last executing test programs:

1m19.297031855s ago: executing program 2 (id=247):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
inotify_rm_watch(r0, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000500)=@userptr={0x20, 0xa, 0x4, 0x2, 0x7, {0x0, 0x2710}, {0x4, 0xc, 0xd3, 0x9, 0x77, 0x0, "0080ca4f"}, 0xff, 0x2, {&(0x7f00000002c0)}, 0x4})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)

1m19.227126823s ago: executing program 2 (id=248):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

1m17.150580048s ago: executing program 2 (id=256):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

1m17.074518671s ago: executing program 2 (id=257):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) (fail_nth: 3)

1m15.870022601s ago: executing program 2 (id=262):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="34000000000901000000000000000000000000010800054046ac9c05cb6d69a073797a31000000000c00048008"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x2000000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c00018006000600800e0000100002800c0015"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f000009de40)={0x30, r3, 0x5, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x6}]}, 0x30}}, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, 0x0)
syz_usb_connect$hid(0x7, 0x3f, &(0x7f0000000100)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x1b1c, 0x1c04, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x6, 0x20, 0x6, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x3, 0x1, 0x3, 0x6, {0x9, 0x21, 0x400, 0x19, 0x1, {0x22, 0x1c6}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xf0, 0x8f, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x4, 0x2, 0x8}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x5, 0x62, 0x3, 0xff, 0x1}, 0x2e, &(0x7f0000000300)={0x5, 0xf, 0x2e, 0x4, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x0, 0x5, 0x4}, @wireless={0xb, 0x10, 0x1, 0xc, 0x29, 0x5, 0xe6, 0x5, 0x30}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "2febf129663338120e050550cc1d640d"}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x3401}}]})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x3, 0xe8, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001b316c910ce1ab2e93d5c010203010902d60002002a10000904ec0600fe02000309048104000e0100a807240126020400b40deb90a94aef33e509c09a395d4f850474c3824fec"], 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r8, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES64=r9, @ANYRES32=0x0, @ANYRES64=r9], 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x70, 0xa, 0x6, 0x102, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x9}, @IPSET_ATTR_IFACE={0x14, 0x17, 'geneve0\x00'}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz1\x00'}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xb}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x40000)

1m13.824293459s ago: executing program 2 (id=272):
r0 = syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029300030100700009040000000101"], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
flistxattr(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x12, @string={0x12, 0x3, "bef1a4e892c4f9fb1ce57c24197f5900"}}}, 0x0)

58.723271684s ago: executing program 32 (id=272):
r0 = syz_usb_connect$uac1(0x2, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029300030100700009040000000101"], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
flistxattr(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x12, @string={0x12, 0x3, "bef1a4e892c4f9fb1ce57c24197f5900"}}}, 0x0)

12.169668962s ago: executing program 0 (id=446):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x20002f7})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

11.10741961s ago: executing program 0 (id=450):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={<r0=>0x0, <r1=>0x0, <r2=>0x0}, &(0x7f00000001c0)=0xc)
sched_setscheduler(r0, 0x2, &(0x7f0000000280)=0x7)
r3 = getpid()
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
r5 = syz_clone3(0x0, 0x0)
fcntl$lock(r4, 0x25, &(0x7f00000006c0)={0x1, 0x2, 0x7f, 0x3, r5})
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0/file0/../file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r9, 0xc0405602, &(0x7f0000000600)={0x29, 0x1, 0x3, "ff050000007eefad00000000ffffffff000000000000000000000900", 0x32314d4e})
syz_usb_connect(0x0, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c8301020301090229000100000000090429000002020100052406"], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="900000001000030500000000"], 0x90}}, 0x0)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000003080)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000740)="84be30a8500eb677010f70bb07cd3641b91fa6bade5b7cff247983beada80b10bd902f9227d3c046d5d5c5ccc2e2946df337045ead8d7ff8e8d43d0d95700c5b2dfddf95d0fa0d9782621d5a257d9dc96dd9cb0c68a2386910640a716cc0a7691760ed77f705a4e1e751c11e6395b0defd5e383a54a1634566a6d1c0fed3b93f0bbf233d1e74822c7eb6e3d5b87862f1802f9c7f093903b03b8b873a5883d3fc4f5f220d16da4d6b80fc9c4e5ed4eb6fb1c18722c09778fb", 0xb8}, {&(0x7f0000000800)}, {&(0x7f0000000840)="22e8c09b7c896e87cec50f7bbd74485d8a1d7a41968167a1335e8d326d53f28529d3e75ae071252a02d1d3519a6fb080647d961e3088ed2a16918b11d5e742eaac553b18c99729a628cf0eac96a1f71d10c0169ba690031b50a629d1f322db0d96c22fc1131acd942db726ef3e67022e8596ec959c8c016e575a14ab87963661c04891afb921eeec5e4da75229b5f521d913d6849017d18db72ba659954416771825b326139ef6969cb22b", 0xab}, {&(0x7f0000000900)="ed2b8ef1eb480bcac086f247fbd5529425a524e8888fbb9bbfe457bd1e42c74e308e8d164e2e9f74ee94dae58790c2cb3f685b09ccc5ae15f6ad853e53442ff24655a33a46a69e76", 0x48}, {&(0x7f0000000980)="3bde5f31a732b83540c90666b861ab3eba6be3b588eed02736dc9414b092c1c6bdba7e48919ffb260c23339bd0d30c9b50a5096f90bbd5068860bd2611dac24d9a6fb8a5fe73215cc4c0be5b32c41341b5e015d9af66157e78d08333b955ad31159a79", 0x63}], 0x5, &(0x7f0000000f80)=[@cred={{0x1c, 0x1, 0x2, {r0, r1, r2}}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r9, r4, 0xffffffffffffffff, 0xffffffffffffffff, r8, r4, r7, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r1, r2}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r7]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}], 0xd0, 0x8000050}}, {{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000001080)="16f7f2d65d4fb649813a9cbc5aaa50349033f1a6046490486a40b4b0d82a468311a65c623153ce865670a6b5b0db59ed3c45d4645f2234a5432a96716f5e87a918643a8808a6d65a34cec4a9be33c82a35d20f99849778d772bfdb889432f5e98f", 0x61}, {&(0x7f0000001100)="f2ad8806e48bc1a6c7c990625b1df357b312f6a24b6d1d972e71db1e78907560b2ea0b2608d0bceda739d63a8f094e9a8ed9f3a889b4f9c028602eaaf78b988ef0deefb4995682e87d0b", 0x4a}, {&(0x7f0000001180)="9d8d84daccc3db61ab7a7b18934e90a085cce439dd916c4c9fc218c20ff07ea6d77aa03a2ecba649e1c121a7bd369e4b091e5e6508bc9db15774b1e204be321f05bbb54063f32c3e3a0e723ebf88fe2a5c9b0d99739b7d3860831afa82f2a7f98844a65d35dfcb8958715fa9dad7ad68ae11cfbb64f2300137f798ecdd85ae311bb567454bb770852a62144369a9af0e78f00b3d07894f488f27694a5bcc5f10e1b9abe3cb9278a44b6de9fb1c04a9f76a1c265163f29ca9ca8293b7de4bcbf9c255a3862a4dd7d907e03cb12215b404609be47804ec3e30f6499b9215791c5c275175a139702df7320001ef23272fe205", 0xf1}, {&(0x7f0000001280)="2c75466a14ded512e4be4a07931adcf7b1aeae65e2bada0a97287b532118228ea0c45adcfe67ce71b87eb4041747783163ed805149d2a8d49f60e387074cf042349a8c11479159889365d0e1ca8594d0f0dbecc1d4421d38ffc18ec836d8c195871c22af7525b4dcb5f09bfa4508ad62da87b0ebb47c708bdb49098922d090f9ae69319fd8b48be69bb49d21cfd5191407e8bcdc7fe97cbc20db4cbb467e7af047d33374ecfa62324c90f6441d3551", 0xaf}], 0x4, 0x0, 0x0, 0x1}}, {{&(0x7f0000001380)=@file={0x0, './file0/file0/../file0\x00'}, 0x6e, &(0x7f0000002700)=[{&(0x7f0000001400)="07c8944c5195dce910208ae2ac5cdc5e7b5abefd625c71552486f654b1a4477fbd91170b1051f9d9c4fa07aca93068c768b9fa1abe928197b05a1c7894a4fbbbdcbf34b84d5c02f29efe5c2804e706469c730808ce4e0dafde0d8a7fb89339278981a49bfa83984778cc34854210c7f996953f4dd7f7457977f9633c8af6510d377ae2abd9f0edd6a1dac936dc24410b08b9b9b73d5d5c7a597673bfa4744343bcc028fda9b32b56bbb28e59627dce2af03d482b459121c62a428af346d34faecd3e7f7c59efe003c30abec454b21260f95b481d3900a63f2d3a21d0a499135031cb807a52fa5276fcbedee373116d835e3922bb4bba52e02bcfc48e438af35b38e8b7061fb56b9ba9144bda659e6c24a0b1a26bf9b943eeb8cc857d13ad93d3f6673844ac947826bc6ad2aec536cfaa9400fac0ba1ec9eae4020290fbf2bf8f30b214c67acf733a429325aff138ef69a5d7dc396244c61f19f0614ec4aeb288da535153d3c71063526537d857919b19643aa4b94fffe3332bf1d021c37307119529abb869331e97ef1933d3698128520e279d09dabcf5669b50073e7d473820e11a9d780245f176575027226d0a57fd1ec7585178fcd444784a5253b33e7c35f862f6c7e049a8683f5ba57774971d2256a2dde060e0f62cf4063f595165faa3b982efaeed1bcb2cd4fe2afdbd656d566d6acb42091b312a389246fa05238692383bef125646005b8d8ea94c3e2f3e70cbc3c3010fa9d73c2ca2c2b50b047620af864c57081b891908cdd46e39ef2d7c4fb288139167dbf7a1acb1a5e23a23ca0dc64d8bb7fe3cff3bd7c85423d20fadc4452bd1aad1d22a503d2c3ac3a479f73239242ece3f2dd73fa3d20daaa10c2ee29850b4b0451d35e949b9e97d9e1058ab7b46b50b49d8a82e329d7a512c3a6fcb8f436a4bebcbcff10b92c878653d041243dfeb65ddaf9464f8780c26838dd493e9226cc610f4d083e2d0e0b5a632e07fc26253d511444d11acd095637b3812cb37afcdbe25c22062a2982f6ec6a5559c384db7d04db69707be3c1c7d9270025d73392d0b499624a247bdcf7101a92a17966774f63571ecddc7eba878d44d76d0816634a4780c2a9d1881f0208edd0bae4b401cf0f0ad9b46ea6717671d65707cf7a38658af5ab6542a9e78084d3f5e48d02ddb0de3ded8b67f8f25b64fbd81042f8198460adf68ce00650bde172d47957c4c4b86166d7b3f9c1892d82fc81aa8d5a51de7122ee6a3c520e5bb3e7503961bddfd49296cd9a0bbf87e204d49a458a53c00d3d533bcaa30c3996c10bc6b22e056bd39be250d6217ba830167cfe3dcee7c42302cfcc884c5463dbad90b6827e53df633d7734735bbba277150c0961b247cb152b8446f3ee1ce94096b8ccd3b76f01900ddbcb139967602b19618b47c3a412874c6b351e80ffcb963b5b2511dfbeb3b72fcc0ee75ca6a2bdac9ffc8f16fe7e071ca79ea37301a9fe7f40945d8c648477d4ce14c86438ff6883db133ad8c2ba0fce71ca1a18544b87c62c11ef36ba691a123dc2fb57f275bde75a3adc8131236f73f0e176afc7995483de2f5bdf342d8df47656cf6784ca43a1d87f90b587d5cf45e52991d025123964f5077a1f42cae38702b36b478335ad5e8bbc4b61f2e6e6424200d865261dab94317566ba531f3ff10d46f937284e66b7bbd81b04eb1008f0be9764b8f517d277b5e011c011c4b815e033c6c57d3f1dec608ee007899ee3c500d5c91efa438c681a86b1161d988fa2b6172a2dc5c1fc043da585c7ee13b04cbacaebdcc5eee67ee9b2af85c26a705235a1849611b233df18a453b4067b24c67cc43d045aa1fd20ca97e8a53c2bcf1b5188a9707c67e1a2006d57c8893066c406d44ee1f72febc2d924e6bfb44fcedb37f245fdda2c14bed651e922d99b1db38477e76724e995d88a0ba433087086b682cebde56a5f16996b3b2762427e651ec71028478686c33182935444b756e4ca2f999848519b941fbc0cc6f457b855d93277f6152f03ba714460395e3fa3c5243fcd78d1677172a76c51c86ec3e77fede78a36ff97e63fe99c352fdfd993816fc872813632129adef9507d6c21e045eaf44a7018d3d8e2f54ca9f09de75e217a92aad18896ec4850f2600114e62ad5d2ee80ca36575c8307caefd38b33c1bf92ad90ec5774f605636d17819749e56d302ebdfdd909ed5fd4859b22b78379b89bfae02ff8b6d1c7092a2c5a3070514753625566c659bcfe9a7ed424b6ca294e329f2a6da65212494d5e20f88ad23b8c2a10568335c970577fd3f82197e690bae9b26bc49e09e29625c50922a2b11f8d3e553631cf8f58de673db8c79bf6ba5333238f845146ef0aae44bd7c26feb715669449b1fc83d951b031ab43815d61da839c2ddff88aecfb14bc10f16a819f17b605a66d306acc0540c6c8210c8c51dbe634b6f1bbc9db9818593ceab7b598e976995a42a6487b879fd6736fb037057758ae5f91f35e71276ea1880be384cda0738b6b1ff796427089d6691a6434261bd329d7b7e274ce144edfd5f4beab3cb26e2a1249e16f577dbb438ee7935c01fb4d73f5737b0827d9c05375a2ac56773ec971b3ff1a3c3349d18feb4267c8f0040d7a9c832c8845c13c4ff4ac12da8a7608fd7af73395389133000da6bae5529db1db94fc94e80d4f602437ac38130b5727bdff702f40070350cdbdbe6ece803aeec6fea6be27710adec4858150dc5d7e5a0762717b8132a1e3d32b7d2066cd925d58ea479c18a88838021ace1d1c7b155f0b8394f4d220b57510505409eb0855aa74b38bc79f8155608bfe3a637af16093066d0e78329d0d1aabad71a20e9a63091021929431ec8b339cad67b7788cdeb9d09464b10708e27bdeeae63b9749f1d030f44c777918e9dcdb9ec7ee4ba404036d50d75fd8b4a7a0740fb5ce522cac7ad0bb488bf40a26670bb0fb0983a1ecff97f41e5743fb1d166a54038a0a87f1c164434c95f684843c4191002882aed2f28e34c2da890b4d9c1c138fdfd48a2d13a9e9c27c29aa9c0e5a8194f0905292bc7fd96df68247e1d50b46ef3fa1cba74217dde8270107003d8d17ee2eb015e39d343dc4f07b160b79a2f94c5b7a1a900d847518c38dda7ff004cba65f5bf2f7a2a3dc10010c60286c2033b2b4add754d7cac021aee778567a8e42f305196846aae0b6831b206df89329538a212dde2494128ace55573d4b51d817d4706923f0f742c21e267d93acbceee02eb51943107ae7a08cff9df22d9e9cd04567dabf0ff786ae34b7337e69b094fc9b5440179a48ca5f0c913b60ccf0ed6ec76b673ba345d5235190f78b9a0cea6b71220efb0a8b5f29e76cc87b59ceae66478857bafb7d3c844ae2d8670e5aa56c05345eae81fcca462747a89d5a2d7210c22b1c96f85725f3cb21d39755ef8d4224f0f29b9006a1f344762e5c08454aadf345b6e085190606e8246a4ae89018df8fb72eb4135e29b75a4d464c524b7e4f0c16d5e0238d788ba8bdfc1f0d8ffdbb769ba1e9b4c3379061081e5bd04c93dc6bc5bff4ff02c73aff71a5eac914283ca1c19544470da98774aa9c2b3cbd18aaa4568e9c382c0684065f8809111e7d45384b3e0b7159d18a5e36cf05dbaed7bcfd4b303e921c0e7ca56f2053774dfee0da2070306984bb1275c44898eef5aedf601645b0ba90a5d8d73f3e488b68ae5f10c5f5ca44b36777c7937d82bf36aa4222f9beedb4db2fc3eafe75bae738b984a1ded2498b3c7178fbc3fbb233e9f97d4a40e852b1ef4da195fffc504dce3d27df1457c911c9026e7fcf2c0a0e51a0784ba892df8b37fac04a88713b7262995e37fdcda8b1f96c429cdeb8fe872a3128f80255f1a69192fc91d35893d86e6efe2ed090f2f3cd774af7d258981d681192ac16fe34a624aca596e34ff030db83831c0d81574706d0bf61f078b628563c166b51d778d18b3b7e87efc097a4efb654f61e711ea9bca12f57842a080925ea2394943e35ae2525f19b6a96e7620be29a619b1285065cec302b8cd776ddf580f1f5f398c6db4a3b3e3da622312c184938f08de46a44cd2b743e2e7c799a538082df79f9f6c19785859e35371a3fae16d9073c3ccf689c8bbcb388f0a3597418fefc7c9dd24111eaa6303f426572d8e684c19a68729b8c4e4a42d160c9512b3cf493465ffb0ee6fc640f674ab606e8cd21aa5aa39d5ada61e22d0303db0a10d8d0e68fa8b925ee7db7257535c7592c86365d56b0d7ee70e7ba343a70a2b14a8f21293b77894a29b1426ccb79ae77aaaa36839ea28e4b5827e12bb54f58357b7986c8c2fe16704d1db8d3cc4b61564125bbcd9a15fad70b3295bbde2c12e3133eb27bcc0e94ac223859dd53a33797f6d160bf367de308e5c59709b9c6772405d84e5021900197dd87dba1d177a09af63222c39b37efc484d1afd8c9c16eee34b2ed9f7f2a1c965b5121d3b6378d980798c8ce1d856b40a321e3bc6d3b02c9175b0414377acedb7719212be3dc67e14854e32f6cacf756fc24507a78c8215b11a856ab074b1313415525897119fc320f8a5dba990094be666ec3f77cea09fcb13ae01b694858787a9e4cd0a2cdeb03b3a57abfb8d933f59767797b213779a14299d08745a962c73c227dba309abe70ee726e4570f489524c98211188c578002812f5df266e3dc6461872799cf0b1caded9a174867ba00fdc9fba979cbac28b876a2dce138bcc9c7a07c4791462048142115d930ccf0262136d302c35ebc09fa9997d77ad7b2417a59b6c8a59b9f742b788f45be178d718688ce9dc1a879ff6c71c9d849b14196b0ff3699fa961665ea499b90c008dd3d9477ab8b60dce30b3722b3d5d0c43239076a4cd4e5344ad0ebba1ccaf26cc712bc7a734bdf35aaa6d624a5ad6c8238841922a5206aca9f449944aa8d48f619fe04ec58343f5eab44fb28259d7a48fc22c33fc0cf93e9729b8038a322c4828b0f4f43751d5d146175f2cb291f74d9b1a45d04d97a8bd86aa5297d76b6affb844ff1576654f1b09ebd9bdd305a4957bf3705ea097986c4edc60cd49cd4082b3c908282845757d680ad293afb0312d4f919e8d83b53fcd5413ff11bdc7747efb7a4d74244c0ee9b7134f00734a990a96092c1355ca0b95e4636b39e01d0c2a3bc67c3f96c721d9a1ff72cc3e51c75a07f924362160b6177bddd11c72da37aa95eb249da5bf37cbbc54898d5705850aa52a061191580c6935662784d2ea73daef4c19660dae7714ca68a2e70a01ee4f38545eb393490635a3e5a0af950de61ea7f81d1342031bc80b9828fc81ea180eac07eb417099497b8372bbe87b50675d1fd0755e17b86a344160410317ae79971704280e255335a249275fb40fe20e9444e2066a30b80070eed1bc0aee7262b602db86443affd669073beb540b9d9eb53a2a69df12a81482663b8dabbd652698eb2c43a67508e833687bce881e6f791a61352906070ed66747055698f2450d1de1c2a66fe1de8c99a837f1c16eb8bb8d83f855c4447752d11de48b8e2fbf337a58020c84a20054228b7cce4c7db2e832fa17c5b3f0b8fd70ea07553b3a30fdb36722552c622ec399c03d96aaeaea12441d074d6341bd8de829d50fc0f25a97feff06e1a4c297f8310c1d203beb65e3672650bcdb9d7f539dc5aabcbd4d19a8fa280308007cd1ac7d3e5a3cc2b59dfaa5d2854f560a269717bc36f4e715d85cba80b0471a1b660baee1501be2dfc6c5361832cbcf42d356905ca699aa0ee6aa222c867430cc3764ba65287606a3c30", 0x1000}, {&(0x7f0000002400)="31a5bd78ef5c11d56fe7dbdd3422e87666e65dc1be6bbbc2e4f17edd9ad5f49d0207b084ada3e5ab798811a05bd0424b71576adbfbc6d0199ad3df45d34c552d0d82cc530f9868571e5d4c7135e3780f446f65bdcd3a1ad8eb1d55b7041f74", 0x5f}, {&(0x7f0000002480)}, {&(0x7f00000024c0)="dcc2d6e007dfcbed037c48895597920865184d9291302bebfe93da496897861188aad1f4e19e573f4a84d492aa33d5d53725b951eefde0e74d3b56b46787be461aa208ee95e8da2bfeb504a96ee3c5396df7ba6c73f9774c43ee55ca0adcfa4ad58d1c7e783c83aa89fdfd896d0be068fdc7de3bbc7c199a", 0x78}, {&(0x7f0000002540)="a1654b8928ad617844725e4be060d8a66e66f085908fa860d463eb7f505422a39a9b633d80f70429e1507f0cbc1bddc21448ae5110a8943d93f79ce252061fefcb4861e4640282bfd2156b65760b46371ee45ce3dfd1365aa7ba86328a9f1e63b21463ebe209b4ecda", 0x69}, {&(0x7f00000025c0)="7134790e92", 0x5}, {&(0x7f0000002600)="baa00c260d5f16265c88851fad359ae706f49ed3b2a6f3a72192d238706af3dc26ae647fbe62edd65c9416cfd8eac584f87cd66eb621b680fcca1bbd4148867f50ab0b2aed0bcd2a1018890930d6f1a902e6156e7234eaf0178dcd5b1fff888d006fd16eecb670175d5aa03260e879739c470e6d0e2017085382b514a8902dc834e6d966862c27dea7eb5a72d4be89e3bfeb9a18da4be1269889242e84ed8ecb0c396f337b0228bd8152c6e473283de6be6de9532ca935850ef3d55224a2697d0553dda7f60ca95eb71a", 0xca}], 0x7, 0x0, 0x0, 0x2000c000}}, {{&(0x7f0000002780)=@file={0x1, './file0/file0/../file0\x00'}, 0x6e, &(0x7f0000002d00)=[{&(0x7f0000002800)="f41311914de59ca0f548a9f0d5ac6886a6bed8d936895b3c4d4484ec22b593aab44fca2126cc757b0de83c4b4844feeb050bf65952c1b682c430838e7d162fd44020efa17f0b5ade07d00349a79fdf882642c5c14bc9967042966789cc52f7283f0d9c9517b80229873a7c020d8828cd799693", 0x73}, {&(0x7f0000002880)="be018bc7ebee108cc3d0fe6ca1016ac345b276cc825e1adaa22987f77a", 0x1d}, {&(0x7f00000028c0)="95a0fe3e4b0207e65dff7c3f173e50deb8ce48258466282bbfec1c08935e1ae4a5ec06d72bc973d3e0d8960bacd5e5ae415ec864dd53bc36576f5357ed7754b52756c6252081c9fd489f5d009db35392705b1f329054e8b418cda0c35554168a69a7bf081fee556d64b288acf5276fffcb5cf6dc4bf238927efdd9e498a221f5457103e0c7f945f75002220afc58d03ab33d8ccc5141080078a8f363a1dbc9ba090972a9ca8f516833ca3466ef5b5bd48189982f95", 0xb5}, {&(0x7f0000002980)="4d4eb89c04cf73b56601998d028de8c602919c892da7cbffb570b9fd9bd8bd45618a7a71d8563624df0f889e60d88b93a7d503147d99b281f070a77f6e0d80e2c4343bf249c8b0ce42041463a3def231a97b134d7c73ffb0234cc1b5be47cd22a39e4803be68e95c08a5d9154f947eb235f0c20eb1964530531720f1c84356412f00d71e98ad44b61c2d14397b3bad5c68b757cdcb8abe62223576de2d73047f11f0308ac9d19a2df9f7884710373f4226ed8c29a7143fb1a243f2a12eb778799be8a0", 0xc3}, {&(0x7f0000002a80)='`', 0x1}, {&(0x7f0000002ac0)="5e1e99cc45fe77f22517cb570f0b49721a3965d6ec1a4a74a58c8802acade1a94a362a085c4c32301dde7b646635bd940fc6cb788a628c943633288eae7358fe89aa074fd129", 0x46}, {&(0x7f0000002b40)="ca2e52b40f565c4a427ed83a514ca95075626331263c02b53ee9be8d51f015d94493fe23aba0edf8c5e9a91d8a7face0f96dd05b6904b4a12b0eec23b0b604552b94c8d40aad4ad518ac4a7ed2b9cfbdd90fc73c962165e2293e8b9ac54be3ace4", 0x61}, {&(0x7f0000002bc0)="ec8690df56185d1da680af8656cd95b30332dfde0be0d8cf19112d6d792002708a", 0x21}, {&(0x7f0000002c00)="969795155086f0aed24fa53f54032173c1e13559617e8e2f47c819af53fb421c0cad3963ff2f43f52088c2f9e49da91b1e6ba28a585131f44cec5cb0a13dfcaa3b7155029c6eca49138e200d366110973aba2fd335baa8744240dc951c0901dcda8a12bd751ad2f4723291efd0dc7d9d2eb520e5ee1515402c5a988e79d04edbd49c3fe150271026f96c4f47fa81593c113bc4cf8b546fb34ccd339ee464c8ce067ff1be06fae4787b1f5db92cb51296c3543a115154b313d054c9a5dcf29ce43625a8af71fe6fa159fa077e3b0c46d8d7a5951081645659eb81dac7f107da637d01fbd1fc4fc555843bcefa00fc0f2f402fa4f0c47c83c304f0", 0xfa}], 0x9, &(0x7f0000002f00)=[@rights={{0x20, 0x1, 0x1, [r7, r8, 0xffffffffffffffff, r6]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r9, 0xffffffffffffffff, r6, 0xffffffffffffffff, r8, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r3}}}, @rights={{0x20, 0x1, 0x1, [r8, 0xffffffffffffffff, r7, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [r8, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [r7, 0xffffffffffffffff, 0xffffffffffffffff, r8, r9, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r4, 0xffffffffffffffff, r9, r8]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r1, r2}}}], 0x178, 0x200400d4}}], 0x4, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r10 = fspick(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x1)
fsconfig$FSCONFIG_SET_FD(r10, 0x5, &(0x7f0000000800)='5:\x00j/\t\xe5\x81\xff\x01\tw\xb7\xb3\x0f\xf2\x89\xe4@\xac\x00'/31, 0x0, r8)
r11 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0xb5ac, 0x400, 0x0, 0x4003}, &(0x7f0000000100)=<r12=>0x0, &(0x7f0000000700)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9})
io_uring_enter(r11, 0x3516, 0x0, 0x0, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

