last executing test programs:

7.369838209s ago: executing program 3 (id=2587):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
r1 = socket$kcm(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000002c0)=""/34, 0x56}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r3, &(0x7f0000000440)}, 0x20)

6.062311846s ago: executing program 3 (id=2596):
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d0000008500000023"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

5.849380811s ago: executing program 1 (id=2597):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ffffffff00000000010000000800010003000000340004800500030001000000050003000000000005000300000000000500030080000000050003000000040000000000000000210800020002"], 0x58}}, 0x0)

5.633766098s ago: executing program 1 (id=2600):
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x3cd})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000100b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b6080000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.509771113s ago: executing program 1 (id=2602):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000043c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
readv(r1, &(0x7f0000000140)=[{&(0x7f0000000080)=""/177, 0xb1}], 0x1)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000000514abbf3b287000fedbdf25080001"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000040)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d7", 0x20}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000300), &(0x7f0000000340)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x17, &(0x7f0000000000)=0xffffffff, 0x4)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x418, 0x0, 0x40000, 0x198, 0x0, 0x198, 0x380, 0x358, 0x358, 0x380, 0x358, 0x3, 0x0, {[{{@ip={@multicast2, @broadcast, 0x0, 0x0, 'vcan0\x00', 'wg1\x00'}, 0x0, 0x158, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "0d0002191400000000000404fff0cf81dfd28c89544e14cd3e01dd24289831866346c88621039b284c3ff45c42995560a99952bed40cf5a8b9fb6133db7e2378d5afd35f4c16827f55b3af494e39e8fb330200000000000032b6a99a8d87298e88a94cb519f5c17631af916a7dbaae5592e8b15900000100", 0x8}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00'}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'team_slave_1\x00', 'netdevsim0\x00'}, 0x0, 0x98, 0x1c0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:system_cron_spool_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x478)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2001, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x1001, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r5, 0x80045104, &(0x7f0000000080))
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000680)=""/217, &(0x7f0000000480)=0xd9)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xe, 0x0, &(0x7f0000000040)="25a688a800a34400000000000000", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$FIBMAP(r5, 0x1, &(0x7f0000000240)=0x6)

5.117716346s ago: executing program 4 (id=2604):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="f3440fc7b729000000f20f5f0d00000080460f5ba4b07a000000470f38c9403736460fc7b10f240000660f3881078fa9189021da820001c0fef3440f0966b881000f00d8", 0x44}], 0xaaaabbc, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))

4.63294861s ago: executing program 0 (id=2606):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
r1 = socket$kcm(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000002c0)=""/34, 0x56}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r3, &(0x7f0000000440)}, 0x20)

4.551978454s ago: executing program 4 (id=2607):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000000c0), 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, <r6=>0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000e00)={0x1, r6, r5})
recvmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/227, 0x130}, {&(0x7f0000000380)=""/127, 0x7f}, {&(0x7f0000000600)=""/117, 0x75}, {&(0x7f00000001c0)=""/55, 0x37}, {&(0x7f00000004c0)=""/15, 0xf}], 0x5}}], 0x1, 0x10, 0x0)

4.528072264s ago: executing program 1 (id=2609):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x8031, 0xffffffffffffffff, 0x2a404000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0) (async)
io_uring_enter(r4, 0x100847c0, 0xfffffffc, 0x1, 0x0, 0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xbc}}, 0x0) (async)
truncate(0x0, 0x20000008)

3.238078219s ago: executing program 0 (id=2611):
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000003c0)=<r0=>0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x6, 0x4, @tid=r0}, &(0x7f0000bbdffc))
socket$inet6(0xa, 0x5, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x350, 0x0, 0x98, 0xfeffffff, 0x98, 0x98, 0x3b0, 0x3b0, 0xffffffff, 0x3b0, 0x3b0, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x1f}, 0x0, 0x0, 'veth0_to_bond\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'vlan0\x00', {}, {}, 0x0, 0x0, 0x46}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @empty, 0x1, 0x7, [0xe, 0x5, 0x1a, 0x26, 0xb, 0xb, 0x9, 0x3c, 0x1c, 0x12, 0x1d, 0x1, 0x32, 0x3c, 0x1b, 0x6], 0x2, 0x0, 0x10}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000300)={0x5})
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r5, 0x84, 0x21, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000180), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x1}]}, 0x1c}}, 0x20000000)

3.048552076s ago: executing program 4 (id=2612):
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x3cd})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000200b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b6080000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.917727148s ago: executing program 2 (id=2613):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000040000000000000000030000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700001008000a40000000000900020073797a31000000000900010073797a300000000008000540000000258c0000000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010200001800a00010071756f7461000000100002800c0001400000000000000007280800000c0a01080000000000000000010000090900020073797a31000000000900010073797a31000000000900010073797a31000000000900020073797a3000000000d007038068000080240007800a0001006d61746368000000140002800800024000000002080001006d61630040000780070001007274000034000280080001400000000b0800014000000010080002400000000408000140000000160800014000000009080002400000000044050080440001803400028008000180fffffffe0900020073797a320000000008000180fffffffd08000180fffffffb0900020073797a31000000000c0002800800034000000001ec000280e70001005f416f93cb5496801d982a37a4193889b142a17cdbbb153390a5e0f6b86b73f863202c2d6a01cb838b0bc52f7f9f4649605d37efceac30327942afe6a1af6cbb47de4be0facf9eddb5cca9d843bacc64135564554f18ab0fa1d5c22746ae829b5c3b0bb978954b1909b4b81eb88eff13e7c4c1d06fccff28dd8a796f9677e898271a253eaebc1fa89dc5363367fe6633b67e6ef624ef3d77e566604e3395c813cd312b11dba0b1ee664672b94d09cc41cf1b44fcd28e33727177d9c57fff0ca22b39545f83e5788e54b10798a4e850d22b8a0511d0782231610f28daccb2ae7d69fbdd00740102809300010083a757513f896ad7b3524fdba5238353ff048638d8e31d016b39df08b328ea5173934956fee411200ac19522f90016a807a0b8537fca1a477594f8622091fa3e75afe99ce8384aeb751a45e69dc51a73d801f97d00f6649010514d3b8b608cff2b7ca62bf8197a9b83109949fada7ce822f0ccdf526904797377e8958c87343f8dc7382d314229f993902bde6824ba002e0001006fdb6e925c72e454cd2390488545a3f6b40becb93335340db8114189673ece69933f09020b6418e6d95900006800028008000180fffffffc0900020073797a320000000008000340000000040900020173797a30000000000900020073797a320000000008000340000000040900020073797a310000000008000180fffffffe08000180fffffffb0900020073797a31000000001a000100db71a8928ef7df34bfc7b9ba64a50113a8363af3d0c40000250001002a7300dc7fdb8f4fc854963bf23f8cbc101c073871b23fc220e2d3ac19b24c5be500000098000b80280001800e000100627974656f72646572000000140002800800014000000012080004400000009e1c0001800b000100736f636b657400000c000280080002400000000b100001800c000100636f756e746572002c0001800b00010072656a65637400001c000280080001400000000005000200040000000500020003000000140001800e000100627974656f726465720000000800034000000002fc010a804300010088be1d5fd57ed1a426973499bde23c5c38325c5b4c44057e792afe31207a1378a0a78cc7b9ffd0712f502e723a02d85c95738429a90e5f4827e2643cb16b5d004c000280080003400000000108000180fffffffc080003400000000108000180000000070900020073797a300000000008000180fffffffc08000340000000020900020073797a30000000004400010051aa6404299b9633fed2fe2ce1bbfad1e577d2b1c3a2c49748fa562927b337767599aea5663e5986826857218dd09da487b910c1043ab6295b9d02e947e719ca0c0002800800034000000002bd0001008a3995ce727c0f0c28332062013a6dad746d15a39026afd16978fc81b71ef1e3d7063f07bc1a50070f07503faf418cff7fec95c94a2170df091ddaae48adae5f9d0942660f4099e46e7b3d0e3d747c4cdde54551e3ce2db608aee73f644625051a9862d42d0eb7dd727405c1601e0468dc50fc6cba94f2f2aebf85a86586194c536c160291e3b4e025fa43e87f8a44c9dc294aac6d2d0e2d62a71d8d777a48a2b9845a61b52c15c8598c0f4c96981039ae313fff343050e1ca0000002400028008000180fffffffe0800034000000004080003400000000308000340000000043400028008000180fffffffc080003400000000108000180fffffffe0900020073797a30000000000900020073797a3100000000100000800c000540000000000000007f1002008000010b80100001800a0001007265646972000000100001800b00010064796e73657400000c0001800800010066776400380001800b0001006c6f6f6b75700000280002800800054000000001080004400000000108000340000000000900010073797a300000000024000180090001007866726d0000000014000280080004400000000205000300010000000c0001800800010066696200390001800b000100736f636b657400003c00028008000300000000310800014000000002080003000000009a08000140000000010800014000000000080001400000f6ff0700"], 0xa9c}}, 0x0)

2.33591128s ago: executing program 4 (id=2614):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
ioctl$COMEDI_CANCEL(r0, 0x6407)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x1, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x80, 0x0, 0x2, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0xf292, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x78, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x31, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfdfffffd, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0xb, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x5, 0xb, 0x3, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1002, 0xa2, 0x7, 0x953a, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x149, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x6, 0x226, 0x5, 0x5, 0x28, 0x30b1d693, 0xa1f, 0xf43, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@map=0x1, 0xc, 0x0, 0xf, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0]}, 0x40)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000040)={0x6, 0x5b, 0x7, 0x7, 0x8, 0xd, 0x2}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x4d}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10)
syslog(0x2, 0xfffffffffffffffc, 0x0)
r3 = io_uring_setup(0x20, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x80000000, 0xfefffffd})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r3, 0x21, &(0x7f0000000340)={0x0, 0xebb9, 0x4000, 0x3, 0xd5}, 0x1)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcmda12\x00', [0xdd5, 0xe, 0x8, 0x8, 0x1000, 0x101, 0x6623, 0x6, 0xb, 0x0, 0xfffffffa, 0x2, 0x1, 0x8, 0xa, 0xb, 0x1, 0x10, 0x4, 0x5, 0x8, 0x5, 0x9, 0x9, 0x5, 0x4, 0xffffffff, 0xc005, 0x59, 0x7, 0x4]})

2.264107151s ago: executing program 2 (id=2615):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', <r2=>0x0})
r3 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
r4 = socket(0x2, 0x2, 0x0)
ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0xffff)
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
ioctl$NBD_SET_SIZE_BLOCKS(r3, 0xab07, 0x6)
ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x300, 0x0, 0x30141}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0xba01}, 0x810)

2.137823302s ago: executing program 0 (id=2616):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100001f0001000000000000000000ee40008014000300fc01000000000000000000000000000014000100fe80000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49ca1ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a6"], 0x114}], 0x1}, 0x0)
r2 = socket(0x15, 0x5, 0x0)
connect$inet6(r2, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)

2.13591328s ago: executing program 4 (id=2617):
socket$packet(0x11, 0x3, 0x300)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400"], 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x2000, 0x4, 0xefffffff, 0x0, [{0x2, 0x8, 0xfc, '\x00', 0x3}, {0x4, 0x9, 0xfc, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0x1}, {0x11, 0xb, 0x0, '\x00', 0xea}, {}, {0xfe, 0x0, 0x1, '\x00', 0x2}, {0x1f, 0x1, 0x2}, {0xfd, 0x0, 0x7, '\x00', 0x2}, {0x0, 0xf, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x11}, {0xb}, {0x9, 0x9, 0x42, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x1}, {0x2, 0x0, 0x6}, {0xff, 0x9, 0x0, '\x00', 0x49}, {0x1, 0x1, 0x80}, {0x3, 0x0, 0x0, '\x00', 0x84}, {0x2, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x4, 0xd, '\x00', 0xfd}, {0x8, 0xc0, 0x3}, {0x4, 0x12, 0x3, '\x00', 0x25}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x2, 0x2, 0x9}, {0x9, 0xff, 0x3, '\x00', 0x7}]}})

1.962401109s ago: executing program 3 (id=2618):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d0000000000000000030000000000000000000001ff000000400000000000000000000003000000000200000002"], 0x0, 0x56}, 0x20)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004003d13da4900000800000008000000", @ANYRES8=r0, @ANYBLOB='\x00'/20, @ANYRES32=r0, @ANYRES32, @ANYRES64], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000001200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x13, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611299000000000061134c0000000000bf2000000000000015000f00511b48013d030100000000001c00000000000000bc26000000000000bf67000000000000070300000fff07006702000020000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586162c17600674290ca9d8d6413b8199e34f67ceaaa78710f9f8aba4765c91382f497585ca39c595b21afa6bce62b5ab0d44e9c32ad6f0349d92962a58d39494a19a9183362382792ac85578d3de07b7e155cf4ee5e3dd51212d2831bd8e2655b2fbd88791e4c66c832a774919b28b8a62711f0f156e636804e1d3f44a5ff3d63a3a51f0c7ec0c8c25e072194ddd83aa155a537e15c0d91f502deef03f83e826718705c9aef9613ac4a325a428d147c1749196e94226671fd9573ab0d079d44b13b56f793e98ab571c58e98e022f18a3be3f318e0690fff93f44f22473dc8004fc758218349bd3f0516a72a7ea913bfa7603063ed3118b2d680cbc"], &(0x7f0000000100)='GPL\x00', 0x800}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x3d0020, &(0x7f0000001600)=ANY=[@ANYRES32=r2, @ANYRES16=0x0, @ANYRES32])
ptrace(0x10, r1)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000004c0)={0x3, 0x0, [{0xdddd1000, 0x9c, &(0x7f0000000180)=""/156}, {0x2, 0xf5, &(0x7f0000000300)=""/245}, {0x1000, 0xc0, &(0x7f0000000800)=""/192}]})
sched_setscheduler(0x0, 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r7, 0x107, 0x5, &(0x7f0000000180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7fe, 0xf83, 0x8}, 0x1c)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7f8fbc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c0301000000010000003d5d58c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6e70af07da5ceb01b7551ef3bb6220030100dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cde7a6b73340cc2160a1fe3c184b751c51160fbce841dfebd31a08b32808b80200000000009dd27080e71113610e10d8fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000066d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c9727ec84222fff0d7216fdb0d3a0ec4bfae563858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f0dafc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5cc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa1c22015e53fd8a46be933ab460d8629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8f12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5b6154eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7ade8a5b859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ffea0000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd80701018e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f0000000011d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589c95d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d4442d13d5a29179a00837918dd7854aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5ff070000000000000ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5f45c879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2ea86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c58684a1d2f624c3eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366aa660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef3103ce10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d61800aaf7e038879c5d177b3876fda4121e00000100000000003edd3d43cc64e0d26b46907b42e08d000000000000903350932d3eef7fdada20c19807066e3c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a74748b8cd994ed368695aa2c59869c9200a1306ffa5a71ca69e89a69fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeaded2930376eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041894f60fbbcafa487ee96b368e8769da90b44190e569fe8b923c32c288baaca5c5558b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff35a9eec46dfc8a52433f605ebf151c837b4966b5f3628a406175a87e32c5e4268d3000933b580415b162e2946446b8f02554c8a1225217d69d049685dd06aa8528673a9673a723ac414af77f523ad730d00e8700c213f95c87a94f39f506b9e000000000000000000000000000000000000000000000000000090668ac41a1c2a4f7831e6c6a3e9c68ca2c449482bb70a994e71a7f24873848fbb128c820c1de19cc003dfa65a2b296caeb1253802080e08eeb724c4c7b7e052afa19b0f2cd7a13bda4b5a8f3b8fa3ca70bb756a3d529718d5c79d9bdb89e5d33793533211d76d00a45079eff797476106bf76f1fed952a7c9162b88911b5b00c3d26fd2fb4d7b29d1ce025e102d458efd5cca3f3835ce760359eaa01cb13cb28d60e8942fdc02b6824c00dac62f8a2d4c680ae284a82f09d6641921536814b444e4188d9b2e97eb3b108e7876f0f3f3863147ab694218c7cecc075d52d590dddbb57fc6fedf5ec69d7894a7b5c8109f303dab998815c80534b0bd34c49eea63997e56728a8185a8bb6988a7197b87f5548f5edfdfb3efc907fe561b33a6f7c707f7828c6adaf3b2a39929b4b65253e787d65c08aff5e4a9b2267bd8f803ea38f10a6e9c4a49bf23525e08c12d229211fe4d88cf1440f29accfa50f327ac1fb20d7f164100111bd21fca713b2475f1c997f3000000000080c426bcec79c6bc83ce4e6cbb17c01be69db342192d0a716cc24710d23321441f475ec485d642b61c6bd907071dbbe37c0b78f60fd2ad0d13ca62d9d9aafb01c3920b64cb5e023810e2de4327f90c389ce36d90ff9f3cb9d8cd2260d05a8126943a3df17157470595c68ac8df7fea6d42ecb2cdb65b4f2aef0dc4b2de949a6d4ec37f2fd693ae44944041a64fe6336aba1c66b1b95d2edbc40364a049616ae962d75eae619548aa86bd5f0bad56e7ad7de2ee5e6f3b42e3a27094b6b5face99456d9af1926b21d37faf7612d9752cf58e6424decd530b5419e117ec086174439af6ee6c7fdb2d19c9280fa9a02e8fa6a38acfff09050d912635fed175fd06f577d40000000000000000000000000000754bffd73c0888ba8834f20b3acea57b7817663e12c1a5503bc4c13af59bda21688d68698c53ce3aa767657774db09ece7ec888d3af290207d36fa433b35e17dc0f3dc728ea1c633a4ef9e7d9bf81b57492e0544800921d1b751c5fbc163"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x55, 0x0, 0xffffffffffffffff, 0x3}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r8, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a820ff43052f002000636777fbac141443e000000d62079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x400000fe, 0x60000000, 0x9, 0x0, &(0x7f0000001280)="eb8c9171dbf247b56b"}, 0x50)
syz_open_procfs$userns(0x0, 0x0)
r9 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$FOU_CMD_GET(r9, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000011c0)=ANY=[@ANYBLOB="060030b2fabf20a366b85709ab5a35e142838f99552275c926d6da80f34cf52eeec2681bdedf41e01775d43e1ad0bcb1b65341766c9fd57a278b673b", @ANYRES16=0x0, @ANYBLOB='\x00'], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x448d0)

1.917450918s ago: executing program 0 (id=2619):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
mmap(&(0x7f0000215000/0x3000)=nil, 0x3000, 0x8, 0x6011, r0, 0xffffffffffffc000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x25}}}]}, 0x38}}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000060c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x0, 0xfff3}, {}, {0x7, 0x2}}, [@TCA_CHAIN={0x8, 0xb, 0x444}, @filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000006080)=@delchain={0x24, 0x65, 0x1, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff3}, {}, {0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, &(0x7f0000002500)=""/4093, 0x4}, 0x20)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0xb6, &(0x7f000000cf3d)=""/182, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x6}, 0x94)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r10, 0x34}, 0x10)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
preadv(r11, &(0x7f0000001480)=[{&(0x7f00000001c0)=""/102, 0xffac}], 0x1, 0x0, 0x0)
writev(r11, &(0x7f00000003c0)=[{&(0x7f0000000080)='8', 0x20000081}], 0x300)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r12, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x800, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50)

