last executing test programs:

4m38.63526844s ago: executing program 2 (id=2050):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r6, 0x8000}, 0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x101}}, 0x4, 0x7}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r10 = gettid()
fcntl$setownex(r9, 0xf, &(0x7f0000000140)={0x0, r10})
ioctl$sock_netdev_private(r9, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r8, 0x890b, &(0x7f00000000c0)={@default, @default, 0x0, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
syz_init_net_socket$ax25(0x3, 0x3, 0xc4)

4m37.602230858s ago: executing program 2 (id=2054):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0x4002)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xe9503, 0x0)
ioctl$PPPIOCATTACH(r1, 0x4004743d, &(0x7f0000000040)=0x3)

4m35.87969226s ago: executing program 2 (id=2057):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40000, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYRES8=r1, @ANYRESHEX=r0], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYRES16], 0x8c}}, 0x4c051)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="c9", 0x1}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)=ANY=[@ANYRESDEC=0x0], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r4 = syz_io_uring_setup(0xfb, &(0x7f00000001c0)={0x0, 0x1, 0x10100, 0x3}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_TEE={0x21, 0x5e, 0x0, @fd=r0, 0x0, 0x0, 0x8, 0x1, 0x0, {0x0, 0x0, r2}})
io_uring_enter(r4, 0x2fd4, 0x5502, 0x5, 0x0, 0x0)
pipe(&(0x7f00000007c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
vmsplice(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r8)
r9 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000140)=0x8, 0xffffffffffffffca)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x4e20, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000034"], 0x38}, 0x0)
ioctl$EVIOCGKEYCODE_V2(r8, 0x80284504, &(0x7f00000001c0)=""/243)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000580)={@in={{0x2, 0x4e20, @empty}}, 0x0, 0x0, 0x46, 0x0, "8b4eb015bea30487885fcaee7966629f5ec65970e0f9b96577f4635bee3595bac8d45d83202d7c5cd708489cbd94541dc17ba71fd95f794ee106a9af73896d5da081e24cd4adb516606af7945fbdf800"}, 0xd8)
syz_usb_connect(0x4, 0x65, &(0x7f0000000440)=ANY=[], 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000000100000017d30461bc24eeb502000000e1940d4531c1c71e6182149a36c23d3b48dfd8cdbf0067b098fa51f60a64c9f408000000e7d6000000d70000b6c0504bb9189d", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bind$inet(r9, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)

4m32.092264086s ago: executing program 2 (id=2067):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000640)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @mcast1, 0xd}, 0x1c)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x8, 0x4, 0x4, 0x4, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x15)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r5, 0x8, 0x0, 0x0, 0x2, &(0x7f0000000940), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_DELETE(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="2a000000060000000000000000000000010000000000000104000000002000000100"], 0x2a)
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4m31.2922433s ago: executing program 2 (id=2071):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000100)=0x3d, 0x4)
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0xfffffffffffffffc, &(0x7f00000000c0)=0xffffff50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

4m30.923631561s ago: executing program 2 (id=2075):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r6, 0x8000}, 0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x101}}, 0x4, 0x7}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fcntl$setownex(r9, 0xf, &(0x7f0000000140))
ioctl$sock_ax25_SIOCADDRT(r8, 0x890b, &(0x7f00000000c0)={@default, @default, 0x0, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})

4m29.556375991s ago: executing program 32 (id=2075):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r6, 0x8000}, 0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x101}}, 0x4, 0x7}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
fcntl$setownex(r9, 0xf, &(0x7f0000000140))
ioctl$sock_ax25_SIOCADDRT(r8, 0x890b, &(0x7f00000000c0)={@default, @default, 0x0, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})

31.147421978s ago: executing program 1 (id=2799):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x2, 0xfffffffa})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000080)={0x2, 0x8a26, 0x1})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000800)={0x5, 0x0, [{0x3000, 0xd5, &(0x7f0000000900)=""/213}, {0x6000, 0xe1, &(0x7f0000000a00)=""/225}, {0x100000, 0x85, &(0x7f0000000180)=""/133}, {0x100000, 0x1000, &(0x7f0000001600)=""/4096}, {0xeeee8000, 0x8e, &(0x7f00000003c0)=""/142}]})
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x2, 0x0)
close(0x3) (fail_nth: 1)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, &(0x7f0000000580)=""/256, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74, 0x1000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700e, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0xfffff801, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf, @void, @value}, 0x94)

30.069556131s ago: executing program 1 (id=2803):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x9, 0x14, 0xc2}, &(0x7f00000007c0)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x31, 0xa6, {0xa6, 0x31, "7380ff42ebec9ad12f9ea764cb5aa4c19fc7943e971990ccc7ec4c83e820d12480f56e90bd48aaf782ea120f1e67f42a3d834020ec1e5403f1f7c29f2bca7fde89aefd5b1a706dad96fdb1fdff87ce078238cb8cf84255cd72bcb32e96d43a8cc2623fa7b55a31b2747b78f34a67f6fe8e5fee873b7e0053ad6ae4ab5d305d06615e171ceacbe994b0028545ae9f81040beb48aa88f14c5c2f8d5d1e5062872a6cf1fbb2"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x340a}}}, &(0x7f00000005c0)={0x44, &(0x7f0000000300)={0x0, 0xe, 0x9c, "d5d5ea1a62fa13fa5bdde3e9006276ca11115e07f91192f293aa4d202a7e050473257a15b87d5ddc83c3b2917e010ae25de9fb7fe79ab657f416a80d00f51258718cab7c3cfc89ab1e1603f5e0889e145198a17000ac9f4268d3d6fd2f823a6f297059a60b5cd994c915491e23f32ff7d4d6976913dd618d63f912bbd855f3ab1dc1e368c2829f6077430f939675c58f5a90a4f94670b1c6100a6939"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0xb}, &(0x7f0000000480)={0x20, 0x81, 0x2, '\"0'}, &(0x7f00000004c0)={0x20, 0x82, 0x2, "84cf"}, &(0x7f0000000500)={0x20, 0x83, 0x2, "4ac9"}, &(0x7f0000000540)={0x20, 0x84, 0x4, "0154a0b1"}, &(0x7f0000000580)={0x20, 0x85, 0x3, "4fd6b7"}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="401401"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

29.947541706s ago: executing program 5 (id=2804):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = open_tree(0xffffffffffffff9c, 0x0, 0x1800)
socket$kcm(0x29, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x0, 0x9fc, 0x0, 0x8000, 0x0, [{0x4, 0x8, 0xc7, '\x00', 0x81}, {0x4, 0x4, 0x4, '\x00', 0xc}, {0x2, 0x8, 0xf0, '\x00', 0xd}, {0x2, 0xe, 0x6, '\x00', 0x1f}, {0xf, 0xff, 0x2, '\x00', 0x3}, {0x0, 0x3, 0x7, '\x00', 0x78}, {0xb, 0x6, 0x7, '\x00', 0x4c}, {0x8, 0x6, 0x9, '\x00', 0x2}, {0x2, 0x8, 0x40, '\x00', 0x5}, {0x9, 0x1, 0x1, '\x00', 0x3}, {0x7f, 0x9, 0xff, '\x00', 0x2c}, {0x6, 0x1, 0x6, '\x00', 0x7f}, {0x5, 0x6, 0x7, '\x00', 0x2}, {0x7, 0x10, 0xc, '\x00', 0x9}, {0x2, 0x8, 0x4c, '\x00', 0x7}, {0xe, 0x5, 0x4}, {0x4, 0x2, 0x4f, '\x00', 0xc}, {0x5, 0x4, 0x2, '\x00', 0x40}, {0x2, 0x6, 0x8e, '\x00', 0x81}, {0x81, 0x0, 0x12, '\x00', 0x8}, {0x2, 0x2, 0x99, '\x00', 0x85}, {0x6, 0x8, 0x9b, '\x00', 0x4}, {0x7f, 0x3, 0x7d, '\x00', 0xd3}, {0x0, 0x8, 0x3a, '\x00', 0x5}]}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r6, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}})
io_uring_enter(r7, 0x3517, 0x173d, 0x42, 0x0, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1, 0x0, 0x0, 0x8, 0x4}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_buf(r11, 0x6, 0x28, 0x0, &(0x7f0000001040))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1, <r12=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r1}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000400)={'ip6tnl0\x00', &(0x7f0000000380)={'ip6tnl0\x00', <r13=>0x0, 0x29, 0x1, 0x1, 0x4, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, 0x80, 0x20, 0x9}})
r14 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="9feb01001800000000000000b0000000b000000003000000040000000000000b000000000b00000005000093040000000800000019000000030000000d00000040000000030000000800000001010000050000000800000005000000010000000c00000004000000000800000d000000000000010000000008066e4151be4816001403020000000000000a03000000060000000000000100000000200057060b0008000000000c0100000009000000030000060400000010000000b80d00000d00000002000000000000006e050000003000"], &(0x7f0000001080)=""/4096, 0xcb, 0x1000, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x11, 0x1e, &(0x7f0000000140)=ANY=[@ANYBLOB="1800e0f100040000000000009e02000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000000085000000860000008520000003000000851000000100000018190000", @ANYRES32=r12, @ANYBLOB="000000000000000085100000f8ffffff180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000090000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000006d765000080000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x9, 0xcb, &(0x7f0000000280)=""/203, 0x41100, 0x20, '\x00', r13, 0x0, r14, 0x8, &(0x7f0000000540)={0x7, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000580)=[r1, r1], &(0x7f00000005c0)=[{0x0, 0x5, 0xb, 0x4}, {0x4, 0x3, 0x6}, {0x1, 0x5, 0x10, 0x9}, {0x1, 0x4, 0x10, 0x9}], 0x10, 0x3, @void, @value}, 0x94)
ioctl$SIOCGETSGCNT_IN6(r1, 0x89e1, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="a40200001900010000000000ffdbdf250a0000000000008027b33b71390000ea2bb59a5d01731700", @ANYRES32, @ANYBLOB="0600150007000000780216807402010001000000000000002f0604035730080000000000000000000000000000000001fe8000000000000000000000000000aa20010000000000000000000000000002fe880000000000000000000000000001fc010000000000000000000000000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001fe880000000000000000000000000001fc020000000000000000000000000001ff010000000000000000000000000001fc020000000000000000000000000001fe8000000000000000000000000000bb00000000000000000000ffff0a010102fe880000000000000000000000000001fc000000000000000000000000000001fe8000000000000000000000000000bb000000000000000000000000000000012001000000000000000000000000000100000000000000000000ffffac141419ff020000000000000000000000000001200100000000000000000000000000020000000000000000000000000000000100000000000000000000ffffac1e0101fe8000000000000000000000000000aafc000000000000000000000000000001fe8000000000000000000000000000bbfe80000000000000000000000000002120010000000000000000000000000001000000000000000000000000000000012001000000000000000000000000000000000000000000000000ffffac1414bbfc010000000000000000000000000001fe8000000000000000000000000000bb20010000000000000000000000000000fc01000000000000000000000000000100000000000000000000000000000001ff010000000000000000000000000001"], 0x2a4}, 0x1, 0x0, 0x0, 0x4}, 0x0)

28.095557518s ago: executing program 5 (id=2807):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000080)={0x25, 0x788, 0x4, 0xffffffff, 0x5, 0x4}) (async, rerun: 32)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) (rerun: 32)
ioctl$SG_IO(r1, 0x2285, 0x0) (async, rerun: 64)
r2 = fcntl$dupfd(r1, 0x0, r1) (rerun: 64)
write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38) (async)
write$sndseq(r2, &(0x7f0000000200)=[{0x0, 0x2a, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time={0xffffffff}, {0x4}, {0x0, 0x4}, @time=@tick=0x3}, {0xff, 0x0, 0x0, 0x0, @time={0x7}, {0x0, 0x3}, {}, @control={0x0, 0x0, 0x800}}, {0x0, 0x0, 0x0, 0x7, @tick, {}, {0x0, 0x4}, @raw32={[0x3, 0xffffffff, 0x5df]}}, {0x0, 0x0, 0x0, 0x0, @tick, {0x0, 0x3}, {}, @quote={{0x0, 0xfe}}}, {0x0, 0x0, 0x0, 0x5, @time, {0x2}, {0x0, 0x9}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x1, 0x2, 0x0, @tick=0x401, {}, {}, @note={0x7f, 0xd, 0x10, 0x0, 0xfffffffc}}], 0xc4) (async)
read$snapshot(r2, 0x0, 0xffffffbf) (async, rerun: 64)
read$snapshot(r2, 0x0, 0x0) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079102800000000007b0a00ff000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x37, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

28.013673368s ago: executing program 5 (id=2809):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00'})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01070000100000000000670000000800", @ANYRES32=0x0, @ANYBLOB="0800c300000000004cffc4"], 0x2c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16, @ANYBLOB="0101000000", @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120110e8fffffffe00041b10400001020301090224000101fa000a090400ff01030103fd09210a000a01228106090581030004030107"], &(0x7f0000000940)={0xa, &(0x7f0000000540)={0xa, 0x6, 0x300, 0xff, 0xbe, 0x5, 0x20, 0x4}, 0x0, 0x0, 0x1, [{0x3c, &(0x7f0000000600)=@string={0x3c, 0x3, "94417fe8e8e33dc1114cba73fb3cff26b9f5e13f7325a2840d276bc881cbb263470d4a5524e6368a3bb16fed74a2f19f368a1377a340ef2e29db"}}]})
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80800)
socket$unix(0x1, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000006c0)='caif0\x00', 0x10)
io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

26.104122752s ago: executing program 1 (id=2811):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

26.093532853s ago: executing program 0 (id=2812):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
lsetxattr$smack_xattr_label(&(0x7f0000000000)='./file2\x00', &(0x7f00000002c0)='security.SMACK64EXEC\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="5f8a"], 0x6, 0x0)

24.921965559s ago: executing program 0 (id=2815):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10}, 0x18)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x545c, &(0x7f00000000c0)={r0, 0x18, 0x0, 0x9})
r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
pread64(r1, &(0x7f0000000600)=""/230, 0xe6, 0x7ff)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000180)='ufs\x00', 0x1004050, 0x0)

24.84143259s ago: executing program 1 (id=2816):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f00000000c0)=""/41, 0x29, <r0=>0x0, &(0x7f0000000100)=""/139, 0x8b}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @alu={0x4, 0x1, 0x9, 0x2, 0x7, 0x18, 0xfffffffffffffff0}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xb3, &(0x7f000000cf3d)=""/179, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xff35)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x8, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000016c0)={0x8, {"de88ebc2f86054e0578bae71086713c9f54911dca937a8c034f4ebc22b9355f0ee65018ac518ea52d4d8798562771b439ffb7451868cf96716adc38c36e68681086a8495c0eea60149d872acb011f6c08698afec496f994893449b65ba8eda99749d2bb0d7f9f27fd30cd11e9e8f95c2cf3a6026bfdbee007ee93cc59e0685460f89aec2a6fd1d6d0048071d29efbcfa27fc2a9d72ac2b718dcc786b820b0ba2796528944b70b52317b7c5dfd47e2351e00ff41a1c2e65299846ac9df71ec399acc1fa2ec5ab8e67c2135a5cd82df94cef3d26e70c1bdd7dde9382235bf1b86ea64d278197cc77ae69af18c8c6a8be7254e50e68b2efd24d3e3d03eb3236a7ac110411b3ea84a70aff095ad0bf6f9ed95c4cf989050c24831014faa5c1bc9812afadbe33d6a26f9fc13f80e420e32f7c9de0ca85caabc8d0836c8b3376a07cf26ecc43023b09af46b919be418f0b7accad8ccfa400402bc5ab478ec5f622ea12a7d78c441923d5ca172552c5f1ecc41eb4b45adf121fa0e47ace3348f971b3207db84cc612426e1f272ada532fa42aca0b8c50654441aa6c60d90e550982b935749ed9ced93e9d90291879d25d14b181620bcfb21b3ab51cd714e9615f65bf43741814f71d8c1e66208b2f01fbc7af42f22a45dadf95889915b984d66020e5b446fc765a90545662fdc161747d976db0c13762b7a4986453cab805e3c871646099f14a8e16c95fb6f5ea250d0557667793d925b3e192794a6bdff2c1b1a06107a83d280ec76322ef02e405d57ff4574ba239c0ca30d80d64894697ad4009297745fc2c118b49d2a168f54eb38a446a017346b7de4831d29bbfa8a3dd70c4fe5955984ec705552082515ab8962d09ebdf5bb9b3357bc2e309bf02e87e5847ddb383b63e1ff7fc7174bdf45396c015b4521bf10ad3530ba984cdebb6103ab52533358f211154eb43f444d285be67004240ce248a233e738730d4c47d336038ae261f8dbba7ac0eba8828a83387f0f5278f7ed43ed4d20c8c9c505c50ce08800dbecca1ecebd7fc0389e21cd6adc51d1b0db1719ae906bcc6e32e762ce37f893ae615e9cbad2859bb7b0a9098d961ecc3446f8e0b66bd7bf3f8fda2881d2cc9f012398d08ea5f6ffa3c5dc53ccaefabec5044cf24352aa5e00082850760c63762fd98c9ba5897a8867614a20e5d56ff7b7d5d5364df005e9710de6ce181ea31f17b0684faa262f03cd1a41978624d0e9e5ba64f2254d429d830974cff7a53c61c9b8d1aec8ad8eb62a5493fe6096187c47b934e3b09cbc0ccf5e04927c9363c07231e5ff346dc0252639e8b2d461cb482d3bf043422517fb1ee3bd2987ce15112ea185a68a446143d9e5627896f20255762da796dcdc64df234575cf12cf9a316a448ca9b5017402cb4c72ab08072324b184a1d06312d82686463f071e0307f528fac8b407327a34ceffca7488af8310a9cf1e59ce6e7dd759290f4f2f73e202f375d848529f3dce213832ca383e4db0be33d7f67e780e8080ff5e29b9cead460334dbb29b48a8107dec1e3f985f733e72334fb815ff0fbfb512f1985d7cfba5f156fa7e27ba860148dfb047ae7d850a984552b38db35dc3aa8b196db2a02ae154698ce5ee9b7f618db159c217f6faa11bed44de41d62e64febebe1ed27128afe0977bf60c6539d6235eb2ffdb10da13e7a6ad63d3b77ae9d110b41699d0b1a0ed76b0ecb3a7771020249f468c685cc306ea3cb90e4672a1dfca03ea5e1b6fed8db18199965ca38c1b028aaf2b142aef63296529eee5cc0c5f99f7e3bea36986680a86c2e5a1c7077ad36e9afd9e072c020b437ae7fe7aed421b47adba9c2a658292aad8c49f4a1669d3bc37ce2ed65b0ae0c9c5858357f78326fd4faac04f19ad8842a6a3fe48471ea2ccb9061b905e212a4e7a42f7150653554eec7790e311afd0d00a8a9b8ab7706e2c7f3e6c392ffcea37b0e9ff79b58112f8321a6b0c863e2115d16974a2f18986ded61cad6efff5a15bc04898e98f79b601dfce8b7d1a8a9888fa67cc5e95d648dfa3e43268e085c5cdc9e6124eaae41a2cdb1e7e3ff1c45ff64789f2bb480422b84a4b6abaa76b4278e62a06350a1994e496fbb8ca268bd88905669cfc9cf673c864807697a7a6c2a54236425972ea2f9507429ee49d1159189987af0af246485cdc5589fb86b2585dc8e7fdacd5fb27fcf65902af35dd87a1cdcf593254c2a483ee9fcce1a0932a3977b5396e7d6bdfa2df07586030af878a7ed70996134405d20546ddf500ae5f58a5b97c24de8d4db9eabc0e10c958e9de55bccd3be4061dd9d78bfab19ce0be2a9e790872e3e08fad4bf3207f3ca5c5329a4017bd9aedc3ed3070682bbaba1617945967f533f0d7a098a4b9f36224d153f718e0a9576b97e5aa2f31c9ff4dca409ee9677c13a8d7e13d10dfd86a378043e5847c13977a9451cb489388c837271383fad7b655c32d806aea665c1f10e8385771a977c2cb73570c8de669d603c0b6dadb84f1fb5bb4829ae5a926883f12b8a1a770187cc1ad2f60282ca2dc43bebcec510298ec02fa5ef6ad172ad90d734501706f1ddd0a8a7e895eb5d5a6201a30b00431fb122ed69ee1f9ffba6f5214c3cfc458c5897fe68edde32237d36a04a179549305e5bd3be980b8a0545d1b25123e5780839fa1ebe8b778c33a12c49c54c64427ba7dff4dbb9463b660342f8b96ff2dc32edcc7acb76b6ad98b7a1d6f8ac81da81f40b1eb0397f0bf71d9430cbccb9291af13e6cd90a6b44518149c734b96ee2de70cbcba746d4b125369c01dd4db3a742efc81d5571fa94a0fd5547f312dd4fe31a4ba72c67c365529b6f95cf87cf8add94feca1f39d08596651b06cb870f05b28e178dd531597faf0e47e8ccb1e973a2ad8343b5876cd5e89bc4dfcecaec3f62b0c96fe783dee581e772c39f646ef1c4a9d0ebb349a6167be962b86596f07a5792761ef116a3218dc618ea91fa74cf0def185e74b1f5891a7513207670a121dcbbfb914edc16cd7cf592c72ae39186f955c2e1a084f0aa43706b568fe0a3c04667ec79ee231ca1809079a766a142f867c8d22832c5b515556f36e58f34c389c308abc6a7bcec3db0a2af1a7de51c1a3cb534683f05a65e5c020289bb27647c7602c61a0a85ca4c50e60fe7ad8f8642a11ed2a8681f0680caf4427fabc4dd3ad580f7c2f114a301886a59a8709714582891f6897a346d4621fe3cd10e151e4fdd1da278d3aa856fbcb9b230463c15199a294896e77725751fa4ebecf2ba486135dc3a015686956a5b8c13c81d2612ad79da590e8b9c0d16720459e3fcdf12ea5620dba9f262f00cd86cf7e53ddcb087f7834aac8fbaf50abfed0324583fb2c3eec2aa6188220c87f19d663eab90e7a2a9a9d5cd87515ee1fa40307d96eff3ba15b98468d00b556358d4479fa7a6e7949d160f9361830e7afce2911db266e561a989b53c165264b0bc4a9183228c794fe15b0713b385ee10bae743fa31132f4d799789f3014a90aba32db554aca09f6cb6712184a58212feed7d30d43411d201ea8013ad62af5a6c830decfbee9da01028a1fac339a8c13bb92a405255f172964d33b0a6c2f93f6563b52e089ec83e38411c897b833feed7f00580e7eab41ff48966f4efddbc294bacbba6c83aa5628a50fdf98f73501b3567b0d306dbfb75f5c8c48186764e015fb2e299296acb69f07e55eafbe3c2e88671f373c26d4ce163160f101fdee93aa41806d6cfd542b2547172065fe8f5f7f423b57d350997d049537218bd516636dfc96c04d0e204e0b864e5a538b17621d04cbb8cac3598213e27143501aa05a59c4015cd23172636f251c2e829ee0bdb7e26cf6b07f3c3ae560adcec56efc9526a054cae6dddc39a28a23c782a77f1f5d31b0e8345354f61e5d3a2ea10a8c124928f6624967676093ac9bda8457218c4b0dcbaf27c2fb1276418d367a17f26e572de6845be38710cae4c829cefab68589c67663ee92f0244b53b073694004d8b3fbd00ec2e7770f7c0135b0f5d0fe33cf43fee3a518c17e0370b48c0eba41652a4a0c158439eef549d87be4dfbbae394225deeb3a83e881b470d20cdbea56832a4402424b9ff83667c8c5fa6f897045e594904f3c88a1ea3e831ab745de67d5f5380367d9b5b1c454923ac81a4595e7ca9e4235000aff4ef37d83f8e989aa283f93c44a1ca89e62019c271c1c5bb9f10648a433a2662caea25b5fb23704cfa93cc1c8d0e1698db665800e0aa74a74eab4dab36ca455dd17eafe227a44935cd554ea763ae2bec1ce3fffce3364c94b63b21752083d7fd5bd7b3c37ef9bf98d7c980fb6e3d1408a90108bf1fe61a276e36a059226377d268bf8546d5759d3a3b14fbc91dbaea8acf6ffa265d8cdc16124c79bceed5213f4a72e1412609710c6a50c0012bea29ef2d2708d8050cfa9366520bcee114ae351086a1d1376410f5fa49f8d78cf752707dc15c64969c50fd943f23aac00c0f6e1f77f0e2804e84b5c14f0b14efcc2d6eeca8f4e62b3be7ae02b3c703543c5996d1110d0ea533f8f35bbe2e8b7e4cbacc19e46d8cc33a725a8229f5edaf070e176b493629d291a0aef644286b60120f68151f5b98bb5b0b6544efb68299c217ad6925b9cb199dfbdadd2e74b9af07ac493d89e295885f56c0579da2093310e3c30d5b0a1431e4e15239537c3743449bfe344d2875aca8e7cb7356ef4f667631d8b7000ce5ac75d6e47ad93cec088f403a6c9061c1bfffed8f2f0f2f0a4d62ef3aebb5429d116d349e3ba5dbdfe1854b9749843b9eea6c7c89d01a2d7af3a81adb169140dc40a78b2078d9317413a04d1f41bed2246e2710784d96b15e15752654b532fd649a2a9d9e89d3fd2397ef848065e08a4cf1dd5e67f1b58efa4f4059454f23b33da617e0fd00a653895c98da48eb6f98cb5ba0eddc887d1c1d3f268b43e761f28e5a82e0da8d27691a126906917de7d595cfcb28a40d4f8e2d5f299d2e0bfe50070c194289c5976fed00341e34f2b249664dbdf75a578712970aafb7a1397562212420faf84351dae6aafd99cae3271d7cd5f6a081629eddbf7169a765e8590324981df4e15f40727c5d7c0e0c3e0f00ec8f211c2490c78473b74ded12b81c7388650835bbe47db793b8784e0c1debb125d35e01ebda5c1afc63b982a76ffd48ba97a904545251159bb808b0c3dc1e515fc35bcffa57193353d78b72b5dec605a7990b614c8c4960ce190000f5c3af595af07740afea0290ecf8b82ecef24621b05662eac8b8b2b6bae4792f876d58fcb949a1aa47500c74349d0acdeace8d41d0306c96e8258055a8149197090544c5882aaa80741ab0d12a2621d726096eca56e45380e9f318647dfa8c9889d600e47c43f3c7443c8d9ac42959cbf04500c0ee9945b05218851291e4c47bd086a601255c967b7c22383e8aedb81504141a50ef0d75a496c68b0a3ed281d1bc8444f1be80a48338d016c30c3f75297731f7da1a8a8bfcfa520581347a64972a9b9ab1fce8bcc88c588686eaa39c3c5c6728ffe30ab5b03b3e56935e40feb7b6f59872f4637f7477aa41a07b11e9e168c3e904fdd599404ad493063ce318c5df464087c4a7879a915bbc54ae31093aecab064c6ac824157b55c5e27171434f78522ee40b1cd3ecbae2e62daa63fe554618ad343c61d4c12320828088d4eb2a0ea9a1b1aff840e5e47fd6df6a1e3be64c3c02a860b2c749094718d36819aaa13c0693babc3442bb729e8212b4be53d1e7ad8a3d8b9323f1c8ea9016f75c04a2", 0x1000}}, 0x1006)
r3 = syz_open_procfs(0x0, &(0x7f00000003c0)='clear_refs\x00')
read$char_usb(r3, &(0x7f0000000240)=""/36, 0x24)
r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="0a00000009000000080000000200000000000000", @ANYRES32, @ANYBLOB="00008f89130cfd016af5e9845701000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r4}, @call={0x85, 0x0, 0x0, 0xc0}]}, &(0x7f0000001680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000007c0)=r0, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000880)='blkio.bfq.io_wait_time\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x0, 0x2b, &(0x7f0000000580)=ANY=[@ANYBLOB="180000bcff0f000000000000fc80000022110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000186800000e000000000000000500000085000000af000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000085200000030000001835000005000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200000000000085000000860000000981c0ff10000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x7fffffff, 0x10, &(0x7f0000000700)=""/16, 0x41100, 0x20, '\x00', 0x0, @fallback=0x10, r5, 0x8, &(0x7f0000000800)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000840)={0x3, 0x9, 0xc9, 0x9f}, 0x10, r0, 0xffffffffffffffff, 0x1, &(0x7f00000008c0)=[r6], &(0x7f0000000900)=[{0x4, 0x1, 0x9, 0xb}], 0x10, 0x0, @void, @value}, 0x94)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0xa, 0x0, 0x0)
r11 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r11, 0xc3d26000)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000340)={&(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
r12 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r12, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000b00)={&(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f0000000a40)=[0x0], &(0x7f0000000a80)=[0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0], 0x3, 0x1, 0x3, 0x1})
r13 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r13, 0xc01064c8, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000040)=[<r14=>0x0]})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r13, 0xc00464be, &(0x7f00000000c0)={r14})