7.791927017s ago: executing program 4 (id=458):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000002000004"], 0x0, 0x4e}, 0x28) (async)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0) (async)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000f"], 0x2c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00_\x00'], 0x20}], 0x1}, 0x0) (async)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c) (async)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x40200, 0x0)
sendfile(r0, r2, 0x0, 0x20000000000d39a)

6.8958551s ago: executing program 5 (id=459):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x20002f7})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

6.768692966s ago: executing program 3 (id=460):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x2d, 0x2, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f00000000c0)='\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)
timer_settime(0x0, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="500000002100010000000000fefffffffc020000000000000000000000000000fc020000000000000000000000000001fffc0000000000000a00e08000000000", @ANYRESDEC=r3, @ANYRES32=0x0, @ANYBLOB="02000000687802d0891aae7f"], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
io_uring_setup(0xc90, &(0x7f00000002c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$vim2m(&(0x7f00000002c0), 0xf, 0x2)
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
connect$inet6(r6, &(0x7f0000000080)={0xa, 0x4e05, 0x1, @mcast1, 0x7}, 0x1c)
sendto$inet6(r2, &(0x7f00000003c0)="80006466d380569935f9ca24a56ba98b917afc5cf61a5981003c573600f83ec300c565890627292cf4d8827a6b1976928c97995c1a5fd373e766736f6609f83840272d795206f83a534fc67e9ae760ba04b2", 0xfffffffffffffd3f, 0x40000c0, 0x0, 0x0)
r7 = socket(0x10, 0x80002, 0x2)
bind$netlink(r7, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0)
connect$netlink(r7, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendto(r7, &(0x7f00000000c0)='\x00', 0x1, 0x0, 0x0, 0x0)
r8 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000001040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r8, 0xc01064c1, &(0x7f00000010c0))
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, 0x0)

6.704782474s ago: executing program 4 (id=461):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
timer_create(0x3, 0x0, &(0x7f0000044000))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x1503, 0x4}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_OPERSTATE={0x5, 0x10, 0x5}, @IFLA_LINKMODE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x14)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd6000000000142c00fe8000000000000000000000000000bbfe800000000000"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0xc0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x6, @private=0xa010100, 0x4e21, 0x2, 'sed\x00', 0x2, 0x0, 0x68}, 0x2c)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x7000000}, 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb006}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00'}, 0x10)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000340)={{0x77359400}}, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, 0x0}}], 0x1, 0x240600d0)
ioctl$sock_inet_tcp_SIOCINQ(r3, 0x541b, 0x0)
r4 = dup(0xffffffffffffffff)
mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, r4, 0x0)
r5 = openat(r4, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000000)={0x210a, r5}, 0x0)
landlock_restrict_self(r6, 0x5)
mbind(&(0x7f00009aa000/0x2000)=nil, 0x2000, 0x0, &(0x7f0000000280)=0x5, 0xffffffffffffffff, 0x4)
dup(0xffffffffffffffff)

6.685544983s ago: executing program 0 (id=462):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b708000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
getsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000240), &(0x7f00000002c0)=0x8)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000080)=@assoc_value, &(0x7f0000000040)=0x8)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3, 0x80000000}, {0x60, 0x8}, {}, {0x2}, {0x6, 0x0, 0xfe, 0x10000000}]})
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000580)=@generic={&(0x7f0000000300)='.\x00'}, 0x18)

5.761756073s ago: executing program 5 (id=463):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
eventfd(0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8, 0xffe, 0x1ff, 0x42000}, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c0000001400", @ANYRES16=r1], 0x28}}, 0x0)

5.518810745s ago: executing program 3 (id=464):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x188, 0x65, 0x200, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x4, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x15c, 0x2, [@TCA_BPF_ACT={0x104, 0x1, [@m_mirred={0xbc, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x5, 0x9, 0x2, 0x38eb8000, 0x9b}, 0x1}}]}, {0x6d, 0x6, "dae0489b799d15556c6c7d44ae8f295fea1c62d64b963cf0dd1fcb6569ccece7639c45fe850fdd998bfb2bf1864e314a1573d71d7ce0c846e05d02bea46bb8684f4400bcd9e6ffd44db802ec87e70b916f5c754381982d8e0d94021e6c0a03419d371065f3943d3dd6"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbedit={0x44, 0x3, 0x0, 0x0, {{0xc}, {0x4}, {0x16, 0x6, "6312ba1453c5d091a0881fca14b9956480f3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_ACT={0x48, 0x1, [@m_bpf={0x44, 0x7, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x7, 0x1, 0x9, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x22bf533d53fd5981, 0x3}}}}]}]}}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x2040000, &(0x7f0000003700)={0x77359400})

4.883351226s ago: executing program 4 (id=467):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece)
preadv(r3, &(0x7f0000001540)=[{&(0x7f00000001c0)=""/35, 0x23}, {&(0x7f0000001680)=""/4110, 0xfffffdda}], 0x2, 0x0, 0x10)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4}, './file0\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) (async)
preadv(r3, &(0x7f0000001540)=[{&(0x7f00000001c0)=""/35, 0x23}, {&(0x7f0000001680)=""/4110, 0xfffffdda}], 0x2, 0x0, 0x10) (async)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) (async)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) (async)

4.776064659s ago: executing program 3 (id=468):
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000280))

4.755288581s ago: executing program 5 (id=469):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000004500000088140000", @ANYRES32, @ANYBLOB="05a9be82ea0e7633b4", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80482, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa8, 0xa8, 0x2, [@struct={0xc, 0x1, 0x0, 0x4, 0x0, 0x6, [{0x4, 0x2, 0x8}]}, @union={0x5, 0xa, 0x0, 0x5, 0x1, 0xc99, [{0x3, 0x5, 0x4}, {0xe, 0x5, 0x2}, {0x4, 0x5, 0xc0000000}, {0xc, 0x0, 0x8}, {0x1, 0x4, 0x1}, {0xb, 0x3, 0x2}, {0x7, 0x5, 0x1}, {0x5, 0x2}, {0x2, 0x5, 0x14000}, {0x6, 0x5}]}, @ptr={0x9, 0x0, 0x0, 0x2, 0x1}]}}, 0x0, 0xc2, 0x0, 0x1, 0x7a72}, 0x28)
recvmmsg(r1, &(0x7f00000021c0), 0x5b, 0x40, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000580)=0xe)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000800)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r7, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r8, 0xffffffffffffffff, 0x2000000000000000)

4.492124357s ago: executing program 0 (id=471):
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0x0, 0x8}, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, &(0x7f0000000340), &(0x7f0000000380)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r2, &(0x7f0000000280), 0x0}, 0x20) (fail_nth: 1)

3.543742699s ago: executing program 3 (id=472):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x6, @mcast2, 0x2}, 0x1c)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xfc, 0x7ffc1ffd}]})
getresuid(&(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000020000000000000001000079100000000000007a00e0ff0000000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x27, &(0x7f00000007c0)=""/196, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f}]})
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x88800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@arm64={0x2, 0xb, 0x7e, '\x00', 0xfffffffffffffffd})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000001c0)={[0x4, 0x6, 0xb37, 0x4, 0x10003, 0x0, 0x400200cc4, 0x4000000009, 0xa, 0x20000, 0x0, 0x3, 0x7, 0x1, 0xb9, 0x8a], 0x41000, 0x2011c0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140))
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
write(r0, &(0x7f0000000200)="89", 0xffe3)

3.407801432s ago: executing program 0 (id=473):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = getpgrp(0x0)
syz_open_procfs(r1, &(0x7f0000000080)='net/stat\x00')
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
syz_open_dev$vbi(&(0x7f0000000200), 0x2, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x1000000)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x5800)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x1, &(0x7f0000002140)=ANY=[])
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea8", 0xb5, 0x800, 0x0, 0x0)
recvfrom(r3, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
read$watch_queue(r5, 0x0, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000300)={'syz0\x00', {0xe, 0x8, 0xc, 0xffff}, 0x51, [0xff, 0xc, 0x10, 0x9, 0x0, 0xfffffffc, 0x8, 0x6, 0xdf, 0x0, 0x80000001, 0x7f, 0x1, 0x4, 0x7, 0x1, 0x71, 0x101, 0x93f1, 0x9, 0x1, 0x6, 0xa, 0x397, 0x1, 0x8, 0xff, 0x3, 0xb, 0x48000, 0x0, 0xfffffff8, 0x1, 0x296, 0x1, 0x3, 0xffffffff, 0x8b, 0x8, 0x3, 0x100, 0x0, 0x3, 0x4, 0x7, 0x2000000, 0xfffffff6, 0x39c, 0x2, 0x3ff, 0x8, 0x7fff, 0x68800, 0x1000, 0x4, 0x6, 0x0, 0x3, 0xff, 0xfffff9df, 0x6, 0x2, 0x500000, 0x7], [0xfffff615, 0xf9, 0x10000000, 0xfffffff7, 0x3, 0x1, 0x5, 0x8d26, 0x7ff, 0x2, 0x1, 0xffffffff, 0x1, 0x4, 0x2, 0x3, 0x3, 0x1, 0xb65, 0x8000, 0xe, 0xbb16, 0x2, 0x2, 0xf, 0x1, 0x401, 0x9f5, 0xa, 0x9cc5, 0x800, 0x6, 0x0, 0x10001, 0x4, 0x9, 0x7fff, 0x100, 0x23bc, 0x8, 0xd, 0x1fb1, 0x802, 0x100, 0xdf, 0x1000, 0x1, 0x7, 0x4, 0xe71, 0x9, 0x5, 0x4, 0xd, 0x5, 0x0, 0x3d, 0x1, 0x4db0, 0x0, 0x4, 0xfffffffb, 0x8b, 0x7f], [0x9, 0x2f6b, 0x4, 0xd, 0x5, 0x1, 0x2478, 0x6, 0x6, 0xe, 0x78aa, 0x5, 0xd97, 0x397, 0x100, 0x7, 0x2, 0x6, 0x80007fd, 0x101, 0xffffffff, 0x27a, 0x5ee, 0x7f, 0x6, 0xe663, 0x6, 0xd, 0xffffffff, 0x5, 0x1, 0x2, 0x7, 0x5, 0x0, 0x1, 0x1, 0x6, 0x82, 0x8, 0x7, 0x101, 0x5, 0x80, 0x9, 0x0, 0x794b41cd, 0x0, 0xff, 0x6, 0x1, 0x9, 0x8, 0x61d, 0x10001, 0x6, 0x4, 0xffffffa6, 0x9, 0xffff, 0x8, 0x4, 0xa], [0x5, 0xf915, 0x7, 0x20ade648, 0x10001, 0x6, 0x85, 0xe7, 0x4, 0x2b67, 0x7, 0x1, 0x1, 0x7b9, 0x6, 0x2, 0x10, 0x4, 0x8, 0xfffffffb, 0x7, 0x6, 0xc4, 0x4, 0x2, 0x4, 0x5b1, 0x6, 0x7, 0x6, 0x6, 0x4, 0x9, 0x10000, 0x4, 0x8, 0x7604, 0x6, 0x4, 0x7, 0x2b101a82, 0x1, 0x3, 0x5a5, 0x4, 0x2, 0xf, 0x0, 0xc, 0x6, 0x6, 0x8, 0x8, 0x0, 0x7, 0xffffffff, 0x3, 0xf75, 0xe8, 0xffff, 0x5, 0x6, 0x1, 0x7f]}, 0x45c)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)=ANY=[@ANYBLOB="6d706f6c3d707265a69f250d302c00"])
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x101842, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071122f00000000009395000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

2.437212085s ago: executing program 5 (id=474):
r0 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "4798c876e465feab8953b1418649e6b2208f982a3af615ad1141a7f3fc80bcefc645677fb06e8abd9c46ffeee91b4643705ab775577a0e1dbfec86930e0bbc04", 0x24}, 0x48, 0xfffffffffffffffe)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1400000004000000040000000200020000000000", @ANYRES32, @ANYBLOB="00000000f591b7", @ANYRES32=0x0], 0x50)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000100fcdbdf256700000008000300", @ANYRES32=r3, @ANYBLOB="640001000000"], 0x28}, 0x1, 0x0, 0x0, 0x40045}, 0xc0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe70, 0x30, 0x25, 0x0, 0x0, {}, [{0xe5c, 0x1, [@m_pedit={0xe58, 0x1, 0x0, 0x0, {{0xa}, {0xe2c, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x8, 0x5, 0x0, 0x1, [{0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffa}, {}, {}, {}, {0x40}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xec5}], [{}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe70}}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
keyctl$get_keyring_id(0x0, r0, 0x6)
r6 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @auto=[0x0, 0x33, 0x64, 0x39, 0x35, 0x31, 0x32, 0x66, 0x36, 0x65, 0x65, 0x35, 0x34, 0x62, 0x30, 0x39]}, &(0x7f0000000380)={0x0, "d06a9af20110dda2664544b396323e12dabfb18d40c795fca497b0fc3af49996136d646b8c69137d952850bcf6de6a936b5da1eb274488deff65cf7e47392cd7", 0x3b}, 0x48, 0xfffffffffffffff9)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000180)={r6, 0x56, 0x45}, &(0x7f0000000400)=ANY=[@ANYBLOB="656e633d6f61657020686173683d726d6432353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000"], &(0x7f0000000480)="a5f42d9a66a3098f2fe41b2e287d1bbcb3e06211bd07a115d27f2f5dcce100c39ca780ac0f09671b282b4990833bf257434a462ca2d2820e343e0842572256ce7b528003625278311abcfc13e64f8092a34ed957e7e2", &(0x7f0000000500)="95493138a4f6043b11cfbb89f8d5cd555e78a5ee8c14f21fbf551a8e2c8d2260f9a1f7070006f485e37aaa339e5008e242ecb3dc0eebf31987dca263f3cd735e32f1dbe440")
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000700)=@newtaction={0x244, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x230, 0x1, [@m_ct={0x108, 0x1, 0x0, 0x0, {{0x7}, {0x18, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @mcast1}]}, {0xca, 0x6, "2a9220ad7ae5ac63e78bfc7134fa0a9e2cc8ce16919f9cdb0b0f480aa443e3284100926de4c8a91a0876b39660ef56799e03403b45f45afada9aae8bf5a25ad09bc9e7e1aba62c8a2e8f23c9acbac3a4c4543504318752f23a7a7abdc8d15765461bc11700f94e65dc72846b1927b3d900d85bf65fa92304e1994ada7182044e2a230b90804284574cc14003bef21c01eb188e1945d03ab931e034eb18f4ba6a3e3ffd97a8fffd9fbdfcafb54d0d8643797e991e2fdd153ba610c8998708623d2b7940038e82"}, {0xc}, {0xc}}}, @m_ife={0x124, 0x13, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @multicast}, @TCA_IFE_SMAC={0xa, 0x4, @random='JKa357'}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x8af, 0x1, 0x0, 0x78a, 0x10000}}}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x5, 0x1, 0x5, 0x50, 0xa}, 0x1}}]}, {0xa9, 0x6, "86206913c30b8a7dc488dd5a86c45412dc70e67dfa1c4a66a6b984c91be49a3597ca1c062aa2c58ff42ed0ec4e626189782b57397c8ae2ce2db002002f9dd87a8decc972a1578105c30b7cecb5f1979e9420c0fc8aa9acf714c73b7fa16b3f1c0f39cc0fcf2f214c729dedce3e4a80f96b16597219e1b53cbed370f2bde844f1311a31ecd7a42f8e433a852b73dddd747a97d7514e3ba10bd485a2af478f33869cdf679583"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x244}}, 0x0)