1.812586378s ago: executing program 2 (id=2620):
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181e00)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000000)="c04571752e49fb1f75954603e88d565ffb1a051574113daca8796d6ba7c5868c298caf", 0x23)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0xffc9, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x3]}})

1.692903108s ago: executing program 3 (id=2621):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
r1 = socket$kcm(0x2, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000002c0)=""/34, 0x56}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r3, &(0x7f0000000440)}, 0x20)

1.49753377s ago: executing program 0 (id=2622):
socket$alg(0x26, 0x5, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x3, 0x145802)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket$kcm(0x10, 0x2, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='illinois\x00', 0x9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xf1b6ed785d16c76e, 0x5, &(0x7f0000000580)=ANY=[@ANYRESOCT=r2, @ANYRES32=r1, @ANYBLOB="edd1521f28e42ff5a966ff047c9f9373c0fc00a28271c6eca3c21f7a735b02a31af87732df42e4c24c4ccacd52ba520247809013e0d1e4020ec66f10169bbe9b8970f180150cde7ff1c148d026f1262637af07d825a9d429fd4002074e6c24a4a205b8790433a42c00200a2bf21afbb72cf864636870607491fb7b027195c6e0c2ff759a657a8c294831d245fe3e9aac66b512c48adc7748024ec965296f7411e8110d96b81edbe0faf4fa7f17b151b665513bf06131f3cf9236a02d68a4838add3e44bc7d64df84c4e55354663b02e41a53e4fccf46507270bbe5d9d3a9dc9c81c5c1adfefe60d9746c973eec5bb71a8a09eefa1cc8de95aa83c0fbeece53", @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000}, 0x94)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$inet(r4, 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, 0x2, r5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

1.438953976s ago: executing program 2 (id=2623):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}}, 0x14}}, 0x80) (async, rerun: 64)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff}, './file0\x00'}) (rerun: 64)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=@gettaction={0x2c, 0x32, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@action_gd=@TCA_ACT_TAB={0x0, 0x1, [{0x0, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x0, 0x3, 0x9}}, {0x0, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x0, 0x3, 0x1}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xfffffffffffffcd6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8800}, 0x84)

1.347151841s ago: executing program 2 (id=2624):
capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x2000, 0x0, 0x0, 0x0, 0x3cd})
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000700b702000014000000b70300001b0000008500000083000000bf0900000000000055090100000000009500000000000000b7080000000000007b9af8ff00000000b5090500000000007baaf0ff00000000bda804000000000007080000f8ffffffbfa000000000000007000000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000006200000076000000bf91000000000000b6080000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.22673369s ago: executing program 2 (id=2625):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0), 0x18)
openat$userio(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x100)
r1 = timerfd_create(0x0, 0x800)
r2 = syz_io_uring_setup(0xd3, &(0x7f0000000480)={0x0, 0x6776, 0x8, 0x22, 0x335}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
timerfd_settime(r1, 0x3, 0x0, 0x0)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$alg(0xffffffffffffffff, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(des)\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r7 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, &(0x7f0000000040)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0x4008af12, &(0x7f00000001c0)={0x2, 0x2})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12})
io_uring_enter(r7, 0x847ba, 0x0, 0x28, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffff"], 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)

1.093641108s ago: executing program 1 (id=2626):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073100030000000000800410073697700140033006c6f0000000000000000120000000000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739}, 0x94)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004)

643.474237ms ago: executing program 3 (id=2627):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000040000000000000000840000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700001008000a40000000000900020073797a31000000000900010073797a300000000008000540000000258c0000000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010200001800a00010071756f7461000000100002800c0001400000000000000007280800000c0a01080000000000000000010000090900020073797a31000000000900010073797a31000000000900010073797a31000000000900020073797a3000000000d007038068000080240007800a0001006d61746368000000140002800800024000000002080001006d61630040000780070001007274000034000280080001400000000b0800014000000010080002400000000408000140000000160800014000000009080002400000000044050080440001803400028008000180fffffffe0900020073797a320000000008000180fffffffd08000180fffffffb0900020073797a31000000000c0002800800034000000001ec000280e70001005f416f93cb5496801d982a37a4193889b142a17cdbbb153390a5e0f6b86b73f863202c2d6a01cb838b0bc52f7f9f4649605d37efceac30327942afe6a1af6cbb47de4be0facf9eddb5cca9d843bacc64135564554f18ab0fa1d5c22746ae829b5c3b0bb978954b1909b4b81eb88eff13e7c4c1d06fccff28dd8a796f9677e898271a253eaebc1fa89dc5363367fe6633b67e6ef624ef3d77e566604e3395c813cd312b11dba0b1ee664672b94d09cc41cf1b44fcd28e33727177d9c57fff0ca22b39545f83e5788e54b10798a4e850d22b8a0511d0782231610f28daccb2ae7d69fbdd00740102809300010083a757513f896ad7b3524fdba5238353ff048638d8e31d016b39df08b328ea5173934956fee411200ac19522f90016a807a0b8537fca1a477594f8622091fa3e75afe99ce8384aeb751a45e69dc51a73d801f97d00f6649010514d3b8b608cff2b7ca62bf8197a9b83109949fada7ce822f0ccdf526904797377e8958c87343f8dc7382d314229f993902bde6824ba002e0001006fdb6e925c72e454cd2390488545a3f6b40becb93335340db8114189673ece69933f09020b6418e6d95900006800028008000180fffffffc0900020073797a320000000008000340000000040900020173797a30000000000900020073797a320000000008000340000000040900020073797a310000000008000180fffffffe08000180fffffffb0900020073797a31000000001a000100db71a8928ef7df34bfc7b9ba64a50113a8363af3d0c40000250001002a7300dc7fdb8f4fc854963bf23f8cbc101c073871b23fc220e2d3ac19b24c5be500000098000b80280001800e000100627974656f72646572000000140002800800014000000012080004400000009e1c0001800b000100736f636b657400000c000280080002400000000b100001800c000100636f756e746572002c0001800b00010072656a65637400001c000280080001400000000005000200040000000500020003000000140001800e000100627974656f726465720000000800034000000002fc010a804300010088be1d5fd57ed1a426973499bde23c5c38325c5b4c44057e792afe31207a1378a0a78cc7b9ffd0712f502e723a02d85c95738429a90e5f4827e2643cb16b5d004c000280080003400000000108000180fffffffc080003400000000108000180000000070900020073797a300000000008000180fffffffc08000340000000020900020073797a30000000004400010051aa6404299b9633fed2fe2ce1bbfad1e577d2b1c3a2c49748fa562927b337767599aea5663e5986826857218dd09da487b910c1043ab6295b9d02e947e719ca0c0002800800034000000002bd0001008a3995ce727c0f0c28332062013a6dad746d15a39026afd16978fc81b71ef1e3d7063f07bc1a50070f07503faf418cff7fec95c94a2170df091ddaae48adae5f9d0942660f4099e46e7b3d0e3d747c4cdde54551e3ce2db608aee73f644625051a9862d42d0eb7dd727405c1601e0468dc50fc6cba94f2f2aebf85a86586194c536c160291e3b4e025fa43e87f8a44c9dc294aac6d2d0e2d62a71d8d777a48a2b9845a61b52c15c8598c0f4c96981039ae313fff343050e1ca0000002400028008000180fffffffe0800034000000004080003400000000308000340000000043400028008000180fffffffc080003400000000108000180fffffffe0900020073797a30000000000900020073797a3100000000100000800c000540000000000000007f1002008000010b80100001800a0001007265646972000000100001800b00010064796e73657400000c0001800800010066776400380001800b0001006c6f6f6b75700000280002800800054000000001080004400000000108000340000000000900010073797a300000000024000180090001007866726d0000000014000280080004400000000205000300010000000c0001800800010066696200390001800b000100736f636b657400003c00028008000300000000310800014000000002080003000000009a08000140000000010800014000000000080001400000f6ff0700"], 0xa9c}}, 0x0)

598.605203ms ago: executing program 0 (id=2628):
recvfrom(0xffffffffffffffff, &(0x7f0000000580)=""/174, 0xae, 0x102, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xd, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="10000000000000000000000000000000000000000004000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00', 0x200})
r6 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r6, 0x41, 0x1ff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r9 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r9, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r9, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="79e100004000000000007e0000c1f7076100", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)

120.899204ms ago: executing program 4 (id=2629):
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x4, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000004c0)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30c6d1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f40e2ab1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c81106db988096bba7772e6acc5956344eaa64fea7c6319a37312ad57490dd2ebcb9bdf2815aae851bbd55317b4fcdaa8b06d30ed3db8a117424fed41f68979ac996e7fcd4549daf29bff6a2643e184580eb0b0bf81046975ea8d5e06e7124790dfca059217a34f4120feb2bb", 0x142}, {&(0x7f0000000280)="5b4ea80f20d7212327afde5e7a457cde2dff9073f71979", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0x1e0}, {&(0x7f0000001440)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c498a3168639bb2451e0f65e93755fc9cbf3b996ed0873a8256a579372146c3a1e749a9a640f8e9c01af2d0fdd34f2b5fcf4e0bac0b7becd41851359f89dc17156b6ddbd6377c05a059cde362397f28ae2cbbdac107142b40913aaf059d897039ce3fda8c29ae93210676e44f131f78e78d68d858bb7fde230a2f0fd542c5e8374fdc11a488da9de28bc3992a8d74089de36a732110c841bbdc5f24f71663d9a5f5209791fb7027749be23cdb3380f581151563d3707290cd31b28c13139b8e041cd72af3ad9b0fd0b3f131608a8ec5d80c4e7cd458abebae0244c921ef69a4ea0e9a2c2073bd13b49f574a7e278c7ba08c22d89b678a3cd814e8d0dea0101d95f789ada5178f46a4c6beb8dd12352cec179c886ae98ac2bc4382acb565df99eaff3f6824536ef7de884176ea3ca14a9f225f8ada2aac871e7c35df92943600cf7961b8eefdeb70d985fbc93252c978c5c773b4f2ab4b7683e2563d36ebfa4355969f6201e4bcac04ede3c6c9a18ed23f23ec331cbe2d645fa4ffcb2c742ba4905788c27a9bc97536dcbc08d3cbdd2f7195acc0f0eb3cf52aad9a1d23a1dd3633a49a482a1c1eb8761dcc7474f0fd4596a661b7668ab22ebecbfe33886b9b4a0c250380a9a34fefd9724ff89b32e5622258287b3281bcccd0bade4e260b6fefe73219c41f2de521587404ac1d2de4e2999202b3870099718115552aac2d446e649", 0x1000}, {0x0}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x1, 0x81)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x15, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0)

120.03873ms ago: executing program 1 (id=2630):
r0 = memfd_secret(0x0)
r1 = fcntl$getown(r0, 0x9)
timer_create(0x7, &(0x7f0000000000)={0x0, 0xc, 0x1, @tid=r1}, &(0x7f0000000040))
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sched_setaffinity(r1, 0x8, &(0x7f0000000080)=0x6)
readv(r2, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/224, 0xe0}, {&(0x7f00000001c0)=""/15, 0xf}], 0x2)
ptrace$ARCH_GET_FS(0x1e, r1, &(0x7f0000000240), 0x1003)
recvmmsg(r2, &(0x7f0000004e80)=[{{&(0x7f0000000280)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f00000013c0)=[{&(0x7f0000000300)=""/61, 0x3d}, {&(0x7f0000000340)=""/6, 0x6}, {&(0x7f0000000380)=""/63, 0x3f}, {&(0x7f00000003c0)=""/4096, 0x1000}], 0x4, &(0x7f0000001400)=""/144, 0x90}, 0x7}, {{&(0x7f00000014c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @private0}}, 0x80, &(0x7f00000028c0)=[{&(0x7f0000001540)=""/81, 0x51}, {&(0x7f00000015c0)=""/124, 0x7c}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000002640)=""/222, 0xde}, {&(0x7f0000002740)=""/192, 0xc0}, {&(0x7f0000002800)=""/166, 0xa6}], 0x6, &(0x7f0000002940)=""/94, 0x5e}, 0x6}, {{&(0x7f00000029c0)=@ax25={{0x3, @null}, [@remote, @remote, @default, @netrom, @bcast, @null, @remote, @bcast]}, 0x80, &(0x7f0000003e00)=[{&(0x7f0000002a40)=""/4096, 0x1000}, {&(0x7f0000003a40)=""/245, 0xf5}, {&(0x7f0000003b40)=""/108, 0x6c}, {&(0x7f0000003bc0)=""/117, 0x75}, {&(0x7f0000003c40)=""/69, 0x45}, {&(0x7f0000003cc0)=""/56, 0x38}, {&(0x7f0000003d00)=""/216, 0xd8}], 0x7, &(0x7f0000003e80)=""/4096, 0x1000}, 0x11a}], 0x3, 0x2, &(0x7f0000004f40))
bind$bt_l2cap(r0, &(0x7f0000004f80)={0x1f, 0x64, @none, 0x5cb6, 0x1}, 0xe)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000004fc0), 0x1, 0x0)
write$tcp_congestion(r4, &(0x7f0000005000)='cdg\x00', 0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000005040)=0x13, 0x4)
r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000000, 0x10010, r3, 0x0)
r6 = syz_io_uring_setup(0x7dd1, &(0x7f0000005080)={0x0, 0xfe95, 0x2, 0x2, 0x39}, &(0x7f0000005100), &(0x7f0000005140)=<r7=>0x0)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r7, &(0x7f0000005180)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x1, {0x0, r8}})
fcntl$getownex(r6, 0x10, &(0x7f00000051c0)={0x0, <r9=>0x0})
getpeername$packet(r0, &(0x7f00000053c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000005400)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000005540)={0x11, 0x1a, &(0x7f0000005200)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4ba}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x6}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x80}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7fffffff}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0xe}, @initr0={0x18, 0x0, 0x0, 0x0, 0x938, 0x0, 0x0, 0x0, 0xa5}], &(0x7f0000005300)='syzkaller\x00', 0x0, 0x6f, &(0x7f0000005340)=""/111, 0x41100, 0x21, '\x00', r10, 0x0, r0, 0x8, &(0x7f0000005440)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000005480)={0x3, 0x2, 0xfffffffc, 0x3}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000054c0)=[r0, r0, r0], &(0x7f0000005500)=[{0x5, 0x4, 0x0, 0xb}], 0x10, 0x7}, 0x94)
timer_create(0x7, &(0x7f0000005600)={0x0, 0x34, 0x2, @tid=r9}, &(0x7f0000005640))
ioctl$BINDER_GET_EXTENDED_ERROR(r4, 0xc00c6211, &(0x7f0000005680))
r11 = accept4$x25(r0, &(0x7f00000056c0), &(0x7f0000005700)=0x12, 0x80000)
ioctl$sock_SIOCADDRT(r11, 0x890b, &(0x7f0000005780)={0x0, @hci={0x1f, 0x4, 0x3}, @phonet={0x23, 0x7, 0x8, 0xa}, @nl=@kern={0x10, 0x0, 0x0, 0x2000000}, 0x4d19, 0x0, 0x0, 0x0, 0x0, &(0x7f0000005740), 0x0, 0xfff})
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000005900)=<r12=>0x0, &(0x7f0000005940)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000005a00)={0xa, 0x15, &(0x7f0000005800)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_fd={0x18, 0xb, 0x1, 0x0, r0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x67}, @exit, @exit, @jmp={0x5, 0x0, 0x2, 0x6, 0xb, 0xc, 0xfffffffffffffffc}]}, &(0x7f00000058c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x14, '\x00', r12, @fallback=0x5, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000005980)={0x3, 0xa, 0x0, 0x8}, 0x10, 0xffffffffffffffff, r0, 0x0, &(0x7f00000059c0)=[r0, r0], 0x0, 0x10, 0x8}, 0x94)
clock_gettime(0x0, &(0x7f0000005b00)={<r13=>0x0, <r14=>0x0})
utimes(&(0x7f0000005ac0)='./file0\x00', &(0x7f0000005b40)={{0x77359400}, {r13, r14/1000+60000}})
r15 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r15, 0x84, 0x13, &(0x7f0000005b80)={0x0, 0xc}, &(0x7f0000005bc0)=0x8)

0s ago: executing program 3 (id=2631):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
semget$private(0x0, 0x1, 0x351)
mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='pipefs\x00', 0x120000, &(0x7f00000000c0)='\x00')
io_setup(0x222, &(0x7f0000000180)=<r1=>0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0)
io_submit(r1, 0x2, &(0x7f0000000080)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8, r2, &(0x7f00000000c0)='\x00', 0x1, 0x10}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x1, r2, 0x0, 0x0, 0x1}])
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0xffff8880b8638c40)

kernel console output (not intermixed with test programs):

