1195.470344][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1195.775523][T15808] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2284'.
[ 1197.958258][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1199.038819][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1200.187317][T15820] syz.3.2289: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1200.218392][T15820] CPU: 1 UID: 0 PID: 15820 Comm: syz.3.2289 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1200.218425][T15820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1200.218434][T15820] Call Trace:
[ 1200.218440][T15820]  <TASK>
[ 1200.218447][T15820]  dump_stack_lvl+0x16c/0x1f0
[ 1200.218475][T15820]  warn_alloc+0x248/0x3a0
[ 1200.218495][T15820]  ? __pfx_warn_alloc+0x10/0x10
[ 1200.218519][T15820]  ? __get_vm_area_node+0x1b9/0x300
[ 1200.218543][T15820]  ? __get_vm_area_node+0x1e5/0x300
[ 1200.218570][T15820]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1200.218604][T15820]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1200.218630][T15820]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1200.218663][T15820]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1200.218683][T15820]  vmalloc_user_noprof+0x6b/0x90
[ 1200.218708][T15820]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1200.218726][T15820]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1200.218748][T15820]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1200.218768][T15820]  __vb2_queue_alloc+0x8c6/0x1280
[ 1200.218799][T15820]  vb2_core_reqbufs+0xa90/0xfe0
[ 1200.218824][T15820]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1200.218855][T15820]  __vb2_init_fileio+0x3f1/0x1100
[ 1200.218883][T15820]  vb2_core_poll+0x486/0x700
[ 1200.218905][T15820]  vb2_poll+0x33/0x150
[ 1200.218923][T15820]  vb2_fop_poll+0x10f/0x2c0
[ 1200.218943][T15820]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1200.218959][T15820]  v4l2_poll+0x160/0x320
[ 1200.218984][T15820]  ? __pfx_v4l2_poll+0x10/0x10
[ 1200.219005][T15820]  do_sys_poll+0x523/0xe00
[ 1200.219030][T15820]  ? trace_sched_exit_tp+0xde/0x130
[ 1200.219064][T15820]  ? __pfx_do_sys_poll+0x10/0x10
[ 1200.219119][T15820]  ? schedule+0xf1/0x3a0
[ 1200.219141][T15820]  ? futex_wait_queue+0x14c/0x220
[ 1200.219210][T15820]  ? do_futex+0x122/0x350
[ 1200.219236][T15820]  ? __pfx_do_futex+0x10/0x10
[ 1200.219259][T15820]  ? set_user_sigmask+0x21b/0x2b0
[ 1200.219280][T15820]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1200.219305][T15820]  __x64_sys_ppoll+0x254/0x2d0
[ 1200.219322][T15820]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1200.219340][T15820]  ? syscall_user_dispatch+0x78/0x140
[ 1200.219365][T15820]  do_syscall_64+0xcd/0x260
[ 1200.219391][T15820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1200.219409][T15820] RIP: 0033:0x7f564c18e169
[ 1200.219424][T15820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1200.219440][T15820] RSP: 002b:00007f5649ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1200.219457][T15820] RAX: ffffffffffffffda RBX: 00007f564c3b5fa0 RCX: 00007f564c18e169
[ 1200.219468][T15820] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1200.219479][T15820] RBP: 00007f564c210a68 R08: 0000000000000000 R09: 0000000000000000
[ 1200.219488][T15820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1200.219498][T15820] R13: 0000000000000000 R14: 00007f564c3b5fa0 R15: 00007ffd366ecf28
[ 1200.219520][T15820]  </TASK>
[ 1200.219627][T15820] Mem-Info:
[ 1200.593426][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1200.611574][T15820] active_anon:6339 inactive_anon:0 isolated_anon:0
[ 1200.611574][T15820]  active_file:11670 inactive_file:38977 isolated_file:0
[ 1200.611574][T15820]  unevictable:768 dirty:336 writeback:0
[ 1200.611574][T15820]  slab_reclaimable:11109 slab_unreclaimable:98708
[ 1200.611574][T15820]  mapped:30031 shmem:2183 pagetables:835
[ 1200.611574][T15820]  sec_pagetables:0 bounce:0
[ 1200.611574][T15820]  kernel_misc_reclaimable:0
[ 1200.611574][T15820]  free:1320378 free_pcp:441 free_cma:0
[ 1200.703655][T15820] Node 0 active_anon:34156kB inactive_anon:0kB active_file:46680kB inactive_file:155840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128724kB dirty:1344kB writeback:0kB shmem:15796kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10680kB pagetables:3340kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1200.743540][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1200.762002][T15820] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1200.793954][T15820] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1200.821776][T15820] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1200.827904][T15820] Node 0 DMA32 free:1347244kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:34228kB inactive_anon:0kB active_file:46680kB inactive_file:154264kB unevictable:1536kB writepending:1344kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:664kB local_pcp:196kB free_cma:0kB
[ 1200.858343][T15820] lowmem_reserve[]: 0 0 1 1 1
[ 1201.629188][T15820] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:28kB free_cma:0kB
[ 1201.725646][T15861] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2297'.
[ 1202.098344][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1202.117079][T15820] lowmem_reserve[]: 0 0 0 0 0
[ 1202.126703][T15820] Node 1 Normal free:3910996kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1202.157148][T15820] lowmem_reserve[]: 0 0 0 0 0
[ 1202.168053][T15820] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1202.552599][T15820] Node 0 DMA32: 51*4kB (UME) 31*8kB (UME) 323*16kB (UME) 495*32kB (UME) 518*64kB (UME) 177*128kB (UME) 88*256kB (UM) 44*512kB (UME) 37*1024kB (UM) 16*2048kB (UME) 280*4096kB (UM) = 1339860kB
[ 1202.635736][T15820] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1202.766912][T15820] Node 1 Normal: 217*4kB (UM) 56*8kB (UME) 43*16kB (UME) 160*32kB (UME) 80*64kB (UME) 27*128kB (UME) 10*256kB (UM) 11*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910996kB
[ 1202.793513][T15820] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1203.263602][T15820] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1203.273339][T15820] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1203.415406][T15820] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1203.519945][T15820] 55004 total pagecache pages
[ 1203.553186][T15820] 0 pages in swap cache
[ 1203.561368][T15820] Free swap  = 124984kB
[ 1203.567537][T15820] Total swap = 124996kB
[ 1203.571848][T15820] 2097051 pages RAM
[ 1203.577285][T15820] 0 pages HighMem/MovableOnly
[ 1203.582527][T15820] 429631 pages reserved
[ 1203.587255][T15820] 0 pages cma reserved
[ 1205.246007][ T5841] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1205.246259][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1206.400843][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1207.053685][    T9] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1207.294487][T15915] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2309'.