1.981385108s ago: executing program 3 (id=475):
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.915564268s ago: executing program 4 (id=476):
r0 = socket$inet(0xa, 0x801, 0xffffffff)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="12000000810000000800000002"], 0x14)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f00000004c0), &(0x7f0000000400)=@udp6=r2}, 0x3f)
setitimer(0x2, 0xfffffffffffffffe, 0x0)
r3 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0)={[0x7]}, 0x8, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000029c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r4 = gettid()
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8)
timer_create(0x2, &(0x7f0000000140)={0x0, 0x1e, 0x4, @tid=r4}, &(0x7f00000000c0))
timer_settime(0x0, 0xe54aef35e9c2845d, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000140)={<r5=>0x0, 0x6}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={r5, 0x101}, &(0x7f0000000200)=0x8)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @private=0xa010102}, 0x10)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f0000000240))
syz_emit_ethernet(0x66, &(0x7f0000000100)={@broadcast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x1000002, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0xfffff788, {0x2}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x1, 0xffff}}}, {0x8, 0x6558, 0xfffffffe}}}}}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000300)={@val={0x1c, 0x800}, @val={0x1, 0x3, 0x0, 0x16, 0x14, 0x1}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x63, 0x0, 0x0, 0x84, 0x0, @rand_addr=0x640100fd, @local}, {{0x200, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x1, 0x41, 0x0, 0x1c, {[@timestamp={0x8, 0xa, 0x8, 0x8}]}}}}}}, 0x42)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r8=>0x0)
timer_settime(r8, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r9 = accept4(r0, 0x0, 0x0, 0x80000)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r9, 0x84, 0x75, &(0x7f0000000000), 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x5, &(0x7f0000000000)=0x9, 0x8, 0x0)

1.881999523s ago: executing program 0 (id=478):
r0 = fsopen(&(0x7f0000000000)='pstore\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x0, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380), 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000600)={0x0, &(0x7f0000000a80)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x113, 0x4a})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000080}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x634e9f9427bbb997, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_submit(r8, r9, &(0x7f0000000400)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, r10, {0x2, 0x4e21, @rand_addr=0x64010102}, 0x2, 0x1, 0x3}}, 0x0, 0x0, 0x1})
io_uring_enter(r7, 0x27e2, 0x9af2, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a05000000000000000000070000000900010073797a300000000054000000090a01040000000000000000070000000900010073797a30000000000c0009700800014060000002080005400000000408000a40000000010900020073797a31000000000800084000000001"], 0x9c}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
mq_unlink(0x0)
tkill(0x0, 0x3d)
mq_unlink(&(0x7f0000000140)='\x00')
socket$alg(0x26, 0x5, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8)
r11 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r11, &(0x7f00000000c0)={0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r11, 0x0, 0x0)

1.837533048s ago: executing program 5 (id=479):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x188, 0x65, 0x200, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0xfff3}, {0x4, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x15c, 0x2, [@TCA_BPF_ACT={0x104, 0x1, [@m_mirred={0xbc, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x5, 0x9, 0x2, 0x38eb8000, 0x9b}, 0x1}}]}, {0x6d, 0x6, "dae0489b799d15556c6c7d44ae8f295fea1c62d64b963cf0dd1fcb6569ccece7639c45fe850fdd998bfb2bf1864e314a1573d71d7ce0c846e05d02bea46bb8684f4400bcd9e6ffd44db802ec87e70b916f5c754381982d8e0d94021e6c0a03419d371065f3943d3dd6"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_skbedit={0x44, 0x3, 0x0, 0x0, {{0xc}, {0x4}, {0x16, 0x6, "6312ba1453c5d091a0881fca14b9956480f3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_OPS={{0x6}, {0x4}}, @TCA_BPF_ACT={0x48, 0x1, [@m_bpf={0x44, 0x7, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1, 0x7, 0x1, 0x9, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x22bf533d53fd5981, 0x3}}}}]}]}}]}, 0x188}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x2040000, &(0x7f0000003700)={0x77359400})

1.706577332s ago: executing program 3 (id=481):
syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
io_uring_enter(0xffffffffffffffff, 0x27e2, 0x9af2, 0x0, 0x0, 0x0)
syz_clone3(0x0, 0x0)
tkill(0x0, 0x3d)
socket$alg(0x26, 0x5, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f0102030109021200"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000100)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.639253957s ago: executing program 5 (id=482):
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000280))

1.567282216s ago: executing program 1 (id=483):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x6, 0x2)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0xfffffffd, {{@in6=@remote, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x26b9ffe36856e205}, {0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x1, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b80000001900674cfffffffffbdbdf25e0000002000000000000000000000000e0000002000000000000000000000000020000044e2600020a002000"], 0xb8}}, 0x4000000)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0xfeffffff00000000, 0x1ff0000aa}, @private2}}}}}}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x1000, 0xc1, 0x30314752, 0x4, 0x6, [{0x3, 0x4}, {0x3, 0xbd03}, {0x40, 0x1}, {0x5, 0x6}, {0x5a, 0x68a1b732}, {0x5, 0x8}, {0x9, 0x80}, {0x8, 0xf9}], 0x72, 0x8, 0x2, 0x1, 0x7}})

1.160044894s ago: executing program 1 (id=484):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
socket$netlink(0x10, 0x3, 0x4)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000280)={0xfffffff8, 0x4, 0xfffffffd, 0x803, 0x7f, "0441920000e87fcb36780000000007de0d00", 0xb0, 0x7})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xa)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000200)={0x0, 0x102, "e7ec67f74e486f43b354e66210e783b7d1b98455171593850f909e180059ddb9", 0x9351, 0x8, 0x4, 0x4, 0x3, 0xa, 0x0, 0x7fffffff, [0x4, 0x10056405, 0x101, 0x4]})

816.064314ms ago: executing program 1 (id=485):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xe}, 0x48)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x2c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYRESOCT=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3, r0}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

464.465912ms ago: executing program 4 (id=486):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be)
sendmsg$tipc(r3, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0)

321.656003ms ago: executing program 1 (id=487):
r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000100)={0x9e0000, 0xfff, 0x6, 0xffffffffffffffff, 0x0, 0x0})

163.301133ms ago: executing program 4 (id=488):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = getpgrp(0x0)
syz_open_procfs(r1, &(0x7f0000000080)='net/stat\x00')
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
syz_open_dev$vbi(&(0x7f0000000200), 0x2, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x1000000)
msgrcv(0x0, 0x0, 0x0, 0x2, 0x5800)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x1, &(0x7f0000002140)=ANY=[])
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea8", 0xb5, 0x800, 0x0, 0x0)
recvfrom(r3, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x1, 0x0, 0xffffffffffffffb5)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38)
read$watch_queue(r5, 0x0, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000300)={'syz0\x00', {0xe, 0x8, 0xc, 0xffff}, 0x51, [0xff, 0xc, 0x10, 0x9, 0x0, 0xfffffffc, 0x8, 0x6, 0xdf, 0x0, 0x80000001, 0x7f, 0x1, 0x4, 0x7, 0x1, 0x71, 0x101, 0x93f1, 0x9, 0x1, 0x6, 0xa, 0x397, 0x1, 0x8, 0xff, 0x3, 0xb, 0x48000, 0x0, 0xfffffff8, 0x1, 0x296, 0x1, 0x3, 0xffffffff, 0x8b, 0x8, 0x3, 0x100, 0x0, 0x3, 0x4, 0x7, 0x2000000, 0xfffffff6, 0x39c, 0x2, 0x3ff, 0x8, 0x7fff, 0x68800, 0x1000, 0x4, 0x6, 0x0, 0x3, 0xff, 0xfffff9df, 0x6, 0x2, 0x500000, 0x7], [0xfffff615, 0xf9, 0x10000000, 0xfffffff7, 0x3, 0x1, 0x5, 0x8d26, 0x7ff, 0x2, 0x1, 0xffffffff, 0x1, 0x4, 0x2, 0x3, 0x3, 0x1, 0xb65, 0x8000, 0xe, 0xbb16, 0x2, 0x2, 0xf, 0x1, 0x401, 0x9f5, 0xa, 0x9cc5, 0x800, 0x6, 0x0, 0x10001, 0x4, 0x9, 0x7fff, 0x100, 0x23bc, 0x8, 0xd, 0x1fb1, 0x802, 0x100, 0xdf, 0x1000, 0x1, 0x7, 0x4, 0xe71, 0x9, 0x5, 0x4, 0xd, 0x5, 0x0, 0x3d, 0x1, 0x4db0, 0x0, 0x4, 0xfffffffb, 0x8b, 0x7f], [0x9, 0x2f6b, 0x4, 0xd, 0x5, 0x1, 0x2478, 0x6, 0x6, 0xe, 0x78aa, 0x5, 0xd97, 0x397, 0x100, 0x7, 0x2, 0x6, 0x80007fd, 0x101, 0xffffffff, 0x27a, 0x5ee, 0x7f, 0x6, 0xe663, 0x6, 0xd, 0xffffffff, 0x5, 0x1, 0x2, 0x7, 0x5, 0x0, 0x1, 0x1, 0x6, 0x82, 0x8, 0x7, 0x101, 0x5, 0x80, 0x9, 0x0, 0x794b41cd, 0x0, 0xff, 0x6, 0x1, 0x9, 0x8, 0x61d, 0x10001, 0x6, 0x4, 0xffffffa6, 0x9, 0xffff, 0x8, 0x4, 0xa], [0x5, 0xf915, 0x7, 0x20ade648, 0x10001, 0x6, 0x85, 0xe7, 0x4, 0x2b67, 0x7, 0x1, 0x1, 0x7b9, 0x6, 0x2, 0x10, 0x4, 0x8, 0xfffffffb, 0x7, 0x6, 0xc4, 0x4, 0x2, 0x4, 0x5b1, 0x6, 0x7, 0x6, 0x6, 0x4, 0x9, 0x10000, 0x4, 0x8, 0x7604, 0x6, 0x4, 0x7, 0x2b101a82, 0x1, 0x3, 0x5a5, 0x4, 0x2, 0xf, 0x0, 0xc, 0x6, 0x6, 0x8, 0x8, 0x0, 0x7, 0xffffffff, 0x3, 0xf75, 0xe8, 0xffff, 0x5, 0x6, 0x1, 0x7f]}, 0x45c)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)=ANY=[@ANYBLOB="6d706f6c3d707265a69f250d302c00"])
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0/file0\x00', 0x101842, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071122f00000000009395000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

144.337658ms ago: executing program 1 (id=489):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000001800dd8d00050000000000000200000000000000000000b15b91018a2cfec70006514a911d376131353b2ce5286be97824fd730ffa6cddc2c44375d88b62cdfcee9a98b40121bf9025bed8a5b1072e82a0f7a5672f237b67f4b0644163c3063339f129b2149d71b0bb89b1bc304183da69b5f129bf3ff502ae8a2697827deb4fe365f646838dc9d335bd370ecc412fd7edf470134186548895781d1e832eaa4045994a7a8010ebb62712b7250c6b0bab7ff87a64ee5011db20"], 0x24}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
mbind(&(0x7f0000169000/0x2000)=nil, 0x2000, 0x8000, &(0x7f0000000040)=0x280000000000000, 0xfffffffffffffffd, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x800000066)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4040010)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a88000000060a010400000000000000000a0000010900010073797a31000000005c000480580001800b0001007461726765740000480002802c0003009ac420002e2eafb9fdd672bad09dfb78c7699c74e891a0c70000000000001000000000000000000008000240000000000e00010049444c4554494d45520000000900020073797a32"], 0xb0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(r3, 0x8, &(0x7f0000000080)=0x7fffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)

0s ago: executing program 1 (id=490):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b'], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
syz_emit_ethernet(0x16, &(0x7f0000001700)=ANY=[@ANYBLOB="fffffffffffffcf3ff961f970004aaaa0b021951600443b5a053eb425074f1c877054f49bfae942e3bf0bf3e06fffa4aef340c7e7b9f98ba83802f1a62afa42b11831e61927251fe870a9e9a76c3faf223d870ca13fe9b03b9d077"], &(0x7f0000001880)={0x0, 0x3, [0xaa5, 0x3ad, 0x73d, 0x415]})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xc, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES16=r6, @ANYRESHEX=r4], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
ioprio_get$pid(0x3, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_SETCONFIGURATION(r7, 0x80045505, &(0x7f0000000000)=0x1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYRESDEC=r0, @ANYRES16=r9, @ANYRES64=r1, @ANYRES64=r2], 0x2c}, 0x1, 0x0, 0x0, 0x8814}, 0x20040094)
r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
dup(r10)
io_setup(0x19, &(0x7f00000009c0))
syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0)

kernel console output (not intermixed with test programs):