  616.136357][T15864] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  616.145385][T15864] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  616.785205][T15869] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  616.877966][T15858] cgroup: fork rejected by pids controller in /syz4
[  618.236473][T15932] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  618.434855][T15930] lo speed is unknown, defaulting to 1000
[  619.725722][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  620.045618][T16005] 9pnet: p9_errstr2errno: server reported unknown error �@�΂�
[  620.560856][T16028] all: renamed from bridge_slave_0 (while UP)
[  620.612385][T16032] lo speed is unknown, defaulting to 1000
[  621.928243][T16064] syz_tun: entered allmulticast mode
[  621.966927][T16064] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1843'.
[  621.989035][T16062] syz_tun: left allmulticast mode
[  622.786516][T16099] syz.2.1849: attempt to access beyond end of device
[  622.786516][T16099] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  624.375732][T13499] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  624.850826][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  624.857390][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  625.448003][T16146] delete_channel: no stack
[  626.424680][T16165] FAULT_INJECTION: forcing a failure.
[  626.424680][T16165] name failslab, interval 1, probability 0, space 0, times 0
[  626.437807][T16165] CPU: 1 UID: 0 PID: 16165 Comm: syz.4.1861 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  626.437831][T16165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  626.437842][T16165] Call Trace:
[  626.437853][T16165]  <TASK>
[  626.437861][T16165]  dump_stack_lvl+0x189/0x250
[  626.437890][T16165]  ? __pfx____ratelimit+0x10/0x10
[  626.437914][T16165]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.437933][T16165]  ? __pfx__printk+0x10/0x10
[  626.437953][T16165]  ? __pfx___might_resched+0x10/0x10
[  626.437970][T16165]  ? fs_reclaim_acquire+0x7d/0x100
[  626.437991][T16165]  should_fail_ex+0x414/0x560
[  626.438019][T16165]  should_failslab+0xa8/0x100
[  626.438044][T16165]  __kmalloc_noprof+0xcb/0x4f0
[  626.438065][T16165]  ? kfree+0x4d/0x440
[  626.438082][T16165]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  626.438105][T16165]  tomoyo_realpath_from_path+0xe3/0x5d0
[  626.438125][T16165]  ? tomoyo_domain+0xda/0x130
[  626.438147][T16165]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  626.438171][T16165]  tomoyo_path_number_perm+0x1e8/0x5a0
[  626.438196][T16165]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  626.438218][T16165]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  626.438246][T16165]  ? rcu_is_watching+0x15/0xb0
[  626.438273][T16165]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  626.438319][T16165]  ? __rcu_read_unlock+0x84/0xe0
[  626.438341][T16165]  ? __fget_files+0x2a/0x420
[  626.438356][T16165]  ? __fget_files+0x3a0/0x420
[  626.438370][T16165]  ? __fget_files+0x2a/0x420
[  626.438390][T16165]  security_file_ioctl+0xcb/0x2d0
[  626.438416][T16165]  __se_sys_ioctl+0x47/0x170
[  626.438438][T16165]  do_syscall_64+0xfa/0x3b0
[  626.438456][T16165]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.438472][T16165]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  626.438487][T16165]  ? clear_bhb_loop+0x60/0xb0
[  626.438508][T16165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.438524][T16165] RIP: 0033:0x7f49ea18e929
[  626.438540][T16165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.438554][T16165] RSP: 002b:00007f49eafee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  626.438573][T16165] RAX: ffffffffffffffda RBX: 00007f49ea3b6160 RCX: 00007f49ea18e929
[  626.438585][T16165] RDX: 00002000000000c0 RSI: 0000000040605346 RDI: 0000000000000005
[  626.438596][T16165] RBP: 00007f49eafee090 R08: 0000000000000000 R09: 0000000000000000
[  626.438607][T16165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.438617][T16165] R13: 0000000000000000 R14: 00007f49ea3b6160 R15: 00007ffdc4caae18
[  626.438646][T16165]  </TASK>
[  626.438699][T16165] ERROR: Out of memory at tomoyo_realpath_from_path.
[  627.011403][T16179] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1865'.
[  627.190050][ T5955] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  627.264378][T13499] usb 2-1: unable to get BOS descriptor or descriptor too short
[  627.309636][T13499] usb 2-1: unable to read config index 0 descriptor/start: -71
[  627.486584][ T5955] usb 3-1: Using ep0 maxpacket: 32
[  627.513821][T13499] usb 2-1: can't read configurations, error -71
[  627.613499][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  627.816573][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  627.865569][ T5955] usb 3-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00
[  627.916341][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  627.997784][ T5955] usb 3-1: config 0 descriptor??
[  628.081863][T16197] FAULT_INJECTION: forcing a failure.
[  628.081863][T16197] name failslab, interval 1, probability 0, space 0, times 0
[  628.095061][T16197] CPU: 1 UID: 0 PID: 16197 Comm: syz.4.1868 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  628.095083][T16197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  628.095093][T16197] Call Trace:
[  628.095100][T16197]  <TASK>
[  628.095107][T16197]  dump_stack_lvl+0x189/0x250
[  628.095131][T16197]  ? __pfx____ratelimit+0x10/0x10
[  628.095154][T16197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.095173][T16197]  ? __pfx__printk+0x10/0x10
[  628.095200][T16197]  ? ref_tracker_alloc+0x318/0x460
[  628.095225][T16197]  should_fail_ex+0x414/0x560
[  628.095251][T16197]  should_failslab+0xa8/0x100
[  628.095276][T16197]  kmem_cache_alloc_noprof+0x73/0x3c0
[  628.095297][T16197]  ? skb_clone+0x212/0x3a0
[  628.095321][T16197]  skb_clone+0x212/0x3a0
[  628.095345][T16197]  __netlink_deliver_tap+0x404/0x850
[  628.095377][T16197]  ? netlink_deliver_tap+0x2e/0x1b0
[  628.095397][T16197]  netlink_deliver_tap+0x19c/0x1b0
[  628.095417][T16197]  netlink_unicast+0x72f/0x8d0
[  628.095444][T16197]  netlink_sendmsg+0x805/0xb30
[  628.095473][T16197]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.095501][T16197]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  628.095522][T16197]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.095542][T16197]  __sock_sendmsg+0x21c/0x270
[  628.095568][T16197]  ____sys_sendmsg+0x505/0x830
[  628.095593][T16197]  ? __pfx_____sys_sendmsg+0x10/0x10
[  628.095623][T16197]  ? import_iovec+0x74/0xa0
[  628.095645][T16197]  ___sys_sendmsg+0x21f/0x2a0
[  628.095667][T16197]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.095722][T16197]  ? __fget_files+0x2a/0x420
[  628.095737][T16197]  ? __fget_files+0x3a0/0x420
[  628.095763][T16197]  __x64_sys_sendmsg+0x19b/0x260
[  628.095786][T16197]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  628.095816][T16197]  ? __pfx_ksys_write+0x10/0x10
[  628.095834][T16197]  ? rcu_is_watching+0x15/0xb0
[  628.095857][T16197]  ? do_syscall_64+0xbe/0x3b0
[  628.095877][T16197]  do_syscall_64+0xfa/0x3b0
[  628.095891][T16197]  ? lockdep_hardirqs_on+0x9c/0x150
[  628.095912][T16197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.095928][T16197]  ? clear_bhb_loop+0x60/0xb0
[  628.095954][T16197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.095970][T16197] RIP: 0033:0x7f49ea18e929
[  628.095985][T16197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.095999][T16197] RSP: 002b:00007f49eb00f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  628.096017][T16197] RAX: ffffffffffffffda RBX: 00007f49ea3b6080 RCX: 00007f49ea18e929
[  628.096029][T16197] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  628.096039][T16197] RBP: 00007f49eb00f090 R08: 0000000000000000 R09: 0000000000000000
[  628.096049][T16197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.096059][T16197] R13: 0000000000000000 R14: 00007f49ea3b6080 R15: 00007ffdc4caae18
[  628.096086][T16197]  </TASK>
[  628.867211][ T5955] hid_mf 0003:0079:1801.000B: item fetching failed at offset 0/2
[  628.884946][ T5955] hid_mf 0003:0079:1801.000B: HID parse failed.
[  628.901556][ T5955] hid_mf 0003:0079:1801.000B: probe with driver hid_mf failed with error -22
[  628.977195][T16206] 9pnet_fd: Insufficient options for proto=fd
[  629.068716][ T5892] usb 3-1: USB disconnect, device number 43
[  629.211796][T16229] loop6: detected capacity change from 0 to 1
[  629.223629][T16229] Dev loop6: unable to read RDB block 1
[  629.230237][T16229]  loop6: unable to read partition table
[  629.240818][T16229] loop6: partition table beyond EOD, truncated
[  629.248328][T16229] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  630.396894][T16259] netlink: 'syz.1.1883': attribute type 10 has an invalid length.
[  630.410883][T16259] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1883'.
[  630.445583][ T5892] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  630.594350][T16259] batman_adv: batadv0: Adding interface: virt_wifi0
[  630.631432][T16259] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  630.853971][T16259] batman_adv: batadv0: Not using interface virt_wifi0 (retrying later): interface not active
[  630.892420][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  630.909243][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  630.949536][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  630.962946][T13499] IPVS: starting estimator thread 0...
[  630.974665][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  631.011957][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.035094][ T5892] usb 3-1: config 0 descriptor??
[  631.055736][T16267] IPVS: using max 50 ests per chain, 120000 per kthread
[  631.102835][T16273] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  631.484067][ T5892] plantronics 0003:047F:FFFF.000C: collection stack underflow
[  631.513874][ T5892] plantronics 0003:047F:FFFF.000C: item 0 2 0 12 parsing failed
[  631.530737][ T5892] plantronics 0003:047F:FFFF.000C: parse failed
[  631.539329][ T5892] plantronics 0003:047F:FFFF.000C: probe with driver plantronics failed with error -22
[  632.310352][T16294] FAULT_INJECTION: forcing a failure.
[  632.310352][T16294] name failslab, interval 1, probability 0, space 0, times 0
[  632.323080][T16294] CPU: 0 UID: 0 PID: 16294 Comm: syz.4.1892 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  632.323104][T16294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  632.323114][T16294] Call Trace:
[  632.323122][T16294]  <TASK>
[  632.323129][T16294]  dump_stack_lvl+0x189/0x250
[  632.323153][T16294]  ? __pfx____ratelimit+0x10/0x10
[  632.323177][T16294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.323195][T16294]  ? __pfx__printk+0x10/0x10
[  632.323219][T16294]  ? __pfx_fib_rules_lookup+0x10/0x10
[  632.323238][T16294]  ? l3mdev_update_flow+0x29/0x640
[  632.323257][T16294]  ? l3mdev_update_flow+0x4d1/0x640
[  632.323284][T16294]  should_fail_ex+0x414/0x560
[  632.323310][T16294]  should_failslab+0xa8/0x100
[  632.323335][T16294]  kmem_cache_alloc_noprof+0x73/0x3c0
[  632.323352][T16294]  ? dst_alloc+0x105/0x170
[  632.323363][T16294]  ? __pfx_make_kuid+0x10/0x10
[  632.323378][T16294]  dst_alloc+0x105/0x170
[  632.323393][T16294]  ip_route_input_rcu+0x1ed5/0x2ff0
[  632.323415][T16294]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  632.323444][T16294]  ? ip_route_input_noref+0x98/0x250
[  632.323458][T16294]  ip_route_input_noref+0x167/0x250
[  632.323473][T16294]  ? __pfx_ip_route_input_noref+0x10/0x10
[  632.323490][T16294]  ? ipt_do_table+0x2a3/0x1630
[  632.323500][T16294]  ? __pfx_ipt_do_table+0x10/0x10
[  632.323512][T16294]  ip_rcv_finish_core+0x5af/0x1c00
[  632.323531][T16294]  ip_rcv_finish+0x14c/0x2f0
[  632.323543][T16294]  NF_HOOK+0x309/0x3a0
[  632.323554][T16294]  ? __pfx_ip_rcv_finish+0x10/0x10
[  632.323564][T16294]  ? NF_HOOK+0x9a/0x3a0
[  632.323573][T16294]  ? __pfx_NF_HOOK+0x10/0x10
[  632.323582][T16294]  ? ip_rcv_core+0x7f7/0xd00
[  632.323593][T16294]  ? __pfx_ip_rcv_finish+0x10/0x10
[  632.323608][T16294]  ? __pfx_ip_rcv+0x10/0x10
[  632.323617][T16294]  __netif_receive_skb+0x143/0x380
[  632.323635][T16294]  ? netif_receive_skb+0x115/0x790
[  632.323648][T16294]  netif_receive_skb+0x1cb/0x790
[  632.323662][T16294]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  632.323672][T16294]  ? _copy_from_iter+0x24c/0x16f0
[  632.323681][T16294]  ? __pfx_netif_receive_skb+0x10/0x10
[  632.323695][T16294]  ? sock_alloc_send_pskb+0x875/0x990
[  632.323709][T16294]  ? tun_rx_batched+0x160/0x730
[  632.323720][T16294]  tun_rx_batched+0x1b9/0x730
[  632.323730][T16294]  ? __lock_acquire+0xab9/0xd20
[  632.323741][T16294]  ? __pfx_tun_rx_batched+0x10/0x10
[  632.323752][T16294]  ? tun_get_user+0x2549/0x3ce0
[  632.323768][T16294]  tun_get_user+0x298e/0x3ce0
[  632.323779][T16294]  ? tun_get_user+0x2549/0x3ce0
[  632.323793][T16294]  ? __might_fault+0xb0/0x130
[  632.323808][T16294]  ? __pfx_tun_get_user+0x10/0x10
[  632.323821][T16294]  ? __lock_acquire+0xab9/0xd20
[  632.323833][T16294]  ? ref_tracker_alloc+0x318/0x460
[  632.323846][T16294]  ? __lock_acquire+0xab9/0xd20
[  632.323855][T16294]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  632.323871][T16294]  ? tun_get+0x1c/0x2f0
[  632.323884][T16294]  ? tun_get+0x1c/0x2f0
[  632.323892][T16294]  ? tun_get+0x1c/0x2f0
[  632.323903][T16294]  tun_chr_write_iter+0x113/0x200
[  632.323914][T16294]  vfs_write+0x548/0xa90
[  632.323929][T16294]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  632.323939][T16294]  ? __pfx_vfs_write+0x10/0x10
[  632.323957][T16294]  ? __fget_files+0x2a/0x420
[  632.323970][T16294]  ksys_write+0x145/0x250
[  632.323984][T16294]  ? __pfx_ksys_write+0x10/0x10
[  632.323995][T16294]  ? rcu_is_watching+0x15/0xb0
[  632.324009][T16294]  ? do_syscall_64+0xbe/0x3b0
[  632.324019][T16294]  do_syscall_64+0xfa/0x3b0
[  632.324027][T16294]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.324041][T16294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.324050][T16294]  ? clear_bhb_loop+0x60/0xb0
[  632.324061][T16294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.324070][T16294] RIP: 0033:0x7f49ea18e929
[  632.324080][T16294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.324088][T16294] RSP: 002b:00007f49eb030038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  632.324099][T16294] RAX: ffffffffffffffda RBX: 00007f49ea3b5fa0 RCX: 00007f49ea18e929
[  632.324106][T16294] RDX: 0000000000000fb5 RSI: 00002000000003c0 RDI: 0000000000000004
[  632.324112][T16294] RBP: 00007f49eb030090 R08: 0000000000000000 R09: 0000000000000000
[  632.324118][T16294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  632.324123][T16294] R13: 0000000000000000 R14: 00007f49ea3b5fa0 R15: 00007ffdc4caae18
[  632.324138][T16294]  </TASK>
[  632.750306][    C0] vkms_vblank_simulate: vblank timer overrun
[  633.071006][T16304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1893'.
[  633.562460][ T5955] usb 3-1: USB disconnect, device number 44
[  634.423856][T16326] netlink: 'syz.4.1898': attribute type 3 has an invalid length.
[  634.451976][T16326] netlink: 'syz.4.1898': attribute type 1 has an invalid length.
[  634.536523][T16339] lo speed is unknown, defaulting to 1000
[  634.746944][T13499] IPVS: starting estimator thread 0...
[  634.753631][T16359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  634.777742][T16359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1904'.
[  634.786847][T16359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1904'.
[  634.856081][T16360] IPVS: using max 50 ests per chain, 120000 per kthread
[  635.924537][T16383] netlink: 'syz.2.1905': attribute type 30 has an invalid length.
[  635.932717][T16383] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1905'.
[  635.942925][T16383] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  635.952372][T16383] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  636.117312][T16377] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1906'.
[  636.132437][T16377] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1906'.
[  636.407695][T16387] netlink: 'syz.0.1908': attribute type 7 has an invalid length.
[  636.416010][T16387] netlink: 'syz.0.1908': attribute type 8 has an invalid length.
[  636.428622][T16386] delete_channel: no stack
[  636.833265][T16405] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1914'.
[  637.205744][T16420] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1918'.
[  637.234432][T16415] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3290916003 (26327328024 ns) > initial count (15247863992 ns). Using initial count to start timer.
[  637.525701][ T5905] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  637.605904][ T5950] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  637.675709][ T5892] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  637.686749][ T5905] usb 5-1: config 9 has no interfaces?
[  637.696021][ T5905] usb 5-1: New USB device found, idVendor=07b8, idProduct=420a, bcdDevice= 1.82
[  637.705362][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.713592][ T5905] usb 5-1: Product: syz
[  637.718241][ T5905] usb 5-1: Manufacturer: syz
[  637.722926][ T5905] usb 5-1: SerialNumber: syz
[  637.766375][ T5950] usb 2-1: Using ep0 maxpacket: 32
[  637.787980][ T5950] usb 2-1: config index 0 descriptor too short (expected 34738, got 36)
[  637.797209][ T5950] usb 2-1: config 42 has too many interfaces: 216, using maximum allowed: 32
[  637.806103][ T5950] usb 2-1: config 42 has an invalid descriptor of length 80, skipping remainder of the config
[  637.817190][ T5950] usb 2-1: config 42 has 0 interfaces, different from the descriptor's value: 216
[  637.826724][ T5950] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  637.895050][T16443] siw: device registration error -23
[  638.072062][ T5955] usb 5-1: USB disconnect, device number 32
[  638.382652][ T5892] usb 4-1: Using ep0 maxpacket: 32
[  638.387997][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.417185][ T5892] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  638.440498][ T5892] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  638.452158][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  638.463918][ T5892] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  638.473278][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  638.581855][ T5892] usb 4-1: Product: syz
[  638.586132][ T5892] usb 4-1: Manufacturer: syz
[  638.590772][ T5892] usb 4-1: SerialNumber: syz
[  638.636506][T16459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1923'.
[  639.618029][T16475] syz.4.1925: attempt to access beyond end of device
[  639.618029][T16475] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  640.521572][ T5892] usb 4-1: 0:2 : does not exist
[  640.583753][ T5853] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  640.616964][ T5892] usb 4-1: USB disconnect, device number 31
[  640.767976][ T5950] usb 2-1: string descriptor 0 read error: -71
[  640.788799][ T5950] usb 2-1: USB disconnect, device number 38
[  640.803216][ T7841] udevd[7841]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  641.097366][T16511] lo speed is unknown, defaulting to 1000
[  641.395723][ T5950] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  641.663430][T16545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1934'.
[  641.702303][T16545] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1934'.
[  641.719076][ T5950] usb 2-1: config 0 has no interfaces?
[  641.745219][ T5950] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  641.769435][T16545] sp0: Synchronizing with TNC
[  641.772423][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.782722][ T5950] usb 2-1: Product: syz
[  641.787581][ T5950] usb 2-1: Manufacturer: syz
[  641.795131][ T5950] usb 2-1: SerialNumber: syz
[  641.812588][ T5950] usb 2-1: config 0 descriptor??
[  642.131194][T16511] veth1_macvtap: left promiscuous mode
[  642.230959][T16511] veth1_macvtap: entered promiscuous mode
[  642.259899][ T5892] usb 2-1: USB disconnect, device number 39
[  642.475667][T16544] [U] �`
[  642.798773][T16580] syz.3.1937: attempt to access beyond end of device
[  642.798773][T16580] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  643.360785][T16586] loop6: detected capacity change from 0 to 1
[  643.374929][T16586] Dev loop6: unable to read RDB block 1
[  643.385640][T16586]  loop6: unable to read partition table
[  643.395347][T16586] loop6: partition table beyond EOD, truncated
[  643.446388][T16586] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  644.064070][T14243] veth1_macvtap: left promiscuous mode
[  644.521302][T16607] fuse: Unknown parameter '�E0x0000000000000003'
[  645.462129][T16628] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1950'.
[  645.698995][T16629] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  648.834234][T16654] syz.3.1954: attempt to access beyond end of device
[  648.834234][T16654] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  649.439827][T16673] netlink: 41 bytes leftover after parsing attributes in process `syz.1.1959'.
[  649.469215][T16673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1959'.
[  649.680837][T16683] kvm: pic: non byte write
[  649.688687][T16683] x_tables: duplicate underflow at hook 1
[  649.725544][T16687] FAULT_INJECTION: forcing a failure.
[  649.725544][T16687] name failslab, interval 1, probability 0, space 0, times 0
[  649.738287][T16687] CPU: 1 UID: 0 PID: 16687 Comm: syz.4.1962 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  649.738311][T16687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.738321][T16687] Call Trace:
[  649.738372][T16687]  <TASK>
[  649.738381][T16687]  dump_stack_lvl+0x189/0x250
[  649.738406][T16687]  ? __pfx____ratelimit+0x10/0x10