24.692323045s ago: executing program 5 (id=2817):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1300000010000000080000000000000000000000cb0c960fa5fa9a89976b5a32bb4aabdb4410f5e277", @ANYRES32=0x1, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
alarm(0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f00000000c0)={0x80000002, 0x100, 0x80000001, 0x1947, 0x5, 0x2})

23.147641301s ago: executing program 0 (id=2818):
setresgid(0xffffffffffffffff, 0x0, 0xee00)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0xfe05a, 0x5000, 0x0, 0x0, 0xc}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = gettid()
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
read(r3, &(0x7f0000000200)=""/209, 0x128)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000300)={0x335, @time={0x4, 0x2}, 0xfd, {0x69, 0x5}})
tkill(r2, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f0000000480)={0x1, 0x3, 0x0, 'queue1\x00', 0x8})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x4, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000100000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000f9ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10)
signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r6, 0x40806685, 0x0)

21.943748697s ago: executing program 4 (id=2819):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8918, &(0x7f0000000000)={'ipvlan0\x00', @random="0200ff7fffff"})
writev(r0, &(0x7f0000000900)=[{&(0x7f0000000800)='@', 0x1}], 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000100)={0xa00, 0xa00})

21.683483064s ago: executing program 3 (id=2820):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000005c000000000000000f00e035200000000f22e0"], 0x5c})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r0, 0x4068aea3, 0x0)
openat$kvm(0x0, 0x0, 0xead42, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

21.491686685s ago: executing program 0 (id=2821):
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x4006d, 0x25)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x29df, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom(r0, 0x0, 0x0, 0x40002050, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0)
umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x3)

21.491129557s ago: executing program 4 (id=2822):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value={r6, 0x8000}, 0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e21, 0x7fff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x101}}, 0x4, 0x7}, 0x90)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r10 = gettid()
fcntl$setownex(r9, 0xf, &(0x7f0000000140)={0x0, r10})
ioctl$sock_netdev_private(r9, 0x8914, &(0x7f0000000000))
ioctl$sock_ax25_SIOCADDRT(r8, 0x890b, &(0x7f00000000c0)={@default, @default, 0x0, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]})
syz_init_net_socket$ax25(0x3, 0x3, 0xc4)

21.316241124s ago: executing program 0 (id=2823):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfff00002}, {0x16}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002740)='net/ip_tables_names\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
read(0xffffffffffffffff, &(0x7f0000000040)=""/148, 0xffffff96)
r4 = dup(0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
ioctl$VIDIOC_G_AUDOUT(r4, 0x80345631, &(0x7f0000000280))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00', r0}, 0x10)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]})

21.295984782s ago: executing program 3 (id=2824):
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x65c})
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000005c000000000000000f00e035200000000f22e0"], 0x5c})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r0, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000000000050000000000000000f080f0866ba2100b8db000000ef450f22c2"], 0x296})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

20.436315518s ago: executing program 4 (id=2825):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x50})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x18100})
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x40004, &(0x7f0000000380)=ANY=[@ANYRES64=r0, @ANYRES32=r0, @ANYBLOB="bad8004de309a6d0a801182fbdd121b4e5a8b1d080b296bdbe02d444cad5fcfb2a94940fa9b731cd8b5f52e1b4009d83ff8e24f0bdf3745b2539e61a2dd97db00b8b4ba4301ad2eafa71d685558e2aec4a8088b43c5393858cfebdd52f81af53e8a530c90b0db74ae8d8a30478160a2d7bd9742425", @ANYRES8=r0])
chdir(&(0x7f0000000340)='./file0\x00')
rmdir(&(0x7f0000000000)='./file0\x00')
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000001040)={'filter\x00', 0x0, [0x1, 0x80200004, 0x101]}, &(0x7f0000000200)=0xffffffffffffff6e)
r2 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYRES64=r1], 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r2)

20.335832041s ago: executing program 0 (id=2826):
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0xc, 0x4)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

19.932159173s ago: executing program 33 (id=2826):
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f0000000000)=0xc, 0x4)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

19.897189645s ago: executing program 5 (id=2828):
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x16, 0x14, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write(0xffffffffffffffff, &(0x7f0000000040)="240000001e005ff6991a2b200e0f7a000a000000000000000000080008000e00000000ff", 0x24)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000880)="19a992aa0c19fa7fe99191439341ad19d4d09255d69e8172499f1cdb597fdd2c93873636bf70225f0627b807cd7fb74ea8b1de93d365ca9b365267d3277bb8770db8dba1b065eebd90c44cdca4e02491b61dd3d56fe6cd44cd7fc5b4aa2ffb9654bf3d06703f39df1427b053fb9b50102b35f7b7fe7150ac19c8e69494e0165f62458b7adc27756f4f4df5e91181e414ebbe95e676d03ddf3a4966d0a2d5c0214610f784bb1616990d9d3a3cb7e79183ff91ad9633b48c3e174857b175204a0772d9adcfc2fd5bda0c9987d179760d372508c33b77f4553d70a7f7c329b26ff3117f0c0af69c7c1da21518e8de123eb9b137b1ba2dcb8a5058db85368defbf74b918dfa309af42026399464486a303e921cbbd6748fbd4bc304a46d8db75040ee1b95d2e9c24cc90312d018228170cb07302379583141b61091bea4be3c9e8a9f10bba6f5f20c1af59dc9368a4a83869404b2d6c6f98e64f90ac569ac610f07d1e57534d8d0f20b20c9bc60d6761b13c0079ef332fe2bcadde33307bdcaa547a8729eede860b0275cf3b0973c1c4ffa51a6964700c4dd60f382cd8e7c1e8f546d750b60ae4516591a0cdbd2257f49a80799ed28e58a0cf6c8e8514a989a83a4c5f3b605d4557ff5204bfbc10aa0b38798007e19b4a13ca3e56acb607b04ca26f7b96ed07e00cefc88fe706bf178bb07d79d58ce00178f4770453ce22d6cbc4a2a7a4b12bee8d1aff0773c97b0e9206579d87e259e4a6fd27a0c7c9bb47d8d78b603e56dd6d00e4c9d93559c587e6712ff6ba488a1648434fb1647e63644508eb61a764c241dfbc1133bc982f92de5f2b75ed4e87dadbf1cae47d1c1b6eb1c95212d3f539866918cfe021efe9dc7329c44db1ad29eb0f8169522876208d458e44c436afafa35142c3d5963afdfa93f9fc2c65bdc14350a738c7370e30ee793b0d5ef60b15d6fa0b67d385097cc7e57aac64ab2525f0b196321065816752528aee40b7a443cd9280e4943ed80f45dab9658256f25ecf9504191aeb5350f0c06a9abe0b81bec3c0821a8c4b95c78995608d2e117c63d71dec2a12f5b8a894d8acf68d705a47f6181202143e908509674fc334553ae5e07acb32475f253f9c589978314b57a4563f8009c1279943315410fc94237acdd2c23e5470d1f98278f7da82ae02c53e269366e565ca4c5d76a3ffb9221362918dcb3015edb9f2251f52531944559057361cdd54632ac2a3be729aea1dd03a3e355b25481a26f9cb5fe1810b7eabe04a4eb8a0b39754ab9f3899f50247fccc33c4bfb34bdebfe21ec7e33cea08e6d51ce2050001145ba0b3d927e27b588b637aaebc499b132a1fcf8db7629803b7f8b3351164a3ced773e9c9038f8b6830ead4258a3f5e17c5b9b5ba9955418f7135796ad10bd455235f1514f0668504237b8e0b99d0ba47643356b07edb38dee51b61b53cae8cf7cf18109d2f58269460feb3e7c685a08728e8192e44b4aeff94b27f3de0cdd0f1036fcf4bd4d11a7f12e7a1b7217ed7b6772f498fd3c48c93812a5adac28bce3c7790110e287453583be3c6b71b0a6b3933ed22293a46a75dd43e511fa7ca3889b63400b825a9f1a126ae75fe33437d1c2de5097c96fefa2974aea83e1a24ff7e73ec81b2d01178c5c635f7939107521716b710e5408557aaabbe0d1381d0e60776ef74fc270fb2d7566eaff8d3cfe47f31760f64a279f54f4dc5e9e3c68b2abc0313fc42b77cb049b1e1e3c3b67bb6cc44f8002e584854c217df8e26674d14f552c2b448b39682a64c3379c91109d30b64544e8f50fdc57c0f3851891600a33f50e0fa3c2a2b3fe3040b0c134b6fbff278376b63271e98de39a3cc4568aa1adf60382df4e8aa3605f2f2821541f9e7bc45546090b56f8f2501d1aa62393b0a234c3fb8def061f39d10e50278c6ec9dc3f52025e9bb1e02c4b282dadfca1d1eaac9b8f78a78fe7afc97ba1fcceada1297aff6d059529eda3cf8ca05b57e3d05a5b570165e8c93921da442816b7d6f95d177f664798c53c07a8a045c8afa776d1c64732db3e5f9a86a0c3d4bd94397bd9ffa9c0fc65040530768aea4cbd628330f41d43581ff8d97c5898bfa44090fa550b6ce73ddc4c2fa5b29fb2f9c6469130a77e43099245a8f518e4ba44dd9b32cd4d7708a98859d9e697c69157eca121e2eab172d7572cb5650df8ae60dd3b214ce5f1f6eb29ec22ff6dbb8401e77ee3d976562006ef3b286c8c80dc95684c7c2df9815f3c7492939a83a6b5d5320154e0b1b5b6950f73b73b2a190dd4432f4826e56a2f037b92840d8b9719b3e2753e36ddc05bd5442e1b362c3656aa0646aa44792e3e63b3e27fd0eaf16f7ff99bbcb16077e41a52a6c1eed239a82263355f47dd4feffea2319261448fe1d43f64bab0c6288048ceee0abfb5d51bc779465b0a00a879c67f98c577da95d5cf3a37b2074d4fa54347041e17ab6ddacd80f544460f54b50cb80f9b70c7431ca1469088d193c388044ee3c88c091208fc1a3b68129c287ca701f7b043a0f9c5e261ec0bba3c44c6db2a73775f5d72b61e94eae914fa5bb7cd0ef671ba415c96dad99fd6e17e25b61252e4f0ce0d8bf7bf6992dba828f659158b747759ea8573331a499bc14a24d5ea65dcbd085dbb3346e5df421b25f69eab94ebcb783ebf319f345d633d34f50df1a62f90b44e4c584e6aee7465ca44768e472dabfec068faad24b7e4a0580c0d7cfe5752cef01312b38f98177116a670ff614ba9120becdfcbc623e7840bc8cdcef4c16b636fa4a77e32f940fa02c8772bfabf0a45d7d37308695b30f7a58011115667389ef37c82947cdb613d06aa553a6d34b7dd945bc932a1514f9f9d10ba9dd5e12175b4ff59d4784fed9040fa1b10d97aeb713c5edaa893811d3e59cef3baf6ac7e611785b75a1bddc60b53fd313bdf2fb3fdea47bf6371282bdd324da3d7b5d872da42f100e76bc3f4e25e6553926e729ab35dc085be060ac383267bfffb5b3469803e94da50de5d16d94852ce5e344fb344ceff132ff817b23cdca8ddf5c85a50c970dd200eca559a492f2bd037ddd91f0e7fd24e4fbd5ec7eabbea5b65b97f9a388f9d0e62f990d5de31a738720f81e1d675a5e854c4e488c926cd3b80632886d32b09b112eb0e5accee3adc496188def70a895899f371301eca6e9dcb4a15e5368c3e7d895f139fba15e3f3c503d638239062fc7c30299cc1a4eac4a7e12f238a174c7e3c6800992cef7d0f6ccf68527605a6c3893922f0a3b8d132d9fed43aa146582653feee9b1dd6c3957343cc1448f6fd44f191dde5135b0940883ffd475f6bc5054058c56e3b21e75a6bd751494a1d6fa25777f4a588a5d6799276270e93c566bc9ff96e1d6faba31301e31b880a89f4773c3cea07431e0f2de8d1bbaf10b7750db81ad13cbc888475dcfc4a04922617b7f9ae9147186ee54e232cdea72c8a6791b7d29906e0e114ffe6da30c974ce02d018bc85621ff30791ae4ecc8a4f91b8fcde2416ffaecfc578c07c3e90c5825c98f5705e4b8fc1fc2c8269024d2d3352d7b38867d6fa6340fce4f8f614b59f86eba23133b3f7b61350e21c56952836b3268c0447aab37825ea25f39a412f76e70834504f84a4f5bd4c043e2adbc21abd1506727a2d037c300d3d89092a0274c9608faf2fd640ade7e4fbda8c6b17c57991c1ccf30aebcda043bdbce7daebbb24f7b6a1a8550b4bec75304d08d70e3967342a976594e672c0e7431d61a83af2a01f5021069c673eaf5e09ae517caf80315e830a02e56b405f3b0d1885a9895876e88ed036be6f0a3c5c3bb57f144793270f23cd9373957dc277aca5b78204fd001597b2a62c2d5cd1005b2b43b108099853ae65c36eaa72c165c5fe0201593ea4d8e4f5e643cc579dcb312add0811a2b26b635b0a977abb92340a6b8800bcff71a29512405292e4cea6a654833ea452adf9d5330711e59efe9560740e3d1ade2f07fb608d00d180b3b65d5e8a6d7c293809f342ab1c72dfc1f6bd8d0d11d64b63570877b298e7720a0b57437e4fa640f242bfa34ed9fc24a1ace8c212affb7ab1e5c1fb69c4bfd6825824ecd071e22829515fc73ac534784b5944a8af7edca4fcf07d5d98195dc7b59ae6274802ee9319040e3ecc14733ac42291d5c2aa639cd522e060ff16406490d77afa5fe5154e6db741443e61e0466498239d0eb931b7357e8718632c297bf764fdd3b45b576bb9a01ef5c015c7c07fd2f366a35e4b0c70c480987d068cb990ba37719d22c8ce4c5cf3c622a2dc40dd6ab77b2f6f2e395aac1a04a223065ff9c550d902b48b248129852e193133a7d4b580e72df7fca722b6a66a952714fd20acd43d0e5dcec3dafd3c02503bc096f984328bef4fffd8c23d7a418e3ade7efc446fbfca2a55392326df705ead0c286eff044d6823ef2d2c9473f36736901f8593c93f674ad6ae913dfa19961d4ce5c0a84bcf3e0ff8d9206da1af4bdfbaf1c45f877f74619989c9f372f77aab859dd4e323ff415a87b7f3a8a32e150cb25b1fc00d2e30da6fdd3e96ffe36bdad3e0a84e8462c54b903a361458e9a939bddccb94e52c640cf2a8fb5005ecad599eea533a726f7bef5e077b09d115923744772e898154e342ee7c5b03ce837dd856dbf4add2bd2b267b3fa6db2d2a8481ad189d0920269f670245388e79bd7847a0c8d7a66b186b07a19b4a18ec3b4a369e04b82fd0c4a8360184fad12c69d94f99e652f69ae63e578c63accfe312562c936e523aaf0f8400e2a244359884e8f8e670a2f6aff7b08719c6dbb8492fc2e181dadf1553978c0c768d1701c77b055cd58ea4f607c76c7218f5b68c9e872a679df09c1e06d62caa3930e323b05cbbcebf8ce881dc94915abd0ce0c27b2580521d9f992c26923ef7ab79faa34be1f811315407f8821fce2c4521c2f09259a81bb15648dd3b64e4a763c98b95db93beedb20936003d84ab30b1ef9968bd9df60b2144854961ca726a72670b79489d3a05721899c05f43ff46efb39f3b64cda9ce3ce7a36fa822a23074d8f6e81f6b9c74d801a0c0962eefd12e47b3bf96ecd9a1b3982dc58a1f63b2735b4b591ebc4112070de7ab967422e33272498b69997066093a908a7838090715d8b0908615b5327d60d919b5ce7eb23a4d5e5e3a3ab7ff58e035f3dfb2ac4babaaf050d65250f68966805ffc719f78a3a933cd7c6ca21a4a062b792306152b45f3f2e29efec2fb0e9784dea9e6162c830b7e5d653e979a4dabc14831a6bee683d033b042c9c29c7a7c8e9d799ec61e24d80e7e96b3288820b6e7d137e96aa4dae65fcd1a2876f501720e949c6974dd8094273d35277379df8658cd7fb1f644ca7be30c5028398b98f637a938a324fa12660fae975da9ec6081d8a6ee801e6f241e5a9f1ec0987dbee52637d26d6e327aaafd5fd1c8a54a51939685fcfa3bd27a19a7b9ac4446789c16d2a034f60eb1c9ee651c6ea0f38589258768f079c7015f8d86181ee761c731fdd86347a36e7446cca3edcb1a97624b1a69f940453570f772cbd81ba28258b82086a11c3aba5de6e5b3ec8c2098ef0b4196512494a790fdae8a603745bc3c009cfcc66f615da19ef2b3d5f4e52b565960c223de3df708ded73106e25e377e0ae0a2713ff22dd8ad6f987ce005ab54675991d224f59b4c9b3bd9d5f99c0ffe16c5acff98946b839a8172fe44349004e59d80056ac913ae1e63b7e799f0f622f6b8083552010cb341bb4e5e21e07a571b22226e4b77aac0741d195b909f6edb40788a5ab6acbc6", &(0x7f0000000040)=@udp, 0x2}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mremap(&(0x7f0000a94000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000259000/0x4000)=nil)
mlock(&(0x7f0000bfc000/0x3000)=nil, 0x3011)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x700, 0x0, 0x0, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SET_PDEATHSIG(0x1, 0x31)
epoll_create(0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5fffffff, 0x2}, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048055}, 0x0)

19.895787863s ago: executing program 3 (id=2829):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f00000000c0), 0x1, 0x0)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0xea, &(0x7f0000000280)="c000000000005b76000000000076ecd3dc8a864cda315537c20347523c066583ca7302b5cc62716cab87244f0612f840eb75137836e7bf9ff2f5afa1535b3a81dd3982914b4bd2c61e2c082c950f950ccabf8654ecb9b1a0fa773d42e2c5109f4fe331c2a47b889c085d7f9f72b8d78a092be0e8b3802490e8826a22275130c74319065eec460e8d977815b23ca91c7403b518e21946131808cb1cf3f28b4025e94f94e4840b06cdc882a9b91b63bdc1598f2bf0486448c9167ae33791007c665472e460ed39cb3496a8c1b86ca6db1e769c2d6a98780ae003474af4edb20dc9015a212b86f8802f5750"}], 0x1})

19.827841886s ago: executing program 1 (id=2830):
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2701, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0xfffffffe, "94c465203d36be01d7000000000000e1100ad985544d00", <r2=>0xffffffffffffffff})
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)=ANY=[@ANYRES64, @ANYRES64=r4, @ANYBLOB="0b00000010"], 0x20)

19.553623448s ago: executing program 1 (id=2831):
r0 = syz_usbip_server_init(0x1)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r1 = socket$kcm(0x2d, 0x2, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14)
sendmmsg(r1, &(0x7f0000000380)=[{{&(0x7f0000000100)=@xdp={0x2c, 0xe, r2, 0x1c}, 0x80, &(0x7f0000000340)}}], 0x1, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
write$usbip_server(r0, &(0x7f00000000c0)=ANY=[], 0x35)
r4 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x222700)
openat$cgroup_ro(r4, &(0x7f00000000c0)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000080)=@int=0x7, 0x4)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3})