 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.458342][ T6017] RSP: 002b:00007ff49046d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  106.458361][ T6017] RAX: ffffffffffffffda RBX: 00007ff492486090 RCX: 00007ff49222f749
[  106.458374][ T6017] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
[  106.458385][ T6017] RBP: 00007ff49046d090 R08: 0000000000000000 R09: 0000000000000000
[  106.458395][ T6017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.458411][ T6017] R13: 00007ff492486128 R14: 00007ff492486090 R15: 00007fffeaebf4e8
[  106.458445][ T6017]  </TASK>
[  106.842233][ T5881] usb 4-1: Using ep0 maxpacket: 32
[  106.931840][ T5881] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  106.931866][ T5881] usb 4-1: config 0 has no interface number 0
[  106.938805][ T5881] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  106.938833][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.938853][ T5881] usb 4-1: Product: syz
[  106.938866][ T5881] usb 4-1: Manufacturer: syz
[  106.938878][ T5881] usb 4-1: SerialNumber: syz
[  106.991594][ T5881] usb 4-1: config 0 descriptor??
[  107.018600][ T5881] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  107.207372][ T6027] netlink: 76 bytes leftover after parsing attributes in process `syz.2.30'.
[  107.959321][ T5881] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  108.017568][ T5881] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  108.059871][ T6003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  108.106082][ T6003] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  108.686587][  T995] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  108.945599][ T6003] warning: `syz.3.26' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  109.009121][ T6011] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  109.009145][ T6011] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  109.201493][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  109.335633][   T31] usb 4-1: USB disconnect, device number 3
[  109.365424][ T6046] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  109.531825][   T31] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  109.547801][   T31] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  109.548880][   T31] quatech2 4-1:0.51: device disconnected
[  110.198848][ T6011] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  110.198872][ T6011] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  110.923506][ T6011] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  110.923527][ T6011] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  111.992918][ T6011] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  111.992942][ T6011] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  113.005135][ T6074] nvme_fabrics: missing parameter 'transport=%s'
[  113.005161][ T6074] nvme_fabrics: missing parameter 'nqn=%s'
[  113.072082][ T6085] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  113.236158][ T6011] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  113.236183][ T6011] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  113.476280][ T6094] netlink: 55631 bytes leftover after parsing attributes in process `syz.2.43'.
[  114.409582][ T6112] netlink: 'syz.2.45': attribute type 2 has an invalid length.
[  115.109758][ T6129] FAULT_INJECTION: forcing a failure.
[  115.109758][ T6129] name failslab, interval 1, probability 0, space 0, times 0
[  115.109815][ T6129] CPU: 0 UID: 0 PID: 6129 Comm: syz.0.47 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  115.109836][ T6129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  115.109846][ T6129] Call Trace:
[  115.109854][ T6129]  <TASK>
[  115.109862][ T6129]  dump_stack_lvl+0x189/0x250
[  115.109892][ T6129]  ? __pfx____ratelimit+0x10/0x10
[  115.109916][ T6129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.109941][ T6129]  ? __pfx__printk+0x10/0x10
[  115.109968][ T6129]  ? __pfx___might_resched+0x10/0x10
[  115.109988][ T6129]  ? fs_reclaim_acquire+0x7d/0x100
[  115.110022][ T6129]  should_fail_ex+0x46c/0x600
[  115.110050][ T6129]  ? alloc_empty_file+0x55/0x1d0
[  115.110066][ T6129]  should_failslab+0xa8/0x100
[  115.110092][ T6129]  ? alloc_empty_file+0x55/0x1d0
[  115.110106][ T6129]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  115.110127][ T6129]  ? finish_task_switch+0x266/0x950
[  115.110151][ T6129]  ? lockdep_hardirqs_on+0x9c/0x150
[  115.110179][ T6129]  alloc_empty_file+0x55/0x1d0
[  115.110198][ T6129]  path_openat+0x10d/0x3840
[  115.110215][ T6129]  ? trace_sched_exit_tp+0x36/0x110
[  115.110246][ T6129]  ? try_to_take_rt_mutex+0x840/0xb00
[  115.110295][ T6129]  ? __pfx_path_openat+0x10/0x10
[  115.110316][ T6129]  ? do_raw_spin_lock+0x121/0x290
[  115.110347][ T6129]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  115.110371][ T6129]  ? lockdep_hardirqs_on+0x9c/0x150
[  115.110396][ T6129]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  115.110427][ T6129]  do_filp_open+0x1fa/0x410
[  115.110450][ T6129]  ? __pfx_do_filp_open+0x10/0x10
[  115.110467][ T6129]  ? rt_mutex_slowunlock+0x493/0x8a0
[  115.110544][ T6129]  ? alloc_fd+0x64f/0x6c0
[  115.110580][ T6129]  do_sys_openat2+0x121/0x1c0
[  115.110601][ T6129]  ? __pfx_do_sys_openat2+0x10/0x10
[  115.110621][ T6129]  ? lockdep_hardirqs_on+0x9c/0x150
[  115.110656][ T6129]  __x64_sys_openat+0x138/0x170
[  115.110680][ T6129]  do_syscall_64+0xfa/0xfa0
[  115.110705][ T6129]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.110722][ T6129]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  115.110739][ T6129]  ? clear_bhb_loop+0x60/0xb0
[  115.110759][ T6129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.110776][ T6129] RIP: 0033:0x7f7c27a7df90
[  115.110792][ T6129] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
[  115.110806][ T6129] RSP: 002b:00007f7c25ca3f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  115.110825][ T6129] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7c27a7df90
[  115.110837][ T6129] RDX: 0000000000000000 RSI: 00007f7c27b0407e RDI: 00000000ffffff9c
[  115.110849][ T6129] RBP: 00007f7c27b0407e R08: 0000000000000000 R09: 0000000000000000
[  115.110859][ T6129] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  115.110870][ T6129] R13: 00007f7c27cd6218 R14: 00007f7c27cd6180 R15: 00007ffe14f6c308
[  115.110902][ T6129]  </TASK>
[  116.052325][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  116.232849][   T10] usb 3-1: Using ep0 maxpacket: 8
[  116.295160][   T10] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  116.295189][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.295208][   T10] usb 3-1: Product: syz
[  116.295222][   T10] usb 3-1: Manufacturer: syz
[  116.295235][   T10] usb 3-1: SerialNumber: syz
[  116.368739][   T10] usb 3-1: config 0 descriptor??
[  116.435063][   T10] gspca_main: se401-2.14.0 probing 047d:5003
[  117.876884][   T10] gspca_se401: write req failed req 0x57 val 0x00 error -110
[  117.876948][   T10] se401 3-1:0.0: probe with driver se401 failed with error -110
[  118.065338][ T6153] nvme_fabrics: missing parameter 'transport=%s'
[  118.065355][ T6153] nvme_fabrics: missing parameter 'nqn=%s'
[  118.191810][ T6162] net veth1_virt_wifi : renamed from virt_wifi0
[  118.354803][  T992] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  118.516879][  T992] usb 4-1: config 0 interface 0 has no altsetting 0
[  118.516919][  T992] usb 4-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[  118.516931][  T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.521592][  T992] usb 4-1: config 0 descriptor??
[  118.674005][ T6178] tipc: Failed to obtain node identity
[  118.674037][ T6178] tipc: Enabling of bearer <ib:ipvlan0> rejected, failed to enable media
[  119.001329][ T6164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.002733][ T6164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.118946][  T992] lenovo 0003:17EF:6067.0001: collection stack underflow
[  119.118979][  T992] lenovo 0003:17EF:6067.0001: item 0 4 0 12 parsing failed
[  119.119831][  T992] lenovo 0003:17EF:6067.0001: hid_parse failed
[  119.119903][  T992] lenovo 0003:17EF:6067.0001: probe with driver lenovo failed with error -22
[  119.194621][ T5881] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  119.335363][ T6192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.61'.
[  119.351638][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  119.356033][ T6164] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.371319][ T5881] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.371351][ T5881] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.393450][ T6164] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.395000][ T5881] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  119.395022][ T5881] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  119.395041][ T5881] usb 5-1: Product: syz
[  119.395053][ T5881] usb 5-1: Manufacturer: syz
[  119.445044][ T5881] hub 5-1:4.0: USB hub found
[  119.650628][ T5881] hub 5-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  119.716748][ T5881] usb 3-1: USB disconnect, device number 3
[  119.734844][ T5787] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  119.883721][ T5787] usb 2-1: Using ep0 maxpacket: 8
[  119.913242][ T5787] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  119.913270][ T5787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.913289][ T5787] usb 2-1: Product: syz
[  119.913303][ T5787] usb 2-1: Manufacturer: syz
[  119.913316][ T5787] usb 2-1: SerialNumber: syz
[  119.966412][ T5787] usb 2-1: config 0 descriptor??
[  119.988220][ T5787] gspca_main: se401-2.14.0 probing 047d:5003
[  120.404122][ T5787] gspca_se401: Bayer format not supported!
[  120.563853][ T6204] 9pnet_fd: Insufficient options for proto=fd
[  120.604323][ T6207] FAULT_INJECTION: forcing a failure.
[  120.604323][ T6207] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.604354][ T6207] CPU: 0 UID: 0 PID: 6207 Comm: syz.0.64 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  120.604375][ T6207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  120.604385][ T6207] Call Trace:
[  120.604393][ T6207]  <TASK>
[  120.604400][ T6207]  dump_stack_lvl+0x189/0x250
[  120.604430][ T6207]  ? __pfx____ratelimit+0x10/0x10
[  120.604456][ T6207]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.604480][ T6207]  ? __pfx__printk+0x10/0x10
[  120.604518][ T6207]  should_fail_ex+0x46c/0x600
[  120.604548][ T6207]  _copy_to_user+0x31/0xb0
[  120.604571][ T6207]  simple_read_from_buffer+0xe1/0x170
[  120.604600][ T6207]  proc_fail_nth_read+0x1b6/0x220
[  120.604623][ T6207]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.604646][ T6207]  ? rw_verify_area+0x2ac/0x4e0
[  120.604667][ T6207]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.604688][ T6207]  vfs_read+0x206/0xa30
[  120.604717][ T6207]  ? __pfx_vfs_read+0x10/0x10
[  120.604734][ T6207]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  120.604764][ T6207]  ? mutex_lock_nested+0x154/0x1d0
[  120.604782][ T6207]  ? fdget_pos+0x253/0x320
[  120.604813][ T6207]  ksys_read+0x14b/0x260
[  120.604837][ T6207]  ? __pfx_ksys_read+0x10/0x10
[  120.604868][ T6207]  do_syscall_64+0xfa/0xfa0
[  120.604891][ T6207]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.604914][ T6207]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.604931][ T6207]  ? clear_bhb_loop+0x60/0xb0
[  120.604953][ T6207]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.604970][ T6207] RIP: 0033:0x7f7c27a7e15c
[  120.604985][ T6207] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  120.605000][ T6207] RSP: 002b:00007f7c25ce6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.605019][ T6207] RAX: ffffffffffffffda RBX: 00007f7c27cd5fa0 RCX: 00007f7c27a7e15c
[  120.605032][ T6207] RDX: 000000000000000f RSI: 00007f7c25ce60a0 RDI: 0000000000000004
[  120.605043][ T6207] RBP: 00007f7c25ce6090 R08: 0000000000000000 R09: 0000000000000000
[  120.605053][ T6207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.605064][ T6207] R13: 00007f7c27cd6038 R14: 00007f7c27cd5fa0 R15: 00007ffe14f6c308
[  120.605097][ T6207]  </TASK>
[  120.623971][  T992] usb 5-1: USB disconnect, device number 2
[  120.637645][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.63'.
[  120.638058][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.63'.
[  120.738787][  T992] usb 2-1: USB disconnect, device number 3
[  120.943158][ T6211] FAULT_INJECTION: forcing a failure.
[  120.943158][ T6211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.943187][ T6211] CPU: 0 UID: 0 PID: 6211 Comm: syz.4.65 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  120.943207][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  120.943217][ T6211] Call Trace:
[  120.943224][ T6211]  <TASK>
[  120.943231][ T6211]  dump_stack_lvl+0x189/0x250
[  120.943261][ T6211]  ? __pfx____ratelimit+0x10/0x10
[  120.943285][ T6211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.943309][ T6211]  ? __pfx__printk+0x10/0x10
[  120.943347][ T6211]  should_fail_ex+0x46c/0x600
[  120.943377][ T6211]  _copy_to_user+0x31/0xb0
[  120.943397][ T6211]  simple_read_from_buffer+0xe1/0x170
[  120.943424][ T6211]  proc_fail_nth_read+0x1b6/0x220
[  120.943446][ T6211]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.943468][ T6211]  ? rw_verify_area+0x2ac/0x4e0
[  120.943488][ T6211]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  120.943509][ T6211]  vfs_read+0x206/0xa30
[  120.943540][ T6211]  ? __pfx_vfs_read+0x10/0x10
[  120.943556][ T6211]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  120.943585][ T6211]  ? mutex_lock_nested+0x154/0x1d0
[  120.943603][ T6211]  ? fdget_pos+0x253/0x320
[  120.943634][ T6211]  ksys_read+0x14b/0x260
[  120.943655][ T6211]  ? __pfx_ksys_read+0x10/0x10
[  120.943675][ T6211]  ? do_syscall_64+0xbe/0xfa0
[  120.943702][ T6211]  do_syscall_64+0xfa/0xfa0
[  120.943722][ T6211]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.943741][ T6211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.943758][ T6211]  ? clear_bhb_loop+0x60/0xb0
[  120.943778][ T6211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.943795][ T6211] RIP: 0033:0x7fcb8bebe15c
[  120.943810][ T6211] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  120.943824][ T6211] RSP: 002b:00007fcb8a0fd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  120.943842][ T6211] RAX: ffffffffffffffda RBX: 00007fcb8c116090 RCX: 00007fcb8bebe15c
[  120.943854][ T6211] RDX: 000000000000000f RSI: 00007fcb8a0fd0a0 RDI: 0000000000000005
[  120.943865][ T6211] RBP: 00007fcb8a0fd090 R08: 0000000000000000 R09: 0000000000000000
[  120.943875][ T6211] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  120.943886][ T6211] R13: 00007fcb8c116128 R14: 00007fcb8c116090 R15: 00007fff3ea98648
[  120.943919][ T6211]  </TASK>
[  121.927593][  T992] usb 4-1: USB disconnect, device number 4
[  122.156454][ T6217] nvme_fabrics: missing parameter 'transport=%s'
[  122.156474][ T6217] nvme_fabrics: missing parameter 'nqn=%s'
[  122.499947][ T6245] netlink: 4 bytes leftover after parsing attributes in process `syz.0.71'.
[  122.624311][ T5881] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  122.802325][ T5881] usb 2-1: Using ep0 maxpacket: 16
[  122.805368][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.805414][ T5881] usb 2-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00
[  122.805436][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.870505][ T5881] usb 2-1: config 0 descriptor??
[  123.172884][ T5787] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  123.206837][    C0] vkms_vblank_simulate: vblank timer overrun
[  123.400177][    C0] vkms_vblank_simulate: vblank timer overrun
[  123.813245][    C0] vkms_vblank_simulate: vblank timer overrun
[  123.822121][ T6242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  123.822854][ T6242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  123.831691][ T5881] input: HID 28bd:0933 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0933.0002/input/input6
[  124.082311][ T5787] usb 3-1: Using ep0 maxpacket: 8
[  124.094096][ T5787] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  124.094124][ T5787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.094143][ T5787] usb 3-1: Product: syz
[  124.094157][ T5787] usb 3-1: Manufacturer: syz
[  124.094170][ T5787] usb 3-1: SerialNumber: syz
[  124.361273][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.371786][ T5787] usb 3-1: config 0 descriptor??
[  124.380865][ T5787] gspca_main: se401-2.14.0 probing 047d:5003
[  124.464128][ T5881] uclogic 0003:28BD:0933.0002: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0933] on usb-dummy_hcd.1-1/input0
[  124.500435][ T5881] usb 2-1: USB disconnect, device number 4
[  124.658362][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.734252][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.796182][   T37] audit: type=1326 audit(1764255626.915:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6258 comm="syz.0.75" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c27a7f749 code=0x0
[  125.429584][ T5787] gspca_se401: Bayer format not supported!
[  125.715083][ T5868] usb 3-1: USB disconnect, device number 4
[  125.957519][ T6267] fido_id[6267]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  125.979573][ T5888] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  126.169332][ T5888] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  126.169372][ T5888] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.169402][ T5888] usb 5-1: config 0 has no interface number 0
[  126.169529][ T5888] usb 5-1: config 0 interface 106 altsetting 0 endpoint 0x1 has an invalid bInterval 52, changing to 7
[  126.169567][ T5888] usb 5-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid maxpacket 9272, setting to 1024
[  126.169604][ T5888] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  126.169678][ T5888] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  126.169713][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.348626][ T5888] usb 5-1: config 0 descriptor??
[  126.894048][ T5888] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  127.095426][ T6283] nvme_fabrics: missing parameter 'transport=%s'
[  127.095442][ T6283] nvme_fabrics: missing parameter 'nqn=%s'
[  127.182795][   T43] usb 5-1: Failed to submit usb control message: -71
[  127.182858][   T43] usb 5-1: unable to send the bmi data to the device: -71
[  127.182925][   T43] usb 5-1: unable to get target info from device
[  127.182999][   T43] usb 5-1: could not get target info (-71)
[  127.185524][   T43] usb 5-1: could not probe fw (-71)
[  127.220247][ T6294] FAULT_INJECTION: forcing a failure.
[  127.220247][ T6294] name failslab, interval 1, probability 0, space 0, times 0
[  127.220303][ T6294] CPU: 1 UID: 0 PID: 6294 Comm: syz.3.82 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  127.220324][ T6294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  127.220332][ T6294] Call Trace:
[  127.220338][ T6294]  <TASK>
[  127.220344][ T6294]  dump_stack_lvl+0x189/0x250
[  127.220369][ T6294]  ? __pfx____ratelimit+0x10/0x10
[  127.220388][ T6294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.220406][ T6294]  ? __pfx__printk+0x10/0x10
[  127.220427][ T6294]  ? kmalloc_reserve+0xbd/0x290
[  127.220441][ T6294]  ? rcu_is_watching+0x15/0xb0
[  127.220456][ T6294]  should_fail_ex+0x46c/0x600
[  127.220477][ T6294]  ? _sctp_make_chunk+0x14e/0x430
[  127.220494][ T6294]  should_failslab+0xa8/0x100
[  127.220513][ T6294]  ? _sctp_make_chunk+0x14e/0x430
[  127.220529][ T6294]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  127.220546][ T6294]  ? skb_put+0x11b/0x210
[  127.220563][ T6294]  _sctp_make_chunk+0x14e/0x430
[  127.220589][ T6294]  sctp_make_init+0x58b/0xd30
[  127.220604][ T6294]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.220630][ T6294]  ? __pfx_sctp_make_init+0x10/0x10
[  127.220644][ T6294]  ? __schedule+0x1709/0x4c20
[  127.220677][ T6294]  sctp_sf_do_prm_asoc+0xd2/0x3f0
[  127.220695][ T6294]  sctp_do_sm+0x1e7/0x5a20
[  127.220708][ T6294]  ? __pfx_sctp_pname+0x10/0x10
[  127.220723][ T6294]  ? kasan_save_track+0x3e/0x80
[  127.220740][ T6294]  ? sctp_sendmsg+0x174f/0x2590
[  127.220759][ T6294]  ? ___sys_sendmsg+0x21f/0x2a0
[  127.220779][ T6294]  ? __pfx_sctp_do_sm+0x10/0x10
[  127.220792][ T6294]  ? trace_irq_disable+0x37/0x110
[  127.220809][ T6294]  ? preempt_schedule_irq+0xde/0x150
[  127.220853][ T6294]  ? __sk_mem_raise_allocated+0x7ef/0x1230
[  127.220878][ T6294]  sctp_primitive_ASSOCIATE+0x95/0xc0
[  127.220895][ T6294]  sctp_sendmsg_to_asoc+0x1028/0x1810
[  127.220921][ T6294]  ? sctp_assoc_add_peer+0xcfa/0x13b0
[  127.220946][ T6294]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  127.220964][ T6294]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  127.220979][ T6294]  ? rt_spin_unlock+0x161/0x200
[  127.220995][ T6294]  ? lock_sock_nested+0x5f/0x130
[  127.221012][ T6294]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  127.221023][ T6294]  ? security_sctp_bind_connect+0x7e/0x2e0
[  127.221040][ T6294]  sctp_sendmsg+0x174f/0x2590
[  127.221068][ T6294]  ? __pfx_sctp_sendmsg+0x10/0x10
[  127.221089][ T6294]  ? __schedule+0x1709/0x4c20
[  127.221115][ T6294]  ? sock_rps_record_flow+0x19/0x410
[  127.221136][ T6294]  ? inet_sendmsg+0x2f4/0x370
[  127.221157][ T6294]  __sock_sendmsg+0x19c/0x270
[  127.221178][ T6294]  ____sys_sendmsg+0x534/0x820
[  127.221198][ T6294]  ? __pfx_____sys_sendmsg+0x10/0x10
[  127.221220][ T6294]  ? import_iovec+0x74/0xa0
[  127.221238][ T6294]  ___sys_sendmsg+0x21f/0x2a0
[  127.221255][ T6294]  ? __pfx____sys_sendmsg+0x10/0x10
[  127.221299][ T6294]  ? __fget_files+0x2a/0x420
[  127.221315][ T6294]  ? __fget_files+0x3a6/0x420
[  127.221341][ T6294]  __sys_sendmmsg+0x22d/0x430
[  127.221361][ T6294]  ? __pfx___sys_sendmmsg+0x10/0x10
[  127.221385][ T6294]  ? trace_irq_disable+0x37/0x110
[  127.221412][ T6294]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.221440][ T6294]  __x64_sys_sendmmsg+0xa0/0xc0
[  127.221458][ T6294]  do_syscall_64+0xfa/0xfa0
[  127.221476][ T6294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.221488][ T6294]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  127.221501][ T6294]  ? clear_bhb_loop+0x60/0xb0
[  127.221517][ T6294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.221529][ T6294] RIP: 0033:0x7ff6f292f749
[  127.221542][ T6294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.221553][ T6294] RSP: 002b:00007ff6f0b4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  127.221571][ T6294] RAX: ffffffffffffffda RBX: 00007ff6f2b86180 RCX: 00007ff6f292f749
[  127.221581][ T6294] RDX: 0000000000000002 RSI: 0000200000000200 RDI: 0000000000000006
[  127.221589][ T6294] RBP: 00007ff6f0b4c090 R08: 0000000000000000 R09: 0000000000000000
[  127.221598][ T6294] R10: 0000000006000010 R11: 0000000000000246 R12: 0000000000000002
[  127.221606][ T6294] R13: 00007ff6f2b86218 R14: 00007ff6f2b86180 R15: 00007ffc3a7920d8
[  127.221629][ T6294]  </TASK>
[  127.683368][    C0] vkms_vblank_simulate: vblank timer overrun
[  127.824439][    C0] vkms_vblank_simulate: vblank timer overrun
[  127.912036][ T5888] usb 5-1: USB disconnect, device number 3
[  128.595356][ T6302] input: syz1 as /devices/virtual/input/input7
[  129.684763][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz.4.91'.
[  129.768807][ T6323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.94'.
[  129.769505][ T6323] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  129.964003][ T6326] FAULT_INJECTION: forcing a failure.
[  129.964003][ T6326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.964042][ T6326] CPU: 1 UID: 0 PID: 6326 Comm: syz.2.95 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  129.964062][ T6326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  129.964072][ T6326] Call Trace:
[  129.964079][ T6326]  <TASK>
[  129.964087][ T6326]  dump_stack_lvl+0x189/0x250
[  129.964116][ T6326]  ? __pfx____ratelimit+0x10/0x10