[  649.738430][T16687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.738454][T16687]  ? __pfx__printk+0x10/0x10
[  649.738478][T16687]  ? __pfx_fib_rules_lookup+0x10/0x10
[  649.738497][T16687]  ? l3mdev_update_flow+0x29/0x640
[  649.738516][T16687]  ? l3mdev_update_flow+0x4d1/0x640
[  649.738537][T16687]  should_fail_ex+0x414/0x560
[  649.738565][T16687]  should_failslab+0xa8/0x100
[  649.738591][T16687]  kmem_cache_alloc_noprof+0x73/0x3c0
[  649.738612][T16687]  ? dst_alloc+0x105/0x170
[  649.738631][T16687]  ? __pfx_make_kuid+0x10/0x10
[  649.738657][T16687]  dst_alloc+0x105/0x170
[  649.738683][T16687]  ip_route_input_rcu+0x1ed5/0x2ff0
[  649.738719][T16687]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  649.738753][T16687]  ? ip_route_input_noref+0x98/0x250
[  649.738794][T16687]  ? ip_route_input_noref+0x98/0x250
[  649.738818][T16687]  ip_route_input_noref+0x167/0x250
[  649.738844][T16687]  ? __pfx_ip_route_input_noref+0x10/0x10
[  649.738875][T16687]  ? ipt_do_table+0x2a3/0x1630
[  649.738893][T16687]  ? __pfx_ipt_do_table+0x10/0x10
[  649.738915][T16687]  ip_rcv_finish_core+0x5af/0x1c00
[  649.738947][T16687]  ip_rcv_finish+0x14c/0x2f0
[  649.738969][T16687]  NF_HOOK+0x309/0x3a0
[  649.738989][T16687]  ? __pfx_ip_rcv_finish+0x10/0x10
[  649.739007][T16687]  ? NF_HOOK+0x9a/0x3a0
[  649.739023][T16687]  ? __pfx_NF_HOOK+0x10/0x10
[  649.739039][T16687]  ? ip_rcv_core+0x7f7/0xd00
[  649.739059][T16687]  ? __pfx_ip_rcv_finish+0x10/0x10
[  649.739087][T16687]  ? __pfx_ip_rcv+0x10/0x10
[  649.739103][T16687]  __netif_receive_skb+0x143/0x380
[  649.739134][T16687]  ? netif_receive_skb+0x115/0x790
[  649.739155][T16687]  netif_receive_skb+0x1cb/0x790
[  649.739175][T16687]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  649.739190][T16687]  ? _copy_from_iter+0x24c/0x16f0
[  649.739204][T16687]  ? __pfx_netif_receive_skb+0x10/0x10
[  649.739224][T16687]  ? sock_alloc_send_pskb+0x875/0x990
[  649.739245][T16687]  ? tun_rx_batched+0x160/0x730
[  649.739263][T16687]  tun_rx_batched+0x1b9/0x730
[  649.739278][T16687]  ? __lock_acquire+0xab9/0xd20
[  649.739298][T16687]  ? __pfx_tun_rx_batched+0x10/0x10
[  649.739319][T16687]  ? tun_get_user+0x2549/0x3ce0
[  649.739351][T16687]  tun_get_user+0x298e/0x3ce0
[  649.739372][T16687]  ? tun_get_user+0x2549/0x3ce0
[  649.739399][T16687]  ? __might_fault+0xb0/0x130
[  649.739424][T16687]  ? __pfx_tun_get_user+0x10/0x10
[  649.739488][T16687]  ? __lock_acquire+0xab9/0xd20
[  649.739511][T16687]  ? ref_tracker_alloc+0x318/0x460
[  649.739531][T16687]  ? __lock_acquire+0xab9/0xd20
[  649.739548][T16687]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  649.739576][T16687]  ? tun_get+0x1c/0x2f0
[  649.739599][T16687]  ? tun_get+0x1c/0x2f0
[  649.739615][T16687]  ? tun_get+0x1c/0x2f0
[  649.739637][T16687]  tun_chr_write_iter+0x113/0x200
[  649.739658][T16687]  vfs_write+0x548/0xa90
[  649.739685][T16687]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  649.739700][T16687]  ? __pfx_vfs_write+0x10/0x10
[  649.739733][T16687]  ? __fget_files+0x2a/0x420
[  649.739759][T16687]  ksys_write+0x145/0x250
[  649.739783][T16687]  ? __pfx_ksys_write+0x10/0x10
[  649.739802][T16687]  ? rcu_is_watching+0x15/0xb0
[  649.739825][T16687]  ? do_syscall_64+0xbe/0x3b0
[  649.739846][T16687]  do_syscall_64+0xfa/0x3b0
[  649.739859][T16687]  ? lockdep_hardirqs_on+0x9c/0x150
[  649.739882][T16687]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.739898][T16687]  ? clear_bhb_loop+0x60/0xb0
[  649.739919][T16687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.739935][T16687] RIP: 0033:0x7f49ea18e929
[  649.739952][T16687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.739966][T16687] RSP: 002b:00007f49eb030038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  649.739985][T16687] RAX: ffffffffffffffda RBX: 00007f49ea3b5fa0 RCX: 00007f49ea18e929
[  649.739998][T16687] RDX: 0000000000000fb5 RSI: 00002000000003c0 RDI: 0000000000000004
[  649.740008][T16687] RBP: 00007f49eb030090 R08: 0000000000000000 R09: 0000000000000000
[  649.740019][T16687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  649.740029][T16687] R13: 0000000000000000 R14: 00007f49ea3b5fa0 R15: 00007ffdc4caae18
[  649.740058][T16687]  </TASK>
[  650.216337][T16676] syzkaller1: entered allmulticast mode
[  650.668026][T16714] netlink: 'syz.0.1963': attribute type 30 has an invalid length.
[  650.675906][T16714] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1963'.
[  650.685030][T16714] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  650.694219][T16714] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  651.491481][ T5892] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  652.216793][ T5905] usb 3-1: new full-speed USB device number 45 using dummy_hcd
[  652.355915][ T5892] usb 2-1: device descriptor read/64, error -71
[  652.457250][ T5905] usb 3-1: config 0 has an invalid interface number: 48 but max is 0
[  652.477845][ T5905] usb 3-1: config 0 has no interface number 0
[  652.484029][ T5905] usb 3-1: too many endpoints for config 0 interface 48 altsetting 49: 55, using maximum allowed: 30
[  652.536204][ T5905] usb 3-1: config 0 interface 48 altsetting 49 has 0 endpoint descriptors, different from the interface descriptor's value: 55
[  653.062434][ T5905] usb 3-1: config 0 interface 48 has no altsetting 0
[  653.080581][ T5905] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  653.099479][ T5892] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  653.110196][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.120302][ T5905] usb 3-1: Product: syz
[  653.124580][ T5905] usb 3-1: Manufacturer: syz
[  653.129854][ T5905] usb 3-1: SerialNumber: syz
[  653.198965][ T5905] usb 3-1: config 0 descriptor??
[  653.255697][ T5892] usb 2-1: device descriptor read/64, error -71
[  653.365982][ T5892] usb usb2-port1: attempt power cycle
[  653.609800][T16739] syz.3.1970: attempt to access beyond end of device
[  653.609800][T16739] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  654.023026][ T5905] usb 3-1: USB disconnect, device number 45
[  655.165904][ T5905] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  655.885617][ T5905] usb 4-1: Using ep0 maxpacket: 32
[  655.920064][ T5905] usb 4-1: config 4 has an invalid interface number: 128 but max is 0
[  655.934377][ T5905] usb 4-1: config 4 has no interface number 0
[  656.601792][   T30] audit: type=1326 audit(1752502617.608:3963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16789 comm="syz.0.1981" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x0
[  656.640537][ T5905] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  657.284154][ T5905] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  657.313937][ T5905] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  657.328664][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.480831][ T5905] hub 4-1:4.128: USB hub found
[  657.827246][T16810] syz.2.1984: attempt to access beyond end of device
[  657.827246][T16810] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  658.286103][ T5905] hub 4-1:4.128: config failed, can't read hub descriptor (err -22)
[  658.316497][ T5905] usb 4-1: USB disconnect, device number 32
[  659.442664][T16828] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  659.475458][T16841] ip6gre1: entered allmulticast mode
[  660.717629][   T43] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  660.900817][   T43] usb 5-1: config index 0 descriptor too short (expected 69, got 36)
[  661.059483][T16873] tipc: Can't bind to reserved service type 1
[  661.079346][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  661.565754][ T5853] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  661.764381][   T43] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86
[  661.797404][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  661.807957][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  661.827971][   T43] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  661.837541][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.857371][   T43] usb 5-1: Product: syz
[  661.875423][   T43] usb 5-1: Manufacturer: syz
[  661.894534][   T43] usb 5-1: SerialNumber: syz
[  662.139625][   T43] usb 5-1: config 0 descriptor??
[  662.182791][   T43] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  662.233801][T16886] IPv6: Can't replace route, no match found
[  662.373382][T16893] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2002'.
[  662.952353][   T43] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13
[  663.531904][T16916] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2006'.
[  663.541130][T16916] tipc: Started in network mode
[  663.546085][T16916] tipc: Node identity 7, cluster identity 5
[  663.552047][T16916] tipc: Node number set to 7
[  663.925049][T16922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2009'.
[  663.938632][T16922] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2009'.
[  665.073449][ T5892] usb 5-1: USB disconnect, device number 33
[  666.451007][ T5892] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  667.190502][   T30] audit: type=1326 audit(1752502628.198:3964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  667.295684][ T5892] usb 5-1: Using ep0 maxpacket: 32
[  667.339079][ T5892] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  667.350117][   T30] audit: type=1326 audit(1752502628.198:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  667.375971][ T5892] usb 5-1: config 0 has no interface number 0
[  667.413532][ T5892] usb 5-1: config 0 interface 132 has no altsetting 0
[  667.451026][   T30] audit: type=1326 audit(1752502628.308:3966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.479342][ T5892] usb 5-1: New USB device found, idVendor=0525, idProduct=9901, bcdDevice=39.75
[  667.535834][ T5955] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  667.570795][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.594434][   T30] audit: type=1326 audit(1752502628.328:3967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.616034][ T5892] usb 5-1: Product: syz
[  667.616056][ T5892] usb 5-1: Manufacturer: syz
[  667.616070][ T5892] usb 5-1: SerialNumber: syz
[  667.619220][ T5892] usb 5-1: config 0 descriptor??
[  667.639389][   T30] audit: type=1326 audit(1752502628.328:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.686848][   T30] audit: type=1326 audit(1752502628.328:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.713474][   T30] audit: type=1326 audit(1752502628.328:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.740436][   T30] audit: type=1326 audit(1752502628.328:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.770850][ T5955] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[  667.770855][   T30] audit: type=1326 audit(1752502628.328:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.770894][   T30] audit: type=1326 audit(1752502628.328:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16968 comm="syz.2.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7dfed2ab19 code=0x7ffc0000
[  667.780831][ T5955] usb 4-1: config 0 has no interface number 0
[  667.928520][ T5892] cdc_subset 5-1:0.132 usb0: register 'cdc_subset' at usb-dummy_hcd.4-1, Belkin, eTEK, or compatible, 16:50:1d:a3:bb:0e
[  668.069009][ T5955] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  668.084959][ T5955] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  668.103289][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.111731][ T5955] usb 4-1: Product: syz
[  668.116113][ T5955] usb 4-1: Manufacturer: syz
[  668.120778][ T5955] usb 4-1: SerialNumber: syz
[  668.635414][T17017] overlayfs: missing 'lowerdir'
[  668.653558][T17017] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  668.903436][ T5955] usb 4-1: config 0 descriptor??
[  669.218984][ T5955] yurex 4-1:0.50: Could not find endpoints
[  669.324830][ T5905] usb 4-1: USB disconnect, device number 33
[  670.383779][ T5905] usb 5-1: USB disconnect, device number 34
[  670.396239][ T5905] cdc_subset 5-1:0.132 usb0: unregister 'cdc_subset' usb-dummy_hcd.4-1, Belkin, eTEK, or compatible
[  670.783128][ T5892] usb 3-1: new full-speed USB device number 46 using dummy_hcd
[  671.016250][ T5892] usb 3-1: device descriptor read/64, error -71
[  671.130768][T17064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2033'.
[  671.277192][ T5892] usb 3-1: new full-speed USB device number 47 using dummy_hcd
[  671.531324][ T5892] usb 3-1: device descriptor read/64, error -71
[  671.625848][T13499] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  672.486382][T17088] input input14: cannot allocate more than FF_MAX_EFFECTS effects
[  672.520176][ T5892] usb usb3-port1: attempt power cycle
[  673.192622][T13499] usb 2-1: New USB device found, idVendor=04b4, idProduct=6830, bcdDevice=86.cf
[  673.202799][T13499] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.283640][T17105] lo speed is unknown, defaulting to 1000
[  674.156346][T13499] ums-cypress 2-1:1.0: USB Mass Storage device detected
[  674.214073][T17113] siw: device registration error -23
[  674.314930][T17126] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2046'.
[  674.334375][T17129] netlink: 'syz.0.2047': attribute type 10 has an invalid length.
[  674.366081][T13499] usb 2-1: USB disconnect, device number 43
[  674.437034][T17130] netlink: 'syz.0.2047': attribute type 10 has an invalid length.
[  674.503527][T17129] netlink: 'syz.0.2047': attribute type 10 has an invalid length.
[  674.523435][T17129] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2047'.
[  674.575100][T17145] gre0: entered allmulticast mode
[  675.040993][T17164] IPVS: set_ctl: invalid protocol: 60 10.1.1.1:20004
[  676.806668][T17199] fuse: Unknown parameter ''
[  677.052856][T17202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2059'.
[  680.495812][ T5892] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  680.537363][T17263] FAULT_INJECTION: forcing a failure.
[  680.537363][T17263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.550812][T17263] CPU: 1 UID: 0 PID: 17263 Comm: syz.4.2076 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  680.550843][T17263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.550854][T17263] Call Trace:
[  680.550861][T17263]  <TASK>
[  680.550868][T17263]  dump_stack_lvl+0x189/0x250
[  680.550889][T17263]  ? __pfx____ratelimit+0x10/0x10
[  680.550912][T17263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.550929][T17263]  ? __pfx__printk+0x10/0x10
[  680.550947][T17263]  ? __might_fault+0xb0/0x130
[  680.550980][T17263]  should_fail_ex+0x414/0x560
[  680.551007][T17263]  _copy_from_user+0x2d/0xb0
[  680.551025][T17263]  ___sys_sendmsg+0x158/0x2a0
[  680.551048][T17263]  ? __pfx____sys_sendmsg+0x10/0x10
[  680.551107][T17263]  ? __might_fault+0xb0/0x130
[  680.551129][T17263]  __sys_sendmmsg+0x227/0x430
[  680.551155][T17263]  ? __pfx___sys_sendmmsg+0x10/0x10
[  680.551172][T17263]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  680.551211][T17263]  ? ksys_write+0x22a/0x250
[  680.551233][T17263]  ? __pfx_ksys_write+0x10/0x10
[  680.551251][T17263]  ? rcu_is_watching+0x15/0xb0
[  680.551273][T17263]  __x64_sys_sendmmsg+0xa0/0xc0
[  680.551294][T17263]  do_syscall_64+0xfa/0x3b0
[  680.551307][T17263]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.551329][T17263]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.551344][T17263]  ? clear_bhb_loop+0x60/0xb0
[  680.551364][T17263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.551378][T17263] RIP: 0033:0x7f49ea18e929
[  680.551392][T17263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.551405][T17263] RSP: 002b:00007f49eb030038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  680.551421][T17263] RAX: ffffffffffffffda RBX: 00007f49ea3b5fa0 RCX: 00007f49ea18e929
[  680.551431][T17263] RDX: 00000000000004ff RSI: 00002000000092c0 RDI: 0000000000000003
[  680.551447][T17263] RBP: 00007f49eb030090 R08: 0000000000000000 R09: 0000000000000000
[  680.551456][T17263] R10: 000000000000ff00 R11: 0000000000000246 R12: 0000000000000002
[  680.551466][T17263] R13: 0000000000000000 R14: 00007f49ea3b5fa0 R15: 00007ffdc4caae18
[  680.551493][T17263]  </TASK>
[  681.410336][ T5892] usb 2-1: Using ep0 maxpacket: 16
[  682.127710][ T5892] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  682.156442][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.164488][ T5892] usb 2-1: Product: syz
[  682.206107][ T5892] r8152-cfgselector 2-1: Unknown version 0x0000
[  682.220536][ T5892] r8152-cfgselector 2-1: config 0 descriptor??
[  682.255400][ T5892] r8152-cfgselector 2-1: can't set config #0, error -71
[  682.297473][ T5892] r8152-cfgselector 2-1: USB disconnect, device number 44
[  686.034847][T17350] dlm: no locking on control device
[  686.290434][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  686.296858][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  686.305670][   T43] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  686.490686][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86
[  686.542432][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 65535, setting to 1024
[  687.036379][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 1024
[  687.081075][   T43] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  687.105217][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.126670][   T43] usb 4-1: config 0 descriptor??
[  687.134411][T17350] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  687.155094][   T43] gspca_main: spca561-2.14.0 probing abcd:cdee
[  687.362253][   T43] spca561 4-1:0.0: probe with driver spca561 failed with error -22
[  687.391678][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  687.426334][   T43] usb 4-1: MIDIStreaming interface descriptor not found
[  687.604705][   T43] usb 4-1: USB disconnect, device number 34
[  688.177741][T17404] xt_nat: multiple ranges no longer supported
[  691.833866][ T5853] Bluetooth: to_multiplier 3 < 10
[  693.294943][ T5892] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  693.451970][T16434] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  693.475634][ T5892] usb 2-1: Using ep0 maxpacket: 32
[  693.484635][ T5892] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  693.508769][ T5892] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  693.529607][ T5892] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  693.543970][ T5892] usb 2-1: config 1 has no interface number 0
[  693.554186][ T5892] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  693.565481][ T5892] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  693.593102][ T5892] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  693.603728][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.605798][   T24] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  693.628278][T16434] usb 4-1: config 0 has an invalid interface number: 101 but max is 0
[  693.649662][T16434] usb 4-1: config 0 has no interface number 0
[  693.662552][ T5892] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  693.675394][T16434] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  693.689748][T16434] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.706963][T16434] usb 4-1: config 0 descriptor??
[  693.729857][T16434] gspca_main: sunplus-2.14.0 probing 055f:c420
[  693.766532][   T24] usb 3-1: Using ep0 maxpacket: 8
[  693.781885][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  693.791626][   T24] usb 3-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  693.802444][   T24] usb 3-1: config 255 has 0 interfaces, different from the descriptor's value: 1
[  693.819993][   T24] usb 3-1: string descriptor 0 read error: -22
[  693.830204][   T24] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  693.840851][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  693.868762][ T5892] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  693.896713][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout
[  694.163779][ T5892] usb 3-1: USB disconnect, device number 49
[  694.299919][ T5950] usb 2-1: USB disconnect, device number 45
[  694.406500][T17518] zonefs (nullb0) ERROR: Not a zoned block device
[  694.528915][T17472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.545152][T17472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.554283][ T5950] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  694.564878][T16434] gspca_sunplus: reg_w_riv err -71
[  694.573250][T16434] sunplus 4-1:0.101: probe with driver sunplus failed with error -71
[  694.588354][T16434] usb 4-1: USB disconnect, device number 35
[  694.860334][T17535] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  695.167714][ T5950] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  695.906747][ T5950] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.919297][ T5950] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  695.996400][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.097035][ T5950] usb 2-1: config 0 descriptor??
[  696.677041][ T5950] usbhid 2-1:0.0: can't add hid device: -71
[  696.916323][ T5950] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  696.954012][ T5950] usb 2-1: USB disconnect, device number 46
[  697.001854][T17572] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  697.011204][T17572] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  697.549312][T17573] all: renamed from bridge_slave_0
[  697.636295][T17578] xt_recent: Unsupported userspace flags (000000de)
[  698.014896][ T5950] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  698.313622][T17586] netlink: 'syz.3.2137': attribute type 1 has an invalid length.
[  698.329799][T17586] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2137'.
[  698.345789][T17586] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2137'.
[  698.561429][T17600] netlink: 41 bytes leftover after parsing attributes in process `syz.3.2140'.
