last executing test programs:

5.27037035s ago: executing program 3 (id=1440):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="000000a2b57d1d6464000000ee474ea7f14b1f68809ef986412a76fcd360d71bfa9250d6125f248394c09bd7bc7f53fc99971c5c6e640aa6f02202504bf4e03c5d60a66f43f193ef68b55df35a6c737d4b6a1aab9c5c6455242aa1d1e6b35701b8d413bac056b8590d91964a37efe1c2d0a92a67f61bdc", @ANYRES16=r1, @ANYBLOB="01002dbd7000ffdbdf25570000000800", @ANYRES32=r2, @ANYBLOB="06009500faff0000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x893, 0x0, 0x0, 0x0)
r4 = timerfd_create(0x8, 0x80000)
timerfd_settime(r4, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000a1c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x880, 0x2, [@TCA_BASIC_ACT={0x668, 0x3, [@m_mirred={0x114, 0x18, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x3, 0x0, 0x0, 0x7}, 0x4, r7}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10000, 0x10, 0x2, 0x4d5, 0xff}, 0x4, r7}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x7, 0x6, 0xa5, 0x6}, 0x1, r7}}]}, {0x87, 0x6, "aae67905375cefdd15e338798a128afd2a537525ce3d9603edf6718320da4d66d5ce108115f02e3a8b5f3523793a114c774414cf03282d263845bdd1125ca58e9ab47b08b3d077697d04836a0ffc693900fbbab5ce65f240c8e831d0f4aa6701c097756fbc94ddf47ac62954a59fa660bdc40ce6d95d45e62a7c14220b4771b4990d5b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_csum={0x1b8, 0x10, 0x0, 0x0, {{0x9}, {0xac, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x1, 0x2, 0x7}, 0x3c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x8, 0x6, 0x3, 0x100}, 0x31}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x95, 0x2, 0x10000000, 0xa, 0xfff}, 0x1f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x8, 0x1, 0x0, 0x80}, 0x13}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x2, 0x6, 0x7fffffff, 0x7a}, 0x31}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x0, 0x3, 0x4, 0x3}, 0x27}}]}, {0xe2, 0x6, "b198fa12d33b0f770184faa14a7fa13fc4dd2e250c9bc630049d11d69755cdf3c6c143d6dd5908249274fb8e07667915326f6c046ebea00f54ba922f82db18715ec46a566108147baba3268e4900d4f441aac5cb29db8fc0be3fbf5e8739cf7d5b0b5b5e986ba17bb9bbc866d7f0219ca1b6826cd242319ef71c38c913c75204e975d8592f4ac72e93474c66c29a7f6c81338dc7093b133ed1417d22f3f1c939473086be132cc01ff00abf28565339535ba8a902bf28046cfd95bf2389844cb1b202ae9c90dc7505a7ad8f36120d55334a718c282109d7785b40d08c68ef"}, {0xc}, {0xc, 0x8, {0x7}}}}, @m_skbedit={0xb4, 0x10, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff3, 0xfff1}}]}, {0x7d, 0x6, "007b078fda1abfdcf02ffb43d2980ed78a84b5c37638376dc099702d9ce32e5da432af0cf6ac2fbd100524281b6defedd9f18a500b5e22df3cb35e5fd985cb73113e1ebb1de969468a4107f29513d3ae7f2ce637a6c40c25c4756426c51749d5980340eb76cbf560158c44430d0c3285ec2eeb0067f4413492"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_sample={0xc0, 0x1f, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x80000001}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0x9, 0x0, 0x8000, 0xffffffff}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x81}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x9, 0x4, 0x1, 0x4}}]}, {0x4c, 0x6, "f97e48fbcaf16ef099c3cc6fd17f8894fd03e3529590735ec6c3a818884067eae0035edb00334f8b0bb2b6f5522992b844897d003776258be1560b17f8632ae5f172d393d5d0ad9d"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x4}}}}, @m_skbmod={0x140, 0x0, 0x0, 0x0, {{0xb}, {0x74, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x7}, @TCA_SKBMOD_SMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="03bb0c45b32e"}, @TCA_SKBMOD_SMAC={0xa, 0x4, @remote}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x3, 0x8001, 0x0, 0x0, 0x5f6c}, 0xb}}]}, {0xa3, 0x6, "f1e7a4ff90cc7bc7111486d8013f8ceb6ad26a3d886706a4394fd564ba8a6402c156a75cb13a6ffe456bdb0d5c0b97b556a78b558a63ca7948322029bd2648b92b5d821f44a79c7e89efe12ef403cea4a43b7c6fe06e3d85201d057add216239502934b2f29f19b54c17b2efd0d0c8cd5f0312ea7c5a75c2ead83e3226d58e99d8045e16b713c3ccd03e37296ff64c4d5849a9fe133b0f61ceb264c893231b"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_mpls={0xe4, 0x1d, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x19}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0x9ed6b}, @TCA_MPLS_TTL={0x5, 0x7, 0x8}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8884}, @TCA_MPLS_PROTO={0x6, 0x4, 0x2a21}]}, {0x80, 0x6, "00a34516413f8810aa1480c29a11d995640c21cd4fe3cc8795fc14e6c0bb0cfd2868bbcd1ce8f7e9ceba2505bffbb33b879c1d999ead42622f978c76788c5251673b7820c5d87281b2e14050cd5788a870574c49d176ad4efbd8a25870420c29f82d823461883476300ad9900ea8b2c31be8e88bbaa8d8712bdc763b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_BASIC_EMATCHES={0x20c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1b71}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xf}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x10}}, @TCA_EMATCH_TREE_LIST={0xd8, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xff, 0x1, 0xffff}, {0x0, 0x1, 0x401, 0x1, 0x9, 0x0, 0x1}}}, @TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x6, 0x9, 0x6}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x1, 0x3, 0x6}, {0x4, 0x8001, 0x5, 0x2}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xe8d4, 0x1, 0x1ff}, {0x0, 0x6, 0x1, 0x6, 0x5}}}, @TCF_EM_IPT={0x34, 0x1, 0x0, 0x0, {{0x2, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_NFPROTO={0x5}]}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x2, 0x8, 0x9}, {0x3, 0x5, 0x3}}}, @TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x5, 0x2, 0x5}, {0x99}}}, @TCF_EM_META={0x28, 0x2, 0x0, 0x0, {{0xd42c, 0x4, 0x3ff}, [@TCA_EM_META_HDR={0xc, 0x1, {{0xd, 0x40, 0x1}, {0x2, 0xa, 0x2}}}, @TCA_EM_META_LVALUE={0x10, 0x2, [@TCF_META_TYPE_VAR='E%', @TCF_META_TYPE_VAR="6617", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x6]}]}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x2, 0x2, 0xfff8}, {0x8, 0x2, 0x2, '8\a'}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x400, 0x8, 0xb1c}, {0x1, 0x0, 0x2}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x5, 0x3, 0x8}, {0x81, 0x25, 0x0, 0x8001}}}]}, @TCA_EMATCH_TREE_LIST={0xbc, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x1, 0x8, 0x2}, {0x2, 0x5, 0x6}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x7, 0x3, 0x101}, {0x3, 0x7, 0x6, 0x400}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7f, 0x1, 0x890b}, {0x4d, 0x4, 0xd, 0x4, 0x8, 0x2}}}, @TCF_EM_META={0x5c, 0x3, 0x0, 0x0, {{0x4, 0x4, 0x1}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0xa2, 0x1}, {0x96d8, 0x4, 0x1}}}, @TCA_EM_META_RVALUE={0xa, 0x3, [@TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="28ef"]}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR="259792f8a7c899e2"]}, @TCA_EM_META_RVALUE={0x13, 0x3, [@TCF_META_TYPE_VAR="f2", @TCF_META_TYPE_VAR="04000000000000006b", @TCF_META_TYPE_VAR="e89a750733"]}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_RVALUE={0x14, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x4]}]}}, @TCF_EM_NBYTE={0x18, 0x2, 0x0, 0x0, {{0x100, 0x2, 0x101}, {0x7, 0x5, 0x0, "ca685e1a4e"}}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x5, 0x4}}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r8)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r8)
recvmmsg(r8, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000004c40)=""/4098, 0x1002}, {&(0x7f0000000440)=""/150, 0x96}, {&(0x7f0000001980)=""/230, 0xe6}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000001840)=""/105, 0x69}, {&(0x7f00000018c0)=""/147, 0x93}, {&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/238, 0xee}], 0xa}, 0x80000000}], 0x4, 0x40008062, 0x0)

4.417335859s ago: executing program 3 (id=1443):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x2400, 0x2e)
lseek(r2, 0x101, 0x1)
getdents64(r2, 0x0, 0x6d0821ca1fc60d2f)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

3.512333667s ago: executing program 3 (id=1449):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r2, {0x2}}, './file0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x80, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x87}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$tipc(r7, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x34, 0x10, 0x801, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0xc49c}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5b4efbb362ec214f}, 0x7000000)

2.349874845s ago: executing program 3 (id=1456):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="14000000100001f500000000000000000700000a28020000160a01020000000000000000000000060800074000000003d0000380080002400000752608000140000000002c0003801400010067656e657665310000000000000000001400010070696d72656700000000000000000000900003801400010076657468315f746f5f626f006400000014000100767863616e31000000000000000000001400010076657468315f746f5f626f6e6400000014000100776730000000000000000000000000001400010073797a6b616c6c65723000000000000014000100776c616e300000000000000000000000140001006272696467655f736c6176655f3100000c0005400000000000000002100103800800014000000000080002400000000b080001400000000040000380140001006e6574706369300000000000000000001400010070696d3672656700000000000000000014000100776730000000000000000000000000000800014000000000a4000380140001006970766c616e3100000000000000000014000100776730000000000000000000000000001400010076657468315f746f5f7465616d0000001400010070696d72656731000000000000000000140001006d616373656330000000000000000000140001006e7230000000000000000000000000001400010070696d726567300000000000000000001400010073797a5f74756e00000000000000000008000140000000000c00054000000000000000040900010073797a310000000008000740000000013c000000030a01040000000000000000020000020900010073797a31000000000c0002400000000000000003080007006e6174000800054000000000a8000000140a01040000000000000000030000050900010073797a30000000000900010073797a3000000000790008005c28202e14f04d63e508225d32113d839ad9e3e0ab24e6606252ed779cdb3be720ab17507b97d5baf4c887bff68d52927030682e41250268bb9beb8914bbd796b8aeaf8160452e0f08e8951c39ab7e29a0263862de754b427bdeb19124c4d835c84da05334cdf820a4b43c65fade715de26a250e3800000048000000140a010200000000000000000300000408000340000000080c00064000000000000000020c00064000000000000000010c0006400000000000000002080003400000000714010000090a010200000000000000000700000408000840000000000c000b40000000000000000808000a400000000108000c40000001010800034000000110ba000d4081ca82dc4d20909fe2fc870dc2cc2e1245aef1ae759d1dd302c0ceaa6473ac9a41deb43804c720851d1e3824b060f3f555087ec181d0a76a33c9a21eda74ec92d3919eaa6a300362e2c87ef39d7affba0a064e731f7ef16d523f51ff338ddfff5c025c9fb087b5ecb385563ae3574ee9be175759cf60996086a92fdd24457a7ffd3b9662a519bb5886302ea8b6a5f22fb5a64f210dad6ac63da7988ffd962a7f5368c9d27cddd5cbe2501ad35fb69b374687fea7420a00000900010073797a31000000000900020073797a31000000007c000000030a010100000000000000000200000040000480080001400000000008000240015ebd1a0800024032e8084f1400030076657468315f746f5f6261746164760008000240140bcb6208000240680560f808000540fffffffc08000b40000000030c00024000000000000000010900010073797a30"], 0x50c}, 0x1, 0x0, 0x0, 0x40008081}, 0x40400c4)