[  129.964140][ T6326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.964163][ T6326]  ? __pfx__printk+0x10/0x10
[  129.964199][ T6326]  should_fail_ex+0x46c/0x600
[  129.964229][ T6326]  _copy_to_user+0x31/0xb0
[  129.964250][ T6326]  simple_read_from_buffer+0xe1/0x170
[  129.964276][ T6326]  proc_fail_nth_read+0x1b6/0x220
[  129.964297][ T6326]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  129.964319][ T6326]  ? rw_verify_area+0x2ac/0x4e0
[  129.964338][ T6326]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  129.964358][ T6326]  vfs_read+0x206/0xa30
[  129.964386][ T6326]  ? __pfx_vfs_read+0x10/0x10
[  129.964403][ T6326]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  129.964432][ T6326]  ? mutex_lock_nested+0x154/0x1d0
[  129.964450][ T6326]  ? fdget_pos+0x253/0x320
[  129.964483][ T6326]  ksys_read+0x14b/0x260
[  129.964506][ T6326]  ? __pfx_ksys_read+0x10/0x10
[  129.964530][ T6326]  ? do_syscall_64+0xbe/0xfa0
[  129.964558][ T6326]  do_syscall_64+0xfa/0xfa0
[  129.964580][ T6326]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.964602][ T6326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.964619][ T6326]  ? clear_bhb_loop+0x60/0xb0
[  129.964641][ T6326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.964658][ T6326] RIP: 0033:0x7ff49222e15c
[  129.964673][ T6326] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  129.964687][ T6326] RSP: 002b:00007ff49048e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  129.964706][ T6326] RAX: ffffffffffffffda RBX: 00007ff492485fa0 RCX: 00007ff49222e15c
[  129.964718][ T6326] RDX: 000000000000000f RSI: 00007ff49048e0a0 RDI: 0000000000000005
[  129.964729][ T6326] RBP: 00007ff49048e090 R08: 0000000000000000 R09: 0000000000000000
[  129.964740][ T6326] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  129.964751][ T6326] R13: 00007ff492486038 R14: 00007ff492485fa0 R15: 00007fffeaebf4e8
[  129.964783][ T6326]  </TASK>
[  130.112362][ T5787] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  130.272422][ T5787] usb 1-1: Using ep0 maxpacket: 8
[  130.605093][ T6337] nvme_fabrics: missing parameter 'transport=%s'
[  130.605109][ T6337] nvme_fabrics: missing parameter 'nqn=%s'
[  130.648321][ T5787] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  130.648354][ T5787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.648373][ T5787] usb 1-1: Product: syz
[  130.648386][ T5787] usb 1-1: Manufacturer: syz
[  130.648400][ T5787] usb 1-1: SerialNumber: syz
[  131.763080][ T5787] usb 1-1: config 0 descriptor??
[  131.810235][ T5787] gspca_main: se401-2.14.0 probing 047d:5003
[  131.950655][   T37] audit: type=1326 audit(1764255634.065:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950704][   T37] audit: type=1326 audit(1764255634.065:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950743][   T37] audit: type=1326 audit(1764255634.065:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950780][   T37] audit: type=1326 audit(1764255634.065:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950817][   T37] audit: type=1326 audit(1764255634.065:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950855][   T37] audit: type=1326 audit(1764255634.065:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=332 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.950889][   T37] audit: type=1326 audit(1764255634.065:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.955895][   T37] audit: type=1326 audit(1764255634.075:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  131.955947][   T37] audit: type=1326 audit(1764255634.075:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6349 comm="syz.2.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  132.331497][ T5787] gspca_se401: Bayer format not supported!
[  133.049962][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  133.050779][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  133.118450][ T5787] usb 1-1: USB disconnect, device number 2
[  133.334175][   T37] audit: type=1326 audit(1764255635.445:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6366 comm="syz.2.106" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff49222f749 code=0x7ffc0000
[  134.313024][ T6200] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  134.482388][ T6200] usb 5-1: device descriptor read/64, error -71
[  134.709898][ T6381] nvme_fabrics: missing parameter 'transport=%s'
[  134.709915][ T6381] nvme_fabrics: missing parameter 'nqn=%s'
[  135.603779][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.613555][ T6200] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  135.648122][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.815905][ T6200] usb 5-1: device descriptor read/64, error -71
[  135.924127][ T6200] usb usb5-port1: attempt power cycle
[  136.189268][ T6405] netlink: 28 bytes leftover after parsing attributes in process `syz.3.119'.
[  136.302320][ T6200] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  136.325644][ T6200] usb 5-1: device descriptor read/8, error -71
[  136.572360][ T6200] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  136.682692][ T6200] usb 5-1: device descriptor read/8, error -71
[  136.704130][ T5868] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  136.792685][ T6200] usb usb5-port1: unable to enumerate USB device
[  136.852322][ T5868] usb 1-1: Using ep0 maxpacket: 8
[  136.913838][ T5868] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  136.913865][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.913884][ T5868] usb 1-1: Product: syz
[  136.913896][ T5868] usb 1-1: Manufacturer: syz
[  136.913909][ T5868] usb 1-1: SerialNumber: syz
[  136.921713][ T5868] usb 1-1: config 0 descriptor??
[  137.018393][ T5868] gspca_main: se401-2.14.0 probing 047d:5003
[  137.266442][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.546830][ T5868] gspca_se401: Bayer format not supported!
[  137.765189][ T5787] usb 1-1: USB disconnect, device number 3
[  138.092161][ T6448] tmpfs: Bad value for 'mpol'
[  138.934870][    C1] vkms_vblank_simulate: vblank timer overrun
[  139.105511][ T6463] process 'syz.2.142' launched './file1' with NULL argv: empty string added
[  139.632945][    C1] vkms_vblank_simulate: vblank timer overrun
[  140.274126][ T5888] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  140.301637][ T6483] tmpfs: Bad value for 'mpol'
[  140.428634][ T5888] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  140.428662][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.482857][ T5888] usb 2-1: config 0 descriptor??
[  140.503952][ T5888] cp210x 2-1:0.0: cp210x converter detected
[  140.983546][ T5888] usb 2-1: cp210x converter now attached to ttyUSB0
[  141.003410][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.866731][    C1] vkms_vblank_simulate: vblank timer overrun
[  142.146073][ T5888] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  142.312290][ T5888] usb 1-1: Using ep0 maxpacket: 8
[  142.360008][ T5888] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  142.360037][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.360055][ T5888] usb 1-1: Product: syz
[  142.360068][ T5888] usb 1-1: Manufacturer: syz
[  142.360082][ T5888] usb 1-1: SerialNumber: syz
[  142.385912][ T6433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  142.440498][ T5888] usb 1-1: config 0 descriptor??
[  142.465553][ T5888] gspca_main: se401-2.14.0 probing 047d:5003
[  142.903356][ T5888] gspca_se401: Bayer format not supported!
[  143.102417][   T10] usb 2-1: USB disconnect, device number 5
[  143.212598][ T6200] usb 1-1: USB disconnect, device number 4
[  143.219506][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  143.355048][   T10] cp210x 2-1:0.0: device disconnected
[  144.434967][ T6513] nvme_fabrics: missing parameter 'transport=%s'
[  144.434983][ T6513] nvme_fabrics: missing parameter 'nqn=%s'
[  144.945968][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.620232][    C1] vkms_vblank_simulate: vblank timer overrun
[  145.764465][ T6524] tmpfs: Bad value for 'mpol'
[  145.956255][ T5787] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  146.219262][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.037710][    C1] vkms_vblank_simulate: vblank timer overrun
[  147.056420][ T5787] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  147.060074][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.060135][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.060194][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.063325][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.063377][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.063411][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.064838][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.066498][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.066527][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.068005][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.068056][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.068080][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.070135][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.070311][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.070369][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.075102][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.075157][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.075183][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.077044][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.077098][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.077123][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.080264][ T5787] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  147.080318][ T5787] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  147.080358][ T5787] usb 1-1: config 0 interface 0 has no altsetting 0
[  147.124470][ T5787] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  147.124498][ T5787] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  147.124516][ T5787] usb 1-1: Product: syz
[  147.124529][ T5787] usb 1-1: Manufacturer: syz
[  147.124542][ T5787] usb 1-1: SerialNumber: syz
[  147.334939][ T6559] nvme_fabrics: missing parameter 'transport=%s'
[  147.335004][ T6559] nvme_fabrics: missing parameter 'nqn=%s'
[  148.070214][ T5787] usb 1-1: config 0 descriptor??
[  148.079440][ T5787] usb 1-1: can't set config #0, error -71
[  148.086782][ T5787] usb 1-1: USB disconnect, device number 5
[  149.012669][ T6573] netlink: 'syz.1.179': attribute type 21 has an invalid length.
[  149.012690][ T6573] netlink: 128 bytes leftover after parsing attributes in process `syz.1.179'.
[  149.012789][ T6573] netlink: 'syz.1.179': attribute type 5 has an invalid length.
[  149.012800][ T6573] netlink: 'syz.1.179': attribute type 6 has an invalid length.
[  149.012811][ T6573] netlink: 3 bytes leftover after parsing attributes in process `syz.1.179'.
[  149.795191][ T6583] tmpfs: Bad value for 'mpol'
[  149.991929][ T6594] capability: warning: `syz.4.184' uses deprecated v2 capabilities in a way that may be insecure
[  151.277111][ T6614] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'.
[  152.682605][ T6616] nvme_fabrics: missing parameter 'transport=%s'
[  152.682621][ T6616] nvme_fabrics: missing parameter 'nqn=%s'
[  153.042623][ T6635] 9pnet_virtio: no channels available for device 127.0.0.1
[  154.440179][ T6637] tmpfs: Bad value for 'mpol'
[  154.624504][ T6650] =======================================================
[  154.624504][ T6650] WARNING: The mand mount option has been deprecated and
[  154.624504][ T6650]          and is ignored by this kernel. Remove the mand
[  154.624504][ T6650]          option from the mount to silence this warning.
[  154.624504][ T6650] =======================================================
[  155.451697][ T6650] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  157.979419][ T6679] nvme_fabrics: missing parameter 'transport=%s'
[  157.986101][ T6679] nvme_fabrics: missing parameter 'nqn=%s'
[  158.092458][   T44] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  158.271481][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.271514][   T44] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  158.271566][   T44] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  158.271595][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.282384][  T992] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  158.373958][   T44] usb 5-1: config 0 descriptor??
[  158.473150][  T992] usb 3-1: Using ep0 maxpacket: 32
[  159.119001][  T992] usb 3-1: config index 0 descriptor too short (expected 539, got 27)
[  159.119062][  T992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  159.119088][  T992] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 26154, setting to 1024
[  159.124981][  T992] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  159.125015][  T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.125034][  T992] usb 3-1: Product: syz
[  159.125047][  T992] usb 3-1: Manufacturer: syz
[  159.125059][  T992] usb 3-1: SerialNumber: syz
[  159.208619][  T992] usb 3-1: config 0 descriptor??
[  159.271122][  T992] hub 3-1:0.0: bad descriptor, ignoring hub
[  159.271163][  T992] hub 3-1:0.0: probe with driver hub failed with error -5
[  159.311426][  T992] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8
[  160.208816][  T992] usbtouchscreen 3-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -22
[  160.318999][ T6685] netlink: 72 bytes leftover after parsing attributes in process `syz.2.206'.
[  160.319057][ T6685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.206'.
[  160.521803][   T44] usbhid 5-1:0.0: can't add hid device: -71
[  160.521923][   T44] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  161.421796][ T6705] tmpfs: Bad value for 'mpol'
[  161.877161][   T44] usb 5-1: USB disconnect, device number 8
[  162.129596][  T992] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -22
[  162.220130][  T992] usb 3-1: USB disconnect, device number 5
[  162.263096][ T6712] FAULT_INJECTION: forcing a failure.
[  162.263096][ T6712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  162.263128][ T6712] CPU: 1 UID: 0 PID: 6712 Comm: syz.1.215 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  162.263148][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  162.263158][ T6712] Call Trace:
[  162.263165][ T6712]  <TASK>
[  162.263174][ T6712]  dump_stack_lvl+0x189/0x250
[  162.263204][ T6712]  ? __pfx____ratelimit+0x10/0x10
[  162.263228][ T6712]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.263252][ T6712]  ? __pfx__printk+0x10/0x10
[  162.263284][ T6712]  should_fail_ex+0x46c/0x600
[  162.263312][ T6712]  _copy_from_user+0x2d/0xb0
[  162.263332][ T6712]  vmemdup_user+0x5e/0xd0
[  162.263354][ T6712]  map_get_next_key+0x1c9/0x630
[  162.263380][ T6712]  ? bpf_lsm_bpf+0x9/0x20
[  162.263396][ T6712]  ? security_bpf+0x7e/0x300
[  162.263419][ T6712]  __sys_bpf+0x63d/0x860
[  162.263444][ T6712]  ? __pfx___sys_bpf+0x10/0x10
[  162.263464][ T6712]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  162.263501][ T6712]  ? ksys_write+0x230/0x260
[  162.263525][ T6712]  ? __pfx_ksys_write+0x10/0x10
[  162.263553][ T6712]  __x64_sys_bpf+0x7c/0x90
[  162.263575][ T6712]  do_syscall_64+0xfa/0xfa0
[  162.263597][ T6712]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.263620][ T6712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.263637][ T6712]  ? clear_bhb_loop+0x60/0xb0
[  162.263659][ T6712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.263676][ T6712] RIP: 0033:0x7f35b0a4f749
[  162.263692][ T6712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.263710][ T6712] RSP: 002b:00007f35aecae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  162.263729][ T6712] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4f749
[  162.263742][ T6712] RDX: 0000000000000020 RSI: 00002000000001c0 RDI: 0000000000000004
[  162.263753][ T6712] RBP: 00007f35aecae090 R08: 0000000000000000 R09: 0000000000000000
[  162.263764][ T6712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.263774][ T6712] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  162.263805][ T6712]  </TASK>
[  162.372284][   T31] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  162.386421][ T6716] syz.4.214 uses obsolete (PF_INET,SOCK_PACKET)
[  162.542527][   T31] usb 4-1: Using ep0 maxpacket: 8
[  162.545110][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  162.545141][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  162.545163][   T31] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  162.545184][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  162.545210][   T31] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  162.545247][   T31] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  162.545269][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.564446][   T31] usb 4-1: config 0 descriptor??
[  162.568989][ T6709] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  163.100712][ T6709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  163.101253][ T6709] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  163.333123][ T5814] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  163.348782][ T5868] usb 4-1: USB disconnect, device number 5
[  165.033384][ T6725] nvme_fabrics: missing parameter 'transport=%s'
[  165.033399][ T6725] nvme_fabrics: missing parameter 'nqn=%s'
[  166.497050][ T6749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.225'.
[  169.754688][ T6778] FAULT_INJECTION: forcing a failure.
[  169.754688][ T6778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.754720][ T6778] CPU: 1 UID: 0 PID: 6778 Comm: syz.3.232 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  169.754740][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  169.754750][ T6778] Call Trace:
[  169.754757][ T6778]  <TASK>
[  169.754766][ T6778]  dump_stack_lvl+0x189/0x250
[  169.754795][ T6778]  ? __pfx____ratelimit+0x10/0x10
[  169.754819][ T6778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.754844][ T6778]  ? __pfx__printk+0x10/0x10
[  169.754881][ T6778]  should_fail_ex+0x46c/0x600
[  169.754912][ T6778]  _copy_to_user+0x31/0xb0
[  169.754934][ T6778]  simple_read_from_buffer+0xe1/0x170
[  169.754962][ T6778]  proc_fail_nth_read+0x1b6/0x220
[  169.754986][ T6778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.755009][ T6778]  ? rw_verify_area+0x2ac/0x4e0
[  169.755029][ T6778]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.755049][ T6778]  vfs_read+0x206/0xa30
[  169.755080][ T6778]  ? __pfx_vfs_read+0x10/0x10
[  169.755097][ T6778]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  169.755126][ T6778]  ? mutex_lock_nested+0x154/0x1d0
[  169.755142][ T6778]  ? fdget_pos+0x253/0x320
[  169.755181][ T6778]  ksys_read+0x14b/0x260
[  169.755205][ T6778]  ? __pfx_ksys_read+0x10/0x10
[  169.755230][ T6778]  ? do_syscall_64+0xbe/0xfa0
[  169.755258][ T6778]  do_syscall_64+0xfa/0xfa0
[  169.755280][ T6778]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.755303][ T6778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.755320][ T6778]  ? clear_bhb_loop+0x60/0xb0
[  169.755343][ T6778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.755360][ T6778] RIP: 0033:0x7ff6f292e15c
[  169.755376][ T6778] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  169.755390][ T6778] RSP: 002b:00007ff6f0b8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  169.755409][ T6778] RAX: ffffffffffffffda RBX: 00007ff6f2b85fa0 RCX: 00007ff6f292e15c
[  169.755420][ T6778] RDX: 000000000000000f RSI: 00007ff6f0b8e0a0 RDI: 0000000000000006
[  169.755431][ T6778] RBP: 00007ff6f0b8e090 R08: 0000000000000000 R09: 0000000000000000
[  169.755442][ T6778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.755452][ T6778] R13: 00007ff6f2b86038 R14: 00007ff6f2b85fa0 R15: 00007ffc3a7920d8
[  169.755485][ T6778]  </TASK>
[  171.484577][ T6793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.237'.
[  171.484612][ T6793] netlink: 48 bytes leftover after parsing attributes in process `syz.1.237'.
[  173.451941][ T5868] usb 1-1: new low-speed USB device number 6 using dummy_hcd
[  173.924576][ T5868] usb 1-1: unable to get BOS descriptor or descriptor too short
[  173.928866][ T5868] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  173.928897][ T5868] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt
[  173.928919][ T5868] usb 1-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  173.928945][ T5868] usb 1-1: config 1 interface 0 has no altsetting 0
[  173.990860][ T5868] usb 1-1: string descriptor 0 read error: -22
[  173.991013][ T5868] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  173.991036][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.046754][ T6799] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  174.046882][ T6799] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  174.046995][ T6799] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  174.104442][ T5868] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  174.267399][ T5868] usb 1-1: USB disconnect, device number 6
[  175.545416][ T6838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'.
[  177.571805][ T6845] bridge1: entered promiscuous mode
[  177.683850][ T6848] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  177.868012][ T6869] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.071311][   T37] kauditd_printk_skb: 53 callbacks suppressed
[  178.071329][   T37] audit: type=1326 audit(1764255680.185:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6862 comm="syz.4.261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x0
[  178.174750][ T6200] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  178.389043][ T6200] usb 3-1: Using ep0 maxpacket: 16
[  178.631525][ T6200] usb 3-1: config 0 has an invalid interface number: 236 but max is 1
[  178.632031][ T6200] usb 3-1: config 0 has an invalid interface number: 129 but max is 1
[  178.641582][ T6200] usb 3-1: config 0 has no interface number 0
[  178.649607][ T6200] usb 3-1: config 0 has no interface number 1
[  178.669173][ T6200] usb 3-1: config 0 interface 236 has no altsetting 0
[  178.673195][ T6200] usb 3-1: config 0 interface 129 has no altsetting 0
[  178.820814][ T6200] usb 3-1: New USB device found, idVendor=1ace, idProduct=e9b2, bcdDevice=5c.3d
[  178.820843][ T6200] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.820862][ T6200] usb 3-1: Product: syz
[  178.820875][ T6200] usb 3-1: Manufacturer: syz
[  178.820888][ T6200] usb 3-1: SerialNumber: syz
[  178.875408][ T6200] usb 3-1: config 0 descriptor??
[  179.219117][ T6200] ir_usb 3-1:0.236: required endpoints missing
[  179.264543][ T6200] usb 3-1: selecting invalid altsetting 0
[  179.265421][ T6200] uvcvideo 3-1:0.129: Found UVC 2.26 device syz (1ace:e9b2)
[  179.265452][ T6200] uvcvideo 3-1:0.129: No valid video chain found.
[  179.312278][ T6200] usb 3-1: USB disconnect, device number 6
[  179.533290][ T6890] FAULT_INJECTION: forcing a failure.
[  179.533290][ T6890] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  179.533320][ T6890] CPU: 1 UID: 0 PID: 6890 Comm: syz.1.267 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  179.533340][ T6890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  179.533350][ T6890] Call Trace:
[  179.533357][ T6890]  <TASK>
[  179.533365][ T6890]  dump_stack_lvl+0x189/0x250
[  179.533396][ T6890]  ? __pfx____ratelimit+0x10/0x10
[  179.533420][ T6890]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.533445][ T6890]  ? __pfx__printk+0x10/0x10
[  179.533488][ T6890]  should_fail_ex+0x46c/0x600
[  179.533519][ T6890]  _copy_to_user+0x31/0xb0
[  179.533541][ T6890]  simple_read_from_buffer+0xe1/0x170
[  179.533569][ T6890]  proc_fail_nth_read+0x1b6/0x220
[  179.533592][ T6890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  179.533615][ T6890]  ? rw_verify_area+0x2ac/0x4e0
[  179.533635][ T6890]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  179.533656][ T6890]  vfs_read+0x206/0xa30
[  179.533687][ T6890]  ? __pfx_vfs_read+0x10/0x10