[  698.604231][T17600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2140'.
[  699.023374][T17614] delete_channel: no stack
[  699.313177][T17629] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  699.322711][T17629] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  701.075057][T17653] lo speed is unknown, defaulting to 1000
[  701.216621][T13499] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  701.348179][T16434] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  701.365974][ T5955] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  701.399784][T13499] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  701.415835][T13499] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.437487][T13499] usb 4-1: Product: syz
[  701.444480][T13499] usb 4-1: Manufacturer: syz
[  701.449480][T13499] usb 4-1: SerialNumber: syz
[  701.541415][T16434] usb 2-1: config 0 has no interfaces?
[  701.550206][T16434] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  701.565689][T16434] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.601307][ T5955] usb 3-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  701.604471][T16434] usb 2-1: Product: syz
[  701.611579][T13499] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  701.632687][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.633617][T16434] usb 2-1: Manufacturer: syz
[  701.711790][T16434] usb 2-1: SerialNumber: syz
[  702.171834][T16434] usb 2-1: config 0 descriptor??
[  702.175563][ T5955] usb 3-1: Product: syz
[  702.192940][ T5955] usb 3-1: Manufacturer: syz
[  702.203521][ T5955] usb 3-1: SerialNumber: syz
[  702.216360][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  702.230158][ T5955] usb 3-1: config 0 descriptor??
[  702.330330][ T5955] usb 3-1: selecting invalid altsetting 1
[  702.336842][ T5955] comedi comedi5: could not switch to alternate setting 1
[  702.344234][ T5955] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  702.487910][T16434] usb 3-1: USB disconnect, device number 50
[  702.693771][ T5905] usb 2-1: USB disconnect, device number 48
[  703.071673][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  703.071690][   T30] audit: type=1326 audit(1752502664.078:4032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  703.234842][   T30] audit: type=1326 audit(1752502664.238:4033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  703.277174][   T30] audit: type=1326 audit(1752502664.238:4034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  703.298797][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.339990][T17734] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  703.349173][T17734] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  704.005709][   T24] usb 4-1: Service connection timeout for: 256
[  704.011936][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services
[  704.051778][   T24] ath9k_htc: Failed to initialize the device
[  704.065644][   T30] audit: type=1326 audit(1752502664.238:4035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.110125][   T30] audit: type=1326 audit(1752502664.238:4036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.169774][   T30] audit: type=1326 audit(1752502664.238:4037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.213674][   T24] usb 4-1: ath9k_htc: USB layer deinitialized
[  704.270765][   T30] audit: type=1326 audit(1752502664.238:4038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.341107][T13499] usb 4-1: USB disconnect, device number 36
[  704.375717][   T30] audit: type=1326 audit(1752502664.238:4039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.414178][   T30] audit: type=1326 audit(1752502664.238:4040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.553650][   T30] audit: type=1326 audit(1752502664.238:4041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17725 comm="syz.0.2159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  704.674245][T17756] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  704.686203][T17756] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  705.508574][T17770] nfs: Unknown parameter '	'
[  705.629627][T17772] IPVS: set_ctl: invalid protocol: 115 127.0.0.1:20003
[  705.637798][T17772] sit0: entered promiscuous mode
[  705.642834][T17772] netlink: 'syz.0.2168': attribute type 1 has an invalid length.
[  705.678357][T17772] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2168'.
[  705.886590][T17779] all: renamed from bridge_slave_0 (while UP)
[  706.217595][T17798] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  706.310377][T17801] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  706.319623][T17801] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  706.385876][T16434] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  706.709448][T16434] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  706.926656][T16434] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  706.936066][T16434] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.988686][T16434] usb 2-1: config 0 descriptor??
[  707.077133][T17810] atomic_op ffff888021bbe198 conn xmit_atomic 0000000000000000
[  707.603263][T16434] usbhid 2-1:0.0: can't add hid device: -71
[  707.657129][T16434] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  707.709234][T16434] usb 2-1: USB disconnect, device number 49
[  708.319144][T16434] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  708.399038][T17836] overlayfs: failed to clone upperpath
[  708.408992][T17837] overlayfs: failed to clone upperpath
[  708.491528][T16434] usb 2-1: Using ep0 maxpacket: 32
[  708.512875][T16434] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.660690][T16434] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  708.780643][T16434] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.967883][T16434] usb 2-1: config 0 descriptor??
[  709.005984][ T5892] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  709.173712][T16434] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  709.286020][ T5892] usb 4-1: Using ep0 maxpacket: 16
[  709.376127][T16434] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  709.402653][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  709.437132][T16434] usb 2-1: USB disconnect, device number 50
[  709.443132][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  709.488237][ T5892] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  709.502286][T16434] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  709.520725][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  709.520743][   T30] audit: type=1800 audit(1752502670.518:4046): pid=17864 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2185" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  709.567239][ T5892] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  709.598643][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.610100][T17868] netlink: 'syz.1.2185': attribute type 21 has an invalid length.
[  709.638245][ T5892] usb 4-1: config 0 descriptor??
[  709.647716][T17868] netlink: 'syz.1.2185': attribute type 1 has an invalid length.
[  709.673886][T17868] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2185'.
[  709.986669][T17879] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  709.995796][T17879] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  710.483933][ T5892] HID 045e:07da: Invalid code 65791 type 1
[  710.494623][ T5892] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000D/input/input15
[  710.519591][ T5892] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  710.751604][ T5892] usb 4-1: USB disconnect, device number 37
[  710.834402][T17893] fido_id[17893]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  711.728561][T17938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2197'.
[  712.066302][T17956] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  712.075245][T17956] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  712.923998][T17967] FAULT_INJECTION: forcing a failure.
[  712.923998][T17967] name failslab, interval 1, probability 0, space 0, times 0
[  712.950191][T17967] CPU: 0 UID: 0 PID: 17967 Comm: syz.4.2205 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  712.950216][T17967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  712.950226][T17967] Call Trace:
[  712.950234][T17967]  <TASK>
[  712.950243][T17967]  dump_stack_lvl+0x189/0x250
[  712.950269][T17967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  712.950285][T17967]  ? __pfx__printk+0x10/0x10
[  712.950308][T17967]  ? fs_reclaim_acquire+0x7d/0x100
[  712.950330][T17967]  should_fail_ex+0x414/0x560
[  712.950354][T17967]  should_failslab+0xa8/0x100
[  712.950377][T17967]  __kmalloc_noprof+0xcb/0x4f0
[  712.950394][T17967]  ? kfree+0x4d/0x440
[  712.950407][T17967]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  712.950428][T17967]  tomoyo_realpath_from_path+0xe3/0x5d0
[  712.950447][T17967]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  712.950475][T17967]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  712.950498][T17967]  tomoyo_path_number_perm+0x1e8/0x5a0
[  712.950523][T17967]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  712.950545][T17967]  ? lockdep_hardirqs_on+0x9c/0x150
[  712.950586][T17967]  ? trace_irq_disable+0x37/0x110
[  712.950636][T17967]  ? security_file_ioctl+0xa7/0x2d0
[  712.950666][T17967]  security_file_ioctl+0xcb/0x2d0
[  712.950692][T17967]  __se_sys_ioctl+0x47/0x170
[  712.950715][T17967]  do_syscall_64+0xfa/0x3b0
[  712.950733][T17967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.950749][T17967]  ? asm_sysvec_call_function_single+0x1a/0x20
[  712.950766][T17967]  ? clear_bhb_loop+0x60/0xb0
[  712.950786][T17967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  712.950803][T17967] RIP: 0033:0x7f49ea18e929
[  712.950819][T17967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  712.950834][T17967] RSP: 002b:00007f49eb00f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  712.950851][T17967] RAX: ffffffffffffffda RBX: 00007f49ea3b6080 RCX: 00007f49ea18e929
[  712.950863][T17967] RDX: 0000200000000080 RSI: 0000000080045104 RDI: 0000000000000005
[  712.950875][T17967] RBP: 00007f49eb00f090 R08: 0000000000000000 R09: 0000000000000000
[  712.950893][T17967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  712.950903][T17967] R13: 0000000000000000 R14: 00007f49ea3b6080 R15: 00007ffdc4caae18
[  712.950931][T17967]  </TASK>
[  713.198035][T17967] ERROR: Out of memory at tomoyo_realpath_from_path.
[  714.207987][T17986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2209'.
[  714.615781][T13499] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  714.845716][T13499] usb 3-1: Using ep0 maxpacket: 8
[  714.964300][T13499] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=a8.17
[  715.227931][T13499] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.261545][T13499] usb 3-1: Product: syz
[  715.270731][T13499] usb 3-1: Manufacturer: syz
[  715.279218][T13499] usb 3-1: SerialNumber: syz
[  715.672605][T13499] usb 3-1: config 0 descriptor??
[  715.704772][T13499] gspca_main: jeilinj-2.14.0 probing 0979:0270
[  715.987974][T18024] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  715.998568][T18024] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  716.566400][T18031] loop5: detected capacity change from 0 to 2287
[  716.821404][T18031] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2217'.
[  716.913236][T18031] loop5: detected capacity change from 2287 to 4575
[  717.156376][T18043] mmap: syz.4.2220 (18043): VmData 45854720 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  717.232359][T18044] siw: device registration error -23
[  718.154527][ T7841] Buffer I/O error on dev loop5, logical block 571, async page read
[  718.272993][T13499] usb 3-1: USB disconnect, device number 51
[  718.504485][T18067] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2223'.
[  718.532437][T18070] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2223'.
[  719.277505][   T30] audit: type=1326 audit(1752502680.278:4047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  719.302694][   T30] audit: type=1326 audit(1752502680.278:4048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  719.913401][T18110] lo speed is unknown, defaulting to 1000
[  720.015594][   T30] audit: type=1326 audit(1752502680.348:4049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  720.037329][    C1] vkms_vblank_simulate: vblank timer overrun
[  720.107467][   T30] audit: type=1326 audit(1752502680.358:4050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  720.195573][   T30] audit: type=1326 audit(1752502680.358:4051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  720.217304][    C1] vkms_vblank_simulate: vblank timer overrun
[  720.279776][   T30] audit: type=1326 audit(1752502680.358:4052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  720.301393][    C1] vkms_vblank_simulate: vblank timer overrun
[  720.549472][T18136] netlink: 'syz.0.2236': attribute type 30 has an invalid length.
[  720.557373][T18136] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2236'.
[  720.566844][T18136] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  720.576007][T18136] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  721.378359][   T30] audit: type=1326 audit(1752502680.358:4053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  721.426383][   T30] audit: type=1326 audit(1752502680.368:4054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  721.916365][T18147] netlink: 'syz.1.2237': attribute type 30 has an invalid length.
[  721.924305][T18147] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2237'.
[  721.933599][T18147] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  721.942799][T18147] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  722.033074][   T30] audit: type=1326 audit(1752502680.368:4055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  722.081825][   T30] audit: type=1326 audit(1752502680.408:4056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18100 comm="syz.3.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  723.484722][T18176] syzkaller1: entered promiscuous mode
[  723.495049][T18176] syzkaller1: entered allmulticast mode
[  724.895655][ T5892] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  724.995891][ T5955] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  725.316381][ T5892] usb 4-1: device descriptor read/64, error -71
[  725.347113][ T5955] usb 5-1: Using ep0 maxpacket: 32
[  725.637328][ T5955] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  725.785712][ T5892] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  725.787238][ T5955] usb 5-1: config 0 has no interface number 0
[  725.835444][ T5955] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  725.875155][ T5955] usb 5-1: config 0 interface 85 has no altsetting 0
[  725.892060][ T5955] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  725.904993][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.915695][ T5892] usb 4-1: device descriptor read/64, error -71
[  725.916479][ T5955] usb 5-1: Product: syz
[  725.958920][ T5955] usb 5-1: Manufacturer: syz
[  725.997235][ T5955] usb 5-1: SerialNumber: syz
[  726.009959][ T5955] usb 5-1: config 0 descriptor??
[  726.026047][ T5892] usb usb4-port1: attempt power cycle
[  726.294853][ T5955] appletouch 5-1:0.85: Failed to read mode from device.
[  726.296905][ T5955] appletouch 5-1:0.85: probe with driver appletouch failed with error -5
[  726.476104][ T5955] usb 5-1: USB disconnect, device number 35
[  726.514725][ T5892] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  726.541325][ T5892] usb 4-1: device descriptor read/8, error -71
[  726.797721][ T5892] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  726.831178][ T5892] usb 4-1: device descriptor read/8, error -71
[  726.955206][T18267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2261'.
[  727.110221][ T5892] usb usb4-port1: unable to enumerate USB device
[  727.175806][T16434] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  727.406334][T16434] usb 2-1: Using ep0 maxpacket: 8
[  727.416369][T16434] usb 2-1: config 6 has an invalid interface number: 51 but max is 1
[  727.424825][T16434] usb 2-1: config 6 has no interface number 1
[  727.431413][T16434] usb 2-1: config 6 interface 0 has no altsetting 0
[  727.784262][T16434] usb 2-1: config 6 interface 51 has no altsetting 0
[  727.803286][T16434] usb 2-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=30.ad
[  727.822404][T18275] netlink: 'syz.3.2262': attribute type 30 has an invalid length.
[  727.830481][T18275] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2262'.
[  727.865235][T16434] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.911806][T16434] usb 2-1: Product: syz
[  727.923930][T16434] usb 2-1: Manufacturer: syz
[  727.935557][T16434] usb 2-1: SerialNumber: syz
[  728.056284][T18290] loop6: detected capacity change from 0 to 1
[  728.067190][T18290] Dev loop6: unable to read RDB block 1
[  728.076272][T18290]  loop6: unable to read partition table
[  728.082262][T18290] loop6: partition table beyond EOD, truncated
[  728.097135][T18290] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  728.450506][T18297] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  728.459675][T18297] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  729.831126][T18304] 9pnet_fd: Insufficient options for proto=fd
[  730.178052][T16434] xr_serial 2-1:6.51: skipping garbage
[  730.184321][T16434] xr_serial 2-1:6.51: xr_serial converter detected
[  730.242200][T18312] netlink: 'syz.4.2273': attribute type 1 has an invalid length.
[  730.315675][T16434] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[  730.317064][T18312] netlink: 'syz.4.2273': attribute type 2 has an invalid length.
[  730.322072][T16434] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  730.399173][T18333] binder: BINDER_SET_CONTEXT_MGR already set
[  730.406194][T18333] binder: 18326:18333 ioctl 4018620d 200000000040 returned -16
[  730.421145][T16434] usb 2-1: USB disconnect, device number 51
[  730.465868][T16434] xr_serial 2-1:6.0: device disconnected
[  730.724652][T18351] netlink: 512 bytes leftover after parsing attributes in process `syz.3.2279'.
[  730.735626][   T43] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  730.910305][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  731.059234][   T43] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  731.167643][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.249965][   T43] usb 5-1: Product: syz
[  731.272492][   T43] usb 5-1: Manufacturer: syz
[  731.289052][   T43] usb 5-1: SerialNumber: syz
[  731.309504][   T43] usb 5-1: config 0 descriptor??
[  731.438942][   T43] pegasus_notetaker 5-1:0.0: Invalid number of endpoints
[  731.491331][   T43] pegasus_notetaker 5-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  731.600844][T18364] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2282'.
[  731.756679][T18368] all: renamed from bridge_slave_0 (while UP)
[  731.928569][T18372] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  731.937925][T18372] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  732.725614][ T5892] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  732.879644][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  732.879663][   T30] audit: type=1326 audit(1752502693.888:4110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  732.895740][ T5892] usb 2-1: Using ep0 maxpacket: 8
[  733.741412][   T30] audit: type=1326 audit(1752502693.888:4111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  733.870029][   T30] audit: type=1326 audit(1752502693.888:4112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  733.905803][   T43] usb 5-1: USB disconnect, device number 36
[  733.955657][ T5892] usb 2-1: unable to get BOS descriptor or descriptor too short
[  733.973669][ T5892] usb 2-1: unable to read config index 0 descriptor/start: -71
[  734.086022][ T5892] usb 2-1: can't read configurations, error -71
[  734.125242][   T30] audit: type=1326 audit(1752502693.888:4113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  734.146940][    C1] vkms_vblank_simulate: vblank timer overrun
[  734.181454][   T30] audit: type=1326 audit(1752502693.888:4114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  734.258128][   T30] audit: type=1326 audit(1752502693.888:4115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  734.279824][    C1] vkms_vblank_simulate: vblank timer overrun
[  734.302886][   T30] audit: type=1326 audit(1752502693.888:4116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  734.338096][   T30] audit: type=1326 audit(1752502693.888:4117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  735.052444][   T30] audit: type=1326 audit(1752502693.888:4118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  735.074360][   T30] audit: type=1326 audit(1752502693.888:4119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18388 comm="syz.3.2290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  735.127998][T18423] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20000
[  735.174652][T18428] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  735.209490][T18426] lo speed is unknown, defaulting to 1000
[  735.259643][T18435] netlink: 'syz.4.2295': attribute type 16 has an invalid length.
[  735.285548][T18435] netlink: 'syz.4.2295': attribute type 3 has an invalid length.
[  735.286608][T16434] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  735.348297][T18435] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2295'.
[  735.377900][T14247] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  735.387813][T16434] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  735.397983][T18449] netlink: 'syz.0.2301': attribute type 1 has an invalid length.
[  735.412444][T18449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2301'.