[ 1207.630813][    T9] usb 4-1: Using ep0 maxpacket: 16
[ 1207.639661][    T9] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[ 1207.649005][    T9] usb 4-1: config 0 has no interface number 0
[ 1207.687427][    T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1207.712950][    T9] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1207.826274][    T9] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1207.839384][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.856765][    T9] usb 4-1: Product: syz
[ 1207.862778][    T9] usb 4-1: Manufacturer: syz
[ 1207.870579][    T9] usb 4-1: SerialNumber: syz
[ 1207.881137][    T9] usb 4-1: config 0 descriptor??
[ 1208.643809][T15910] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1208.678760][T15910] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1208.700605][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1208.722844][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1209.302509][T15909] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1209.320397][T15909] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1209.422387][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1209.780928][    T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1209.844501][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1209.893679][    T9] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[ 1209.946441][    T9] asix 4-1:0.251: probe with driver asix failed with error -5
[ 1209.984646][    T9] usb 4-1: USB disconnect, device number 19
[ 1210.086500][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1210.699211][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1211.370680][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1212.736360][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1213.045200][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1213.637638][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1213.785166][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1216.413518][ T5905] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1216.732893][ T5905] usb 1-1: Using ep0 maxpacket: 16
[ 1216.781854][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1216.787604][ T5905] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[ 1216.787624][ T5905] usb 1-1: config 0 has no interface number 0
[ 1216.787644][ T5905] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1216.787657][ T5905] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 1216.808672][ T5905] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1216.808693][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1216.808704][ T5905] usb 1-1: Product: syz
[ 1216.808713][ T5905] usb 1-1: Manufacturer: syz
[ 1216.808721][ T5905] usb 1-1: SerialNumber: syz
[ 1216.810002][ T5905] usb 1-1: config 0 descriptor??
[ 1216.810975][T15994] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1216.811026][T15994] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1217.089320][T15994] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1217.089852][T15994] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1217.314454][ T5905] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[ 1217.314487][ T5905] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[ 1217.314678][ T5905] asix 1-1:0.251: probe with driver asix failed with error -5
[ 1220.346029][   T59] usb 1-1: USB disconnect, device number 23
[ 1220.971009][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1221.048732][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1224.037234][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1225.733460][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1226.145701][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1227.208472][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1228.280201][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1228.860874][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1230.864034][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1231.396553][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1232.754643][T16131] syz.1.2362: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1232.791987][T16131] CPU: 1 UID: 0 PID: 16131 Comm: syz.1.2362 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1232.792017][T16131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1232.792026][T16131] Call Trace:
[ 1232.792032][T16131]  <TASK>
[ 1232.792038][T16131]  dump_stack_lvl+0x16c/0x1f0
[ 1232.792066][T16131]  warn_alloc+0x248/0x3a0
[ 1232.792085][T16131]  ? __pfx_warn_alloc+0x10/0x10
[ 1232.792110][T16131]  ? __get_vm_area_node+0x1b9/0x300
[ 1232.792133][T16131]  ? __get_vm_area_node+0x1e5/0x300
[ 1232.792159][T16131]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1232.792191][T16131]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1232.792218][T16131]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1232.792250][T16131]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1232.792271][T16131]  vmalloc_user_noprof+0x6b/0x90
[ 1232.792297][T16131]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1232.792317][T16131]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1232.792338][T16131]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1232.792358][T16131]  __vb2_queue_alloc+0x8c6/0x1280
[ 1232.792390][T16131]  vb2_core_reqbufs+0xa90/0xfe0
[ 1232.792415][T16131]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1232.792449][T16131]  __vb2_init_fileio+0x3f1/0x1100
[ 1232.792478][T16131]  vb2_core_poll+0x486/0x700
[ 1232.792499][T16131]  vb2_poll+0x33/0x150
[ 1232.792517][T16131]  vb2_fop_poll+0x10f/0x2c0
[ 1232.792537][T16131]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1232.792554][T16131]  v4l2_poll+0x160/0x320
[ 1232.792578][T16131]  ? __pfx_v4l2_poll+0x10/0x10
[ 1232.792600][T16131]  do_sys_poll+0x523/0xe00
[ 1232.792626][T16131]  ? trace_sched_exit_tp+0xde/0x130
[ 1232.792671][T16131]  ? __pfx_do_sys_poll+0x10/0x10
[ 1232.792695][T16131]  ? __lock_acquire+0x5ca/0x1ba0
[ 1232.792733][T16131]  ? schedule+0xf1/0x3a0
[ 1232.792756][T16131]  ? futex_wait_queue+0x14c/0x220
[ 1232.792820][T16131]  ? do_futex+0x122/0x350
[ 1232.792845][T16131]  ? __pfx_do_futex+0x10/0x10
[ 1232.792868][T16131]  ? set_user_sigmask+0x21b/0x2b0
[ 1232.792889][T16131]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1232.792916][T16131]  __x64_sys_ppoll+0x254/0x2d0
[ 1232.792934][T16131]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1232.792952][T16131]  ? syscall_user_dispatch+0x78/0x140
[ 1232.792979][T16131]  do_syscall_64+0xcd/0x260
[ 1232.793005][T16131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.793023][T16131] RIP: 0033:0x7fdbeef8e169
[ 1232.793039][T16131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1232.793056][T16131] RSP: 002b:00007fdbefd23038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1232.793073][T16131] RAX: ffffffffffffffda RBX: 00007fdbef1b5fa0 RCX: 00007fdbeef8e169
[ 1232.793085][T16131] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1232.793095][T16131] RBP: 00007fdbef010a68 R08: 0000000000000000 R09: 0000000000000000
[ 1232.793106][T16131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1232.793115][T16131] R13: 0000000000000000 R14: 00007fdbef1b5fa0 R15: 00007fffba6cc1c8
[ 1232.793139][T16131]  </TASK>
[ 1232.793210][T16131] Mem-Info:
[ 1233.023459][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1233.195696][T16131] active_anon:6211 inactive_anon:1 isolated_anon:0
[ 1233.195696][T16131]  active_file:11670 inactive_file:38991 isolated_file:0
[ 1233.195696][T16131]  unevictable:768 dirty:285 writeback:0
[ 1233.195696][T16131]  slab_reclaimable:11106 slab_unreclaimable:99176
[ 1233.195696][T16131]  mapped:29342 shmem:1508 pagetables:901
[ 1233.195696][T16131]  sec_pagetables:0 bounce:0
[ 1233.195696][T16131]  kernel_misc_reclaimable:0
[ 1233.195696][T16131]  free:1318214 free_pcp:1905 free_cma:0
[ 1233.258045][T16155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2367'.
[ 1233.267635][T16155] openvswitch: netlink: Flow key attr not present in new flow.