[  179.533704][ T6890]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  179.533736][ T6890]  ? mutex_lock_nested+0x154/0x1d0
[  179.533754][ T6890]  ? fdget_pos+0x253/0x320
[  179.533788][ T6890]  ksys_read+0x14b/0x260
[  179.533806][ T6890]  ? __fget_files+0x2a/0x420
[  179.533831][ T6890]  ? __pfx_ksys_read+0x10/0x10
[  179.533855][ T6890]  ? do_syscall_64+0xbe/0xfa0
[  179.533883][ T6890]  do_syscall_64+0xfa/0xfa0
[  179.533905][ T6890]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.533933][ T6890]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.533950][ T6890]  ? clear_bhb_loop+0x60/0xb0
[  179.533972][ T6890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.533989][ T6890] RIP: 0033:0x7f35b0a4e15c
[  179.534005][ T6890] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  179.534019][ T6890] RSP: 002b:00007f35aec8d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  179.534038][ T6890] RAX: ffffffffffffffda RBX: 00007f35b0ca6090 RCX: 00007f35b0a4e15c
[  179.534051][ T6890] RDX: 000000000000000f RSI: 00007f35aec8d0a0 RDI: 0000000000000004
[  179.534062][ T6890] RBP: 00007f35aec8d090 R08: 0000000000000000 R09: 0000000000000000
[  179.534073][ T6890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.534083][ T6890] R13: 00007f35b0ca6128 R14: 00007f35b0ca6090 R15: 00007ffcf9c89a38
[  179.534117][ T6890]  </TASK>
[  179.878725][ T6898] FAULT_INJECTION: forcing a failure.
[  179.878725][ T6898] name failslab, interval 1, probability 0, space 0, times 0
[  179.878751][ T6898] CPU: 1 UID: 0 PID: 6898 Comm: syz.1.273 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  179.878767][ T6898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  179.878774][ T6898] Call Trace:
[  179.878780][ T6898]  <TASK>
[  179.878787][ T6898]  dump_stack_lvl+0x189/0x250
[  179.878812][ T6898]  ? __pfx____ratelimit+0x10/0x10
[  179.878832][ T6898]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.878850][ T6898]  ? __pfx__printk+0x10/0x10
[  179.878871][ T6898]  ? __pfx___might_resched+0x10/0x10
[  179.878885][ T6898]  ? fs_reclaim_acquire+0x7d/0x100
[  179.878907][ T6898]  should_fail_ex+0x46c/0x600
[  179.878932][ T6898]  should_failslab+0xa8/0x100
[  179.878955][ T6898]  __kmalloc_noprof+0xcc/0x7d0
[  179.878972][ T6898]  ? io_cache_alloc_new+0x40/0x100
[  179.878992][ T6898]  io_cache_alloc_new+0x40/0x100
[  179.879007][ T6898]  io_msg_alloc_async+0x1b2/0x2d0
[  179.879028][ T6898]  io_bind_prep+0x152/0x250
[  179.879043][ T6898]  io_submit_sqes+0x935/0x1e60
[  179.879086][ T6898]  __se_sys_io_uring_enter+0x2db/0x2b70
[  179.879112][ T6898]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  179.879143][ T6898]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.879164][ T6898]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  179.879182][ T6898]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  179.879204][ T6898]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  179.879220][ T6898]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  179.879238][ T6898]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  179.879253][ T6898]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  179.879278][ T6898]  ? fput+0xa0/0xd0
[  179.879292][ T6898]  ? ksys_write+0x230/0x260
[  179.879312][ T6898]  ? __pfx_ksys_write+0x10/0x10
[  179.879332][ T6898]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  179.879353][ T6898]  do_syscall_64+0xfa/0xfa0
[  179.879372][ T6898]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.879397][ T6898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.879410][ T6898]  ? clear_bhb_loop+0x60/0xb0
[  179.879428][ T6898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.879442][ T6898] RIP: 0033:0x7f35b0a4f749
[  179.879456][ T6898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.879467][ T6898] RSP: 002b:00007f35aecae038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  179.879483][ T6898] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4f749
[  179.879493][ T6898] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[  179.879502][ T6898] RBP: 00007f35aecae090 R08: 0000000000000000 R09: 0000000000000000
[  179.879512][ T6898] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[  179.879522][ T6898] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  179.879551][ T6898]  </TASK>
[  180.182322][ T5888] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  180.337861][ T5888] usb 4-1: Using ep0 maxpacket: 16
[  180.344228][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.344260][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.344280][ T5888] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  180.344319][ T5888] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  180.344340][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.382404][ T5888] usb 4-1: config 0 descriptor??
[  180.415941][ T5868] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  181.012372][ T5868] usb 2-1: Using ep0 maxpacket: 32
[  181.018373][ T5868] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  181.018416][ T5868] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  181.018431][ T5868] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  181.018479][ T5868] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  181.020790][ T5868] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  181.020806][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.020815][ T5868] usb 2-1: Product: syz
[  181.020858][ T5868] usb 2-1: Manufacturer: syz
[  181.020866][ T5868] usb 2-1: SerialNumber: syz
[  181.159373][ T5868] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  181.159479][ T5868] imon 2-1:155.0: unable to initialize intf0, err -19
[  181.159490][ T5868] imon:imon_probe: failed to initialize context!
[  181.159496][ T5868] imon 2-1:155.0: unable to register, err -19
[  181.260639][ T5888] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0003/input/input9
[  181.385444][ T6902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.410680][ T6902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.523506][ T6900] loop8: detected capacity change from 0 to 8
[  181.535657][ T5888] appleir 0003:05AC:8241.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  181.582364][  T995] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  181.667147][ T6900] Dev loop8: unable to read RDB block 8
[  181.667196][ T6900]  loop8: unable to read partition table
[  181.667429][ T6900] loop8: partition table beyond EOD, truncated
[  181.667474][ T6900] loop_reread_partitions: partition scan of loop8 (ã被xü^>à– �) failed (rc=-5)
[  181.732970][  T995] usb 5-1: Using ep0 maxpacket: 16
[  181.737855][  T995] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  181.737885][  T995] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  181.737907][  T995] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  181.737941][  T995] usb 5-1: config 0 interface 0 has no altsetting 0
[  181.738070][  T995] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  181.738092][  T995] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.755106][  T995] usb 5-1: config 0 descriptor??
[  182.181652][  T995] hid (null): report_id 0 is invalid
[  182.189176][  T995] hid (null): usage index exceeded
[  182.282029][  T995] usb 4-1: USB disconnect, device number 6
[  182.435256][ T6200] usb 5-1: USB disconnect, device number 9
[  182.680472][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz.3.283'.
[  183.094075][ T6944] FAULT_INJECTION: forcing a failure.
[  183.094075][ T6944] name failslab, interval 1, probability 0, space 0, times 0
[  183.094118][ T6944] CPU: 0 UID: 0 PID: 6944 Comm: syz.4.287 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  183.094139][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  183.094149][ T6944] Call Trace:
[  183.094156][ T6944]  <TASK>
[  183.094164][ T6944]  dump_stack_lvl+0x189/0x250
[  183.094192][ T6944]  ? __pfx____ratelimit+0x10/0x10
[  183.094216][ T6944]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.094239][ T6944]  ? __pfx__printk+0x10/0x10
[  183.094265][ T6944]  ? __pfx___might_resched+0x10/0x10
[  183.094281][ T6944]  ? fs_reclaim_acquire+0x7d/0x100
[  183.094308][ T6944]  should_fail_ex+0x46c/0x600
[  183.094337][ T6944]  should_failslab+0xa8/0x100
[  183.094363][ T6944]  __kmalloc_noprof+0xcc/0x7d0
[  183.094385][ T6944]  ? tomoyo_encode+0x28b/0x550
[  183.094410][ T6944]  tomoyo_encode+0x28b/0x550
[  183.094437][ T6944]  tomoyo_realpath_from_path+0x58d/0x5d0
[  183.094470][ T6944]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  183.094496][ T6944]  tomoyo_path_number_perm+0x1e8/0x5a0
[  183.094522][ T6944]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  183.094552][ T6944]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  183.094576][ T6944]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.094628][ T6944]  ? __fget_files+0x2a/0x420
[  183.094657][ T6944]  ? __fget_files+0x3a6/0x420
[  183.094678][ T6944]  ? __fget_files+0x2a/0x420
[  183.094704][ T6944]  security_file_ioctl+0xcb/0x2d0
[  183.094725][ T6944]  __se_sys_ioctl+0x47/0x170
[  183.094747][ T6944]  do_syscall_64+0xfa/0xfa0
[  183.094768][ T6944]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.094791][ T6944]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.094808][ T6944]  ? clear_bhb_loop+0x60/0xb0
[  183.094828][ T6944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.094844][ T6944] RIP: 0033:0x7fcb8bebf749
[  183.094860][ T6944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.094874][ T6944] RSP: 002b:00007fcb8a11e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  183.094892][ T6944] RAX: ffffffffffffffda RBX: 00007fcb8c115fa0 RCX: 00007fcb8bebf749
[  183.094904][ T6944] RDX: 0000200000000200 RSI: 00000000c0e85667 RDI: 0000000000000003
[  183.094916][ T6944] RBP: 00007fcb8a11e090 R08: 0000000000000000 R09: 0000000000000000
[  183.094927][ T6944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.094937][ T6944] R13: 00007fcb8c116038 R14: 00007fcb8c115fa0 R15: 00007fff3ea98648
[  183.094968][ T6944]  </TASK>
[  183.097578][ T6944] ERROR: Out of memory at tomoyo_realpath_from_path.
[  183.113162][   T37] audit: type=1326 audit(1764255685.225:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6938 comm="syz.0.286" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c27a7f749 code=0x0
[  183.236621][  T995] usb 2-1: USB disconnect, device number 6
[  183.392459][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.291'.
[  183.542073][    C0] vkms_vblank_simulate: vblank timer overrun
[  183.612833][   T37] audit: type=1326 audit(1764255685.735:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.3.290" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x0
[  183.944664][   T31] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  184.109940][   T31] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  184.110011][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.110071][   T31] usb 5-1: config 0 has no interface number 0
[  184.208059][   T31] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  184.208167][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.208292][   T31] usb 5-1: Product: syz
[  184.208328][   T31] usb 5-1: Manufacturer: syz
[  184.208393][   T31] usb 5-1: SerialNumber: syz
[  184.251583][   T31] usb 5-1: config 0 descriptor??
[  184.266796][   T31] ims_pcu 5-1:0.41: probe with driver ims_pcu failed with error -22
[  185.622551][ T6975] tmpfs: Bad value for 'mpol'
[  186.356365][ T6981] tmpfs: Bad value for 'mpol'
[  186.783922][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.855714][    C0] vkms_vblank_simulate: vblank timer overrun
[  186.937552][    C0] vkms_vblank_simulate: vblank timer overrun
[  187.486650][    C0] vkms_vblank_simulate: vblank timer overrun
[  187.594937][ T5888] usb 5-1: USB disconnect, device number 10
[  187.654825][ T6997] FAULT_INJECTION: forcing a failure.
[  187.654825][ T6997] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  187.654856][ T6997] CPU: 1 UID: 0 PID: 6997 Comm: syz.1.299 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  187.654876][ T6997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  187.654886][ T6997] Call Trace:
[  187.654894][ T6997]  <TASK>
[  187.654902][ T6997]  dump_stack_lvl+0x189/0x250
[  187.654932][ T6997]  ? __pfx____ratelimit+0x10/0x10
[  187.654957][ T6997]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.654982][ T6997]  ? __pfx__printk+0x10/0x10
[  187.655005][ T6997]  ? fs_reclaim_acquire+0x7d/0x100
[  187.655039][ T6997]  should_fail_ex+0x46c/0x600
[  187.655069][ T6997]  prepare_alloc_pages+0x213/0x670
[  187.655101][ T6997]  __alloc_frozen_pages_noprof+0x123/0x370
[  187.655132][ T6997]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  187.655166][ T6997]  ? policy_nodemask+0x27c/0x720
[  187.655196][ T6997]  alloc_pages_mpol+0xd1/0x380
[  187.655225][ T6997]  alloc_pages_noprof+0xcf/0x1e0
[  187.655253][ T6997]  pte_alloc_one+0x23/0x330
[  187.655274][ T6997]  ? __pte_alloc+0x1d/0x1a0
[  187.655295][ T6997]  __pte_alloc+0x25/0x1a0
[  187.655318][ T6997]  handle_mm_fault+0x297d/0x3400
[  187.655351][ T6997]  ? handle_mm_fault+0xdb/0x3400
[  187.655380][ T6997]  ? __pfx_handle_mm_fault+0x10/0x10
[  187.655417][ T6997]  ? __pfx_find_vma+0x10/0x10
[  187.655438][ T6997]  ? vma_is_secretmem+0xd/0x50
[  187.655459][ T6997]  ? check_vma_flags+0x513/0x590
[  187.655489][ T6997]  __get_user_pages+0x1685/0x2860
[  187.655549][ T6997]  __gup_longterm_locked+0xde4/0x1660
[  187.655586][ T6997]  ? sanity_check_pinned_pages+0x1241/0x1300
[  187.655617][ T6997]  ? gup_fast_fallback+0x1af5/0x2230
[  187.655643][ T6997]  gup_fast_fallback+0x1cd4/0x2230
[  187.655704][ T6997]  ? __pfx_gup_fast_fallback+0x10/0x10
[  187.655732][ T6997]  ? rcu_is_watching+0x15/0xb0
[  187.655750][ T6997]  ? is_valid_gup_args+0x11f/0x200
[  187.655775][ T6997]  ? pin_user_pages_fast+0x4d/0xb0
[  187.655800][ T6997]  rds_info_getsockopt+0x1fb/0x3f0
[  187.655823][ T6997]  ? __might_fault+0xb0/0x130
[  187.655849][ T6997]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  187.655874][ T6997]  ? __might_fault+0xb0/0x130
[  187.655902][ T6997]  ? rds_getsockopt+0x2ed/0x500
[  187.655919][ T6997]  ? __pfx_rds_getsockopt+0x10/0x10
[  187.655939][ T6997]  do_sock_getsockopt+0x372/0x450
[  187.655964][ T6997]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  187.655984][ T6997]  ? do_syscall_64+0xa0/0xfa0
[  187.656021][ T6997]  __x64_sys_getsockopt+0x1ab/0x250
[  187.656041][ T6997]  ? do_syscall_64+0xa0/0xfa0
[  187.656066][ T6997]  ? do_syscall_64+0xa0/0xfa0
[  187.656094][ T6997]  do_syscall_64+0xfa/0xfa0
[  187.656116][ T6997]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.656139][ T6997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.656157][ T6997]  ? clear_bhb_loop+0x60/0xb0
[  187.656179][ T6997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.656196][ T6997] RIP: 0033:0x7f35b0a4f749
[  187.656212][ T6997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.656226][ T6997] RSP: 002b:00007f35aecae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  187.656245][ T6997] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4f749
[  187.656258][ T6997] RDX: 000000000000271f RSI: 0000200000000114 RDI: 0000000000000003
[  187.656269][ T6997] RBP: 00007f35aecae090 R08: 0000200000000000 R09: 0000000000000000
[  187.656280][ T6997] R10: 0000200000c35fff R11: 0000000000000246 R12: 0000000000000001
[  187.656291][ T6997] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  187.656324][ T6997]  </TASK>
[  187.857516][ T7001] FAULT_INJECTION: forcing a failure.
[  187.857516][ T7001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  187.857547][ T7001] CPU: 1 UID: 0 PID: 7001 Comm: syz.4.302 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  187.857568][ T7001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  187.857577][ T7001] Call Trace:
[  187.857584][ T7001]  <TASK>
[  187.857591][ T7001]  dump_stack_lvl+0x189/0x250
[  187.857621][ T7001]  ? __pfx____ratelimit+0x10/0x10
[  187.857644][ T7001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.857668][ T7001]  ? __pfx__printk+0x10/0x10
[  187.857688][ T7001]  ? __might_fault+0xb0/0x130
[  187.857722][ T7001]  should_fail_ex+0x46c/0x600
[  187.857751][ T7001]  _copy_from_user+0x2d/0xb0
[  187.857771][ T7001]  ___sys_sendmsg+0x158/0x2a0
[  187.857794][ T7001]  ? __pfx____sys_sendmsg+0x10/0x10
[  187.857850][ T7001]  ? __fget_files+0x2a/0x420
[  187.857872][ T7001]  ? __fget_files+0x3a6/0x420
[  187.857903][ T7001]  __x64_sys_sendmsg+0x1a1/0x260
[  187.857926][ T7001]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  187.857956][ T7001]  ? __pfx_ksys_write+0x10/0x10
[  187.857981][ T7001]  ? do_syscall_64+0xbe/0xfa0
[  187.858007][ T7001]  do_syscall_64+0xfa/0xfa0
[  187.858028][ T7001]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.858051][ T7001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.858067][ T7001]  ? clear_bhb_loop+0x60/0xb0
[  187.858087][ T7001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.858103][ T7001] RIP: 0033:0x7fcb8bebf749
[  187.858118][ T7001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.858131][ T7001] RSP: 002b:00007fcb8a11e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  187.858149][ T7001] RAX: ffffffffffffffda RBX: 00007fcb8c115fa0 RCX: 00007fcb8bebf749
[  187.858162][ T7001] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  187.858172][ T7001] RBP: 00007fcb8a11e090 R08: 0000000000000000 R09: 0000000000000000
[  187.858183][ T7001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.858193][ T7001] R13: 00007fcb8c116038 R14: 00007fcb8c115fa0 R15: 00007fff3ea98648
[  187.858222][ T7001]  </TASK>
[  187.992382][   T31] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  189.024939][   T31] usb 2-1: Using ep0 maxpacket: 16
[  190.241120][   T31] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  190.241145][   T31] usb 2-1: config 0 has no interface number 0
[  190.401700][ T7014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.306'.
[  190.560232][   T31] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  190.560262][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.560281][   T31] usb 2-1: Product: syz
[  190.560295][   T31] usb 2-1: Manufacturer: syz
[  190.560308][   T31] usb 2-1: SerialNumber: syz
[  190.594382][   T31] usb 2-1: config 0 descriptor??
[  190.617069][   T31] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  190.827736][   T31] gspca_spca1528: reg_w err -71
[  190.842396][   T31] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71
[  190.852531][   T31] usb 2-1: USB disconnect, device number 7
[  191.053571][ T7028] FAULT_INJECTION: forcing a failure.
[  191.053571][ T7028] name failslab, interval 1, probability 0, space 0, times 0
[  191.053602][ T7028] CPU: 1 UID: 0 PID: 7028 Comm: syz.1.311 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  191.053622][ T7028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  191.053632][ T7028] Call Trace:
[  191.053639][ T7028]  <TASK>
[  191.053647][ T7028]  dump_stack_lvl+0x189/0x250
[  191.053677][ T7028]  ? __pfx____ratelimit+0x10/0x10
[  191.053701][ T7028]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.053726][ T7028]  ? __pfx__printk+0x10/0x10
[  191.053743][ T7028]  ? io_rw_init_file+0x7ad/0xb80
[  191.053784][ T7028]  should_fail_ex+0x46c/0x600
[  191.053813][ T7028]  should_failslab+0xa8/0x100
[  191.053840][ T7028]  __kmalloc_noprof+0xcc/0x7d0
[  191.053862][ T7028]  ? io_cache_alloc_new+0x40/0x100
[  191.053888][ T7028]  io_cache_alloc_new+0x40/0x100
[  191.053909][ T7028]  io_arm_apoll+0x477/0x910
[  191.053940][ T7028]  ? __pfx_io_arm_apoll+0x10/0x10
[  191.053969][ T7028]  ? __io_issue_sqe+0x1f9/0x4b0
[  191.053990][ T7028]  ? io_file_get_normal+0x104/0x300
[  191.054014][ T7028]  ? io_arm_poll_handler+0x20a/0x2a0
[  191.054045][ T7028]  io_queue_async+0x175/0x240
[  191.054074][ T7028]  io_submit_sqes+0xe78/0x1e60
[  191.054130][ T7028]  __se_sys_io_uring_enter+0x2db/0x2b70
[  191.054166][ T7028]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  191.054190][ T7028]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.054215][ T7028]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  191.054239][ T7028]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  191.054267][ T7028]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  191.054288][ T7028]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  191.054312][ T7028]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  191.054332][ T7028]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  191.054363][ T7028]  ? fput+0xa0/0xd0
[  191.054381][ T7028]  ? ksys_write+0x230/0x260
[  191.054405][ T7028]  ? __pfx_ksys_write+0x10/0x10
[  191.054430][ T7028]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  191.054456][ T7028]  do_syscall_64+0xfa/0xfa0
[  191.054479][ T7028]  ? lockdep_hardirqs_on+0x9c/0x150
[  191.054501][ T7028]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.054519][ T7028]  ? clear_bhb_loop+0x60/0xb0
[  191.054541][ T7028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.054557][ T7028] RIP: 0033:0x7f35b0a4f749
[  191.054573][ T7028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.054587][ T7028] RSP: 002b:00007f35aecae038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  191.054605][ T7028] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4f749
[  191.054618][ T7028] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000005
[  191.054628][ T7028] RBP: 00007f35aecae090 R08: 0000000000000000 R09: 0000000000000000
[  191.054639][ T7028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.054649][ T7028] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  191.054685][ T7028]  </TASK>
[  192.364425][ T7040] FAULT_INJECTION: forcing a failure.
[  192.364425][ T7040] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  192.364456][ T7040] CPU: 1 UID: 0 PID: 7040 Comm: syz.3.313 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  192.364476][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  192.364486][ T7040] Call Trace:
[  192.364493][ T7040]  <TASK>
[  192.364501][ T7040]  dump_stack_lvl+0x189/0x250
[  192.364530][ T7040]  ? __pfx____ratelimit+0x10/0x10
[  192.364554][ T7040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.364578][ T7040]  ? __pfx__printk+0x10/0x10
[  192.364599][ T7040]  ? fs_reclaim_acquire+0x7d/0x100
[  192.364631][ T7040]  should_fail_ex+0x46c/0x600
[  192.364660][ T7040]  prepare_alloc_pages+0x213/0x670
[  192.364692][ T7040]  __alloc_frozen_pages_noprof+0x123/0x370
[  192.364721][ T7040]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  192.364763][ T7040]  alloc_pages_mpol+0xd1/0x380
[  192.364791][ T7040]  alloc_pages_noprof+0xcf/0x1e0
[  192.364818][ T7040]  get_free_pages_noprof+0xf/0x80
[  192.364843][ T7040]  kasan_populate_vmalloc+0x38/0x270
[  192.364867][ T7040]  ? rt_spin_unlock+0x161/0x200
[  192.364890][ T7040]  alloc_vmap_area+0xd7a/0x14c0
[  192.364927][ T7040]  ? __pfx_alloc_vmap_area+0x10/0x10
[  192.364948][ T7040]  ? __kasan_kmalloc+0x93/0xb0
[  192.364979][ T7040]  ? __kmalloc_cache_node_noprof+0x2a9/0x700
[  192.365002][ T7040]  ? __get_vm_area_node+0x172/0x350
[  192.365022][ T7040]  ? copy_process+0x545/0x3ae0
[  192.365044][ T7040]  __get_vm_area_node+0x227/0x350
[  192.365071][ T7040]  __vmalloc_node_range_noprof+0x30c/0x12d0
[  192.365094][ T7040]  ? copy_process+0x545/0x3ae0
[  192.365113][ T7040]  ? percpu_ref_get_many+0x19/0x140
[  192.365164][ T7040]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  192.365190][ T7040]  ? memcpy_and_pad+0x48/0x80
[  192.365215][ T7040]  __vmalloc_node_noprof+0xc2/0x110
[  192.365236][ T7040]  ? copy_process+0x545/0x3ae0
[  192.365253][ T7040]  ? copy_process+0x545/0x3ae0
[  192.365274][ T7040]  dup_task_struct+0x3d4/0x830
[  192.365294][ T7040]  ? rt_spin_unlock+0x161/0x200
[  192.365316][ T7040]  copy_process+0x545/0x3ae0
[  192.365364][ T7040]  ? __pfx_copy_process+0x10/0x10
[  192.365389][ T7040]  ? rcu_read_lock_any_held+0xb3/0x120
[  192.365415][ T7040]  kernel_clone+0x224/0x7c0