[  735.464202][T18462] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2301'.
[  735.487997][T18462] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2301'.
[  735.719945][T18481] syz_tun: entered allmulticast mode
[  735.771679][T18484] fuse: Unknown parameter 'f
ߑ�'
[  736.198515][T18503] FAULT_INJECTION: forcing a failure.
[  736.198515][T18503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.226204][T18503] CPU: 1 UID: 0 PID: 18503 Comm: syz.1.2313 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  736.226232][T18503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  736.226243][T18503] Call Trace:
[  736.226250][T18503]  <TASK>
[  736.226259][T18503]  dump_stack_lvl+0x189/0x250
[  736.226283][T18503]  ? __pfx____ratelimit+0x10/0x10
[  736.226306][T18503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.226324][T18503]  ? __pfx__printk+0x10/0x10
[  736.226345][T18503]  ? __might_fault+0xb0/0x130
[  736.226378][T18503]  should_fail_ex+0x414/0x560
[  736.226405][T18503]  _copy_from_user+0x2d/0xb0
[  736.226425][T18503]  ___sys_sendmsg+0x158/0x2a0
[  736.226448][T18503]  ? __pfx____sys_sendmsg+0x10/0x10
[  736.226513][T18503]  ? __might_fault+0xb0/0x130
[  736.226537][T18503]  __sys_sendmmsg+0x227/0x430
[  736.226563][T18503]  ? __pfx___sys_sendmmsg+0x10/0x10
[  736.226580][T18503]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  736.226624][T18503]  ? ksys_write+0x22a/0x250
[  736.226648][T18503]  ? __pfx_ksys_write+0x10/0x10
[  736.226666][T18503]  ? rcu_is_watching+0x15/0xb0
[  736.226691][T18503]  __x64_sys_sendmmsg+0xa0/0xc0
[  736.226713][T18503]  do_syscall_64+0xfa/0x3b0
[  736.226728][T18503]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.226750][T18503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.226766][T18503]  ? clear_bhb_loop+0x60/0xb0
[  736.226793][T18503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.226809][T18503] RIP: 0033:0x7fd35338e929
[  736.226823][T18503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.226838][T18503] RSP: 002b:00007fd354294038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  736.226858][T18503] RAX: ffffffffffffffda RBX: 00007fd3535b5fa0 RCX: 00007fd35338e929
[  736.226870][T18503] RDX: 00000000000004ff RSI: 00002000000092c0 RDI: 0000000000000003
[  736.226880][T18503] RBP: 00007fd354294090 R08: 0000000000000000 R09: 0000000000000000
[  736.226891][T18503] R10: 000000000000ff00 R11: 0000000000000246 R12: 0000000000000002
[  736.226902][T18503] R13: 0000000000000000 R14: 00007fd3535b5fa0 R15: 00007ffd70227068
[  736.226929][T18503]  </TASK>
[  736.445881][    C1] vkms_vblank_simulate: vblank timer overrun
[  736.457669][T14247] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  736.465837][T14247] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  737.100089][T13499] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  737.545706][T13499] usb 2-1: Using ep0 maxpacket: 16
[  737.559686][ T5950] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  737.723545][T13499] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  737.735050][T13499] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  737.745076][T13499] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  737.758366][T13499] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  737.767964][T13499] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.785140][T13499] usb 2-1: config 0 descriptor??
[  738.439992][T13499] microsoft 0003:045E:07DA.000E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  738.494714][T13499] microsoft 0003:045E:07DA.000E: no inputs found
[  738.527516][T18537] lo speed is unknown, defaulting to 1000
[  738.542388][T13499] microsoft 0003:045E:07DA.000E: could not initialize ff, continuing anyway
[  738.556106][T18543] overlayfs: missing 'lowerdir'
[  738.705752][ T5955] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  739.186332][T18510] smc: net device bond0 applied user defined pnetid SYZ0
[  739.223894][ T5955] usb 3-1: config 0 has no interfaces?
[  739.232240][T18540] smc: net device bond0 erased user defined pnetid SYZ0
[  739.253798][ T5955] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  739.274070][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.305032][ T5955] usb 3-1: Product: syz
[  739.438866][ T5955] usb 3-1: Manufacturer: syz
[  739.443652][ T5955] usb 3-1: SerialNumber: syz
[  740.063507][ T5955] usb 3-1: config 0 descriptor??
[  740.205728][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  740.294162][T18537] veth1_macvtap: left promiscuous mode
[  740.361215][ T5955] usb 2-1: USB disconnect, device number 54
[  740.428298][T18537] veth1_macvtap: entered promiscuous mode
[  740.500267][T13499] usb 3-1: USB disconnect, device number 52
[  741.425658][ T5955] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[  741.852570][ T5955] usb 2-1: unable to get BOS descriptor or descriptor too short
[  741.872250][ T5955] usb 2-1: unable to read config index 0 descriptor/start: -71
[  741.883352][ T5955] usb 2-1: can't read configurations, error -71
[  741.922896][T18676] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  741.932866][T18676] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  742.391826][ T1094] veth1_macvtap: left promiscuous mode
[  742.792597][ T5950] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0
[  742.818793][ T5950] hid-generic 0000:0000:0000.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  743.271224][T18728] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  743.561109][T18745] lo speed is unknown, defaulting to 1000
[  743.765650][ T5950] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  743.835673][ T5892] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  743.915740][ T5950] usb 5-1: Using ep0 maxpacket: 32
[  743.926405][ T5950] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=88.ea
[  743.937830][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.946329][ T5950] usb 5-1: Product: syz
[  743.950511][ T5950] usb 5-1: Manufacturer: syz
[  743.955113][ T5950] usb 5-1: SerialNumber: syz
[  743.965056][ T5950] usb 5-1: config 0 descriptor??
[  743.978191][ T5950] ati_remote 5-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  743.988336][ T5892] usb 3-1: config 0 has no interfaces?
[  744.002145][ T5892] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  744.011603][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.019951][ T5892] usb 3-1: Product: syz
[  744.024224][ T5892] usb 3-1: Manufacturer: syz
[  744.029111][ T5892] usb 3-1: SerialNumber: syz
[  744.036061][ T5892] usb 3-1: config 0 descriptor??
[  744.173360][ T5955] usb 5-1: USB disconnect, device number 37
[  744.302144][ T5892] usb 3-1: USB disconnect, device number 53
[  744.918597][T18793] FAULT_INJECTION: forcing a failure.
[  744.918597][T18793] name failslab, interval 1, probability 0, space 0, times 0
[  744.931641][T18793] CPU: 0 UID: 0 PID: 18793 Comm: syz.4.2358 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  744.931665][T18793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  744.931682][T18793] Call Trace:
[  744.931689][T18793]  <TASK>
[  744.931696][T18793]  dump_stack_lvl+0x189/0x250
[  744.931720][T18793]  ? __pfx____ratelimit+0x10/0x10
[  744.931744][T18793]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.931763][T18793]  ? __pfx__printk+0x10/0x10
[  744.931789][T18793]  ? __pfx___might_resched+0x10/0x10
[  744.931807][T18793]  ? fs_reclaim_acquire+0x7d/0x100
[  744.931829][T18793]  should_fail_ex+0x414/0x560
[  744.931857][T18793]  should_failslab+0xa8/0x100
[  744.931882][T18793]  kmem_cache_alloc_noprof+0x73/0x3c0
[  744.931903][T18793]  ? vm_area_dup+0x2b/0x680
[  744.931924][T18793]  vm_area_dup+0x2b/0x680
[  744.931942][T18793]  __split_vma+0x1a9/0xa00
[  744.931973][T18793]  ? __pfx___split_vma+0x10/0x10
[  744.932016][T18793]  vma_modify+0x12c3/0x1970
[  744.932034][T18793]  ? vma_modify+0x50/0x1970
[  744.932070][T18793]  vma_modify_flags+0x1e8/0x230
[  744.932092][T18793]  ? __pfx_vma_modify_flags+0x10/0x10
[  744.932136][T18793]  mlock_fixup+0x22a/0x360
[  744.932162][T18793]  apply_vma_lock_flags+0x2aa/0x3c0
[  744.932188][T18793]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  744.932215][T18793]  ? __pfx_down_write_killable+0x10/0x10
[  744.932245][T18793]  do_mlock+0x528/0x740
[  744.932273][T18793]  ? __pfx_do_mlock+0x10/0x10
[  744.932289][T18793]  ? irqentry_exit+0x74/0x90
[  744.932333][T18793]  __x64_sys_mlock+0x60/0x70
[  744.932352][T18793]  do_syscall_64+0xfa/0x3b0
[  744.932368][T18793]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.932383][T18793]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  744.932399][T18793]  ? clear_bhb_loop+0x60/0xb0
[  744.932419][T18793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.932435][T18793] RIP: 0033:0x7f49ea18e929
[  744.932451][T18793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.932466][T18793] RSP: 002b:00007f49eafee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  744.932484][T18793] RAX: ffffffffffffffda RBX: 00007f49ea3b6160 RCX: 00007f49ea18e929
[  744.932496][T18793] RDX: 0000000000000000 RSI: 0000000000003000 RDI: 00002000009f1000
[  744.932507][T18793] RBP: 00007f49eafee090 R08: 0000000000000000 R09: 0000000000000000
[  744.932518][T18793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.932528][T18793] R13: 0000000000000000 R14: 00007f49ea3b6160 R15: 00007ffdc4caae18
[  744.932557][T18793]  </TASK>
[  745.266241][T18799] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  745.663399][T18812] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  745.703786][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  745.703803][   T30] audit: type=1326 audit(1752502706.708:4139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  745.736335][ T5955] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  745.846640][   T30] audit: type=1326 audit(1752502706.708:4140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  745.897270][   T30] audit: type=1326 audit(1752502706.748:4141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  745.924850][   T30] audit: type=1326 audit(1752502706.748:4142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  745.925974][ T5955] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  745.958181][T18819] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  745.972618][   T30] audit: type=1326 audit(1752502706.748:4143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  745.997556][   T30] audit: type=1326 audit(1752502706.748:4144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  746.028225][   T30] audit: type=1326 audit(1752502706.748:4145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  746.050584][   T30] audit: type=1326 audit(1752502706.748:4146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  746.077233][   T30] audit: type=1326 audit(1752502706.748:4147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7dfed8d290 code=0x7ffc0000
[  746.104338][   T30] audit: type=1326 audit(1752502706.748:4148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18809 comm="syz.2.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7dfed8e929 code=0x7ffc0000
[  746.316611][ T5950] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  746.458361][ T5950] usb 5-1: device descriptor read/64, error -71
[  746.477214][ T1094] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  746.755589][ T5950] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  746.937741][T18845] afs: Unknown parameter '1844674407370955161500000000000000000008'
[  746.983212][ T5950] usb 5-1: device descriptor read/64, error -71
[  747.005780][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  747.098054][ T5950] usb usb5-port1: attempt power cycle
[  747.490883][T14243] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  747.503804][T18854] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  747.522440][T14243] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  747.555799][ T5950] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  747.566590][T18857] all: renamed from bridge_slave_0 (while UP)
[  747.586774][ T5950] usb 5-1: device descriptor read/8, error -71
[  747.731636][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  747.744278][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  747.750781][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  747.835658][ T5950] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  747.856093][ T5950] usb 5-1: device descriptor read/8, error -71
[  747.865786][T13499] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[  747.965836][ T5955] usb 3-1: new low-speed USB device number 54 using dummy_hcd
[  747.966325][T16434] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  747.981310][ T5950] usb usb5-port1: unable to enumerate USB device
[  748.045700][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  748.048103][T13499] usb 2-1: not running at top speed; connect to a high speed hub
[  748.074580][T13499] usb 2-1: config 0 has no interfaces?
[  748.090019][T13499] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  748.103010][T13499] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.114769][T13499] usb 2-1: Product: syz
[  748.120433][T13499] usb 2-1: Manufacturer: syz
[  748.125117][T13499] usb 2-1: SerialNumber: syz
[  748.136549][T13499] usb 2-1: config 0 descriptor??
[  748.147585][ T5955] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  748.164529][ T5955] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  748.202320][ T5955] usb 3-1: string descriptor 0 read error: -22
[  748.210576][ T5955] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  748.223692][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.248716][ T5955] usb 3-1: invalid UAC_HEADER (v1)
[  748.327455][ T5955] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  748.388673][T18860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  748.405241][T18860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  748.438320][ T5955] usb 2-1: USB disconnect, device number 57
[  748.452411][T16434] usb 3-1: USB disconnect, device number 54
[  751.885782][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  752.499834][T18963] lo speed is unknown, defaulting to 1000
[  752.628322][T18969] netlink: 41 bytes leftover after parsing attributes in process `syz.0.2396'.
[  752.682463][T18969] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2396'.
[  752.846031][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  754.738941][T19018] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  754.856920][T14247] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  754.888279][T13499] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  755.812308][T13499] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  755.890472][T14236] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  755.924292][T14236] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  756.567245][T13499] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  757.037221][ T5950] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  757.482474][ T5950] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  757.571222][ T5950] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024
[  757.825659][ T5950] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  757.896403][ T5950] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  757.957047][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  757.982176][T19048] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  758.027780][ T5950] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  758.058010][T19088] fuse: Unknown parameter '�d'
[  759.277578][   T43] usb 2-1: USB disconnect, device number 58
[  759.422250][T19149] overlayfs: failed to clone upperpath
[  759.965703][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  760.525784][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  760.745779][ T5950] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  760.977488][ T5950] usb 2-1: unable to get BOS descriptor or descriptor too short
[  760.987929][ T5950] usb 2-1: not running at top speed; connect to a high speed hub
[  761.008767][ T5950] usb 2-1: config 3 has an invalid interface number: 1 but max is 0
[  761.026860][ T5950] usb 2-1: config 3 has no interface number 0
[  761.083866][ T5950] usb 2-1: config 3 interface 1 has no altsetting 0
[  761.122221][ T5950] usb 2-1: New USB device found, idVendor=1b80, idProduct=e421, bcdDevice=35.5d
[  761.152030][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.184793][ T5950] usb 2-1: Product: syz
[  761.210834][ T5950] usb 2-1: Manufacturer: syz
[  761.245735][ T5950] usb 2-1: SerialNumber: syz
[  761.451145][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  761.451166][   T30] audit: type=1326 audit(1752502722.298:4197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  761.479899][   T30] audit: type=1326 audit(1752502722.298:4198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  761.502198][   T30] audit: type=1326 audit(1752502722.298:4199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  761.516338][T19220] netlink: 'syz.4.2436': attribute type 137 has an invalid length.
[  761.544430][   T30] audit: type=1326 audit(1752502722.298:4200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  761.566540][T19220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2436'.
[  761.596999][T19201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.605851][T19201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.785667][ T5950] cx231xx 2-1:3.1: New device syz syz @ 12 Mbps (1b80:e421) with 1 interfaces
[  761.813310][ T5950] cx231xx 2-1:3.1: Not found matching IAD interface
[  761.844263][ T5950] usb 2-1: USB disconnect, device number 59
[  761.875927][T16434] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  761.896152][   T30] audit: type=1326 audit(1752502722.298:4201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  761.963810][   T30] audit: type=1326 audit(1752502722.298:4202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  762.125780][T16434] usb 5-1: Using ep0 maxpacket: 16
[  762.133712][T16434] usb 5-1: config 0 has no interfaces?
[  762.141899][T16434] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  762.160021][T16434] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  762.168680][T16434] usb 5-1: SerialNumber: syz
[  762.173413][   T30] audit: type=1326 audit(1752502722.298:4203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  762.179968][T16434] usb 5-1: config 0 descriptor??
[  762.276002][   T30] audit: type=1326 audit(1752502722.298:4204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  762.276058][   T30] audit: type=1326 audit(1752502722.298:4205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  762.276096][   T30] audit: type=1326 audit(1752502722.298:4206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19202 comm="syz.0.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  762.731682][T16434] usb 5-1: USB disconnect, device number 42
[  763.085772][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  763.189830][T19288] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap3
[  763.226140][T16434] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  763.891045][ T5892] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  763.974232][ T1094] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  764.388289][T19314] lo speed is unknown, defaulting to 1000
[  765.021668][ T1094] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  765.035462][ T1094] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  765.255998][T13499] usb 4-1: new low-speed USB device number 42 using dummy_hcd
[  765.295868][   T43] usb 2-1: new full-speed USB device number 60 using dummy_hcd
[  765.414819][T13499] usb 4-1: device descriptor read/64, error -71
[  765.447875][   T43] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1040, setting to 64
[  765.527487][   T43] usb 2-1: config 1 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  765.545168][   T43] usb 2-1: config 1 interface 0 has no altsetting 0
[  765.571778][   T43] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.40
[  765.584447][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.613575][   T43] usb 2-1: Product: Ⰱ
[  765.628414][   T43] usb 2-1: Manufacturer: ␁
[  765.641672][   T43] usb 2-1: SerialNumber: syz
[  765.691937][T13499] usb 4-1: new low-speed USB device number 43 using dummy_hcd
[  765.710727][T19345] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  765.722511][T19345] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  765.855892][T13499] usb 4-1: device descriptor read/64, error -71
[  765.890298][T16434] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  765.917953][T19373] netlink: 41 bytes leftover after parsing attributes in process `syz.2.2458'.
[  766.071799][T19373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2458'.
[  766.601651][T13499] usb usb4-port1: attempt power cycle
[  766.965906][T13499] usb 4-1: new low-speed USB device number 44 using dummy_hcd
[  766.990066][T13499] usb 4-1: device descriptor read/8, error -71
[  767.077269][   T43] usbhid 2-1:1.0: can't add hid device: -71
[  767.084917][   T43] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  767.210869][   T43] usb 2-1: USB disconnect, device number 60
[  767.245637][T13499] usb 4-1: new low-speed USB device number 45 using dummy_hcd
[  767.267901][T13499] usb 4-1: device descriptor read/8, error -71
[  767.376379][T13499] usb usb4-port1: unable to enumerate USB device
[  767.565678][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  768.376085][T19403] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2463'.
[  768.576809][T13499] usb 2-1: new full-speed USB device number 61 using dummy_hcd
[  768.845733][    C0] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  768.974945][T19393] delete_channel: no stack