[ 1233.408222][T16131] Node 0 active_anon:24744kB inactive_anon:4kB active_file:46680kB inactive_file:155896kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121368kB dirty:936kB writeback:0kB shmem:4496kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10668kB pagetables:3604kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1233.543580][T16131] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1233.597695][T16131] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1233.717141][T16131] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1233.725090][T16131] Node 0 DMA32 free:1334028kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:36808kB inactive_anon:0kB active_file:46680kB inactive_file:154320kB unevictable:1536kB writepending:948kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:7736kB local_pcp:600kB free_cma:0kB
[ 1233.933719][T16131] lowmem_reserve[]: 0 0 1 1 1
[ 1233.959809][T16131] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[ 1233.991954][T16131] lowmem_reserve[]: 0 0 0 0 0
[ 1233.991995][T16131] Node 1 Normal free:3910996kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1233.992039][T16131] lowmem_reserve[]: 0 0 0 0 0
[ 1233.992070][T16131] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1233.992176][T16131] Node 0 DMA32: 52*4kB (UE) 32*8kB (UE) 212*16kB (UME) 371*32kB (UME) 479*64kB (UME) 187*128kB (UME) 93*256kB (UM) 42*512kB (UME) 36*1024kB (UM) 15*2048kB (UME) 281*4096kB (UM) = 1334192kB
[ 1233.992327][T16131] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1233.992435][T16131] Node 1 Normal: 217*4kB (UM) 56*8kB (UME) 43*16kB (UME) 160*32kB (UME) 80*64kB (UME) 27*128kB (UME) 10*256kB (UM) 11*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910996kB
[ 1233.992584][T16131] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1233.992598][T16131] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1233.992611][T16131] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1233.992624][T16131] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1233.992637][T16131] 54999 total pagecache pages
[ 1233.992644][T16131] 0 pages in swap cache
[ 1233.992650][T16131] Free swap  = 124996kB
[ 1233.992657][T16131] Total swap = 124996kB
[ 1233.992664][T16131] 2097051 pages RAM
[ 1233.992670][T16131] 0 pages HighMem/MovableOnly
[ 1233.992676][T16131] 429631 pages reserved
[ 1233.992682][T16131] 0 pages cma reserved
[ 1234.107261][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1234.173624][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1234.667422][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1234.700079][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1234.713813][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1234.722396][T16174] fuse: Bad value for 'fd'
[ 1236.241128][T16191] fuse: Bad value for 'fd'
[ 1236.246859][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1237.694373][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1238.346644][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.352956][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1249.531144][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1250.881412][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1252.013397][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1252.531401][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1252.539478][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1252.577868][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1253.444924][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1253.636559][T16274] fuse: Bad value for 'fd'
[ 1253.650921][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1256.349574][T16271] syz.4.2394: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1256.403483][T16271] CPU: 1 UID: 0 PID: 16271 Comm: syz.4.2394 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1256.403511][T16271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1256.403522][T16271] Call Trace:
[ 1256.403527][T16271]  <TASK>
[ 1256.403533][T16271]  dump_stack_lvl+0x16c/0x1f0
[ 1256.403562][T16271]  warn_alloc+0x248/0x3a0
[ 1256.403582][T16271]  ? __pfx_warn_alloc+0x10/0x10
[ 1256.403608][T16271]  ? __get_vm_area_node+0x1b9/0x300
[ 1256.403633][T16271]  ? __get_vm_area_node+0x1e5/0x300
[ 1256.403660][T16271]  __vmalloc_node_range_noprof+0x1110/0x1540
[ 1256.403696][T16271]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1256.403724][T16271]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1256.403757][T16271]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1256.403778][T16271]  vmalloc_user_noprof+0x6b/0x90
[ 1256.403804][T16271]  ? vb2_vmalloc_alloc+0x135/0x3f0
[ 1256.403823][T16271]  vb2_vmalloc_alloc+0x135/0x3f0
[ 1256.403845][T16271]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1256.403866][T16271]  __vb2_queue_alloc+0x8c6/0x1280
[ 1256.403898][T16271]  vb2_core_reqbufs+0xa90/0xfe0
[ 1256.403923][T16271]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1256.403957][T16271]  __vb2_init_fileio+0x3f1/0x1100
[ 1256.403987][T16271]  vb2_core_poll+0x486/0x700
[ 1256.404009][T16271]  vb2_poll+0x33/0x150
[ 1256.404027][T16271]  vb2_fop_poll+0x10f/0x2c0
[ 1256.404047][T16271]  ? __pfx_vb2_fop_poll+0x10/0x10
[ 1256.404063][T16271]  v4l2_poll+0x160/0x320
[ 1256.404089][T16271]  ? __pfx_v4l2_poll+0x10/0x10
[ 1256.404110][T16271]  do_sys_poll+0x523/0xe00
[ 1256.404137][T16271]  ? trace_sched_exit_tp+0xde/0x130
[ 1256.404173][T16271]  ? __pfx_do_sys_poll+0x10/0x10
[ 1256.404220][T16271]  ? schedule+0xf1/0x3a0
[ 1256.404242][T16271]  ? futex_wait_queue+0x14c/0x220
[ 1256.404303][T16271]  ? do_futex+0x122/0x350
[ 1256.404329][T16271]  ? __pfx_do_futex+0x10/0x10
[ 1256.404352][T16271]  ? set_user_sigmask+0x21b/0x2b0
[ 1256.404373][T16271]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1256.404399][T16271]  __x64_sys_ppoll+0x254/0x2d0
[ 1256.404416][T16271]  ? __pfx___x64_sys_ppoll+0x10/0x10
[ 1256.404434][T16271]  ? syscall_user_dispatch+0x78/0x140
[ 1256.404461][T16271]  do_syscall_64+0xcd/0x260
[ 1256.404488][T16271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1256.404504][T16271] RIP: 0033:0x7f3fc098e169
[ 1256.404519][T16271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1256.404535][T16271] RSP: 002b:00007f3fc1766038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1256.404554][T16271] RAX: ffffffffffffffda RBX: 00007f3fc0bb5fa0 RCX: 00007f3fc098e169
[ 1256.404565][T16271] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1256.404576][T16271] RBP: 00007f3fc0a10a68 R08: 0000000000000000 R09: 0000000000000000
[ 1256.404585][T16271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1256.404594][T16271] R13: 0000000000000000 R14: 00007f3fc0bb5fa0 R15: 00007ffd514d5be8
[ 1256.404617][T16271]  </TASK>
[ 1256.404624][T16271] Mem-Info:
[ 1256.709751][T16271] active_anon:11293 inactive_anon:0 isolated_anon:0
[ 1256.709751][T16271]  active_file:11670 inactive_file:38997 isolated_file:0
[ 1256.709751][T16271]  unevictable:768 dirty:288 writeback:0
[ 1256.709751][T16271]  slab_reclaimable:11008 slab_unreclaimable:100036
[ 1256.709751][T16271]  mapped:34906 shmem:7231 pagetables:853
[ 1256.709751][T16271]  sec_pagetables:0 bounce:0
[ 1256.709751][T16271]  kernel_misc_reclaimable:0
[ 1256.709751][T16271]  free:1314034 free_pcp:422 free_cma:0
[ 1256.759791][T16271] Node 0 active_anon:45172kB inactive_anon:0kB active_file:46680kB inactive_file:155920kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139624kB dirty:1152kB writeback:0kB shmem:27388kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10572kB pagetables:3412kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1256.799422][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1256.807464][T16271] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1257.398606][T16271] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1257.679119][T16271] lowmem_reserve[]: 0 2481 2483 2483 2483