18.846225329s ago: executing program 5 (id=2832):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x202)
ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x40043)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be)
bind$tipc(r2, 0x0, 0xfffffffffffffdf2)
sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0}, 0x2004c050)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c00000066783dade9bf16fd6b9ec8af20056148b59242e5556aef633f7d9dc8da8e05b4439bbd04b98f68108ba0487869b362", @ANYRES64=r5, @ANYRESHEX=r4, @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x8000)
socket$nl_xfrm(0x10, 0x3, 0x6)
timer_create(0x0, 0x0, &(0x7f0000000140)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000900)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
timer_settime(r6, 0x0, &(0x7f0000000d00)={{0x0, 0x989680}, {0x77359400}}, 0x0)
timer_delete(r6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
waitid$P_PIDFD(0x3, r8, 0x0, 0x8, 0x0)
sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x1, {0x1}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="d96e05a377739840f22c74b3ba279089a9ce69b8ffc32ac59ce6528a8c9c1550e6fc0c8624a536c33fea3b2913773107640d83dbc3cd408631374b5099954a9626cca30f209f7e85a86b9ce211ee1071f47c1ea2ec113e472fe13ddd2ed6160cc0fcccd2765dbe9af92453b392525c5e1a326805f6cbcebd41c127f85d08a943d923223b8186f8c4617804b85aafab2d7fe9361e5d164aa861ecb3644169808c5313745d2c992c1c608bdd1e0c56", 0xae}, {&(0x7f0000000840)="2cd83a2baabc95411ec5511a0e2e347972e832a7c13f84c97a1c3892dabf5c557c8359c5987a73d66d2c773914fb54cba54c9853b276447015d9050efae4beb19d88aa445d33a32658b9c5deb4a67bd3842f4ff4c72a4939382a1db431dab50e340db829ff7a528bfead8f2ecec6f5c9c686089c8976bce5e5ab860c916459e093f697bdd2af4c267b914e8a132a09213b19010e26d6328d367e2396a6f265850f3ce4a4683d728fa40810f2f9c8b32e7e46575f0e523452d2ba773022c773df13f8737189e226afd925f31ab3402e610a5fa78cd2de2e7ea566b1e24041c97ddb24b6fb5f4d4ef11c51ceac0b359deae706c83bc8effa92a61fb428283b9d17926ddea359cee63de3cb105dc3b583ee29292a3386504ca8dabfbd8bde7e20b8fb3cf058410ec41c3f8bd12f35f850a5003070b1d38b945e2e00eff9d80f892246dde992a0965dc1fe5736ef46b8e5a35586660be13a3db4f88f9572295ef8fef528f2304ef0b320b5123891f70007d8dd6bfbcadf3ab4ac46c2e6c2f736c10287e6db8a4efcb132c00b532a9e9f3bcdabb4caa8df32007adf368a91e505ff24d8daabdf8f7539c6b8fa0d69ef55cbd38ab2b4583ca92f9f0458c237828271819737451a8ad4ee1ba45d47144673ae6fec9a1c18a84d2211ea03396b4bbaa53ce4e62275cd581066c9f600462cd7689520eb44557ae5f5ba8dff63bcbc7c291a0889f3da79101edbcf844d8a3f34fc9ae464e33c62f4c70b90965d62b922cfb5572e1ff60244910dd0d31cc535215844da37bd765106703d20f8e580da62773adb1f8d86fb7bed80129241587a65639c97a40a83bfbcf7e89e1c638cd68c1c127c8fb110c8767b5b794aa9a4a05ed86be627cfb46fd3ba2d3ceda413505456845b36309445521122d9bdfbfabd4c01674e1f3a8e00926cc60bc5194d0e5d51d95656f927dc83595934a4143f3761d9845428ce720ad9af72f1d6af3e43a46300e143dcb4d28f342e4c938690fe784b3807a0d4cf9046bad4c62a6ad879a05341658457efc7f4749da2398e4c9554dbe155e6f4494bffe547e4ed8ca739925c77d2058fad92ed749ac29ef15c8470aba86060e8012dae62f19647b57052b214109257d66d1e88a3a13084b010a3e784da14ffbbf1d530c2377382b55c07fe9f336991331cc49ff78c8fefa4f0b6774d5e40a45a5675f50e93a0c6bb6a94187cf50975476351a5f9dab4ae792741597b453ba7c33861141f561b37d68822c116d3a7d78011c334eff9b80d1cd90ba1fa56b4cbe8031fd9b13f22c8b7d30a476f484438b1da245e536a1e41b56006f401a65fbd62da62193752e9ca173e9d2f60cead47581d63bdf964842967a73e4a7c406bdd0ebbee873b7bf033567ec7c07ad21fe32b22cb42787adf1a550877b56dfff6302c3722c86f53d32dca73519579b4bc01c684bf84c59e42f2567cfc0465e72a865dcc56c28c78f284d574dff6f243e0a57a72d61cc9074edd5cfbe3002101aaaf6f7eba40998da46aeffccb482468c03774884ae5978b2d74c9e2347093bf1fade6ad02ba5a858cf3ab606ddf9156e8337fd46694d1dd18ee51fa9e90b2615aecb2aa5718b18a711111334a110fd3735a9ec57cf322f02937fd0ba97a06f10b644ed117337210f19e8ef73c82dbd6764252e37f0c5ac3d2642132396de306ec4ebb70961b47f28781ce8bed22067d3611cd2b51dd75b19d926eb89c769b47f67cfbc7f01dea3651283cb8fb94ced8779b71530effaa1438eb2d13cac827c9f259712bb53708843ff9686465c98ec455f05709ba7c21a3f8e86c01d52b19cddc8b74d05d6ef6b674f13199215f04472b063a305b8bf0d90c7915d4ed2b2ffae3b4750bb990f09032b8b5d59c36428785019f37732fdd3bc632b68451a62a794fb481c087302c7c78ba1b027591e766c5af5a799b76551c237d5030d11888f2b6d135ac83c9856725cd5ea3adb3a045b8305ad032fbb9e10e2122b51bceeb24d32e4b73f63e2a9573df94040948ae6f823e8113710fc001ff958f446f89e11b7ad099c7d98da0fb8a8dceb64bb662ed7c34b20c1690f6fba101a910e569674125f9492f3f713490e8731a9079b249421e768dbffce017a3446e024859f5eb83a35f9f912dc03ecdddf0bf385a39116c02a433968a09a226c6f45a6e586670ee81b7caba22f2cf0a6d1027093135f9c71434a8d78d56d27ae0dc986fe39da0702539c228b79706e10c62f7dc9468fe4ede0ed7404d320ad0aa87c02d8b093639b7b238c2ffe282b16991a60819ca5ae67b153840444cce6e6ece361707da7811ec227cb13c27ef48a0f9f22f27c35c689830440bc84dd0d44582c941a4ceb44bf527ae1410cc885e4bfd1eeefe3f37ab5b47b695588dc9570a3cc2c8759d08ce1c69ec83cdcb954cf5abf6fc2401dfc94ff9a5ff5caa6bb9e9db886d46fd17bcda2ede0a24c71a670db334f321f43cdb9bc3bec52262625dc8e57fc40b7fa455a66d48a5f26ef10841d3663eca35cb61c5f5431f9e87831031ff22f8a53e40fdbabd14cab1d2fc2aa8958047915fe4a6ff4fe21b9797a46c9ddcc8c380cc7cf04310fc99f5788d24a31d959304b175180b968cd02762ac3ecc3a76c2a5bb31f0a74f3a8c7856b74aca12ec26f719cd8b290fbbf33f21867b9ad5927b3333983771f0e595ae3b034360a06757760b22a3182752d73c2d01fbc1b6cddf5b56be3f1c0d3cfd9bb9dd038dfa576578e7563a4c945e2143ee084f9102826f9528b98760dc073dc585094211253e37595c03cd7e77e387fa22e7b8c945dcc715acf3959b84a528c8e2129187487f3521e743cfed34fe1105dea92989306850c20d18100ae737b4044cf8d53d5cea880dbaef26932880b9b5b370f19ed117d5c7ac5045325fbd1cac3f830e9e00b56dae082cbc326dc92b5aa8ce9d2b52a665b0f9a10a9f487e228dcc288cdfb86c4276c90f9b66d1d0f8790c1cd193a566ee89f0351977ab27b990662f8a2f8c73d1fcb6273494dae6c5961b7d7d3f2481458c67084f43f3c9dee50e2bf48cc1dfc4b12cfaad6b19c873ec81b6e420f80f4bf5177c47dddb4f0a6f420e0d5eb893614759a49c4ef34e8930a689878b4d28e36fae200dec85575e04c6a071e0380a9b3aef0e349c991d4c8a94f37810473c4512d26ef0effa281fafe96a88b2bc75038b71148bc6df906e7599b6571351892304d63238f79b490fdd8e3df526a71e668ff9b97457c17c9041cea40211ff255f2615880b907fac4e854aff659c94cd3cd6a776a03fd85e1ac718f86ce9276dfc6bc6c506ea1177eef3750fdc516046c85aedd43dce5e0ea185ef29f0725e7d78c21a1eb608af76c2676a155da4f9e330235452fb0fbbcac6411477608a518418103cb4e2f1a9a4989792452613c06b12a4710d079e260f61758a7ac9d054855f912d1d3ebe68b2bdec79a55902b58c14fd6b2f87de6aab776c1b81db48d47b381d794a4cec8880c7e0e7f0539a77741ffd3d3a4a1da878967f8a423b4673b43dcfd2278025822fcb878ed85318789fb3513576861742d2654db1e52c3e809bd05a49b1319802dd2b27539c43526bb7020a5a107fcc56bd8dfee6decff7a816b38f488019515ffe42154b10b5274f377fbc2ae306837307a6716c02c9ab795ce3e9c93c1124e50127fcd9a980b4685d8ee4ae95b23be9227ccd9c9e980cb9b008d572fddf24051213ee7dc4674c5de78a32b141b2de89692b76d75bb32ebccfaadd749a855accd77605c422156140be33213cf8e74fbbd5ff4065307178b9251c0b457bad501d499c2d9e175a823d96fb29a1c8840f8e612cca084b39fe68a416043284a73306233cde9ba6b067bba677ef44addf26d24d16e25d6530771bbc0187058c7d3de6865ea4ab7ecefc2638656aca7f9399edf61b4c3d72f84c28c394cacd7c5361674c41a75bbf43e5d2e2e22afee5ff25e78c0ed2b0db27917b4e26b02a68fd0523b4c1549f57be07014451a39d7d1db26eab89d608c421fd639549512a1ad300ac93b790dcf5b585207de755fe5402f1b55377c0b331bdd13e8b616417e78d4e84f9000b0a91c5402b2040028ee755a0a19554e1927fd56672bd0ea0bbbdd1328bd7ee75753cf848fcf8a5515315da5db8e69f8ffe310c3ccf3c2afae743e3f8c7a9c8744f4181d1bf817f0ae083490b5fbece8c578e89b9ffb559164857d1338651c897e066ef33e299c86a562d9362fdcc655155fc3001ecd4b6b3a4279e88cb6ae5a9288378f0e32d6072950d2aa34d48fce81f744e238285ca9387083dfb4caae295f29775aed93dc0fffa555bbd0ddfb95d29360718600aff5c754ad188a5ae6cf5c304759e069b4c64eb7585a57eba334b96da9e32bc3f1423cb1da3a0e1393317af5cdc9a9d17e77ec8b13215d211e0687608343520f1d730062fed05cfe17aca5df78328884096bc7597b3e30b11f7e6e9da886e57dfaf8983a838b49fe4aaa0f248a6259df1793883c140453a31485b783ee772a4e0e26f8e653abf5ee0e378397ee675995e21d88f997ecc1a44766413e84e3b82c757f207bfa74f1e72ac4b50bedbe7a089e80a57fa365a9cb2c79ff29495ab028c763d04db87603974d12a746a5d70c020f6f3ac8b76595ecbab4ad999fc3215ff39a6ee425d47ecea769aff79f78bb97dae6b5c0b17cb5c7975eae02b95dd52ef41f384a18861e14abd5503d99ec3bed8fa44095471a4d6bc90c95af37b905a072251f068b36c2cdc5edfc965d7c46b21aadea25eb79096fd86718aa7a9055d31e1b4fb1b12996214b93c27b9ed0618031bd6160654d491ddb32ba58489fe77aff1c124729cd798cc66963da8e28ab3a8834d07a15ba66028bbb36414460abbe742a35356c2edd9f1c224502ec308ef8c35e0c49157ef13d6a097aaf64f2401fbc338bf1de803c61a4f81f6d8287a5cc2cae5d95d5f49e473533fca26254da4af29a3c7292dc1328a283cdcebdc91a4a7deca52de394047d803d05c81a72cadea1add3690843e032640fa8c5b6bbbb395091929384ebc06ba76cd288932f6411293f6c22d3f9e1c24105550cf5e77761a5a98201703862d479c125134db8a97758b9f6ba8dd3d0fbb65b94dd3e35fbdbb7ab75e1b0c00b428c57d541888594a35b532e6e059043b79927908ff5582421e31db0a56d920781c71e2732fd24e11175f9120e88efa83fed2762f1b238f99c313dc36a9181a92cc18fc71dcda9ecac7cb4e6baa413de094406a1041aee321a2650b55856c95feba59382c8463e4f9c7bd3c10b29726d08ea1fd8e2d1fd86597b738d07301f315bd00385b7f477f590c4b4e8e1112fe2d8f134687714bc23e1ee7ad64086f67f37ae5a07bc45d817286176d2f8c9e98212a513c4e42f6418bcec3aa77b45d9e827a8a53e3db97ed830a8811d8d1876d2eb306c78c0471d380291debf1f888db50e3c303e9e57b6004ed575e74a8783dfaff72117dafa49caa8e68382be2023b08ba063f524905f95ef66268fabb63f8eb2bc3c5f74ba442d7f8a1113efeabb57db06373a49edca8728412b57d93b7bb6b367175bc11f291260c5b69e5928c64b614c82d69abab7e97bc150445e91644f7f0abe26248a046c074a56eac233ad83b6705cb11b9470b1503576026671fcfa9b7f681f21a8b7be8159dd3426586290483b94782182c97885758dbab6c4b9ac07b543ee03e09fa27dd5952efeab87227e842785acd7c06a981c23a0326f54858b59e36cf3fcc4d0ea767dbff877b", 0x1000}], 0x2, 0x0, 0x0, 0x20004881}, 0x20000010)
r9 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000440)={0x0, @private=0xa010102, 0x4e21, 0x1, 'ovf\x00', 0x8, 0x7, 0x57}, 0x2c)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x1)
fchdir(r10)
r11 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x10100, 0x0)
getdents64(r11, &(0x7f0000000040)=""/53, 0x2457a0be381e3a04)

18.175816871s ago: executing program 3 (id=2833):
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x4006d, 0x25)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x29df, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom(r0, 0x0, 0x0, 0x40002050, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0)
umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x3)

18.118838257s ago: executing program 3 (id=2834):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) (fail_nth: 4)

17.356727794s ago: executing program 4 (id=2835):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000000)=0x2)
ioctl$PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f0000000080)=[{0x48, 0x0, 0x38, 0x2}, {0x6, 0xfc}]})
write$ppp(r6, &(0x7f0000000180)="1e08", 0x2)
r7 = accept(r3, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x300, 0x0, 0xc000}, 0x10)
recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
fsopen(0x0, 0x0)

16.053652217s ago: executing program 4 (id=2836):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfff00002}, {0x16}]}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000002740)='net/ip_tables_names\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
socket$kcm(0x10, 0x2, 0x0)
ioctl$VIDIOC_G_AUDOUT(r5, 0x80345631, &(0x7f0000000280))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00', r0}, 0x10)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]})

15.043870379s ago: executing program 3 (id=2837):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1300000010000000080000000000000000000000cb0c960fa5fa9a89976b5a32bb4aabdb4410f5e277", @ANYRES32=0x1, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
alarm(0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f00000000c0)={0x80000002, 0x100, 0x80000001, 0x1947, 0x5, 0x2})

15.042482977s ago: executing program 4 (id=2838):
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x65c})
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000005c000000000000000f00e035200000000f22e0"], 0x5c})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r0, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000000000050000000000000000f080f0866ba2100b8db000000ef450f22c2"], 0x296})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14.801030106s ago: executing program 34 (id=2837):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1300000010000000080000000000000000000000cb0c960fa5fa9a89976b5a32bb4aabdb4410f5e277", @ANYRES32=0x1, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
alarm(0x9)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f00000000c0)={0x80000002, 0x100, 0x80000001, 0x1947, 0x5, 0x2})

4.509341782s ago: executing program 35 (id=2831):
r0 = syz_usbip_server_init(0x1)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r1 = socket$kcm(0x2d, 0x2, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14)
sendmmsg(r1, &(0x7f0000000380)=[{{&(0x7f0000000100)=@xdp={0x2c, 0xe, r2, 0x1c}, 0x80, &(0x7f0000000340)}}], 0x1, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
write$usbip_server(r0, &(0x7f00000000c0)=ANY=[], 0x35)
r4 = syz_open_dev$audion(&(0x7f0000000040), 0x1, 0x222700)
openat$cgroup_ro(r4, &(0x7f00000000c0)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000080)=@int=0x7, 0x4)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f00000001c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0], 0x3})

3.505310164s ago: executing program 36 (id=2832):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x202)
ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x40043)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be)
bind$tipc(r2, 0x0, 0xfffffffffffffdf2)
sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x18}}, 0x10, 0x0}, 0x2004c050)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r4=>0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c00000066783dade9bf16fd6b9ec8af20056148b59242e5556aef633f7d9dc8da8e05b4439bbd04b98f68108ba0487869b362", @ANYRES64=r5, @ANYRESHEX=r4, @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x8000)
socket$nl_xfrm(0x10, 0x3, 0x6)
timer_create(0x0, 0x0, &(0x7f0000000140)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000900)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
timer_settime(r6, 0x0, &(0x7f0000000d00)={{0x0, 0x989680}, {0x77359400}}, 0x0)
timer_delete(r6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
waitid$P_PIDFD(0x3, r8, 0x0, 0x8, 0x0)
sendmsg$tipc(r2, &(0x7f00000003c0)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x1, {0x1}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="d96e05a377739840f22c74b3ba279089a9ce69b8ffc32ac59ce6528a8c9c1550e6fc0c8624a536c33fea3b2913773107640d83dbc3cd408631374b5099954a9626cca30f209f7e85a86b9ce211ee1071f47c1ea2ec113e472fe13ddd2ed6160cc0fcccd2765dbe9af92453b392525c5e1a326805f6cbcebd41c127f85d08a943d923223b8186f8c4617804b85aafab2d7fe9361e5d164aa861ecb3644169808c5313745d2c992c1c608bdd1e0c56", 0xae}, {&(0x7f0000000840)="2cd83a2baabc95411ec5511a0e2e347972e832a7c13f84c97a1c3892dabf5c557c8359c5987a73d66d2c773914fb54cba54c9853b276447015d9050efae4beb19d88aa445d33a32658b9c5deb4a67bd3842f4ff4c72a4939382a1db431dab50e340db829ff7a528bfead8f2ecec6f5c9c686089c8976bce5e5ab860c916459e093f697bdd2af4c267b914e8a132a09213b19010e26d6328d367e2396a6f265850f3ce4a4683d728fa40810f2f9c8b32e7e46575f0e523452d2ba773022c773df13f8737189e226afd925f31ab3402e610a5fa78cd2de2e7ea566b1e24041c97ddb24b6fb5f4d4ef11c51ceac0b359deae706c83bc8effa92a61fb428283b9d17926ddea359cee63de3cb105dc3b583ee29292a3386504ca8dabfbd8bde7e20b8fb3cf058410ec41c3f8bd12f35f850a5003070b1d38b945e2e00eff9d80f892246dde992a0965dc1fe5736ef46b8e5a35586660be13a3db4f88f9572295ef8fef528f2304ef0b320b5123891f70007d8dd6bfbcadf3ab4ac46c2e6c2f736c10287e6db8a4efcb132c00b532a9e9f3bcdabb4caa8df32007adf368a91e505ff24d8daabdf8f7539c6b8fa0d69ef55cbd38ab2b4583ca92f9f0458c237828271819737451a8ad4ee1ba45d47144673ae6fec9a1c18a84d2211ea03396b4bbaa53ce4e62275cd581066c9f600462cd7689520eb44557ae5f5ba8dff63bcbc7c291a0889f3da79101edbcf844d8a3f34fc9ae464e33c62f4c70b90965d62b922cfb5572e1ff60244910dd0d31cc535215844da37bd765106703d20f8e580da62773adb1f8d86fb7bed80129241587a65639c97a40a83bfbcf7e89e1c638cd68c1c127c8fb110c8767b5b794aa9a4a05ed86be627cfb46fd3ba2d3ceda413505456845b36309445521122d9bdfbfabd4c01674e1f3a8e00926cc60bc5194d0e5d51d95656f927dc83595934a4143f3761d9845428ce720ad9af72f1d6af3e43a46300e143dcb4d28f342e4c938690fe784b3807a0d4cf9046bad4c62a6ad879a05341658457efc7f4749da2398e4c9554dbe155e6f4494bffe547e4ed8ca739925c77d2058fad92ed749ac29ef15c8470aba86060e8012dae62f19647b57052b214109257d66d1e88a3a13084b010a3e784da14ffbbf1d530c2377382b55c07fe9f336991331cc49ff78c8fefa4f0b6774d5e40a45a5675f50e93a0c6bb6a94187cf50975476351a5f9dab4ae792741597b453ba7c33861141f561b37d68822c116d3a7d78011c334eff9b80d1cd90ba1fa56b4cbe8031fd9b13f22c8b7d30a476f484438b1da245e536a1e41b56006f401a65fbd62da62193752e9ca173e9d2f60cead47581d63bdf964842967a73e4a7c406bdd0ebbee873b7bf033567ec7c07ad21fe32b22cb42787adf1a550877b56dfff6302c3722c86f53d32dca73519579b4bc01c684bf84c59e42f2567cfc0465e72a865dcc56c28c78f284d574dff6f243e0a57a72d61cc9074edd5cfbe3002101aaaf6f7eba40998da46aeffccb482468c03774884ae5978b2d74c9e2347093bf1fade6ad02ba5a858cf3ab606ddf9156e8337fd46694d1dd18ee51fa9e90b2615aecb2aa5718b18a711111334a110fd3735a9ec57cf322f02937fd0ba97a06f10b644ed117337210f19e8ef73c82dbd6764252e37f0c5ac3d2642132396de306ec4ebb70961b47f28781ce8bed22067d3611cd2b51dd75b19d926eb89c769b47f67cfbc7f01dea3651283cb8fb94ced8779b71530effaa1438eb2d13cac827c9f259712bb53708843ff9686465c98ec455f05709ba7c21a3f8e86c01d52b19cddc8b74d05d6ef6b674f13199215f04472b063a305b8bf0d90c7915d4ed2b2ffae3b4750bb990f09032b8b5d59c36428785019f37732fdd3bc632b68451a62a794fb481c087302c7c78ba1b027591e766c5af5a799b76551c237d5030d11888f2b6d135ac83c9856725cd5ea3adb3a045b8305ad032fbb9e10e2122b51bceeb24d32e4b73f63e2a9573df94040948ae6f823e8113710fc001ff958f446f89e11b7ad099c7d98da0fb8a8dceb64bb662ed7c34b20c1690f6fba101a910e569674125f9492f3f713490e8731a9079b249421e768dbffce017a3446e024859f5eb83a35f9f912dc03ecdddf0bf385a39116c02a433968a09a226c6f45a6e586670ee81b7caba22f2cf0a6d1027093135f9c71434a8d78d56d27ae0dc986fe39da0702539c228b79706e10c62f7dc9468fe4ede0ed7404d320ad0aa87c02d8b093639b7b238c2ffe282b16991a60819ca5ae67b153840444cce6e6ece361707da7811ec227cb13c27ef48a0f9f22f27c35c689830440bc84dd0d44582c941a4ceb44bf527ae1410cc885e4bfd1eeefe3f37ab5b47b695588dc9570a3cc2c8759d08ce1c69ec83cdcb954cf5abf6fc2401dfc94ff9a5ff5caa6bb9e9db886d46fd17bcda2ede0a24c71a670db334f321f43cdb9bc3bec52262625dc8e57fc40b7fa455a66d48a5f26ef10841d3663eca35cb61c5f5431f9e87831031ff22f8a53e40fdbabd14cab1d2fc2aa8958047915fe4a6ff4fe21b9797a46c9ddcc8c380cc7cf04310fc99f5788d24a31d959304b175180b968cd02762ac3ecc3a76c2a5bb31f0a74f3a8c7856b74aca12ec26f719cd8b290fbbf33f21867b9ad5927b3333983771f0e595ae3b034360a06757760b22a3182752d73c2d01fbc1b6cddf5b56be3f1c0d3cfd9bb9dd038dfa576578e7563a4c945e2143ee084f9102826f9528b98760dc073dc585094211253e37595c03cd7e77e387fa22e7b8c945dcc715acf3959b84a528c8e2129187487f3521e743cfed34fe1105dea92989306850c20d18100ae737b4044cf8d53d5cea880dbaef26932880b9b5b370f19ed117d5c7ac5045325fbd1cac3f830e9e00b56dae082cbc326dc92b5aa8ce9d2b52a665b0f9a10a9f487e228dcc288cdfb86c4276c90f9b66d1d0f8790c1cd193a566ee89f0351977ab27b990662f8a2f8c73d1fcb6273494dae6c5961b7d7d3f2481458c67084f43f3c9dee50e2bf48cc1dfc4b12cfaad6b19c873ec81b6e420f80f4bf5177c47dddb4f0a6f420e0d5eb893614759a49c4ef34e8930a689878b4d28e36fae200dec85575e04c6a071e0380a9b3aef0e349c991d4c8a94f37810473c4512d26ef0effa281fafe96a88b2bc75038b71148bc6df906e7599b6571351892304d63238f79b490fdd8e3df526a71e668ff9b97457c17c9041cea40211ff255f2615880b907fac4e854aff659c94cd3cd6a776a03fd85e1ac718f86ce9276dfc6bc6c506ea1177eef3750fdc516046c85aedd43dce5e0ea185ef29f0725e7d78c21a1eb608af76c2676a155da4f9e330235452fb0fbbcac6411477608a518418103cb4e2f1a9a4989792452613c06b12a4710d079e260f61758a7ac9d054855f912d1d3ebe68b2bdec79a55902b58c14fd6b2f87de6aab776c1b81db48d47b381d794a4cec8880c7e0e7f0539a77741ffd3d3a4a1da878967f8a423b4673b43dcfd2278025822fcb878ed85318789fb3513576861742d2654db1e52c3e809bd05a49b1319802dd2b27539c43526bb7020a5a107fcc56bd8dfee6decff7a816b38f488019515ffe42154b10b5274f377fbc2ae306837307a6716c02c9ab795ce3e9c93c1124e50127fcd9a980b4685d8ee4ae95b23be9227ccd9c9e980cb9b008d572fddf24051213ee7dc4674c5de78a32b141b2de89692b76d75bb32ebccfaadd749a855accd77605c422156140be33213cf8e74fbbd5ff4065307178b9251c0b457bad501d499c2d9e175a823d96fb29a1c8840f8e612cca084b39fe68a416043284a73306233cde9ba6b067bba677ef44addf26d24d16e25d6530771bbc0187058c7d3de6865ea4ab7ecefc2638656aca7f9399edf61b4c3d72f84c28c394cacd7c5361674c41a75bbf43e5d2e2e22afee5ff25e78c0ed2b0db27917b4e26b02a68fd0523b4c1549f57be07014451a39d7d1db26eab89d608c421fd639549512a1ad300ac93b790dcf5b585207de755fe5402f1b55377c0b331bdd13e8b616417e78d4e84f9000b0a91c5402b2040028ee755a0a19554e1927fd56672bd0ea0bbbdd1328bd7ee75753cf848fcf8a5515315da5db8e69f8ffe310c3ccf3c2afae743e3f8c7a9c8744f4181d1bf817f0ae083490b5fbece8c578e89b9ffb559164857d1338651c897e066ef33e299c86a562d9362fdcc655155fc3001ecd4b6b3a4279e88cb6ae5a9288378f0e32d6072950d2aa34d48fce81f744e238285ca9387083dfb4caae295f29775aed93dc0fffa555bbd0ddfb95d29360718600aff5c754ad188a5ae6cf5c304759e069b4c64eb7585a57eba334b96da9e32bc3f1423cb1da3a0e1393317af5cdc9a9d17e77ec8b13215d211e0687608343520f1d730062fed05cfe17aca5df78328884096bc7597b3e30b11f7e6e9da886e57dfaf8983a838b49fe4aaa0f248a6259df1793883c140453a31485b783ee772a4e0e26f8e653abf5ee0e378397ee675995e21d88f997ecc1a44766413e84e3b82c757f207bfa74f1e72ac4b50bedbe7a089e80a57fa365a9cb2c79ff29495ab028c763d04db87603974d12a746a5d70c020f6f3ac8b76595ecbab4ad999fc3215ff39a6ee425d47ecea769aff79f78bb97dae6b5c0b17cb5c7975eae02b95dd52ef41f384a18861e14abd5503d99ec3bed8fa44095471a4d6bc90c95af37b905a072251f068b36c2cdc5edfc965d7c46b21aadea25eb79096fd86718aa7a9055d31e1b4fb1b12996214b93c27b9ed0618031bd6160654d491ddb32ba58489fe77aff1c124729cd798cc66963da8e28ab3a8834d07a15ba66028bbb36414460abbe742a35356c2edd9f1c224502ec308ef8c35e0c49157ef13d6a097aaf64f2401fbc338bf1de803c61a4f81f6d8287a5cc2cae5d95d5f49e473533fca26254da4af29a3c7292dc1328a283cdcebdc91a4a7deca52de394047d803d05c81a72cadea1add3690843e032640fa8c5b6bbbb395091929384ebc06ba76cd288932f6411293f6c22d3f9e1c24105550cf5e77761a5a98201703862d479c125134db8a97758b9f6ba8dd3d0fbb65b94dd3e35fbdbb7ab75e1b0c00b428c57d541888594a35b532e6e059043b79927908ff5582421e31db0a56d920781c71e2732fd24e11175f9120e88efa83fed2762f1b238f99c313dc36a9181a92cc18fc71dcda9ecac7cb4e6baa413de094406a1041aee321a2650b55856c95feba59382c8463e4f9c7bd3c10b29726d08ea1fd8e2d1fd86597b738d07301f315bd00385b7f477f590c4b4e8e1112fe2d8f134687714bc23e1ee7ad64086f67f37ae5a07bc45d817286176d2f8c9e98212a513c4e42f6418bcec3aa77b45d9e827a8a53e3db97ed830a8811d8d1876d2eb306c78c0471d380291debf1f888db50e3c303e9e57b6004ed575e74a8783dfaff72117dafa49caa8e68382be2023b08ba063f524905f95ef66268fabb63f8eb2bc3c5f74ba442d7f8a1113efeabb57db06373a49edca8728412b57d93b7bb6b367175bc11f291260c5b69e5928c64b614c82d69abab7e97bc150445e91644f7f0abe26248a046c074a56eac233ad83b6705cb11b9470b1503576026671fcfa9b7f681f21a8b7be8159dd3426586290483b94782182c97885758dbab6c4b9ac07b543ee03e09fa27dd5952efeab87227e842785acd7c06a981c23a0326f54858b59e36cf3fcc4d0ea767dbff877b", 0x1000}], 0x2, 0x0, 0x0, 0x20004881}, 0x20000010)
r9 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000440)={0x0, @private=0xa010102, 0x4e21, 0x1, 'ovf\x00', 0x8, 0x7, 0x57}, 0x2c)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x1)
fchdir(r10)
r11 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x10100, 0x0)
getdents64(r11, &(0x7f0000000040)=""/53, 0x2457a0be381e3a04)

