last executing test programs:

4m16.938632541s ago: executing program 0 (id=1816):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x6, 0x9, &(0x7f0000000080)={{0x1, @empty, 0x2, 0x43, 'fo\x00', 0x2, 0x0, 0x3a}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4, 0x0, 0x0, 0xba0, 0xdffffffe}}, 0x44)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7fff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x8004000, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000340)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000a50000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000000000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000180)={0x0})
mknodat$loop(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x40, 0x1)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r9, &(0x7f0000000080)=""/102356, 0x18fd4, 0x21f)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x1, 0x6})

4m13.913527996s ago: executing program 0 (id=1822):
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = syz_open_dev$video(0x0, 0x800000000, 0x0)
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000080)={0x26, 0x2, 0x0, "81defc5789176beb8c6301cd2d8161670cce6570a5760ef394fd7513c0a80f93", 0x38415262})
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000180)={0xdb, 0x5, 0x92, "943af7c1be9623b9a787acfd360b4795f728b865980fab768e25f41dd13d94e6a72c5ff10c9ac1710deb1c9e96e9b7c895a4f16c00f6cbe1de4459d1ae264cda444ca1e7a003a67b04b781afb8aa9ea5728e178ea8f9e4626973618feaaed2f3d524773e437a2f9ac070cc31a7cc8c9168f585661edbfc9fdea58eb396df668ace0a61c18974b4afc2b1f18816b2276dce23109edcec4a49e07f5727859aba9472726bf258ff17928f34b268f92601806771604b180866088246974f2560abe0fcc3d915050ae466dd051ff460b5098bf6587a9782b5003b0b92c3"})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private=0xfffffffc, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000040230000002000", 0x3e1f}, 0x3c)
r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, 0x0, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r8 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x34, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

4m12.818124831s ago: executing program 0 (id=1824):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400"], 0x48)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0x0, 0x0, {0xfffffffffffffffe}}, 0x18)
socket(0x9, 0x7, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000200)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)

4m12.350744575s ago: executing program 0 (id=1827):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c"], 0x122}}, 0x0)

4m12.260970354s ago: executing program 0 (id=1828):
socket$inet(0x2, 0xa, 0x7ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$inet6_tcp(0xa, 0x1, 0x0)
landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f00000001c0), 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

4m10.751892995s ago: executing program 0 (id=1830):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2d}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
sched_setaffinity(0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m54.985384216s ago: executing program 32 (id=1830):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2d}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x7, 0x4, 0x208, 0x1}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501)
sched_setaffinity(0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

11.517456796s ago: executing program 5 (id=2485):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000340), 0x15)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r2, 0x6, 0x0, 0x0, &(0x7f0000000bc0))
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f03000000000000040014000d000a000d000000", 0x2c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x400c084)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
fstat(0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000200)={0x2, @pix={0xc0000000, 0x1, 0x32315559, 0x3, 0x1, 0x8, 0x9, 0x6, 0x0, 0x1, 0x1, 0x3}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)

8.704508196s ago: executing program 5 (id=2492):
r0 = socket$packet(0x11, 0x3, 0x300)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x14)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r2 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
pwrite64(r2, &(0x7f0000000400)="eaf809", 0x3, 0x776)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000f00000a64000000060a0b1600000000000000000200000838000480340001800b0001006e756d67656e00002400028008000340000000000800014000000003080003400000000008000240000000500900010073797a30000000000900020073797a32"], 0x8c}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x420800, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b800294429118927"], 0xfdef)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000080)='./file0\x00')
getcwd(&(0x7f0000000140)=""/115, 0x73)
r5 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r6, 0x0)
ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0xc, 0xa13ca8e5839881a8, 0x4})
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r6, 0x3ba0, &(0x7f00000000c0)={0x48, 0x9, 0x0, 0x0, 0x1})
ioctl$VFAT_IOCTL_READDIR_BOTH(r5, 0x82307201, &(0x7f0000000300)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="000000000000000014001a80100004800c000380"], 0x34}}, 0x0)

7.825569533s ago: executing program 5 (id=2494):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x109801, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pimreg\x00', 0x3})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}, 0x1}, 0x1c)
r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0xc02, 0x121)
mknodat(r2, 0x0, 0x8000, 0xfffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x3ef)
mkdirat(r4, &(0x7f0000000040)='./cgroup\x00', 0x3)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f00000000c0), 0x0, 0x40000002, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet6(r10, &(0x7f0000000580)={&(0x7f0000000000)={0xa, 0x4e23, 0x8a, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000290000003700000023000000000000001b0000000000000029000000324c39f2bba63a2a79000000000000000000000000000000000400001c61b90ab5bba6826fd67104fa7cc3eb54e88cb2bf55c373b652276b6a20e247", @ANYRES32=0x0, @ANYBLOB="00000000000000000000000029000000390000003a00c00700000000fe8000000000000000000000000000aa0000000000000000000000000000000100000000000000000000000000000001ff01000000000000000000000000000100000000000000000000ffffe0000002fe8000000000000000000000000000bbff020000000000000000000000000001fe880000000000000000000000000101"], 0x40}, 0x20000010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r9, &(0x7f0000000480)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x1}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0xc5}, 0x40000)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)

7.461817283s ago: executing program 2 (id=2496):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)=ANY=[])
accept4$bt_l2cap(r0, &(0x7f0000000180)={0x1f, 0x0, @none}, &(0x7f0000000280)=0xe, 0x181000)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x3, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x400, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28, 0x3c}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b80)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xe, 0x7}, {}, {0x1001d, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_SRC_PORT={0x6}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$packet(0x11, 0x3, 0x300)
r7 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r2, &(0x7f0000003040)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x0, 0x1}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr, @multicast2=0xe0000001}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36)

6.118260856s ago: executing program 2 (id=2498):
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8b20, &(0x7f0000000040)={'wlan1\x00', @multicast})
socket$inet(0x2, 0x3, 0x4)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
listen(r1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000080)=0x4, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x2000, 0x0, 0x27}, &(0x7f00000000c0), 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock2(&(0x7f0000658000/0x4000)=nil, 0x4000, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000240)='cgroup2\x00', 0x0)
syz_open_dev$amidi(&(0x7f00000006c0), 0x3e0, 0x123e81)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000000206030004000000000000000000000005000100070000000900020073797a30000000001400078005001500040000000800124000000000050005000a000000050004000000000015000300686173683a69702c706f72742c6e6574"], 0x64}, 0x1, 0x0, 0x0, 0x8080}, 0x10000)
fchmodat(0xffffffffffffff9c, 0x0, 0x166)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e23, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x5}}, 0x0, 0x0, 0x4f, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8)
setsockopt$inet_tcp_int(r6, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
sendmsg$IPSET_CMD_HEADER(r5, &(0x7f00000000c0)={0x0, 0x14, 0x0}, 0x20048c00)
syz_open_dev$video4linux(&(0x7f0000010300), 0xd1ba, 0x300)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="24000000040605000000000000000000020000010d000100070000000500010007000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
fsmount(0xffffffffffffffff, 0x0, 0x14)

5.933116004s ago: executing program 4 (id=2499):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x442, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = signalfd4(r1, &(0x7f0000000140)={[0x1]}, 0x8, 0xc0000)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$sock_int(r3, 0x1, 0xc, &(0x7f0000000600)=0xdfa, 0x4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x3, 0xd000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
ioctl$KVM_CAP_SYNC_REGS(r4, 0x4068aea3, &(0x7f00000002c0))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x3, 0x1, 0x0, 0x1000, &(0x7f0000fe9000/0x1000)=nil})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2}, 0x94)
setfsgid(0xffffffffffffffff)
r8 = syz_usb_connect(0x2, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff85850000007100000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x0, 0xfe4f, 0x0, &(0x7f0000000000)="5fd63edbfd8a4a6077fd87686f9a", 0x0, 0x704, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

5.454405251s ago: executing program 1 (id=2500):
socket$inet(0x2, 0xa, 0x7ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bind$inet6(r1, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f00000001c0), 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@upd={0xe0, 0x12, 0x1, 0x0, 0x0, {{'sha384\x00'}, '\x00', '\x00', 0x0, 0x2000}}, 0xe0}}, 0x0)
capset(&(0x7f0000000080)={0x20080522, 0xffffffffffffffff}, &(0x7f00000000c0)={0x200000, 0xffffffff, 0x7, 0x0, 0x4})

5.449640083s ago: executing program 3 (id=2501):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbmon(&(0x7f0000000240), 0x8, 0x0)

4.26353226s ago: executing program 1 (id=2502):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000340), 0x15)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r2, 0x6, 0x0, 0x0, &(0x7f0000000bc0))
r3 = socket(0x10, 0x803, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703100000001f03000000000000040014000d000a000d000000", 0x2c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x400c084)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
fstat(0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000200)={0x2, @pix={0xc0000000, 0x1, 0x32315559, 0x3, 0x1, 0x8, 0x9, 0x6, 0x0, 0x1, 0x1, 0x3}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x20000080)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0)

4.19354896s ago: executing program 3 (id=2503):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0), 0x14305, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='setgroups\x00')
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x4, &(0x7f0000000240)=0xfffffffe, 0x5)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4)
r3 = socket(0xa, 0x5, 0x0)
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000380)='netpci0\x00')
setsockopt$inet_int(r3, 0x0, 0x15, &(0x7f00000000c0)=0x80000000, 0x4)
socket$nl_audit(0x10, 0x3, 0x9)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r6=>r5, 0x4, 0x0, 0x0, 0x0, 0x0, @dev, @dev, 0x80, 0x0, 0x1, 0x1}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', r6, 0x0, 0xff, 0x0, 0x7, 0x0, @dev, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1, 0x1, 0xfffffffe}})
socket$packet(0x11, 0x3, 0x300)
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', 0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x2f, 0x0, 0x6, 0x7f, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, 0x10, 0x10, 0x4, 0x41}})

4.193197205s ago: executing program 5 (id=2504):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000000)=0x2)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x1, 0x0, &(0x7f0000000040)="ab"})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r0, 0x20, &(0x7f0000000100)={0x0, 0x0, <r2=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r2, 0x4)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r3, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r4, 0xa}}, 0x10)
sendfile(r3, r3, 0x0, 0x68)

4.146096415s ago: executing program 2 (id=2505):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r0=>0x0)
r1 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400000101292000090509"], 0x0)
r2 = memfd_secret(0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r3, r2, 0x2e, 0x4608, @void}, 0x10)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r3, r2, 0x2e}, 0x14)
syz_usb_control_io$hid(r1, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB="9feb01001800000000000000180000000500000005b74d580f62e13ddf00000300"/44], 0x0, 0x35, 0x0, 0x1}, 0x28)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r0, 0x0, &(0x7f0000004540))
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
syz_usb_control_io$sierra_net(r1, &(0x7f00000001c0)={0x14, &(0x7f00000002c0)={0x20, 0x4, 0xd1, {0xd1, 0x2, "f28133da8ecd478207009e7c673b039c9e1d1877f4017d3608b1e06915ada26f8aa62c05b4d8a932b12b3cd79f0b9268050aeafa3d33a8db10e7c8338efb1011bfac10a2023f439daf857627b7edc92f2469b51a7e91811c43b9e13f010f332449b912c29da4f6e049b2f35b9a204c9c2e0c5f001cb0dfe4b3a506eaa0d48b90494b06b75be9d04e874a4c7dfa48a26a0348ab9596b4654075fc99bd8c2e08f337d8a510f6a761c51257487bcf787dc542460008582725ffbfcd85ec6835d4da2abc5a25df4ea0032c651026520953"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2801}}}, &(0x7f00000003c0)={0x1c, &(0x7f0000000200)={0x40, 0x14, 0x2c, "d1ee70c2c3be8c9c19d30d3d5f2d5031cca176b50a709200d802f12913c6104226aee36ca040c6b0bec5a856"}, &(0x7f0000000b80)={0xa1, 0x1, 0x400, "942a479598a1ba1e59958cf3c2f6508f11cc21a5133cb86bfa383ce63dce4a11214fd9ad447e48faff178163ecf4f9569f576918eeeb8dc3a337ffb642aa3953904c537d82a12585d6ff1479a3907ea866def19f2496ad39719010fd661e02203957c102e4d52ef4addd01ac5656892a4cd25032c8d68eaba3e39aa9683022bd092d0d2b3819247b2979a10c94b16572589388ced0d5f1181f7eec3a3d4cff4db72235d53b4038b4b68dbfe23945db181b61efcfc710f4bf7749d496feed4eb244d428a801711484017fa437d1005ec9da287e383a1f96c38ec5cc8bd98f0979bd5cd50757a0f51a23d22131e30ec44232aa444376897faa8ccd9da807b05e231734e14e6100447df20449b502f0a6bc944eff377910fc54b050a0a755274251a89a5ee49344dc2be950a611a4461bb63c8b473a4a66c7031e8f7d9c05186fdc420bd801c0c31313ee574673bd352c6d2d1e1a9a0089a2c4013e3b171541ae96205ae06fd52c478ea3863eb26df0c52f26ed306a3495016bcb4ce993155b6074248a05f80ed9bd57df31dfaaba28dc33600c6c51c9e79f9aa3e1666b3cb91b1a8dd72509eb148ed258218d1f5e8705120f54c62cb585f22b1051ae0c7f67513b193712ceb37ab6fbaa181d5f274738546a9fbdf8f789bc6001fcc747a1d5480a5e70dde379b01c30811bf4d57f1168ae89b30437cd69f73d95f34a9ef72655c54b8bd16a4236570597f5027183326cb949f68281518d6654a3440e9db448791b9c922bc36f2f2dd2dda02f5149f2e51340195d21a31fe0f6fef78d063ef478e858b24051aadd669f050fb89163155b958b257778418774d1d896aecc92ac30c19875b3b23cbba8fc598e31fd0e66d1bf6341fff3ac8e9741c6df6c7b80b701e67f009b74e97d9001834db0d5870eb2ffcc8ea2f4e49b9c618fdfe82155f47b6d80b389eef2ee6d759ab75a09fcbb6281f97f7749a0994e0062681ff33d61a73e69d157ab02e4799f0911fd046308929e0d696adaa5422659de44c186904a05428278cbf6121b05e6daa3095bf80648a19de73fadb86ac93cae6d5631217e5e20d1bf893f77051eaecb55d684e4d33f70273a5a997a37f6ce4e6b8b005ed2e4b08d719f84f3661268d3487be09d121153431acb65e306f3bc98aa2c09e1526ca26f1521b4c2983a04c9202971140337aa929cf6b7db2a87f36da3b8c041c23972c96c74d879860567d6224cb0bc3868c40f97ad2dc3390f584cf936862451b87a5ac225923888b981926df011c19c6e3e72c63ae6dbb081ae9101e9b5eef7ebf50ba48f63b8f8af8bb9d552a5568262a98b9a4e8a7895b26fb3d6ce704baa5282dbd9ee4c76e727f186a01a8ce30290ce2c9a3b8c40044f45ebf2a5125fc37db629136279b3629a058bbeef7cae6d7d654eeec994deb1b6a8c7400f45141321d5"}, &(0x7f0000000240)={0x21, 0x0, 0x2, "c247"}})
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'dt2801\x00', [0x4f27, 0x7, 0x1, 0x16, 0x0, 0x5, 0x8, 0x3, 0xa, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x7, 0xfffffffe, 0x7f, 0x3, 0x40000003, 0x22, 0xca9f, 0x3, 0x20001e58, 0xb, 0xe66, 0x10, 0x995d000, 0x4085, 0x0, 0xffffff53]})

3.950659861s ago: executing program 5 (id=2506):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000700)={0x40, 0x0, 0xf, "012720dcfe14c639a500ba17162716"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b14, 0x0)

3.32022456s ago: executing program 3 (id=2507):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x10)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = syz_usb_connect$hid(0x1, 0x0, 0x0, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x9, 0x0, 0x3, 0x10, 0x5}, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, &(0x7f0000000280)={0x40, 0xa, 0x39, {0x39, 0xd, "5265370f7410002edb668c10d1c3d6cf11b544258976d195784c619bed428558177c325accf505d091be9bfbef52825d51ea790e6969d7"}}, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1809}}, 0x0, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x40, 0x10, 0xbd, 0x40, "3c32ff80", "f4bb42e0"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x80, 0x5, 0xd, 0xf8, 0x0, 0x8}}}, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0x63, "84463ff4105935b7ea5104cd77400be87e8bdce915a4ce29fd5482e94b5026e7759205ba50387ffa56b1cfee781d89a06d917d1d57809996d3152c58806d22313ab057e055d3e42cc1bb5a50fda4fcd5f966f499c67ee47347630bebc2d8bc7ea307f0"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0xfd}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000600)={0x20, 0x0, 0x8, {0x2, 0x2, [0xfeef]}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x8}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "7d19"}, &(0x7f0000000700)={0x40, 0xf, 0x2}, &(0x7f0000000740)={0x40, 0x13, 0x6, @local}, &(0x7f0000000780)={0x40, 0x17, 0x6, @broadcast}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "ea29"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x7f}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x3}})
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x0, 0xc8, "817182e8974b0c47"}}}, 0xe)

2.927480675s ago: executing program 1 (id=2508):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
futex(&(0x7f000000cffc), 0xb, 0x0, &(0x7f0000000240)={0x77359400}, &(0x7f0000048000)=0x1, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x28}, 0x1, 0x0, 0x0, 0x4c880}, 0x40002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3)

2.461598291s ago: executing program 3 (id=2509):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000440)=ANY=[], 0x40}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x8, 0x50, r0, 0xa91c5000)
userfaultfd(0x80001)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32=0x1, @ANYBLOB="fdffffff0038ff7cdfe84def6fcb16ccbc6a00"/33, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="030000000200"/28], 0x50)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x380})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000aaf000/0x3000)=nil, &(0x7f00003e9000/0x3000)=nil, 0x3000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
write$sysctl(0xffffffffffffffff, &(0x7f0000000580)='3\x00', 0x2)
r1 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="08001413c4b291651379dabfea0237ab6d10540b900c747d40332e874d3764386ed55abe8c1366bcdfbda05b8e9fc83188eaf0ab161c5c7b7f63ab2792649a313317f17ba6be16776a07f2f4c629", 0x4e}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2004000)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x8, 0x7}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f00000000c0)={0x1, &(0x7f0000000140)=[{0x8, 0x7, 0x0, 0x7fff0000}]})
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$ttys(0xc, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143902)
writev(0xffffffffffffffff, &(0x7f0000000340), 0x1)
ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000080)=@echo=0xffffffcd)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_setup(0x5f4f, &(0x7f00000003c0)={0x0, 0x804, 0x2, 0x1000000})