[  769.290503][T13499] usb 2-1: unable to get BOS descriptor or descriptor too short
[  769.381533][T13499] usb 2-1: not running at top speed; connect to a high speed hub
[  769.466509][T13499] usb 2-1: config 3 has an invalid interface number: 106 but max is 0
[  769.474910][T13499] usb 2-1: config 3 has no interface number 0
[  769.505691][T13499] usb 2-1: config 3 interface 106 altsetting 10 endpoint 0xD has invalid maxpacket 512, setting to 64
[  769.513693][T16434] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  769.522401][T13499] usb 2-1: config 3 interface 106 has no altsetting 0
[  769.534725][T13499] usb 2-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=e8.8a
[  769.549747][T13499] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.559319][T13499] usb 2-1: Product: syz
[  769.563811][T13499] usb 2-1: Manufacturer: syz
[  769.585212][T13499] usb 2-1: SerialNumber: syz
[  769.615782][T19397] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  769.708746][T16434] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  769.727277][T16434] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.753364][T16434] usb 3-1: config 0 descriptor??
[  769.999315][T13499] kobil_sct 2-1:3.106: KOBIL USB smart card terminal converter detected
[  770.024355][T13499] usb 2-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  770.039636][T13499] usb 2-1: USB disconnect, device number 61
[  770.044744][T16434] kaweth 3-1:0.0: Firmware present in device.
[  770.054089][T13499] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  770.113444][T19467] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2476'.
[  770.122502][T19467] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2476'.
[  770.527749][T13499] kobil_sct 2-1:3.106: device disconnected
[  770.529826][T16434] kaweth 3-1:0.0: Statistics collection: 0
[  770.568118][T16434] kaweth 3-1:0.0: Multicast filter limit: 0
[  770.579511][T16434] kaweth 3-1:0.0: MTU: 0
[  770.584714][T16434] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00
[  771.891514][T16434] kaweth 3-1:0.0: probe with driver kaweth failed with error -5
[  771.912241][T16434] usb 3-1: USB disconnect, device number 55
[  771.955742][   T43] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  772.092798][T19516] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2486'.
[  772.115586][   T43] usb 2-1: device descriptor read/64, error -71
[  772.379488][   T43] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  772.635875][   T43] usb 2-1: device descriptor read/64, error -71
[  772.642249][   T24] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  772.746822][   T43] usb usb2-port1: attempt power cycle
[  772.827641][   T24] usb 4-1: Using ep0 maxpacket: 16
[  772.911808][   T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  772.940763][   T24] usb 4-1: config 0 has no interface number 0
[  773.108954][   T43] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  773.143432][   T24] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  773.304449][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.343126][   T24] usb 4-1: Product: syz
[  773.349321][   T43] usb 2-1: device descriptor read/8, error -71
[  773.356668][   T24] usb 4-1: Manufacturer: syz
[  773.365977][   T24] usb 4-1: SerialNumber: syz
[  773.386937][   T24] usb 4-1: config 0 descriptor??
[  773.423878][   T24] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  773.615643][   T43] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  773.636456][   T43] usb 2-1: device descriptor read/8, error -71
[  773.697873][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  773.697892][   T30] audit: type=1326 audit(1752502734.708:4237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  773.747684][   T43] usb usb2-port1: unable to enumerate USB device
[  773.757503][   T30] audit: type=1326 audit(1752502734.738:4238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  773.828282][   T30] audit: type=1326 audit(1752502734.738:4239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  773.891690][   T30] audit: type=1326 audit(1752502734.738:4240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  773.943181][T19552] netlink: 41 bytes leftover after parsing attributes in process `syz.2.2493'.
[  773.952522][   T30] audit: type=1326 audit(1752502734.738:4241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  773.987819][T19552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2493'.
[  774.144117][   T30] audit: type=1326 audit(1752502734.738:4242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  774.201348][T19554] fuse: Unknown parameter ']_���s��������o��\٥����B�-&�3�uK)�Z36���؞�X�����9�d�'
[  774.621031][   T30] audit: type=1326 audit(1752502734.738:4243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  774.713985][   T30] audit: type=1326 audit(1752502734.738:4244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  774.782636][   T30] audit: type=1326 audit(1752502734.748:4245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  774.814494][   T30] audit: type=1326 audit(1752502734.748:4246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19543 comm="syz.0.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7f118e929 code=0x7ffc0000
[  774.950213][T19564] lo speed is unknown, defaulting to 1000
[  775.285676][T19522] program syz.3.2485 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  776.011456][   T24] gspca_spca1528: reg_r err -110
[  776.016551][   T24] spca1528 4-1:0.1: probe with driver spca1528 failed with error -110
[  776.525769][    C0] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  776.763295][ T5950] usb 4-1: USB disconnect, device number 46
[  776.878580][T19625] Bluetooth: MGMT ver 1.23
[  777.165808][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  777.393612][T19628] 9pnet_fd: Insufficient options for proto=fd
[  777.909315][T19654] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  777.945998][T16434] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  778.001245][T19659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2510'.
[  778.056600][   T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  778.812981][T16434] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  779.395145][T19673] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2513'.
[  779.440721][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  779.440739][   T30] audit: type=1326 audit(1752502740.418:4276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  779.540610][T14241] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  779.589398][T14241] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  779.601332][   T30] audit: type=1326 audit(1752502740.418:4277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  779.622968][    C0] vkms_vblank_simulate: vblank timer overrun
[  779.700923][T19684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2516'.
[  779.752331][   T30] audit: type=1326 audit(1752502740.418:4278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  779.773991][    C0] vkms_vblank_simulate: vblank timer overrun
[  779.780431][ T5950] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  779.788520][T16434] usb 4-1: new full-speed USB device number 47 using dummy_hcd
[  779.887623][   T30] audit: type=1326 audit(1752502740.418:4279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  779.909269][    C0] vkms_vblank_simulate: vblank timer overrun
[  779.972519][T16434] usb 4-1: unable to get BOS descriptor or descriptor too short
[  780.003920][T16434] usb 4-1: not running at top speed; connect to a high speed hub
[  780.029874][T16434] usb 4-1: config 2 has an invalid interface number: 8 but max is 0
[  780.041063][   T30] audit: type=1326 audit(1752502740.418:4280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.073069][T16434] usb 4-1: config 2 has no interface number 0
[  780.103148][T16434] usb 4-1: New USB device found, idVendor=056c, idProduct=8007, bcdDevice=5f.aa
[  780.122810][T16434] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.142905][   T30] audit: type=1326 audit(1752502740.418:4281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.179884][T16434] usb 4-1: Product: syz
[  780.184103][T16434] usb 4-1: Manufacturer: syz
[  780.253208][T16434] usb 4-1: SerialNumber: syz
[  780.285598][   T30] audit: type=1326 audit(1752502740.428:4282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.307256][    C0] vkms_vblank_simulate: vblank timer overrun
[  780.442249][   T30] audit: type=1326 audit(1752502740.428:4283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.534840][   T30] audit: type=1326 audit(1752502740.428:4284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.556554][    C0] vkms_vblank_simulate: vblank timer overrun
[  780.627513][   T30] audit: type=1326 audit(1752502740.428:4285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19668 comm="syz.3.2513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f92e998e929 code=0x7ffc0000
[  780.699943][T19712] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  780.766259][   T24] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  780.805701][ T5955] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  780.932729][T19718] lo speed is unknown, defaulting to 1000
[  780.975800][ T5955] usb 2-1: Using ep0 maxpacket: 32
[  780.988183][ T5955] usb 2-1: config 0 interface 0 has no altsetting 0
[  781.004022][ T5955] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  781.029590][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.056435][ T5955] usb 2-1: Product: syz
[  781.061309][ T5955] usb 2-1: Manufacturer: syz
[  781.070100][ T5955] usb 2-1: SerialNumber: syz
[  781.086762][ T5955] usb 2-1: config 0 descriptor??
[  781.253290][   T12] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  781.573105][   T24] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  781.583110][ T5955] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  782.335665][T16434] belkin_sa 4-1:2.8: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  782.349142][T16434] usb 4-1: bcdDevice: 5faa, bfc: 0
[  782.405784][T14246] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  782.406613][T16434] usb 4-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  782.413866][T14246] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  782.489211][T16434] usb 4-1: USB disconnect, device number 47
[  782.707640][T16434] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  782.722569][T16434] belkin_sa 4-1:2.8: device disconnected
[  782.737598][ T5955] gs_usb 2-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  782.932565][T19790] 9pnet: p9_errstr2errno: server reported unknown error �@0x0000000000000007
[  783.247384][T13499] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  783.325759][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  783.527211][   T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  783.565712][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  783.593481][ T5955] usb 2-1: USB disconnect, device number 66
[  783.746032][   T24] usb 4-1: Using ep0 maxpacket: 8
[  783.757073][   T24] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  783.758052][T19807] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  783.766378][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.766404][   T24] usb 4-1: Product: syz
[  783.788932][   T24] usb 4-1: Manufacturer: syz
[  783.793625][   T24] usb 4-1: SerialNumber: syz
[  783.809385][   T24] usb 4-1: config 0 descriptor??
[  783.834280][   T24] gspca_main: se401-2.14.0 probing 047d:5003
[  783.865916][ T5892] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  784.009993][T19828] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  784.065408][T19814] block device autoloading is deprecated and will be removed.
[  784.119865][T14243] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  784.691647][T19840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2541'.
[  784.762494][T19840] netlink: 'syz.4.2541': attribute type 7 has an invalid length.
[  784.777419][ T5892] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  784.793189][T19840] netlink: 'syz.4.2541': attribute type 8 has an invalid length.
[  784.845636][T19840] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2541'.
[  784.891137][   T24] gspca_se401: read req failed req 0x06 error -19
[  784.908993][T19840] gretap0: entered promiscuous mode
[  784.937161][T19840] batadv_slave_1: entered promiscuous mode
[  785.069712][T19864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2545'.
[  785.082416][   T24] usb 4-1: USB disconnect, device number 48
[  785.087451][T19840] gretap0: left promiscuous mode
[  785.114635][T19840] batadv_slave_1: left promiscuous mode
[  785.121703][T19864] netlink: 'syz.2.2545': attribute type 7 has an invalid length.
[  785.140339][T19864] netlink: 'syz.2.2545': attribute type 8 has an invalid length.
[  785.264306][T19876] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2543'.
[  785.750579][T19864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2545'.
[  785.781633][T19860] veth1_to_bond: entered allmulticast mode
[  785.796861][T19861] veth1_to_bond: entered promiscuous mode
[  785.825735][T14246] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  785.839162][T19859] veth1_to_bond: left promiscuous mode
[  785.850566][T19859] veth1_to_bond: left allmulticast mode
[  786.765736][    C1] ip6_tnl_xmit_ctl: 2 callbacks suppressed
[  786.765750][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  787.109544][T19909] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  788.141672][T19946] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2561'.
[  789.585363][T19996] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2571'.
[  790.125669][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  790.505670][ T5892] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  790.739082][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  790.782211][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  790.873115][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  790.922889][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.963965][ T5892] usb 3-1: config 0 descriptor??
[  791.055724][   T24] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  791.217545][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  791.228164][   T24] usb 5-1: config 0 has no interfaces?
[  791.233694][   T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  791.243396][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.255773][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  791.256745][   T24] usb 5-1: config 0 descriptor??
[  791.397427][ T5892] plantronics 0003:047F:FFFF.0010: collection stack underflow
[  791.410041][ T5892] plantronics 0003:047F:FFFF.0010: item 0 2 0 12 parsing failed
[  791.422077][T17849] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  791.430710][ T5892] plantronics 0003:047F:FFFF.0010: parse failed
[  791.437971][ T5892] plantronics 0003:047F:FFFF.0010: probe with driver plantronics failed with error -22
[  791.482615][T20015] kvm: Disabled LAPIC found during irq injection
[  791.492840][T13499] usb 5-1: USB disconnect, device number 43
[  791.605957][T17849] usb 2-1: Using ep0 maxpacket: 32
[  791.614342][T17849] usb 2-1: config 2 has an invalid interface number: 190 but max is 0
[  791.625183][T17849] usb 2-1: config 2 has no interface number 0
[  791.633079][T17849] usb 2-1: config 2 interface 190 has no altsetting 0
[  791.644256][T17849] usb 2-1: language id specifier not provided by device, defaulting to English
[  791.656344][T17849] usb 2-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  791.665911][T17849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  791.674050][T17849] usb 2-1: Product: syz
[  791.679349][T17849] usb 2-1: Manufacturer: 񷟗è
[  791.694062][T17849] usb 2-1: SerialNumber: syz
[  791.885757][    C0] ip6_tunnel: ip6gretap3 xmit: Local address not yet configured!
[  791.933629][T17849] usb 2-1: USB disconnect, device number 67
[  792.771045][T17849] usb 3-1: USB disconnect, device number 56
[  792.801722][T13499] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  793.365702][T13499] usb 5-1: Using ep0 maxpacket: 8
[  793.805802][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  793.984499][T20080] netlink: 41 bytes leftover after parsing attributes in process `syz.2.2585'.
[  794.025098][T13499] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  794.066407][T20080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2585'.
[  794.164037][T13499] usb 5-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00
[  794.266030][T13499] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.286714][T13499] usb 5-1: config 0 descriptor??
[  795.485465][T13499] usbhid 5-1:0.0: can't add hid device: -71
[  795.496313][T13499] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  795.509938][T13499] usb 5-1: USB disconnect, device number 44
[  795.695619][T17849] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  795.725783][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  795.855737][T17849] usb 3-1: Using ep0 maxpacket: 16
[  795.941519][T17849] usb 3-1: config 0 interface 0 has no altsetting 0
[  795.949866][T17849] usb 3-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  795.962527][T17849] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.982179][T17849] usb 3-1: config 0 descriptor??
[  796.922049][T20143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2597'.
[  796.981488][T17849] hid (null): global environment stack underflow
[  797.009254][T17849] megaworld 0003:07B5:0312.0011: global environment stack underflow
[  797.035104][T17849] megaworld 0003:07B5:0312.0011: item 0 0 1 11 parsing failed
[  797.068668][T20151] netlink: 41 bytes leftover after parsing attributes in process `syz.0.2599'.
[  797.079960][T17849] megaworld 0003:07B5:0312.0011: parse failed
[  797.095645][T17849] megaworld 0003:07B5:0312.0011: probe with driver megaworld failed with error -22
[  797.143778][T20151] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2599'.
[  797.441657][T20164] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2602'.
[  797.482751][T20164] lo speed is unknown, defaulting to 1000
[  797.514928][T20160] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2602'.
[  797.995857][T17849] usb 3-1: USB disconnect, device number 57
[  798.925711][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  800.280999][T20216] netlink: 41 bytes leftover after parsing attributes in process `syz.2.2613'.
[  800.323630][T20216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2613'.
[  800.502253][T20221] ipvlan2: entered promiscuous mode
[  800.546056][T20221] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  800.553487][T20221] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  800.765985][T20220] block nbd2: shutting down sockets
[  800.868706][T20239] proc: Unknown parameter '����'
[  800.907452][T13499] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  800.968521][T20251] loop6: detected capacity change from 0 to 1
[  801.002271][ T7841] Dev loop6: unable to read RDB block 1
[  801.024402][ T7841]  loop6: unable to read partition table
[  801.042271][ T7841] loop6: partition table beyond EOD, truncated
[  801.052312][T20251] Dev loop6: unable to read RDB block 1
[  801.074496][T13499] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  801.086148][T20251]  loop6: unable to read partition table
[  801.092019][T20251] loop6: partition table beyond EOD, truncated
[  801.097150][T13499] usb 5-1: config 0 has no interfaces?
[  801.103993][T20251] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  801.115674][T13499] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  801.135061][T13499] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.179274][T13499] usb 5-1: config 0 descriptor??
[  801.403900][T20227] kvm: Disabled LAPIC found during irq injection
[  801.428378][T13499] usb 5-1: USB disconnect, device number 45
[  801.656388][T17849] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  801.788813][T20288] siw: device registration error -23
[  801.916554][T17849] usb 3-1: Using ep0 maxpacket: 8
[  801.948728][T17849] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  801.966588][T17849] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  801.976833][T17849] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  801.988334][T17849] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  802.001612][T17849] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  802.376797][T17849] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.503648][T20295] netlink: 41 bytes leftover after parsing attributes in process `syz.3.2627'.
[  802.513144][T20295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2627'.
[  802.631633][T17849] usb 3-1: GET_CAPABILITIES returned 0
[  802.654918][T17849] usbtmc 3-1:16.0: can't read capabilities
[  803.336163][T20305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2628'.
[  813.006035][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  814.955709][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  814.963831][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  848.205961][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  848.214128][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  880.856005][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  908.405515][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  908.412507][    C1] rcu: 	0-...!: (1 ticks this GP) idle=7cd4/1/0x4000000000000000 softirq=88157/88157 fqs=5
[  908.423762][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P17849/1:b..l P14236/1:b..l
[  908.433019][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=62365, q=77 ncpus=2)
[  908.440767][    C1] Sending NMI from CPU 1 to CPUs 0:
[  908.440801][    C0] NMI backtrace for cpu 0