0s ago: executing program 37 (id=2838):
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x65c})
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000005c000000000000000f00e035200000000f22e0"], 0x5c})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r0, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa8, 0x0, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="010000000000000050000000000000000f080f0866ba2100b8db000000ef450f22c2"], 0x296})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

ver after parsing attributes in process `syz.5.2168'.
[  754.549812][   T30] audit: type=1400 audit(2000004629.466:321): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13439 comm="syz.3.2175" daddr=::ffff:172.20.20.170
[  755.098328][T13449] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2175'.
[  755.262178][ T5815] usb 2-1: USB disconnect, device number 62
[  756.391007][T13478] FAULT_INJECTION: forcing a failure.
[  756.391007][T13478] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  756.445596][T13478] CPU: 1 UID: 0 PID: 13478 Comm: syz.4.2183 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  756.445628][T13478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  756.445641][T13478] Call Trace:
[  756.445650][T13478]  <TASK>
[  756.445660][T13478]  dump_stack_lvl+0x189/0x250
[  756.445696][T13478]  ? __pfx____ratelimit+0x10/0x10
[  756.445724][T13478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.445755][T13478]  ? __pfx__printk+0x10/0x10
[  756.445790][T13478]  should_fail_ex+0x414/0x560
[  756.445824][T13478]  _copy_to_user+0x31/0xb0
[  756.445849][T13478]  simple_read_from_buffer+0xe1/0x170
[  756.445883][T13478]  proc_fail_nth_read+0x1df/0x250
[  756.445917][T13478]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.445952][T13478]  ? rw_verify_area+0x258/0x650
[  756.445974][T13478]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  756.446006][T13478]  vfs_read+0x1fd/0x980
[  756.446036][T13478]  ? __pfx___mutex_lock+0x10/0x10
[  756.446065][T13478]  ? __pfx_vfs_read+0x10/0x10
[  756.446091][T13478]  ? __fget_files+0x2a/0x420
[  756.446126][T13478]  ? __fget_files+0x3a0/0x420
[  756.446154][T13478]  ? __fget_files+0x2a/0x420
[  756.446192][T13478]  ksys_read+0x145/0x250
[  756.446221][T13478]  ? __pfx_ksys_read+0x10/0x10
[  756.446242][T13478]  ? rcu_is_watching+0x15/0xb0
[  756.446298][T13478]  ? do_syscall_64+0xbe/0x3b0
[  756.446331][T13478]  do_syscall_64+0xfa/0x3b0
[  756.446357][T13478]  ? lockdep_hardirqs_on+0x9c/0x150
[  756.446383][T13478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.446404][T13478]  ? clear_bhb_loop+0x60/0xb0
[  756.446430][T13478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.446451][T13478] RIP: 0033:0x7fa371b8d33c
[  756.446471][T13478] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  756.446489][T13478] RSP: 002b:00007fa37297f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  756.446512][T13478] RAX: ffffffffffffffda RBX: 00007fa371db5fa0 RCX: 00007fa371b8d33c
[  756.446527][T13478] RDX: 000000000000000f RSI: 00007fa37297f0a0 RDI: 0000000000000004
[  756.446540][T13478] RBP: 00007fa37297f090 R08: 0000000000000000 R09: 0000000000000000
[  756.446552][T13478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  756.446565][T13478] R13: 0000000000000000 R14: 00007fa371db5fa0 R15: 00007ffd2c5e4b78
[  756.446598][T13478]  </TASK>
[  760.028040][T13514] netlink: 'syz.0.2189': attribute type 10 has an invalid length.
[  760.113337][T13514] team0: Device ipvlan1 failed to register rx_handler
[  760.544936][T13518] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  761.482712][ T5898] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  761.760354][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  761.782617][ T5898] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  761.813856][ T5898] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  761.996563][ T5898] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  762.011168][ T5898] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.028871][ T5898] usb 6-1: config 0 descriptor??
[  762.125630][T13543] FAULT_INJECTION: forcing a failure.
[  762.125630][T13543] name failslab, interval 1, probability 0, space 0, times 0
[  762.138943][T13543] CPU: 1 UID: 0 PID: 13543 Comm: syz.1.2196 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  762.138983][T13543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  762.138996][T13543] Call Trace:
[  762.139007][T13543]  <TASK>
[  762.139017][T13543]  dump_stack_lvl+0x189/0x250
[  762.139054][T13543]  ? __pfx____ratelimit+0x10/0x10
[  762.139082][T13543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  762.139113][T13543]  ? __pfx__printk+0x10/0x10
[  762.139153][T13543]  should_fail_ex+0x414/0x560
[  762.139188][T13543]  should_failslab+0xa8/0x100
[  762.139219][T13543]  __kmalloc_cache_noprof+0x70/0x3d0
[  762.139247][T13543]  ? tipc_group_create+0xa1/0x500
[  762.139282][T13543]  tipc_group_create+0xa1/0x500
[  762.139322][T13543]  tipc_sk_join+0x24d/0x6b0
[  762.139361][T13543]  ? __pfx_tipc_sk_join+0x10/0x10
[  762.139400][T13543]  tipc_setsockopt+0x735/0x970
[  762.139433][T13543]  ? __pfx_tipc_setsockopt+0x10/0x10
[  762.139467][T13543]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  762.139507][T13543]  ? __pfx_tipc_setsockopt+0x10/0x10
[  762.139534][T13543]  do_sock_setsockopt+0x257/0x3e0
[  762.139560][T13543]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  762.139588][T13543]  ? __fget_files+0x2a/0x420
[  762.139628][T13543]  __x64_sys_setsockopt+0x18b/0x220
[  762.139657][T13543]  do_syscall_64+0xfa/0x3b0
[  762.139688][T13543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.139709][T13543]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  762.139729][T13543]  ? clear_bhb_loop+0x60/0xb0
[  762.139756][T13543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.139777][T13543] RIP: 0033:0x7f1d0c18e929
[  762.139797][T13543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  762.139817][T13543] RSP: 002b:00007f1d0cf52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  762.139840][T13543] RAX: ffffffffffffffda RBX: 00007f1d0c3b6160 RCX: 00007f1d0c18e929
[  762.139855][T13543] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000005
[  762.139868][T13543] RBP: 00007f1d0cf52090 R08: 0000000000000010 R09: 0000000000000000
[  762.139881][T13543] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  762.139894][T13543] R13: 0000000000000000 R14: 00007f1d0c3b6160 R15: 00007ffe7f9431d8
[  762.139929][T13543]  </TASK>
[  762.504230][T13530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  762.655586][T13530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  763.046532][T13532] syz.4.2194 (13532) used greatest stack depth: 16168 bytes left
[  763.840532][ T5898] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving
[  763.921986][ T5898] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  764.964428][T13575] dummy0: entered promiscuous mode
[  764.970348][T13575] macsec1: entered promiscuous mode
[  764.975898][T13575] macsec1: entered allmulticast mode
[  764.984783][T13575] dummy0: entered allmulticast mode
[  765.716927][T13579] Cannot find del_set index 2 as target
[  765.734571][ T9344] usb 6-1: USB disconnect, device number 3
[  765.816972][T13575] dummy0: left allmulticast mode
[  765.831633][T13575] dummy0: left promiscuous mode
[  766.724998][T13600] netlink: 'syz.5.2208': attribute type 1 has an invalid length.
[  769.165673][T13634] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2214'.
[  770.126877][T13661] FAULT_INJECTION: forcing a failure.
[  770.126877][T13661] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  770.143977][T13661] CPU: 0 UID: 0 PID: 13661 Comm: syz.5.2222 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  770.144009][T13661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  770.144023][T13661] Call Trace:
[  770.144031][T13661]  <TASK>
[  770.144040][T13661]  dump_stack_lvl+0x189/0x250
[  770.144077][T13661]  ? __pfx____ratelimit+0x10/0x10
[  770.144104][T13661]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.144134][T13661]  ? __pfx__printk+0x10/0x10
[  770.144156][T13661]  ? __asan_memcpy+0x40/0x70
[  770.144186][T13661]  should_fail_ex+0x414/0x560
[  770.144219][T13661]  _copy_to_user+0x31/0xb0
[  770.144242][T13661]  bpf_verifier_vlog+0x3ba/0x900
[  770.144280][T13661]  __btf_verifier_log+0xd4/0x120
[  770.144313][T13661]  ? __pfx___btf_verifier_log+0x10/0x10
[  770.144337][T13661]  ? __might_fault+0xb0/0x130
[  770.144367][T13661]  ? btf_parse_hdr+0x1e2/0x6d0
[  770.144393][T13661]  btf_parse_hdr+0x2ad/0x6d0
[  770.144419][T13661]  btf_new_fd+0x36d/0xc90
[  770.144452][T13661]  ? __pfx_btf_new_fd+0x10/0x10
[  770.144475][T13661]  ? bpf_token_put+0x143/0x160
[  770.144500][T13661]  ? bpf_btf_load+0x126/0x190
[  770.144529][T13661]  __sys_bpf+0x635/0x860
[  770.144558][T13661]  ? __pfx___sys_bpf+0x10/0x10
[  770.144600][T13661]  ? ksys_write+0x22a/0x250
[  770.144627][T13661]  ? __pfx_ksys_write+0x10/0x10
[  770.144649][T13661]  ? rcu_is_watching+0x15/0xb0
[  770.144688][T13661]  __x64_sys_bpf+0x7c/0x90
[  770.144720][T13661]  do_syscall_64+0xfa/0x3b0
[  770.144746][T13661]  ? lockdep_hardirqs_on+0x9c/0x150
[  770.144771][T13661]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.144792][T13661]  ? clear_bhb_loop+0x60/0xb0
[  770.144817][T13661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.144837][T13661] RIP: 0033:0x7f161218e929
[  770.144856][T13661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.144872][T13661] RSP: 002b:00007f1612f51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  770.144894][T13661] RAX: ffffffffffffffda RBX: 00007f16123b5fa0 RCX: 00007f161218e929
[  770.144909][T13661] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 0000000000000012
[  770.144922][T13661] RBP: 00007f1612f51090 R08: 0000000000000000 R09: 0000000000000000
[  770.144934][T13661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  770.144946][T13661] R13: 0000000000000000 R14: 00007f16123b5fa0 R15: 00007ffdaf680f88
[  770.144979][T13661]  </TASK>
[  770.388996][    C0] vkms_vblank_simulate: vblank timer overrun
[  770.540612][ T9344] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  770.692564][ T9344] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  770.722541][ T9344] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  770.741729][ T9344] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  770.760527][ T9344] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.991252][ T5815] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  771.067524][T13656] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  771.079711][ T9344] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  771.103349][T13682] netlink: 'syz.3.2230': attribute type 10 has an invalid length.
[  771.153228][ T5815] usb 6-1: Using ep0 maxpacket: 8
[  771.181819][ T5815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  771.217300][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  771.248558][ T5815] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  771.530101][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  771.551401][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  771.563750][ T5815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  771.577352][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  771.591533][ T5815] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  772.124316][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  772.136049][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  772.148761][ T5815] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  772.177780][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  772.223615][ T5815] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  772.269472][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  772.312434][ T5815] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  772.341682][ T5815] usb 6-1: string descriptor 0 read error: -22
[  772.348503][ T5815] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  772.363041][ T5815] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.384046][ T5815] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  772.435322][T13697] netlink: set zone limit has 4 unknown bytes
[  772.694619][ T5815] usb 6-1: USB disconnect, device number 4
[  772.983890][T13713] 9pnet_fd: Insufficient options for proto=fd
[  773.091692][T13717] syz2: rxe_newlink: already configured on lo
[  773.816928][ T9344] usb 2-1: USB disconnect, device number 63
[  774.949125][   T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  775.360500][   T10] usb 6-1: Using ep0 maxpacket: 16
[  775.482582][   T10] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  775.571587][   T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40
[  775.605403][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.668861][   T10] usb 6-1: Product: syz
[  775.712883][   T10] usb 6-1: Manufacturer: syz
[  775.757393][   T10] usb 6-1: SerialNumber: syz
[  775.802767][ T9344] usb 5-1: new full-speed USB device number 52 using dummy_hcd
[  776.120674][ T9344] usb 5-1: unable to get BOS descriptor or descriptor too short
[  776.154348][   T10] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input26
[  776.255328][ T9344] usb 5-1: not running at top speed; connect to a high speed hub
[  776.422364][ T9344] usb 5-1: config 8 has an invalid interface number: 24 but max is 0
[  776.571781][ T5178] bcm5974 6-1:1.0: could not read from device
[  776.747002][ T9344] usb 5-1: config 8 has no interface number 0
[  776.753430][ T9344] usb 5-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 64
[  776.771762][ T9344] usb 5-1: config 8 interface 24 has no altsetting 0
[  776.787745][   T10] usb 6-1: USB disconnect, device number 5
[  776.802200][ T9344] usb 5-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[  776.811401][ T9344] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.819436][ T9344] usb 5-1: Product: syz
[  776.823730][ T9344] usb 5-1: Manufacturer: syz
[  776.828359][ T9344] usb 5-1: SerialNumber: syz
[  776.887567][ T5178] bcm5974 6-1:1.0: could not read from device
[  777.042703][T13741] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  777.539346][T13760] rdma_rxe: rxe_newlink: failed to add lo
[  778.530669][T13286] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  778.756104][T13286] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  779.291693][T13286] usb 6-1: config 0 has no interfaces?
[  779.297471][T13286] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  779.306759][T13286] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.327327][T13286] usb 6-1: config 0 descriptor??
[  779.505746][T13775] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2255'.
[  779.519944][T13773] bridge_slave_0: left allmulticast mode
[  779.588659][T13773] bridge_slave_0: left promiscuous mode
[  779.686646][ T9344] comedi comedi0: driver 'vmk80xx' has successfully auto-configured 'K8055 (VM110)'.
[  779.756929][T13773] bridge0: port 1(bridge_slave_0) entered disabled state
[  779.764520][ T9344] usb 5-1: USB disconnect, device number 52
[  779.980990][T13773] bridge_slave_1: left allmulticast mode
[  780.478376][T13773] bridge_slave_1: left promiscuous mode
[  780.485063][T13773] bridge0: port 2(bridge_slave_1) entered disabled state
[  780.539160][T13773] team_slave_0: left promiscuous mode
[  780.549276][T13286] usb 6-1: USB disconnect, device number 6
[  780.587447][T13773] team0: Port device team_slave_0 removed
[  780.615913][T13773] team_slave_1: left promiscuous mode
[  780.632788][T13773] team0: Port device team_slave_1 removed
[  780.640657][T13773] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  780.648354][T13773] batman_adv: batadv0: Removing interface: batadv_slave_0
[  780.649519][T13789] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2258'.
[  780.668431][T13773] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  780.676680][T13773] batman_adv: batadv0: Removing interface: batadv_slave_1
[  780.710968][T13789] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2258'.
[  781.610063][T13286] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  782.649918][T13286] usb 5-1: Using ep0 maxpacket: 32
[  782.670884][T13286] usb 5-1: no configurations
[  782.675595][T13286] usb 5-1: can't read configurations, error -22
[  782.926483][T13286] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  782.949953][ T9344] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  783.226399][T13832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2267'.
[  783.950250][T13286] usb 5-1: Using ep0 maxpacket: 32
[  783.963373][T13286] usb 5-1: no configurations
[  783.969231][T13286] usb 5-1: can't read configurations, error -22
[  783.982100][ T9344] usb 6-1: Using ep0 maxpacket: 8
[  783.990399][T13286] usb usb5-port1: attempt power cycle
[  784.004804][ T9344] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  784.025001][ T9344] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.053266][ T9344] usb 6-1: config 0 descriptor??
[  784.349998][T13286] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  784.380718][T13286] usb 5-1: Using ep0 maxpacket: 32
[  784.391247][T13286] usb 5-1: no configurations
[  784.400339][T13286] usb 5-1: can't read configurations, error -22
[  784.540833][T13286] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  784.557835][T13857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2273'.
[  784.939812][T13286] usb 5-1: device not accepting address 56, error -71
[  784.947273][T13286] usb usb5-port1: unable to enumerate USB device
[  785.257509][T13286] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  786.117730][T13286] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  786.117773][T13286] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  786.117816][T13286] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  786.117841][T13286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.124518][T13861] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  786.128329][T13286] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  786.542529][T13857] tty tty23: ldisc open failed (-12), clearing slot 22
[  786.969368][ T9344] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  787.007641][ T9344] asix 6-1:0.0: probe with driver asix failed with error -71
[  787.549041][ T9344] usb 6-1: USB disconnect, device number 7
[  788.696914][ T9344] usb 5-1: USB disconnect, device number 57
[  789.261561][T13906] netlink: 'syz.3.2284': attribute type 10 has an invalid length.
[  791.970125][   T30] audit: type=1400 audit(2000004666.888:322): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=13929 comm="syz.3.2291" dest=2
[  792.087717][T13931] team_slave_0: entered promiscuous mode
[  792.094030][T13931] team_slave_1: entered promiscuous mode
[  792.285532][T13943] vlan0: entered promiscuous mode
[  793.283032][ T9344] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  793.607645][T13962] FAULT_INJECTION: forcing a failure.
[  793.607645][T13962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  793.621017][T13962] CPU: 0 UID: 0 PID: 13962 Comm: syz.1.2299 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  793.621044][T13962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  793.621058][T13962] Call Trace:
[  793.621066][T13962]  <TASK>
[  793.621075][T13962]  dump_stack_lvl+0x189/0x250
[  793.621112][T13962]  ? __pfx____ratelimit+0x10/0x10
[  793.621140][T13962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  793.621169][T13962]  ? __pfx__printk+0x10/0x10
[  793.621191][T13962]  ? __might_fault+0xb0/0x130
[  793.621229][T13962]  should_fail_ex+0x414/0x560
[  793.621266][T13962]  _copy_from_user+0x2d/0xb0
[  793.621288][T13962]  get_timespec64+0x8e/0x1a0
[  793.621314][T13962]  ? __pfx_get_timespec64+0x10/0x10
[  793.621353][T13962]  __x64_sys_mq_timedreceive+0x133/0x210
[  793.621385][T13962]  ? __pfx___x64_sys_mq_timedreceive+0x10/0x10
[  793.621420][T13962]  ? do_syscall_64+0xbe/0x3b0
[  793.621451][T13962]  do_syscall_64+0xfa/0x3b0
[  793.621479][T13962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.621500][T13962]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  793.621548][T13962]  ? clear_bhb_loop+0x60/0xb0
[  793.621574][T13962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.621594][T13962] RIP: 0033:0x7f1d0c18e929
[  793.621613][T13962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  793.621632][T13962] RSP: 002b:00007f1d0cf52038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f3
[  793.621654][T13962] RAX: ffffffffffffffda RBX: 00007f1d0c3b6160 RCX: 00007f1d0c18e929
[  793.621670][T13962] RDX: 00000000000000a2 RSI: 0000200000000400 RDI: ffffffffffffffff
[  793.621685][T13962] RBP: 00007f1d0cf52090 R08: 00002000000001c0 R09: 0000000000000000
[  793.621699][T13962] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001
[  793.621712][T13962] R13: 0000000000000000 R14: 00007f1d0c3b6160 R15: 00007ffe7f9431d8
[  793.621745][T13962]  </TASK>
[  794.003449][T13960] netlink: 'syz.3.2302': attribute type 10 has an invalid length.
[  794.034177][T13960] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2302'.
[  794.809058][T13960] batman_adv: batadv0: Adding interface: virt_wifi0
[  794.815987][T13960] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  794.855583][T13960] batman_adv: batadv0: Interface activated: virt_wifi0
[  794.880152][ T9344] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  794.905914][ T9344] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  794.923098][T13967] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  794.929551][T13967] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  794.937666][ T9344] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  794.957498][ T9344] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.974895][T13946] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  795.005445][ T9344] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  795.031528][T13967] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  795.037651][T13967] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  795.048436][T13967] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  795.059520][T13967] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  795.072973][T13967] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  795.079298][T13967] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  795.100228][T13967] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  795.496742][T13979] program syz.4.2305 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  796.270101][T13985] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  796.318809][T13985] overlayfs: overlapping lowerdir path
[  796.989162][T12977] Bluetooth: hci2: command 0x0406 tx timeout
[  797.069331][T12977] Bluetooth: hci4: command 0x0406 tx timeout
[  797.069361][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  797.149092][ T5840] Bluetooth: hci5: command 0x0405 tx timeout
[  797.682758][T13107] usb 6-1: USB disconnect, device number 8
[  799.069066][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  799.149282][ T5840] Bluetooth: hci4: command 0x0406 tx timeout
[  799.150891][T12977] Bluetooth: hci3: command 0x0406 tx timeout
[  799.232783][T12977] Bluetooth: hci5: command 0x0405 tx timeout
[  799.259328][T13107] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  799.740901][ T5815] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  799.761533][T13107] usb 2-1: config 127 has an invalid interface number: 3 but max is 0
[  799.769985][T13107] usb 2-1: config 127 has no interface number 0
[  799.780275][T13107] usb 2-1: New USB device found, idVendor=1199, idProduct=0112, bcdDevice=16.15
[  799.806545][T13107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.831789][T13107] sierra 2-1:127.3: Sierra USB modem converter detected
[  799.878955][ T5815] usb 6-1: device descriptor read/64, error -71
[  800.030292][T14006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2312'.
[  800.333181][ T5815] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  800.412827][T14006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  800.490738][   T24] hid-generic FFFA:0008:0008.0012: unknown main item tag 0x4
[  800.527927][T14006] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  800.531172][   T24] hid-generic FFFA:0008:0008.0012: hidraw0: <UNKNOWN> HID v7fffff.ff Device [syz1] on syz0
[  800.569263][ T5815] usb 6-1: device descriptor read/64, error -71
[  800.665309][T13107] usb 2-1: Sierra USB modem converter now attached to ttyUSB0
[  800.682101][ T5815] usb usb6-port1: attempt power cycle
[  800.701821][T13107] usb 2-1: USB disconnect, device number 64
[  800.722255][T13107] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  800.771896][T13107] sierra 2-1:127.3: device disconnected
[  800.808611][T14036] fido_id[14036]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  800.901155][   T24] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[  801.038909][ T5815] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  801.076489][   T24] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  801.090510][ T5815] usb 6-1: device descriptor read/8, error -71
[  801.113508][   T24] usb 5-1: config 1 interface 0 has no altsetting 0
[  801.127075][   T24] usb 5-1: New USB device found, idVendor=056a, idProduct=00ef, bcdDevice= 0.40
[  801.146617][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.180242][   T24] usb 5-1: Product: с
[  801.184491][   T24] usb 5-1: Manufacturer: э
[  801.203089][   T24] usb 5-1: SerialNumber: 㠊
[  801.244265][T14037] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  801.318015][T12977] Bluetooth: hci5: command 0x0405 tx timeout
[  801.339311][ T5815] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  801.424011][ T5815] usb 6-1: device descriptor read/8, error -71
[  801.559629][ T5815] usb usb6-port1: unable to enumerate USB device
[  801.791429][T14037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.800547][T14037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  801.937764][T14068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.968842][T14073] FAULT_INJECTION: forcing a failure.
[  801.968842][T14073] name failslab, interval 1, probability 0, space 0, times 0
[  801.994296][T14068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  802.655804][T14069] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2323'.
[  802.686853][T14068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  802.698075][T14073] CPU: 0 UID: 0 PID: 14073 Comm: syz.0.2324 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  802.698105][T14073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  802.698119][T14073] Call Trace:
[  802.698129][T14073]  <TASK>
[  802.698138][T14073]  dump_stack_lvl+0x189/0x250
[  802.698174][T14073]  ? __pfx____ratelimit+0x10/0x10
[  802.698203][T14073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  802.698235][T14073]  ? __pfx__printk+0x10/0x10
[  802.698263][T14073]  ? __pfx___might_resched+0x10/0x10
[  802.698294][T14073]  ? fs_reclaim_acquire+0x7d/0x100
[  802.698331][T14073]  should_fail_ex+0x414/0x560
[  802.698365][T14073]  should_failslab+0xa8/0x100
[  802.698396][T14073]  __kmalloc_noprof+0xcb/0x4f0
[  802.698422][T14073]  ? snd_pcm_hw_refine+0x967/0x1640
[  802.698450][T14073]  snd_pcm_hw_refine+0x967/0x1640
[  802.698492][T14073]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  802.698553][T14073]  ? __kasan_kmalloc+0x93/0xb0
[  802.698590][T14073]  snd_pcm_oss_change_params_locked+0xd22/0x3e40
[  802.698642][T14073]  ? trace_contention_end+0x39/0x120
[  802.698680][T14073]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  802.698720][T14073]  ? snd_pcm_oss_get_active_substream+0x136/0x280
[  802.698764][T14073]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  802.698806][T14073]  snd_pcm_oss_get_active_substream+0x1e2/0x280
[  802.698843][T14073]  snd_pcm_oss_set_rate+0x1bc/0x4e0
[  802.698877][T14073]  snd_pcm_oss_ioctl+0xc2e/0xdd0
[  802.698907][T14073]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  802.698936][T14073]  __se_sys_ioctl+0xfc/0x170
[  802.698964][T14073]  do_syscall_64+0xfa/0x3b0
[  802.698990][T14073]  ? lockdep_hardirqs_on+0x9c/0x150
[  802.699015][T14073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.699036][T14073]  ? clear_bhb_loop+0x60/0xb0