2.451136983s ago: executing program 4 (id=2510):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x28, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xac}}, 0x0)

2.312625935s ago: executing program 4 (id=2511):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000002000010000000000fcdbdf250a105f0000003f039cb2fd8e080018004e204e2014060200fc020000dfffffff00000000000000ea1300010000f90000000001ea0ae3c6a259c2a26a18d1b3b45ecb99a5c03da47cb23284e3"], 0x4c}, 0x1, 0x0, 0x0, 0x4080}, 0x40000)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_PHYS_SWITCH_ID={0x1a, 0x24, "630722f9fbb35528264233fe330865f36caa0dc271f0"}]}, 0x3c}}, 0x0)
connect(r0, &(0x7f0000000140)=@generic={0x22, "5c924f212d05ed2550a5672cc1ace35e54d74d7c2ddd891d8215bd3457fea53c1d02d0fc40440f3acbbaf6860159f9b93ced06e4f9c244e0153b857fe3117e98865f92ddbddac5cb8fc3487a8f1884cfdf026ede5d919596ca533fa010b43500eb3d1aec296c1bcfba92e266022e145d3cd52adb0e20e60a6cc75d27bfd7"}, 0x80)

2.217616075s ago: executing program 1 (id=2512):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000000c0))
syz_open_dev$video4linux(0x0, 0xff, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0) (fail_nth: 2)

2.132560215s ago: executing program 4 (id=2513):
socket$inet(0x2, 0xa, 0x7ff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
bind$inet6(r1, &(0x7f00000003c0)={0xa, 0x4e24, 0x9, @mcast2, 0x80}, 0x1c)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f00000001c0), 0x4)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x20}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
r4 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@upd={0xe0, 0x12, 0x1, 0x0, 0x0, {{'sha384\x00'}, '\x00', '\x00', 0x0, 0x2000}}, 0xe0}}, 0x0)
capset(0x0, &(0x7f00000000c0)={0x200000, 0xffffffff, 0x7, 0x0, 0x4})

1.727614245s ago: executing program 4 (id=2514):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000010c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fedbdf251500000008002a008500000008000300", @ANYRES32=r2], 0x34}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) (fail_nth: 2)

1.40148616s ago: executing program 3 (id=2515):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f0000000180)={0x6e, 0x5, &(0x7f0000000040)=[0x8001, 0x6, 0x9, 0x6, 0x8], &(0x7f0000000080)=[0xf8ec], &(0x7f00000000c0)=[0x0, 0x7fff, 0x6, 0x6, 0x1000, 0x0, 0x5, 0x8], &(0x7f0000000100)=[0x7, 0x0, 0x4]})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x8802, 0x0)
pwritev2(r1, &(0x7f0000000700)=[{0x0}, {0x0}], 0x2, 0xf33, 0xff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000240)='%-5lx  \x00'}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, 0x0, 0x84640, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f9502547f70e06d038e7ff7fc6e5539b3471078b089b3b083848090890e0878f0e1ac6e7049b3372959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31360d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8a92fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18834dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b8dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00fd104d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff752613d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443eab40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738dd7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a23dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c848a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333aed0418c0b44412d041259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b45030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475af3d3060eac38dcaea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
setsockopt$XDP_TX_RING(r5, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="fec31d7d6d1b74b8a16fef1ff9a27d24860927d65e0c85a958dfe3d20211b5bb8ced53b4c894c26bd47474f0df9242f22eb6738f4df5f924d24c9fb98deb860557ab1b9b639d09b493e2703466d2f782bc35a61cc5ae273dcf8d1be12121073c6b2910e5e574b08465769ff081f65497b8d26969a6e35c9fc8696da3683cb898426a8676d6de93942325d11e62f5dca35eb880807febe98b65fd5f2429db2f5a792f092ec47b42cac768b342d94132480b9ba17987fd36faedc736a31d1164788f4a5622", @ANYRES32=r3, @ANYRES32=r1, @ANYRES64=r4, @ANYRES8=r2, @ANYRES32=r2, @ANYRESOCT=r4], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_gettime(0x0, &(0x7f00000008c0)={<r8=>0x0, <r9=>0x0})
recvmmsg(r1, &(0x7f0000000840)=[{{&(0x7f0000000300)=@can, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/82, 0x52}, {&(0x7f0000000b40)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000540)=""/244, 0xf4}], 0x4, &(0x7f0000000640)=""/161, 0xa1}, 0x9}, {{&(0x7f0000000700)=@alg, 0x80, &(0x7f0000000380)=[{&(0x7f0000000280)=""/31, 0x1f}, {&(0x7f0000000780)=""/189, 0xbd}], 0x2}, 0x1}], 0x2, 0x150, &(0x7f0000000900)={r8, r9+10000000})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x16, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c02a, &(0x7f00000004c0)=ANY=[@ANYBLOB='nr_inodes=V,'])
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
nanosleep(&(0x7f0000000a80), &(0x7f0000000940))
clock_getres(0x4, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="000425bd7000fcdbdf040200010008003f0036000000080061"], 0x24}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000000)
sendmsg$NL80211_CMD_SET_COALESCE(r10, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0100000000000000e0000204000008000320", @ANYRES32, @ANYBLOB], 0x28}}, 0x0)

1.401167578s ago: executing program 4 (id=2516):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
timer_create(0x0, 0x0, 0x0)
futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000180)={0x40, 0xe, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f00000015c0)=ANY=[@ANYBLOB="1802000001000000000000000c0000008500000087000000850000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.232560027s ago: executing program 1 (id=2517):
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001b00)=""/4112, 0x1010}], 0x1}, 0x10}], 0x1, 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000040)={0x200002, 0x2, 0x0, 0x0, 0x2, 0x1000006})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/route\x00')
read$FUSE(r2, &(0x7f0000002b40)={0x2020, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
fchown(r2, 0x0, r3)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x1ad841, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x400000000010, 0x3, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000f6c000/0x1000)=nil, 0x1000}, 0x1})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1d, 0x3, &(0x7f0000000000)=ANY=[@ANYRESDEC=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f00000001c0)=""/220)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)

915.71717ms ago: executing program 5 (id=2518):
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x5, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff})
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x0, {0x0, 0xff, 0x2}, 0x6621350e9d60fd79}, 0x18)
connect$can_j1939(r3, &(0x7f0000000080)={0x1d, r4, 0x0, {0x1, 0xf0}, 0x1}, 0x18)
sendmsg$can_j1939(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

529.420894ms ago: executing program 2 (id=2519):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
syz_io_uring_setup(0x230, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0}, 0x68) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x1b77, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0x0, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r4, 0x6, 0x24, &(0x7f0000000000)=0x2, 0x4) (async)
setsockopt$inet6_tcp_int(r4, 0x6, 0x24, &(0x7f0000000000)=0x2, 0x4)
recvmmsg(r3, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) (async)
recvmmsg(r3, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0) (async)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)

115.395431ms ago: executing program 1 (id=2520):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x10)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
r2 = syz_usb_connect$hid(0x1, 0x0, 0x0, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x9, 0x0, 0x3, 0x10, 0x5}, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io(r2, &(0x7f0000000480)={0x2c, &(0x7f0000000280)={0x40, 0xa, 0x39, {0x39, 0xd, "5265370f7410002edb668c10d1c3d6cf11b544258976d195784c619bed428558177c325accf505d091be9bfbef52825d51ea790e6969d7"}}, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1809}}, &(0x7f0000000300)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x40, 0x10, 0xbd, 0x40, "3c32ff80", "f4bb42e0"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x80, 0x5, 0xd, 0xf8, 0x0, 0x8}}}, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0x63, "84463ff4105935b7ea5104cd77400be87e8bdce915a4ce29fd5482e94b5026e7759205ba50387ffa56b1cfee781d89a06d917d1d57809996d3152c58806d22313ab057e055d3e42cc1bb5a50fda4fcd5f966f499c67ee47347630bebc2d8bc7ea307f0"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0xfd}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000600)={0x20, 0x0, 0x8, {0x2, 0x2, [0xfeef]}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x9}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x8}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "7d19"}, &(0x7f0000000700)={0x40, 0xf, 0x2}, &(0x7f0000000740)={0x40, 0x13, 0x6, @local}, &(0x7f0000000780)={0x40, 0x17, 0x6, @broadcast}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "ea29"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x7f}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x3}})
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x0, 0xc8, "817182e8974b0c47"}}}, 0xe)

104.336587ms ago: executing program 3 (id=2521):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
socket$kcm(0x2, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="2801ecffffff00000100000001"], 0x128}, 0x4040000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x2)
getsockopt(0xffffffffffffffff, 0x28, 0x6, 0xfffffffffffffffc, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x10, 0x0, 0x0)
setresuid(0xee01, 0xee00, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
fcntl$setownex(r3, 0xf, &(0x7f0000000100)={0x1, r4})
sendmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1)
bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000002000000bfa300000000000007030000007effff7a0af0ff3f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27126e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb6220fd8d4b470e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a08060000000200000000000000334d83239dd27080e71113610e10d858e8327ef0420f0000cac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e885340133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421a8223fe5308e4e65ee93e107000000f8ddeff70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b12000000000000000030711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dabec3d18fd0699ff3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623243643db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e69578e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea7e764dde8725d2b4a0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10b98c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5924948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476f9e0407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd96d2da66059de81abfa1acc9f889555eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b4fdc08000be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd9b31bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac4794680f3037f250e96f61cb20d46d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401413f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60530000000000000004b023e4954c9eb6cd70627f5c03edd4f5ce48b8a874c852064dd0efafc3df20ec8faf3d194db76127f88f1b4fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8b310900000c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1d8e80311895f0b99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44b57e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db6e3080000000000003e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f27b6c15b1ba971de1cb9c7e6a000000000000001478b2a78f9abfefce4448303ef54c71199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b462426ff9293a28a544a6a9e2279b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718b3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5f61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6485987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434cbd52325296e22802475edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a1471bab551bd6beae7dbf58530136c238e545b28211a92000000001501ae7d7cc75007e8ff56e6d8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db9966addf4877204047be633792118efdb6b88023e80da74fdf723c7f000000009f13c7e851dfc91ec01219af568825de0cedd55a92eafe9edd98a8529d64cbaa0b9f89f391b2db7369e934085e486b946a4558c68e195af1a6e6e878609f9ed7406dc9c93a5d5cc76e037d66abe4fe54f18b4c969814c7f2094ebe736ef0f0cd65b90942f2e8de44f6fd69a94ca27bb6d92e2282d4a0b0ee3abe30d877579aed9b54f460247890aed19ef12e45097631548d8639fb2b6eb9b41c7e89ee7223cdeae1b2d02cf664df99e4a661feecb63953a4d86f3060372861ac184824b7a4fd1c605128f1307f2bba91b9fbfe2884639073c1d51e42feeb5312b23b8e1e468aa31ea8e7597f5eb6ad1897a04afc8369ebec808165218b625a64a237ed01636880f70f0ed"], &(0x7f0000000340)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0xa}, 0x1c)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

1.650945ms ago: executing program 2 (id=2522):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r3=>0x0})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r5, r4, 0x2f, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r6, r5, 0x4, r5}, 0x10)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r2, 0x72a, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x4a}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)

0s ago: executing program 2 (id=2523):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket(0xa, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
fallocate(r2, 0x0, 0x7, 0x81)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)

kernel console output (not intermixed with test programs):