[ 1257.710730][T16271] Node 0 DMA32 free:1351412kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB active_anon:23400kB inactive_anon:0kB active_file:46680kB inactive_file:154344kB unevictable:1536kB writepending:1240kB present:3129332kB managed:2541512kB mlocked:0kB bounce:0kB free_pcp:1684kB local_pcp:956kB free_cma:0kB
[ 1257.867423][T16271] lowmem_reserve[]: 0 0 1 1 1
[ 1257.872861][T16271] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[ 1258.064277][T16271] lowmem_reserve[]: 0 0 0 0 0
[ 1258.099040][T16271] Node 1 Normal free:3910996kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1258.128420][T16271] lowmem_reserve[]: 0 0 0 0 0
[ 1258.133216][T16271] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1258.147436][T16271] Node 0 DMA32: 141*4kB (UE) 331*8kB (UME) 828*16kB (UME) 441*32kB (UME) 298*64kB (UME) 180*128kB (UME) 89*256kB (UM) 49*512kB (UME) 35*1024kB (UM) 19*2048kB (UME) 281*4096kB (UM) = 1346284kB
[ 1258.174971][T16271] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[ 1258.202229][T16271] Node 1 Normal: 217*4kB (UM) 56*8kB (UME) 43*16kB (UME) 160*32kB (UME) 80*64kB (UME) 27*128kB (UME) 10*256kB (UM) 11*512kB (UME) 6*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3910996kB
[ 1258.224844][T16271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1258.288610][T16271] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1258.289438][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1258.305534][T16271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1258.322325][T16271] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1258.388130][T16271] 55015 total pagecache pages
[ 1258.427542][T16271] 0 pages in swap cache
[ 1258.541146][T16271] Free swap  = 124956kB
[ 1258.717470][T16271] Total swap = 124996kB
[ 1258.721681][T16271] 2097051 pages RAM
[ 1258.781263][T16271] 0 pages HighMem/MovableOnly
[ 1258.793608][T16271] 429631 pages reserved
[ 1258.797779][T16271] 0 pages cma reserved
[ 1258.852581][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1260.908133][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1261.352344][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1261.919042][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1262.187311][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1263.083399][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1263.419930][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1263.420338][T16372] fuse: Bad value for 'fd'
[ 1263.534502][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1264.793510][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1265.860416][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1267.150374][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1267.170535][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1267.845681][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1268.249942][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1269.178159][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1269.189838][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1269.976082][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1270.879708][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1271.053561][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1271.252147][ T5832] Bluetooth: Frame is too long (len 151, expected len 4)
[ 1273.419793][   T30] audit: type=1400 audit(1744990583.630:1697): avc:  denied  { setopt } for  pid=16465 comm="syz.1.2443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1273.656234][   T30] audit: type=1400 audit(1744990583.870:1698): avc:  denied  { write } for  pid=16475 comm="syz.4.2447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1273.742611][   T30] audit: type=1400 audit(1744990583.950:1699): avc:  denied  { bind } for  pid=16479 comm="syz.4.2449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1273.844475][   T30] audit: type=1400 audit(1744990584.060:1700): avc:  denied  { sqpoll } for  pid=16483 comm="syz.4.2451" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1274.243665][   T30] audit: type=1400 audit(1744990584.450:1701): avc:  denied  { create } for  pid=16498 comm="syz.1.2460" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1274.323217][   T30] audit: type=1400 audit(1744990584.450:1702): avc:  denied  { append } for  pid=16498 comm="syz.1.2460" name="file2" dev="tmpfs" ino=2691 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1274.401924][   T30] audit: type=1400 audit(1744990584.450:1703): avc:  denied  { open } for  pid=16498 comm="syz.1.2460" path="/501/file2" dev="tmpfs" ino=2691 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1274.453781][   T30] audit: type=1400 audit(1744990584.460:1704): avc:  denied  { ioctl } for  pid=16498 comm="syz.1.2460" path="/501/file2" dev="tmpfs" ino=2691 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1274.525568][   T30] audit: type=1400 audit(1744990584.480:1705): avc:  denied  { read write } for  pid=16503 comm="syz.4.2461" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1274.591123][   T30] audit: type=1400 audit(1744990584.480:1706): avc:  denied  { open } for  pid=16503 comm="syz.4.2461" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1274.797963][T16535] Process accounting resumed
[ 1275.373073][T16580] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2495'.
[ 1275.663056][T16596] netlink: 'syz.0.2502': attribute type 3 has an invalid length.
[ 1277.164564][T16611] netlink: 4 bytes leftover after parsing attributes in process `wg1'.
[ 1278.053017][T16631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2516'.
[ 1278.431482][   T30] kauditd_printk_skb: 263 callbacks suppressed
[ 1278.431497][   T30] audit: type=1326 audit(1744990588.640:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f564c185127 code=0x7ffc0000
[ 1278.534210][T16645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2520'.
[ 1278.543193][T16645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2520'.
[ 1278.554918][T16641] IPv6: Can't replace route, no match found
[ 1278.596265][   T30] audit: type=1326 audit(1744990588.680:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f564c12a359 code=0x7ffc0000
[ 1278.637742][T16645] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2520'.
[ 1278.683508][   T30] audit: type=1326 audit(1744990588.680:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f564c185127 code=0x7ffc0000
[ 1278.756834][   T30] audit: type=1326 audit(1744990588.680:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f564c12a359 code=0x7ffc0000
[ 1278.861132][   T30] audit: type=1326 audit(1744990588.680:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f564c18e169 code=0x7ffc0000
[ 1278.945094][   T30] audit: type=1326 audit(1744990588.690:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f564c185127 code=0x7ffc0000
[ 1278.979358][   T30] audit: type=1326 audit(1744990588.690:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f564c12a359 code=0x7ffc0000
[ 1279.074821][   T30] audit: type=1326 audit(1744990588.690:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f564c18e169 code=0x7ffc0000
[ 1279.161712][   T30] audit: type=1326 audit(1744990588.700:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f564c185127 code=0x7ffc0000
[ 1279.189269][   T30] audit: type=1326 audit(1744990588.700:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16614 comm="syz.3.2510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f564c12a359 code=0x7ffc0000
[ 1280.144624][T16688] mmap: syz.3.2534 (16688) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1280.410598][T16738] capability: warning: `syz.1.2535' uses 32-bit capabilities (legacy support in use)
[ 1280.497855][T16728] sg_write: data in/out 122/14 bytes for SCSI command 0x0-- guessing data in;
[ 1280.497855][T16728]    program syz.0.2537 not setting count and/or reply_len properly
[ 1280.708511][T16746] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2538'.