[  802.699063][T14073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  802.699083][T14073] RIP: 0033:0x7f74b998e929
[  802.699103][T14073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.699123][T14073] RSP: 002b:00007f74ba860038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  802.699146][T14073] RAX: ffffffffffffffda RBX: 00007f74b9bb5fa0 RCX: 00007f74b998e929
[  802.699161][T14073] RDX: 0000200000000040 RSI: 00000000c0045002 RDI: 0000000000000003
[  802.699174][T14073] RBP: 00007f74ba860090 R08: 0000000000000000 R09: 0000000000000000
[  802.699187][T14073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  802.699200][T14073] R13: 0000000000000000 R14: 00007f74b9bb5fa0 R15: 00007ffc9c82c718
[  802.699233][T14073]  </TASK>
[  802.732341][T14068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  803.323098][T14085] FAULT_INJECTION: forcing a failure.
[  803.323098][T14085] name failslab, interval 1, probability 0, space 0, times 0
[  803.367683][T14085] CPU: 1 UID: 0 PID: 14085 Comm: syz.1.2326 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  803.367715][T14085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  803.367729][T14085] Call Trace:
[  803.367738][T14085]  <TASK>
[  803.367749][T14085]  dump_stack_lvl+0x189/0x250
[  803.367787][T14085]  ? __pfx____ratelimit+0x10/0x10
[  803.367818][T14085]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.367849][T14085]  ? __pfx__printk+0x10/0x10
[  803.367878][T14085]  ? __pfx___might_resched+0x10/0x10
[  803.367921][T14085]  ? fs_reclaim_acquire+0x7d/0x100
[  803.367958][T14085]  should_fail_ex+0x414/0x560
[  803.367992][T14085]  should_failslab+0xa8/0x100
[  803.368023][T14085]  __kmalloc_noprof+0xcb/0x4f0
[  803.368048][T14085]  ? kfree+0x4d/0x440
[  803.368069][T14085]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  803.368108][T14085]  tomoyo_realpath_from_path+0xe3/0x5d0
[  803.368143][T14085]  ? tomoyo_domain+0xda/0x130
[  803.368170][T14085]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  803.368197][T14085]  tomoyo_path_number_perm+0x1e8/0x5a0
[  803.368228][T14085]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  803.368276][T14085]  ? __lock_acquire+0xab9/0xd20
[  803.368328][T14085]  ? __fget_files+0x2a/0x420
[  803.368361][T14085]  ? __fget_files+0x2a/0x420
[  803.368388][T14085]  ? __fget_files+0x3a0/0x420
[  803.368415][T14085]  ? __fget_files+0x2a/0x420
[  803.368449][T14085]  security_file_ioctl+0xcb/0x2d0
[  803.368480][T14085]  __se_sys_ioctl+0x47/0x170
[  803.368508][T14085]  do_syscall_64+0xfa/0x3b0
[  803.368535][T14085]  ? lockdep_hardirqs_on+0x9c/0x150
[  803.368561][T14085]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.368583][T14085]  ? clear_bhb_loop+0x60/0xb0
[  803.368609][T14085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.368628][T14085] RIP: 0033:0x7f1d0c18e929
[  803.368647][T14085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.368664][T14085] RSP: 002b:00007f1d0cf94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  803.368686][T14085] RAX: ffffffffffffffda RBX: 00007f1d0c3b5fa0 RCX: 00007f1d0c18e929
[  803.368701][T14085] RDX: 0000200000000280 RSI: 00000000c0585609 RDI: 0000000000000003
[  803.368714][T14085] RBP: 00007f1d0cf94090 R08: 0000000000000000 R09: 0000000000000000
[  803.368726][T14085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  803.368738][T14085] R13: 0000000000000000 R14: 00007f1d0c3b5fa0 R15: 00007ffe7f9431d8
[  803.368771][T14085]  </TASK>
[  803.620136][T14085] ERROR: Out of memory at tomoyo_realpath_from_path.
[  803.891554][   T24] usbhid 5-1:1.0: can't add hid device: -71
[  803.897649][   T24] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  803.929004][   T24] usb 5-1: USB disconnect, device number 58
[  804.542377][T13286] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  804.749755][T13286] usb 6-1: Using ep0 maxpacket: 16
[  804.763839][T13286] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  804.783414][T13286] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40
[  804.824170][T13286] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.854786][T13286] usb 6-1: Product: syz
[  804.873815][T13286] usb 6-1: Manufacturer: syz
[  804.878501][T13286] usb 6-1: SerialNumber: syz
[  804.937290][T13286] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input27
[  805.906471][ T5178] bcm5974 6-1:1.0: could not read from device
[  805.969039][ T5178] bcm5974 6-1:1.0: could not read from device
[  806.003087][T13286] usb 6-1: USB disconnect, device number 13
[  806.014634][ T5178] bcm5974 6-1:1.0: could not read from device
[  807.028690][T13286] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  807.200528][T13286] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  807.220668][T13286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.238763][T13286] usb 2-1: config 0 descriptor??
[  807.256033][T13286] cp210x 2-1:0.0: cp210x converter detected
[  807.554679][ T5815] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  807.732046][ T5815] usb 5-1: Using ep0 maxpacket: 32
[  807.806204][T13286] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  807.807993][ T5815] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  807.938856][ T5815] usb 5-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  807.949719][ T5815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.962427][ T5815] usb 5-1: config 0 descriptor??
[  808.030722][T13286] usb 2-1: cp210x converter now attached to ttyUSB0
[  808.099657][T13286] usb 2-1: USB disconnect, device number 65
[  808.137770][T13286] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  808.271374][T13286] cp210x 2-1:0.0: device disconnected
[  808.445093][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  808.452007][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  808.462402][T14166] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  808.470211][T14166] IPv6: NLM_F_CREATE should be set when creating new route
[  808.477571][T14166] IPv6: NLM_F_CREATE should be set when creating new route
[  808.484935][T14166] IPv6: NLM_F_CREATE should be set when creating new route
[  808.562038][ T5815] stadia 0003:18D1:9400.0013: unknown main item tag 0x6
[  808.600769][ T5815] stadia 0003:18D1:9400.0013: item fetching failed at offset 1/4
[  808.628127][ T5815] stadia 0003:18D1:9400.0013: parse failed
[  808.657872][ T5815] stadia 0003:18D1:9400.0013: probe with driver stadia failed with error -22
[  809.918724][   T10] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  810.668539][   T10] usb 2-1: Using ep0 maxpacket: 8
[  810.700281][   T10] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  810.749632][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.805997][   T10] usb 2-1: config 0 descriptor??
[  810.821873][ T9344] usb 5-1: USB disconnect, device number 59
[  811.179113][ T9344] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  812.143332][ T9344] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  812.208717][ T9344] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  812.233736][ T9344] usb 5-1: config 0 descriptor??
[  812.267430][ T9344] cp210x 5-1:0.0: cp210x converter detected
[  812.900179][ T9344] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  813.007019][T14217] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2369'.
[  813.018392][ T9344] usb 5-1: cp210x converter now attached to ttyUSB0
[  813.193053][T14227] IPv6: Can't replace route, no match found
[  813.640748][ T9344] usb 5-1: USB disconnect, device number 60
[  814.025488][ T9344] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  814.109951][ T9344] cp210x 5-1:0.0: device disconnected
[  814.702146][T14242] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2373'.
[  815.306462][   T10] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  815.318739][   T10] asix 2-1:0.0: probe with driver asix failed with error -71
[  815.398607][   T10] usb 2-1: USB disconnect, device number 66
[  815.515609][T14249] FAULT_INJECTION: forcing a failure.
[  815.515609][T14249] name failslab, interval 1, probability 0, space 0, times 0
[  815.664143][T14249] CPU: 0 UID: 0 PID: 14249 Comm: syz.5.2379 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  815.664176][T14249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  815.664190][T14249] Call Trace:
[  815.664200][T14249]  <TASK>
[  815.664211][T14249]  dump_stack_lvl+0x189/0x250
[  815.664250][T14249]  ? __pfx____ratelimit+0x10/0x10
[  815.664278][T14249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  815.664310][T14249]  ? __pfx__printk+0x10/0x10
[  815.664339][T14249]  ? __pfx___might_resched+0x10/0x10
[  815.664373][T14249]  ? fs_reclaim_acquire+0x7d/0x100
[  815.664409][T14249]  should_fail_ex+0x414/0x560
[  815.664443][T14249]  should_failslab+0xa8/0x100
[  815.664475][T14249]  __kmalloc_cache_noprof+0x70/0x3d0
[  815.664501][T14249]  ? tcx_entry_fetch_or_create+0x236/0x380
[  815.664541][T14249]  tcx_entry_fetch_or_create+0x236/0x380
[  815.664585][T14249]  ingress_init+0xb2/0x370
[  815.664619][T14249]  ? __pfx_ingress_init+0x10/0x10
[  815.664660][T14249]  qdisc_create+0x7a9/0xea0
[  815.664700][T14249]  tc_modify_qdisc+0x175e/0x2010
[  815.664746][T14249]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  815.664811][T14249]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  815.664839][T14249]  rtnetlink_rcv_msg+0x779/0xb70
[  815.664875][T14249]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  815.664904][T14249]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  815.664943][T14249]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  815.664982][T14249]  netlink_rcv_skb+0x208/0x470
[  815.665014][T14249]  ? rcu_is_watching+0x15/0xb0
[  815.665045][T14249]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  815.665078][T14249]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  815.665126][T14249]  ? netlink_deliver_tap+0x2e/0x1b0
[  815.665158][T14249]  netlink_unicast+0x75b/0x8d0
[  815.665202][T14249]  netlink_sendmsg+0x805/0xb30
[  815.665236][T14249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  815.665267][T14249]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  815.665294][T14249]  ? __pfx_netlink_sendmsg+0x10/0x10
[  815.665317][T14249]  __sock_sendmsg+0x21c/0x270
[  815.665350][T14249]  ____sys_sendmsg+0x505/0x830
[  815.665380][T14249]  ? __pfx_____sys_sendmsg+0x10/0x10
[  815.665416][T14249]  ? import_iovec+0x74/0xa0
[  815.665443][T14249]  ___sys_sendmsg+0x21f/0x2a0
[  815.665469][T14249]  ? __pfx____sys_sendmsg+0x10/0x10
[  815.665536][T14249]  ? __fget_files+0x2a/0x420
[  815.665565][T14249]  ? __fget_files+0x3a0/0x420
[  815.665607][T14249]  __x64_sys_sendmsg+0x19b/0x260
[  815.665634][T14249]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  815.665676][T14249]  ? __pfx_ksys_write+0x10/0x10
[  815.665699][T14249]  ? rcu_is_watching+0x15/0xb0
[  815.665736][T14249]  ? do_syscall_64+0xbe/0x3b0
[  815.665769][T14249]  do_syscall_64+0xfa/0x3b0
[  815.665797][T14249]  ? lockdep_hardirqs_on+0x9c/0x150
[  815.665823][T14249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.665844][T14249]  ? clear_bhb_loop+0x60/0xb0
[  815.665871][T14249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.665892][T14249] RIP: 0033:0x7f161218e929
[  815.665913][T14249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  815.665930][T14249] RSP: 002b:00007f1612f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  815.665954][T14249] RAX: ffffffffffffffda RBX: 00007f16123b5fa0 RCX: 00007f161218e929
[  815.665970][T14249] RDX: 0000000000044080 RSI: 0000200000000040 RDI: 0000000000000003
[  815.665984][T14249] RBP: 00007f1612f51090 R08: 0000000000000000 R09: 0000000000000000
[  815.665998][T14249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  815.666010][T14249] R13: 0000000000000000 R14: 00007f16123b5fa0 R15: 00007ffdaf680f88
[  815.666045][T14249]  </TASK>
[  817.008346][T14255] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2380'.
[  820.278628][T14269] netlink: 'syz.0.2384': attribute type 4 has an invalid length.
[  820.323025][   T10] lo speed is unknown, defaulting to 1000
[  820.330827][T14269] netlink: 'syz.0.2384': attribute type 4 has an invalid length.
[  820.354168][   T10] syz2: Port: 1 Link DOWN
[  820.365907][T14042] lo speed is unknown, defaulting to 1000
[  820.407758][   T30] audit: type=1400 audit(2000004695.280:323): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=14270 comm="syz.3.2385"
[  820.424003][ T9344] lo speed is unknown, defaulting to 1000
[  820.457883][T14042] lo speed is unknown, defaulting to 1000
[  820.537770][   T30] audit: type=1326 audit(2000004695.450:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  820.656040][   T30] audit: type=1326 audit(2000004695.450:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  820.727029][   T30] audit: type=1326 audit(2000004695.540:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  820.777961][   T30] audit: type=1326 audit(2000004695.550:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  820.833133][   T30] audit: type=1326 audit(2000004695.550:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  820.923514][   T30] audit: type=1326 audit(2000004695.550:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  820.928191][   T10] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  820.958577][T14042] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  820.961012][   T30] audit: type=1326 audit(2000004695.630:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  820.994623][   T30] audit: type=1326 audit(2000004695.630:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f161212ab19 code=0x7ffc0000
[  821.016732][   T30] audit: type=1326 audit(2000004695.630:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14265 comm="syz.5.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  821.130401][T14042] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  821.137833][   T10] usb 5-1: Using ep0 maxpacket: 8
[  821.142677][T14042] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  821.157289][T14042] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  821.158102][   T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  821.167247][T14042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.176287][ T9344] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  821.192158][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.206798][T14279] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  821.217520][   T10] usb 5-1: config 0 descriptor??
[  821.232038][T14042] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  821.348094][ T9344] usb 6-1: Invalid ep0 maxpacket: 32
[  821.647879][ T9344] usb 6-1: new low-speed USB device number 15 using dummy_hcd
[  822.447868][ T9344] usb 6-1: Invalid ep0 maxpacket: 32
[  822.466182][ T9344] usb usb6-port1: attempt power cycle
[  822.817767][ T9344] usb 6-1: new low-speed USB device number 16 using dummy_hcd
[  822.852357][ T9344] usb 6-1: Invalid ep0 maxpacket: 32
[  823.008339][ T9344] usb 6-1: new low-speed USB device number 17 using dummy_hcd
[  823.035669][ T9344] usb 6-1: Invalid ep0 maxpacket: 32
[  823.042732][ T9344] usb usb6-port1: unable to enumerate USB device
[  823.185606][T14294] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2392'.
[  823.862602][ T5815] usb 2-1: USB disconnect, device number 67
[  823.988130][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  823.995706][   T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -32
[  824.024074][   T10] asix 5-1:0.0: probe with driver asix failed with error -32
[  824.078922][   T10] usb 5-1: USB disconnect, device number 61
[  824.474529][ T5815] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  824.704752][ T5815] usb 2-1: Using ep0 maxpacket: 32
[  824.779197][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  825.335095][ T5815] usb 2-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  825.377715][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.443511][ T5815] usb 2-1: config 0 descriptor??
[  825.897473][   T10] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  825.935513][ T5815] stadia 0003:18D1:9400.0014: unknown main item tag 0x6
[  825.956754][ T5815] stadia 0003:18D1:9400.0014: item fetching failed at offset 1/4
[  825.986763][ T5815] stadia 0003:18D1:9400.0014: parse failed
[  826.003514][ T5815] stadia 0003:18D1:9400.0014: probe with driver stadia failed with error -22
[  826.079774][   T10] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  826.097426][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.128678][   T10] usb 5-1: config 0 descriptor??
[  826.142277][   T10] cp210x 5-1:0.0: cp210x converter detected
[  826.540294][   T10] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  826.603186][   T10] usb 5-1: cp210x converter now attached to ttyUSB0
[  826.771979][   T10] usb 5-1: USB disconnect, device number 62
[  826.798819][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  826.829301][   T10] cp210x 5-1:0.0: device disconnected
[  827.203973][   T10] usb 2-1: USB disconnect, device number 68
[  827.339482][T14327] netlink: 248 bytes leftover after parsing attributes in process `syz.5.2405'.
[  829.183598][T14346] overlayfs: missing 'lowerdir'
[  829.317943][T14346] netlink: 'syz.3.2411': attribute type 12 has an invalid length.
[  830.561248][T14374] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2418'.
[  831.604411][T14387] IPv6: Can't replace route, no match found
[  832.392382][T14397] netlink: 'syz.1.2426': attribute type 11 has an invalid length.
[  832.591433][T14406] IPv6: Can't replace route, no match found
[  833.507012][T14433] IPv6: Can't replace route, no match found
[  834.653986][T14443] IPv6: Can't replace route, no match found
[  835.468195][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  835.468252][   T30] audit: type=1326 audit(2000004710.330:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.728479][   T30] audit: type=1326 audit(2000004710.330:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.757303][   T30] audit: type=1326 audit(2000004710.480:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.786797][   T30] audit: type=1326 audit(2000004710.520:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.808850][   T30] audit: type=1326 audit(2000004710.530:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.841969][   T30] audit: type=1326 audit(2000004710.590:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  835.950186][T14446] mkiss: ax0: crc mode is auto.
[  836.140293][   T30] audit: type=1326 audit(2000004710.640:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  836.777031][   T30] audit: type=1326 audit(2000004710.640:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  836.798850][   T30] audit: type=1326 audit(2000004710.640:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  836.820685][   T30] audit: type=1326 audit(2000004710.640:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14444 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  836.842248][    C0] vkms_vblank_simulate: vblank timer overrun
[  838.251623][T14463] hsr0 speed is unknown, defaulting to 1000
[  838.288763][T14463] lo speed is unknown, defaulting to 1000
[  838.317796][T14463] lo speed is unknown, defaulting to 1000
[  838.383321][T14471] IPv6: Can't replace route, no match found
[  838.547078][ T5815] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  838.565456][T14473] hsr0 speed is unknown, defaulting to 1000
[  838.578896][T14473] lo speed is unknown, defaulting to 1000
[  838.696868][ T5815] usb 2-1: Using ep0 maxpacket: 16
[  838.714298][ T5815] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  838.746457][ T5815] usb 2-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40
[  838.763996][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.772270][   T24] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  838.784740][ T5815] usb 2-1: Product: syz
[  838.790027][ T5815] usb 2-1: Manufacturer: syz
[  838.794964][ T5815] usb 2-1: SerialNumber: syz
[  838.840086][T14473] lo speed is unknown, defaulting to 1000
[  838.840962][ T5815] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input28
[  838.939168][   T24] usb 6-1: config 0 has no interfaces?
[  838.955502][   T24] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  838.965674][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.982582][   T24] usb 6-1: Product: syz
[  838.993291][   T24] usb 6-1: Manufacturer: syz
[  839.000106][   T24] usb 6-1: SerialNumber: syz
[  839.028359][   T24] usb 6-1: config 0 descriptor??
[  839.088585][ T5178] bcm5974 2-1:1.0: could not read from device
[  839.109872][ T5178] bcm5974 2-1:1.0: could not read from device
[  839.133236][ T5815] usb 2-1: USB disconnect, device number 69
[  839.159634][ T5178] bcm5974 2-1:1.0: could not read from device
[  839.561096][ T5881] usb 6-1: USB disconnect, device number 18
[  839.787027][ T5815] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  839.956849][   T24] usb 2-1: new low-speed USB device number 70 using dummy_hcd
[  839.964607][ T5815] usb 5-1: Using ep0 maxpacket: 32
[  839.973527][ T5815] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  839.984892][ T5815] usb 5-1: config 0 has no interfaces?
[  839.992803][ T5815] usb 5-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  840.002080][ T5815] usb 5-1: New USB device strings: Mfr=1, Product=15, SerialNumber=3
[  840.011096][ T5815] usb 5-1: Product: syz
[  840.015347][ T5815] usb 5-1: Manufacturer: syz
[  840.020187][ T5815] usb 5-1: SerialNumber: syz
[  840.028314][ T5815] usb 5-1: config 0 descriptor??
[  840.118288][   T24] usb 2-1: Invalid ep0 maxpacket: 16
[  840.654806][   T24] usb 2-1: new low-speed USB device number 71 using dummy_hcd
[  841.286723][   T24] usb 2-1: Invalid ep0 maxpacket: 16
[  841.339802][   T24] usb usb2-port1: attempt power cycle
[  842.362787][T14507] input: syz1 as /devices/virtual/input/input29
[  842.477640][   T24] usb 2-1: new low-speed USB device number 72 using dummy_hcd
[  842.548797][   T24] usb 2-1: Invalid ep0 maxpacket: 16
[  842.787139][   T24] usb 2-1: new low-speed USB device number 73 using dummy_hcd
[  843.039684][   T24] usb 2-1: device not accepting address 73, error -71
[  843.058159][   T24] usb usb2-port1: unable to enumerate USB device
[  843.069728][ T5881] usb 5-1: USB disconnect, device number 63
[  843.250704][T14519] hsr0 speed is unknown, defaulting to 1000
[  843.320252][T14519] lo speed is unknown, defaulting to 1000
[  843.398427][T14519] lo speed is unknown, defaulting to 1000
[  845.341048][T14520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2467'.
[  845.475046][T14537] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2467'.
[  846.784325][ T5815] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  847.287502][ T5815] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  847.325326][ T5815] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  847.353162][ T5815] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  847.451459][ T5815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  847.500521][ T5815] usb 5-1: config 0 descriptor??
[  848.238473][ T5815] Bluetooth: Can't get state to change to load ram patch err
[  848.246048][ T5815] Bluetooth: Loading patch file failed
[  850.554436][ T5815] ath3k 5-1:0.0: probe with driver ath3k failed with error -71
[  850.565080][ T5815] usb 5-1: USB disconnect, device number 64
[  855.505528][T14619] hsr0 speed is unknown, defaulting to 1000
[  855.533836][T14619] lo speed is unknown, defaulting to 1000
[  855.615424][T14621] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2497'.
[  855.644721][T14621] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  855.701890][T14626] netlink: 'syz.0.2499': attribute type 11 has an invalid length.
[  855.706363][T14619] lo speed is unknown, defaulting to 1000
[  856.386210][ T5881] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  856.775724][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  856.985854][   T24] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  857.095359][ T5881] usb 5-1: unable to get BOS descriptor or descriptor too short
[  857.108863][ T5881] usb 5-1: unable to read config index 0 descriptor/start: -71
[  857.122676][ T5881] usb 5-1: can't read configurations, error -71
[  857.125149][T14621] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2497'.
[  857.155985][   T24] usb 6-1: Using ep0 maxpacket: 16
[  857.185549][   T24] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  857.208322][   T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40
[  857.223858][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.232955][   T24] usb 6-1: Product: syz
[  857.245901][   T24] usb 6-1: Manufacturer: syz
[  857.250590][   T24] usb 6-1: SerialNumber: syz
[  857.299042][   T24] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input30
[  857.454417][T14655] FAULT_INJECTION: forcing a failure.
[  857.454417][T14655] name failslab, interval 1, probability 0, space 0, times 0
[  857.476134][T14655] CPU: 0 UID: 0 PID: 14655 Comm: syz.1.2510 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  857.476165][T14655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  857.476180][T14655] Call Trace:
[  857.476190][T14655]  <TASK>
[  857.476200][T14655]  dump_stack_lvl+0x189/0x250
[  857.476236][T14655]  ? __pfx____ratelimit+0x10/0x10
[  857.476264][T14655]  ? __pfx_dump_stack_lvl+0x10/0x10
[  857.476295][T14655]  ? __pfx__printk+0x10/0x10
[  857.476323][T14655]  ? __pfx___might_resched+0x10/0x10
[  857.476354][T14655]  ? fs_reclaim_acquire+0x7d/0x100
[  857.476389][T14655]  should_fail_ex+0x414/0x560
[  857.476422][T14655]  should_failslab+0xa8/0x100
[  857.476453][T14655]  __kmalloc_noprof+0xcb/0x4f0
[  857.476486][T14655]  ? kfree+0x4d/0x440
[  857.476507][T14655]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  857.476544][T14655]  tomoyo_realpath_from_path+0xe3/0x5d0
[  857.476579][T14655]  ? tomoyo_domain+0xda/0x130
[  857.476606][T14655]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  857.476634][T14655]  tomoyo_path_number_perm+0x1e8/0x5a0
[  857.476665][T14655]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  857.476713][T14655]  ? __lock_acquire+0xab9/0xd20
[  857.476766][T14655]  ? __fget_files+0x2a/0x420
[  857.476799][T14655]  ? __fget_files+0x2a/0x420
[  857.476826][T14655]  ? __fget_files+0x3a0/0x420
[  857.476854][T14655]  ? __fget_files+0x2a/0x420
[  857.476888][T14655]  security_file_ioctl+0xcb/0x2d0
[  857.476921][T14655]  __se_sys_ioctl+0x47/0x170
[  857.476948][T14655]  do_syscall_64+0xfa/0x3b0
[  857.476976][T14655]  ? lockdep_hardirqs_on+0x9c/0x150
[  857.477003][T14655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.477025][T14655]  ? clear_bhb_loop+0x60/0xb0
[  857.477053][T14655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.477074][T14655] RIP: 0033:0x7f1d0c18e929
[  857.477094][T14655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  857.477113][T14655] RSP: 002b:00007f1d0cf94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  857.477136][T14655] RAX: ffffffffffffffda RBX: 00007f1d0c3b5fa0 RCX: 00007f1d0c18e929
[  857.477152][T14655] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  857.477166][T14655] RBP: 00007f1d0cf94090 R08: 0000000000000000 R09: 0000000000000000
[  857.477179][T14655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  857.477192][T14655] R13: 0000000000000000 R14: 00007f1d0c3b5fa0 R15: 00007ffe7f9431d8
[  857.477238][T14655]  </TASK>
[  857.477248][T14655] ERROR: Out of memory at tomoyo_realpath_from_path.
[  857.495821][ T5178] bcm5974 6-1:1.0: could not read from device
[  857.826701][ T5178] bcm5974 6-1:1.0: could not read from device
[  857.829702][   T24] usb 6-1: USB disconnect, device number 19
[  858.228898][T14662] IPv6: Can't replace route, no match found
[  858.316138][ T5881] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  858.619785][ T5881] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  858.680093][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  858.702630][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  858.738593][ T5881] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  858.830536][ T5881] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  858.863562][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.918432][ T5881] usb 5-1: config 0 descriptor??
[  858.943409][T14657] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  859.407755][ T5881] plantronics 0003:047F:FFFF.0015: reserved main item tag 0xd