2.261228446s ago: executing program 0 (id=1458):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f00003f4000/0x1000)=nil, 0x1000, 0xb, 0x113, r3, 0x3000)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x19, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffda2, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
fsopen(0x0, 0x1)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
flistxattr(r6, 0x0, 0x0)
r7 = dup(r4)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r11 = socket$tipc(0x1e, 0x2, 0x0)
r12 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r12, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000100000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x90)
r13 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x1c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x6, 0x11, 0x0, 0x1, [@generic="2fe5"]}]}, 0x1c}], 0x1}, 0x0)

2.26054367s ago: executing program 3 (id=1459):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="000000a2b57d1d6464000000ee474ea7f14b1f68809ef986412a76fcd360d71bfa9250d6125f248394c09bd7bc7f53fc99971c5c6e640aa6f02202504bf4e03c5d60a66f43f193ef68b55df35a6c737d4b6a1aab9c5c6455242aa1d1e6b35701b8d413bac056b8590d91964a37efe1c2d0a92a67f61bdc", @ANYRES16=r1, @ANYBLOB="01002dbd7000ffdbdf25570000000800", @ANYRES32=r2, @ANYBLOB="06009500faff0000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x893, 0x0, 0x0, 0x0)
r4 = timerfd_create(0x8, 0x80000)
timerfd_settime(r4, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r4, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000a1c0)=@newtfilter={0x8a0, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0x7}}, [@filter_kind_options=@f_basic={{0xa}, {0x870, 0x2, [@TCA_BASIC_ACT={0x668, 0x3, [@m_mirred={0x114, 0x18, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x7, 0x3, 0x0, 0x0, 0x7}, 0x4, r7}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x10000, 0x10, 0x2, 0x4d5, 0xff}, 0x4, r7}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x7, 0x6, 0xa5, 0x6}, 0x1, r7}}]}, {0x87, 0x6, "aae67905375cefdd15e338798a128afd2a537525ce3d9603edf6718320da4d66d5ce108115f02e3a8b5f3523793a114c774414cf03282d263845bdd1125ca58e9ab47b08b3d077697d04836a0ffc693900fbbab5ce65f240c8e831d0f4aa6701c097756fbc94ddf47ac62954a59fa660bdc40ce6d95d45e62a7c14220b4771b4990d5b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_csum={0x1b8, 0x10, 0x0, 0x0, {{0x9}, {0xac, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x8, 0x1, 0x2, 0x7}, 0x3c}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x8, 0x6, 0x3, 0x100}, 0x31}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x95, 0x2, 0x10000000, 0xa, 0xfff}, 0x1f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x8, 0x8, 0x1, 0x0, 0x80}, 0x13}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x2, 0x6, 0x7fffffff, 0x7a}, 0x31}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x0, 0x3, 0x4, 0x3}, 0x27}}]}, {0xe2, 0x6, "b198fa12d33b0f770184faa14a7fa13fc4dd2e250c9bc630049d11d69755cdf3c6c143d6dd5908249274fb8e07667915326f6c046ebea00f54ba922f82db18715ec46a566108147baba3268e4900d4f441aac5cb29db8fc0be3fbf5e8739cf7d5b0b5b5e986ba17bb9bbc866d7f0219ca1b6826cd242319ef71c38c913c75204e975d8592f4ac72e93474c66c29a7f6c81338dc7093b133ed1417d22f3f1c939473086be132cc01ff00abf28565339535ba8a902bf28046cfd95bf2389844cb1b202ae9c90dc7505a7ad8f36120d55334a718c282109d7785b40d08c68ef"}, {0xc}, {0xc, 0x8, {0x7}}}}, @m_skbedit={0xb4, 0x10, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff3, 0xfff1}}]}, {0x7d, 0x6, "007b078fda1abfdcf02ffb43d2980ed78a84b5c37638376dc099702d9ce32e5da432af0cf6ac2fbd100524281b6defedd9f18a500b5e22df3cb35e5fd985cb73113e1ebb1de969468a4107f29513d3ae7f2ce637a6c40c25c4756426c51749d5980340eb76cbf560158c44430d0c3285ec2eeb0067f4413492"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_sample={0xc0, 0x1f, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x80000001}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0x9, 0x0, 0x8000, 0xffffffff}}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x81}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x9, 0x4, 0x1, 0x4}}]}, {0x4c, 0x6, "f97e48fbcaf16ef099c3cc6fd17f8894fd03e3529590735ec6c3a818884067eae0035edb00334f8b0bb2b6f5522992b844897d003776258be1560b17f8632ae5f172d393d5d0ad9d"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x4}}}}, @m_skbmod={0x140, 0x0, 0x0, 0x0, {{0xb}, {0x74, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x7}, @TCA_SKBMOD_SMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @random="03bb0c45b32e"}, @TCA_SKBMOD_SMAC={0xa, 0x4, @remote}, @TCA_SKBMOD_DMAC={0xa, 0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x3, 0x8001, 0x0, 0x0, 0x5f6c}, 0xb}}]}, {0xa3, 0x6, "f1e7a4ff90cc7bc7111486d8013f8ceb6ad26a3d886706a4394fd564ba8a6402c156a75cb13a6ffe456bdb0d5c0b97b556a78b558a63ca7948322029bd2648b92b5d821f44a79c7e89efe12ef403cea4a43b7c6fe06e3d85201d057add216239502934b2f29f19b54c17b2efd0d0c8cd5f0312ea7c5a75c2ead83e3226d58e99d8045e16b713c3ccd03e37296ff64c4d5849a9fe133b0f61ceb264c893231b"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_mpls={0xe4, 0x1d, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x19}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0x9ed6b}, @TCA_MPLS_TTL={0x5, 0x7, 0x8}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8884}, @TCA_MPLS_PROTO={0x6, 0x4, 0x2a21}]}, {0x80, 0x6, "00a34516413f8810aa1480c29a11d995640c21cd4fe3cc8795fc14e6c0bb0cfd2868bbcd1ce8f7e9ceba2505bffbb33b879c1d999ead42622f978c76788c5251673b7820c5d87281b2e14050cd5788a870574c49d176ad4efbd8a25870420c29f82d823461883476300ad9900ea8b2c31be8e88bbaa8d8712bdc763b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_BASIC_EMATCHES={0x1fc, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1b71}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xf}}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x10}}, @TCA_EMATCH_TREE_LIST={0xc8, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xff, 0x1, 0xffff}, {0x0, 0x1, 0x401, 0x1, 0x9, 0x0, 0x1}}}, @TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x6, 0x9, 0x6}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x1, 0x3, 0x6}, {0x4, 0x8001, 0x5, 0x2}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0xe8d4, 0x1, 0x1ff}, {0x0, 0x6, 0x1, 0x6, 0x5}}}, @TCF_EM_IPT={0x34, 0x1, 0x0, 0x0, {{0x2, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_NFPROTO={0x5}]}}, @TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x5, 0x2, 0x5}, {0x99}}}, @TCF_EM_META={0x28, 0x2, 0x0, 0x0, {{0xd42c, 0x4, 0x3ff}, [@TCA_EM_META_HDR={0xc, 0x1, {{0xd, 0x40, 0x1}, {0x2, 0xa, 0x2}}}, @TCA_EM_META_LVALUE={0x10, 0x2, [@TCF_META_TYPE_VAR='E%', @TCF_META_TYPE_VAR="6617", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x6]}]}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0x2, 0x2, 0xfff8}, {0x8, 0x2, 0x2, '8\a'}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x400, 0x8, 0xb1c}, {0x1, 0x0, 0x2}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x5, 0x3, 0x8}, {0x81, 0x25, 0x0, 0x8001}}}]}, @TCA_EMATCH_TREE_LIST={0xbc, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x1, 0x8, 0x2}, {0x2, 0x5, 0x6}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x7, 0x3, 0x101}, {0x3, 0x7, 0x6, 0x400}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7f, 0x1, 0x890b}, {0x4d, 0x4, 0xd, 0x4, 0x8, 0x2}}}, @TCF_EM_META={0x5c, 0x3, 0x0, 0x0, {{0x4, 0x4, 0x1}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0xa2, 0x1}, {0x96d8, 0x4, 0x1}}}, @TCA_EM_META_RVALUE={0xa, 0x3, [@TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="28ef"]}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR="259792f8a7c899e2"]}, @TCA_EM_META_RVALUE={0x13, 0x3, [@TCF_META_TYPE_VAR="f2", @TCF_META_TYPE_VAR="04000000000000006b", @TCF_META_TYPE_VAR="e89a750733"]}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_RVALUE={0x14, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0x4]}]}}, @TCF_EM_NBYTE={0x18, 0x2, 0x0, 0x0, {{0x100, 0x2, 0x101}, {0x7, 0x5, 0x0, "ca685e1a4e"}}}]}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x5, 0x4}}]}}]}, 0x8a0}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r8)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r8)
recvmmsg(r8, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000004c40)=""/4098, 0x1002}, {&(0x7f0000000440)=""/150, 0x96}, {&(0x7f0000001980)=""/230, 0xe6}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000001840)=""/105, 0x69}, {&(0x7f00000018c0)=""/147, 0x93}, {&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/238, 0xee}], 0xa}, 0x80000000}], 0x4, 0x40008062, 0x0)

1.999272327s ago: executing program 2 (id=1461):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="08000806000000006800"], 0x8c)

1.978082636s ago: executing program 3 (id=1462):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000900), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001140)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000001200)={0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0xa})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000380)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r3, 0xc018480d, &(0x7f0000000180)={0x3, 0x100, 0x0, 0x8000002, 0x5911, 0x2})