[ 1280.773878][T16746] hsr_slave_0: left promiscuous mode
[ 1280.793438][T16746] hsr_slave_1: left promiscuous mode
[ 1281.667053][T16785] capability: warning: `syz.4.2557' uses deprecated v2 capabilities in a way that may be insecure
[ 1281.932721][T16777] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1281.972822][T16800] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16800 comm=syz.4.2561
[ 1283.640833][   T30] kauditd_printk_skb: 163 callbacks suppressed
[ 1283.640848][   T30] audit: type=1400 audit(1744990593.850:2143): avc:  denied  { create } for  pid=16871 comm="syz.1.2590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1283.733417][   T30] audit: type=1400 audit(1744990593.880:2144): avc:  denied  { search } for  pid=5180 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1283.842034][   T30] audit: type=1400 audit(1744990594.050:2145): avc:  denied  { wake_alarm } for  pid=16875 comm="syz.0.2592" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1283.889274][T16882] netlink: 'syz.4.2595': attribute type 12 has an invalid length.
[ 1284.028114][T16885] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2596'.
[ 1284.073032][T16885] hsr_slave_0: left promiscuous mode
[ 1284.089420][T16885] hsr_slave_1: left promiscuous mode
[ 1284.293024][   T30] audit: type=1326 audit(1744990594.500:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.340366][T16907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'.
[ 1284.388047][   T30] audit: type=1326 audit(1744990594.530:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.494721][   T30] audit: type=1326 audit(1744990594.530:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.560883][   T30] audit: type=1326 audit(1744990594.540:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.616356][   T30] audit: type=1326 audit(1744990594.540:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.672136][   T30] audit: type=1326 audit(1744990594.540:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.754876][   T30] audit: type=1326 audit(1744990594.540:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16903 comm="syz.2.2603" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faee618e169 code=0x7ffc0000
[ 1284.924336][T16930] 9pnet_fd: Insufficient options for proto=fd
[ 1285.127922][T16934] openvswitch: netlink: Message has 8 unknown bytes.
[ 1285.195498][T16941] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2616'.
[ 1285.498460][T16953] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2622'.
[ 1285.876333][T16966] x_tables: ip6_tables: tcpmss match: only valid for protocol 6
[ 1286.883065][T16989] netlink: 156 bytes leftover after parsing attributes in process `+}[@'.
[ 1286.902584][T16989] netlink: 24 bytes leftover after parsing attributes in process `+}[@'.
[ 1289.012471][   T30] kauditd_printk_skb: 86 callbacks suppressed
[ 1289.012487][   T30] audit: type=1326 audit(1744990599.220:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.042335][   T30] audit: type=1326 audit(1744990599.230:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.074598][   T30] audit: type=1326 audit(1744990599.240:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.101066][   T30] audit: type=1326 audit(1744990599.240:2242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.126448][   T30] audit: type=1326 audit(1744990599.290:2243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.150571][   T30] audit: type=1326 audit(1744990599.290:2244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.196656][   T30] audit: type=1326 audit(1744990599.300:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe70498cad0 code=0x7ffc0000
[ 1289.212705][T17065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2646'.
[ 1289.220943][   T30] audit: type=1326 audit(1744990599.300:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.257683][   T30] audit: type=1326 audit(1744990599.300:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.284036][   T30] audit: type=1326 audit(1744990599.300:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17062 comm="syz.0.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7fe70498e169 code=0x7ffc0000
[ 1289.508941][T17075] process 'syz.1.2651' launched '/dev/fd/3' with NULL argv: empty string added
[ 1291.049591][T17137] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1291.058720][T17137] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1291.067639][T17137] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1291.076400][T17137] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1291.085443][T17137] vxlan0: entered promiscuous mode
[ 1291.090610][T17137] vxlan0: entered allmulticast mode
[ 1291.371189][T17147] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=17147 comm=wg1
[ 1292.011537][T17174] netlink: 'syz.3.2677': attribute type 7 has an invalid length.
[ 1292.034464][T17174] netlink: 'syz.3.2677': attribute type 5 has an invalid length.
[ 1292.042276][T17174] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2677'.
[ 1292.115017][T17174] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1292.218908][T17174] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1292.286513][T17189] openvswitch: netlink: Message has 8 unknown bytes.
[ 1292.346273][T17174] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1292.530818][T17174] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1292.803752][T17174] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.865779][T17174] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1292.912269][T17174] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.008294][T17173] delete_channel: no stack
[ 1293.033972][T17174] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1293.042901][T17223] tipc: Started in network mode
[ 1293.053294][T17223] tipc: Node identity 4, cluster identity 4711
[ 1293.059817][T17223] tipc: Node number set to 4
[ 1293.404467][T17239] 9pnet_fd: Insufficient options for proto=fd
[ 1293.526168][T17243] raw_sendmsg: syz.1.2703 forgot to set AF_INET. Fix it!
[ 1293.725676][T17250] openvswitch: netlink: Message has 8 unknown bytes.
[ 1293.919543][T17259] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2711'.
[ 1293.938614][T17257] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1293.992402][T17259] vlan2: entered allmulticast mode
[ 1294.016108][T17259] bridge0: entered allmulticast mode
[ 1294.033870][T17259] bridge0: port 1(vlan2) entered blocking state
[ 1294.057478][T17259] bridge0: port 1(vlan2) entered disabled state
[ 1294.069974][   T30] kauditd_printk_skb: 41 callbacks suppressed
[ 1294.069987][   T30] audit: type=1326 audit(1744990604.280:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.160073][   T30] audit: type=1326 audit(1744990604.330:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.246052][   T30] audit: type=1326 audit(1744990604.330:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.298929][   T30] audit: type=1326 audit(1744990604.330:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.351486][   T30] audit: type=1326 audit(1744990604.330:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.423456][   T30] audit: type=1326 audit(1744990604.330:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.477857][T17272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2716'.
[ 1294.481256][   T30] audit: type=1326 audit(1744990604.330:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.540750][   T30] audit: type=1326 audit(1744990604.330:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.575679][   T30] audit: type=1326 audit(1744990604.330:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1294.607678][   T30] audit: type=1326 audit(1744990604.340:2299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17260 comm="syz.4.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1295.299889][T17302] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 1295.708577][T17323] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2736'.
[ 1295.871175][T17330] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2740'.
[ 1296.312036][T17358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2753'.
[ 1296.438005][T17362] 9pnet_fd: Insufficient options for proto=fd
[ 1296.995141][T17384] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2765'.
[ 1297.428029][T17395] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2769'.
[ 1297.732765][T17422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2782'.
[ 1297.962356][T17433] openvswitch: netlink: Message has 8 unknown bytes.
[ 1297.964956][T17436] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17436 comm=syz.2.2787
[ 1298.091933][T17440] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2791'.
[ 1298.318084][T17458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2798'.
[ 1298.421163][T17466] openvswitch: netlink: Message has 8 unknown bytes.
[ 1298.872681][T17493] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2817'.
[ 1299.066497][T17501] =======================================================
[ 1299.066497][T17501] WARNING: The mand mount option has been deprecated and
[ 1299.066497][T17501]          and is ignored by this kernel. Remove the mand
[ 1299.066497][T17501]          option from the mount to silence this warning.