[  859.440808][T14685] /dev/sg0: Can't lookup blockdev
[  859.441672][ T5881] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  859.494717][ T5881] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  859.614155][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  859.614177][   T30] audit: type=1326 audit(2000004990.534:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14656 comm="syz.4.2511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa371b8e929 code=0x0
[  859.641586][    C0] vkms_vblank_simulate: vblank timer overrun
[  860.045004][T14691] binder: 14690:14691 ioctl c0306201 2000000003c0 returned -14
[  860.497479][T14707] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  861.986402][ T9344] usb 5-1: reset high-speed USB device number 67 using dummy_hcd
[  862.624172][T14714] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  862.693083][T14714] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  862.896070][T14723] IPv6: Can't replace route, no match found
[  863.682391][ T5881] usb 5-1: USB disconnect, device number 67
[  863.890514][T14727] syzkaller1: entered promiscuous mode
[  863.896316][T14727] syzkaller1: entered allmulticast mode
[  867.005245][ T5815] usb 6-1: new low-speed USB device number 20 using dummy_hcd
[  867.186278][ T5815] usb 6-1: Invalid ep0 maxpacket: 32
[  867.328296][ T5815] usb 6-1: new low-speed USB device number 21 using dummy_hcd
[  867.636338][ T5815] usb 6-1: Invalid ep0 maxpacket: 32
[  867.644775][ T5815] usb usb6-port1: attempt power cycle
[  868.332441][T14772] support for cryptoloop has been removed.  Use dm-crypt instead.
[  868.829834][ T5815] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  868.954042][T14783] overlayfs: failed to clone upperpath
[  869.110058][ T5815] usb 6-1: device not accepting address 22, error -71
[  869.887050][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  871.265725][ T5815] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  871.455924][ T5815] usb 6-1: Using ep0 maxpacket: 8
[  871.506946][ T5815] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  871.518369][ T5815] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.625485][ T5815] usb 6-1: config 0 descriptor??
[  873.190648][   T30] audit: type=1326 audit(2000005004.114:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.256571][   T30] audit: type=1326 audit(2000005004.114:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.302725][   T30] audit: type=1326 audit(2000005004.154:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.324723][   T10] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  873.353106][   T30] audit: type=1326 audit(2000005004.154:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.455852][   T30] audit: type=1326 audit(2000005004.154:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.488582][   T10] usb 5-1: device descriptor read/64, error -71
[  873.501678][   T30] audit: type=1326 audit(2000005004.154:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.532007][   T30] audit: type=1326 audit(2000005004.154:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.569949][   T30] audit: type=1326 audit(2000005004.154:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.601065][   T30] audit: type=1326 audit(2000005004.154:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.623508][   T30] audit: type=1326 audit(2000005004.164:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14862 comm="syz.3.2576" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a7b8e929 code=0x7ffc0000
[  873.735819][   T10] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  873.895788][   T10] usb 5-1: device descriptor read/64, error -71
[  874.187122][   T10] usb usb5-port1: attempt power cycle
[  874.274811][ T5815] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  874.306066][ T5815] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  874.325967][ T5815] asix 6-1:0.0: probe with driver asix failed with error -71
[  874.347830][ T5815] usb 6-1: USB disconnect, device number 24
[  874.463677][T14876] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.2579'.
[  874.530461][T14878] mkiss: ax0: crc mode is auto.
[  874.545934][   T10] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  874.587439][   T10] usb 5-1: device descriptor read/8, error -71
[  874.835846][   T10] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  874.876679][   T10] usb 5-1: device descriptor read/8, error -71
[  875.615544][   T10] usb usb5-port1: unable to enumerate USB device
[  876.344208][T14892] fuse: Unknown parameter '0xffffffffffffffff0x0000000000000005'
[  876.353546][T14892] fuse: Bad value for 'fd'
[  876.358809][T14892] fuse: Bad value for 'fd'
[  876.363710][T14892] fuse: Bad value for 'fd'
[  876.368587][T14892] fuse: Bad value for 'fd'
[  876.373401][T14892] fuse: Bad value for 'fd'
[  876.378264][T14892] fuse: Bad value for 'fd'
[  876.383050][T14892] fuse: Bad value for 'fd'
[  876.387913][T14892] fuse: Bad value for 'fd'
[  876.392734][T14892] fuse: Bad value for 'fd'
[  876.397614][T14892] fuse: Bad value for 'fd'
[  876.402455][T14892] fuse: Bad value for 'fd'
[  876.407308][T14892] fuse: Bad value for 'fd'
[  876.412083][T14892] fuse: Bad value for 'fd'
[  876.416967][T14892] fuse: Bad value for 'fd'
[  876.421770][T14892] fuse: Bad value for 'fd'
[  876.427305][T14892] fuse: Bad value for 'fd'
[  876.432817][T14892] fuse: Bad value for 'fd'
[  876.437720][T14892] fuse: Bad value for 'fd'
[  876.442608][T14892] fuse: Bad value for 'fd'
[  876.448076][T14892] fuse: Bad value for 'fd'
[  876.452941][T14892] fuse: Bad value for 'fd'
[  876.457791][T14892] fuse: Bad value for 'fd'
[  876.462562][T14892] fuse: Bad value for 'fd'
[  876.546760][T14901] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2587'.
[  878.117730][T14907] hsr0 speed is unknown, defaulting to 1000
[  878.208002][T14907] lo speed is unknown, defaulting to 1000
[  878.386367][T14907] lo speed is unknown, defaulting to 1000
[  881.029054][ T5815] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  881.220674][ T5815] usb 2-1: Using ep0 maxpacket: 8
[  881.256516][ T5815] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  881.296298][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  881.338735][ T5815] usb 2-1: config 0 descriptor??
[  881.604262][T14940] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  882.308259][T14957] IPv6: Can't replace route, no match found
[  888.185561][T14952] sched: DL replenish lagged too much
[  888.252424][ T5815] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -110
[  888.330039][ T5815] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffff92
[  888.426011][ T5815] asix 2-1:0.0: probe with driver asix failed with error -110
[  888.458457][   T10] usb 2-1: USB disconnect, device number 74
[  888.916227][T14971] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  889.858937][T14980] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2609'.
[  890.339438][T14985] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  890.773397][T14993] dummy0: entered promiscuous mode
[  890.810146][T14993] macsec1: entered promiscuous mode
[  890.823754][T14993] macsec1: entered allmulticast mode
[  890.846127][T14993] dummy0: entered allmulticast mode
[  890.992580][T15000] FAULT_INJECTION: forcing a failure.
[  890.992580][T15000] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  891.007413][T15000] CPU: 0 UID: 0 PID: 15000 Comm: syz.5.2616 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  891.007445][T15000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  891.007459][T15000] Call Trace:
[  891.007468][T15000]  <TASK>
[  891.007478][T15000]  dump_stack_lvl+0x189/0x250
[  891.007513][T15000]  ? __pfx____ratelimit+0x10/0x10
[  891.007539][T15000]  ? __pfx_dump_stack_lvl+0x10/0x10
[  891.007577][T15000]  ? __pfx__printk+0x10/0x10
[  891.007600][T15000]  ? fs_reclaim_acquire+0x7d/0x100
[  891.007640][T15000]  should_fail_ex+0x414/0x560
[  891.007669][T15000]  prepare_alloc_pages+0x213/0x610
[  891.007705][T15000]  __alloc_frozen_pages_noprof+0x123/0x370
[  891.007740][T15000]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  891.007769][T15000]  ? do_raw_spin_lock+0x121/0x290
[  891.007798][T15000]  ? __lock_acquire+0xab9/0xd20
[  891.007827][T15000]  ? policy_nodemask+0x27c/0x720
[  891.007862][T15000]  alloc_pages_mpol+0x232/0x4a0
[  891.007895][T15000]  alloc_pages_noprof+0xa9/0x190
[  891.007924][T15000]  get_free_pages_noprof+0xf/0x80
[  891.007956][T15000]  __pollwait+0x27b/0x460
[  891.007984][T15000]  ? __pfx___pollwait+0x10/0x10
[  891.008010][T15000]  pipe_poll+0x16f/0x470
[  891.008039][T15000]  ? __pfx_pipe_poll+0x10/0x10
[  891.008068][T15000]  do_sys_poll+0x8c9/0x1070
[  891.008102][T15000]  ? do_sys_poll+0x431/0x1070
[  891.008139][T15000]  ? __pfx_do_sys_poll+0x10/0x10
[  891.008164][T15000]  ? __pv_queued_spin_lock_slowpath+0xa05/0xb60
[  891.008202][T15000]  ? __pfx___pollwait+0x10/0x10
[  891.008233][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008265][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008296][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008327][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008359][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008390][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008420][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008451][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008481][T15000]  ? __pfx_pollwake+0x10/0x10
[  891.008511][T15000]  ? preempt_schedule_irq+0xb5/0x150
[  891.008571][T15000]  ? set_user_sigmask+0xc7/0x1b0
[  891.008599][T15000]  ? __pfx_set_user_sigmask+0x10/0x10
[  891.008626][T15000]  ? preempt_schedule_irq+0xde/0x150
[  891.008657][T15000]  __se_sys_ppoll+0x1ff/0x260
[  891.008681][T15000]  ? __pfx___se_sys_ppoll+0x10/0x10
[  891.008709][T15000]  ? __se_sys_ppoll+0x10/0x260
[  891.008734][T15000]  do_syscall_64+0xfa/0x3b0
[  891.008759][T15000]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.008774][T15000]  ? asm_sysvec_call_function_single+0x1a/0x20
[  891.008792][T15000]  ? clear_bhb_loop+0x60/0xb0
[  891.008813][T15000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.008831][T15000] RIP: 0033:0x7f161218e929
[  891.008848][T15000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  891.008863][T15000] RSP: 002b:00007f1612f30038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  891.008883][T15000] RAX: ffffffffffffffda RBX: 00007f16123b6080 RCX: 00007f161218e929
[  891.008898][T15000] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  891.008910][T15000] RBP: 00007f1612f30090 R08: 0000000000000000 R09: 0000000000000000
[  891.008921][T15000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  891.008932][T15000] R13: 0000000000000000 R14: 00007f16123b6080 R15: 00007ffdaf680f88
[  891.008961][T15000]  </TASK>
[  891.425203][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  891.538983][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  891.570248][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  891.618666][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  891.639774][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  891.667561][T15005] overlayfs: missing 'lowerdir'
[  891.882418][T13672] syz_tun (unregistering): left promiscuous mode
[  892.081055][T14999] hsr0 speed is unknown, defaulting to 1000
[  892.107787][T15009] fuse: Unknown parameter '00000000000000000000'
[  892.122244][T14999] lo speed is unknown, defaulting to 1000
[  892.157103][T14999] lo speed is unknown, defaulting to 1000
[  892.991363][T15013] fuse: Bad value for 'user_id'
[  893.009361][T15013] fuse: Bad value for 'user_id'
[  893.387304][T15027] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2624'.
[  893.431754][   T24] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  893.451638][T14999] chnl_net:caif_netlink_parms(): no params data found
[  893.561321][T14999] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.569208][T14999] bridge0: port 1(bridge_slave_0) entered disabled state
[  893.577096][T14999] bridge_slave_0: entered allmulticast mode
[  893.584676][T14999] bridge_slave_0: entered promiscuous mode
[  893.593766][T14999] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.601415][   T24] usb 6-1: Using ep0 maxpacket: 32
[  893.606989][T14999] bridge0: port 2(bridge_slave_1) entered disabled state
[  893.614630][T14999] bridge_slave_1: entered allmulticast mode
[  893.621625][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  893.632256][   T24] usb 6-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  893.634659][T14999] bridge_slave_1: entered promiscuous mode
[  893.650293][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  893.669153][   T24] usb 6-1: config 0 descriptor??
[  893.715393][T14999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  893.741862][T14999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  893.785974][ T5840] Bluetooth: hci1: command tx timeout
[  893.818187][T14999] team0: Port device team_slave_0 added
[  893.833950][T14999] team0: Port device team_slave_1 added
[  893.920507][T14999] batman_adv: batadv0: Adding interface: batadv_slave_0
[  893.943055][T14999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.969009][    C0] vkms_vblank_simulate: vblank timer overrun
[  894.010016][T14999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  894.040631][T14999] batman_adv: batadv0: Adding interface: batadv_slave_1
[  894.056511][T14999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  894.082542][    C0] vkms_vblank_simulate: vblank timer overrun
[  894.105031][T14999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  894.237779][T15037] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  894.247214][T15037] overlayfs: missing 'lowerdir'
[  894.821928][   T24] stadia 0003:18D1:9400.0016: unknown main item tag 0x6
[  894.833213][   T24] stadia 0003:18D1:9400.0016: item fetching failed at offset 1/4
[  894.946150][   T10] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  895.144870][   T24] stadia 0003:18D1:9400.0016: parse failed
[  895.162802][   T24] stadia 0003:18D1:9400.0016: probe with driver stadia failed with error -22
[  895.165742][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  895.200600][T14999] hsr_slave_0: entered promiscuous mode
[  895.828057][T14999] hsr_slave_1: entered promiscuous mode
[  895.834617][T14999] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  895.844102][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  895.866192][ T5840] Bluetooth: hci1: command tx timeout
[  895.875534][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  895.887877][T15046] binder: 15045:15046 ioctl 4018620d 0 returned -22
[  895.894782][T14999] Cannot create hsr debugfs directory
[  896.025770][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  896.039127][   T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  896.048330][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  896.060462][   T10] usb 5-1: config 0 descriptor??
[  896.066577][T15036] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  896.223426][T13107] usb 6-1: USB disconnect, device number 25
[  896.403289][T15050] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2629'.
[  896.503400][   T10] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xd
[  896.541039][T14999] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  896.549934][   T10] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving
[  896.551637][T14999] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 37442 - 0
[  896.790130][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  896.790173][   T30] audit: type=1326 audit(2000005027.704:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15034 comm="syz.4.2626" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa371b8e929 code=0x0
[  897.233707][T14999] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  897.271209][T14999] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 37442 - 0
[  897.368135][   T10] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  897.421769][T14999] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  897.441003][T14999] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 37442 - 0
[  897.538120][T14999] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  897.560374][T14999] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 37442 - 0
[  897.882590][T14999] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  897.920074][T14999] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  897.941901][T14999] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  897.954899][T14999] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  897.956232][ T5840] Bluetooth: hci1: command tx timeout
[  898.158191][T14999] 8021q: adding VLAN 0 to HW filter on device bond0
[  898.208006][T14999] 8021q: adding VLAN 0 to HW filter on device team0
[  898.302769][T14999] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  898.328622][T15072] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2636'.
[  898.339110][T14999] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  898.356437][T13735] bridge0: port 1(bridge_slave_0) entered blocking state
[  898.363731][T13735] bridge0: port 1(bridge_slave_0) entered forwarding state
[  898.377602][T13735] bridge0: port 2(bridge_slave_1) entered blocking state
[  898.384871][T13735] bridge0: port 2(bridge_slave_1) entered forwarding state
[  899.327002][ T9344] usb 5-1: USB disconnect, device number 72
[  899.360488][T14999] 8021q: adding VLAN 0 to HW filter on device batadv0
[  899.517089][T14999] veth0_vlan: entered promiscuous mode
[  899.532391][T14999] veth1_vlan: entered promiscuous mode
[  899.599496][T14999] veth0_macvtap: entered promiscuous mode
[  899.630747][T14999] veth1_macvtap: entered promiscuous mode
[  899.635792][T13107] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  899.671431][T15087] dummy0: entered promiscuous mode
[  899.678141][T15087] macsec2: entered promiscuous mode
[  899.683711][T15087] macsec2: entered allmulticast mode
[  899.691961][T15087] dummy0: entered allmulticast mode
[  899.725258][T14999] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.754853][T14999] batman_adv: batadv0: Interface activated: batadv_slave_1
[  899.793292][T14999] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.808524][T14999] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.815947][T13107] usb 2-1: Using ep0 maxpacket: 8
[  899.819760][T14999] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.831488][T14999] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  899.833072][T13107] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  899.861557][T13107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.874147][T13107] usb 2-1: config 0 descriptor??
[  899.915861][ T5815] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  900.009647][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.027856][ T5840] Bluetooth: hci1: command tx timeout
[  900.052949][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.085845][ T5815] usb 5-1: Using ep0 maxpacket: 32
[  900.093556][ T5815] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  900.114260][ T5815] usb 5-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  900.129173][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.129232][ T5815] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.159786][ T5815] usb 5-1: config 0 descriptor??
[  900.161114][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.387629][T15095] hsr0 speed is unknown, defaulting to 1000
[  900.408584][T15095] lo speed is unknown, defaulting to 1000
[  900.432682][T15095] lo speed is unknown, defaulting to 1000
[  900.601135][ T5815] stadia 0003:18D1:9400.0018: unknown main item tag 0x6
[  900.612309][ T5815] stadia 0003:18D1:9400.0018: item fetching failed at offset 1/4
[  900.640471][ T5815] stadia 0003:18D1:9400.0018: parse failed
[  900.658825][ T5815] stadia 0003:18D1:9400.0018: probe with driver stadia failed with error -22
[  900.687594][ T9344] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  900.884398][ T9344] usb 6-1: config 0 has no interfaces?
[  900.892773][ T9344] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  900.915725][ T9344] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  900.937937][ T9344] usb 6-1: Product: syz
[  900.956902][ T9344] usb 6-1: Manufacturer: syz
[  900.972207][ T9344] usb 6-1: SerialNumber: syz
[  901.011110][ T9344] usb 6-1: config 0 descriptor??
[  901.471467][T15106] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2644'.
[  901.716441][T13107] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  901.787966][T13107] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  901.866477][T13107] asix 2-1:0.0: probe with driver asix failed with error -71
[  901.906786][  T838] usb 6-1: USB disconnect, device number 26
[  902.038144][T13107] usb 2-1: USB disconnect, device number 75
[  902.424157][T15110] openvswitch: netlink: VXLAN extension message has 8 unknown bytes.
[  902.677888][ T9344] usb 5-1: USB disconnect, device number 73
[  902.824518][   T30] audit: type=1326 audit(2000005033.744:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  902.860654][   T30] audit: type=1326 audit(2000005033.744:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  902.894735][T15120] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2647'.
[  903.085861][T13107] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  903.486566][T13107] usb 6-1: Using ep0 maxpacket: 8
[  903.503242][T15126] mkiss: ax0: crc mode is auto.
[  903.524065][T13107] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  903.676247][   T30] audit: type=1326 audit(2000005033.774:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  903.698126][T13107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.758154][T13107] usb 6-1: config 0 descriptor??
[  903.816694][   T30] audit: type=1326 audit(2000005033.774:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  903.896999][   T30] audit: type=1326 audit(2000005033.774:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  903.965856][   T30] audit: type=1326 audit(2000005033.844:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  904.035009][   T30] audit: type=1326 audit(2000005033.844:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  904.159501][   T30] audit: type=1326 audit(2000005033.844:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  904.199936][T15128] hsr0 speed is unknown, defaulting to 1000
[  904.236123][T15128] lo speed is unknown, defaulting to 1000
[  904.245795][   T30] audit: type=1326 audit(2000005034.584:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  904.338471][   T30] audit: type=1326 audit(2000005034.584:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15118 comm="syz.0.2648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b998e929 code=0x7ffc0000
[  904.633435][T15128] lo speed is unknown, defaulting to 1000
[  906.034128][T15146] sctp: [Deprecated]: syz.4.2655 (pid 15146) Use of struct sctp_assoc_value in delayed_ack socket option.
[  906.034128][T15146] Use struct sctp_sack_info instead
[  906.348327][T13107] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  906.359932][T13107] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  906.371811][T13107] asix 6-1:0.0: probe with driver asix failed with error -71
[  906.385229][T13107] usb 6-1: USB disconnect, device number 27
[  907.404488][T15160] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2651'.
[  907.525852][   T10] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  907.801101][   T10] usb 2-1: config 0 has no interfaces?
[  907.809156][   T10] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  907.818756][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  907.827125][   T10] usb 2-1: Product: syz
[  907.834810][   T10] usb 2-1: Manufacturer: syz
[  907.864644][   T10] usb 2-1: SerialNumber: syz
[  907.928596][   T10] usb 2-1: config 0 descriptor??
[  907.993457][T15158] hsr0 speed is unknown, defaulting to 1000
[  908.001724][T15158] lo speed is unknown, defaulting to 1000
[  908.125780][T15158] lo speed is unknown, defaulting to 1000
[  908.528029][T13107] usb 2-1: USB disconnect, device number 76
[  908.741613][T15175] kvm: kvm [15173]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffffffffffffff
[  910.981038][T15193] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2667'.
[  912.267960][ T9344] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  912.387196][T15208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2673'.
[  912.413424][T15208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2673'.
[  912.467604][ T9344] usb 5-1: Using ep0 maxpacket: 8
[  912.509671][ T9344] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  912.545738][ T9344] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  912.637825][ T9344] usb 5-1: config 0 descriptor??
[  912.915138][T15214] ptrace attach of "./syz-executor exec"[13007] was attempted by "./syz-executor exec"[15214]
[  913.204303][T15218] binder: 15217:15218 ioctl 4018620d 0 returned -22
[  914.176216][T15225] hsr0 speed is unknown, defaulting to 1000
[  914.200878][T15225] lo speed is unknown, defaulting to 1000
[  914.215267][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  914.215288][   T30] audit: type=1326 audit(2000005045.134:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.266885][T15225] lo speed is unknown, defaulting to 1000
[  914.293353][   T30] audit: type=1326 audit(2000005045.174:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.618423][   T30] audit: type=1326 audit(2000005045.254:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.707659][T15229] mkiss: ax0: crc mode is auto.
[  914.729047][   T30] audit: type=1326 audit(2000005045.254:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.812034][   T30] audit: type=1326 audit(2000005045.254:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.861445][   T30] audit: type=1326 audit(2000005045.254:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  914.931076][   T30] audit: type=1326 audit(2000005045.254:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  915.006675][ T9344] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  915.021548][   T30] audit: type=1326 audit(2000005045.254:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  915.032983][ T9344] asix 5-1:0.0: probe with driver asix failed with error -71
[  915.099845][   T30] audit: type=1326 audit(2000005045.254:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  915.150821][ T9344] usb 5-1: USB disconnect, device number 74
[  915.199164][   T30] audit: type=1326 audit(2000005045.264:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15227 comm="syz.5.2679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  918.025561][T15241] sctp: [Deprecated]: syz.3.2681 (pid 15241) Use of struct sctp_assoc_value in delayed_ack socket option.
[  918.025561][T15241] Use struct sctp_sack_info instead
[  919.009592][T15245] IPv6: Can't replace route, no match found
[  919.635928][T13286] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  919.808641][T13286] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  919.823375][T13286] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  919.891249][T13286] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  919.905543][T13286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.918275][T15244] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  919.930395][T13286] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  919.995425][T15261] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2687'.
[  920.396351][T13286] usb 2-1: USB disconnect, device number 77
[  920.565433][T15266] binder: 15265:15266 ioctl 4018620d 0 returned -22
[  920.726532][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  920.726553][   T30] audit: type=1326 audit(2000005051.644:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  920.847363][   T30] audit: type=1326 audit(2000005051.694:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  920.921720][   T30] audit: type=1326 audit(2000005051.694:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  921.005026][   T30] audit: type=1326 audit(2000005051.694:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  921.157899][T15271] IPv6: Can't replace route, no match found