[  T976] ttusbir 3-1:0.0: cannot find expected altsetting
[  770.250858][ T5942] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  770.264109][ T5817] usb 2-1: config 0 has an invalid interface number: 139 but max is 0
[  770.280929][ T5817] usb 2-1: config 0 has no interface number 0
[  770.299224][ T5817] usb 2-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  770.310597][ T5817] usb 2-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  770.327137][ T5817] usb 2-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[  770.331825][  T976] usb 5-1: USB disconnect, device number 69
[  770.338703][ T5817] usb 2-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  770.391043][ T5817] usb 2-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  770.408833][ T5817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.418493][ T5817] usb 2-1: Product: syz
[  770.423847][ T5817] usb 2-1: Manufacturer: syz
[  770.431146][ T5817] usb 2-1: SerialNumber: syz
[  770.442205][   T42] usb 3-1: USB disconnect, device number 100
[  770.448441][ T5817] usb 2-1: config 0 descriptor??
[  770.460884][ T5942] usb 4-1: Using ep0 maxpacket: 8
[  770.473389][ T5942] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  770.484210][ T5942] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  770.495206][T13523] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  770.502562][T13523] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  770.528374][ T5942] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  770.538565][ T5942] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  770.549245][ T5942] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  770.563565][ T5942] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  770.572804][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.860738][T13523] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2250'.
[  770.870654][ T5942] usb 4-1: GET_CAPABILITIES returned 0
[  770.872348][T13529] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  770.891494][ T5942] usbtmc 4-1:16.0: can't read capabilities
[  771.024408][T13531] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  771.048210][T13531] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  771.072902][T13529] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.187059][T13529] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.260993][   T42] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  771.274121][T13529] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.330642][T13537] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  771.337160][T13537] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  771.345412][T13537] vhci_hcd vhci_hcd.0: Device attached
[  771.591168][ T5923] usb 37-1: new low-speed USB device number 7 using vhci_hcd
[  772.190036][T13539] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  772.200050][T13538] vhci_hcd: connection closed
[  772.248937][ T8648] vhci_hcd: stop threads
[  772.313275][ T8648] vhci_hcd: release socket
[  772.637101][    C0] vxcan0: j1939_tp_rxtimer: 0xffff8880583a3000: rx timeout, send abort
[  772.646312][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880583a3000: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  772.714686][   T42] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  772.721543][ T8648] vhci_hcd: disconnect device
[  772.735870][   T42] usb 6-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  772.762777][ T8648] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  772.794911][   T36] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  772.847616][   T36] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  772.848708][   T42] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.864636][   T36] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  772.916300][   T42] usb 6-1: config 0 descriptor??
[  772.933245][   T42] ttusbir 6-1:0.0: cannot find expected altsetting
[  773.251337][   T42] usb 4-1: USB disconnect, device number 100
[  774.114930][T13549] Invalid ELF section header size
[  774.276949][T13553] program syz.3.2257 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  774.409276][ T5922] usb 6-1: USB disconnect, device number 15
[  774.762153][ T5817] mct_u232 2-1:0.139: MCT U232 converter detected
[  775.939861][ T5817] usb 2-1: MCT U232 converter now attached to ttyUSB0
[  775.951930][ T5817] usb 2-1: USB disconnect, device number 105
[  775.960148][ T5817] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[  775.980828][ T5817] mct_u232 2-1:0.139: device disconnected
[  776.380981][T12102] Bluetooth: Frame is too long (len 28, expected len 4)
[  777.301143][ T5923] vhci_hcd: vhci_device speed not set
[  778.242252][ T5922] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  778.500876][ T5817] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  778.544893][ T5922] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  778.761457][ T5817] usb 4-1: Using ep0 maxpacket: 8
[  778.825667][ T5922] usb 3-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  778.836292][ T5817] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  778.866186][ T5817] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  778.889390][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.905954][ T5817] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  778.931537][ T5922] usb 3-1: config 0 descriptor??
[  778.941525][ T5817] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  778.952922][ T5922] ttusbir 3-1:0.0: cannot find expected altsetting
[  779.090858][ T5817] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  779.091033][T13593] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2270'.
[  779.113214][ T5817] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  779.133893][ T5817] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.330001][ T8947] usb 3-1: USB disconnect, device number 101
[  779.526275][T13604] syzkaller1: entered promiscuous mode
[  779.535601][T13604] syzkaller1: entered allmulticast mode
[  780.369806][T13617] warn_alloc: 1 callbacks suppressed
[  780.369822][T13617] syz.5.2277: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  780.400874][T13617] CPU: 1 UID: 0 PID: 13617 Comm: syz.5.2277 Not tainted syzkaller #0 PREEMPT(full) 
[  780.400913][T13617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  780.400925][T13617] Call Trace:
[  780.400931][T13617]  <TASK>
[  780.400939][T13617]  dump_stack_lvl+0x16c/0x1f0
[  780.400971][T13617]  warn_alloc+0x248/0x3a0
[  780.401001][T13617]  ? __pfx_warn_alloc+0x10/0x10
[  780.401027][T13617]  ? __pfx_stack_trace_save+0x10/0x10
[  780.401059][T13617]  ? kasan_save_stack+0x42/0x60
[  780.401074][T13617]  ? kasan_save_stack+0x33/0x60
[  780.401090][T13617]  ? kasan_save_track+0x14/0x30
[  780.401108][T13617]  ? xskq_create+0x52/0x1d0
[  780.401129][T13617]  ? xsk_setsockopt+0x74e/0x9a0
[  780.401146][T13617]  ? do_sock_setsockopt+0xf3/0x1d0
[  780.401175][T13617]  ? xskq_create+0xfb/0x1d0
[  780.401198][T13617]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  780.401231][T13617]  ? xskq_create+0xfb/0x1d0
[  780.401261][T13617]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  780.401292][T13617]  ? xskq_create+0xfb/0x1d0
[  780.401314][T13617]  vmalloc_user_noprof+0x9e/0xe0
[  780.401341][T13617]  ? xskq_create+0xfb/0x1d0
[  780.401364][T13617]  xskq_create+0xfb/0x1d0
[  780.401389][T13617]  xsk_setsockopt+0x74e/0x9a0
[  780.401411][T13617]  ? __pfx_xsk_setsockopt+0x10/0x10
[  780.401432][T13617]  ? find_held_lock+0x2b/0x80
[  780.401460][T13617]  ? selinux_socket_setsockopt+0x6a/0x80
[  780.401490][T13617]  ? __pfx_xsk_setsockopt+0x10/0x10
[  780.401512][T13617]  do_sock_setsockopt+0xf3/0x1d0
[  780.401544][T13617]  __sys_setsockopt+0x1a0/0x230
[  780.401570][T13617]  __x64_sys_setsockopt+0xbd/0x160
[  780.401592][T13617]  ? do_syscall_64+0x91/0xfa0
[  780.401618][T13617]  ? lockdep_hardirqs_on+0x7c/0x110
[  780.401644][T13617]  do_syscall_64+0xcd/0xfa0
[  780.401669][T13617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  780.401686][T13617] RIP: 0033:0x7f569358efc9
[  780.401703][T13617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  780.401719][T13617] RSP: 002b:00007f56944b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  780.401736][T13617] RAX: ffffffffffffffda RBX: 00007f56937e5fa0 RCX: 00007f569358efc9
[  780.401746][T13617] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  780.401753][T13617] RBP: 00007f5693611f91 R08: 0000000000000004 R09: 0000000000000000
[  780.401760][T13617] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  780.401766][T13617] R13: 00007f56937e6038 R14: 00007f56937e5fa0 R15: 00007fffab7edb18
[  780.401779][T13617]  </TASK>
[  780.401783][T13617] Mem-Info:
[  780.605492][T13621] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  780.605492][T13621] 
[  780.704497][T13624] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2277'.
[  780.715052][T13617] active_anon:9697 inactive_anon:0 isolated_anon:0
[  780.715052][T13617]  active_file:3790 inactive_file:40910 isolated_file:0
[  780.715052][T13617]  unevictable:768 dirty:363 writeback:0
[  780.715052][T13617]  slab_reclaimable:12240 slab_unreclaimable:98158
[  780.715052][T13617]  mapped:31540 shmem:2161 pagetables:1346
[  780.715052][T13617]  sec_pagetables:0 bounce:0
[  780.715052][T13617]  kernel_misc_reclaimable:0
[  780.715052][T13617]  free:1315519 free_pcp:14615 free_cma:0
[  780.809928][T12102] Bluetooth: Frame is too long (len 28, expected len 4)
[  780.940953][T13617] Node 0 active_anon:38440kB inactive_anon:0kB active_file:15160kB inactive_file:163440kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122924kB dirty:1496kB writeback:0kB shmem:6956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12496kB pagetables:5080kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  781.039817][T13617] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  781.086992][T13617] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  781.117641][T13617] lowmem_reserve[]: 0 2485 2487 2487 2487
[  781.124193][T13617] Node 0 DMA32 free:1365068kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36288kB inactive_anon:0kB active_file:15160kB inactive_file:163440kB unevictable:1536kB writepending:1496kB zspages:0kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:31468kB local_pcp:9904kB free_cma:0kB
[  781.193677][T13617] lowmem_reserve[]: 0 0 1 1 1
[  781.215482][T13617] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  781.226920][ T5922] usb 4-1: USB disconnect, device number 101
[  781.573863][T13617] lowmem_reserve[]: 0 0 0 0 0
[  781.579938][T13617] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:10784kB free_cma:0kB
[  782.048023][T13617] lowmem_reserve[]: 0 0 0 0 0
[  782.067733][T13617] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  782.117061][T13617] Node 0 DMA32: 561*4kB (U) 678*8kB (UME) 293*16kB 
[  782.118678][T13630] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.137573][T13617] (UME) 351*32kB (UME) 123*64kB (UM) 49*128kB (UME) 21*256kB (UME) 11*512kB (UM) 8*1024kB (UM) 6*2048kB (UME) 316*4096kB (UM) = 1363556kB
[  782.159220][T13617] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  782.173349][T13617] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  782.192491][T13617] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  782.202152][T13617] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  782.213415][T13617] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  782.224291][T13617] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  782.236034][T13630] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.249249][T13617] 46057 total pagecache pages
[  782.254243][T13617] 0 pages in swap cache
[  782.258471][T13617] Free swap  = 124996kB
[  782.262869][T13617] Total swap = 124996kB
[  782.267044][T13617] 2097051 pages RAM
[  782.274408][T13630] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.286611][T13617] 0 pages HighMem/MovableOnly
[  782.291434][T13617] 428740 pages reserved
[  782.296232][T13617] 0 pages cma reserved
[  782.334216][T13630] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.385023][T13638] Invalid ELF section header size
[  782.410920][   T50] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  782.419619][ T5923] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[  782.440328][T13639] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2282'.
[  782.450183][   T50] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  782.607691][T13642] program syz.3.2284 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  782.749667][T13639] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2282'.
[  782.767084][   T50] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  782.826975][   T50] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  782.900854][ T5923] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  782.951314][ T5923] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  782.960864][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.072279][ T5923] usb 2-1: config 0 descriptor??
[  783.086316][ T5923] ttusbir 2-1:0.0: cannot find expected altsetting
[  783.194300][T13645] netlink: 'syz.3.2285': attribute type 10 has an invalid length.
[  783.208349][T13645] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2285'.
[  784.607295][   T42] usb 2-1: USB disconnect, device number 106
[  784.624844][T13656] netlink: 'syz.3.2287': attribute type 10 has an invalid length.
[  784.633041][T13656] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2287'.
[  784.700893][T13650] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  784.707424][T13650] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  784.787165][T13651] vhci_hcd: connection closed
[  784.797317][T13650] vhci_hcd vhci_hcd.0: Device attached
[  784.826125][T13658] netlink: 'syz.5.2288': attribute type 10 has an invalid length.
[  784.839601][   T50] vhci_hcd: stop threads
[  784.839815][T13658] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2288'.
[  784.913612][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888078f4c800: rx timeout, send abort
[  784.926801][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888078f4c800: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  785.041091][   T42] usb 37-1: new low-speed USB device number 8 using vhci_hcd
[  785.208818][   T50] vhci_hcd: release socket
[  785.219071][   T50] vhci_hcd: disconnect device
[  785.233407][   T42] usb 37-1: enqueue for inactive port 0
[  785.330946][   T42] vhci_hcd: vhci_device speed not set
[  785.481800][T12102] Bluetooth: Frame is too long (len 28, expected len 4)
[  786.773712][T13678] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  786.919611][T13684] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  786.926158][T13684] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  786.934018][T13684] vhci_hcd vhci_hcd.0: Device attached
[  787.110880][T13685] vhci_hcd: connection closed
[  787.122276][   T61] vhci_hcd: stop threads
[  787.617347][   T61] vhci_hcd: release socket
[  787.622646][ T5923] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  787.633428][   T61] vhci_hcd: disconnect device
[  787.690873][  T976] vhci_hcd: vhci_device speed not set
[  787.731660][T13678] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  788.625134][ T5923] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  788.718780][ T5923] usb 4-1: config 0 has no interfaces?
[  788.750853][ T5923] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  788.790681][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.818394][ T5923] usb 4-1: config 0 descriptor??
[  788.892380][T13698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2299'.
[  790.395350][T13693] netlink: 'syz.2.2298': attribute type 10 has an invalid length.
[  790.463485][T13702] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  790.470011][T13702] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  790.478157][T13702] vhci_hcd vhci_hcd.0: Device attached
[  790.520087][T13693] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2298'.
[  791.232642][T13678] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  791.250842][T13703] vhci_hcd: connection closed
[  791.381315][ T5817] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[  791.559847][   T36] vhci_hcd: stop threads
[  791.564483][   T36] vhci_hcd: release socket
[  791.577330][   T36] vhci_hcd: disconnect device
[  791.640232][T13678] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  793.310831][   T42] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  793.323906][ T3580] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  794.021169][   T36] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  794.071172][   T42] usb 3-1: Using ep0 maxpacket: 8
[  794.559000][   T36] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  795.534984][ T3580] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  795.546937][ T5923] usb 4-1: can't set config #0, error -71
[  795.572196][ T5923] usb 4-1: USB disconnect, device number 102
[  795.614661][   T42] usb 3-1: unable to read config index 0 descriptor/start: -71
[  795.706503][T13732] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  795.713049][T13732] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  795.722025][T13732] vhci_hcd vhci_hcd.0: Device attached
[  795.970977][ T5922] usb 35-1: new low-speed USB device number 6 using vhci_hcd
[  796.999925][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888055547c00: rx timeout, send abort
[  797.008467][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888055547c00: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  797.061105][ T5817] vhci_hcd: vhci_device speed not set
[  797.130741][T13733] vhci_hcd: connection reset by peer
[  797.222914][ T2952] vhci_hcd: stop threads
[  797.244472][ T2952] vhci_hcd: release socket
[  797.284649][   T42] usb 3-1: can't read configurations, error -71
[  797.307490][ T2952] vhci_hcd: disconnect device
[  798.319786][T13753] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.452818][T13753] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.553824][T13753] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.721112][  T976] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  798.863245][T13753] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  798.924299][  T976] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  798.956623][   T36] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  798.982331][   T36] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  799.012085][   T36] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  799.013669][  T976] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  799.049568][   T36] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  799.081556][  T976] usb 6-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  799.112405][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.158623][T13768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2318'.
[  799.199363][  T976] usb 6-1: config 0 descriptor??
[  799.337926][T13768] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2318'.
[  799.575504][  T976] usb 6-1: USB disconnect, device number 16
[  799.793562][T13774] syz.3.2320: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  799.809677][T13774] CPU: 0 UID: 0 PID: 13774 Comm: syz.3.2320 Not tainted syzkaller #0 PREEMPT(full) 
[  799.809698][T13774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  799.809705][T13774] Call Trace:
[  799.809710][T13774]  <TASK>
[  799.809715][T13774]  dump_stack_lvl+0x16c/0x1f0
[  799.809734][T13774]  warn_alloc+0x248/0x3a0
[  799.809751][T13774]  ? __pfx_warn_alloc+0x10/0x10
[  799.809766][T13774]  ? __pfx_stack_trace_save+0x10/0x10
[  799.809786][T13774]  ? kasan_save_stack+0x42/0x60
[  799.809795][T13774]  ? kasan_save_stack+0x33/0x60
[  799.809805][T13774]  ? kasan_save_track+0x14/0x30
[  799.809814][T13774]  ? xskq_create+0x52/0x1d0
[  799.809825][T13774]  ? xsk_setsockopt+0x74e/0x9a0
[  799.809836][T13774]  ? do_sock_setsockopt+0xf3/0x1d0
[  799.809852][T13774]  ? xskq_create+0xfb/0x1d0
[  799.809864][T13774]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  799.809882][T13774]  ? xskq_create+0xfb/0x1d0