[  192.365439][ T7040]  ? __pfx_kernel_clone+0x10/0x10
[  192.365481][ T7040]  __x64_sys_clone+0x18b/0x1e0
[  192.365506][ T7040]  ? __pfx___x64_sys_clone+0x10/0x10
[  192.365526][ T7040]  ? do_sys_openat2+0x154/0x1c0
[  192.365559][ T7040]  ? __pfx_ksys_write+0x10/0x10
[  192.365584][ T7040]  ? do_syscall_64+0xbe/0xfa0
[  192.365610][ T7040]  do_syscall_64+0xfa/0xfa0
[  192.365631][ T7040]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.365653][ T7040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.365670][ T7040]  ? clear_bhb_loop+0x60/0xb0
[  192.365691][ T7040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.365708][ T7040] RIP: 0033:0x7ff6f292f749
[  192.365723][ T7040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.365737][ T7040] RSP: 002b:00007ff6f0b6cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  192.365755][ T7040] RAX: ffffffffffffffda RBX: 00007ff6f2b86090 RCX: 00007ff6f292f749
[  192.365767][ T7040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000638c1000
[  192.365777][ T7040] RBP: 00007ff6f0b6d090 R08: 0000000000000000 R09: 0000000000000000
[  192.365787][ T7040] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  192.365797][ T7040] R13: 00007ff6f2b86128 R14: 00007ff6f2b86090 R15: 00007ffc3a7920d8
[  192.365826][ T7040]  </TASK>
[  192.366123][ T7040] syz.3.313: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  192.368084][ T7040] CPU: 1 UID: 0 PID: 7040 Comm: syz.3.313 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  192.368105][ T7040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  192.368115][ T7040] Call Trace:
[  192.368122][ T7040]  <TASK>
[  192.368130][ T7040]  dump_stack_lvl+0x189/0x250
[  192.368157][ T7040]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  192.368179][ T7040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.368202][ T7040]  ? __pfx__printk+0x10/0x10
[  192.368223][ T7040]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  192.368243][ T7040]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  192.368270][ T7040]  warn_alloc+0x22e/0x3b0
[  192.368296][ T7040]  ? kasan_quarantine_put+0xdd/0x220
[  192.368316][ T7040]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.368343][ T7040]  ? __pfx_warn_alloc+0x10/0x10
[  192.368367][ T7040]  ? __get_vm_area_node+0x240/0x350
[  192.368387][ T7040]  ? __get_vm_area_node+0x172/0x350
[  192.368408][ T7040]  ? copy_process+0x545/0x3ae0
[  192.368430][ T7040]  ? __get_vm_area_node+0x240/0x350
[  192.368458][ T7040]  __vmalloc_node_range_noprof+0x331/0x12d0
[  192.368481][ T7040]  ? percpu_ref_get_many+0x19/0x140
[  192.368531][ T7040]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  192.368557][ T7040]  ? memcpy_and_pad+0x48/0x80
[  192.368583][ T7040]  __vmalloc_node_noprof+0xc2/0x110
[  192.368605][ T7040]  ? copy_process+0x545/0x3ae0
[  192.368623][ T7040]  ? copy_process+0x545/0x3ae0
[  192.368646][ T7040]  dup_task_struct+0x3d4/0x830
[  192.368667][ T7040]  ? rt_spin_unlock+0x161/0x200
[  192.368690][ T7040]  copy_process+0x545/0x3ae0
[  192.368740][ T7040]  ? __pfx_copy_process+0x10/0x10
[  192.368765][ T7040]  ? rcu_read_lock_any_held+0xb3/0x120
[  192.368790][ T7040]  kernel_clone+0x224/0x7c0
[  192.368815][ T7040]  ? __pfx_kernel_clone+0x10/0x10
[  192.368858][ T7040]  __x64_sys_clone+0x18b/0x1e0
[  192.368883][ T7040]  ? __pfx___x64_sys_clone+0x10/0x10
[  192.368904][ T7040]  ? do_sys_openat2+0x154/0x1c0
[  192.368938][ T7040]  ? __pfx_ksys_write+0x10/0x10
[  192.368970][ T7040]  ? do_syscall_64+0xbe/0xfa0
[  192.368997][ T7040]  do_syscall_64+0xfa/0xfa0
[  192.369018][ T7040]  ? lockdep_hardirqs_on+0x9c/0x150
[  192.369040][ T7040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.369056][ T7040]  ? clear_bhb_loop+0x60/0xb0
[  192.369078][ T7040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.369094][ T7040] RIP: 0033:0x7ff6f292f749
[  192.369110][ T7040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.369124][ T7040] RSP: 002b:00007ff6f0b6cfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  192.369141][ T7040] RAX: ffffffffffffffda RBX: 00007ff6f2b86090 RCX: 00007ff6f292f749
[  192.369154][ T7040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000638c1000
[  192.369165][ T7040] RBP: 00007ff6f0b6d090 R08: 0000000000000000 R09: 0000000000000000
[  192.369176][ T7040] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  192.369189][ T7040] R13: 00007ff6f2b86128 R14: 00007ff6f2b86090 R15: 00007ffc3a7920d8
[  192.369220][ T7040]  </TASK>
[  192.369359][ T7040] Mem-Info:
[  192.369368][ T7040] active_anon:3115 inactive_anon:24012 isolated_anon:0
[  192.369368][ T7040]  active_file:6064 inactive_file:47052 isolated_file:0
[  192.369368][ T7040]  unevictable:768 dirty:353 writeback:0
[  192.369368][ T7040]  slab_reclaimable:11571 slab_unreclaimable:100355
[  192.369368][ T7040]  mapped:31924 shmem:21961 pagetables:1262
[  192.369368][ T7040]  sec_pagetables:0 bounce:0
[  192.369368][ T7040]  kernel_misc_reclaimable:0
[  192.369368][ T7040]  free:1302703 free_pcp:6706 free_cma:0
[  192.369475][ T7040] Node 0 active_anon:12460kB inactive_anon:96048kB active_file:24056kB inactive_file:188208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127696kB dirty:1412kB writeback:0kB shmem:86308kB kernel_stack:13112kB pagetables:4888kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  192.369517][ T7040] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  192.369552][ T7040] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  192.369604][ T7040] lowmem_reserve[]: 0 2515 2517 2517 2517
[  192.369634][ T7040] Node 0 DMA32 free:1287604kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12460kB inactive_anon:96048kB active_file:24056kB inactive_file:188208kB unevictable:1536kB writepending:1412kB zspages:0kB present:3129332kB managed:2576076kB mlocked:0kB bounce:0kB free_pcp:26728kB local_pcp:9412kB free_cma:0kB
[  192.369689][ T7040] lowmem_reserve[]: 0 0 1 1 1
[  192.369718][ T7040] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  192.369769][ T7040] lowmem_reserve[]: 0 0 0 0 0
[  192.369798][ T7040] Node 1 Normal free:3907848kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:96kB local_pcp:96kB free_cma:0kB
[  192.369850][ T7040] lowmem_reserve[]: 0 0 0 0 0
[  192.369875][ T7040] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  192.369978][ T7040] Node 0 DMA32: 1737*4kB (UME) 861*8kB (UME) 462*16kB (UM) 393*32kB (UME) 78*64kB (UME) 35*128kB (UME) 17*256kB (UM) 10*512kB (UM) 10*1024kB (UME) 2*2048kB (UM) 298*4096kB (M) = 1287692kB
[  192.370112][ T7040] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  192.370198][ T7040] Node 1 Normal: 200*4kB (UE) 41*8kB (UME) 34*16kB (UME) 200*32kB (UME) 88*64kB (UME) 31*128kB (UME) 18*256kB (UME) 7*512kB (UM) 1*1024kB (M) 1*2048kB (E) 947*4096kB (M) = 3907848kB
[  192.370334][ T7040] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  192.370349][ T7040] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  192.370362][ T7040] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  192.370374][ T7040] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  192.370388][ T7040] 75073 total pagecache pages
[  192.370397][ T7040] 0 pages in swap cache
[  192.370403][ T7040] Free swap  = 124996kB
[  192.370409][ T7040] Total swap = 124996kB
[  192.370415][ T7040] 2097051 pages RAM
[  192.370420][ T7040] 0 pages HighMem/MovableOnly
[  192.370426][ T7040] 421006 pages reserved
[  192.370431][ T7040] 0 pages cma reserved
[  193.747942][ T7060] cgroup2: Unexpected value for 'memory_localevents'
[  193.787051][   T37] audit: type=1326 audit(1764255695.905:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.788715][   T37] audit: type=1326 audit(1764255695.905:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.790967][   T37] audit: type=1326 audit(1764255695.905:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.857867][   T37] audit: type=1326 audit(1764255695.905:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.858179][   T37] audit: type=1326 audit(1764255695.975:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.859023][   T37] audit: type=1326 audit(1764255695.975:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.861071][   T37] audit: type=1326 audit(1764255695.975:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.947581][   T37] audit: type=1326 audit(1764255695.975:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.947614][   T37] audit: type=1326 audit(1764255695.975:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  193.947645][   T37] audit: type=1326 audit(1764255695.975:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7059 comm="syz.4.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fcb8bebf749 code=0x7ffc0000
[  194.192527][ T7059] ALSA: mixer_oss: invalid OSS volume ''
[  194.350609][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  194.350676][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  194.832291][  T995] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  194.983083][  T995] usb 1-1: Using ep0 maxpacket: 8
[  194.985411][  T995] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  194.985442][  T995] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  194.985462][  T995] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  194.985485][  T995] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  194.985510][  T995] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  194.985548][  T995] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  194.985569][  T995] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.991100][  T995] usb 1-1: config 0 descriptor??
[  195.073421][ T7068] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  195.720500][ T7083] hsr0: entered promiscuous mode
[  195.721335][ T7083] macsec1: entered promiscuous mode
[  195.964452][ T7091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.965029][ T7091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.261162][ T5803] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  196.290120][ T5803] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  196.301998][ T5803] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  196.314345][ T5803] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  196.317739][ T5803] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  196.378314][ T5814] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  196.380144][ T5814] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  196.380786][ T5814] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  196.410797][ T5814] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  196.412712][ T5814] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  197.222492][   T61] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  198.422556][   T61] Bluetooth: hci6: command tx timeout
[  198.692569][ T7100] syz.1.331 (7100) used greatest stack depth: 17592 bytes left
[  198.874216][   T69] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  199.080744][   T37] kauditd_printk_skb: 8 callbacks suppressed
[  199.080763][   T37] audit: type=1326 audit(1764255701.195:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7126 comm="syz.1.341" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35b0a4f749 code=0x0
[  199.142414][  T995] usb 1-1: USB disconnect, device number 7
[  199.438977][   T37] audit: type=1326 audit(1764255701.555:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7131 comm="syz.4.342" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb8bebf749 code=0x0
[  199.634692][   T69] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.531654][   T61] Bluetooth: hci6: command tx timeout
[  201.375092][   T69] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  201.492351][   T44] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  201.744951][   T44] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  201.744979][   T44] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.744997][   T44] usb 4-1: config 0 has no interface number 0
[  201.747975][   T44] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  201.748002][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.748021][   T44] usb 4-1: Product: syz
[  201.748034][   T44] usb 4-1: Manufacturer: syz
[  201.748048][   T44] usb 4-1: SerialNumber: syz
[  201.756060][   T44] usb 4-1: config 0 descriptor??
[  201.769175][   T44] ims_pcu 4-1:0.41: probe with driver ims_pcu failed with error -22
[  202.560873][   T69] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.621866][   T61] Bluetooth: hci6: command tx timeout
[  202.765306][ T7169] FAULT_INJECTION: forcing a failure.
[  202.765306][ T7169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.765339][ T7169] CPU: 1 UID: 0 PID: 7169 Comm: syz.0.352 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  202.765360][ T7169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  202.765371][ T7169] Call Trace:
[  202.765378][ T7169]  <TASK>
[  202.765386][ T7169]  dump_stack_lvl+0x189/0x250
[  202.765416][ T7169]  ? __pfx____ratelimit+0x10/0x10
[  202.765440][ T7169]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.765463][ T7169]  ? __pfx__printk+0x10/0x10
[  202.765497][ T7169]  should_fail_ex+0x46c/0x600
[  202.765526][ T7169]  _copy_from_user+0x2d/0xb0
[  202.765548][ T7169]  ___bpf_copy_key+0xaa/0x120
[  202.765567][ T7169]  map_update_elem+0x209/0x750
[  202.765592][ T7169]  ? bpf_lsm_bpf+0x9/0x20
[  202.765613][ T7169]  __sys_bpf+0x619/0x860
[  202.765637][ T7169]  ? __pfx___sys_bpf+0x10/0x10
[  202.765675][ T7169]  ? ksys_write+0x1e7/0x260
[  202.765697][ T7169]  ? __pfx_ksys_write+0x10/0x10
[  202.765723][ T7169]  __x64_sys_bpf+0x7c/0x90
[  202.765744][ T7169]  do_syscall_64+0xfa/0xfa0
[  202.765765][ T7169]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.765791][ T7169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.765809][ T7169]  ? clear_bhb_loop+0x60/0xb0
[  202.765829][ T7169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.765845][ T7169] RIP: 0033:0x7f7c27a7f749
[  202.765862][ T7169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.765877][ T7169] RSP: 002b:00007f7c25ce6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  202.765897][ T7169] RAX: ffffffffffffffda RBX: 00007f7c27cd5fa0 RCX: 00007f7c27a7f749
[  202.765910][ T7169] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000002
[  202.765919][ T7169] RBP: 00007f7c25ce6090 R08: 0000000000000000 R09: 0000000000000000
[  202.765929][ T7169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.765939][ T7169] R13: 00007f7c27cd6038 R14: 00007f7c27cd5fa0 R15: 00007ffe14f6c308
[  202.765970][ T7169]  </TASK>
[  204.668942][   T61] Bluetooth: hci6: command tx timeout
[  204.981209][ T5881] usb 4-1: USB disconnect, device number 7
[  205.281964][ T7092] chnl_net:caif_netlink_parms(): no params data found
[  205.284241][ T7186] nvme_fabrics: missing parameter 'transport=%s'
[  205.284256][ T7186] nvme_fabrics: missing parameter 'nqn=%s'
[  206.311926][   T69] bridge_slave_1: left allmulticast mode
[  206.312090][   T69] bridge_slave_1: left promiscuous mode
[  206.318520][   T69] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.405284][   T69] bridge_slave_0: left allmulticast mode
[  206.405313][   T69] bridge_slave_0: left promiscuous mode
[  206.405563][   T69] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.753745][   T44] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  206.883738][ T5881] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  207.232335][   T44] usb 2-1: Using ep0 maxpacket: 16
[  207.268486][   T44] usb 2-1: config index 0 descriptor too short (expected 65, got 36)
[  207.268515][   T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.268566][   T44] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  207.268589][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.292063][   T44] usb 2-1: config 0 descriptor??
[  207.305856][   T44] pxrc 2-1:0.0: Could not find endpoint
[  207.443107][ T7239] fuse: Unknown parameter 'grou00000000000000000000'
[  210.869566][  T992] usb 2-1: USB disconnect, device number 8
[  211.323173][ T3507] Bluetooth: hci4: Frame reassembly failed (-84)
[  213.392434][ T5814] Bluetooth: hci4: command 0xfc11 tx timeout
[  213.392719][   T61] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  213.603036][   T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  213.662793][   T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  213.686557][   T69] bond0 (unregistering): Released all slaves
[  214.505251][ T7283] netlink: 20 bytes leftover after parsing attributes in process `syz.1.388'.
[  214.948011][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.306192][  T995] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  215.592239][    C0] vkms_vblank_simulate: vblank timer overrun
[  215.594754][  T995] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  215.594781][  T995] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  215.594800][  T995] usb 5-1: config 0 has no interface number 0
[  215.597883][  T995] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  215.597911][  T995] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.597938][  T995] usb 5-1: Product: syz
[  215.597952][  T995] usb 5-1: Manufacturer: syz
[  215.597966][  T995] usb 5-1: SerialNumber: syz
[  215.725281][  T995] usb 5-1: config 0 descriptor??
[  215.763095][  T995] ims_pcu 5-1:0.41: probe with driver ims_pcu failed with error -22
[  215.777423][ T7092] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.777546][ T7092] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.777771][ T7092] bridge_slave_0: entered allmulticast mode
[  215.780262][ T7092] bridge_slave_0: entered promiscuous mode
[  215.833495][ T7092] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.835387][ T7092] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.835637][ T7092] bridge_slave_1: entered allmulticast mode
[  215.838886][ T7092] bridge_slave_1: entered promiscuous mode
[  216.263025][ T7092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.271111][ T7092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.940913][   T69] hsr_slave_0: left promiscuous mode
[  216.972350][   T69] hsr_slave_1: left promiscuous mode
[  216.994419][   T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  216.994522][   T69] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.025522][   T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.025546][   T69] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.165591][   T69] veth1_macvtap: left promiscuous mode
[  217.165825][   T69] veth0_macvtap: left promiscuous mode
[  217.165999][   T69] veth1_vlan: left promiscuous mode
[  217.166194][   T69] veth0_vlan: left promiscuous mode
[  217.755048][ T6200] usb 5-1: USB disconnect, device number 11
[  222.380493][   T69] team0 (unregistering): Port device team_slave_1 removed
[  223.383977][   T69] team0 (unregistering): Port device team_slave_0 removed
[  224.842395][   T44] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  225.006066][   T44] usb 5-1: config 8 has an invalid interface number: 8 but max is 1
[  225.006092][   T44] usb 5-1: config 8 has an invalid interface number: 8 but max is 1
[  225.006110][   T44] usb 5-1: config 8 has 1 interface, different from the descriptor's value: 2
[  225.006128][   T44] usb 5-1: config 8 has no interface number 0
[  225.006158][   T44] usb 5-1: config 8 interface 8 has no altsetting 1
[  225.008434][   T44] usb 5-1: New USB device found, idVendor=1199, idProduct=68a2, bcdDevice=33.93
[  225.008461][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.008480][   T44] usb 5-1: Product: syz
[  225.008493][   T44] usb 5-1: Manufacturer: syz
[  225.008507][   T44] usb 5-1: SerialNumber: syz
[  225.335491][   T44] qmi_wwan 5-1:8.8: probe with driver qmi_wwan failed with error -22
[  225.354664][   T44] usb 5-1: USB disconnect, device number 12
[  225.859097][ T7092] team0: Port device team_slave_0 added
[  225.859918][ T7327] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  225.860066][ T7327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.396'.
[  225.860077][ T7327] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  226.482523][   T44] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  226.684274][   T44] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  226.684301][   T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.684320][   T44] usb 5-1: config 0 has no interface number 0
[  226.760076][   T44] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  226.760106][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.760124][   T44] usb 5-1: Product: syz
[  226.760136][   T44] usb 5-1: Manufacturer: syz
[  226.760147][   T44] usb 5-1: SerialNumber: syz
[  226.806245][   T44] usb 5-1: config 0 descriptor??
[  226.824502][   T44] ims_pcu 5-1:0.41: probe with driver ims_pcu failed with error -22
[  227.310079][ T7092] team0: Port device team_slave_1 added
[  227.637808][ T7381] tmpfs: Bad value for 'mpol'
[  228.222318][   T44] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  228.382507][ T7092] batman_adv: batadv0: Adding interface: batadv_slave_0
[  228.382523][ T7092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  228.382548][ T7092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  228.384997][ T7092] batman_adv: batadv0: Adding interface: batadv_slave_1
[  228.385010][ T7092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  228.385036][ T7092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  228.622544][   T44] usb 1-1: Using ep0 maxpacket: 8
[  228.633880][   T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  228.633915][   T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  228.633936][   T44] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  228.633959][   T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  228.633985][   T44] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  228.634023][   T44] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  228.634045][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.656028][    C0] vkms_vblank_simulate: vblank timer overrun
[  229.257514][    C0] vkms_vblank_simulate: vblank timer overrun
[  229.692579][   T44] usb 1-1: config 0 descriptor??
[  229.695672][ T7386] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  229.802583][ T6200] usb 5-1: USB disconnect, device number 13
[  229.833764][ T7406] FAULT_INJECTION: forcing a failure.
[  229.833764][ T7406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  229.833797][ T7406] CPU: 1 UID: 0 PID: 7406 Comm: syz.4.415 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  229.833818][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  229.833829][ T7406] Call Trace:
[  229.833836][ T7406]  <TASK>
[  229.833843][ T7406]  dump_stack_lvl+0x189/0x250
[  229.833876][ T7406]  ? __pfx____ratelimit+0x10/0x10
[  229.833900][ T7406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  229.833923][ T7406]  ? __pfx__printk+0x10/0x10
[  229.833945][ T7406]  ? __might_fault+0xb0/0x130
[  229.833978][ T7406]  should_fail_ex+0x46c/0x600
[  229.834007][ T7406]  _copy_from_user+0x2d/0xb0
[  229.834027][ T7406]  __sys_bpf+0x1e3/0x860
[  229.834053][ T7406]  ? __pfx___sys_bpf+0x10/0x10
[  229.834070][ T7406]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  229.834106][ T7406]  ? ksys_write+0x230/0x260
[  229.834130][ T7406]  ? __pfx_ksys_write+0x10/0x10
[  229.834155][ T7406]  __x64_sys_bpf+0x7c/0x90
[  229.834177][ T7406]  do_syscall_64+0xfa/0xfa0
[  229.834199][ T7406]  ? lockdep_hardirqs_on+0x9c/0x150
[  229.834231][ T7406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.834250][ T7406]  ? clear_bhb_loop+0x60/0xb0
[  229.834270][ T7406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.834286][ T7406] RIP: 0033:0x7fcb8bebf749
[  229.834302][ T7406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.834316][ T7406] RSP: 002b:00007fcb8a11e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  229.834335][ T7406] RAX: ffffffffffffffda RBX: 00007fcb8c115fa0 RCX: 00007fcb8bebf749
[  229.834348][ T7406] RDX: 0000000000000094 RSI: 0000200000000800 RDI: 0000000000000005