[ 1299.066497][T17501] =======================================================
[ 1299.114112][   T30] kauditd_printk_skb: 134 callbacks suppressed
[ 1299.114144][   T30] audit: type=1400 audit(1744990609.280:2434): avc:  denied  { mounton } for  pid=17490 comm="syz.1.2814" path="/581/bus" dev="tmpfs" ino=3099 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1299.787695][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.797117][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.169109][   T30] audit: type=1400 audit(1744990610.380:2435): avc:  denied  { create } for  pid=17516 comm="syz.2.2826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1300.352981][T17520] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1300.398108][   T30] audit: type=1400 audit(1744990610.610:2436): avc:  denied  { bind } for  pid=17522 comm="syz.0.2829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1300.416295][T17525] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2830'.
[ 1300.457255][   T30] audit: type=1400 audit(1744990610.610:2437): avc:  denied  { name_bind } for  pid=17522 comm="syz.0.2829" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[ 1300.619907][   T30] audit: type=1400 audit(1744990610.610:2438): avc:  denied  { node_bind } for  pid=17522 comm="syz.0.2829" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[ 1300.641311][   T30] audit: type=1400 audit(1744990610.620:2439): avc:  denied  { listen } for  pid=17522 comm="syz.0.2829" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1300.661996][   T30] audit: type=1400 audit(1744990610.620:2440): avc:  denied  { connect } for  pid=17522 comm="syz.0.2829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1300.711222][   T30] audit: type=1400 audit(1744990610.620:2441): avc:  denied  { name_connect } for  pid=17522 comm="syz.0.2829" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[ 1300.914373][T14436] IPVS: starting estimator thread 0...
[ 1301.036414][T17538] IPVS: using max 42 ests per chain, 100800 per kthread
[ 1301.168183][   T30] audit: type=1400 audit(1744990610.620:2442): avc:  denied  { write } for  pid=17522 comm="syz.0.2829" laddr=172.20.20.170 lport=59526 faddr=172.20.20.170 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1301.193365][   T30] audit: type=1400 audit(1744990610.690:2443): avc:  denied  { accept } for  pid=17522 comm="syz.0.2829" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1301.284751][T17545] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app
[ 1303.148723][T17569] infiniband syz0: set active
[ 1303.176989][T17569] infiniband syz0: added bond0
[ 1303.194440][T17569] syz0: rxe_create_cq: returned err = -12
[ 1303.200608][T17569] infiniband syz0: Couldn't create ib_mad CQ
[ 1303.213773][T17569] infiniband syz0: Couldn't open port 1
[ 1303.309173][T17569] RDS/IB: syz0: added
[ 1303.339308][T17569] smc: adding ib device syz0 with port count 1
[ 1303.349022][T17569] smc:    ib device syz0 port 1 has pnetid SYZ0 (user defined)
[ 1303.607782][T17603] random: crng reseeded on system resumption
[ 1303.922395][T17619] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2869'.
[ 1304.075448][T17625] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1304.084282][T17625] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1304.092987][T17625] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1304.102322][T17625] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1304.128964][T17625] vxlan0: entered promiscuous mode
[ 1304.142056][T17625] vxlan0: entered allmulticast mode
[ 1304.383063][   T30] kauditd_printk_skb: 285 callbacks suppressed
[ 1304.383095][   T30] audit: type=1400 audit(1744990614.590:2729): avc:  denied  { nlmsg_write } for  pid=17634 comm="syz.4.2876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1304.665670][   T30] audit: type=1400 audit(1744990614.880:2730): avc:  denied  { read write } for  pid=17642 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1304.703106][T15893] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1304.711829][T15893] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1304.720167][   T30] audit: type=1400 audit(1744990614.900:2731): avc:  denied  { open } for  pid=17642 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1304.720394][T15893] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1304.754315][T15893] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1304.761296][   T30] audit: type=1400 audit(1744990614.910:2732): avc:  denied  { ioctl } for  pid=17642 comm="syz-executor" path="socket:[42580]" dev="sockfs" ino=42580 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1304.794902][T15893] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1304.825960][   T30] audit: type=1400 audit(1744990615.030:2733): avc:  denied  { mounton } for  pid=17642 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 1304.850677][T17059] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1304.946647][T17059] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1304.968764][   T30] audit: type=1400 audit(1744990615.180:2734): avc:  denied  { search } for  pid=17646 comm="syz.1.2880" name="/" dev="configfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1305.041865][   T30] audit: type=1400 audit(1744990615.210:2735): avc:  denied  { mounton } for  pid=17646 comm="syz.1.2880" path="/" dev="configfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1305.068820][T17059] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.091661][   T30] audit: type=1400 audit(1744990615.240:2736): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1305.193815][   T30] audit: type=1400 audit(1744990615.280:2737): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1305.260351][T17059] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1305.289274][   T30] audit: type=1400 audit(1744990615.460:2738): avc:  denied  { create } for  pid=17650 comm="syz.0.2883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1305.659835][T17676] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0
[ 1305.669775][T17672] IPVS: stopping backup sync thread 17676 ...
[ 1305.690290][T17675] SELinux: syz.0.2893 (17675) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1306.012038][T17691] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2895'.
[ 1306.656997][ T5877] IPVS: starting estimator thread 0...
[ 1306.754090][T17709] IPVS: using max 42 ests per chain, 100800 per kthread
[ 1306.906688][T15893] Bluetooth: hci2: command tx timeout
[ 1307.018704][T17740] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.2902' sets config #1
[ 1307.177204][T17744] openvswitch: netlink: Message has 8 unknown bytes.
[ 1307.320473][T17059] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1307.323030][T17753] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2907'.
[ 1307.340485][T17059] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1307.351148][T17059] bond0 (unregistering): Released all slaves
[ 1307.382854][T17755] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2907'.
[ 1307.505188][T17642] chnl_net:caif_netlink_parms(): no params data found
[ 1308.618396][T17642] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1308.711129][T17642] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1308.729871][T17642] bridge_slave_0: entered allmulticast mode
[ 1308.778893][T17642] bridge_slave_0: entered promiscuous mode
[ 1308.890213][T17815] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2919'.
[ 1308.933186][T17815] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2919'.
[ 1308.950409][T17642] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1308.970570][T17642] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1308.983667][T15893] Bluetooth: hci2: command tx timeout
[ 1308.984875][T17642] bridge_slave_1: entered allmulticast mode
[ 1309.010254][T17642] bridge_slave_1: entered promiscuous mode
[ 1309.027632][T17835] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2925'.