[  921.188773][   T30] audit: type=1326 audit(2000005051.694:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  921.491284][   T30] audit: type=1326 audit(2000005051.694:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  921.625761][ T5840] Bluetooth: hci1: command tx timeout
[  921.840608][   T30] audit: type=1326 audit(2000005051.694:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  921.862360][   T30] audit: type=1326 audit(2000005051.694:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15267 comm="syz.3.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10d98e929 code=0x7ffc0000
[  925.767556][T15298] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1088)
[  925.806079][T15298] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  927.255868][T13286] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  928.079553][T13286] usb 2-1: Using ep0 maxpacket: 8
[  928.536504][T13286] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  928.928715][T13286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.140910][T13286] usb 2-1: config 0 descriptor??
[  929.203812][T13286] usb 2-1: can't set config #0, error -71
[  929.251198][T13286] usb 2-1: USB disconnect, device number 78
[  929.412785][T15317] binder: 15316:15317 ioctl 4018620d 0 returned -22
[  929.596835][   T30] audit: type=1326 audit(2000005060.514:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  929.635235][   T30] audit: type=1326 audit(2000005060.514:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  929.658148][   T30] audit: type=1326 audit(2000005060.544:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  930.048475][   T30] audit: type=1326 audit(2000005060.544:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  930.974209][   T30] audit: type=1326 audit(2000005060.544:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  931.316105][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  931.534409][   T30] audit: type=1326 audit(2000005060.554:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  932.314631][   T30] audit: type=1326 audit(2000005060.554:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  932.336640][   T30] audit: type=1326 audit(2000005060.554:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  932.359984][   T30] audit: type=1326 audit(2000005060.554:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  932.382697][   T30] audit: type=1326 audit(2000005060.554:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15319 comm="syz.5.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  935.156363][T15362] netlink: 'syz.3.2715': attribute type 1 has an invalid length.
[  935.801661][T15360] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(12)
[  935.808324][T15360] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  935.816003][T15360] vhci_hcd vhci_hcd.0: Device attached
[  936.043580][T15374] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  936.056107][ T9344] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  936.115900][T13107] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  936.313839][ T9344] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  936.335801][ T9344] usb 6-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  936.355174][ T9344] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.378764][ T9344] usb 6-1: config 0 descriptor??
[  936.425877][  T838] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  936.591642][  T838] usb 4-1: Using ep0 maxpacket: 8
[  936.598769][ T9344] usb 6-1: USB disconnect, device number 28
[  936.600723][  T838] usb 4-1: config 10 has an invalid interface number: 193 but max is 0
[  936.614637][T15371] usb 43-1: recv xbuf, 0
[  936.641136][T13735] vhci_hcd: stop threads
[  936.645474][T13735] vhci_hcd: release socket
[  936.651892][  T838] usb 4-1: config 10 has no interface number 0
[  936.670846][  T838] usb 4-1: New USB device found, idVendor=0bda, idProduct=0129, bcdDevice=be.93
[  936.680977][T13735] vhci_hcd: disconnect device
[  936.690721][  T838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  936.705792][  T838] usb 4-1: Product: syz
[  936.710050][  T838] usb 4-1: Manufacturer: syz
[  936.721780][T13107] vhci_hcd: vhci_device speed not set
[  936.735714][  T838] usb 4-1: SerialNumber: syz
[  938.375737][T13107] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[  938.445746][T14042] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  938.526790][T13107] usb 5-1: no configurations
[  938.531870][T13107] usb 5-1: can't read configurations, error -22
[  938.545862][   T24] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  938.575758][T14042] usb 2-1: device descriptor read/64, error -71
[  938.666334][T13107] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[  938.695708][   T24] usb 6-1: Using ep0 maxpacket: 32
[  938.703488][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  938.714711][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  938.724633][   T24] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  938.734120][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.747266][   T24] usb 6-1: config 0 descriptor??
[  938.757844][   T24] hub 6-1:0.0: USB hub found
[  938.836512][T14042] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  938.845173][T13107] usb 5-1: no configurations
[  938.851640][T13107] usb 5-1: can't read configurations, error -22
[  938.858845][T13107] usb usb5-port1: attempt power cycle
[  938.960578][   T24] hub 6-1:0.0: 1 port detected
[  938.985847][T14042] usb 2-1: device descriptor read/64, error -71
[  939.097706][T14042] usb usb2-port1: attempt power cycle
[  939.171924][T15396] overlayfs: conflicting options: userxattr,metacopy=on
[  939.187316][   T24] hub 6-1:0.0: hub_hub_status failed (err = -71)
[  939.210792][   T24] hub 6-1:0.0: config failed, can't get hub status (err -71)
[  939.218492][T13107] usb 5-1: new full-speed USB device number 77 using dummy_hcd
[  939.238386][   T24] usbhid 6-1:0.0: can't add hid device: -71
[  939.244544][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  939.276600][  T838] rtsx_usb 4-1:10.193: probe with driver rtsx_usb failed with error -22
[  939.286501][   T24] usb 6-1: USB disconnect, device number 29
[  939.299821][T13107] usb 5-1: no configurations
[  939.305551][T13107] usb 5-1: can't read configurations, error -22
[  939.338811][  T838] usb 4-1: USB disconnect, device number 30
[  939.435920][T14042] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  939.480134][T13107] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[  939.488765][T14042] usb 2-1: device descriptor read/8, error -71
[  939.518063][T13107] usb 5-1: no configurations
[  939.525762][T13107] usb 5-1: can't read configurations, error -22
[  939.534787][T13107] usb usb5-port1: unable to enumerate USB device
[  940.043767][T14042] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  940.536439][T14042] usb 2-1: device descriptor read/8, error -71
[  940.650243][T14042] usb usb2-port1: unable to enumerate USB device
[  941.005835][T13286] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  941.158008][T13286] usb 4-1: config 0 interface 0 has no altsetting 0
[  941.178312][T13286] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  941.293336][T13286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.386961][T13286] usb 4-1: config 0 descriptor??
[  942.059945][T15430] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  942.094276][T15430] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  942.142288][T15430] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  942.335471][T15438] netlink: 'syz.1.2738': attribute type 83 has an invalid length.
[  942.440460][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  942.440484][   T30] audit: type=1326 audit(2000005073.364:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  942.691920][   T30] audit: type=1326 audit(2000005073.364:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  942.775972][   T30] audit: type=1326 audit(2000005073.374:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  942.862245][T13286] video4linux radio48: keene_cmd_set failed (-110)
[  942.921805][T13286] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  943.071107][   T30] audit: type=1326 audit(2000005073.374:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  943.336042][T15449] mkiss: ax0: crc mode is auto.
[  943.426966][   T30] audit: type=1326 audit(2000005073.374:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  943.851652][   T30] audit: type=1326 audit(2000005073.374:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  943.947667][   T30] audit: type=1326 audit(2000005073.374:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  944.012202][   T30] audit: type=1326 audit(2000005073.374:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  944.080845][   T30] audit: type=1326 audit(2000005073.374:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  944.148098][   T30] audit: type=1326 audit(2000005073.374:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15439 comm="syz.5.2739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f161218e929 code=0x7ffc0000
[  944.571024][ T5881] usb 4-1: USB disconnect, device number 31
[  944.686132][T13286] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  944.835700][T13286] usb 2-1: Using ep0 maxpacket: 8
[  945.731984][T13286] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  945.758402][T13286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  945.808134][T13286] usb 2-1: config 0 descriptor??
[  946.035361][T15475] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2752'.
[  946.103298][T15475] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2752'.
[  946.161439][T15478] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  950.649735][T15501] netlink: 'syz.5.2759': attribute type 10 has an invalid length.
[  950.918468][T15501] team0: Device ipvlan1 failed to register rx_handler
[  952.536820][T13286] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  952.558528][T13286] asix 2-1:0.0: probe with driver asix failed with error -71
[  952.570139][T13286] usb 2-1: USB disconnect, device number 83
[  954.946181][T14042] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  955.380200][T14042] usb 2-1: Using ep0 maxpacket: 8
[  955.413842][T14042] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  955.445658][T14042] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.486940][T14042] usb 2-1: config 0 descriptor??
[  956.595758][ T9344] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  957.506054][ T9344] usb 4-1: Using ep0 maxpacket: 8
[  957.508852][T14042] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  957.533448][ T9344] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  957.543520][T14042] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  957.551983][ T9344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.571689][ T9344] usb 4-1: config 0 descriptor??
[  957.600932][T14042] asix 2-1:0.0: probe with driver asix failed with error -71
[  957.667944][T14042] usb 2-1: USB disconnect, device number 84
[  957.760175][T15561] netlink: 'syz.5.2777': attribute type 16 has an invalid length.
[  957.768802][T15561] FAULT_INJECTION: forcing a failure.
[  957.768802][T15561] name failslab, interval 1, probability 0, space 0, times 0
[  957.782756][T15561] CPU: 1 UID: 0 PID: 15561 Comm: syz.5.2777 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[  957.782786][T15561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  957.782798][T15561] Call Trace:
[  957.782807][T15561]  <TASK>
[  957.782816][T15561]  dump_stack_lvl+0x189/0x250
[  957.782854][T15561]  ? __pfx____ratelimit+0x10/0x10
[  957.782881][T15561]  ? __pfx_dump_stack_lvl+0x10/0x10
[  957.782917][T15561]  ? __pfx__printk+0x10/0x10
[  957.782952][T15561]  should_fail_ex+0x414/0x560
[  957.782987][T15561]  should_failslab+0xa8/0x100
[  957.783020][T15561]  kmem_cache_alloc_noprof+0x73/0x3c0
[  957.783047][T15561]  ? skb_clone+0x212/0x3a0
[  957.783077][T15561]  skb_clone+0x212/0x3a0
[  957.783106][T15561]  __netlink_deliver_tap+0x404/0x850
[  957.783154][T15561]  ? netlink_deliver_tap+0x2e/0x1b0
[  957.783176][T15561]  netlink_deliver_tap+0x19c/0x1b0
[  957.783199][T15561]  netlink_sendskb+0x68/0x140
[  957.783233][T15561]  netlink_rcv_skb+0x28c/0x470
[  957.783286][T15561]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  957.783320][T15561]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  957.783369][T15561]  ? netlink_deliver_tap+0x2e/0x1b0
[  957.783389][T15561]  ? netlink_deliver_tap+0x2e/0x1b0
[  957.783417][T15561]  netlink_unicast+0x75b/0x8d0
[  957.783463][T15561]  netlink_sendmsg+0x805/0xb30
[  957.783496][T15561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  957.783527][T15561]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  957.783554][T15561]  ? __pfx_netlink_sendmsg+0x10/0x10
[  957.783577][T15561]  __sock_sendmsg+0x21c/0x270
[  957.783609][T15561]  ____sys_sendmsg+0x505/0x830
[  957.783639][T15561]  ? __pfx_____sys_sendmsg+0x10/0x10
[  957.783673][T15561]  ? import_iovec+0x74/0xa0
[  957.783699][T15561]  ___sys_sendmsg+0x21f/0x2a0
[  957.783726][T15561]  ? __pfx____sys_sendmsg+0x10/0x10
[  957.783791][T15561]  ? __fget_files+0x2a/0x420
[  957.783819][T15561]  ? __fget_files+0x3a0/0x420
[  957.783862][T15561]  __x64_sys_sendmsg+0x19b/0x260
[  957.783889][T15561]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  957.783924][T15561]  ? __pfx_ksys_write+0x10/0x10
[  957.783947][T15561]  ? rcu_is_watching+0x15/0xb0
[  957.783985][T15561]  ? do_syscall_64+0xbe/0x3b0
[  957.784018][T15561]  do_syscall_64+0xfa/0x3b0
[  957.784045][T15561]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.784072][T15561]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.784093][T15561]  ? clear_bhb_loop+0x60/0xb0
[  957.784126][T15561]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.784148][T15561] RIP: 0033:0x7f161218e929
[  957.784168][T15561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  957.784186][T15561] RSP: 002b:00007f1612f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  957.784209][T15561] RAX: ffffffffffffffda RBX: 00007f16123b5fa0 RCX: 00007f161218e929
[  957.784225][T15561] RDX: 0000000000000802 RSI: 00002000000003c0 RDI: 0000000000000010
[  957.784240][T15561] RBP: 00007f1612f51090 R08: 0000000000000000 R09: 0000000000000000
[  957.784254][T15561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  957.784267][T15561] R13: 0000000000000000 R14: 00007f16123b5fa0 R15: 00007ffdaf680f88
[  957.784303][T15561]  </TASK>
[  958.141638][T15563] netlink: 'syz.4.2779': attribute type 1 has an invalid length.
[  958.183499][T15568] ieee802154 phy0 wpan0: encryption failed: -22
[  958.196051][T15563] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  958.203490][T15563] IPv6: NLM_F_CREATE should be set when creating new route
[  960.354719][ T5840] Bluetooth: hci1: link tx timeout
[  960.360631][ T5840] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  960.468138][T15587] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  960.575522][ T9344] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  960.595914][ T9344] asix 4-1:0.0: probe with driver asix failed with error -71
[  960.623531][ T9344] usb 4-1: USB disconnect, device number 32
[  962.314236][T15611] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2792'.
[  962.352473][T15613] x_tables: duplicate underflow at hook 3
[  962.405176][T15613] kAFS: No cell specified
[  962.435793][T12977] Bluetooth: hci1: command 0x0406 tx timeout
[  962.572675][ T5840] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  965.356542][T13107] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  965.527466][T13107] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  965.539374][T13107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  965.553652][T13107] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  965.566953][T14042] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  965.585065][T13107] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  965.615115][T13107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.651721][T13107] usb 4-1: config 0 descriptor??
[  965.675969][   T24] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  965.725882][T14042] usb 5-1: Using ep0 maxpacket: 8
[  965.746643][T14042] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  965.781977][T14042] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.824208][T14042] usb 5-1: config 0 descriptor??
[  965.873910][T13107] usb 4-1: USB disconnect, device number 33
[  965.882229][   T24] usb 2-1: Using ep0 maxpacket: 8
[  965.899426][   T24] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  965.925810][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.015199][   T24] usb 2-1: config 0 descriptor??
[  966.248825][T15655] netlink: 588 bytes leftover after parsing attributes in process `syz.5.2804'.
[  966.766097][T13107] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  966.945836][T13107] usb 4-1: Using ep0 maxpacket: 8
[  966.956196][T13107] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  966.975780][T13107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.992211][T13107] usb 4-1: config 0 descriptor??
[  968.311242][   T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  968.321665][T14042] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  968.336884][T14042] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  968.347497][   T24] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  968.358264][   T24] asix 2-1:0.0: probe with driver asix failed with error -71
[  968.366135][T14042] asix 5-1:0.0: probe with driver asix failed with error -71
[  968.381367][   T24] usb 2-1: USB disconnect, device number 85
[  968.403589][T14042] usb 5-1: USB disconnect, device number 79
[  969.156917][T13107] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  969.286758][T13107] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  969.334319][T13107] asix 4-1:0.0: probe with driver asix failed with error -71
[  969.411847][T13107] usb 4-1: USB disconnect, device number 34
[  970.527278][   T10] usb 5-1: new full-speed USB device number 80 using dummy_hcd
[  971.325878][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  972.787422][T14042] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  973.202869][T14042] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  973.340746][T14042] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  973.471587][T14042] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  973.537381][   T10] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  973.632917][T14042] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  973.666929][   T10] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  973.676244][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.690799][   T10] usb 5-1: config 0 descriptor??
[  973.716397][   T10] usb 5-1: can't set config #0, error -71
[  973.727400][T14042] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  973.736187][   T10] usb 5-1: USB disconnect, device number 80
[  973.775505][T14042] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.830314][T14042] usb 6-1: config 0 descriptor??
[  973.866260][T15700] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  974.864686][T14042] plantronics 0003:047F:FFFF.0019: reserved main item tag 0xd
[  974.877702][ T5825] syz_tun (unregistering): left allmulticast mode
[  974.898246][T14042] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving
[  975.037541][T14042] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  975.086342][T14042] usb 6-1: USB disconnect, device number 30
[  975.264490][T15724] fido_id[15724]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  975.284232][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  975.356494][ T9344] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  975.536023][ T9344] usb 5-1: device descriptor read/64, error -71
[  975.540092][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  975.788481][ T9344] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  975.852218][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  975.880057][T13286] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[  975.965868][ T9344] usb 5-1: device descriptor read/64, error -71
[  976.056107][T13286] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  976.089897][ T9344] usb usb5-port1: attempt power cycle
[  976.107329][T13286] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  976.177692][T13286] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  976.259362][T13286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.293025][T15736] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  976.299629][T15736] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  976.370788][T13286] usb 4-1: config 0 descriptor??
[  976.443026][T15736] vhci_hcd vhci_hcd.0: Device attached
[  976.448871][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  976.476509][ T9344] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  976.516355][ T9344] usb 5-1: device descriptor read/8, error -71
[  976.570889][T15736] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  976.609083][T15737] usbip_core: unknown command
[  976.624443][T15737] vhci_hcd: unknown pdu 335544320
[  976.651289][T15737] usbip_core: unknown command
[  976.656889][   T10] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  976.693142][ T1101] vhci_hcd: stop threads
[  976.701719][T13071] usb 4-1: USB disconnect, device number 35
[  976.727087][ T1101] vhci_hcd: release socket
[  976.736649][ T1101] vhci_hcd: disconnect device
[  976.777848][ T9344] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  976.816628][ T9344] usb 5-1: device descriptor read/8, error -71
[  976.873540][   T35] bridge_slave_1: left allmulticast mode
[  976.891771][   T35] bridge_slave_1: left promiscuous mode
[  976.906876][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  976.923290][   T35] bridge_slave_0: left allmulticast mode
[  976.929572][   T35] bridge_slave_0: left promiscuous mode
[  976.936117][ T9344] usb usb5-port1: unable to enumerate USB device
[  976.937335][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  976.958611][   T35] veth3: left allmulticast mode
[  976.963887][   T35] bridge2: port 1(veth3) entered disabled state
[  977.396961][   T35] team0: Port device geneve0 removed
[  977.765132][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  977.779099][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  977.789976][   T35] bond0 (unregistering): Released all slaves
[  977.952654][   T35] bond1 (unregistering): (slave veth0_to_bond): Releasing backup interface
[  977.963297][   T35] bond1 (unregistering): Released all slaves
[  978.716607][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  978.735946][T15736] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  978.742730][T15736] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  979.229239][T15736] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  979.249887][T15736] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  979.577756][   T35] : left promiscuous mode
[  979.607855][T12977] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  979.620769][T12977] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  979.632554][T12977] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  979.681266][T12977] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  979.692030][T12977] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  981.776402][   T10] vhci_hcd: vhci_device speed not set
[  992.749919][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.188972][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.630452][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[ 1127.145949][   T31] INFO: task kworker/u8:2:35 blocked for more than 143 seconds.
[ 1127.153682][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1127.161164][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1127.169962][   T31] task:kworker/u8:2    state:D stack:20464 pid:35    tgid:35    ppid:2      task_flags:0x4208160 flags:0x00004000
[ 1127.182179][   T31] Workqueue: netns cleanup_net
[ 1127.187374][   T31] Call Trace:
[ 1127.190706][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1127.193673][   T31]  __schedule+0x16a2/0x4cb0
[ 1127.198278][   T31]  ? __lock_acquire+0xa81/0xd20
[ 1127.203359][   T31]  ? schedule+0x165/0x360
[ 1127.207879][   T31]  ? __pfx___schedule+0x10/0x10
[ 1127.212804][   T31]  ? schedule+0x91/0x360
[ 1127.217263][   T31]  schedule+0x165/0x360
[ 1127.221489][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1127.227356][   T31]  __mutex_lock+0x724/0xe80
[ 1127.232018][   T31]  ? kobject_put+0x43f/0x480
[ 1127.237100][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1127.241859][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1127.247565][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1127.252667][   T31]  ? __pfx_device_del+0x10/0x10
[ 1127.258172][   T31]  rfkill_unregister+0xc8/0x220
[ 1127.263099][   T31]  wiphy_unregister+0x238/0xae0
[ 1127.268620][   T31]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[ 1127.274598][   T31]  ? __pfx_wiphy_unregister+0x10/0x10
[ 1127.280506][   T31]  ? kasan_quarantine_put+0xdd/0x220
[ 1127.286214][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.296259][   T31]  ? kfree+0x18e/0x440
[ 1127.300680][   T31]  ieee80211_unregister_hw+0x1e2/0x2c0
[ 1127.335852][   T31]  mac80211_hwsim_del_radio+0x275/0x460
[ 1127.341536][   T31]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1127.375117][   T31]  hwsim_exit_net+0x584/0x640
[ 1127.380380][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1127.386052][   T31]  ? __ip_vs_dev_cleanup_batch+0x185/0x260
[ 1127.391940][   T31]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[ 1127.398320][   T31]  ops_undo_list+0x49a/0x990
[ 1127.403014][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1127.409409][   T31]  cleanup_net+0x4c5/0x800
[ 1127.413906][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1127.419029][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1127.424316][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1127.430208][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1127.436037][   T31]  process_scheduled_works+0xade/0x17b0
[ 1127.441708][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1127.447917][   T31]  worker_thread+0x8a0/0xda0
[ 1127.452597][   T31]  kthread+0x70e/0x8a0
[ 1127.456896][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1127.462070][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.466813][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1127.472075][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.477408][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.482054][   T31]  ret_from_fork+0x3f9/0x770
[ 1127.486875][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1127.492048][   T31]  ? __switch_to_asm+0x39/0x70
[ 1127.496969][   T31]  ? __switch_to_asm+0x33/0x70
[ 1127.501786][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.506537][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1127.511359][   T31]  </TASK>
[ 1127.514532][   T31] INFO: task kworker/1:4:14042 blocked for more than 143 seconds.
[ 1127.522658][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1127.530092][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1127.538961][   T31] task:kworker/1:4     state:D stack:20696 pid:14042 tgid:14042 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1127.551072][   T31] Workqueue: events rfkill_sync_work
[ 1127.556468][   T31] Call Trace:
[ 1127.559786][   T31]  <TASK>
[ 1127.562767][   T31]  __schedule+0x16a2/0x4cb0
[ 1127.567405][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1127.572821][   T31]  ? schedule+0x165/0x360
[ 1127.577324][   T31]  ? __pfx___schedule+0x10/0x10
[ 1127.582255][   T31]  ? schedule+0x91/0x360
[ 1127.586630][   T31]  schedule+0x165/0x360
[ 1127.590851][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1127.596391][   T31]  __mutex_lock+0x724/0xe80
[ 1127.600972][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1127.605946][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1127.610703][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1127.616170][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1127.621271][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.626996][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1127.632980][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1127.639727][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1127.645896][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1127.651089][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1127.658193][   T31]  rfkill_set_block+0x1d2/0x440