1.835872673s ago: executing program 0 (id=1463):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
memfd_create(&(0x7f00000009c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e00000001000000082e7345c500000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001000"/28], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xa, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0}, &(0x7f0000000280), &(0x7f0000000140)}, 0x1c)
r2 = fsopen(&(0x7f0000000440)='ext4\x00', 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r2, 0x4, &(0x7f0000000300)='acl\x00\x9a\v\x9e\xd4\x10\x18\xe8\xca\xf1\x0f\xc8H\xc8#A@\x9a\xe4r\x89h8\x1b\xab\x84<\x85\xe5\x88j_<(nW4\xe4\xbb\xe9PF\x1b|\xc4\xa1\xa0\x9e\x81\xa0lZS\'\x8f\x91\xf7\x03\xa2\x8cd\x1f\xd3y\xce\x1asj\x98\xb5\x95\xdf\x915\a\x97=\xa9\xe7A\x12\xc2\xf5_\x11\b\x00\x00\xb6\xe0\x95\xb1\x83\xb3\x96{\x0f\x00\x00\x00\x00\x00\x1c\x1e:^\xdeNT\xe8O\xe8\x1ez\x9e\xc8\x8eo@Ti\xf6\xe5F\x0fv\xf1H\xdf\xf1\xe1\x9en\xc1\xd1\xca\xca\x89\"\xe4\x9c\xe6\xc2\xd8\x98\xf6\f>\x19\x15t=\x1eXp\xba~\xb8xd>\x92LO\x06\xa3\xfdS\x01\xd1GE\x0f\x98L\x99#\xef5\xed[H\x104\xcd\xe23l\xd1\x9fc5\x87\xb4\xd7\xf6\xecr)\x0f\xc7\xe4\x1d[', &(0x7f00000004c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xffffffffffffff9c)
r3 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca)
close(r3)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000200)=@id={0x1e, 0x3, 0x3, {0x4e23}}, 0x10)
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
write$binfmt_register(r5, &(0x7f0000000500)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, '@', 0x3a, '\\\x9e\xbd\x1d\r6\xea\x12+(\x03z', 0x3a, './file0', 0x3a, [0x43, 0x43, 0x50, 0x4f, 0x50]}, 0x39)
listen(r4, 0x0)
r6 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f0000002300)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x2, {0x40, 0xffffffff}}, 0x10, 0x0}, 0x21)
sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0}, 0x20000000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x10)
pwritev2(r7, &(0x7f0000000000)=[{&(0x7f0000000140)}], 0x1, 0x4, 0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r7, 0x4, &(0x7f0000000400)=r1, 0x1)
socket$phonet(0x23, 0x2, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xfffffffffffffe4e, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

1.826403887s ago: executing program 2 (id=1464):
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0xf, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000140)={0xd9, 0x103, 0x4, 0x9, 0x12, "5b96407d7a27a872"})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xd)
r1 = syz_io_uring_setup(0x389c, &(0x7f0000000300)={0x0, 0x97b5, 0x800, 0x1, 0x284}, &(0x7f0000000240), &(0x7f0000000380))
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000001, 0x100010, r1, 0x8000000)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_ifreq(r2, 0x89b1, &(0x7f0000000280)={'gretap0\x00', @ifru_mtu=0x401})
syz_emit_ethernet(0x2e, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x9, 0x100, @void}}}}}}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0xb, 0x0, 0x8, 0x2, 0x1, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4}, {0x2000, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x7, 0x8, 0x0, 0xfc}, {0x3000, 0xd000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20}, {0x8080000, 0x3000, 0x4, 0x0, 0x0, 0x1, 0x10, 0xa, 0x26, 0x0, 0x0, 0x1}, {0x80ac000, 0x2000}, {0x8080000}, 0xddf8ffdb, 0x0, 0x8080000, 0xf0, 0xa, 0xdd00, 0x0, [0xe, 0x0, 0x1]})
ioctl$KVM_TRANSLATE(r5, 0xc018ae85, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="0c000280060001"], 0x24}}, 0x0)

1.816860309s ago: executing program 0 (id=1465):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r2, 0x1)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) (fail_nth: 4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x11)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
close(0x3)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000340)={'wpan0\x00'})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)={0x14, r4, 0x701, 0x70bd2b, 0x0, {0x19}}, 0x14}}, 0x0)

1.774065524s ago: executing program 2 (id=1466):
r0 = add_key$keyring(&(0x7f0000001e40), &(0x7f0000001e80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$fscrypt_v1(&(0x7f0000001d40), &(0x7f0000001d80)={'fscrypt:', @desc4}, &(0x7f0000001dc0)={0x0, "0629f6ed8ea6519121ba2e21fe8e0d51d4e22889cbb07d5547ba13c6859ffc75aae6052b3cbca85ee514782eddff79b512698bfdfe016626866895396b7c7387", 0x25}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r0, 0x0)
r2 = fsopen(&(0x7f0000000300)='jfs\x00', 0x0)
openat$sysfs(0xffffff9c, &(0x7f00000002c0)='/sys/kernel/hardlockup_count', 0x42040, 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0, 0x20}}, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
ioctl$sock_inet_SIOCSIFPFLAGS(r4, 0x8934, &(0x7f0000000200)={'xfrm0\x00', 0x7})
getsockopt$sock_buf(r3, 0x1, 0x1f, &(0x7f0000000140)=""/94, &(0x7f00000001c0)=0x5e)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x54, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x24, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_OVERHEAD={0x8, 0x6, 0xd2}, @TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x5}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x3, 0x100, @ipv4={'\x00', '\xff\xff', @empty}, 0x7}, 0x1c)
userfaultfd(0x80000)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

1.756941686s ago: executing program 1 (id=1467):
bind$inet(0xffffffffffffffff, 0x0, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r0 = syz_open_dev$dri(&(0x7f0000000100), 0x5, 0x541000)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x42, 0x4, 0x330, 0xffffffff, 0x94, 0x1b8, 0x0, 0xffffffff, 0xffffffff, 0x29c, 0x29c, 0x29c, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x3e020000, 0x70, 0x94, 0x0, {0x88000000}}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x4}}}, {{@uncond, 0x0, 0xfc, 0x124, 0x0, {0x122}, [@common=@inet=@dscp={{0x24}}, @common=@unspec=@rateest={{0x68}, {'wlan1\x00', 'team_slave_1\x00'}}]}, @common=@inet=@SET1={0x28}}, {{@uncond, 0x0, 0xc0, 0xe4, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x38c)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000180)={0x1, 0x0, &(0x7f0000000200)=[<r3=>0x0]})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000000c0)=[r3], 0x0, 0x0, 0x0, 0x0, 0x300})
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000140)={r3})
r4 = socket(0x10, 0x80003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = memfd_secret(0x0)
fcntl$setlease(r5, 0x400, 0x1)
fremovexattr(r5, &(0x7f0000000180)=@known='user.incfs.size\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000040)=""/60, 0x2000, 0x800, 0x0, 0x2}, 0x1c)
syz_emit_ethernet(0x52, &(0x7f0000000940)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd601927f2001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000e"], 0x0)

1.707615117s ago: executing program 1 (id=1468):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0x2}, 0x94)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r0, &(0x7f0000001080)=[{{&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000a00)=[{&(0x7f0000000440)="d7bea74daca063a4bb1dee509dc41e8c6913a4cc67e63c10b2611b1395de437dd9e35fef71bc778aa9bd60ec563c72b73fa21db2b6f1fcffaad955a1d80b78b4ca33d42fe2321924703c9f6c772e1f4fb4826671005ca2783ea1d7596beee312a9ba0406f76894258dd268a083a07708e8a5e515692c7d148fbf57bb04705ac2b9", 0x81}], 0x1, 0x0, 0x0, 0x20000000}}], 0x1, 0x0) (fail_nth: 4)

1.644368557s ago: executing program 2 (id=1469):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f00003f4000/0x1000)=nil, 0x1000, 0xb, 0x113, r3, 0x3000)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x19, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffda2, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
fsopen(0x0, 0x1)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
flistxattr(r6, 0x0, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r10 = socket$tipc(0x1e, 0x2, 0x0)
r11 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r11, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000100000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x90)
r12 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x1c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x6, 0x11, 0x0, 0x1, [@generic="2fe5"]}]}, 0x1c}], 0x1}, 0x0)

1.47742144s ago: executing program 1 (id=1470):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x10000, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$rdma_cm(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {}, 0x2000000000001005, 0x10001}}}, 0x90)
write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000300)={0x1, 0x10, 0xfa00, {&(0x7f0000000280), r2}}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6(0xa, 0x80003, 0x6)
r7 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000000)={0xf0f01f})
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private2, 0xc1a}, 0x1c)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000010000006d0500000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r8}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000005c0), &(0x7f00000004c0), 0x1000, r8}, 0x38)

1.353267222s ago: executing program 0 (id=1471):
socket$nl_route(0x10, 0x3, 0x0)
openat$snapshot(0xffffff9c, 0x0, 0x1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003400), &(0x7f0000003440)=0xc)
mount$bpf(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x400008, &(0x7f0000000700)=ANY=[@ANYBLOB="00a6c33d"])
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYRES8=r0], 0x0, 0x6, 0x0, 0x0, 0x0, 0x60}, 0x94)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0x6)

947.012915ms ago: executing program 2 (id=1472):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f00003f4000/0x1000)=nil, 0x1000, 0xb, 0x113, r3, 0x3000)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x19, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffda2, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
fsopen(0x0, 0x1)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
flistxattr(r6, 0x0, 0x0)
r7 = dup(r4)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r11 = socket$tipc(0x1e, 0x2, 0x0)
r12 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r12, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000100000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x90)
r13 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x1c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x6, 0x11, 0x0, 0x1, [@generic="2fe5"]}]}, 0x1c}], 0x1}, 0x0)

909.341033ms ago: executing program 0 (id=1473):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="080008060000"], 0x8c)

493.763312ms ago: executing program 2 (id=1474):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111}}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@fallback=r3, r3, 0x2f}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0000000000000000000000000001545f0ec539c3b58facd2f62dc3307a6c91d6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r4, r4, 0x2f, 0x2000, 0x4}, 0x20)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x1})
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x14, &(0x7f0000000180)={0x0, 0x5, 0xd9, {0xd9, 0x2e, "755642640b095effb7e9266239ef808f447c869e9a5060ba5bfd0c965d7fa00ceeb72c55ba600a1150b2eb6f410a341d6fe3f3ec3d5c41c0548324448df763ee404fa914cb026aa905097dbca75c57170bfefcc022adb96fa5d6b8106ba5fec66b770ad180111522c2d989fb3dc774619387b16b9237a5c57d5009ef6dfe1405c22edff3f4fe89134a45a31a33c424cdc27fcb28b38d3f4ae6c3ace8be08ebf9568e683f6dde5da33b2a8dcafda8552feb004841113e32fdeddd19792f9e4fba1eb80563c5547d19e23a9c575849dcdc157823db04d05f"}}, &(0x7f0000000040)={0x0, 0x3, 0x28, @string={0x28, 0x3, "3eed46efa40768f49445b86155a4b577019469efe09f7415144da77a38f9ff53e22970242073"}}, &(0x7f0000000580)={0x0, 0x22, 0x1c, {[@main=@item_4={0x3, 0x0, 0x8, "3e85775e"}, @global=@item_012={0x2, 0x1, 0x9, "9ffe"}, @local=@item_4={0x3, 0x2, 0x2, 'u;;1'}, @main=@item_4={0x3, 0x0, 0xc, "0cd20e86"}, @local=@item_012={0x0, 0x2, 0x4}, @global=@item_012={0x2, 0x1, 0x5, '\x00\x00'}, @global=@item_4={0x3, 0x1, 0x4}, @global=@item_4={0x3, 0x1, 0x7, "887d6c9b"}]}}, &(0x7f0000000100)={0x0, 0x21, 0x9, {0x9, 0x21, 0x5, 0x5, 0x1, {0x22, 0x52f}}}}, &(0x7f0000000540)={0x18, &(0x7f00000005c0)=ANY=[@ANYBLOB="000f810000006881300b7c044345d78977bcf20c5611ba4b70e3c315b1357dab4e7ecc86db9e4ffde8d7511719ef74431ca7a904004000c07b7bf352f28a7a2e3edc5849ff8909dfdeab1e4f33e573bce1447e7c57b43507e1723daf030eda11675829ee60d8f386f431ed332b99238031c7b83ac38ebbcad79a99b1fa6eb62ee1055739f56285fa9ffff2ba425fa2fc49e2b94dbb2258bfafa8be2d7e125dd069f0cfa4341a1c"], &(0x7f00000002c0)={0x0, 0xa, 0xfffffffffffffced, 0xa2}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000380)={0x20, 0x1, 0xe, "6190ba1991ffc31be67aec337bef"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0xb3}})