[  908.440816][    C0] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  908.440835][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  908.440846][    C0] RIP: 0010:rcu_is_watching+0x6/0xb0
[  908.440874][    C0] Code: e8 af ee 48 03 eb cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 53 65 ff 05 80 d1 f5 10 e8 0b f3 c0 09 89 c3 83 f8 08 73 65
[  908.440888][    C0] RSP: 0000:ffffc900000078e8 EFLAGS: 00000002
[  908.440902][    C0] RAX: ffffffff81ae9ff7 RBX: 0000000000000001 RCX: 0000000000010100
[  908.440913][    C0] RDX: ffff88801e3c3c00 RSI: 0000000000000001 RDI: 0000000000000002
[  908.440923][    C0] RBP: ffffc90000007a68 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
[  908.440936][    C0] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: ffff888026e12340
[  908.440947][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8627bc0
[  908.440958][    C0] FS:  0000555589723500(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
[  908.440972][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  908.440983][    C0] CR2: 00007ffd0f01f108 CR3: 000000007601c000 CR4: 00000000003526f0
[  908.440998][    C0] Call Trace:
[  908.441006][    C0]  <IRQ>
[  908.441015][    C0]  debug_deactivate+0x80/0x200
[  908.441036][    C0]  __hrtimer_run_queues+0x2b0/0xc60
[  908.441063][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  908.441079][    C0]  ? ktime_get_update_offsets_now+0x3ab/0x3d0
[  908.441106][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  908.441138][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  908.441157][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  908.441181][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  908.441197][    C0] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  908.441217][    C0] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4a b8 33 f6 48 89 df e8 a2 4f 34 f6 e8 0d 2b 5d f6 fb bf 01 00 00 00 <e8> 62 4c 26 f6 65 8b 05 2b 6a 32 07 85 c0 74 07 5b e9 51 4c 00 00
[  908.441230][    C0] RSP: 0000:ffffc90000007c90 EFLAGS: 00000286
[  908.441243][    C0] RAX: 494b61ed15cb1f00 RBX: ffff8880b8626a00 RCX: 494b61ed15cb1f00
[  908.441255][    C0] RDX: 0000000000000002 RSI: ffffffff8d983ce5 RDI: 0000000000000001
[  908.441266][    C0] RBP: ffffc90000007e10 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
[  908.441278][    C0] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: dffffc0000000000
[  908.441290][    C0] R13: ffff8880b8626a48 R14: 0000000000000000 R15: 0000000000000000
[  908.441310][    C0]  __run_timer_base+0x1ad/0x860
[  908.441331][    C0]  ? ktime_get+0x3e/0x1f0
[  908.441356][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  908.441375][    C0]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  908.441403][    C0]  run_timer_softirq+0x103/0x180
[  908.441425][    C0]  handle_softirqs+0x283/0x870
[  908.441444][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  908.441462][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  908.441481][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  908.441519][    C0]  __irq_exit_rcu+0xca/0x1f0
[  908.441534][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  908.441555][    C0]  irq_exit_rcu+0x9/0x30
[  908.441569][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  908.441591][    C0]  </IRQ>
[  908.441596][    C0]  <TASK>
[  908.441602][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  908.441618][    C0] RIP: 0010:lock_acquire+0x175/0x360
[  908.441633][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab c1 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  908.441646][    C0] RSP: 0000:ffffc900040af570 EFLAGS: 00000206
[  908.441659][    C0] RAX: 494b61ed15cb1f00 RBX: 0000000000000000 RCX: 494b61ed15cb1f00
[  908.441671][    C0] RDX: 0000000000000000 RSI: ffffffff8db707c4 RDI: ffffffff8be1c200
[  908.441682][    C0] RBP: ffffffff822c8772 R08: 0000000000000000 R09: ffffffff822c8772
[  908.441693][    C0] R10: dffffc0000000000 R11: fffff940001e06df R12: 0000000000000002
[  908.441703][    C0] R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000246
[  908.441716][    C0]  ? page_ext_get+0x22/0x2f0
[  908.441737][    C0]  ? page_ext_get+0x22/0x2f0
[  908.441766][    C0]  ? debug_check_no_obj_freed+0x451/0x470
[  908.441786][    C0]  ? page_ext_get+0x22/0x2f0
[  908.441807][    C0]  page_ext_get+0x3e/0x2f0
[  908.441826][    C0]  ? page_ext_get+0x22/0x2f0
[  908.441847][    C0]  __reset_page_owner+0x28/0x1f0
[  908.441874][    C0]  free_unref_folios+0xcd2/0x1570
[  908.441907][    C0]  folios_put_refs+0x559/0x640
[  908.441933][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[  908.441959][    C0]  folio_batch_move_lru+0x319/0x3a0
[  908.441979][    C0]  ? __folio_batch_add_and_move+0x20a/0xd20
[  908.442000][    C0]  ? __pfx_lru_add+0x10/0x10
[  908.442019][    C0]  ? __pfx_folio_batch_move_lru+0x10/0x10
[  908.442040][    C0]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[  908.442057][    C0]  ? __lruvec_stat_mod_folio+0x79/0x2f0
[  908.442076][    C0]  __folio_batch_add_and_move+0x5ad/0xd20
[  908.442098][    C0]  ? __pfx_lru_add+0x10/0x10
[  908.442117][    C0]  ? __pfx___folio_batch_add_and_move+0x10/0x10
[  908.442136][    C0]  ? folio_add_new_anon_rmap+0x6bb/0x1a80
[  908.442153][    C0]  ? page_table_check_clear+0x187/0x700
[  908.442176][    C0]  ? folio_add_lru+0x106/0x220
[  908.442197][    C0]  do_wp_page+0x1c09/0x5800
[  908.442222][    C0]  ? do_wp_page+0x161d/0x5800
[  908.442245][    C0]  ? __pfx_do_wp_page+0x10/0x10
[  908.442262][    C0]  ? do_raw_spin_lock+0x121/0x290
[  908.442283][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  908.442308][    C0]  __handle_mm_fault+0x1144/0x5620
[  908.442327][    C0]  ? __lock_acquire+0xab9/0xd20
[  908.442351][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  908.442370][    C0]  ? lock_vma_under_rcu+0xf8/0x710
[  908.442397][    C0]  ? lock_vma_under_rcu+0xf8/0x710
[  908.442419][    C0]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  908.442445][    C0]  handle_mm_fault+0x2d5/0x7f0
[  908.442471][    C0]  do_user_addr_fault+0xa81/0x1390
[  908.442496][    C0]  ? rcu_is_watching+0x15/0xb0
[  908.442512][    C0]  ? trace_page_fault_user+0x84/0x1e0
[  908.442535][    C0]  exc_page_fault+0x76/0xf0
[  908.442557][    C0]  asm_exc_page_fault+0x26/0x30
[  908.442571][    C0] RIP: 0033:0x7f92e9985016
[  908.442586][    C0] Code: fd ff ff 90 e8 7b 01 00 00 41 89 c4 85 c0 0f 84 82 fd ff ff 49 c7 c5 a8 ff ff ff 48 83 3d b9 9c 1f 00 00 64 45 8b 75 00 74 05 <e8> b5 84 fc ff e8 c0 f5 fb ff e9 d9 fc ff ff 0f 1f 00 48 8d 7e 58
[  908.442598][    C0] RSP: 002b:00007ffd0f01f110 EFLAGS: 00010202
[  908.442611][    C0] RAX: 00000000000006a0 RBX: 0000000000000000 RCX: 00007f92e9985193
[  908.442620][    C0] RDX: 00000000000006a0 RSI: 0000000000000000 RDI: 0000000001200011
[  908.442630][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  908.442639][    C0] R10: 00005555897237d0 R11: 0000000000000246 R12: 00000000000006a0
[  908.442650][    C0] R13: ffffffffffffffa8 R14: 0000000000000006 R15: 00007ffd0f01f2a0
[  908.442670][    C0]  </TASK>
[  908.442790][    C1] task:kworker/u8:13   state:R  running task     stack:19608 pid:14236 tgid:14236 ppid:2      task_flags:0x4208060 flags:0x00004000
[  909.122507][    C1] Workqueue: bat_events batadv_nc_worker
[  909.128167][    C1] Call Trace:
[  909.131449][    C1]  <TASK>
[  909.134402][    C1]  __schedule+0x16a2/0x4cb0
[  909.138936][    C1]  ? __lock_acquire+0xa01/0xd20
[  909.143808][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  909.149130][    C1]  ? __pfx___schedule+0x10/0x10
[  909.154004][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  909.159220][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  909.164528][    C1]  preempt_schedule_irq+0xb5/0x150
[  909.169663][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  909.175420][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  909.181236][    C1]  irqentry_exit+0x6f/0x90
[  909.185724][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  909.191726][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  909.197031][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab c1 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  909.216651][    C1] RSP: 0018:ffffc9000217f980 EFLAGS: 00000206
[  909.222731][    C1] RAX: 933f97fae9711000 RBX: 0000000000000000 RCX: 933f97fae9711000
[  909.230712][    C1] RDX: 0000000000000000 RSI: ffffffff8db707c4 RDI: ffffffff8be1c200
[  909.238693][    C1] RBP: ffffffff8b35bfc2 R08: 0000000000000000 R09: ffffffff8b35bfc2
[  909.246674][    C1] R10: dffffc0000000000 R11: ffffffff8b35bef0 R12: 0000000000000002
[  909.254654][    C1] R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000246
[  909.262650][    C1]  ? batadv_nc_worker+0xd2/0x610
[  909.267604][    C1]  ? __pfx_batadv_nc_worker+0x10/0x10
[  909.272992][    C1]  ? batadv_nc_worker+0xd2/0x610
[  909.278156][    C1]  ? batadv_nc_worker+0xd2/0x610
[  909.283121][    C1]  ? batadv_nc_worker+0xd2/0x610
[  909.288078][    C1]  batadv_nc_worker+0xef/0x610
[  909.292855][    C1]  ? batadv_nc_worker+0xd2/0x610
[  909.297821][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  909.303550][    C1]  process_scheduled_works+0xade/0x17b0
[  909.309143][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  909.315149][    C1]  worker_thread+0x8a0/0xda0
[  909.319779][    C1]  kthread+0x711/0x8a0
[  909.323863][    C1]  ? __pfx_worker_thread+0x10/0x10
[  909.328986][    C1]  ? __pfx_kthread+0x10/0x10
[  909.333587][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  909.338799][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  909.344009][    C1]  ? __pfx_kthread+0x10/0x10
[  909.348611][    C1]  ret_from_fork+0x3fc/0x770
[  909.353212][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  909.358335][    C1]  ? __switch_to_asm+0x39/0x70
[  909.363105][    C1]  ? __switch_to_asm+0x33/0x70
[  909.367878][    C1]  ? __pfx_kthread+0x10/0x10
[  909.372480][    C1]  ret_from_fork_asm+0x1a/0x30
[  909.377268][    C1]  </TASK>
[  909.380338][    C1] task:kworker/0:2     state:R  running task     stack:22632 pid:17849 tgid:17849 ppid:2      task_flags:0x4208060 flags:0x00004000
[  909.393923][    C1] Workqueue: usb_hub_wq hub_event
[  909.398968][    C1] Call Trace:
[  909.402254][    C1]  <TASK>
[  909.405195][    C1]  __schedule+0x16a2/0x4cb0
[  909.409728][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  909.415043][    C1]  ? __pfx___schedule+0x10/0x10
[  909.419922][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  909.425240][    C1]  preempt_schedule_irq+0xb5/0x150
[  909.430361][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  909.436114][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  909.441928][    C1]  irqentry_exit+0x6f/0x90
[  909.446353][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  909.452516][    C1] RIP: 0010:kasan_check_range+0x9b/0x2c0
[  909.458163][    C1] Code: 01 00 00 00 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb <41> 80 3b 00 0f 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00
[  909.477876][    C1] RSP: 0018:ffffc9000c6768a0 EFLAGS: 00000282
[  909.483955][    C1] RAX: 1ffff920018ced01 RBX: fffffffffffffffe RCX: ffffffff8172a6e8
[  909.491932][    C1] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc9000c676a18
[  909.499908][    C1] RBP: 0000000000000000 R08: ffffc9000c676a27 R09: 1ffff920018ced44
[  909.507883][    C1] R10: dffffc0000000000 R11: fffff520018ced43 R12: 0000000000000002
[  909.515866][    C1] R13: ffffc9000c676a18 R14: fffff520018ced45 R15: 1ffff920018ced43
[  909.523862][    C1]  ? unwind_next_frame+0xc98/0x2390
[  909.529088][    C1]  __asan_memset+0x22/0x50
[  909.533516][    C1]  unwind_next_frame+0xc98/0x2390
[  909.538573][    C1]  ? unwind_next_frame+0xa5/0x2390
[  909.543714][    C1]  ? __kernfs_new_node+0xd7/0x7e0
[  909.548781][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  909.555041][    C1]  arch_stack_walk+0x11c/0x150
[  909.559837][    C1]  ? kernfs_new_node+0x102/0x210
[  909.565229][    C1]  stack_trace_save+0x9c/0xe0
[  909.569927][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  909.575400][    C1]  kasan_save_track+0x3e/0x80
[  909.580086][    C1]  ? kasan_save_track+0x3e/0x80
[  909.584943][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  909.589977][    C1]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  909.595628][    C1]  ? __kernfs_new_node+0xd7/0x7e0
[  909.600712][    C1]  __kasan_slab_alloc+0x6c/0x80
[  909.605588][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  909.611062][    C1]  ? __kernfs_new_node+0xd7/0x7e0
[  909.616095][    C1]  __kernfs_new_node+0xd7/0x7e0
[  909.620979][    C1]  ? __lock_acquire+0xab9/0xd20
[  909.625864][    C1]  ? __pfx___kernfs_new_node+0x10/0x10
[  909.631346][    C1]  ? kernfs_root+0x1c/0x230
[  909.635867][    C1]  ? kernfs_root+0x1c/0x230
[  909.640380][    C1]  ? kernfs_root+0x1c/0x230
[  909.644892][    C1]  ? kernfs_root+0x1c/0x230
[  909.649405][    C1]  kernfs_new_node+0x102/0x210
[  909.654186][    C1]  __kernfs_create_file+0x4b/0x2e0
[  909.659314][    C1]  sysfs_add_file_mode_ns+0x238/0x300
[  909.664713][    C1]  sysfs_merge_group+0x177/0x310
[  909.669669][    C1]  ? __pfx_sysfs_merge_group+0x10/0x10
[  909.675143][    C1]  ? __pfx_device_add_attrs+0x10/0x10
[  909.680548][    C1]  dpm_sysfs_add+0xd2/0x270
[  909.685086][    C1]  device_add+0x4d8/0xb50
[  909.689451][    C1]  usb_create_ep_devs+0x12c/0x230
[  909.694508][    C1]  usb_set_configuration+0x1bc7/0x20e0
[  909.700008][    C1]  usb_generic_driver_probe+0x8d/0x150
[  909.705505][    C1]  usb_probe_device+0x1c4/0x390
[  909.710366][    C1]  ? __pfx_usb_probe_device+0x10/0x10
[  909.715746][    C1]  really_probe+0x26a/0x9a0
[  909.720267][    C1]  __driver_probe_device+0x18c/0x2f0
[  909.725569][    C1]  driver_probe_device+0x4f/0x430
[  909.730606][    C1]  __device_attach_driver+0x2ce/0x530
[  909.735991][    C1]  bus_for_each_drv+0x251/0x2e0
[  909.740847][    C1]  ? __pfx___device_attach_driver+0x10/0x10
[  909.746766][    C1]  ? __pfx_bus_for_each_drv+0x10/0x10
[  909.752156][    C1]  __device_attach+0x2b8/0x400
[  909.756932][    C1]  ? __pfx___device_attach+0x10/0x10
[  909.762230][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  909.767442][    C1]  bus_probe_device+0x185/0x260
[  909.772303][    C1]  device_add+0x7b6/0xb50
[  909.776647][    C1]  usb_new_device+0xa39/0x16c0
[  909.781437][    C1]  ? __pfx_usb_new_device+0x10/0x10
[  909.786652][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  909.791867][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  909.797082][    C1]  hub_event+0x2941/0x4a00
[  909.801561][    C1]  ? __pfx_hub_event+0x10/0x10
[  909.806330][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  909.812081][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  909.817302][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  909.823044][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  909.828779][    C1]  process_scheduled_works+0xade/0x17b0
[  909.834365][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  909.840372][    C1]  worker_thread+0x8a0/0xda0
[  909.844972][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  909.851318][    C1]  ? __kthread_parkme+0x7b/0x200
[  909.856271][    C1]  kthread+0x711/0x8a0
[  909.860352][    C1]  ? __pfx_worker_thread+0x10/0x10
[  909.865468][    C1]  ? __pfx_kthread+0x10/0x10
[  909.870073][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  909.875281][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  909.880487][    C1]  ? __pfx_kthread+0x10/0x10
[  909.885094][    C1]  ret_from_fork+0x3fc/0x770
[  909.889692][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  909.894816][    C1]  ? __switch_to_asm+0x39/0x70
[  909.899591][    C1]  ? __switch_to_asm+0x33/0x70
[  909.904394][    C1]  ? __pfx_kthread+0x10/0x10
[  909.908998][    C1]  ret_from_fork_asm+0x1a/0x30
[  909.913787][    C1]  </TASK>
[  909.916811][    C1] rcu: rcu_preempt kthread starved for 10480 jiffies! g62365 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  909.928005][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  909.937976][    C1] rcu: RCU grace-period kthread stack dump:
[  909.943857][    C1] task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  909.957353][    C1] Call Trace:
[  909.960637][    C1]  <TASK>
[  909.963575][    C1]  __schedule+0x16a2/0x4cb0
[  909.968107][    C1]  ? schedule+0x165/0x360
[  909.972451][    C1]  ? __pfx___schedule+0x10/0x10
[  909.977333][    C1]  ? schedule+0x91/0x360
[  909.981588][    C1]  schedule+0x165/0x360
[  909.985753][    C1]  schedule_timeout+0x12b/0x270
[  909.990610][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  909.995989][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  910.001899][    C1]  ? __pfx_process_timeout+0x10/0x10
[  910.007199][    C1]  ? prepare_to_swait_event+0x341/0x380
[  910.012771][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  910.017644][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  910.023804][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  910.029088][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  910.034302][    C1]  ? finish_swait+0xcd/0x1f0
[  910.038907][    C1]  rcu_gp_kthread+0x99/0x390
[  910.043506][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  910.048804][    C1]  ? __kthread_parkme+0x7b/0x200
[  910.053751][    C1]  ? __kthread_parkme+0x1a1/0x200
[  910.058798][    C1]  kthread+0x711/0x8a0
[  910.063226][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  910.068431][    C1]  ? __pfx_kthread+0x10/0x10
[  910.073035][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  910.078241][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  910.083447][    C1]  ? __pfx_kthread+0x10/0x10
[  910.088054][    C1]  ret_from_fork+0x3fc/0x770
[  910.092655][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  910.097775][    C1]  ? __switch_to_asm+0x39/0x70
[  910.102545][    C1]  ? __switch_to_asm+0x33/0x70
[  910.107323][    C1]  ? __pfx_kthread+0x10/0x10
[  910.111928][    C1]  ret_from_fork_asm+0x1a/0x30
[  910.116717][    C1]  </TASK>
[  910.119733][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  910.126057][    C1] CPU: 1 UID: 0 PID: 3515 Comm: kworker/u8:10 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  910.136557][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  910.146613][    C1] Workqueue: events_unbound toggle_allocation_gate
[  910.153142][    C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0
[  910.159823][    C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 c0 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 6b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 50 74 0b
[  910.179456][    C1] RSP: 0018:ffffc9000c8d76a0 EFLAGS: 00000293
[  910.185561][    C1] RAX: ffffffff81b4b090 RBX: ffff8880b873b040 RCX: ffff8880313fbc00
[  910.193560][    C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  910.201545][    C1] RBP: ffffc9000c8d7800 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
[  910.209528][    C1] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: 1ffff110170c835d
[  910.217508][    C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641ae8
[  910.225491][    C1] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  910.234428][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  910.241018][    C1] CR2: 0000200000002000 CR3: 000000000df38000 CR4: 00000000003526f0
[  910.248997][    C1] Call Trace:
[  910.252284][    C1]  <TASK>
[  910.255238][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  910.261574][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  910.266965][    C1]  ? kmem_cache_alloc_bulk_noprof+0x148/0x790
[  910.273136][    C1]  ? __pfx___text_poke+0x10/0x10
[  910.278081][    C1]  ? rcu_is_watching+0x15/0xb0
[  910.282858][    C1]  ? trace_contention_end+0x39/0x120
[  910.288158][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  910.293190][    C1]  on_each_cpu_cond_mask+0x3f/0x80
[  910.298323][    C1]  smp_text_poke_batch_finish+0x5e0/0x1100
[  910.304144][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  910.309181][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  910.315435][    C1]  ? arch_jump_label_transform_queue+0x97/0x110
[  910.321704][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  910.327709][    C1]  static_key_enable_cpuslocked+0x128/0x250
[  910.333614][    C1]  static_key_enable+0x1a/0x20
[  910.338392][    C1]  toggle_allocation_gate+0xad/0x240
[  910.343696][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  910.349608][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  910.355344][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  910.361069][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  910.366806][    C1]  process_scheduled_works+0xade/0x17b0
[  910.372394][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  910.378404][    C1]  worker_thread+0x8a0/0xda0
[  910.383011][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  910.389361][    C1]  ? __kthread_parkme+0x7b/0x200
[  910.394316][    C1]  kthread+0x711/0x8a0
[  910.398401][    C1]  ? __pfx_worker_thread+0x10/0x10
[  910.403523][    C1]  ? __pfx_kthread+0x10/0x10
[  910.408125][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  910.413424][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  910.418632][    C1]  ? __pfx_kthread+0x10/0x10
[  910.423240][    C1]  ret_from_fork+0x3fc/0x770
[  910.427851][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  910.432975][    C1]  ? __switch_to_asm+0x39/0x70
[  910.437748][    C1]  ? __switch_to_asm+0x33/0x70
[  910.442521][    C1]  ? __pfx_kthread+0x10/0x10
[  910.447125][    C1]  ret_from_fork_asm+0x1a/0x30
[  910.451912][    C1]  </TASK>
[  916.696612][    C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!