[  799.809898][T13774]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  799.809917][T13774]  ? xskq_create+0xfb/0x1d0
[  799.809930][T13774]  vmalloc_user_noprof+0x9e/0xe0
[  799.809942][T13774]  ? xskq_create+0xfb/0x1d0
[  799.809954][T13774]  xskq_create+0xfb/0x1d0
[  799.809968][T13774]  xsk_setsockopt+0x74e/0x9a0
[  799.809980][T13774]  ? __pfx_xsk_setsockopt+0x10/0x10
[  799.809992][T13774]  ? find_held_lock+0x2b/0x80
[  799.810007][T13774]  ? selinux_socket_setsockopt+0x6a/0x80
[  799.810028][T13774]  ? __pfx_xsk_setsockopt+0x10/0x10
[  799.810040][T13774]  do_sock_setsockopt+0xf3/0x1d0
[  799.810057][T13774]  __sys_setsockopt+0x1a0/0x230
[  799.810072][T13774]  __x64_sys_setsockopt+0xbd/0x160
[  799.810083][T13774]  ? do_syscall_64+0x91/0xfa0
[  799.810098][T13774]  ? lockdep_hardirqs_on+0x7c/0x110
[  799.810113][T13774]  do_syscall_64+0xcd/0xfa0
[  799.810128][T13774]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.810139][T13774] RIP: 0033:0x7fc8aa98efc9
[  799.810148][T13774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  799.810162][T13774] RSP: 002b:00007fc8ab87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  799.810173][T13774] RAX: ffffffffffffffda RBX: 00007fc8aabe5fa0 RCX: 00007fc8aa98efc9
[  799.810179][T13774] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  799.810186][T13774] RBP: 00007fc8aaa11f91 R08: 0000000000000004 R09: 0000000000000000
[  799.810193][T13774] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  799.810199][T13774] R13: 00007fc8aabe6038 R14: 00007fc8aabe5fa0 R15: 00007ffeb0dcf3d8
[  799.810214][T13774]  </TASK>
[  799.810315][T13774] Mem-Info:
[  800.068594][T13774] active_anon:8939 inactive_anon:0 isolated_anon:0
[  800.068594][T13774]  active_file:3790 inactive_file:40916 isolated_file:0
[  800.068594][T13774]  unevictable:768 dirty:394 writeback:0
[  800.068594][T13774]  slab_reclaimable:12343 slab_unreclaimable:97302
[  800.068594][T13774]  mapped:31757 shmem:1360 pagetables:1349
[  800.068594][T13774]  sec_pagetables:0 bounce:0
[  800.068594][T13774]  kernel_misc_reclaimable:0
[  800.068594][T13774]  free:1314990 free_pcp:16655 free_cma:0
[  800.116215][T13774] Node 0 active_anon:35756kB inactive_anon:0kB active_file:15160kB inactive_file:163464kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127028kB dirty:1576kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12532kB pagetables:5252kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  800.179024][T13774] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  800.269287][T13775] hugetlbfs: Bad value for 'nr_inodes'
[  800.275512][T13774] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  800.320940][T13774] lowmem_reserve[]: 0 2485 2487 2487 2487
[  800.333526][T13774] Node 0 DMA32 free:1352796kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35456kB inactive_anon:0kB active_file:15160kB inactive_file:163464kB unevictable:1536kB writepending:1576kB zspages:0kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:47840kB local_pcp:21104kB free_cma:0kB
[  800.438267][T13774] lowmem_reserve[]: 0 0 1 1 1
[  800.478152][T13774] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  800.741995][T13774] lowmem_reserve[]: 0 0 0 0 0
[  800.781378][T13775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2320'.
[  800.857125][T13774] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:10784kB free_cma:0kB
[  801.177134][T13774] lowmem_reserve[]: 0 0 0 0 0
[  801.206090][T13774] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  801.219434][T13774] Node 0 DMA32: 694*4kB (UME) 627*8kB (UME) 353*16kB (UME) 312*32kB (UME) 18*64kB (UME) 43*128kB (UME) 21*256kB (UME) 11*512kB (UM) 8*1024kB (UM) 6*2048kB (UME) 316*4096kB (UM) = 1355904kB
[  801.266267][T13774] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  801.292156][T13774] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  801.387361][T13774] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  801.428284][T13774] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  801.483308][ T5922] vhci_hcd: vhci_device speed not set
[  801.507346][T13774] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  801.630958][ T5895] usb 3-1: new full-speed USB device number 104 using dummy_hcd
[  801.706844][T13774] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  801.730376][T13774] 46064 total pagecache pages
[  801.738439][T13774] 0 pages in swap cache
[  801.745515][T13774] Free swap  = 124996kB
[  801.749846][T13774] Total swap = 124996kB
[  801.758695][T13774] 2097051 pages RAM
[  801.763461][T13774] 0 pages HighMem/MovableOnly
[  801.768182][T13774] 428740 pages reserved
[  801.772534][T13774] 0 pages cma reserved
[  802.267272][ T5895] usb 3-1: config 0 has an invalid interface number: 139 but max is 0
[  802.288379][ T5895] usb 3-1: config 0 has no interface number 0
[  802.302042][ T5895] usb 3-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  802.329693][ T5895] usb 3-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  802.360936][ T5895] usb 3-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[  802.400892][ T5895] usb 3-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  802.427166][ T5895] usb 3-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  802.438207][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.468963][ T5895] usb 3-1: Product: syz
[  802.473455][ T5895] usb 3-1: Manufacturer: syz
[  802.478217][ T5895] usb 3-1: SerialNumber: syz
[  802.496106][ T5895] usb 3-1: config 0 descriptor??
[  802.503948][T13792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  802.519150][T13792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  803.682498][T13792] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2325'.
[  804.013534][T13813] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  804.029658][T13813] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  804.660550][T13821] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.840857][ T5922] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  804.880282][T13821] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.917165][ T5895] mct_u232 3-1:0.139: MCT U232 converter detected
[  804.963906][ T5895] usb 3-1: MCT U232 converter now attached to ttyUSB0
[  804.987330][T13821] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.031058][ T5895] usb 3-1: USB disconnect, device number 104
[  805.048352][ T5922] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  805.060141][ T5895] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[  805.074744][T13821] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.089428][ T5922] usb 4-1: config 0 has no interfaces?
[  805.109857][ T5922] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  805.112218][ T5895] mct_u232 3-1:0.139: device disconnected
[  805.151799][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.192596][ T2986] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  805.233652][ T5922] usb 4-1: config 0 descriptor??
[  805.279879][ T2986] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  805.330201][   T36] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  805.347264][   T36] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  807.052645][ T5895] usb 4-1: USB disconnect, device number 103
[  807.083379][T13847] netlink: 'syz.1.2340': attribute type 10 has an invalid length.
[  807.084462][T13843] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  807.084462][T13843] 
[  807.091401][T13847] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2340'.
[  807.522275][T13843] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2338'.
[  807.641138][ T5923] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  807.939998][ T5923] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  807.952143][ T5923] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  807.982326][ T5923] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  807.991720][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.000648][ T5923] usb 3-1: Product: syz
[  808.011495][ T5923] usb 3-1: Manufacturer: syz
[  808.016119][ T5923] usb 3-1: SerialNumber: syz
[  808.032252][ T5923] usb 3-1: config 0 descriptor??
[  808.110220][T13857] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  808.116782][T13857] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  808.124468][T13857] vhci_hcd vhci_hcd.0: Device attached
[  808.763944][  T976] usb 43-1: new low-speed USB device number 4 using vhci_hcd
[  808.822379][T13858] vhci_hcd: connection closed
[  808.986392][ T3580] vhci_hcd: stop threads
[  809.001006][ T3580] vhci_hcd: release socket
[  809.011929][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  809.018236][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  809.026682][ T3580] vhci_hcd: disconnect device
[  809.988059][  T976] usb 43-1: enqueue for inactive port 0
[  810.472294][T13868] program syz.3.2344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  810.570860][  T976] vhci_hcd: vhci_device speed not set
[  810.593189][ T5922] usb 3-1: USB disconnect, device number 105
[  810.911741][T13877] netlink: 'syz.3.2347': attribute type 10 has an invalid length.
[  810.931063][T13877] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2347'.
[  811.300621][ T8947] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  811.494673][T13891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2351'.
[  812.615059][ T8947] usb 3-1: Using ep0 maxpacket: 8
[  812.632028][ T8947] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  812.676079][ T8947] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  812.688681][ T8947] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  812.729773][ T8947] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  812.744401][T13893] warn_alloc: 1 callbacks suppressed
[  812.744414][T13893] syz.3.2352: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  812.779523][T13893] CPU: 1 UID: 0 PID: 13893 Comm: syz.3.2352 Not tainted syzkaller #0 PREEMPT(full) 
[  812.779551][T13893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  812.779562][T13893] Call Trace:
[  812.779568][T13893]  <TASK>
[  812.779575][T13893]  dump_stack_lvl+0x16c/0x1f0
[  812.779608][T13893]  warn_alloc+0x248/0x3a0
[  812.779634][T13893]  ? __pfx_warn_alloc+0x10/0x10
[  812.779659][T13893]  ? __pfx_stack_trace_save+0x10/0x10
[  812.779691][T13893]  ? kasan_save_stack+0x42/0x60
[  812.779708][T13893]  ? kasan_save_stack+0x33/0x60
[  812.779724][T13893]  ? kasan_save_track+0x14/0x30
[  812.779739][T13893]  ? xskq_create+0x52/0x1d0
[  812.779758][T13893]  ? xsk_setsockopt+0x74e/0x9a0
[  812.779773][T13893]  ? do_sock_setsockopt+0xf3/0x1d0
[  812.779798][T13893]  ? xskq_create+0xfb/0x1d0
[  812.779820][T13893]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  812.779851][T13893]  ? xskq_create+0xfb/0x1d0
[  812.779875][T13893]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  812.779905][T13893]  ? xskq_create+0xfb/0x1d0
[  812.779924][T13893]  vmalloc_user_noprof+0x9e/0xe0
[  812.779946][T13893]  ? xskq_create+0xfb/0x1d0
[  812.779966][T13893]  xskq_create+0xfb/0x1d0
[  812.779991][T13893]  xsk_setsockopt+0x74e/0x9a0
[  812.780013][T13893]  ? __pfx_xsk_setsockopt+0x10/0x10
[  812.780031][T13893]  ? find_held_lock+0x2b/0x80
[  812.780056][T13893]  ? selinux_socket_setsockopt+0x6a/0x80
[  812.780082][T13893]  ? __pfx_xsk_setsockopt+0x10/0x10
[  812.780103][T13893]  do_sock_setsockopt+0xf3/0x1d0
[  812.780142][T13893]  __sys_setsockopt+0x1a0/0x230
[  812.780171][T13893]  __x64_sys_setsockopt+0xbd/0x160
[  812.780193][T13893]  ? do_syscall_64+0x91/0xfa0
[  812.780217][T13893]  ? lockdep_hardirqs_on+0x7c/0x110
[  812.780243][T13893]  do_syscall_64+0xcd/0xfa0
[  812.780270][T13893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  812.780287][T13893] RIP: 0033:0x7fc8aa98efc9
[  812.780302][T13893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  812.780319][T13893] RSP: 002b:00007fc8ab87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  812.780337][T13893] RAX: ffffffffffffffda RBX: 00007fc8aabe5fa0 RCX: 00007fc8aa98efc9
[  812.780354][T13893] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  812.780365][T13893] RBP: 00007fc8aaa11f91 R08: 0000000000000004 R09: 0000000000000000
[  812.780376][T13893] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  812.780386][T13893] R13: 00007fc8aabe6038 R14: 00007fc8aabe5fa0 R15: 00007ffeb0dcf3d8
[  812.780414][T13893]  </TASK>
[  812.780454][T13893] Mem-Info:
[  812.882698][T13894] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  812.882698][T13894] 
[  813.074711][ T8947] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  813.333273][T13893] active_anon:8895 inactive_anon:0 isolated_anon:0
[  813.333273][T13893]  active_file:3790 inactive_file:40920 isolated_file:0
[  813.333273][T13893]  unevictable:768 dirty:361 writeback:12
[  813.333273][T13893]  slab_reclaimable:12287 slab_unreclaimable:97308
[  813.333273][T13893]  mapped:32772 shmem:1360 pagetables:1334
[  813.333273][T13893]  sec_pagetables:0 bounce:0
[  813.333273][T13893]  kernel_misc_reclaimable:0
[  813.333273][T13893]  free:1316487 free_pcp:15268 free_cma:0
[  813.388836][ T8947] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  813.411475][ T8947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.441122][T13893] Node 0 active_anon:35580kB inactive_anon:0kB active_file:15160kB inactive_file:163480kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131088kB dirty:1460kB writeback:48kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12496kB pagetables:5192kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  813.517592][T13893] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  813.561131][T13893] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  813.591985][T13893] lowmem_reserve[]: 0 2485 2487 2487 2487
[  813.641994][T13893] Node 0 DMA32 free:1359484kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35580kB inactive_anon:0kB active_file:15160kB inactive_file:163480kB unevictable:1536kB writepending:1508kB zspages:16kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:41200kB local_pcp:21076kB free_cma:0kB
[  813.690630][T13894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2352'.
[  813.707132][T13893] lowmem_reserve[]: 0 0 1 1 1
[  813.712032][ T8947] usb 3-1: usb_control_msg returned -32
[  813.727591][T13893] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  813.777603][ T8947] usbtmc 3-1:16.0: can't read capabilities
[  814.729239][T13893] lowmem_reserve[]: 0 0 0 0 0
[  814.734393][T13893] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:10784kB free_cma:0kB
[  814.768445][T13893] lowmem_reserve[]: 0 0 0 0 0
[  814.774292][T13893] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  814.788808][T13903] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  814.796966][T13903] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  814.814600][T13904] vhci_hcd: connection closed
[  814.815665][T13903] vhci_hcd vhci_hcd.0: Device attached
[  814.820869][T13893] Node 0 
[  814.826656][ T2986] vhci_hcd: stop threads
[  814.827204][T13893] DMA32: 
[  814.829607][ T2986] vhci_hcd: release socket
[  814.841606][ T2986] vhci_hcd: disconnect device
[  814.846330][T13893] 470*4kB (UME) 674*8kB (UME) 451*16kB (UME) 385*32kB (UME) 62*64kB (UME) 23*128kB (UME) 21*256kB (UME) 11*512kB (UM) 8*1024kB (UM) 6*2048kB (UME) 316*4096kB (UM) = 1359544kB
[  814.869624][T13893] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  814.882686][T13893] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  814.909046][T13893] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  814.918936][T13893] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  814.934586][T13893] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  814.945886][T13893] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  814.977598][T13893] 46069 total pagecache pages
[  814.982408][T13893] 0 pages in swap cache
[  814.995597][T13893] Free swap  = 124988kB
[  815.001004][T13893] Total swap = 124996kB
[  815.006953][T13893] 2097051 pages RAM
[  815.010854][T13893] 0 pages HighMem/MovableOnly
[  815.016005][T13893] 428740 pages reserved
[  815.020416][T13893] 0 pages cma reserved
[  815.089489][ T5881] usb 3-1: USB disconnect, device number 106
[  815.684576][T13912] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.743652][T13912] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  815.780865][ T5923] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  816.166510][T13912] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  816.223427][ T5923] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  816.253515][ T5923] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  816.263323][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  816.280026][ T5923] usb 4-1: config 0 descriptor??
[  816.290243][ T5923] ttusbir 4-1:0.0: cannot find expected altsetting
[  817.366597][T13912] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.766551][T13932] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.855171][ T3580] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  817.868882][T13932] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.913256][ T3580] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  817.976450][ T5923] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  818.227349][T13932] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.269114][ T3580] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  818.297918][T13939] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.316562][T13932] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.362566][ T5923] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  818.380211][T13939] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.399095][ T3580] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  818.442278][ T5923] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  818.455797][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.467717][T13939] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.494843][ T5923] usb 5-1: config 0 descriptor??
[  818.505627][ T5923] ttusbir 5-1:0.0: cannot find expected altsetting
[  818.588872][T13939] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.608129][ T8947] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  818.629439][   T50] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  818.651247][  T976] usb 4-1: USB disconnect, device number 104
[  818.659124][   T50] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  818.890070][   T50] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  819.132982][ T8947] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  819.144603][ T8947] usb 6-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  819.368444][ T8947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  819.400893][   T50] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  819.441139][   T50] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.441763][ T8947] usb 6-1: config 0 descriptor??
[  819.470487][   T50] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  819.511995][   T50] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  819.520174][   T50] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  819.536075][ T8947] ttusbir 6-1:0.0: cannot find expected altsetting
[  819.555028][ T5922] usb 5-1: USB disconnect, device number 70
[  819.715444][T13957] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  819.721989][T13957] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  819.729700][T13957] vhci_hcd vhci_hcd.0: Device attached
[  820.548103][T13958] vhci_hcd: connection closed
[  820.577992][ T2952] vhci_hcd: stop threads
[  820.622621][ T2952] vhci_hcd: release socket
[  820.627154][ T2952] vhci_hcd: disconnect device
[  820.986415][ T5922] usb 6-1: USB disconnect, device number 17
[  821.383669][    T9] usb 5-1: new full-speed USB device number 71 using dummy_hcd
[  821.615222][    T9] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  821.625035][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.658968][    T9] usb 5-1: Product: syz
[  821.798955][    T9] usb 5-1: Manufacturer: syz
[  821.943731][    T9] usb 5-1: SerialNumber: syz
[  822.187134][T13981] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.200475][    T9] usb 5-1: config 0 descriptor??