491.190482ms ago: executing program 0 (id=1475):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x9, &(0x7f0000000480)=ANY=[@ANYBLOB="1804000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b8000000950000000000000090b4ca2cc89493f891865e5109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000000150000030100c0"])
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000006040), r3)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000006080)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000000)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="11002bbd7000fddbdf250700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900fbfffffffcffffff08000541aeee52ab753320165f9100070000001400040070696d726567000000"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x10)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x1, &(0x7f00000000c0)=0x9, 0x3f)
r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581"], 0x0)
syz_usb_control_io$hid(r7, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r11 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r12 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r12, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r13=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r11, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", <r14=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r13, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r14})
close_range(r11, r12, 0x0)

315.871765ms ago: executing program 1 (id=1476):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xd)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='signal_generate\x00'}, 0x18)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0xc9, 0x0})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680))
r1 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x9, @private0}, {0xa, 0x0, 0x7, @remote}}}, 0x48)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0)

261.660945ms ago: executing program 1 (id=1477):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x1, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x5, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
unshare(0x20000400)
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000043012312000000778c4488e9fcad452bd7279caf373112811b0d349fe1d21e303840c296b77db8e457e8e0b8d42367fa6c592290791456a528b30957813bbf29875f1127f76c209dae8fc863edbab956ee17622ab5f6dfa88b"], &(0x7f0000000040)='GPL\x00'}, 0x80)
r3 = epoll_create1(0x0)
r4 = fcntl$dupfd(r3, 0x2, 0xffffffffffffffff)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000580)=ANY=[@ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="11"], 0x14)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="11"], 0x11)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x6, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r8, 0x0, 0xb8)
r9 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffe002d1d705ec399ca2262be01764f4db4e23a939d84eba93235a5f95f0117ff444c9a546d2da9745e832ef435c2b93c924e9a47eceb9a0561f8e03a2ae32a67d4035385a00152fb1dabca51545bd45bd68e54d774fef6777814379dd4a86ac42f25658dc80f610c22c40a9fc"], 0x0)
getgid()
dup3(r9, r8, 0x0)

0s ago: executing program 1 (id=1478):
r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setresuid(0x0, 0xee00, 0x0)
r1 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
shmctl$IPC_SET(r1, 0x1, &(0x7f00000020c0)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x100, 0xa}, 0x9, 0x6, 0x2, 0xf5eb, 0x0, 0x0, 0x3ff})
shmctl$SHM_UNLOCK(r1, 0xc)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000000c0)={0x1})

kernel console output (not intermixed with test programs):