[ 1309.168114][T17642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1309.226573][T17642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1309.276659][T17844] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[ 1309.572560][T17642] team0: Port device team_slave_0 added
[ 1309.639582][   T30] kauditd_printk_skb: 66 callbacks suppressed
[ 1309.639596][   T30] audit: type=1326 audit(1744990619.850:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.649326][T17059] hsr_slave_0: left promiscuous mode
[ 1309.673925][   T30] audit: type=1326 audit(1744990619.890:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.717522][T17059] hsr_slave_1: left promiscuous mode
[ 1309.768330][T17059] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1309.792434][   T30] audit: type=1326 audit(1744990619.920:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.809380][T17059] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1309.837988][T17059] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1309.839268][   T30] audit: type=1326 audit(1744990619.920:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.875176][   T30] audit: type=1326 audit(1744990619.920:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.876144][T17059] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1309.902560][   T30] audit: type=1326 audit(1744990619.920:2810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.936771][   T30] audit: type=1326 audit(1744990619.930:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.963500][   T30] audit: type=1326 audit(1744990619.930:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1309.996667][   T30] audit: type=1326 audit(1744990619.930:2813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1310.026503][T17059] veth1_macvtap: left promiscuous mode
[ 1310.032561][T17059] veth0_macvtap: left promiscuous mode
[ 1310.038158][   T30] audit: type=1326 audit(1744990619.930:2814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17861 comm="syz.4.2937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3fc098e169 code=0x7ffc0000
[ 1310.064047][T17059] veth1_vlan: left promiscuous mode
[ 1310.078761][T17059] veth0_vlan: left promiscuous mode
[ 1310.729054][T17059] team0 (unregistering): Port device team_slave_1 removed
[ 1310.765852][T17059] team0 (unregistering): Port device team_slave_0 removed
[ 1311.065366][T15893] Bluetooth: hci2: command tx timeout
[ 1311.121606][T17642] team0: Port device team_slave_1 added
[ 1311.216053][T17909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2956'.
[ 1311.321461][T17642] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1311.360358][T17642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1311.433244][T17642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1311.491039][T17642] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1311.521838][T17642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1311.579158][T17642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1311.828858][T17642] hsr_slave_0: entered promiscuous mode
[ 1311.997585][T17642] hsr_slave_1: entered promiscuous mode
[ 1312.013889][T17642] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1312.021478][T17642] Cannot create hsr debugfs directory
[ 1312.509769][T17954] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[ 1312.536421][T17954] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[ 1417.773289][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1417.780265][    C0] rcu: 	1-...!: (0 ticks this GP) idle=3eac/1/0x4000000000000000 softirq=76444/76452 fqs=1
[ 1417.790912][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=62469, q=277 ncpus=2)
[ 1417.798631][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1417.798655][    C1] NMI backtrace for cpu 1
[ 1417.798666][    C1] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1417.798682][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1417.798689][    C1] RIP: 0010:advance_sched+0xf1/0xc80
[ 1417.798707][    C1] Code: 30 48 8d 43 a8 48 89 c7 48 89 44 24 40 e8 e7 7a f2 01 e8 32 da ef 01 31 ff 89 c5 89 c6 e8 27 8c 38 f8 85 ed 0f 85 37 07 00 00 <e8> da 90 38 f8 48 8d 43 e8 48 89 c2 48 89 44 24 38 48 b8 00 00 00
[ 1417.798719][    C1] RSP: 0018:ffffc90000a08d90 EFLAGS: 00000002
[ 1417.798730][    C1] RAX: 0000000080010003 RBX: ffff88807f84b340 RCX: ffffffff8982b3e6
[ 1417.798738][    C1] RDX: ffff888076c7a440 RSI: 0000000000000000 RDI: 0000000000000005
[ 1417.798746][    C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[ 1417.798753][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880b8527840
[ 1417.798761][    C1] R13: 0000000000000000 R14: ffff88807f84b340 R15: ffffffff8982aba0
[ 1417.798769][    C1] FS:  00005555880a8500(0000) GS:ffff888124ab0000(0000) knlGS:0000000000000000
[ 1417.798782][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1417.798790][    C1] CR2: 00007faee6ee56c0 CR3: 00000000370f2000 CR4: 00000000003526f0
[ 1417.798798][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1417.798806][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1417.798814][    C1] Call Trace:
[ 1417.798818][    C1]  <IRQ>
[ 1417.798824][    C1]  ? find_held_lock+0x2b/0x80
[ 1417.798842][    C1]  ? do_raw_spin_unlock+0x172/0x230
[ 1417.798857][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1417.798868][    C1]  __hrtimer_run_queues+0x1ff/0xad0
[ 1417.798886][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1417.798900][    C1]  ? read_tsc+0x9/0x20
[ 1417.798921][    C1]  hrtimer_interrupt+0x397/0x8e0
[ 1417.798940][    C1]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[ 1417.798961][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1417.798979][    C1]  </IRQ>
[ 1417.798983][    C1]  <TASK>
[ 1417.798988][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1417.799002][    C1] RIP: 0010:write_comp_data+0x0/0x90
[ 1417.799015][    C1] Code: 48 8b 05 4b c9 eb 11 48 8b 80 30 16 00 00 c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <49> 89 d2 49 89 f8 49 89 f1 65 48 8b 15 17 c9 eb 11 65 8b 05 28 c9
[ 1417.799026][    C1] RSP: 0018:ffffc90001577648 EFLAGS: 00000246
[ 1417.799036][    C1] RAX: 0000000000000001 RBX: 0000000000063823 RCX: ffffffff822c1e14
[ 1417.799044][    C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
[ 1417.799052][    C1] RBP: ffff88801ca00000 R08: 0000000000000007 R09: 000000000007ffff
[ 1417.799059][    C1] R10: 000000000000000c R11: 0000000000000000 R12: 0000000000000001
[ 1417.799066][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1417.799076][    C1]  ? lookup_page_ext+0xf4/0x190
[ 1417.799092][    C1]  lookup_page_ext+0xf4/0x190
[ 1417.799104][    C1]  page_table_check_set+0x3cc/0xb50
[ 1417.799119][    C1]  __page_table_check_ptes_set+0x318/0x420
[ 1417.799133][    C1]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[ 1417.799145][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1417.799161][    C1]  copy_page_range+0x1b98/0x5ec0
[ 1417.799190][    C1]  ? __pfx_copy_page_range+0x10/0x10
[ 1417.799210][    C1]  ? __pfx___might_resched+0x10/0x10
[ 1417.799226][    C1]  ? __pfx_mas_store+0x10/0x10
[ 1417.799243][    C1]  ? __vma_enter_locked+0x163/0x3f0
[ 1417.799257][    C1]  ? copy_process+0x85dd/0x91a0
[ 1417.799275][    C1]  ? down_write+0x14d/0x200
[ 1417.799293][    C1]  ? up_write+0x1b2/0x520
[ 1417.799307][    C1]  copy_process+0x862b/0x91a0