[  822.269144][T13981] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.429882][    T9] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  822.465074][T13981] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.480819][  T976] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[  822.614239][T13981] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  822.718529][  T976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  822.783155][  T976] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  822.812139][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  822.840671][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.856310][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  822.881276][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  822.904705][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.911681][  T976] usb 2-1: config 0 descriptor??
[  823.010940][  T976] ttusbir 2-1:0.0: cannot find expected altsetting
[  823.238109][ T5922] usb 2-1: USB disconnect, device number 107
[  823.840861][   T42] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  824.758564][T13998] syz.1.2382: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  824.774258][T13998] CPU: 0 UID: 0 PID: 13998 Comm: syz.1.2382 Not tainted syzkaller #0 PREEMPT(full) 
[  824.774286][T13998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  824.774297][T13998] Call Trace:
[  824.774304][T13998]  <TASK>
[  824.774312][T13998]  dump_stack_lvl+0x16c/0x1f0
[  824.774345][T13998]  warn_alloc+0x248/0x3a0
[  824.774375][T13998]  ? __pfx_warn_alloc+0x10/0x10
[  824.774399][T13998]  ? __pfx_stack_trace_save+0x10/0x10
[  824.774430][T13998]  ? kasan_save_stack+0x42/0x60
[  824.774448][T13998]  ? kasan_save_stack+0x33/0x60
[  824.774464][T13998]  ? kasan_save_track+0x14/0x30
[  824.774481][T13998]  ? xskq_create+0x52/0x1d0
[  824.774502][T13998]  ? xsk_setsockopt+0x74e/0x9a0
[  824.774520][T13998]  ? do_sock_setsockopt+0xf3/0x1d0
[  824.774549][T13998]  ? xskq_create+0xfb/0x1d0
[  824.774571][T13998]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  824.774603][T13998]  ? xskq_create+0xfb/0x1d0
[  824.774631][T13998]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  824.774663][T13998]  ? xskq_create+0xfb/0x1d0
[  824.774686][T13998]  vmalloc_user_noprof+0x9e/0xe0
[  824.774709][T13998]  ? xskq_create+0xfb/0x1d0
[  824.774733][T13998]  xskq_create+0xfb/0x1d0
[  824.774759][T13998]  xsk_setsockopt+0x74e/0x9a0
[  824.774782][T13998]  ? __pfx_xsk_setsockopt+0x10/0x10
[  824.774802][T13998]  ? find_held_lock+0x2b/0x80
[  824.774830][T13998]  ? selinux_socket_setsockopt+0x6a/0x80
[  824.774859][T13998]  ? __pfx_xsk_setsockopt+0x10/0x10
[  824.774880][T13998]  do_sock_setsockopt+0xf3/0x1d0
[  824.774910][T13998]  __sys_setsockopt+0x1a0/0x230
[  824.774937][T13998]  __x64_sys_setsockopt+0xbd/0x160
[  824.774958][T13998]  ? do_syscall_64+0x91/0xfa0
[  824.774983][T13998]  ? lockdep_hardirqs_on+0x7c/0x110
[  824.775010][T13998]  do_syscall_64+0xcd/0xfa0
[  824.775038][T13998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.775056][T13998] RIP: 0033:0x7fa6d278efc9
[  824.775072][T13998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.775089][T13998] RSP: 002b:00007fa6d35b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  824.775114][T13998] RAX: ffffffffffffffda RBX: 00007fa6d29e5fa0 RCX: 00007fa6d278efc9
[  824.775126][T13998] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  824.775137][T13998] RBP: 00007fa6d2811f91 R08: 0000000000000004 R09: 0000000000000000
[  824.775148][T13998] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  824.775160][T13998] R13: 00007fa6d29e6038 R14: 00007fa6d29e5fa0 R15: 00007ffdb2bbf548
[  824.775187][T13998]  </TASK>
[  824.775239][T13998] Mem-Info:
[  825.032125][T13998] active_anon:9863 inactive_anon:0 isolated_anon:0
[  825.032125][T13998]  active_file:3790 inactive_file:40926 isolated_file:0
[  825.032125][T13998]  unevictable:768 dirty:542 writeback:0
[  825.032125][T13998]  slab_reclaimable:12407 slab_unreclaimable:97122
[  825.032125][T13998]  mapped:30729 shmem:1360 pagetables:1329
[  825.032125][T13998]  sec_pagetables:0 bounce:0
[  825.032125][T13998]  kernel_misc_reclaimable:0
[  825.032125][T13998]  free:1316742 free_pcp:14059 free_cma:0
[  825.034471][T14001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2382'.
[  825.077584][T13998] Node 0 active_anon:39452kB inactive_anon:0kB active_file:15160kB inactive_file:163504kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122916kB dirty:2168kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12476kB pagetables:5172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  825.077637][T13998] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  825.129237][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  825.161035][T13998] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  825.191340][T13998] lowmem_reserve[]: 0 2485 2487 2487 2487
[  825.197280][T13998] Node 0 DMA32 free:1359704kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:39452kB inactive_anon:0kB active_file:15160kB inactive_file:163504kB unevictable:1536kB writepending:2168kB zspages:0kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:36932kB local_pcp:19632kB free_cma:0kB
[  825.235865][T13998] lowmem_reserve[]: 0 0 1 1 1
[  825.316960][T13998] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  825.463734][    T9] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  825.783163][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  825.788866][    T9] usb 5-1: USB disconnect, device number 71
[  825.796476][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  825.799686][T13998] lowmem_reserve[]:
[  825.810340][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  825.812255][   T42] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  825.835492][T13998]  0 0 0 0 0
[  825.839066][T13998] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:8432kB free_cma:0kB
[  825.872443][   T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.880643][   T42] usb 3-1: Product: syz
[  825.881401][T13998] lowmem_reserve[]: 0 0 0 0
[  825.886084][   T42] usb 3-1: Manufacturer: syz
[  825.886531][T13998]  0
[  825.890682][   T42] usb 3-1: SerialNumber: syz
[  825.918364][T13998] 
[  825.920711][T13998] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  825.926805][   T42] usb 3-1: config 0 descriptor??
[  825.935033][T13998] Node 0 DMA32: 156*4kB (UME) 822*8kB (UM) 400*16kB (UM) 362*32kB (UM) 71*64kB (UM) 24*128kB (UME) 21*256kB (UME) 11*512kB (UM) 8*1024kB (UM) 6*2048kB (UME) 316*4096kB (UM) = 1358624kB
[  825.982848][T13998] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  825.994909][T13998] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  826.014874][T13998] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  826.026426][T13998] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  826.041088][T13998] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  826.050708][T13998] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  826.062188][T13998] 46072 total pagecache pages
[  826.067972][T13998] 0 pages in swap cache
[  826.075126][T13998] Free swap  = 124996kB
[  826.079384][T13998] Total swap = 124996kB
[  826.095359][T13998] 2097051 pages RAM
[  826.099231][T13998] 0 pages HighMem/MovableOnly
[  826.107039][T13998] 428740 pages reserved
[  826.112292][T13998] 0 pages cma reserved
[  826.211668][   T42] adutux 3-1:0.0: ADU208  now attached to /dev/usb/adutux0
[  826.242707][   T42] usb 3-1: USB disconnect, device number 107
[  827.680854][ T5881] usb 4-1: new full-speed USB device number 105 using dummy_hcd
[  828.062037][ T5881] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  828.072157][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.080126][ T5881] usb 4-1: Product: syz
[  828.089392][ T5881] usb 4-1: Manufacturer: syz
[  828.094706][ T5881] usb 4-1: SerialNumber: syz
[  828.110583][ T5881] usb 4-1: config 0 descriptor??
[  828.115808][    T9] usb 3-1: new full-speed USB device number 108 using dummy_hcd
[  828.395285][T14047] program syz.4.2396 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  828.472532][ T5881] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  828.495002][    T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  828.504253][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.512452][    T9] usb 3-1: Product: syz
[  828.520977][    T9] usb 3-1: Manufacturer: syz
[  828.530941][    T9] usb 3-1: SerialNumber: syz
[  828.544651][    T9] usb 3-1: config 0 descriptor??
[  828.944273][T14052] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  828.963837][    T9] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  829.016287][T14052] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.085967][T14052] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.177979][T14052] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  829.187919][ T5922] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  829.460877][ T5923] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  829.597567][T14065] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  829.604123][T14065] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  829.612716][T14065] vhci_hcd vhci_hcd.0: Device attached
[  830.776484][   T61] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  830.781182][T14066] vhci_hcd: connection closed
[  830.784803][   T61] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  830.807938][ T5922] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  830.820882][   T61] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  830.839321][ T5923] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  830.843106][   T61] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  830.850188][    T9] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  830.866489][ T2952] vhci_hcd: stop threads
[  830.871416][ T2952] vhci_hcd: release socket
[  830.876208][ T2952] vhci_hcd: disconnect device
[  830.882648][ T5922] usb 6-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  830.894996][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  830.903067][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888079043800: rx timeout, send abort
[  830.911555][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888079043800: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  830.983799][ T5922] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.175595][ T5881] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  831.211234][ T5922] usb 6-1: config 0 descriptor??
[  831.217178][    T9] usb 3-1: USB disconnect, device number 108
[  831.223447][ T5881] usb 4-1: USB disconnect, device number 105
[  831.234856][ T5922] ttusbir 6-1:0.0: cannot find expected altsetting
[  831.245729][ T5923] usb 5-1: Product: syz
[  831.258327][ T5923] usb 5-1: Manufacturer: syz
[  831.263064][ T5923] usb 5-1: SerialNumber: syz
[  831.288650][ T5923] usb 5-1: config 0 descriptor??
[  831.543871][ T5923] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  831.625315][    T9] usb 6-1: USB disconnect, device number 18
[  832.534074][T14088] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(8)
[  832.540628][T14088] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  832.548323][T14088] vhci_hcd vhci_hcd.0: Device attached
[  833.201353][ T5923] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  833.456687][ T5881] usb 43-1: new low-speed USB device number 5 using vhci_hcd
[  833.497544][T14089] vhci_hcd: connection closed
[  833.500876][ T5923] usb 5-1: USB disconnect, device number 72
[  833.569392][ T2986] vhci_hcd: stop threads
[  833.610313][ T2986] vhci_hcd: release socket
[  833.652598][ T2986] vhci_hcd: disconnect device
[  833.705952][    C0] vxcan0: j1939_tp_rxtimer: 0xffff8880586e5400: rx timeout, send abort
[  833.714552][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880586e5400: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  834.075140][   T30] audit: type=1400 audit(1761289313.037:299): avc:  denied  { create } for  pid=14095 comm="syz.2.2410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  834.103751][   T30] audit: type=1400 audit(1761289313.057:300): avc:  denied  { bind } for  pid=14095 comm="syz.2.2410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  834.340877][ T8947] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  834.551820][T14105] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  834.624522][T14105] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  834.664074][T14105] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  834.692853][ T8947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  834.704606][ T8947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  834.716224][T14105] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  834.736926][ T8947] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  834.765997][ T8947] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  834.779283][ T5923] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  834.788491][ T8947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.821544][ T5922] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  834.849140][ T8947] usb 3-1: config 0 descriptor??
[  834.932821][ T5923] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  834.944034][ T5923] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  834.953138][   T50] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.963307][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.979755][ T5923] usb 5-1: config 0 descriptor??
[  834.988146][ T5922] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  834.998416][ T5922] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.009336][ T6777] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  835.018085][ T5922] usb 6-1: Product: syz
[  835.024061][ T5923] ttusbir 5-1:0.0: cannot find expected altsetting
[  835.048687][ T5922] usb 6-1: Manufacturer: syz
[  835.068548][ T6777] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  835.087961][ T5922] usb 6-1: SerialNumber: syz
[  835.102537][ T5922] usb 6-1: config 0 descriptor??
[  835.109051][ T6777] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  835.263685][ T8947] plantronics 0003:047F:FFFF.001D: reserved main item tag 0xd
[  835.302816][ T5923] usb 5-1: USB disconnect, device number 73
[  835.321114][ T5922] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  835.331527][ T8947] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  835.807248][   T30] audit: type=1400 audit(1761289314.767:301): avc:  denied  { read } for  pid=14095 comm="syz.2.2410" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  835.843524][ T8947] usb 3-1: USB disconnect, device number 109
[  835.845575][   T30] audit: type=1400 audit(1761289314.767:302): avc:  denied  { open } for  pid=14095 comm="syz.2.2410" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  835.879531][   T30] audit: type=1400 audit(1761289314.767:303): avc:  denied  { ioctl } for  pid=14095 comm="syz.2.2410" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  836.025720][T14126] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2418'.
[  837.789978][T14133] program syz.2.2420 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  837.843162][T14136] netlink: 'syz.1.2422': attribute type 10 has an invalid length.
[  837.851494][T14136] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2422'.
[  838.234888][   T30] audit: type=1400 audit(1761289317.197:304): avc:  denied  { block_suspend } for  pid=14140 comm="syz.3.2423" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  838.522449][  T976] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  838.581054][ T5881] vhci_hcd: vhci_device speed not set
[  838.586624][T13191] usb 2-1: new full-speed USB device number 108 using dummy_hcd
[  838.680817][  T976] usb 5-1: Using ep0 maxpacket: 8
[  838.687583][  T976] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  838.696420][  T976] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  838.706788][  T976] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  838.718849][  T976] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  838.729376][  T976] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  838.742577][  T976] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  838.751699][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.754074][T13191] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  838.775175][T13191] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.783509][T13191] usb 2-1: Product: syz
[  838.787723][T13191] usb 2-1: Manufacturer: syz
[  838.792746][T13191] usb 2-1: SerialNumber: syz
[  838.807897][T13191] usb 2-1: config 0 descriptor??
[  838.992070][  T976] usb 5-1: usb_control_msg returned -32
[  838.998087][  T976] usbtmc 5-1:16.0: can't read capabilities
[  839.021852][T13191] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  839.146807][ T5922] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  839.159870][ T5922] usb 6-1: USB disconnect, device number 19
[  839.589943][T14163] FAULT_INJECTION: forcing a failure.
[  839.589943][T14163] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  839.604105][T14163] CPU: 0 UID: 0 PID: 14163 Comm: syz.5.2432 Not tainted syzkaller #0 PREEMPT(full) 
[  839.604130][T14163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  839.604141][T14163] Call Trace:
[  839.604147][T14163]  <TASK>
[  839.604154][T14163]  dump_stack_lvl+0x16c/0x1f0
[  839.604185][T14163]  should_fail_ex+0x512/0x640
[  839.604210][T14163]  _copy_to_user+0x32/0xd0
[  839.604237][T14163]  simple_read_from_buffer+0xcb/0x170
[  839.604266][T14163]  proc_fail_nth_read+0x197/0x240
[  839.604287][T14163]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.604309][T14163]  ? rw_verify_area+0xcf/0x6c0
[  839.604333][T14163]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.604352][T14163]  vfs_read+0x1e4/0xcf0
[  839.604372][T14163]  ? __pfx___mutex_lock+0x10/0x10
[  839.604388][T14163]  ? __pfx_vfs_read+0x10/0x10
[  839.604411][T14163]  ? __fget_files+0x20e/0x3c0
[  839.604434][T14163]  ksys_read+0x12a/0x250
[  839.604450][T14163]  ? __pfx_ksys_read+0x10/0x10
[  839.604472][T14163]  do_syscall_64+0xcd/0xfa0
[  839.604499][T14163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.604516][T14163] RIP: 0033:0x7f569358d9dc
[  839.604530][T14163] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  839.604546][T14163] RSP: 002b:00007f56944b1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  839.604563][T14163] RAX: ffffffffffffffda RBX: 00007f56937e5fa0 RCX: 00007f569358d9dc
[  839.604574][T14163] RDX: 000000000000000f RSI: 00007f56944b10a0 RDI: 0000000000000004
[  839.604585][T14163] RBP: 00007f56944b1090 R08: 0000000000000000 R09: 0000000000000000
[  839.604595][T14163] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  839.604606][T14163] R13: 00007f56937e6038 R14: 00007f56937e5fa0 R15: 00007fffab7edb18
[  839.604631][T14163]  </TASK>
[  839.830482][T14167] netlink: 'syz.5.2434': attribute type 10 has an invalid length.
[  839.838388][T14167] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2434'.
[  839.850868][  T976] usb 3-1: new full-speed USB device number 110 using dummy_hcd
[  839.912286][T14169] netlink: 'syz.5.2435': attribute type 10 has an invalid length.
[  839.920110][T14169] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2435'.
[  840.057367][  T976] usb 3-1: config 0 has an invalid interface number: 139 but max is 0
[  840.067100][  T976] usb 3-1: config 0 has no interface number 0
[  840.077408][  T976] usb 3-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  840.090608][  T976] usb 3-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  840.103545][  T976] usb 3-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[  840.115408][  T976] usb 3-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  840.283518][  T976] usb 3-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  840.295534][  T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.311168][  T976] usb 3-1: Product: syz
[  840.315840][  T976] usb 3-1: Manufacturer: syz
[  840.332817][  T976] usb 3-1: SerialNumber: syz
[  840.349784][  T976] usb 3-1: config 0 descriptor??