6.311244][T10657]  ? __asan_memcpy+0x3c/0x60
[  286.311273][T10657]  hwsim_new_radio_nl+0xb51/0x12c0
[  286.311304][T10657]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  286.311341][T10657]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  286.311366][T10657]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  286.311397][T10657]  genl_family_rcv_msg_doit+0x209/0x2f0
[  286.311423][T10657]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  286.311447][T10657]  ? trace_cap_capable+0x18d/0x200
[  286.311475][T10657]  ? bpf_lsm_capable+0x9/0x10
[  286.311497][T10657]  ? security_capable+0x7e/0x260
[  286.311528][T10657]  ? ns_capable+0xd7/0x110
[  286.311551][T10657]  genl_rcv_msg+0x55c/0x800
[  286.311578][T10657]  ? __pfx_genl_rcv_msg+0x10/0x10
[  286.311602][T10657]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  286.311633][T10657]  ? __lock_acquire+0x622/0x1c90
[  286.311662][T10657]  netlink_rcv_skb+0x158/0x420
[  286.311682][T10657]  ? __pfx_genl_rcv_msg+0x10/0x10
[  286.311707][T10657]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  286.311739][T10657]  ? netlink_deliver_tap+0x1ae/0xd30
[  286.311757][T10657]  ? is_vmalloc_addr+0x86/0xa0
[  286.311787][T10657]  genl_rcv+0x28/0x40
[  286.311808][T10657]  netlink_unicast+0x53a/0x7f0
[  286.311853][T10657]  ? __pfx_netlink_unicast+0x10/0x10
[  286.311885][T10657]  netlink_sendmsg+0x8d1/0xdd0
[  286.311915][T10657]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.311938][T10657]  ? __import_iovec+0x1dd/0x650
[  286.311974][T10657]  ____sys_sendmsg+0xa98/0xc70
[  286.312001][T10657]  ? __pfx_____sys_sendmsg+0x10/0x10
[  286.312021][T10657]  ? get_compat_msghdr+0x11a/0x170
[  286.312072][T10657]  ___sys_sendmsg+0x134/0x1d0
[  286.312104][T10657]  ? __pfx____sys_sendmsg+0x10/0x10
[  286.312152][T10657]  ? find_held_lock+0x2b/0x80
[  286.312192][T10657]  __sys_sendmsg+0x16d/0x220
[  286.312221][T10657]  ? __pfx___sys_sendmsg+0x10/0x10
[  286.312248][T10657]  ? __pfx_bpf_trace_run2+0x10/0x10
[  286.312281][T10657]  ? syscall_trace_enter+0x1cb/0x260
[  286.312311][T10657]  ? rcu_is_watching+0x12/0xc0
[  286.312335][T10657]  __do_fast_syscall_32+0x7c/0x3a0
[  286.312367][T10657]  do_fast_syscall_32+0x32/0x80
[  286.312395][T10657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  286.312420][T10657] RIP: 0023:0xf704e579
[  286.312436][T10657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  286.312455][T10657] RSP: 002b:00000000f500455c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  286.312476][T10657] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000040
[  286.312489][T10657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  286.312500][T10657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  286.312511][T10657] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  286.312522][T10657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  286.312548][T10657]  </TASK>
[  286.394375][   T61] usb 7-1: Using ep0 maxpacket: 32
[  286.555939][ T6007] usb 8-1: new high-speed USB device number 39 using dummy_hcd
[  286.585957][   T61] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  286.589078][   T61] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  286.592244][   T61] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.615135][   T61] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  286.618609][   T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  286.622364][   T61] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  286.634640][   T61] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  286.638507][   T61] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  286.641207][   T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.645509][   T61] usb 7-1: config 0 descriptor??
[  286.715625][ T6007] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  286.718932][ T6007] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.722053][ T6007] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.724930][ T6007] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  286.734822][ T6007] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  286.737419][ T6007] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  286.740053][ T6007] usb 8-1: Manufacturer: syz
[  286.742516][ T6007] usb 8-1: config 0 descriptor??
[  286.851568][   T61] usb 7-1: USB disconnect, device number 31
[  287.162257][ T6007] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  287.164767][ T6007] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  287.169865][ T6007] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  287.294420][   T61] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  287.454385][   T61] usb 7-1: Using ep0 maxpacket: 32
[  287.458396][   T61] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  287.461609][   T61] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  287.464703][   T61] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  287.467971][   T61] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  287.470743][   T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  287.473899][   T61] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  287.477095][   T61] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  287.481209][   T61] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  287.484212][   T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.494893][   T61] usb 7-1: config 0 descriptor??
[  287.700085][   T61] usb 7-1: USB disconnect, device number 32
[  287.891384][ T6032] usb 8-1: USB disconnect, device number 39
[  288.320043][T10684] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  288.322513][T10684] CPU: 3 UID: 0 PID: 10684 Comm: syz.1.1259 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  288.322541][T10684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  288.322550][T10684] Call Trace:
[  288.322554][T10684]  <TASK>
[  288.322559][T10684]  dump_stack_lvl+0x16c/0x1f0
[  288.322581][T10684]  sysfs_warn_dup+0x7f/0xa0
[  288.322598][T10684]  sysfs_do_create_link_sd+0x124/0x140
[  288.322616][T10684]  sysfs_create_link+0x61/0xc0
[  288.322631][T10684]  device_add+0x62c/0x1a70
[  288.322645][T10684]  ? __pfx_device_add+0x10/0x10
[  288.322656][T10684]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  288.322676][T10684]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  288.322697][T10684]  wiphy_register+0x1c9c/0x2850
[  288.322709][T10684]  ? netdev_run_todo+0x864/0x1320
[  288.322726][T10684]  ? __pfx_wiphy_register+0x10/0x10
[  288.322745][T10684]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  288.322759][T10684]  ieee80211_register_hw+0x24ac/0x4140
[  288.322776][T10684]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  288.322790][T10684]  ? find_held_lock+0x2b/0x80
[  288.322802][T10684]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  288.322819][T10684]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  288.322831][T10684]  ? __hrtimer_setup+0x176/0x280
[  288.322850][T10684]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  288.322874][T10684]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  288.322893][T10684]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  288.322910][T10684]  ? __asan_memcpy+0x3c/0x60
[  288.322927][T10684]  hwsim_new_radio_nl+0xb51/0x12c0
[  288.322944][T10684]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  288.322965][T10684]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  288.322980][T10684]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  288.322997][T10684]  genl_family_rcv_msg_doit+0x209/0x2f0
[  288.323012][T10684]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  288.323026][T10684]  ? trace_cap_capable+0x18d/0x200
[  288.323042][T10684]  ? bpf_lsm_capable+0x9/0x10
[  288.323055][T10684]  ? security_capable+0x7e/0x260
[  288.323073][T10684]  ? ns_capable+0xd7/0x110
[  288.323086][T10684]  genl_rcv_msg+0x55c/0x800
[  288.323101][T10684]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.323115][T10684]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  288.323132][T10684]  ? __lock_acquire+0x622/0x1c90
[  288.323149][T10684]  netlink_rcv_skb+0x158/0x420
[  288.323161][T10684]  ? __pfx_genl_rcv_msg+0x10/0x10
[  288.323175][T10684]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  288.323193][T10684]  ? netlink_deliver_tap+0x1ae/0xd30
[  288.323204][T10684]  ? is_vmalloc_addr+0x86/0xa0
[  288.323221][T10684]  genl_rcv+0x28/0x40
[  288.323233][T10684]  netlink_unicast+0x53a/0x7f0
[  288.323247][T10684]  ? __pfx_netlink_unicast+0x10/0x10
[  288.323263][T10684]  netlink_sendmsg+0x8d1/0xdd0
[  288.323277][T10684]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.323290][T10684]  ? __import_iovec+0x1dd/0x650
[  288.323311][T10684]  ____sys_sendmsg+0xa98/0xc70
[  288.323326][T10684]  ? __pfx_____sys_sendmsg+0x10/0x10
[  288.323350][T10684]  ? get_compat_msghdr+0x11a/0x170
[  288.323372][T10684]  ? lock_acquire+0x179/0x350
[  288.323387][T10684]  ? find_held_lock+0x2b/0x80
[  288.323400][T10684]  ___sys_sendmsg+0x134/0x1d0
[  288.323419][T10684]  ? __pfx____sys_sendmsg+0x10/0x10
[  288.323445][T10684]  ? find_held_lock+0x2b/0x80
[  288.323466][T10684]  __sys_sendmsg+0x16d/0x220
[  288.323484][T10684]  ? __pfx___sys_sendmsg+0x10/0x10
[  288.323506][T10684]  ? rcu_read_unlock_trace_special+0x2aa/0x3f0
[  288.323521][T10684]  ? rcu_is_watching+0x12/0xc0
[  288.323534][T10684]  __do_fast_syscall_32+0x7c/0x3a0
[  288.323553][T10684]  do_fast_syscall_32+0x32/0x80
[  288.323570][T10684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  288.323584][T10684] RIP: 0023:0xf704e579
[  288.323593][T10684] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  288.323604][T10684] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  288.323615][T10684] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000040
[  288.323622][T10684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  288.323628][T10684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  288.323634][T10684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  288.323641][T10684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  288.323655][T10684]  </TASK>
[  288.633618][   T40] audit: type=1326 audit(1750913016.836:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.655754][   T40] audit: type=1326 audit(1750913016.836:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.743999][   T40] audit: type=1326 audit(1750913016.836:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.754691][   T40] audit: type=1326 audit(1750913016.836:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.763977][   T40] audit: type=1326 audit(1750913016.836:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.787393][   T40] audit: type=1326 audit(1750913016.846:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.804140][   T40] audit: type=1326 audit(1750913016.846:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.867511][   T40] audit: type=1326 audit(1750913016.846:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.888282][   T40] audit: type=1326 audit(1750913016.856:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  288.894773][   T40] audit: type=1326 audit(1750913016.856:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10688 comm="syz.3.1260" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f88579 code=0x7ffc0000
[  289.946584][   T61] usb 8-1: new high-speed USB device number 40 using dummy_hcd
[  289.961232][T10726] veth0_macvtap: left allmulticast mode
[  289.966776][T10726] macvtap0: left allmulticast mode
[  290.096415][   T61] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  290.100775][   T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  290.105567][   T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  290.109530][   T61] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  290.116549][   T61] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  290.120233][   T61] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  290.123528][   T61] usb 8-1: Manufacturer: syz
[  290.127971][   T61] usb 8-1: config 0 descriptor??
[  290.547749][   T61] appleir 0003:05AC:8243.0009: unknown main item tag 0x0
[  290.550069][   T61] appleir 0003:05AC:8243.0009: No inputs registered, leaving
[  290.556150][   T61] appleir 0003:05AC:8243.0009: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  290.822851][T10744] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  290.827861][T10744] CPU: 3 UID: 0 PID: 10744 Comm: syz.2.1273 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  290.827889][T10744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  290.827901][T10744] Call Trace:
[  290.827908][T10744]  <TASK>
[  290.827915][T10744]  dump_stack_lvl+0x16c/0x1f0
[  290.827950][T10744]  sysfs_warn_dup+0x7f/0xa0
[  290.827976][T10744]  sysfs_do_create_link_sd+0x124/0x140
[  290.828018][T10744]  sysfs_create_link+0x61/0xc0
[  290.828042][T10744]  device_add+0x62c/0x1a70
[  290.828066][T10744]  ? __pfx_device_add+0x10/0x10
[  290.828086][T10744]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  290.828116][T10744]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  290.828151][T10744]  wiphy_register+0x1c9c/0x2850
[  290.828173][T10744]  ? netdev_run_todo+0x864/0x1320
[  290.828202][T10744]  ? __pfx_wiphy_register+0x10/0x10
[  290.828234][T10744]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  290.828258][T10744]  ieee80211_register_hw+0x24ac/0x4140
[  290.828297][T10744]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  290.828325][T10744]  ? find_held_lock+0x2b/0x80
[  290.828346][T10744]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  290.828375][T10744]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  290.828395][T10744]  ? __hrtimer_setup+0x176/0x280
[  290.828427][T10744]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  290.828471][T10744]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  290.828501][T10744]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  290.828529][T10744]  ? __asan_memcpy+0x3c/0x60
[  290.828558][T10744]  hwsim_new_radio_nl+0xb51/0x12c0
[  290.828587][T10744]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  290.828621][T10744]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  290.828645][T10744]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  290.828672][T10744]  genl_family_rcv_msg_doit+0x209/0x2f0
[  290.828695][T10744]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  290.828718][T10744]  ? trace_cap_capable+0x18d/0x200
[  290.828745][T10744]  ? bpf_lsm_capable+0x9/0x10