[ 1127.663123][   T31]  rfkill_sync_work+0x114/0x200
[ 1127.668350][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1127.674139][   T31]  process_scheduled_works+0xade/0x17b0
[ 1127.679833][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1127.685994][   T31]  worker_thread+0x8a0/0xda0
[ 1127.690652][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1127.697134][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1127.702143][   T31]  kthread+0x70e/0x8a0
[ 1127.706347][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1127.711512][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.716226][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1127.721459][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.726783][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.731428][   T31]  ret_from_fork+0x3f9/0x770
[ 1127.736147][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1127.741318][   T31]  ? __switch_to_asm+0x39/0x70
[ 1127.746456][   T31]  ? __switch_to_asm+0x33/0x70
[ 1127.751241][   T31]  ? __pfx_kthread+0x10/0x10
[ 1127.755928][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1127.760768][   T31]  </TASK>
[ 1127.763856][   T31] INFO: task syz.1.2831:15736 blocked for more than 143 seconds.
[ 1127.771782][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1127.779230][   T31]       Blocked by coredump.
[ 1127.786114][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1127.794891][   T31] task:syz.1.2831      state:D stack:25408 pid:15736 tgid:15735 ppid:5824   task_flags:0x40044c flags:0x00004006
[ 1127.808289][   T31] Call Trace:
[ 1127.811630][   T31]  <TASK>
[ 1127.814595][   T31]  __schedule+0x16a2/0x4cb0
[ 1127.819186][   T31]  ? stack_trace_save+0x9c/0xe0
[ 1127.824095][   T31]  ? __lock_acquire+0xa81/0xd20
[ 1127.829078][   T31]  ? schedule+0x165/0x360
[ 1127.833458][   T31]  ? __pfx___schedule+0x10/0x10
[ 1127.838428][   T31]  ? schedule+0x91/0x360
[ 1127.842723][   T31]  schedule+0x165/0x360
[ 1127.846995][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1127.852504][   T31]  __mutex_lock+0x724/0xe80
[ 1127.857331][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1127.862090][   T31]  ? rfkill_fop_release+0x4b/0x220
[ 1127.867556][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1127.872668][   T31]  ? __pfx_rfkill_fop_release+0x10/0x10
[ 1127.878591][   T31]  rfkill_fop_release+0x4b/0x220
[ 1127.883615][   T31]  ? __pfx_rfkill_fop_release+0x10/0x10
[ 1127.889332][   T31]  __fput+0x449/0xa70
[ 1127.893365][   T31]  task_work_run+0x1d1/0x260
[ 1127.898491][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1127.903704][   T31]  do_exit+0x6ad/0x22e0
[ 1127.908029][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1127.913133][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1127.918014][   T31]  do_group_exit+0x21c/0x2d0
[ 1127.922690][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.928085][   T31]  get_signal+0x125e/0x1310
[ 1127.932689][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1127.938450][   T31]  ? __fget_files+0x2a/0x420
[ 1127.943120][   T31]  ? __fget_files+0x3a0/0x420
[ 1127.948411][   T31]  ? __fget_files+0x2a/0x420
[ 1127.953087][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1127.959453][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1127.964989][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1127.970968][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1127.975885][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.982036][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1127.988353][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1127.993078][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.000079][   T31] RIP: 0033:0x7f1d0c18e929
[ 1128.004545][   T31] RSP: 002b:00007f1d0cf94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1128.013276][   T31] RAX: 0000000000000008 RBX: 00007f1d0c3b5fa0 RCX: 00007f1d0c18e929
[ 1128.021451][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000006
[ 1128.036660][   T31] RBP: 00007f1d0c210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1128.044796][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1128.053096][   T31] R13: 0000000000000000 R14: 00007f1d0c3b5fa0 R15: 00007ffe7f9431d8
[ 1128.061454][   T31]  </TASK>
[ 1128.064569][   T31] INFO: task syz.5.2832:15741 blocked for more than 144 seconds.
[ 1128.075232][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1128.082863][   T31]       Blocked by coredump.
[ 1128.087977][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1128.096927][   T31] task:syz.5.2832      state:D stack:24344 pid:15741 tgid:15740 ppid:13007  task_flags:0x40044c flags:0x00004002
[ 1128.110907][   T31] Call Trace:
[ 1128.114261][   T31]  <TASK>
[ 1128.117595][   T31]  __schedule+0x16a2/0x4cb0
[ 1128.122169][   T31]  ? schedule+0x165/0x360
[ 1128.126801][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1128.131715][   T31]  ? __pfx___schedule+0x10/0x10
[ 1128.136946][   T31]  ? schedule+0x91/0x360
[ 1128.141252][   T31]  schedule+0x165/0x360
[ 1128.145449][   T31]  schedule_timeout+0x9a/0x270
[ 1128.150728][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1128.156224][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1128.161472][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.166773][   T31]  ? wait_for_completion+0x267/0x5d0
[ 1128.172099][   T31]  wait_for_completion+0x2bf/0x5d0
[ 1128.177308][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[ 1128.182995][   T31]  ? __flush_work+0xd2/0xbc0
[ 1128.187806][   T31]  ? __flush_work+0xd2/0xbc0
[ 1128.192442][   T31]  __flush_work+0x9b9/0xbc0
[ 1128.197171][   T31]  ? __flush_work+0xd2/0xbc0
[ 1128.201783][   T31]  ? __pfx___flush_work+0x10/0x10
[ 1128.206908][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[ 1128.212289][   T31]  ? __pfx___cancel_work+0x10/0x10
[ 1128.217520][   T31]  ? nfc_genl_device_removed+0x23c/0x330
[ 1128.223235][   T31]  __cancel_work_sync+0xbe/0x110
[ 1128.228274][   T31]  rfkill_unregister+0x92/0x220
[ 1128.233192][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1128.238532][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1128.244303][   T31]  virtual_ncidev_close+0x56/0x90
[ 1128.249430][   T31]  __fput+0x449/0xa70
[ 1128.253463][   T31]  task_work_run+0x1d1/0x260
[ 1128.258152][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1128.263344][   T31]  do_exit+0x6ad/0x22e0
[ 1128.267635][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1128.272704][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1128.277399][   T31]  do_group_exit+0x21c/0x2d0
[ 1128.282036][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.287345][   T31]  get_signal+0x125e/0x1310
[ 1128.291918][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1128.297574][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1128.303785][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1128.309596][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1128.314929][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1128.320055][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.325325][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.331518][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1128.336313][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.342262][   T31] RIP: 0033:0x7f161218e929
[ 1128.346807][   T31] RSP: 002b:00007f1612f51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1128.355282][   T31] RAX: 0000000000000006 RBX: 00007f16123b5fa0 RCX: 00007f161218e929
[ 1128.363362][   T31] RDX: 0000000000000002 RSI: 0000200000000400 RDI: ffffffffffffff9c
[ 1128.371449][   T31] RBP: 00007f1612210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1128.379526][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1128.387618][   T31] R13: 0000000000000000 R14: 00007f16123b5fa0 R15: 00007ffdaf680f88
[ 1128.395716][   T31]  </TASK>
[ 1128.398786][   T31] INFO: task syz-executor:15746 blocked for more than 144 seconds.
[ 1128.406785][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1128.414094][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1128.422973][   T31] task:syz-executor    state:D stack:26432 pid:15746 tgid:15746 ppid:1      task_flags:0x400140 flags:0x00004000
[ 1128.435231][   T31] Call Trace:
[ 1128.438618][   T31]  <TASK>
[ 1128.441591][   T31]  __schedule+0x16a2/0x4cb0
[ 1128.446221][   T31]  ? schedule+0x165/0x360
[ 1128.450617][   T31]  ? __pfx___schedule+0x10/0x10
[ 1128.455578][   T31]  ? schedule+0x91/0x360
[ 1128.459868][   T31]  schedule+0x165/0x360
[ 1128.464043][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1128.469638][   T31]  __mutex_lock+0x724/0xe80
[ 1128.474210][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1128.479155][   T31]  ? rfkill_fop_open+0x12d/0x820
[ 1128.484165][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1128.489332][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1128.494663][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1128.500137][   T31]  rfkill_fop_open+0x12d/0x820
[ 1128.504958][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[ 1128.510411][   T31]  misc_open+0x2b9/0x330
[ 1128.514714][   T31]  chrdev_open+0x4cc/0x5e0
[ 1128.519209][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1128.524209][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1128.529257][   T31]  do_dentry_open+0xdf3/0x1970
[ 1128.534088][   T31]  vfs_open+0x3b/0x340
[ 1128.538475][   T31]  ? path_openat+0x2ecd/0x3830
[ 1128.543284][   T31]  path_openat+0x2ee5/0x3830
[ 1128.548010][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1128.553028][   T31]  do_filp_open+0x1fa/0x410
[ 1128.557632][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1128.562530][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1128.567678][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1128.572570][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1128.577030][   T31]  do_sys_openat2+0x121/0x1c0
[ 1128.581759][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1128.587163][   T31]  __x64_sys_openat+0x138/0x170
[ 1128.592086][   T31]  do_syscall_64+0xfa/0x3b0
[ 1128.596695][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.601956][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.608120][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1128.612840][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.618839][   T31] RIP: 0033:0x7fc9ea18d290
[ 1128.623291][   T31] RSP: 002b:00007ffc699dded0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1128.632139][   T31] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fc9ea18d290
[ 1128.640234][   T31] RDX: 0000000000000001 RSI: 00007fc9ea2115b1 RDI: 00000000ffffff9c
[ 1128.648558][   T31] RBP: 00007fc9ea2115b1 R08: 0000000000000000 R09: 00007ffc699dde67
[ 1128.656615][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1128.664624][   T31] R13: 0000000000000001 R14: 0000000000000009 R15: 0000000000000000
[ 1128.672715][   T31]  </TASK>
[ 1128.675832][   T31] INFO: task syz.4.2838:15778 blocked for more than 144 seconds.
[ 1128.683578][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1128.691061][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1128.699863][   T31] task:syz.4.2838      state:D stack:27240 pid:15778 tgid:15776 ppid:5821   task_flags:0x400040 flags:0x00004004
[ 1128.712017][   T31] Call Trace:
[ 1128.715328][   T31]  <TASK>
[ 1128.718355][   T31]  __schedule+0x16a2/0x4cb0
[ 1128.722908][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1128.727984][   T31]  ? security_file_open+0xb1/0x270
[ 1128.733157][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1128.738231][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1128.743142][   T31]  ? schedule+0x165/0x360
[ 1128.747958][   T31]  ? __pfx___schedule+0x10/0x10
[ 1128.752887][   T31]  ? schedule+0x91/0x360
[ 1128.757521][   T31]  schedule+0x165/0x360
[ 1128.761739][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1128.767298][   T31]  __mutex_lock+0x724/0xe80
[ 1128.771853][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1128.776643][   T31]  ? misc_open+0x51/0x330
[ 1128.781025][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1128.786203][   T31]  misc_open+0x51/0x330
[ 1128.790608][   T31]  chrdev_open+0x4cc/0x5e0
[ 1128.795076][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1128.800105][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1128.805103][   T31]  do_dentry_open+0xdf3/0x1970
[ 1128.810020][   T31]  vfs_open+0x3b/0x340
[ 1128.814174][   T31]  ? path_openat+0x2ecd/0x3830
[ 1128.819088][   T31]  path_openat+0x2ee5/0x3830
[ 1128.823728][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1128.828713][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1128.833694][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.839905][   T31]  do_filp_open+0x1fa/0x410
[ 1128.844458][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1128.849540][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1128.854637][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1128.859614][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1128.864030][   T31]  do_sys_openat2+0x121/0x1c0
[ 1128.869077][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1128.873993][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1128.879308][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1128.884143][   T31]  __x64_sys_openat+0x138/0x170
[ 1128.889109][   T31]  do_syscall_64+0xfa/0x3b0
[ 1128.893659][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1128.898969][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.905077][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1128.910212][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.917795][   T31] RIP: 0033:0x7fa371b8e929
[ 1128.922282][   T31] RSP: 002b:00007fa37297f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1128.930848][   T31] RAX: ffffffffffffffda RBX: 00007fa371db5fa0 RCX: 00007fa371b8e929
[ 1128.939055][   T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[ 1128.947138][   T31] RBP: 00007fa371c10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1128.955149][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1128.963348][   T31] R13: 0000000000000000 R14: 00007fa371db5fa0 R15: 00007ffd2c5e4b78
[ 1128.971581][   T31]  </TASK>
[ 1128.974664][   T31] INFO: task syz-executor:15789 blocked for more than 145 seconds.
[ 1128.983078][   T31]       Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0
[ 1128.990469][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1129.001966][   T31] task:syz-executor    state:D stack:27240 pid:15789 tgid:15789 ppid:1      task_flags:0x400040 flags:0x00004000
[ 1129.014207][   T31] Call Trace:
[ 1129.017658][   T31]  <TASK>
[ 1129.020629][   T31]  __schedule+0x16a2/0x4cb0
[ 1129.025151][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1129.030263][   T31]  ? security_file_open+0xb1/0x270
[ 1129.035426][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1129.040499][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1129.045417][   T31]  ? schedule+0x165/0x360
[ 1129.049920][   T31]  ? __pfx___schedule+0x10/0x10
[ 1129.054836][   T31]  ? schedule+0x91/0x360
[ 1129.059163][   T31]  schedule+0x165/0x360
[ 1129.063364][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1129.070857][   T31]  __mutex_lock+0x724/0xe80
[ 1129.076301][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1129.081050][   T31]  ? misc_open+0x51/0x330
[ 1129.085422][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1129.090610][   T31]  misc_open+0x51/0x330
[ 1129.094857][   T31]  chrdev_open+0x4cc/0x5e0
[ 1129.099525][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1129.104525][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1129.110569][   T31]  do_dentry_open+0xdf3/0x1970
[ 1129.115477][   T31]  vfs_open+0x3b/0x340
[ 1129.120056][   T31]  ? path_openat+0x2ecd/0x3830
[ 1129.124919][   T31]  path_openat+0x2ee5/0x3830
[ 1129.129743][   T31]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1129.135299][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1129.140750][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1129.146337][   T31]  ? __pfx___up_read+0x10/0x10
[ 1129.151181][   T31]  ? do_user_addr_fault+0xbc1/0x1390
[ 1129.156687][   T31]  do_filp_open+0x1fa/0x410
[ 1129.161244][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1129.166272][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1129.171361][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1129.176360][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1129.180768][   T31]  do_sys_openat2+0x121/0x1c0
[ 1129.185482][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1129.190799][   T31]  ? fd_install+0x97/0x540
[ 1129.195244][   T31]  ? fd_install+0x30d/0x540
[ 1129.200137][   T31]  __x64_sys_openat+0x138/0x170
[ 1129.205049][   T31]  do_syscall_64+0xfa/0x3b0
[ 1129.209731][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.214979][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.221239][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1129.226142][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1129.232100][   T31] RIP: 0033:0x7f006018d211
[ 1129.236669][   T31] RSP: 002b:00007fffcb868730 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1129.245149][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f006018d211
[ 1129.253315][   T31] RDX: 0000000000000002 RSI: 00007f0060211506 RDI: 00000000ffffff9c
[ 1129.261434][   T31] RBP: 00007f0060211506 R08: 0000000000000000 R09: 00007f0060eed6c0
[ 1129.269556][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1129.277729][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1129.285885][   T31]  </TASK>
[ 1129.289003][   T31] 
[ 1129.289003][   T31] Showing all locks held in the system:
[ 1129.297015][   T31] 3 locks held by kworker/u8:0/12:
[ 1129.302165][   T31]  #0: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1129.312455][   T31]  #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x318/0x6d0
[ 1129.324014][   T31]  #2: ffffffff99c72c28 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x9a/0x250
[ 1129.334631][   T31] 1 lock held by khungtaskd/31:
[ 1129.339568][   T31]  #0: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1129.349568][   T31] 4 locks held by kworker/u8:2/35:
[ 1129.354703][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1129.365734][   T31]  #1: ffffc90000ab7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1129.376456][   T31]  #2: ffffffff8f4f0710 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1129.385942][   T31]  #3: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1129.396215][   T31] 2 locks held by getty/5582:
[ 1129.400923][   T31]  #0: ffff888030db30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1129.410828][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1129.421250][   T31] 1 lock held by syz-executor/5824:
[ 1129.426551][   T31]  #0: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1129.436772][   T31] 1 lock held by syz-executor/13007:
[ 1129.442088][   T31]  #0: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1129.452296][   T31] 4 locks held by kworker/1:4/14042:
[ 1129.457674][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1129.468846][   T31]  #1: ffffc90003797bc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1129.481571][   T31]  #2: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[ 1129.491745][   T31]  #3: ffff888028340100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1129.501595][   T31] 1 lock held by syz.1.2831/15736:
[ 1129.506950][   T31]  #0: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_release+0x4b/0x220
[ 1129.517279][   T31] 1 lock held by syz.5.2832/15741:
[ 1129.522423][   T31]  #0: ffff888028340100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1129.532604][   T31] 2 locks held by syz-executor/15746:
[ 1129.538069][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.546689][   T31]  #1: ffffffff8f7d7f48 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1129.556880][   T31] 1 lock held by syz.4.2838/15778:
[ 1129.562019][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.570575][   T31] 1 lock held by syz-executor/15789:
[ 1129.575979][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.584533][   T31] 1 lock held by syz-executor/15907:
[ 1129.589958][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.598559][   T31] 1 lock held by syz-executor/15918:
[ 1129.603870][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.612516][   T31] 1 lock held by syz-executor/15955:
[ 1129.617885][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.626673][   T31] 1 lock held by syz-executor/16040:
[ 1129.631998][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.640825][   T31] 1 lock held by syz-executor/16042:
[ 1129.646246][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.654783][   T31] 1 lock held by syz-executor/16050:
[ 1129.660154][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.668736][   T31] 1 lock held by syz-executor/16052:
[ 1129.674029][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.682569][   T31] 1 lock held by syz-executor/16054:
[ 1129.687967][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.696637][   T31] 1 lock held by syz-executor/16061:
[ 1129.701957][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.711180][   T31] 1 lock held by syz-executor/16063:
[ 1129.718190][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.726824][   T31] 1 lock held by syz-executor/16071:
[ 1129.732149][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.740906][   T31] 1 lock held by syz-executor/16073:
[ 1129.746742][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.755720][   T31] 1 lock held by syz-executor/16075:
[ 1129.761047][   T31]  #0: ffffffff8e9b0c48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1129.769628][   T31] 
[ 1129.771980][   T31] =============================================
[ 1129.771980][   T31] 
[ 1129.781255][   T31] NMI backtrace for cpu 0
[ 1129.781274][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[ 1129.781299][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1129.781311][   T31] Call Trace:
[ 1129.781320][   T31]  <TASK>
[ 1129.781330][   T31]  dump_stack_lvl+0x189/0x250
[ 1129.781364][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1129.781390][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1129.781421][   T31]  ? __pfx__printk+0x10/0x10
[ 1129.781457][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1129.781483][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1129.781503][   T31]  ? _printk+0xcf/0x120
[ 1129.781529][   T31]  ? __pfx__printk+0x10/0x10
[ 1129.781551][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1129.781582][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1129.781607][   T31]  watchdog+0xfee/0x1030
[ 1129.781636][   T31]  ? watchdog+0x1de/0x1030
[ 1129.781672][   T31]  kthread+0x70e/0x8a0
[ 1129.781698][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1129.781723][   T31]  ? __pfx_kthread+0x10/0x10
[ 1129.781747][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1129.781771][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.781795][   T31]  ? __pfx_kthread+0x10/0x10
[ 1129.781818][   T31]  ret_from_fork+0x3f9/0x770
[ 1129.781848][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1129.781883][   T31]  ? __switch_to_asm+0x39/0x70
[ 1129.781902][   T31]  ? __switch_to_asm+0x33/0x70
[ 1129.781920][   T31]  ? __pfx_kthread+0x10/0x10
[ 1129.781944][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1129.781982][   T31]  </TASK>
[ 1129.781990][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1129.939913][    C1] NMI backtrace for cpu 1
[ 1129.939931][    C1] CPU: 1 UID: 0 PID: 13735 Comm: kworker/u8:3 Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[ 1129.939953][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1129.939966][    C1] Workqueue: bat_events batadv_nc_worker
[ 1129.939992][    C1] RIP: 0010:debug_smp_processor_id+0x0/0x20
[ 1129.940020][    C1] Code: c7 60 ae 1f 8e 4c 89 f6 e8 6d dd 90 f9 e9 66 ff ff ff cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 c7 c7 20 af e1 8b 48 c7 c6 60 af e1 8b eb 1c 66 66
[ 1129.940042][    C1] RSP: 0018:ffffc9000ab67990 EFLAGS: 00000283
[ 1129.940057][    C1] RAX: 0000000000000001 RBX: ffff8880317d6180 RCX: ffff888025bf0000
[ 1129.940070][    C1] RDX: 0000000000000000 RSI: ffffffff8b2c52c2 RDI: ffffffff8e13f060
[ 1129.940083][    C1] RBP: fffffffffffffe38 R08: 0000000000000000 R09: ffffffff8b2c52c2
[ 1129.940096][    C1] R10: dffffc0000000000 R11: ffffffff8b2c51f0 R12: dffffc0000000000
[ 1129.940110][    C1] R13: ffffffff8b2c52c2 R14: ffffffff8e13f060 R15: 000000000000005e
[ 1129.940124][    C1] FS:  0000000000000000(0000) GS:ffff888125d89000(0000) knlGS:0000000000000000
[ 1129.940139][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1129.940151][    C1] CR2: 00007f0b2295c4fe CR3: 000000000df38000 CR4: 00000000003526f0
[ 1129.940167][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1129.940178][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1129.940189][    C1] Call Trace:
[ 1129.940196][    C1]  <TASK>
[ 1129.940203][    C1]  rcu_is_watching+0x15/0xb0
[ 1129.940232][    C1]  lock_release+0x4b/0x3e0
[ 1129.940259][    C1]  ? batadv_nc_worker+0xd2/0x610
[ 1129.940278][    C1]  batadv_nc_worker+0x28c/0x610
[ 1129.940299][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[ 1129.940325][    C1]  process_scheduled_works+0xade/0x17b0
[ 1129.940367][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1129.940402][    C1]  worker_thread+0x8a0/0xda0
[ 1129.940429][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1129.940455][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1129.940486][    C1]  kthread+0x70e/0x8a0
[ 1129.940506][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 1129.940531][    C1]  ? __pfx_kthread+0x10/0x10
[ 1129.940550][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1129.940569][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1129.940589][    C1]  ? __pfx_kthread+0x10/0x10
[ 1129.940607][    C1]  ret_from_fork+0x3f9/0x770
[ 1129.940633][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1129.940677][    C1]  ? __switch_to_asm+0x39/0x70
[ 1129.940693][    C1]  ? __switch_to_asm+0x33/0x70
[ 1129.940709][    C1]  ? __pfx_kthread+0x10/0x10
[ 1129.940727][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1129.940754][    C1]  </TASK>
[ 1129.941065][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1130.209198][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-12293-g7fdaba912981 #0 PREEMPT(full) 
[ 1130.220679][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1130.230759][   T31] Call Trace:
[ 1130.234062][   T31]  <TASK>
[ 1130.237010][   T31]  dump_stack_lvl+0x99/0x250
[ 1130.241643][   T31]  ? __asan_memcpy+0x40/0x70
[ 1130.246257][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1130.251482][   T31]  ? __pfx__printk+0x10/0x10
[ 1130.256109][   T31]  panic+0x2db/0x790
[ 1130.260045][   T31]  ? __pfx_panic+0x10/0x10
[ 1130.264500][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1130.270343][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1130.275747][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1130.281942][   T31]  watchdog+0x102d/0x1030
[ 1130.286305][   T31]  ? watchdog+0x1de/0x1030
[ 1130.290756][   T31]  kthread+0x70e/0x8a0
[ 1130.294847][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1130.299544][   T31]  ? __pfx_kthread+0x10/0x10
[ 1130.304152][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1130.309463][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1130.314684][   T31]  ? __pfx_kthread+0x10/0x10
[ 1130.319294][   T31]  ret_from_fork+0x3f9/0x770
[ 1130.323931][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1130.329079][   T31]  ? __switch_to_asm+0x39/0x70
[ 1130.333863][   T31]  ? __switch_to_asm+0x33/0x70
[ 1130.338652][   T31]  ? __pfx_kthread+0x10/0x10
[ 1130.343281][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1130.348081][   T31]  </TASK>
[ 1130.351305][   T31] Kernel Offset: disabled
[ 1130.355644][   T31] Rebooting in 86400 seconds..