[  840.449583][T14165] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  840.457245][T14165] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  841.333554][T13191] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  841.349647][T13191] usb 2-1: USB disconnect, device number 108
[  841.373937][T14165] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2433'.
[  841.398265][ T5942] usb 5-1: USB disconnect, device number 74
[  841.589221][T14180] FAULT_INJECTION: forcing a failure.
[  841.589221][T14180] name failslab, interval 1, probability 0, space 0, times 1
[  841.771728][T14178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  841.779784][T14180] CPU: 1 UID: 0 PID: 14180 Comm: syz.4.2438 Not tainted syzkaller #0 PREEMPT(full) 
[  841.779809][T14180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  841.779817][T14180] Call Trace:
[  841.779822][T14180]  <TASK>
[  841.779828][T14180]  dump_stack_lvl+0x16c/0x1f0
[  841.779854][T14180]  should_fail_ex+0x512/0x640
[  841.779871][T14180]  ? fs_reclaim_acquire+0xae/0x150
[  841.779890][T14180]  should_failslab+0xc2/0x120
[  841.779910][T14180]  __kmalloc_noprof+0xdd/0x880
[  841.779933][T14180]  ? tomoyo_encode2+0x100/0x3e0
[  841.779953][T14180]  ? tomoyo_encode2+0x100/0x3e0
[  841.779969][T14180]  tomoyo_encode2+0x100/0x3e0
[  841.779988][T14180]  tomoyo_encode+0x29/0x50
[  841.780002][T14180]  tomoyo_realpath_from_path+0x18f/0x6e0
[  841.780020][T14180]  ? tomoyo_profile+0x47/0x60
[  841.780040][T14180]  tomoyo_path_number_perm+0x245/0x580
[  841.780062][T14180]  ? tomoyo_path_number_perm+0x237/0x580
[  841.780087][T14180]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  841.780113][T14180]  ? find_held_lock+0x2b/0x80
[  841.780160][T14180]  ? find_held_lock+0x2b/0x80
[  841.780178][T14180]  ? hook_file_ioctl_common+0x145/0x410
[  841.780204][T14180]  ? __fget_files+0x20e/0x3c0
[  841.780221][T14180]  security_file_ioctl+0x9b/0x240
[  841.780237][T14180]  __x64_sys_ioctl+0xb7/0x210
[  841.780262][T14180]  do_syscall_64+0xcd/0xfa0
[  841.780287][T14180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.780304][T14180] RIP: 0033:0x7f0979b8efc9
[  841.780319][T14180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  841.780335][T14180] RSP: 002b:00007f097ab04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  841.780351][T14180] RAX: ffffffffffffffda RBX: 00007f0979de5fa0 RCX: 00007f0979b8efc9
[  841.780362][T14180] RDX: 0000200000000040 RSI: 0000000000008b22 RDI: 0000000000000003
[  841.780372][T14180] RBP: 00007f097ab04090 R08: 0000000000000000 R09: 0000000000000000
[  841.780382][T14180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  841.780392][T14180] R13: 00007f0979de6038 R14: 00007f0979de5fa0 R15: 00007fff7b736d98
[  841.780415][T14180]  </TASK>
[  841.787686][   T30] audit: type=1400 audit(1761289320.747:305): avc:  denied  { create } for  pid=14181 comm="syz.3.2439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  842.015962][T14180] ERROR: Out of memory at tomoyo_realpath_from_path.
[  842.022730][T14180] warning: `syz.4.2438' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  842.039821][T14184] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  842.167493][   T30] audit: type=1400 audit(1761289320.747:306): avc:  denied  { write } for  pid=14181 comm="syz.3.2439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  842.272302][T14193] FAULT_INJECTION: forcing a failure.
[  842.272302][T14193] name failslab, interval 1, probability 0, space 0, times 0
[  842.297525][T14193] CPU: 0 UID: 0 PID: 14193 Comm: syz.5.2441 Not tainted syzkaller #0 PREEMPT(full) 
[  842.297551][T14193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  842.297562][T14193] Call Trace:
[  842.297569][T14193]  <TASK>
[  842.297576][T14193]  dump_stack_lvl+0x16c/0x1f0
[  842.297606][T14193]  should_fail_ex+0x512/0x640
[  842.297627][T14193]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  842.297656][T14193]  should_failslab+0xc2/0x120
[  842.297676][T14193]  kmem_cache_alloc_node_noprof+0x78/0x770
[  842.297701][T14193]  ? __alloc_skb+0x2b2/0x380
[  842.297725][T14193]  ? __alloc_skb+0x2b2/0x380
[  842.297741][T14193]  ? __pfx_avc_has_perm+0x10/0x10
[  842.297761][T14193]  __alloc_skb+0x2b2/0x380
[  842.297780][T14193]  ? __pfx___alloc_skb+0x10/0x10
[  842.297798][T14193]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  842.297825][T14193]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  842.297872][T14193]  netlink_alloc_large_skb+0x69/0x140
[  842.297902][T14193]  netlink_sendmsg+0x698/0xdd0
[  842.297930][T14193]  ? __pfx_netlink_sendmsg+0x10/0x10
[  842.297962][T14193]  ____sys_sendmsg+0xa98/0xc70
[  842.297990][T14193]  ? copy_msghdr_from_user+0x10a/0x160
[  842.298012][T14193]  ? __pfx_____sys_sendmsg+0x10/0x10
[  842.298047][T14193]  ___sys_sendmsg+0x134/0x1d0
[  842.298074][T14193]  ? __pfx____sys_sendmsg+0x10/0x10
[  842.298093][T14193]  ? __lock_acquire+0x622/0x1c90
[  842.298146][T14193]  __sys_sendmsg+0x16d/0x220
[  842.298168][T14193]  ? __pfx___sys_sendmsg+0x10/0x10
[  842.298204][T14193]  do_syscall_64+0xcd/0xfa0
[  842.298232][T14193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.298250][T14193] RIP: 0033:0x7f569358efc9
[  842.298264][T14193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  842.298280][T14193] RSP: 002b:00007f56944b1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  842.298296][T14193] RAX: ffffffffffffffda RBX: 00007f56937e5fa0 RCX: 00007f569358efc9
[  842.298308][T14193] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  842.298318][T14193] RBP: 00007f56944b1090 R08: 0000000000000000 R09: 0000000000000000
[  842.298328][T14193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  842.298338][T14193] R13: 00007f56937e6038 R14: 00007f56937e5fa0 R15: 00007fffab7edb18
[  842.298361][T14193]  </TASK>
[  843.125055][T14212] netlink: 'syz.3.2446': attribute type 10 has an invalid length.
[  843.197681][T14212] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2446'.
[  843.730900][ T5922] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[  843.920863][ T5922] usb 2-1: Using ep0 maxpacket: 8
[  843.931338][   T30] audit: type=1400 audit(1761289322.887:307): avc:  denied  { getopt } for  pid=14222 comm="syz.3.2451" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  843.963656][ T5922] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  843.988356][ T5922] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  844.011149][ T5922] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  844.013954][  T976] mct_u232 3-1:0.139: MCT U232 converter detected
[  844.030846][ T5922] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  844.066205][ T5922] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  844.083507][  T976] usb 3-1: MCT U232 converter now attached to ttyUSB0
[  844.105706][  T976] usb 3-1: USB disconnect, device number 110
[  844.116630][  T976] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[  844.125969][  T976] mct_u232 3-1:0.139: device disconnected
[  844.299842][ T5922] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  844.309293][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.944799][T14236] FAULT_INJECTION: forcing a failure.
[  844.944799][T14236] name failslab, interval 1, probability 0, space 0, times 0
[  844.970966][T14236] CPU: 0 UID: 0 PID: 14236 Comm: syz.2.2455 Not tainted syzkaller #0 PREEMPT(full) 
[  844.970992][T14236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  844.971003][T14236] Call Trace:
[  844.971009][T14236]  <TASK>
[  844.971016][T14236]  dump_stack_lvl+0x16c/0x1f0
[  844.971048][T14236]  should_fail_ex+0x512/0x640
[  844.971069][T14236]  ? __kmalloc_noprof+0xca/0x880
[  844.971102][T14236]  should_failslab+0xc2/0x120
[  844.971122][T14236]  __kmalloc_noprof+0xdd/0x880
[  844.971146][T14236]  ? bpf_test_init.isra.0+0x88/0x130
[  844.971172][T14236]  ? bpf_test_init.isra.0+0x88/0x130
[  844.971192][T14236]  bpf_test_init.isra.0+0x88/0x130
[  844.971216][T14236]  bpf_prog_test_run_flow_dissector+0x236/0x980
[  844.971248][T14236]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  844.971274][T14236]  ? find_held_lock+0x2b/0x80
[  844.971297][T14236]  ? __fget_files+0x204/0x3c0
[  844.971318][T14236]  ? __fget_files+0x20e/0x3c0
[  844.971333][T14236]  ? pfn_swap_entry_to_page+0x540/0x540
[  844.971364][T14236]  ? fput+0x9b/0xd0
[  844.971385][T14236]  ? __bpf_prog_get+0x97/0x2a0
[  844.971406][T14236]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  844.971431][T14236]  __sys_bpf+0x1035/0x4980
[  844.971460][T14236]  ? __pfx___sys_bpf+0x10/0x10
[  844.971484][T14236]  ? find_held_lock+0x2b/0x80
[  844.971511][T14236]  ? find_held_lock+0x2b/0x80
[  844.971538][T14236]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  844.971579][T14236]  ? fput+0x9b/0xd0
[  844.971600][T14236]  ? ksys_write+0x1ac/0x250
[  844.971615][T14236]  ? __pfx_ksys_write+0x10/0x10
[  844.971635][T14236]  __x64_sys_bpf+0x78/0xc0
[  844.971661][T14236]  ? lockdep_hardirqs_on+0x7c/0x110
[  844.971686][T14236]  do_syscall_64+0xcd/0xfa0
[  844.971712][T14236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.971729][T14236] RIP: 0033:0x7fadd618efc9
[  844.971744][T14236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  844.971760][T14236] RSP: 002b:00007fadd43f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  844.971778][T14236] RAX: ffffffffffffffda RBX: 00007fadd63e5fa0 RCX: 00007fadd618efc9
[  844.971789][T14236] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  844.971799][T14236] RBP: 00007fadd43f6090 R08: 0000000000000000 R09: 0000000000000000
[  844.971809][T14236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.971818][T14236] R13: 00007fadd63e6038 R14: 00007fadd63e5fa0 R15: 00007ffe8c1ea638
[  844.971842][T14236]  </TASK>
[  845.225436][    C0] vkms_vblank_simulate: vblank timer overrun
[  845.274153][T14239] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2457'.
[  845.290636][T14240] syzkaller1: entered promiscuous mode
[  845.303903][   T30] audit: type=1400 audit(1761289324.227:308): avc:  denied  { create } for  pid=14237 comm="syz.3.2457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  845.306028][T14240] syzkaller1: entered allmulticast mode
[  845.325515][   T30] audit: type=1400 audit(1761289324.237:309): avc:  denied  { setopt } for  pid=14237 comm="syz.3.2457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  845.361042][ T5922] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[  845.534054][   T30] audit: type=1400 audit(1761289324.497:310): avc:  denied  { write } for  pid=14245 comm="syz.2.2459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  845.556014][ T5922] usb 5-1: unable to get BOS descriptor or descriptor too short
[  845.564770][ T5922] usb 5-1: not running at top speed; connect to a high speed hub
[  845.574268][ T5922] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  845.625459][ T5922] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  845.636918][ T5922] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  845.646347][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.995753][   T30] audit: type=1400 audit(1761289324.957:311): avc:  denied  { read } for  pid=14247 comm="syz.5.2460" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  846.523170][   T30] audit: type=1400 audit(1761289325.027:312): avc:  denied  { open } for  pid=14247 comm="syz.5.2460" path="/105/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  846.555979][ T5922] usb 5-1: Product: ဇ
[  846.560165][ T5922] usb 5-1: Manufacturer: 擎峉⧉❭嘍솆쫃帝힀J쌀澈澠頧௃ꝓ痦狉嬂㟘Ã
[  846.570567][ T5922] usb 5-1: SerialNumber: 軿廒䌯雁ꀻ⟡৖钴ϻ犙ࣕ觌튤袡݁쫭ԅꯖ虠䫙꾖낰畛ᔱ泤啫婚䜞躴㟆嚥㟜Ꙝ᭾遜ꮸ輙췃三师▇簥닕⸐ያꀇ䋵箠꾫ꔃႫ噲鞂泏㬀䁥ៜ긕╁䞐૞ꯓ㌗噶㉹熥슺眏룄
[  846.594748][    C0] vkms_vblank_simulate: vblank timer overrun
[  846.603657][   T30] audit: type=1400 audit(1761289325.027:313): avc:  denied  { ioctl } for  pid=14247 comm="syz.5.2460" path="/105/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d08 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  846.628147][    C0] vkms_vblank_simulate: vblank timer overrun
[  846.700859][ T5942] usb 2-1: USB disconnect, device number 109
[  846.855792][ T5922] usb 5-1: 0:2 : does not exist
[  846.868526][ T5922] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  846.902027][ T5922] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[  846.926100][ T5922] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  846.953109][ T5922] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  847.028310][ T5922] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  847.039399][ T5922] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[  847.059883][ T5922] usb 5-1: USB disconnect, device number 75
[  847.398585][T14274] program syz.3.2467 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  847.790438][   T30] audit: type=1400 audit(1761289326.747:314): avc:  denied  { getopt } for  pid=14275 comm="syz.4.2468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  847.827906][   T30] audit: type=1400 audit(1761289326.787:315): avc:  denied  { create } for  pid=14278 comm="syz.1.2469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  847.851713][   T30] audit: type=1400 audit(1761289326.787:316): avc:  denied  { getopt } for  pid=14278 comm="syz.1.2469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  848.624831][T14288] program syz.3.2471 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  848.988434][T14294] FAULT_INJECTION: forcing a failure.
[  848.988434][T14294] name failslab, interval 1, probability 0, space 0, times 0
[  849.055236][T14294] CPU: 1 UID: 0 PID: 14294 Comm: syz.2.2474 Not tainted syzkaller #0 PREEMPT(full) 
[  849.055260][T14294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  849.055269][T14294] Call Trace:
[  849.055275][T14294]  <TASK>
[  849.055282][T14294]  dump_stack_lvl+0x16c/0x1f0
[  849.055311][T14294]  should_fail_ex+0x512/0x640
[  849.055330][T14294]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  849.055356][T14294]  should_failslab+0xc2/0x120
[  849.055374][T14294]  kmem_cache_alloc_node_noprof+0x78/0x770
[  849.055397][T14294]  ? __alloc_skb+0x2b2/0x380
[  849.055419][T14294]  ? __alloc_skb+0x2b2/0x380
[  849.055436][T14294]  ? __pfx_netlink_insert+0x10/0x10
[  849.055457][T14294]  __alloc_skb+0x2b2/0x380
[  849.055475][T14294]  ? __pfx___alloc_skb+0x10/0x10
[  849.055493][T14294]  ? netlink_autobind.isra.0+0x158/0x370
[  849.055521][T14294]  netlink_alloc_large_skb+0x69/0x140
[  849.055547][T14294]  netlink_sendmsg+0x698/0xdd0
[  849.055575][T14294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  849.055609][T14294]  ____sys_sendmsg+0xa98/0xc70
[  849.055636][T14294]  ? copy_msghdr_from_user+0x10a/0x160
[  849.055658][T14294]  ? __pfx_____sys_sendmsg+0x10/0x10
[  849.055694][T14294]  ___sys_sendmsg+0x134/0x1d0
[  849.055716][T14294]  ? __pfx____sys_sendmsg+0x10/0x10
[  849.055734][T14294]  ? __lock_acquire+0x622/0x1c90
[  849.055785][T14294]  __sys_sendmsg+0x16d/0x220
[  849.055806][T14294]  ? __pfx___sys_sendmsg+0x10/0x10
[  849.055843][T14294]  do_syscall_64+0xcd/0xfa0
[  849.055875][T14294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.055893][T14294] RIP: 0033:0x7fadd618efc9
[  849.055907][T14294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.055923][T14294] RSP: 002b:00007fadd43f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  849.055940][T14294] RAX: ffffffffffffffda RBX: 00007fadd63e5fa0 RCX: 00007fadd618efc9
[  849.055951][T14294] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005
[  849.055961][T14294] RBP: 00007fadd43f6090 R08: 0000000000000000 R09: 0000000000000000
[  849.055971][T14294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  849.055981][T14294] R13: 00007fadd63e6038 R14: 00007fadd63e5fa0 R15: 00007ffe8c1ea638
[  849.056004][T14294]  </TASK>
[  849.525701][   T30] audit: type=1400 audit(1761289328.377:317): avc:  denied  { create } for  pid=14284 comm="syz.1.2470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  849.730533][T14300] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2470'.
[  849.788784][   T30] audit: type=1400 audit(1761289328.377:318): avc:  denied  { bind } for  pid=14284 comm="syz.1.2470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  849.920400][T14303] mkiss: ax0: crc mode is auto.
[  850.260813][   T42] usb 3-1: new full-speed USB device number 111 using dummy_hcd
[  851.142255][   T42] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  851.146380][T14318] FAULT_INJECTION: forcing a failure.
[  851.146380][T14318] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  851.152549][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  851.177264][T14318] CPU: 0 UID: 0 PID: 14318 Comm: syz.5.2481 Not tainted syzkaller #0 PREEMPT(full) 
[  851.177285][T14318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  851.177295][T14318] Call Trace:
[  851.177301][T14318]  <TASK>
[  851.177308][T14318]  dump_stack_lvl+0x16c/0x1f0
[  851.177338][T14318]  should_fail_ex+0x512/0x640
[  851.177363][T14318]  _copy_from_iter+0x29f/0x1720
[  851.177390][T14318]  ? __pfx__copy_from_iter+0x10/0x10
[  851.177410][T14318]  ? _parse_integer_limit+0x17f/0x1d0
[  851.177438][T14318]  ? _kstrtoull+0x145/0x200
[  851.177462][T14318]  tun_get_user+0x3c7/0x3cc0
[  851.177496][T14318]  ? __pfx_tun_get_user+0x10/0x10
[  851.177520][T14318]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  851.177549][T14318]  ? find_held_lock+0x2b/0x80
[  851.177569][T14318]  ? tun_get+0x191/0x370
[  851.177593][T14318]  tun_chr_write_iter+0xdc/0x210
[  851.177617][T14318]  vfs_write+0x7d3/0x11d0
[  851.177635][T14318]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  851.177661][T14318]  ? __pfx_vfs_write+0x10/0x10
[  851.177676][T14318]  ? find_held_lock+0x2b/0x80
[  851.177712][T14318]  ksys_write+0x12a/0x250
[  851.177729][T14318]  ? __pfx_ksys_write+0x10/0x10
[  851.177751][T14318]  do_syscall_64+0xcd/0xfa0
[  851.177778][T14318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.177796][T14318] RIP: 0033:0x7f569358efc9
[  851.177811][T14318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  851.177828][T14318] RSP: 002b:00007f56944b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  851.177861][T14318] RAX: ffffffffffffffda RBX: 00007f56937e5fa0 RCX: 00007f569358efc9
[  851.177872][T14318] RDX: 0000000000000ffe RSI: 0000200000000040 RDI: 0000000000000006
[  851.177883][T14318] RBP: 00007f56944b1090 R08: 0000000000000000 R09: 0000000000000000
[  851.177893][T14318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  851.177903][T14318] R13: 00007f56937e6038 R14: 00007f56937e5fa0 R15: 00007fffab7edb18
[  851.177928][T14318]  </TASK>
[  851.178863][   T42] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  851.248739][T14323] syz.1.2483: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  851.250228][   T42] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  851.258117][T14323] ,cpuset=
[  851.260434][   T42] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  851.288344][T14323] /
[  851.293373][   T42] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  851.445398][T14326] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  851.445398][T14326] 
[  851.547433][T14323] ,mems_allowed=0-1
[  851.547468][T14323] CPU: 0 UID: 0 PID: 14323 Comm: syz.1.2483 Not tainted syzkaller #0 PREEMPT(full) 
[  851.547482][T14323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  851.547488][T14323] Call Trace:
[  851.547493][T14323]  <TASK>
[  851.547498][T14323]  dump_stack_lvl+0x16c/0x1f0
[  851.547518][T14323]  warn_alloc+0x248/0x3a0
[  851.547536][T14323]  ? __pfx_warn_alloc+0x10/0x10
[  851.547550][T14323]  ? __pfx_stack_trace_save+0x10/0x10
[  851.547571][T14323]  ? kasan_save_stack+0x42/0x60
[  851.547581][T14323]  ? kasan_save_stack+0x33/0x60
[  851.547591][T14323]  ? kasan_save_track+0x14/0x30
[  851.547600][T14323]  ? xskq_create+0x52/0x1d0
[  851.547614][T14323]  ? xsk_setsockopt+0x74e/0x9a0
[  851.547625][T14323]  ? do_sock_setsockopt+0xf3/0x1d0
[  851.547642][T14323]  ? xskq_create+0xfb/0x1d0
[  851.547654][T14323]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  851.547672][T14323]  ? xskq_create+0xfb/0x1d0
[  851.547687][T14323]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  851.547704][T14323]  ? xskq_create+0xfb/0x1d0
[  851.547717][T14323]  vmalloc_user_noprof+0x9e/0xe0