[  290.828766][T10744]  ? security_capable+0x7e/0x260
[  290.828795][T10744]  ? ns_capable+0xd7/0x110
[  290.828818][T10744]  genl_rcv_msg+0x55c/0x800
[  290.828843][T10744]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.828865][T10744]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  290.828895][T10744]  ? __lock_acquire+0x622/0x1c90
[  290.828924][T10744]  netlink_rcv_skb+0x158/0x420
[  290.828944][T10744]  ? __pfx_genl_rcv_msg+0x10/0x10
[  290.828968][T10744]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  290.828999][T10744]  ? netlink_deliver_tap+0x1ae/0xd30
[  290.829017][T10744]  ? is_vmalloc_addr+0x86/0xa0
[  290.829047][T10744]  genl_rcv+0x28/0x40
[  290.829067][T10744]  netlink_unicast+0x53a/0x7f0
[  290.829088][T10744]  ? __pfx_netlink_unicast+0x10/0x10
[  290.829117][T10744]  netlink_sendmsg+0x8d1/0xdd0
[  290.829141][T10744]  ? __pfx_netlink_sendmsg+0x10/0x10
[  290.829164][T10744]  ? __import_iovec+0x1dd/0x650
[  290.829200][T10744]  ____sys_sendmsg+0xa98/0xc70
[  290.829225][T10744]  ? __pfx_____sys_sendmsg+0x10/0x10
[  290.829245][T10744]  ? get_compat_msghdr+0x11a/0x170
[  290.829295][T10744]  ___sys_sendmsg+0x134/0x1d0
[  290.829325][T10744]  ? __pfx____sys_sendmsg+0x10/0x10
[  290.829368][T10744]  ? find_held_lock+0x2b/0x80
[  290.829405][T10744]  __sys_sendmsg+0x16d/0x220
[  290.829432][T10744]  ? __pfx___sys_sendmsg+0x10/0x10
[  290.829468][T10744]  ? rcu_read_unlock_trace_special+0x2aa/0x3f0
[  290.829494][T10744]  ? rcu_is_watching+0x12/0xc0
[  290.829518][T10744]  __do_fast_syscall_32+0x7c/0x3a0
[  290.829547][T10744]  do_fast_syscall_32+0x32/0x80
[  290.829575][T10744]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  290.829597][T10744] RIP: 0023:0xf7f62579
[  290.829615][T10744] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  290.829633][T10744] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  290.829651][T10744] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000040
[  290.829662][T10744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  290.829674][T10744] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  290.829684][T10744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  290.829697][T10744] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  290.829724][T10744]  </TASK>
[  292.196695][T10770] sp0: Synchronizing with TNC
[  292.396504][T10774] Bluetooth: MGMT ver 1.23
[  292.403948][T10772] hsr0 speed is unknown, defaulting to 1000
[  292.406494][T10772] lo speed is unknown, defaulting to 1000
[  292.409047][T10772] lo speed is unknown, defaulting to 1000
[  292.522480][T10783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1285'.
[  292.653581][T10791] CIFS: iocharset name too long
[  292.860148][   T61] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  292.899218][T10797] netlink: 'syz.0.1289': attribute type 1 has an invalid length.
[  292.901445][T10794] No control pipe specified
[  292.904449][   T29] usb 8-1: reset high-speed USB device number 40 using dummy_hcd
[  292.911345][   T29] usb 8-1: device reset changed ep0 maxpacket size!
[  292.916518][ T6032] usb 8-1: USB disconnect, device number 40
[  293.004488][   T61] usb 6-1: Using ep0 maxpacket: 32
[  293.008982][   T61] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  293.012458][   T61] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  293.021886][   T61] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  293.026186][   T61] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  293.029974][   T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  293.033931][   T61] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  293.038091][   T61] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  293.043324][   T61] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  293.048390][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.053834][   T61] usb 6-1: config 0 descriptor??
[  293.064541][ T6032] usb 8-1: new high-speed USB device number 41 using dummy_hcd
[  293.215478][ T6032] usb 8-1: Using ep0 maxpacket: 16
[  293.220291][ T6032] usb 8-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.226964][ T6032] usb 8-1: config 0 interface 0 has no altsetting 0
[  293.229459][ T6032] usb 8-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  293.231953][ T6032] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.241322][ T6032] usb 8-1: config 0 descriptor??
[  293.261671][   T61] usb 6-1: USB disconnect, device number 32
[  293.474803][ T6032] usbhid 8-1:0.0: can't add hid device: -71
[  293.477643][ T6032] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  293.490822][ T6032] usb 8-1: USB disconnect, device number 41
[  293.724441][ T6115] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  293.854400][   T24] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  293.884370][ T6115] usb 6-1: Using ep0 maxpacket: 32
[  293.887279][ T6115] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  293.889888][ T6115] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  293.892614][ T6115] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  293.896051][ T6115] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  293.898712][ T6115] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  293.901700][ T6115] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  293.904795][ T6115] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  293.908569][ T6115] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  293.911451][ T6115] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.915225][ T6115] usb 6-1: config 0 descriptor??
[  294.020357][   T24] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  294.023900][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.027732][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.030732][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  294.035829][   T24] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  294.038779][   T24] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  294.041283][   T24] usb 7-1: Manufacturer: syz
[  294.044270][   T24] usb 7-1: config 0 descriptor??
[  294.120106][ T6115] usb 6-1: USB disconnect, device number 33
[  294.286839][T10813] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1294'.
[  294.460853][   T24] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  294.463803][   T24] appleir 0003:05AC:8243.000A: No inputs registered, leaving
[  294.469818][   T24] appleir 0003:05AC:8243.000A: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  294.871996][T10822] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1304'.
[  294.926259][T10824] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1297'.
[  295.067972][T10824] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  295.186627][T10824] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  295.192257][T10824] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  295.196937][T10824] bond0 (unregistering): Released all slaves
[  296.254902][ T6032] usb 8-1: new high-speed USB device number 42 using dummy_hcd
[  296.404535][ T6032] usb 8-1: Using ep0 maxpacket: 32
[  296.408651][ T6032] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  296.414429][ T6032] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  296.427556][ T6032] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.435773][ T6032] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  296.462559][ T6032] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  296.469076][ T6032] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  296.480939][ T6032] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  296.500356][ T6032] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  296.505290][ T6032] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.516253][ T6032] usb 8-1: config 0 descriptor??
[  296.557220][ T6007] usb 7-1: USB disconnect, device number 33
[  296.749014][   T29] usb 8-1: USB disconnect, device number 42
[  297.304972][   T29] usb 8-1: new high-speed USB device number 43 using dummy_hcd
[  297.494440][   T29] usb 8-1: Using ep0 maxpacket: 32
[  297.506032][   T29] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  297.509753][   T29] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  297.524419][   T29] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.527819][   T29] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  297.530677][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  297.534017][   T29] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  297.550874][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  297.574492][   T29] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  297.577643][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.583961][   T29] usb 8-1: config 0 descriptor??
[  297.794922][   T29] usb 8-1: USB disconnect, device number 43
[  298.234593][ T6032] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  298.381601][T10891] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  298.388258][ T6032] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  298.391681][T10891] CPU: 2 UID: 0 PID: 10891 Comm: syz.2.1317 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  298.391743][T10891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  298.391756][T10891] Call Trace:
[  298.391764][T10891]  <TASK>
[  298.391773][T10891]  dump_stack_lvl+0x16c/0x1f0
[  298.391809][T10891]  sysfs_warn_dup+0x7f/0xa0
[  298.391836][T10891]  sysfs_do_create_link_sd+0x124/0x140
[  298.391864][T10891]  sysfs_create_link+0x61/0xc0
[  298.391889][T10891]  device_add+0x62c/0x1a70
[  298.391915][T10891]  ? __pfx_device_add+0x10/0x10
[  298.391933][T10891]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  298.391963][T10891]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  298.392006][T10891]  wiphy_register+0x1c9c/0x2850
[  298.392027][T10891]  ? netdev_run_todo+0x864/0x1320
[  298.392055][T10891]  ? __pfx_wiphy_register+0x10/0x10
[  298.392084][T10891]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  298.392108][T10891]  ieee80211_register_hw+0x24ac/0x4140
[  298.392139][T10891]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  298.392158][T10891]  ? irqentry_exit+0x3b/0x90
[  298.392191][T10891]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  298.392218][T10891]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  298.392238][T10891]  ? __hrtimer_setup+0x176/0x280
[  298.392267][T10891]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  298.392308][T10891]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  298.392339][T10891]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  298.392368][T10891]  ? __asan_memcpy+0x3c/0x60
[  298.392400][T10891]  hwsim_new_radio_nl+0xb51/0x12c0
[  298.392431][T10891]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  298.392466][T10891]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  298.392491][T10891]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  298.392519][T10891]  genl_family_rcv_msg_doit+0x209/0x2f0
[  298.392544][T10891]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  298.392568][T10891]  ? trace_cap_capable+0x18d/0x200
[  298.392593][T10891]  ? bpf_lsm_capable+0x9/0x10
[  298.392615][T10891]  ? security_capable+0x7e/0x260
[  298.392646][T10891]  ? ns_capable+0xd7/0x110
[  298.392668][T10891]  genl_rcv_msg+0x55c/0x800
[  298.392694][T10891]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.392717][T10891]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  298.392742][T10891]  ? __lock_acquire+0x622/0x1c90
[  298.392771][T10891]  netlink_rcv_skb+0x158/0x420
[  298.392791][T10891]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.392816][T10891]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  298.392848][T10891]  ? netlink_deliver_tap+0x1ae/0xd30
[  298.392867][T10891]  ? is_vmalloc_addr+0x86/0xa0
[  298.392896][T10891]  genl_rcv+0x28/0x40
[  298.392917][T10891]  netlink_unicast+0x53a/0x7f0
[  298.392941][T10891]  ? __pfx_netlink_unicast+0x10/0x10
[  298.392969][T10891]  netlink_sendmsg+0x8d1/0xdd0
[  298.393002][T10891]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.393026][T10891]  ? __import_iovec+0x1dd/0x650
[  298.393062][T10891]  ____sys_sendmsg+0xa98/0xc70
[  298.393087][T10891]  ? __pfx_____sys_sendmsg+0x10/0x10
[  298.393105][T10891]  ? get_compat_msghdr+0x11a/0x170
[  298.393140][T10891]  ? lock_acquire+0x179/0x350
[  298.393163][T10891]  ? find_held_lock+0x2b/0x80
[  298.393185][T10891]  ___sys_sendmsg+0x134/0x1d0
[  298.393213][T10891]  ? __pfx____sys_sendmsg+0x10/0x10
[  298.393253][T10891]  ? find_held_lock+0x2b/0x80
[  298.393290][T10891]  __sys_sendmsg+0x16d/0x220
[  298.393318][T10891]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.393355][T10891]  ? rcu_read_unlock_trace_special+0x2aa/0x3f0
[  298.393380][T10891]  ? rcu_is_watching+0x12/0xc0
[  298.393402][T10891]  __do_fast_syscall_32+0x7c/0x3a0
[  298.393434][T10891]  do_fast_syscall_32+0x32/0x80
[  298.393464][T10891]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  298.393488][T10891] RIP: 0023:0xf7f62579
[  298.393504][T10891] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  298.393520][T10891] RSP: 002b:00000000f502b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  298.393539][T10891] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  298.393550][T10891] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  298.393561][T10891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  298.393570][T10891] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  298.393580][T10891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  298.393604][T10891]  </TASK>
[  298.676428][ T6032] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.680412][ T6032] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.683735][ T6032] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  298.694354][T10894] syzkaller1: entered promiscuous mode
[  298.694791][ T6032] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  298.696522][T10894] syzkaller1: entered allmulticast mode
[  298.699456][ T6032] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  298.704158][ T6032] usb 6-1: Manufacturer: syz
[  298.719815][ T6032] usb 6-1: config 0 descriptor??
[  298.777487][T10896] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  298.780242][T10896] CPU: 0 UID: 0 PID: 10896 Comm: syz.0.1318 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  298.780262][T10896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  298.780273][T10896] Call Trace:
[  298.780278][T10896]  <TASK>
[  298.780283][T10896]  dump_stack_lvl+0x16c/0x1f0
[  298.780310][T10896]  sysfs_warn_dup+0x7f/0xa0
[  298.780329][T10896]  sysfs_do_create_link_sd+0x124/0x140
[  298.780365][T10896]  sysfs_create_link+0x61/0xc0
[  298.780383][T10896]  device_add+0x62c/0x1a70
[  298.780400][T10896]  ? __pfx_device_add+0x10/0x10
[  298.780410][T10896]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  298.780430][T10896]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  298.780451][T10896]  wiphy_register+0x1c9c/0x2850
[  298.780464][T10896]  ? netdev_run_todo+0x864/0x1320
[  298.780480][T10896]  ? __pfx_wiphy_register+0x10/0x10
[  298.780499][T10896]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  298.780514][T10896]  ieee80211_register_hw+0x24ac/0x4140
[  298.780532][T10896]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  298.780546][T10896]  ? find_held_lock+0x2b/0x80
[  298.780558][T10896]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  298.780575][T10896]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  298.780591][T10896]  ? __hrtimer_setup+0x176/0x280
[  298.780609][T10896]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  298.780633][T10896]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  298.780657][T10896]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  298.780674][T10896]  ? __asan_memcpy+0x3c/0x60
[  298.780692][T10896]  hwsim_new_radio_nl+0xb51/0x12c0
[  298.780715][T10896]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  298.780736][T10896]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  298.780790][T10896]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  298.780814][T10896]  genl_family_rcv_msg_doit+0x209/0x2f0
[  298.780831][T10896]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  298.780846][T10896]  ? trace_cap_capable+0x18d/0x200
[  298.780862][T10896]  ? bpf_lsm_capable+0x9/0x10
[  298.780877][T10896]  ? security_capable+0x7e/0x260
[  298.780897][T10896]  ? ns_capable+0xd7/0x110
[  298.780910][T10896]  genl_rcv_msg+0x55c/0x800
[  298.780925][T10896]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.780939][T10896]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  298.780957][T10896]  ? __lock_acquire+0x622/0x1c90
[  298.780974][T10896]  netlink_rcv_skb+0x158/0x420
[  298.780992][T10896]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.781008][T10896]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  298.781028][T10896]  ? netlink_deliver_tap+0x1ae/0xd30
[  298.781039][T10896]  ? is_vmalloc_addr+0x86/0xa0
[  298.781058][T10896]  genl_rcv+0x28/0x40
[  298.781071][T10896]  netlink_unicast+0x53a/0x7f0
[  298.781086][T10896]  ? __pfx_netlink_unicast+0x10/0x10
[  298.781104][T10896]  netlink_sendmsg+0x8d1/0xdd0
[  298.781119][T10896]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.781133][T10896]  ? __import_iovec+0x1dd/0x650
[  298.781155][T10896]  ____sys_sendmsg+0xa98/0xc70
[  298.781170][T10896]  ? __pfx_____sys_sendmsg+0x10/0x10
[  298.781182][T10896]  ? get_compat_msghdr+0x11a/0x170
[  298.781206][T10896]  ___sys_sendmsg+0x134/0x1d0
[  298.781223][T10896]  ? __pfx____sys_sendmsg+0x10/0x10
[  298.781247][T10896]  ? find_held_lock+0x2b/0x80
[  298.781268][T10896]  __sys_sendmsg+0x16d/0x220
[  298.781284][T10896]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.781300][T10896]  ? __pfx_bpf_trace_run2+0x10/0x10
[  298.781320][T10896]  ? syscall_trace_enter+0x1cb/0x260
[  298.781338][T10896]  ? rcu_is_watching+0x12/0xc0
[  298.781351][T10896]  __do_fast_syscall_32+0x7c/0x3a0
[  298.781370][T10896]  do_fast_syscall_32+0x32/0x80
[  298.781387][T10896]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  298.781402][T10896] RIP: 0023:0xf707e579
[  298.781412][T10896] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  298.781422][T10896] RSP: 002b:00000000f501355c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  298.781434][T10896] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000040
[  298.781441][T10896] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  298.781447][T10896] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  298.781453][T10896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  298.781460][T10896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  298.781474][T10896]  </TASK>
[  299.169800][T10901] FAULT_INJECTION: forcing a failure.
[  299.169800][T10901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.175049][T10901] CPU: 1 UID: 0 PID: 10901 Comm: syz.3.1321 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  299.175066][T10901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  299.175074][T10901] Call Trace:
[  299.175078][T10901]  <TASK>
[  299.175083][T10901]  dump_stack_lvl+0x16c/0x1f0
[  299.175104][T10901]  should_fail_ex+0x512/0x640
[  299.175123][T10901]  _copy_from_iter+0x29f/0x16f0
[  299.175142][T10901]  ? __alloc_skb+0x200/0x380
[  299.175159][T10901]  ? __pfx__copy_from_iter+0x10/0x10
[  299.175183][T10901]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  299.175201][T10901]  netlink_sendmsg+0x829/0xdd0
[  299.175215][T10901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.175227][T10901]  ? __import_iovec+0x1dd/0x650
[  299.175247][T10901]  ____sys_sendmsg+0xa98/0xc70
[  299.175261][T10901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  299.175273][T10901]  ? get_compat_msghdr+0x11a/0x170
[  299.175297][T10901]  ___sys_sendmsg+0x134/0x1d0
[  299.175315][T10901]  ? __pfx____sys_sendmsg+0x10/0x10
[  299.175339][T10901]  ? find_held_lock+0x2b/0x80
[  299.175359][T10901]  __sys_sendmsg+0x16d/0x220
[  299.175376][T10901]  ? __pfx___sys_sendmsg+0x10/0x10
[  299.175392][T10901]  ? __pfx_bpf_trace_run2+0x10/0x10
[  299.175411][T10901]  ? syscall_trace_enter+0x1cb/0x260
[  299.175431][T10901]  ? rcu_is_watching+0x12/0xc0
[  299.175444][T10901]  __do_fast_syscall_32+0x7c/0x3a0
[  299.175463][T10901]  do_fast_syscall_32+0x32/0x80
[  299.175480][T10901]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  299.175494][T10901] RIP: 0023:0xf7f88579
[  299.175503][T10901] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  299.175515][T10901] RSP: 002b:00000000f50a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  299.175526][T10901] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000000
[  299.175534][T10901] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  299.175540][T10901] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  299.175546][T10901] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  299.175553][T10901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  299.175566][T10901]  </TASK>
[  299.186213][ T6032] appleir 0003:05AC:8243.000B: unknown main item tag 0x0
[  299.273061][ T6032] appleir 0003:05AC:8243.000B: No inputs registered, leaving
[  299.282748][ T6032] appleir 0003:05AC:8243.000B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  299.495673][ T5951] Bluetooth: hci0: unexpected event for opcode 0x0c5b
[  300.328262][T10922] /dev/nullb0: Can't open blockdev
[  300.427510][T10929] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  300.435222][T10929] CPU: 0 UID: 0 PID: 10929 Comm: syz.3.1328 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  300.435252][T10929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  300.435261][T10929] Call Trace:
[  300.435266][T10929]  <TASK>
[  300.435271][T10929]  dump_stack_lvl+0x16c/0x1f0
[  300.435294][T10929]  sysfs_warn_dup+0x7f/0xa0
[  300.435310][T10929]  sysfs_do_create_link_sd+0x124/0x140
[  300.435327][T10929]  sysfs_create_link+0x61/0xc0
[  300.435343][T10929]  device_add+0x62c/0x1a70
[  300.435357][T10929]  ? __pfx_device_add+0x10/0x10
[  300.435367][T10929]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  300.435387][T10929]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  300.435408][T10929]  wiphy_register+0x1c9c/0x2850
[  300.435420][T10929]  ? netdev_run_todo+0x864/0x1320
[  300.435437][T10929]  ? __pfx_wiphy_register+0x10/0x10
[  300.435455][T10929]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  300.435468][T10929]  ieee80211_register_hw+0x24ac/0x4140
[  300.435487][T10929]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  300.435501][T10929]  ? find_held_lock+0x2b/0x80
[  300.435525][T10929]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  300.435542][T10929]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  300.435555][T10929]  ? __hrtimer_setup+0x176/0x280
[  300.435573][T10929]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  300.435597][T10929]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  300.435617][T10929]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  300.435636][T10929]  ? __asan_memcpy+0x3c/0x60
[  300.435653][T10929]  hwsim_new_radio_nl+0xb51/0x12c0
[  300.435670][T10929]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  300.435690][T10929]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  300.435735][T10929]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  300.435758][T10929]  genl_family_rcv_msg_doit+0x209/0x2f0
[  300.435774][T10929]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  300.435790][T10929]  ? trace_cap_capable+0x18d/0x200
[  300.435805][T10929]  ? bpf_lsm_capable+0x9/0x10
[  300.435820][T10929]  ? security_capable+0x7e/0x260
[  300.435839][T10929]  ? ns_capable+0xd7/0x110
[  300.435852][T10929]  genl_rcv_msg+0x55c/0x800
[  300.435867][T10929]  ? __pfx_genl_rcv_msg+0x10/0x10
[  300.435881][T10929]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  300.435899][T10929]  ? __lock_acquire+0x622/0x1c90
[  300.435915][T10929]  netlink_rcv_skb+0x158/0x420
[  300.435926][T10929]  ? __pfx_genl_rcv_msg+0x10/0x10
[  300.435940][T10929]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  300.435959][T10929]  ? netlink_deliver_tap+0x1ae/0xd30
[  300.435969][T10929]  ? is_vmalloc_addr+0x86/0xa0
[  300.435987][T10929]  genl_rcv+0x28/0x40
[  300.435998][T10929]  netlink_unicast+0x53a/0x7f0
[  300.436012][T10929]  ? __pfx_netlink_unicast+0x10/0x10
[  300.436029][T10929]  netlink_sendmsg+0x8d1/0xdd0
[  300.436043][T10929]  ? __pfx_netlink_sendmsg+0x10/0x10
[  300.436056][T10929]  ? __import_iovec+0x1dd/0x650
[  300.436077][T10929]  ____sys_sendmsg+0xa98/0xc70
[  300.436092][T10929]  ? __pfx_____sys_sendmsg+0x10/0x10
[  300.436104][T10929]  ? get_compat_msghdr+0x11a/0x170
[  300.436133][T10929]  ___sys_sendmsg+0x134/0x1d0
[  300.436151][T10929]  ? __pfx____sys_sendmsg+0x10/0x10
[  300.436177][T10929]  ? find_held_lock+0x2b/0x80
[  300.436198][T10929]  __sys_sendmsg+0x16d/0x220
[  300.436216][T10929]  ? __pfx___sys_sendmsg+0x10/0x10
[  300.436233][T10929]  ? __pfx_bpf_trace_run2+0x10/0x10
[  300.436254][T10929]  ? syscall_trace_enter+0x1cb/0x260
[  300.436275][T10929]  ? rcu_is_watching+0x12/0xc0
[  300.436288][T10929]  __do_fast_syscall_32+0x7c/0x3a0
[  300.436307][T10929]  do_fast_syscall_32+0x32/0x80
[  300.436324][T10929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  300.436338][T10929] RIP: 0023:0xf7f88579
[  300.436348][T10929] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  300.436359][T10929] RSP: 002b:00000000f504b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  300.436370][T10929] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  300.436378][T10929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  300.436384][T10929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  300.436390][T10929] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  300.436397][T10929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  300.436411][T10929]  </TASK>
[  300.614383][ T5987] usb 6-1: reset high-speed USB device number 34 using dummy_hcd
[  301.189905][T10933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1329'.
[  301.262991][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  301.263010][   T40] audit: type=1800 audit(1750913029.466:58): pid=10937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1329" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  301.385621][T10940] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1331'.
[  301.416400][   T29] usb 6-1: USB disconnect, device number 34
[  302.059192][T10951] macsec0: entered promiscuous mode
[  302.061463][T10951] macsec0: entered allmulticast mode
[  302.063584][T10951] veth1_macvtap: entered allmulticast mode
[  302.250820][T10956] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1335'.
[  302.343627][T10956] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  302.364951][T10956] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  302.370013][T10956] bond0 (unregistering): Released all slaves
[  302.766446][ T6007] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  302.924372][ T6007] usb 6-1: Using ep0 maxpacket: 16
[  302.934254][ T6007] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.938933][ T6007] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  302.942802][ T6007] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  302.948524][ T6007] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  302.952255][ T6007] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.959181][ T6007] usb 6-1: config 0 descriptor??
[  303.484549][   T40] audit: type=1804 audit(1750913031.686:59): pid=10985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1339" name="/newroot/353/bus/bus" dev="overlay" ino=1895 res=1 errno=0
[  303.492136][T10988] sp0: Synchronizing with TNC
[  303.503794][   T40] audit: type=1804 audit(1750913031.706:60): pid=10985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1339" name="/newroot/353/bus/bus" dev="overlay" ino=1895 res=1 errno=0
[  303.667038][T10993] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  303.669700][T10993] CPU: 1 UID: 0 PID: 10993 Comm: syz.0.1346 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  303.669717][T10993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  303.669726][T10993] Call Trace:
[  303.669731][T10993]  <TASK>
[  303.669737][T10993]  dump_stack_lvl+0x16c/0x1f0
[  303.669760][T10993]  sysfs_warn_dup+0x7f/0xa0
[  303.669777][T10993]  sysfs_do_create_link_sd+0x124/0x140
[  303.669795][T10993]  sysfs_create_link+0x61/0xc0
[  303.669809][T10993]  device_add+0x62c/0x1a70
[  303.669823][T10993]  ? __pfx_device_add+0x10/0x10
[  303.669834][T10993]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  303.669854][T10993]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  303.669875][T10993]  wiphy_register+0x1c9c/0x2850
[  303.669888][T10993]  ? netdev_run_todo+0x864/0x1320
[  303.669905][T10993]  ? __pfx_wiphy_register+0x10/0x10