[ 1417.799331][    C1]  ? __pfx_copy_process+0x10/0x10
[ 1417.799351][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1417.799369][    C1]  kernel_clone+0xfc/0x960
[ 1417.799386][    C1]  ? __pfx_kernel_clone+0x10/0x10
[ 1417.799405][    C1]  ? cgroup_rstat_updated+0x2a/0xb20
[ 1417.799422][    C1]  __do_sys_clone+0xce/0x120
[ 1417.799438][    C1]  ? __pfx___do_sys_clone+0x10/0x10
[ 1417.799460][    C1]  ? do_user_addr_fault+0x843/0x1370
[ 1417.799477][    C1]  do_syscall_64+0xcd/0x260
[ 1417.799495][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1417.799507][    C1] RIP: 0033:0x7faee61849d3
[ 1417.799519][    C1] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[ 1417.799530][    C1] RSP: 002b:00007ffc1caaf148 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 1417.799541][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faee61849d3
[ 1417.799549][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 1417.799557][    C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[ 1417.799564][    C1] R10: 00005555880a87d0 R11: 0000000000000246 R12: 0000000000000000
[ 1417.799571][    C1] R13: 00000000000927c0 R14: 00000000001407a8 R15: 00007ffc1caaf2e0
[ 1417.799585][    C1]  </TASK>
[ 1417.799649][    C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g62469 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1418.288195][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1418.298155][    C0] rcu: RCU grace-period kthread stack dump:
[ 1418.304031][    C0] task:rcu_preempt     state:R  running task     stack:27704 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1418.317514][    C0] Call Trace:
[ 1418.320784][    C0]  <TASK>
[ 1418.323714][    C0]  __schedule+0x116f/0x5de0
[ 1418.328247][    C0]  ? find_held_lock+0x2b/0x80
[ 1418.332928][    C0]  ? __lock_acquire+0x5ca/0x1ba0
[ 1418.337866][    C0]  ? __pfx___schedule+0x10/0x10
[ 1418.342719][    C0]  ? find_held_lock+0x2b/0x80
[ 1418.347394][    C0]  ? schedule+0x2d7/0x3a0
[ 1418.351722][    C0]  schedule+0xe7/0x3a0
[ 1418.355789][    C0]  schedule_timeout+0x123/0x290
[ 1418.360632][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1418.365999][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1418.371286][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1418.377087][    C0]  ? prepare_to_swait_event+0xf5/0x480
[ 1418.382548][    C0]  rcu_gp_fqs_loop+0x1ea/0xb00
[ 1418.387309][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1418.392589][    C0]  ? rcu_gp_cleanup+0x7c1/0xd90
[ 1418.397436][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1418.403241][    C0]  rcu_gp_kthread+0x270/0x380
[ 1418.407914][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1418.413104][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1418.417865][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1418.423062][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1418.428087][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1418.433277][    C0]  kthread+0x3c2/0x780
[ 1418.437340][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.441923][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.446509][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.451091][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.455672][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1418.460435][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.465017][    C0]  ret_from_fork+0x45/0x80
[ 1418.469428][    C0]  ? __pfx_kthread+0x10/0x10
[ 1418.474010][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1418.478785][    C0]  </TASK>
[ 1418.481797][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1418.488111][    C0] CPU: 0 UID: 0 PID: 17961 Comm: syz.1.2973 Not tainted 6.15.0-rc2-syzkaller-00278-gfc96b232f8e7 #0 PREEMPT(full) 
[ 1418.500164][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1418.510208][    C0] RIP: 0010:smp_call_function_many_cond+0x4a5/0x1290
[ 1418.516879][    C0] Code: 89 ee e8 5e 12 0c 00 85 ed 74 48 48 8b 44 24 20 49 89 c4 83 e0 07 49 c1 ec 03 48 89 c5 4d 01 f4 83 c5 03 e8 fd 16 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 de 0b 00 00 8b 43 08 31
[ 1418.536476][    C0] RSP: 0018:ffffc90004dd77c8 EFLAGS: 00000293
[ 1418.542536][    C0] RAX: 0000000000000000 RBX: ffff8880b853f740 RCX: ffffffff81af2699
[ 1418.550497][    C0] RDX: ffff888078eda440 RSI: ffffffff81af2673 RDI: 0000000000000005
[ 1418.558461][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 1418.566421][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed10170a7ee9
[ 1418.574381][    C0] R13: 0000000000000001 R14: dffffc0000000000 R15: ffff8880b843b040
[ 1418.582343][    C0] FS:  0000000000000000(0000) GS:ffff8881249b0000(0000) knlGS:0000000000000000
[ 1418.591265][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1418.597842][    C0] CR2: 00005632e672d000 CR3: 0000000060c64000 CR4: 00000000003526f0
[ 1418.605806][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1418.613768][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1418.621732][    C0] Call Trace:
[ 1418.625001][    C0]  <TASK>
[ 1418.627933][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1418.633126][    C0]  on_each_cpu_cond_mask+0x40/0x90
[ 1418.638235][    C0]  flush_tlb_mm_range+0x322/0x1780
[ 1418.643342][    C0]  ? __pfx_free_pgtables+0x10/0x10
[ 1418.648449][    C0]  ? mas_next_slot+0x12d3/0x21b0
[ 1418.653387][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1418.658932][    C0]  tlb_finish_mmu+0x3c9/0x7b0
[ 1418.663609][    C0]  exit_mmap+0x403/0xb90
[ 1418.667857][    C0]  ? __pfx_exit_mmap+0x10/0x10
[ 1418.672627][    C0]  ? __lock_acquire+0xaa4/0x1ba0
[ 1418.677580][    C0]  __mmput+0x12a/0x410
[ 1418.681649][    C0]  mmput+0x62/0x70
[ 1418.685368][    C0]  do_exit+0x9d1/0x2c30
[ 1418.689515][    C0]  ? __pfx_try_to_wake_up+0x10/0x10
[ 1418.694716][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1418.699296][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1418.704312][    C0]  ? find_held_lock+0x2b/0x80
[ 1418.708989][    C0]  do_group_exit+0xd3/0x2a0
[ 1418.713484][    C0]  get_signal+0x2673/0x26d0
[ 1418.717994][    C0]  ? find_held_lock+0x2b/0x80
[ 1418.722673][    C0]  ? __pfx_get_signal+0x10/0x10
[ 1418.727521][    C0]  ? do_futex+0x122/0x350
[ 1418.731850][    C0]  ? __pfx_do_futex+0x10/0x10
[ 1418.736526][    C0]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1418.742072][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1418.748231][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1418.752994][    C0]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1418.758626][    C0]  do_syscall_64+0xda/0x260
[ 1418.763132][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1418.769017][    C0] RIP: 0033:0x7fdbeef8e169
[ 1418.773423][    C0] Code: Unable to access opcode bytes at 0x7fdbeef8e13f.
[ 1418.780431][    C0] RSP: 002b:00007fdbefd230e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1418.788833][    C0] RAX: 0000000000000001 RBX: 00007fdbef1b5fa8 RCX: 00007fdbeef8e169
[ 1418.796794][    C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fdbef1b5fac
[ 1418.804758][    C0] RBP: 00007fdbef1b5fa0 R08: 00007fdbefd24000 R09: 0000000000000000
[ 1418.812719][    C0] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007fdbef1b5fac
[ 1418.820681][    C0] R13: 0000000000000000 R14: 00007fffba6cc0e0 R15: 00007fffba6cc1c8
[ 1418.828656][    C0]  </TASK>