[  851.547729][T14323]  ? xskq_create+0xfb/0x1d0
[  851.547742][T14323]  xskq_create+0xfb/0x1d0
[  851.547755][T14323]  xsk_setsockopt+0x74e/0x9a0
[  851.547767][T14323]  ? __pfx_xsk_setsockopt+0x10/0x10
[  851.547778][T14323]  ? find_held_lock+0x2b/0x80
[  851.547794][T14323]  ? selinux_socket_setsockopt+0x6a/0x80
[  851.547811][T14323]  ? __pfx_xsk_setsockopt+0x10/0x10
[  851.547823][T14323]  do_sock_setsockopt+0xf3/0x1d0
[  851.547840][T14323]  __sys_setsockopt+0x1a0/0x230
[  851.547854][T14323]  __x64_sys_setsockopt+0xbd/0x160
[  851.547866][T14323]  ? do_syscall_64+0x91/0xfa0
[  851.547880][T14323]  ? lockdep_hardirqs_on+0x7c/0x110
[  851.547895][T14323]  do_syscall_64+0xcd/0xfa0
[  851.547911][T14323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  851.547921][T14323] RIP: 0033:0x7fa6d278efc9
[  851.547931][T14323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  851.547941][T14323] RSP: 002b:00007fa6d3592038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  851.547950][T14323] RAX: ffffffffffffffda RBX: 00007fa6d29e6090 RCX: 00007fa6d278efc9
[  851.547957][T14323] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  851.547963][T14323] RBP: 00007fa6d2811f91 R08: 0000000000000004 R09: 0000000000000000
[  851.547969][T14323] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  851.547974][T14323] R13: 00007fa6d29e6128 R14: 00007fa6d29e6090 R15: 00007ffdb2bbf548
[  851.547988][T14323]  </TASK>
[  851.547992][T14323] Mem-Info:
[  851.547998][T14323] active_anon:11842 inactive_anon:0 isolated_anon:0
[  851.547998][T14323]  active_file:4781 inactive_file:40936 isolated_file:0
[  851.547998][T14323]  unevictable:768 dirty:1109 writeback:0
[  851.547998][T14323]  slab_reclaimable:12574 slab_unreclaimable:98645
[  851.547998][T14323]  mapped:35544 shmem:4210 pagetables:1361
[  851.547998][T14323]  sec_pagetables:0 bounce:0
[  851.547998][T14323]  kernel_misc_reclaimable:0
[  851.547998][T14323]  free:1308599 free_pcp:17580 free_cma:0
[  851.548025][T14323] Node 0 active_anon:47368kB inactive_anon:0kB active_file:19124kB inactive_file:163544kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142176kB dirty:4436kB writeback:0kB shmem:15304kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12460kB pagetables:5300kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  851.548050][T14323] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  851.548074][T14323] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  851.548103][T14323] lowmem_reserve[]: 0 2485 2487 2487 2487
[  851.548125][T14323] Node 0 DMA32 free:1327132kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:47368kB inactive_anon:0kB active_file:19124kB inactive_file:163544kB unevictable:1536kB writepending:4436kB zspages:0kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:51104kB local_pcp:33972kB free_cma:0kB
[  851.548158][T14323] lowmem_reserve[]: 0 0 1 1 1
[  851.548186][T14323] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  851.548217][T14323] lowmem_reserve[]: 0 0 0 0 0
[  851.548238][T14323] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:10784kB free_cma:0kB
[  851.548270][T14323] lowmem_reserve[]: 0 0 0 0 0
[  851.548291][T14323] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  851.548361][T14323] Node 0 DMA32: 93*4kB (UME) 101*8kB (U) 179*16kB (U) 100*32kB (UME) 8*64kB (UME) 31*128kB (UME) 22*256kB (UM) 14*512kB (UM) 14*1024kB (UM) 7*2048kB (UME) 311*4096kB (M) = 1327052kB
[  851.548451][T14323] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  851.548504][T14323] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  851.548592][T14323] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  851.548600][T14323] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  851.548609][T14323] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  851.548617][T14323] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  851.548625][T14323] 49923 total pagecache pages
[  851.548629][T14323] 0 pages in swap cache
[  851.548633][T14323] Free swap  = 124996kB
[  851.548637][T14323] Total swap = 124996kB
[  851.548641][T14323] 2097051 pages RAM
[  851.548645][T14323] 0 pages HighMem/MovableOnly
[  851.548649][T14323] 428740 pages reserved
[  851.548653][T14323] 0 pages cma reserved
[  851.841221][   T42] usb 3-1: Manufacturer: syz
[  851.884107][T14323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2483'.
[  851.891430][   T42] usb 3-1: config 0 descriptor??
[  852.195958][T14333] program syz.5.2484 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  852.471062][   T42] rc_core: IR keymap rc-hauppauge not found
[  852.471081][   T42] Registered IR keymap rc-empty
[  852.471401][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.494419][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.522753][   T42] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  852.524236][   T42] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input119
[  852.531226][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.554176][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.570973][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.593123][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.610962][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.630911][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.660888][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.691359][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.710854][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.737906][   T42] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  852.763307][   T42] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  852.763322][   T42] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  852.798246][   T42] usb 3-1: USB disconnect, device number 111
[  853.174408][T14342] netlink: 'syz.4.2487': attribute type 10 has an invalid length.
[  853.174422][T14342] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2487'.
[  853.232295][T14345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2486'.
[  854.521086][    C1] vkms_vblank_simulate: vblank timer overrun
[  854.726510][   T30] audit: type=1400 audit(1761289333.627:319): avc:  denied  { mount } for  pid=14349 comm="syz.2.2489" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  854.726546][   T30] audit: type=1400 audit(1761289333.627:320): avc:  denied  { remount } for  pid=14349 comm="syz.2.2489" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  854.726566][   T30] audit: type=1400 audit(1761289333.637:321): avc:  denied  { listen } for  pid=14349 comm="syz.2.2489" lport=43303 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  854.726587][   T30] audit: type=1400 audit(1761289333.637:322): avc:  denied  { accept } for  pid=14349 comm="syz.2.2489" lport=43303 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  854.726608][   T30] audit: type=1400 audit(1761289333.637:323): avc:  denied  { write } for  pid=14349 comm="syz.2.2489" lport=43303 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  854.726629][   T30] audit: type=1400 audit(1761289333.637:324): avc:  denied  { setopt } for  pid=14349 comm="syz.2.2489" lport=43303 faddr=::ffff:172.20.255.187 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  855.463413][T14363] afs: Unknown parameter 'dynoc/sys/fs/binfmt_misc/syz0'
[  855.490847][    T9] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  855.500270][T14363] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2492'.
[  855.892213][T14320] tty tty1: ldisc open failed (-12), clearing slot 0
[  855.970812][    T9] usb 4-1: Using ep0 maxpacket: 32
[  856.011021][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  856.040822][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  856.104317][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  856.131547][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.166463][    T9] usb 4-1: config 0 descriptor??
[  856.229876][    T9] hub 4-1:0.0: USB hub found
[  856.297659][   T30] audit: type=1400 audit(1761289335.257:325): avc:  denied  { write } for  pid=14366 comm="syz.5.2494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  856.331705][   T30] audit: type=1400 audit(1761289335.277:326): avc:  denied  { name_connect } for  pid=14366 comm="syz.5.2494" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  856.546623][    T9] hub 4-1:0.0: config failed, can't read hub descriptor (err -90)
[  856.583338][   T30] audit: type=1400 audit(1761289335.537:327): avc:  denied  { unmount } for  pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  856.631240][   T30] audit: type=1400 audit(1761289335.567:328): avc:  denied  { watch watch_reads } for  pid=14366 comm="syz.5.2494" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  857.218079][    T9] hid-generic 0003:046D:C31C.001E: item fetching failed at offset 0/1
[  857.672630][    T9] hid-generic 0003:046D:C31C.001E: probe with driver hid-generic failed with error -22
[  857.724409][T14376] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  857.730949][T14376] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  857.745718][T14380] syzkaller1: entered promiscuous mode
[  857.751260][T14380] syzkaller1: entered allmulticast mode
[  857.769121][T14378] vhci_hcd: connection closed
[  857.812906][T14376] vhci_hcd vhci_hcd.0: Device attached
[  857.834742][T14384] trusted_key: encrypted_key: insufficient parameters specified
[  857.852499][ T6777] vhci_hcd: stop threads
[  857.857270][ T6777] vhci_hcd: release socket
[  857.862065][ T6777] vhci_hcd: disconnect device
[  858.058748][T14389] netlink: 'syz.2.2498': attribute type 1 has an invalid length.
[  858.123704][ T5895] usb 4-1: USB disconnect, device number 106
[  858.679271][    T9] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[  859.822147][    T9] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  859.868343][    T9] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  859.897758][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  859.907022][    T9] usb 5-1: Product: syz
[  859.911887][    T9] usb 5-1: Manufacturer: syz
[  859.917367][    T9] usb 5-1: SerialNumber: syz
[  859.941754][    T9] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  859.980622][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  859.980637][   T30] audit: type=1400 audit(1761289338.937:331): avc:  denied  { read write } for  pid=14405 comm="syz.2.2505" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  860.252397][   T30] audit: type=1400 audit(1761289339.047:332): avc:  denied  { open } for  pid=14405 comm="syz.2.2505" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  860.371589][ T5922] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[  860.379855][   T30] audit: type=1400 audit(1761289339.157:333): avc:  denied  { ioctl } for  pid=14402 comm="syz.3.2503" path="socket:[50678]" dev="sockfs" ino=50678 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  860.482196][    T9] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  860.529388][   T30] audit: type=1400 audit(1761289339.487:334): avc:  denied  { write } for  pid=14402 comm="syz.3.2503" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  860.591232][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  860.612519][ T5922] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  860.612570][ T5942] usb 5-1: USB disconnect, device number 76
[  860.628065][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.651150][ T5922] usb 3-1: Product: syz
[  860.658213][ T5922] usb 3-1: Manufacturer: syz
[  860.663611][ T5922] usb 3-1: SerialNumber: syz
[  860.673970][ T5922] usb 3-1: config 0 descriptor??
[  860.701124][   T42] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  860.861742][   T42] usb 6-1: Using ep0 maxpacket: 8
[  860.868271][   T42] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  860.876730][   T42] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  860.886685][   T42] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  860.896626][   T42] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  860.906705][   T42] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  860.919912][   T42] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  860.929063][   T42] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  861.630092][   T30] audit: type=1400 audit(1761289340.587:335): avc:  denied  { map } for  pid=14420 comm="syz.3.2509" path="socket:[50700]" dev="sockfs" ino=50700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  861.733923][   T30] audit: type=1400 audit(1761289340.587:336): avc:  denied  { connect } for  pid=14420 comm="syz.3.2509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  861.769694][   T30] audit: type=1400 audit(1761289340.587:337): avc:  denied  { write } for  pid=14420 comm="syz.3.2509" laddr=172.20.20.170 lport=40211 faddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  861.799617][   T30] audit: type=1400 audit(1761289340.587:338): avc:  denied  { open } for  pid=14420 comm="syz.3.2509" path="/dev/ptyqa" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  861.829684][T14429] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2511'.
[  861.855038][   T30] audit: type=1400 audit(1761289340.647:339): avc:  denied  { sqpoll } for  pid=14420 comm="syz.3.2509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  861.941544][T14411] usbtmc 6-1:16.0: simple usb_control_msg failed -32
[  861.949159][ T5942] usb 6-1: USB disconnect, device number 20
[  862.040356][T14433] FAULT_INJECTION: forcing a failure.
[  862.040356][T14433] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  862.053615][T14433] CPU: 0 UID: 0 PID: 14433 Comm: syz.1.2512 Not tainted syzkaller #0 PREEMPT(full) 
[  862.053638][T14433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  862.053649][T14433] Call Trace:
[  862.053655][T14433]  <TASK>
[  862.053663][T14433]  dump_stack_lvl+0x16c/0x1f0
[  862.053694][T14433]  should_fail_ex+0x512/0x640
[  862.053719][T14433]  _copy_from_user+0x2e/0xd0
[  862.053742][T14433]  move_addr_to_kernel+0x65/0x170
[  862.053762][T14433]  __copy_msghdr+0x386/0x470
[  862.053784][T14433]  copy_msghdr_from_user+0xc1/0x160
[  862.053806][T14433]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  862.053842][T14433]  ___sys_sendmsg+0xfe/0x1d0
[  862.053865][T14433]  ? __pfx____sys_sendmsg+0x10/0x10
[  862.053883][T14433]  ? __lock_acquire+0x622/0x1c90
[  862.053941][T14433]  __sys_sendmsg+0x16d/0x220
[  862.053964][T14433]  ? __pfx___sys_sendmsg+0x10/0x10
[  862.054003][T14433]  do_syscall_64+0xcd/0xfa0
[  862.054030][T14433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.054048][T14433] RIP: 0033:0x7fa6d278efc9
[  862.054062][T14433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  862.054079][T14433] RSP: 002b:00007fa6d3571038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  862.054096][T14433] RAX: ffffffffffffffda RBX: 00007fa6d29e6180 RCX: 00007fa6d278efc9
[  862.054107][T14433] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 0000000000000008
[  862.054122][T14433] RBP: 00007fa6d3571090 R08: 0000000000000000 R09: 0000000000000000
[  862.054133][T14433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  862.054143][T14433] R13: 00007fa6d29e6218 R14: 00007fa6d29e6180 R15: 00007ffdb2bbf548
[  862.054168][T14433]  </TASK>
[  862.235155][T14432] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2513'.
[  862.338337][T14435] FAULT_INJECTION: forcing a failure.
[  862.338337][T14435] name failslab, interval 1, probability 0, space 0, times 0
[  862.355310][T14435] CPU: 1 UID: 0 PID: 14435 Comm: syz.4.2514 Not tainted syzkaller #0 PREEMPT(full) 
[  862.355325][T14435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  862.355331][T14435] Call Trace:
[  862.355335][T14435]  <TASK>
[  862.355339][T14435]  dump_stack_lvl+0x16c/0x1f0
[  862.355359][T14435]  should_fail_ex+0x512/0x640
[  862.355372][T14435]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  862.355390][T14435]  should_failslab+0xc2/0x120
[  862.355402][T14435]  kmem_cache_alloc_node_noprof+0x78/0x770
[  862.355417][T14435]  ? __alloc_skb+0x2b2/0x380
[  862.355432][T14435]  ? __alloc_skb+0x2b2/0x380
[  862.355443][T14435]  ? __pfx_avc_has_perm+0x10/0x10
[  862.355457][T14435]  __alloc_skb+0x2b2/0x380
[  862.355469][T14435]  ? __pfx___alloc_skb+0x10/0x10
[  862.355480][T14435]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  862.355497][T14435]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  862.355517][T14435]  netlink_alloc_large_skb+0x69/0x140
[  862.355533][T14435]  netlink_sendmsg+0x698/0xdd0
[  862.355550][T14435]  ? __pfx_netlink_sendmsg+0x10/0x10
[  862.355569][T14435]  ____sys_sendmsg+0xa98/0xc70
[  862.355585][T14435]  ? copy_msghdr_from_user+0x10a/0x160
[  862.355599][T14435]  ? __pfx_____sys_sendmsg+0x10/0x10
[  862.355621][T14435]  ___sys_sendmsg+0x134/0x1d0
[  862.355635][T14435]  ? __pfx____sys_sendmsg+0x10/0x10
[  862.355646][T14435]  ? __lock_acquire+0x622/0x1c90
[  862.355679][T14435]  __sys_sendmsg+0x16d/0x220
[  862.355692][T14435]  ? __pfx___sys_sendmsg+0x10/0x10
[  862.355710][T14435]  ? fput+0x9b/0xd0
[  862.355725][T14435]  do_syscall_64+0xcd/0xfa0
[  862.355741][T14435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.355753][T14435] RIP: 0033:0x7f0979b8efc9
[  862.355766][T14435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  862.355781][T14435] RSP: 002b:00007f097ab04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  862.355797][T14435] RAX: ffffffffffffffda RBX: 00007f0979de5fa0 RCX: 00007f0979b8efc9
[  862.355808][T14435] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004
[  862.355816][T14435] RBP: 00007f097ab04090 R08: 0000000000000000 R09: 0000000000000000
[  862.355823][T14435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  862.355829][T14435] R13: 00007f0979de6038 R14: 00007f0979de5fa0 R15: 00007fff7b736d98
[  862.355843][T14435]  </TASK>
[  862.633556][T14437] syz.3.2515: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  862.648250][T14437] CPU: 1 UID: 0 PID: 14437 Comm: syz.3.2515 Not tainted syzkaller #0 PREEMPT(full) 
[  862.648277][T14437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  862.648289][T14437] Call Trace:
[  862.648296][T14437]  <TASK>
[  862.648304][T14437]  dump_stack_lvl+0x16c/0x1f0
[  862.648338][T14437]  warn_alloc+0x248/0x3a0
[  862.648370][T14437]  ? __pfx_warn_alloc+0x10/0x10
[  862.648397][T14437]  ? __pfx_stack_trace_save+0x10/0x10
[  862.648432][T14437]  ? kasan_save_stack+0x42/0x60
[  862.648449][T14437]  ? kasan_save_stack+0x33/0x60
[  862.648466][T14437]  ? kasan_save_track+0x14/0x30
[  862.648483][T14437]  ? xskq_create+0x52/0x1d0
[  862.648504][T14437]  ? xsk_setsockopt+0x74e/0x9a0
[  862.648523][T14437]  ? do_sock_setsockopt+0xf3/0x1d0
[  862.648553][T14437]  ? xskq_create+0xfb/0x1d0
[  862.648576][T14437]  __vmalloc_node_range_noprof+0xfbc/0x1480
[  862.648609][T14437]  ? xskq_create+0xfb/0x1d0
[  862.648638][T14437]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  862.648671][T14437]  ? xskq_create+0xfb/0x1d0
[  862.648693][T14437]  vmalloc_user_noprof+0x9e/0xe0
[  862.648716][T14437]  ? xskq_create+0xfb/0x1d0
[  862.648740][T14437]  xskq_create+0xfb/0x1d0
[  862.648765][T14437]  xsk_setsockopt+0x74e/0x9a0
[  862.648787][T14437]  ? __pfx_xsk_setsockopt+0x10/0x10
[  862.648806][T14437]  ? find_held_lock+0x2b/0x80
[  862.648832][T14437]  ? selinux_socket_setsockopt+0x6a/0x80
[  862.648859][T14437]  ? __pfx_xsk_setsockopt+0x10/0x10
[  862.648888][T14437]  do_sock_setsockopt+0xf3/0x1d0
[  862.648918][T14437]  __sys_setsockopt+0x1a0/0x230
[  862.648945][T14437]  __x64_sys_setsockopt+0xbd/0x160
[  862.648966][T14437]  ? do_syscall_64+0x91/0xfa0
[  862.648991][T14437]  ? lockdep_hardirqs_on+0x7c/0x110
[  862.649015][T14437]  do_syscall_64+0xcd/0xfa0
[  862.649042][T14437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.649060][T14437] RIP: 0033:0x7fc8aa98efc9
[  862.649076][T14437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  862.649093][T14437] RSP: 002b:00007fc8ab87f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  862.649111][T14437] RAX: ffffffffffffffda RBX: 00007fc8aabe5fa0 RCX: 00007fc8aa98efc9
[  862.649122][T14437] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  862.649133][T14437] RBP: 00007fc8aaa11f91 R08: 0000000000000004 R09: 0000000000000000