[  229.834359][ T7406] RBP: 00007fcb8a11e090 R08: 0000000000000000 R09: 0000000000000000
[  229.834370][ T7406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  229.834379][ T7406] R13: 00007fcb8c116038 R14: 00007fcb8c115fa0 R15: 00007fff3ea98648
[  229.834410][ T7406]  </TASK>
[  230.353764][ T7409] tmpfs: Bad value for 'mpol'
[  231.077837][ T7092] hsr_slave_0: entered promiscuous mode
[  231.081821][ T7092] hsr_slave_1: entered promiscuous mode
[  231.093675][ T7092] debugfs: 'hsr0' already exists in 'hsr'
[  231.093702][ T7092] Cannot create hsr debugfs directory
[  231.136812][   T61] Bluetooth: hci4: Opcode 0x0c03 failed: -71
[  231.177730][ T5787] usb 1-1: USB disconnect, device number 9
[  231.280337][ T7425] fuse: Unknown parameter 'group_i00000000000000000000'
[  233.371191][ T7451] tty tty29: ldisc open failed (-12), clearing slot 28
[  234.064796][ T7092] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  234.086235][ T7460] tmpfs: Bad value for 'mpol'
[  234.260249][ T7092] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  234.330210][ T7092] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  234.400712][ T7092] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  234.411277][ T5787] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  234.562312][ T5787] usb 1-1: Using ep0 maxpacket: 8
[  234.564157][ T5787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  234.564185][ T5787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  234.564203][ T5787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  234.564220][ T5787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  234.564242][ T5787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  234.564279][ T5787] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  234.564301][ T5787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.654780][ T5787] usb 1-1: config 0 descriptor??
[  234.655798][ T7467] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  236.213639][ T7092] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.308319][ T7092] 8021q: adding VLAN 0 to HW filter on device team0
[  236.381550][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.392133][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.420628][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.420767][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.765616][ T7508] fuse: Unknown parameter 'group_i00000000000000000000'
[  236.822452][   T61] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  237.257618][ T7519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  237.258169][ T7519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.845860][ T7527] tmpfs: Bad value for 'mpol'
[  239.011169][ T7092] 8021q: adding VLAN 0 to HW filter on device batadv0
[  241.102611][   T44] usb 1-1: USB disconnect, device number 10
[  241.803987][ T7560] netlink: 'syz.3.445': attribute type 5 has an invalid length.
[  241.986500][ T7575] fuse: Unknown parameter 'group_i00000000000000000000'
[  242.081182][ T7092] veth0_vlan: entered promiscuous mode
[  242.121340][ T7092] veth1_vlan: entered promiscuous mode
[  242.213350][ T7092] veth0_macvtap: entered promiscuous mode
[  242.253943][ T7092] veth1_macvtap: entered promiscuous mode
[  242.332482][ T7092] batman_adv: batadv0: Interface activated: batadv_slave_0
[  242.433693][ T7092] batman_adv: batadv0: Interface activated: batadv_slave_1
[  242.488046][   T69] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  242.491174][   T69] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  242.493082][   T69] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  242.524413][   T69] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  242.963045][  T992] usb 4-1: new low-speed USB device number 8 using dummy_hcd
[  243.361631][   T44] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  243.508292][  T992] usb 4-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  243.508325][  T992] usb 4-1: config 0 interface 0 has no altsetting 0
[  243.508359][  T992] usb 4-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00
[  243.508381][  T992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.523347][  T992] usb 4-1: config 0 descriptor??
[  243.527353][ T7579] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  243.595667][   T44] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[  243.595693][   T44] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  243.595710][   T44] usb 1-1: config 0 has no interface number 0
[  243.598724][   T44] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  243.598751][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.598770][   T44] usb 1-1: Product: syz
[  243.598783][   T44] usb 1-1: Manufacturer: syz
[  243.598796][   T44] usb 1-1: SerialNumber: syz
[  243.671106][   T44] usb 1-1: config 0 descriptor??
[  243.721113][   T44] ims_pcu 1-1:0.41: probe with driver ims_pcu failed with error -22
[  243.825002][ T7590] FAULT_INJECTION: forcing a failure.
[  243.825002][ T7590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  243.825032][ T7590] CPU: 0 UID: 0 PID: 7590 Comm: syz.1.452 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  243.825051][ T7590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  243.825071][ T7590] Call Trace:
[  243.825077][ T7590]  <TASK>
[  243.825083][ T7590]  dump_stack_lvl+0x189/0x250
[  243.825108][ T7590]  ? __pfx____ratelimit+0x10/0x10
[  243.825127][ T7590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  243.825145][ T7590]  ? __pfx__printk+0x10/0x10
[  243.825173][ T7590]  should_fail_ex+0x46c/0x600
[  243.825199][ T7590]  _copy_to_user+0x31/0xb0
[  243.825216][ T7590]  simple_read_from_buffer+0xe1/0x170
[  243.825240][ T7590]  proc_fail_nth_read+0x1b6/0x220
[  243.825259][ T7590]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  243.825277][ T7590]  ? rw_verify_area+0x2ac/0x4e0
[  243.825292][ T7590]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  243.825308][ T7590]  vfs_read+0x206/0xa30
[  243.825332][ T7590]  ? __pfx_vfs_read+0x10/0x10
[  243.825348][ T7590]  ? sock_recv_errqueue+0x480/0x510
[  243.825370][ T7590]  ? sock_recv_errqueue+0x480/0x510
[  243.825388][ T7590]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  243.825410][ T7590]  ? do_sock_getsockopt+0x372/0x450
[  243.825430][ T7590]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  243.825454][ T7590]  ksys_read+0x14b/0x260
[  243.825473][ T7590]  ? __pfx_ksys_read+0x10/0x10
[  243.825493][ T7590]  ? do_syscall_64+0xbe/0xfa0
[  243.825519][ T7590]  do_syscall_64+0xfa/0xfa0
[  243.825539][ T7590]  ? lockdep_hardirqs_on+0x9c/0x150
[  243.825561][ T7590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.825579][ T7590]  ? clear_bhb_loop+0x60/0xb0
[  243.825597][ T7590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.825614][ T7590] RIP: 0033:0x7f35b0a4e15c
[  243.825630][ T7590] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  243.825645][ T7590] RSP: 002b:00007f35aecae030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  243.825665][ T7590] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4e15c
[  243.825678][ T7590] RDX: 000000000000000f RSI: 00007f35aecae0a0 RDI: 0000000000000004
[  243.825689][ T7590] RBP: 00007f35aecae090 R08: 0000000000000000 R09: 0000000000000000
[  243.825700][ T7590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.825710][ T7590] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  243.825741][ T7590]  </TASK>
[  243.987606][  T992] usbhid 4-1:0.0: can't add hid device: -71
[  243.987734][  T992] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  244.102950][  T992] usb 4-1: USB disconnect, device number 8
[  244.293366][ T3507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.293386][ T3507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.644702][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  244.644722][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.989639][  T992] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  245.549596][  T992] usb 2-1: Using ep0 maxpacket: 8
[  245.557471][  T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  245.557506][  T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  245.557528][  T992] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  245.557551][  T992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  245.557577][  T992] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  245.557617][  T992] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  245.557640][  T992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.857347][  T992] usb 2-1: config 0 descriptor??
[  245.858303][  T995] usb 1-1: USB disconnect, device number 11
[  246.267905][ T7599] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  247.887336][   T61] Bluetooth: hci4: Opcode 0x0c03 failed: -71
[  247.890983][  T995] usb 2-1: USB disconnect, device number 9
[  248.302108][ T7633] FAULT_INJECTION: forcing a failure.
[  248.302108][ T7633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  248.302139][ T7633] CPU: 1 UID: 0 PID: 7633 Comm: syz.1.465 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  248.302163][ T7633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  248.302172][ T7633] Call Trace:
[  248.302178][ T7633]  <TASK>
[  248.302185][ T7633]  dump_stack_lvl+0x189/0x250
[  248.302214][ T7633]  ? __pfx____ratelimit+0x10/0x10
[  248.302243][ T7633]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.302268][ T7633]  ? __pfx__printk+0x10/0x10
[  248.302293][ T7633]  ? __might_fault+0xb0/0x130
[  248.302331][ T7633]  should_fail_ex+0x46c/0x600
[  248.302362][ T7633]  _copy_from_user+0x2d/0xb0
[  248.302383][ T7633]  binder_ioctl_write_read+0x127/0x9fd0
[  248.302422][ T7633]  ? try_to_take_rt_mutex+0x840/0xb00
[  248.302456][ T7633]  ? rtlock_slowlock_locked+0xd8/0x4010
[  248.302476][ T7633]  ? arch_stack_walk+0xfc/0x150
[  248.302514][ T7633]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  248.302539][ T7633]  ? do_raw_spin_lock+0x121/0x290
[  248.302570][ T7633]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  248.302594][ T7633]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.302619][ T7633]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  248.302644][ T7633]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  248.302669][ T7633]  ? __lock_acquire+0xab9/0xd20
[  248.302698][ T7633]  ? rt_mutex_slowunlock+0x493/0x8a0
[  248.302716][ T7633]  ? reacquire_held_locks+0x127/0x1d0
[  248.302739][ T7633]  ? rt_spin_lock+0x1c1/0x3e0
[  248.302761][ T7633]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  248.302787][ T7633]  ? rt_spin_unlock+0x150/0x200
[  248.302818][ T7633]  ? binder_get_thread+0x178/0x6d0
[  248.302842][ T7633]  binder_ioctl+0x3e3/0x19c0
[  248.302864][ T7633]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  248.302895][ T7633]  ? do_vfs_ioctl+0xbeb/0x1440
[  248.302918][ T7633]  ? __pfx_binder_ioctl+0x10/0x10
[  248.302937][ T7633]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  248.302954][ T7633]  ? smack_log+0xef/0x3f0
[  248.302978][ T7633]  ? __pfx_smack_log+0x10/0x10
[  248.303000][ T7633]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.303021][ T7633]  ? smk_access+0x14c/0x4e0
[  248.303050][ T7633]  ? smk_tskacc+0x2fc/0x370
[  248.303078][ T7633]  ? smack_file_ioctl+0x2ac/0x340
[  248.303105][ T7633]  ? __pfx_smack_file_ioctl+0x10/0x10
[  248.303141][ T7633]  ? __fget_files+0x3a6/0x420
[  248.303163][ T7633]  ? __fget_files+0x2a/0x420
[  248.303189][ T7633]  ? bpf_lsm_file_ioctl+0x9/0x20
[  248.303206][ T7633]  ? __pfx_binder_ioctl+0x10/0x10
[  248.303225][ T7633]  __se_sys_ioctl+0xff/0x170
[  248.303247][ T7633]  do_syscall_64+0xfa/0xfa0
[  248.303270][ T7633]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.303292][ T7633]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.303310][ T7633]  ? clear_bhb_loop+0x60/0xb0
[  248.303332][ T7633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.303349][ T7633] RIP: 0033:0x7f35b0a4f749
[  248.303365][ T7633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.303381][ T7633] RSP: 002b:00007f35aecae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  248.303400][ T7633] RAX: ffffffffffffffda RBX: 00007f35b0ca5fa0 RCX: 00007f35b0a4f749
[  248.303414][ T7633] RDX: 0000200000000540 RSI: 00000000c0306201 RDI: 0000000000000004
[  248.303426][ T7633] RBP: 00007f35aecae090 R08: 0000000000000000 R09: 0000000000000000
[  248.303437][ T7633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  248.303448][ T7633] R13: 00007f35b0ca6038 R14: 00007f35b0ca5fa0 R15: 00007ffcf9c89a38
[  248.303480][ T7633]  </TASK>
[  248.348196][ T7633] binder: 7631:7633 ioctl c0306201 200000000540 returned -14
[  250.086169][ T7658] FAULT_INJECTION: forcing a failure.
[  250.086169][ T7658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.086202][ T7658] CPU: 0 UID: 0 PID: 7658 Comm: syz.0.471 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  250.086223][ T7658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  250.086234][ T7658] Call Trace:
[  250.086241][ T7658]  <TASK>
[  250.086249][ T7658]  dump_stack_lvl+0x189/0x250
[  250.086279][ T7658]  ? __pfx____ratelimit+0x10/0x10
[  250.086303][ T7658]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.086334][ T7658]  ? __pfx__printk+0x10/0x10
[  250.086355][ T7658]  ? __might_fault+0xb0/0x130
[  250.086390][ T7658]  should_fail_ex+0x46c/0x600
[  250.086419][ T7658]  _copy_from_user+0x2d/0xb0
[  250.086439][ T7658]  __sys_bpf+0x1e3/0x860
[  250.086465][ T7658]  ? __pfx___sys_bpf+0x10/0x10
[  250.086485][ T7658]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  250.086524][ T7658]  ? ksys_write+0x230/0x260
[  250.086548][ T7658]  ? __pfx_ksys_write+0x10/0x10
[  250.086574][ T7658]  __x64_sys_bpf+0x7c/0x90
[  250.086596][ T7658]  do_syscall_64+0xfa/0xfa0
[  250.086619][ T7658]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.086642][ T7658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.086660][ T7658]  ? clear_bhb_loop+0x60/0xb0
[  250.086682][ T7658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.086699][ T7658] RIP: 0033:0x7f7c27a7f749
[  250.086715][ T7658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.086731][ T7658] RSP: 002b:00007f7c25ce6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  250.086750][ T7658] RAX: ffffffffffffffda RBX: 00007f7c27cd5fa0 RCX: 00007f7c27a7f749
[  250.086763][ T7658] RDX: 0000000000000020 RSI: 0000200000000400 RDI: 0000000000000004
[  250.086775][ T7658] RBP: 00007f7c25ce6090 R08: 0000000000000000 R09: 0000000000000000
[  250.086785][ T7658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.086796][ T7658] R13: 00007f7c27cd6038 R14: 00007f7c27cd5fa0 R15: 00007ffe14f6c308
[  250.086828][ T7658]  </TASK>
[  251.009756][   T37] audit: type=1326 audit(1764255753.125:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.009804][   T37] audit: type=1326 audit(1764255753.125:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079512][   T37] audit: type=1326 audit(1764255753.185:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079558][   T37] audit: type=1326 audit(1764255753.185:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079589][   T37] audit: type=1326 audit(1764255753.185:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079619][   T37] audit: type=1326 audit(1764255753.185:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079648][   T37] audit: type=1326 audit(1764255753.185:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.079678][   T37] audit: type=1326 audit(1764255753.195:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.136651][   T37] audit: type=1326 audit(1764255753.245:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.265623][   T37] audit: type=1326 audit(1764255753.385:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7667 comm="syz.3.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6f292f749 code=0x7ffc0000
[  251.610416][ T7663] tmpfs: Bad value for 'mpol'
[  251.713193][ T7674] netlink: 12 bytes leftover after parsing attributes in process `syz.5.474'.
[  251.965802][ T7683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.478'.
[  252.292398][ T6200] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  252.352314][  T995] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  252.442624][ T6200] usb 1-1: Using ep0 maxpacket: 8
[  252.449704][ T6200] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  252.449734][ T6200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.449753][ T6200] usb 1-1: Product: syz
[  252.449767][ T6200] usb 1-1: Manufacturer: syz
[  252.449780][ T6200] usb 1-1: SerialNumber: syz
[  252.491274][ T6200] usb 1-1: config 0 descriptor??
[  252.502572][  T995] usb 4-1: Using ep0 maxpacket: 8
[  252.505094][  T995] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  252.505119][  T995] usb 4-1: config 0 has no interfaces?
[  252.508140][  T995] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  252.508169][  T995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.508187][  T995] usb 4-1: Product: syz
[  252.508200][  T995] usb 4-1: Manufacturer: syz
[  252.508214][  T995] usb 4-1: SerialNumber: syz
[  252.548148][ T6200] gspca_main: se401-2.14.0 probing 047d:5003
[  252.572904][  T995] usb 4-1: config 0 descriptor??
[  252.918748][ T6200] gspca_se401: Bayer format not supported!
[  253.130350][ T5868] usb 1-1: USB disconnect, device number 12
[  253.986766][ T7681] ------------[ cut here ]------------
[  253.986789][ T7681] WARNING: CPU: 1 PID: 7681 at kernel/kcov.c:477 kcov_task_exit+0x13c/0x150
[  253.986834][ T7681] Modules linked in:
[  253.986853][ T7681] CPU: 1 UID: 0 PID: 7681 Comm: syz.0.478 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  253.986877][ T7681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  253.986889][ T7681] RIP: 0010:kcov_task_exit+0x13c/0x150
[  253.986917][ T7681] Code: c7 c7 50 45 c5 8e 48 c7 c6 1e 27 da 8c 48 c7 c2 e4 fc d8 8c 4c 89 f9 e8 42 61 f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90
[  253.986935][ T7681] RSP: 0018:ffffc90006227d00 EFLAGS: 00010206
[  253.986953][ T7681] RAX: b0c80fd04a01f500 RBX: ffff88802bba5200 RCX: 0000000000000000
[  253.986969][ T7681] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff
[  253.986983][ T7681] RBP: ffffc90006227e68 R08: 0000000000000000 R09: ffffffff8ac2eb41
[  253.986998][ T7681] R10: dffffc0000000000 R11: fffffbfff1dac82f R12: 1ffff11005af33dd
[  253.987013][ T7681] R13: 0000000000000000 R14: ffff88802bba5208 R15: ffff8880207a5a00
[  253.987027][ T7681] FS:  000055556dcdc500(0000) GS:ffff888126ef6000(0000) knlGS:0000000000000000
[  253.987045][ T7681] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  253.987059][ T7681] CR2: 000020000002c000 CR3: 000000003b144000 CR4: 00000000003526f0
[  253.987076][ T7681] Call Trace:
[  253.987084][ T7681]  <TASK>
[  253.987096][ T7681]  do_exit+0x105/0x2300
[  253.987131][ T7681]  ? preempt_schedule_thunk+0x16/0x30
[  253.987165][ T7681]  ? rt_mutex_slowunlock+0x668/0x8a0
[  253.987193][ T7681]  ? __pfx_do_exit+0x10/0x10
[  253.987223][ T7681]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  253.987250][ T7681]  ? __rcu_read_unlock+0x84/0xe0
[  253.987276][ T7681]  ? rt_spin_unlock+0x161/0x200
[  253.987299][ T7681]  do_group_exit+0x21c/0x2d0
[  253.987322][ T7681]  __x64_sys_exit_group+0x3f/0x40
[  253.987338][ T7681]  x64_sys_call+0x21f7/0x2200
[  253.987356][ T7681]  do_syscall_64+0xfa/0xfa0
[  253.987382][ T7681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.987399][ T7681]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.987416][ T7681]  ? clear_bhb_loop+0x60/0xb0
[  253.987437][ T7681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.987454][ T7681] RIP: 0033:0x7f7c27a7f749
[  253.987469][ T7681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.987487][ T7681] RSP: 002b:00007ffe14f6c668 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  253.987507][ T7681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7c27a7f749
[  253.987520][ T7681] RDX: 00007f7c26ce9000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.987534][ T7681] RBP: 00007ffe14f6c6cc R08: 0000000000005b84 R09: 00000000000927c0
[  253.987545][ T7681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000056
[  253.987555][ T7681] R13: 00000000000927c0 R14: 000000000003d64c R15: 00007ffe14f6c720
[  253.987583][ T7681]  </TASK>
[  253.987593][ T7681] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  253.987607][ T7681] CPU: 1 UID: 0 PID: 7681 Comm: syz.0.478 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  253.987627][ T7681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  253.987638][ T7681] Call Trace:
[  253.987645][ T7681]  <TASK>
[  253.987653][ T7681]  dump_stack_lvl+0x99/0x250
[  253.987681][ T7681]  ? __asan_memcpy+0x40/0x70
[  253.987703][ T7681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.987732][ T7681]  ? __pfx__printk+0x10/0x10
[  253.987766][ T7681]  vpanic+0x237/0x6d0
[  253.987785][ T7681]  ? __pfx_vpanic+0x10/0x10
[  253.987813][ T7681]  panic+0xb9/0xc0
[  253.987831][ T7681]  ? __pfx_panic+0x10/0x10
[  253.987864][ T7681]  __warn+0x31b/0x4b0
[  253.987880][ T7681]  ? kcov_task_exit+0x13c/0x150
[  253.987910][ T7681]  ? kcov_task_exit+0x13c/0x150
[  253.987935][ T7681]  report_bug+0x2be/0x4f0
[  253.987962][ T7681]  ? kcov_task_exit+0x13c/0x150
[  253.987989][ T7681]  ? kcov_task_exit+0x13c/0x150
[  253.988014][ T7681]  ? kcov_task_exit+0x13e/0x150
[  253.988039][ T7681]  handle_bug+0x84/0x160
[  253.988058][ T7681]  exc_invalid_op+0x1a/0x50
[  253.988079][ T7681]  asm_exc_invalid_op+0x1a/0x20
[  253.988098][ T7681] RIP: 0010:kcov_task_exit+0x13c/0x150
[  253.988132][ T7681] Code: c7 c7 50 45 c5 8e 48 c7 c6 1e 27 da 8c 48 c7 c2 e4 fc d8 8c 4c 89 f9 e8 42 61 f1 02 4c 39 bb 98 00 00 00 0f 84 ff fe ff ff 90 <0f> 0b 90 4c 89 f7 5b 41 5e 41 5f e9 e4 3e 04 09 0f 1f 40 00 90 90
[  253.988151][ T7681] RSP: 0018:ffffc90006227d00 EFLAGS: 00010206
[  253.988168][ T7681] RAX: b0c80fd04a01f500 RBX: ffff88802bba5200 RCX: 0000000000000000
[  253.988184][ T7681] RDX: 0000000000000000 RSI: ffffffff8b3ddfc0 RDI: 00000000ffffffff
[  253.988198][ T7681] RBP: ffffc90006227e68 R08: 0000000000000000 R09: ffffffff8ac2eb41
[  253.988212][ T7681] R10: dffffc0000000000 R11: fffffbfff1dac82f R12: 1ffff11005af33dd
[  253.988228][ T7681] R13: 0000000000000000 R14: ffff88802bba5208 R15: ffff8880207a5a00
[  253.988250][ T7681]  ? rt_spin_lock+0x1c1/0x3e0
[  253.988283][ T7681]  do_exit+0x105/0x2300
[  253.988311][ T7681]  ? preempt_schedule_thunk+0x16/0x30
[  253.988344][ T7681]  ? rt_mutex_slowunlock+0x668/0x8a0
[  253.988371][ T7681]  ? __pfx_do_exit+0x10/0x10
[  253.988400][ T7681]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  253.988428][ T7681]  ? __rcu_read_unlock+0x84/0xe0
[  253.988454][ T7681]  ? rt_spin_unlock+0x161/0x200
[  253.988481][ T7681]  do_group_exit+0x21c/0x2d0
[  253.988506][ T7681]  __x64_sys_exit_group+0x3f/0x40
[  253.988524][ T7681]  x64_sys_call+0x21f7/0x2200
[  253.988542][ T7681]  do_syscall_64+0xfa/0xfa0
[  253.988569][ T7681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.988587][ T7681]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  253.988605][ T7681]  ? clear_bhb_loop+0x60/0xb0
[  253.988629][ T7681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.988648][ T7681] RIP: 0033:0x7f7c27a7f749
[  253.988664][ T7681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  253.988681][ T7681] RSP: 002b:00007ffe14f6c668 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  253.988701][ T7681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7c27a7f749
[  253.988716][ T7681] RDX: 00007f7c26ce9000 RSI: 0000000000000000 RDI: 0000000000000000
[  253.988729][ T7681] RBP: 00007ffe14f6c6cc R08: 0000000000005b84 R09: 00000000000927c0
[  253.988742][ T7681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000056
[  253.988754][ T7681] R13: 00000000000927c0 R14: 000000000003d64c R15: 00007ffe14f6c720
[  253.988788][ T7681]  </TASK>
[  253.988944][ T7681] Kernel Offset: disabled