[  862.649144][T14437] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  862.649154][T14437] R13: 00007fc8aabe6038 R14: 00007fc8aabe5fa0 R15: 00007ffeb0dcf3d8
[  862.649180][T14437]  </TASK>
[  862.649187][T14437] Mem-Info:
[  862.734653][T14440] hugetlbfs: Bad value 'V' for mount option 'nr_inodes'
[  862.734653][T14440] 
[  862.735760][T14437] active_anon:12316 inactive_anon:0 isolated_anon:0
[  862.735760][T14437]  active_file:13929 inactive_file:40941 isolated_file:0
[  862.735760][T14437]  unevictable:768 dirty:716 writeback:0
[  862.735760][T14437]  slab_reclaimable:12551 slab_unreclaimable:98177
[  862.735760][T14437]  mapped:34600 shmem:4214 pagetables:1407
[  862.735760][T14437]  sec_pagetables:0 bounce:0
[  862.735760][T14437]  kernel_misc_reclaimable:0
[  862.735760][T14437]  free:1296240 free_pcp:20531 free_cma:0
[  862.871220][T14440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2515'.
[  862.908624][T14443] capability: warning: `syz.1.2517' uses 32-bit capabilities (legacy support in use)
[  862.981413][T14437] Node 0 active_anon:37964kB inactive_anon:0kB active_file:55716kB inactive_file:163564kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127000kB dirty:2864kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12388kB pagetables:5384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  862.981466][T14437] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  862.981507][T14437] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  863.013325][    C0] vkms_vblank_simulate: vblank timer overrun
[  863.073804][    C0] vkms_vblank_simulate: vblank timer overrun
[  863.086265][T13191] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  863.095196][   T30] audit: type=1400 audit(1761289341.977:340): avc:  denied  { setattr } for  pid=14442 comm="syz.1.2517" name="route" dev="proc" ino=4026533146 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  863.121450][T14437] lowmem_reserve[]: 0 2485 2487 2487 2487
[  863.131954][T14437] Node 0 DMA32 free:1293696kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37864kB inactive_anon:0kB active_file:55716kB inactive_file:163564kB unevictable:1536kB writepending:2864kB zspages:0kB present:3129332kB managed:2544884kB mlocked:0kB bounce:0kB free_pcp:58964kB local_pcp:28300kB free_cma:0kB
[  863.165417][    C0] vkms_vblank_simulate: vblank timer overrun
[  863.226853][T14437] lowmem_reserve[]: 0 0 1 1 1
[  863.244581][T14437] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  863.274545][T14437] lowmem_reserve[]: 0 0 0 0 0
[  863.279404][T14437] Node 1 Normal free:3891904kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19216kB local_pcp:8432kB free_cma:0kB
[  863.316146][T13191] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  863.325865][T13191] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.341280][T14437] lowmem_reserve[]: 0 0 0 0 0
[  863.368184][ T5922] usb 3-1: USB disconnect, device number 112
[  863.425148][T14437] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB 
[  863.429179][T13191] usb 5-1: Product: syz
[  863.445903][T13191] usb 5-1: Manufacturer: syz
[  863.492577][T13191] usb 5-1: SerialNumber: syz
[  863.651892][T13191] usb 5-1: config 0 descriptor??
[  863.778791][T14437] (M) 3*4096kB (M) = 15360kB
[  863.780137][T13191] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  863.783515][T14437] Node 0 DMA32: 475*4kB (UME) 537*8kB (UME) 401*16kB (UM) 190*32kB (UM) 57*64kB (UME) 63*128kB (UME) 33*256kB (UM) 15*512kB (UM) 16*1024kB (UM) 5*2048kB (UME) 297*4096kB (M) = 1289668kB
[  863.809501][T14437] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  863.821079][T14437] Node 1 Normal: 172*4kB (UE) 34*8kB (UME) 36*16kB (UME) 74*32kB (UME) 24*64kB (UME) 7*128kB (UME) 6*256kB (UME) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 946*4096kB (M) = 3891904kB
[  863.839274][T14437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  863.848950][T14437] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  863.863600][T14437] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  863.873339][T14437] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  863.883457][T14437] 56743 total pagecache pages
[  863.888134][T14437] 0 pages in swap cache
[  863.892359][T14437] Free swap  = 124996kB
[  863.896562][T14437] Total swap = 124996kB
[  863.900709][T14437] 2097051 pages RAM
[  863.904535][T14437] 0 pages HighMem/MovableOnly
[  863.910266][T14437] 428740 pages reserved
[  863.914574][T14437] 0 pages cma reserved
[  864.454257][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88805a2b0400: rx timeout, send abort
[  864.462760][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805a2b0400: 0x0f001: (3) A timeout occurred and this is the connection abort to close the session.
[  864.511115][    C1] ==================================================================
[  864.519201][    C1] BUG: KASAN: slab-use-after-free in rose_t0timer_expiry+0x114/0x150
[  864.527266][    C1] Write of size 1 at addr ffff888057fe3c35 by task syz.2.2523/14463
[  864.535233][    C1] 
[  864.537549][    C1] CPU: 1 UID: 0 PID: 14463 Comm: syz.2.2523 Not tainted syzkaller #0 PREEMPT(full) 
[  864.537575][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  864.537586][    C1] Call Trace:
[  864.537594][    C1]  <IRQ>
[  864.537602][    C1]  dump_stack_lvl+0x116/0x1f0
[  864.537631][    C1]  print_report+0xcd/0x630
[  864.537644][    C1]  ? __virt_addr_valid+0x81/0x610
[  864.537658][    C1]  ? __phys_addr+0xe8/0x180
[  864.537672][    C1]  ? rose_t0timer_expiry+0x114/0x150
[  864.537684][    C1]  kasan_report+0xe0/0x110
[  864.537700][    C1]  ? rose_t0timer_expiry+0x114/0x150
[  864.537721][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  864.537739][    C1]  rose_t0timer_expiry+0x114/0x150
[  864.537757][    C1]  call_timer_fn+0x19a/0x620
[  864.537774][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  864.537786][    C1]  ? rcu_is_watching+0x12/0xc0
[  864.537800][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  864.537811][    C1]  __run_timers+0x6ef/0x960
[  864.537822][    C1]  ? __pfx___run_timers+0x10/0x10
[  864.537864][    C1]  run_timer_base+0x114/0x190
[  864.537880][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  864.537896][    C1]  ? rcu_is_watching+0x12/0xc0
[  864.537918][    C1]  run_timer_softirq+0x1a/0x40
[  864.537929][    C1]  handle_softirqs+0x219/0x8e0
[  864.537943][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  864.537956][    C1]  __irq_exit_rcu+0x109/0x170
[  864.537968][    C1]  irq_exit_rcu+0x9/0x30
[  864.537980][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  864.538006][    C1]  </IRQ>
[  864.538013][    C1]  <TASK>
[  864.538020][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  864.538039][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[  864.538063][    C1] Code: fb 09 00 00 44 8b 05 39 ed f7 0e 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 cf d3 3a 00 fb 65 48 8b 1d de 27 17 12 <48> 8d bb 58 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[  864.538075][    C1] RSP: 0018:ffffc90003b176d0 EFLAGS: 00000202
[  864.538085][    C1] RAX: 0000000000016345 RBX: ffff8880301a0000 RCX: ffffffff81c50aff
[  864.538093][    C1] RDX: 0000000000000000 RSI: ffffffff8da2a268 RDI: ffffffff8bf06cc0
[  864.538100][    C1] RBP: ffffc90003b17718 R08: 0000000000000001 R09: 0000000000000001
[  864.538107][    C1] R10: ffffffff9081f4d7 R11: 0000000000000001 R12: ffff8880b853a380
[  864.538113][    C1] R13: ffff88801d682480 R14: ffff8880b843a380 R15: ffff8880b853b1b0
[  864.538122][    C1]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  864.538146][    C1]  ? __switch_to+0x7af/0x11b0
[  864.538168][    C1]  __schedule+0x1198/0x5de0
[  864.538197][    C1]  ? __pfx___schedule+0x10/0x10
[  864.538218][    C1]  ? find_held_lock+0x2b/0x80
[  864.538231][    C1]  ? schedule+0x2d7/0x3a0
[  864.538245][    C1]  schedule+0xe7/0x3a0
[  864.538258][    C1]  schedule_timeout+0x257/0x290
[  864.538271][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  864.538301][    C1]  ? rcu_is_watching+0x12/0xc0
[  864.538322][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  864.538346][    C1]  __wait_for_common+0x2fc/0x4e0
[  864.538366][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  864.538379][    C1]  ? __pfx___wait_for_common+0x10/0x10
[  864.538397][    C1]  ? generic_exec_single+0xbb/0x390
[  864.538414][    C1]  rdmsr_safe_on_cpu+0x1dc/0x210
[  864.538429][    C1]  ? __pfx_rdmsr_safe_on_cpu+0x10/0x10
[  864.538446][    C1]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  864.538470][    C1]  ? _copy_to_user+0x48/0xd0
[  864.538492][    C1]  msr_read+0x19d/0x250
[  864.538510][    C1]  ? __pfx_msr_read+0x10/0x10
[  864.538522][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[  864.538533][    C1]  ? security_file_permission+0x71/0x210
[  864.538546][    C1]  ? rw_verify_area+0xcf/0x6c0
[  864.538560][    C1]  ? __pfx_msr_read+0x10/0x10
[  864.538578][    C1]  vfs_read+0x1e4/0xcf0
[  864.538597][    C1]  ? __pfx_vfs_read+0x10/0x10
[  864.538611][    C1]  ? find_held_lock+0x2b/0x80
[  864.538631][    C1]  ? __fget_files+0x204/0x3c0
[  864.538650][    C1]  ? __fget_files+0x20e/0x3c0
[  864.538662][    C1]  ksys_read+0x12a/0x250
[  864.538671][    C1]  ? __pfx_ksys_read+0x10/0x10
[  864.538682][    C1]  do_syscall_64+0xcd/0xfa0
[  864.538697][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  864.538707][    C1] RIP: 0033:0x7fadd618efc9
[  864.538721][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  864.538737][    C1] RSP: 002b:00007fadd43d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  864.538753][    C1] RAX: ffffffffffffffda RBX: 00007fadd63e6090 RCX: 00007fadd618efc9
[  864.538764][    C1] RDX: 0000000000018ff8 RSI: 000020000001b700 RDI: 0000000000000004
[  864.538775][    C1] RBP: 00007fadd6211f91 R08: 0000000000000000 R09: 0000000000000000
[  864.538786][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  864.538796][    C1] R13: 00007fadd63e6128 R14: 00007fadd63e6090 R15: 00007ffe8c1ea638
[  864.538806][    C1]  </TASK>
[  864.538810][    C1] 
[  865.008080][    C1] Allocated by task 12521:
[  865.012484][    C1]  kasan_save_stack+0x33/0x60
[  865.017152][    C1]  kasan_save_track+0x14/0x30
[  865.021814][    C1]  __kasan_kmalloc+0xaa/0xb0
[  865.026434][    C1]  rose_rt_ioctl+0x880/0x2580
[  865.031190][    C1]  rose_ioctl+0x64d/0x7c0
[  865.035518][    C1]  sock_do_ioctl+0x118/0x280
[  865.040107][    C1]  sock_ioctl+0x227/0x6b0
[  865.044449][    C1]  __x64_sys_ioctl+0x18e/0x210
[  865.049206][    C1]  do_syscall_64+0xcd/0xfa0
[  865.053713][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.059614][    C1] 
[  865.061924][    C1] Freed by task 0:
[  865.065631][    C1]  kasan_save_stack+0x33/0x60
[  865.070331][    C1]  kasan_save_track+0x14/0x30
[  865.075014][    C1]  __kasan_save_free_info+0x3b/0x60
[  865.080212][    C1]  __kasan_slab_free+0x5f/0x80
[  865.084957][    C1]  kfree+0x2b8/0x6d0
[  865.088836][    C1]  rose_timer_expiry+0x53f/0x630
[  865.093761][    C1]  call_timer_fn+0x19a/0x620
[  865.098330][    C1]  __run_timers+0x6ef/0x960
[  865.102813][    C1]  run_timer_base+0x114/0x190
[  865.107477][    C1]  run_timer_softirq+0x1a/0x40
[  865.112234][    C1]  handle_softirqs+0x219/0x8e0
[  865.116989][    C1]  __irq_exit_rcu+0x109/0x170
[  865.121643][    C1]  irq_exit_rcu+0x9/0x30
[  865.125865][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  865.131506][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  865.137473][    C1] 
[  865.139788][    C1] The buggy address belongs to the object at ffff888057fe3c00
[  865.139788][    C1]  which belongs to the cache kmalloc-512 of size 512
[  865.153936][    C1] The buggy address is located 53 bytes inside of
[  865.153936][    C1]  freed 512-byte region [ffff888057fe3c00, ffff888057fe3e00)
[  865.167653][    C1] 
[  865.169964][    C1] The buggy address belongs to the physical page:
[  865.176355][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57fe0
[  865.185095][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  865.193577][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  865.201113][    C1] page_type: f5(slab)
[  865.205105][    C1] raw: 00fff00000000040 ffff88813ffa6c80 dead000000000100 dead000000000122
[  865.213669][    C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  865.222226][    C1] head: 00fff00000000040 ffff88813ffa6c80 dead000000000100 dead000000000122
[  865.230895][    C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  865.239553][    C1] head: 00fff00000000002 ffffea00015ff801 00000000ffffffff 00000000ffffffff
[  865.248201][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  865.256853][    C1] page dumped because: kasan: bad access detected
[  865.263248][    C1] page_owner tracks the page as allocated
[  865.268948][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3580, tgid 3580 (kworker/u8:8), ts 62929132847, free_ts 14103490860
[  865.290315][    C1]  post_alloc_hook+0x1c0/0x230
[  865.295067][    C1]  get_page_from_freelist+0x10a3/0x3a30
[  865.300599][    C1]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  865.306495][    C1]  alloc_pages_mpol+0x1fb/0x550
[  865.311334][    C1]  new_slab+0x24a/0x360
[  865.315470][    C1]  ___slab_alloc+0xdc4/0x1ae0
[  865.320140][    C1]  __slab_alloc.constprop.0+0x63/0x110
[  865.325596][    C1]  __kmalloc_cache_noprof+0x477/0x780
[  865.330961][    C1]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  865.335879][    C1]  addrconf_dad_work+0x28c/0x14e0
[  865.340893][    C1]  process_one_work+0x9cf/0x1b70
[  865.345820][    C1]  worker_thread+0x6c8/0xf10
[  865.350396][    C1]  kthread+0x3c5/0x780
[  865.354439][    C1]  ret_from_fork+0x675/0x7d0
[  865.359008][    C1]  ret_from_fork_asm+0x1a/0x30
[  865.363786][    C1] page last free pid 1 tgid 1 stack trace:
[  865.369588][    C1]  __free_frozen_pages+0x7df/0x1160
[  865.374776][    C1]  free_contig_range+0x183/0x4b0
[  865.379711][    C1]  destroy_args+0xb69/0x12e0
[  865.384293][    C1]  debug_vm_pgtable+0x1a32/0x3640
[  865.389321][    C1]  do_one_initcall+0x123/0x6e0
[  865.394104][    C1]  kernel_init_freeable+0x5c8/0x920
[  865.399286][    C1]  kernel_init+0x1c/0x2b0
[  865.403596][    C1]  ret_from_fork+0x675/0x7d0
[  865.408186][    C1]  ret_from_fork_asm+0x1a/0x30
[  865.412961][    C1] 
[  865.415273][    C1] Memory state around the buggy address:
[  865.420883][    C1]  ffff888057fe3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  865.428924][    C1]  ffff888057fe3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  865.436984][    C1] >ffff888057fe3c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  865.445026][    C1]                                      ^
[  865.450646][    C1]  ffff888057fe3c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  865.458704][    C1]  ffff888057fe3d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  865.466768][    C1] ==================================================================
[  865.474896][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  865.482091][    C1] CPU: 1 UID: 0 PID: 14463 Comm: syz.2.2523 Not tainted syzkaller #0 PREEMPT(full) 
[  865.491467][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  865.501526][    C1] Call Trace:
[  865.504803][    C1]  <IRQ>
[  865.507648][    C1]  dump_stack_lvl+0x3d/0x1f0
[  865.512244][    C1]  vpanic+0x640/0x6f0
[  865.516232][    C1]  panic+0xca/0xd0
[  865.519957][    C1]  ? __pfx_panic+0x10/0x10
[  865.524381][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  865.529501][    C1]  check_panic_on_warn+0xab/0xb0
[  865.534446][    C1]  end_report+0x107/0x170
[  865.538787][    C1]  kasan_report+0xee/0x110
[  865.543223][    C1]  ? rose_t0timer_expiry+0x114/0x150
[  865.548520][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  865.554158][    C1]  rose_t0timer_expiry+0x114/0x150
[  865.559267][    C1]  call_timer_fn+0x19a/0x620
[  865.563852][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  865.568974][    C1]  ? rcu_is_watching+0x12/0xc0
[  865.573738][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  865.579372][    C1]  __run_timers+0x6ef/0x960
[  865.583880][    C1]  ? __pfx___run_timers+0x10/0x10
[  865.588903][    C1]  run_timer_base+0x114/0x190
[  865.593575][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  865.598763][    C1]  ? rcu_is_watching+0x12/0xc0
[  865.603528][    C1]  run_timer_softirq+0x1a/0x40
[  865.608286][    C1]  handle_softirqs+0x219/0x8e0
[  865.613050][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  865.618338][    C1]  __irq_exit_rcu+0x109/0x170
[  865.623013][    C1]  irq_exit_rcu+0x9/0x30
[  865.627257][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  865.632894][    C1]  </IRQ>
[  865.635819][    C1]  <TASK>
[  865.638743][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  865.644721][    C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10
[  865.651136][    C1] Code: fb 09 00 00 44 8b 05 39 ed f7 0e 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 cf d3 3a 00 fb 65 48 8b 1d de 27 17 12 <48> 8d bb 58 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[  865.671183][    C1] RSP: 0018:ffffc90003b176d0 EFLAGS: 00000202
[  865.677260][    C1] RAX: 0000000000016345 RBX: ffff8880301a0000 RCX: ffffffff81c50aff
[  865.685241][    C1] RDX: 0000000000000000 RSI: ffffffff8da2a268 RDI: ffffffff8bf06cc0
[  865.693214][    C1] RBP: ffffc90003b17718 R08: 0000000000000001 R09: 0000000000000001
[  865.701196][    C1] R10: ffffffff9081f4d7 R11: 0000000000000001 R12: ffff8880b853a380
[  865.709187][    C1] R13: ffff88801d682480 R14: ffff8880b843a380 R15: ffff8880b853b1b0
[  865.717171][    C1]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  865.723159][    C1]  ? __switch_to+0x7af/0x11b0
[  865.727822][    C1]  __schedule+0x1198/0x5de0
[  865.732319][    C1]  ? __pfx___schedule+0x10/0x10
[  865.737156][    C1]  ? find_held_lock+0x2b/0x80
[  865.741818][    C1]  ? schedule+0x2d7/0x3a0
[  865.746135][    C1]  schedule+0xe7/0x3a0
[  865.750194][    C1]  schedule_timeout+0x257/0x290
[  865.755040][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  865.760403][    C1]  ? rcu_is_watching+0x12/0xc0
[  865.765152][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  865.770336][    C1]  __wait_for_common+0x2fc/0x4e0
[  865.775260][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  865.780618][    C1]  ? __pfx___wait_for_common+0x10/0x10
[  865.786068][    C1]  ? generic_exec_single+0xbb/0x390
[  865.791255][    C1]  rdmsr_safe_on_cpu+0x1dc/0x210
[  865.796173][    C1]  ? __pfx_rdmsr_safe_on_cpu+0x10/0x10
[  865.801612][    C1]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  865.807225][    C1]  ? _copy_to_user+0x48/0xd0
[  865.811804][    C1]  msr_read+0x19d/0x250
[  865.815948][    C1]  ? __pfx_msr_read+0x10/0x10
[  865.820626][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[  865.825982][    C1]  ? security_file_permission+0x71/0x210
[  865.831599][    C1]  ? rw_verify_area+0xcf/0x6c0
[  865.836355][    C1]  ? __pfx_msr_read+0x10/0x10
[  865.841019][    C1]  vfs_read+0x1e4/0xcf0
[  865.845160][    C1]  ? __pfx_vfs_read+0x10/0x10
[  865.849823][    C1]  ? find_held_lock+0x2b/0x80
[  865.854489][    C1]  ? __fget_files+0x204/0x3c0
[  865.859148][    C1]  ? __fget_files+0x20e/0x3c0
[  865.863808][    C1]  ksys_read+0x12a/0x250
[  865.868032][    C1]  ? __pfx_ksys_read+0x10/0x10
[  865.872777][    C1]  do_syscall_64+0xcd/0xfa0
[  865.877268][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.883145][    C1] RIP: 0033:0x7fadd618efc9
[  865.887551][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.907150][    C1] RSP: 002b:00007fadd43d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  865.915545][    C1] RAX: ffffffffffffffda RBX: 00007fadd63e6090 RCX: 00007fadd618efc9
[  865.923498][    C1] RDX: 0000000000018ff8 RSI: 000020000001b700 RDI: 0000000000000004
[  865.931447][    C1] RBP: 00007fadd6211f91 R08: 0000000000000000 R09: 0000000000000000
[  865.939397][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  865.947347][    C1] R13: 00007fadd63e6128 R14: 00007fadd63e6090 R15: 00007ffe8c1ea638
[  865.955308][    C1]  </TASK>
[  865.958520][    C1] Kernel Offset: disabled
[  865.962823][    C1] Rebooting in 86400 seconds..