[  303.669931][T10993]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  303.669945][T10993]  ieee80211_register_hw+0x24ac/0x4140
[  303.669964][T10993]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  303.669979][T10993]  ? find_held_lock+0x2b/0x80
[  303.669992][T10993]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  303.670010][T10993]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  303.670023][T10993]  ? __hrtimer_setup+0x176/0x280
[  303.670041][T10993]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  303.670064][T10993]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  303.670083][T10993]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  303.670100][T10993]  ? __asan_memcpy+0x3c/0x60
[  303.670118][T10993]  hwsim_new_radio_nl+0xb51/0x12c0
[  303.670135][T10993]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  303.670155][T10993]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  303.670172][T10993]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  303.670189][T10993]  genl_family_rcv_msg_doit+0x209/0x2f0
[  303.670204][T10993]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  303.670218][T10993]  ? trace_cap_capable+0x18d/0x200
[  303.670233][T10993]  ? bpf_lsm_capable+0x9/0x10
[  303.670247][T10993]  ? security_capable+0x7e/0x260
[  303.670265][T10993]  ? ns_capable+0xd7/0x110
[  303.670277][T10993]  genl_rcv_msg+0x55c/0x800
[  303.670293][T10993]  ? __pfx_genl_rcv_msg+0x10/0x10
[  303.670307][T10993]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  303.670325][T10993]  ? __lock_acquire+0x622/0x1c90
[  303.670342][T10993]  netlink_rcv_skb+0x158/0x420
[  303.670354][T10993]  ? __pfx_genl_rcv_msg+0x10/0x10
[  303.670368][T10993]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  303.670386][T10993]  ? netlink_deliver_tap+0x1ae/0xd30
[  303.670396][T10993]  ? is_vmalloc_addr+0x86/0xa0
[  303.670414][T10993]  genl_rcv+0x28/0x40
[  303.670426][T10993]  netlink_unicast+0x53a/0x7f0
[  303.670439][T10993]  ? __pfx_netlink_unicast+0x10/0x10
[  303.670455][T10993]  netlink_sendmsg+0x8d1/0xdd0
[  303.670470][T10993]  ? __pfx_netlink_sendmsg+0x10/0x10
[  303.670483][T10993]  ? __import_iovec+0x1dd/0x650
[  303.670503][T10993]  ____sys_sendmsg+0xa98/0xc70
[  303.670518][T10993]  ? __pfx_____sys_sendmsg+0x10/0x10
[  303.670530][T10993]  ? get_compat_msghdr+0x11a/0x170
[  303.670554][T10993]  ___sys_sendmsg+0x134/0x1d0
[  303.670572][T10993]  ? __pfx____sys_sendmsg+0x10/0x10
[  303.670596][T10993]  ? find_held_lock+0x2b/0x80
[  303.670616][T10993]  __sys_sendmsg+0x16d/0x220
[  303.670633][T10993]  ? __pfx___sys_sendmsg+0x10/0x10
[  303.670649][T10993]  ? __pfx_bpf_trace_run2+0x10/0x10
[  303.670669][T10993]  ? syscall_trace_enter+0x1cb/0x260
[  303.670687][T10993]  ? rcu_is_watching+0x12/0xc0
[  303.670700][T10993]  __do_fast_syscall_32+0x7c/0x3a0
[  303.670720][T10993]  do_fast_syscall_32+0x32/0x80
[  303.670737][T10993]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  303.670751][T10993] RIP: 0023:0xf707e579
[  303.670761][T10993] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  303.670772][T10993] RSP: 002b:00000000f501355c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  303.670783][T10993] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  303.670790][T10993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  303.670797][T10993] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  303.670803][T10993] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  303.670810][T10993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  303.670824][T10993]  </TASK>
[  304.450656][T10997] input: syz0 as /devices/virtual/input/input15
[  304.456175][T10997] FAULT_INJECTION: forcing a failure.
[  304.456175][T10997] name failslab, interval 1, probability 0, space 0, times 0
[  304.461153][T10997] CPU: 1 UID: 0 PID: 10997 Comm: syz.0.1348 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  304.461170][T10997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  304.461177][T10997] Call Trace:
[  304.461183][T10997]  <TASK>
[  304.461188][T10997]  dump_stack_lvl+0x16c/0x1f0
[  304.461210][T10997]  should_fail_ex+0x512/0x640
[  304.461227][T10997]  ? __kvmalloc_node_noprof+0x124/0x620
[  304.461246][T10997]  should_failslab+0xc2/0x120
[  304.461258][T10997]  __kvmalloc_node_noprof+0x137/0x620
[  304.461273][T10997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  304.461287][T10997]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  304.461305][T10997]  ? video_usercopy+0x9c3/0x1440
[  304.461325][T10997]  ? video_usercopy+0x9c3/0x1440
[  304.461342][T10997]  video_usercopy+0x9c3/0x1440
[  304.461360][T10997]  ? __pfx___video_do_ioctl+0x10/0x10
[  304.461376][T10997]  ? __pfx_video_usercopy+0x10/0x10
[  304.461397][T10997]  ? hook_file_ioctl_common+0x145/0x410
[  304.461413][T10997]  v4l2_ioctl+0x1ba/0x250
[  304.461427][T10997]  ? fput+0x71/0xf0
[  304.461459][T10997]  v4l2_compat_ioctl32+0x214/0x2c0
[  304.461474][T10997]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  304.461488][T10997]  __ia32_compat_sys_ioctl+0x23f/0x370
[  304.461505][T10997]  __do_fast_syscall_32+0x7c/0x3a0
[  304.461524][T10997]  do_fast_syscall_32+0x32/0x80
[  304.461542][T10997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  304.461557][T10997] RIP: 0023:0xf707e579
[  304.461567][T10997] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  304.461579][T10997] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  304.461590][T10997] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0185647
[  304.461597][T10997] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  304.461604][T10997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  304.461610][T10997] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  304.461617][T10997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  304.461631][T10997]  </TASK>
[  304.461876][T10997] netlink: 'syz.0.1348': attribute type 4 has an invalid length.
[  304.664372][   T29] usb 8-1: new high-speed USB device number 44 using dummy_hcd
[  304.814389][   T29] usb 8-1: Using ep0 maxpacket: 8
[  304.818243][   T29] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  304.821596][   T29] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  304.824765][   T29] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  304.828401][   T29] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  304.832017][   T29] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  304.835032][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.843031][   T29] hub 8-1:1.0: bad descriptor, ignoring hub
[  304.845084][   T29] hub 8-1:1.0: probe with driver hub failed with error -5
[  304.847647][   T29] cdc_wdm 8-1:1.0: skipping garbage
[  304.849463][   T29] cdc_wdm 8-1:1.0: skipping garbage
[  304.853731][   T29] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  304.855903][   T29] cdc_wdm 8-1:1.0: Unknown control protocol
[  305.557400][ T6007] usbhid 6-1:0.0: can't add hid device: -71
[  305.563009][ T6007] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  305.572339][ T6007] usb 6-1: USB disconnect, device number 35
[  305.610959][T11010] input: syz0 as /devices/virtual/input/input16
[  305.621690][T11010] netlink: 'syz.1.1351': attribute type 4 has an invalid length.
[  305.697217][T11019] syzkaller1: entered promiscuous mode
[  305.699576][T11019] syzkaller1: entered allmulticast mode
[  305.738062][T10995] usb 8-1: reset high-speed USB device number 44 using dummy_hcd
[  306.143191][T11030] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  306.167837][T11030] CPU: 0 UID: 0 PID: 11030 Comm: syz.0.1358 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  306.167859][T11030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  306.167867][T11030] Call Trace:
[  306.167872][T11030]  <TASK>
[  306.167878][T11030]  dump_stack_lvl+0x16c/0x1f0
[  306.167905][T11030]  sysfs_warn_dup+0x7f/0xa0
[  306.167923][T11030]  sysfs_do_create_link_sd+0x124/0x140
[  306.167939][T11030]  sysfs_create_link+0x61/0xc0
[  306.167954][T11030]  device_add+0x62c/0x1a70
[  306.167969][T11030]  ? __pfx_device_add+0x10/0x10
[  306.167981][T11030]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  306.168001][T11030]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  306.168022][T11030]  wiphy_register+0x1c9c/0x2850
[  306.168034][T11030]  ? netdev_run_todo+0x864/0x1320
[  306.168051][T11030]  ? __pfx_wiphy_register+0x10/0x10
[  306.168068][T11030]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  306.168082][T11030]  ieee80211_register_hw+0x24ac/0x4140
[  306.168099][T11030]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  306.168113][T11030]  ? find_held_lock+0x2b/0x80
[  306.168125][T11030]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  306.168142][T11030]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  306.168154][T11030]  ? __hrtimer_setup+0x176/0x280
[  306.168172][T11030]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  306.168196][T11030]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  306.168214][T11030]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  306.168232][T11030]  ? __asan_memcpy+0x3c/0x60
[  306.168248][T11030]  hwsim_new_radio_nl+0xb51/0x12c0
[  306.168265][T11030]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  306.168286][T11030]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  306.168301][T11030]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  306.168319][T11030]  genl_family_rcv_msg_doit+0x209/0x2f0
[  306.168333][T11030]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  306.168348][T11030]  ? trace_cap_capable+0x18d/0x200
[  306.168362][T11030]  ? bpf_lsm_capable+0x9/0x10
[  306.168375][T11030]  ? security_capable+0x7e/0x260
[  306.168393][T11030]  ? ns_capable+0xd7/0x110
[  306.168406][T11030]  genl_rcv_msg+0x55c/0x800
[  306.168421][T11030]  ? __pfx_genl_rcv_msg+0x10/0x10
[  306.168435][T11030]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  306.168452][T11030]  ? __lock_acquire+0x622/0x1c90
[  306.168468][T11030]  netlink_rcv_skb+0x158/0x420
[  306.168480][T11030]  ? __pfx_genl_rcv_msg+0x10/0x10
[  306.168495][T11030]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  306.168512][T11030]  ? netlink_deliver_tap+0x1ae/0xd30
[  306.168522][T11030]  ? is_vmalloc_addr+0x86/0xa0
[  306.168540][T11030]  genl_rcv+0x28/0x40
[  306.168552][T11030]  netlink_unicast+0x53a/0x7f0
[  306.168566][T11030]  ? __pfx_netlink_unicast+0x10/0x10
[  306.168581][T11030]  netlink_sendmsg+0x8d1/0xdd0
[  306.168596][T11030]  ? __pfx_netlink_sendmsg+0x10/0x10
[  306.168609][T11030]  ? __import_iovec+0x1dd/0x650
[  306.168630][T11030]  ____sys_sendmsg+0xa98/0xc70
[  306.168645][T11030]  ? __pfx_____sys_sendmsg+0x10/0x10
[  306.168656][T11030]  ? get_compat_msghdr+0x11a/0x170
[  306.168680][T11030]  ___sys_sendmsg+0x134/0x1d0
[  306.168698][T11030]  ? __pfx____sys_sendmsg+0x10/0x10
[  306.168722][T11030]  ? find_held_lock+0x2b/0x80
[  306.168742][T11030]  __sys_sendmsg+0x16d/0x220
[  306.168758][T11030]  ? __pfx___sys_sendmsg+0x10/0x10
[  306.168774][T11030]  ? __pfx_bpf_trace_run2+0x10/0x10
[  306.168794][T11030]  ? syscall_trace_enter+0x1cb/0x260
[  306.168812][T11030]  ? rcu_is_watching+0x12/0xc0
[  306.168826][T11030]  __do_fast_syscall_32+0x7c/0x3a0
[  306.168845][T11030]  do_fast_syscall_32+0x32/0x80
[  306.168862][T11030]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  306.168876][T11030] RIP: 0023:0xf707e579
[  306.168887][T11030] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  306.168904][T11030] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  306.168917][T11030] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  306.168925][T11030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  306.168949][T11030] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  306.168957][T11030] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  306.168964][T11030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  306.168980][T11030]  </TASK>
[  306.213727][ T6007] usb 8-1: USB disconnect, device number 44
[  307.151998][T11058] Cannot find del_set index 3 as target
[  307.156960][T11058] netlink: 'syz.0.1365': attribute type 11 has an invalid length.
[  307.159240][T11058] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1365'.
[  307.573757][T11069] syzkaller1: entered promiscuous mode
[  307.576294][T11069] syzkaller1: entered allmulticast mode
[  308.034387][   T61] usb 8-1: new high-speed USB device number 45 using dummy_hcd
[  308.096459][T11089] trusted_key: encrypted_key: insufficient parameters specified
[  308.144383][   T24] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  308.186376][   T61] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  308.189837][   T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.194508][   T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.199333][   T61] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  308.204682][   T61] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  308.207350][T11099] loop8: detected capacity change from 0 to 79
[  308.207825][   T61] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  308.214940][   T61] usb 8-1: Manufacturer: syz
[  308.220366][   T61] usb 8-1: config 0 descriptor??
[  308.255444][T11099] loop8: detected capacity change from 79 to 78
[  308.304876][   T24] usb 6-1: Using ep0 maxpacket: 32
[  308.308103][   T24] usb 6-1: config 0 has no interfaces?
[  308.310283][   T24] usb 6-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  308.313224][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.318157][   T24] usb 6-1: config 0 descriptor??
[  308.633169][   T61] appleir 0003:05AC:8243.000C: unknown main item tag 0x0
[  308.636072][   T61] appleir 0003:05AC:8243.000C: No inputs registered, leaving
[  308.643674][   T61] appleir 0003:05AC:8243.000C: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  308.702910][ T6032] usb 6-1: USB disconnect, device number 36
[  309.523391][T11114] syzkaller1: entered promiscuous mode
[  309.525584][T11114] syzkaller1: entered allmulticast mode
[  310.705768][ T6007] usb 8-1: USB disconnect, device number 45
[  311.008791][T11147] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  311.011344][T11147] CPU: 1 UID: 0 PID: 11147 Comm: syz.3.1385 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  311.011362][T11147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  311.011370][T11147] Call Trace:
[  311.011375][T11147]  <TASK>
[  311.011381][T11147]  dump_stack_lvl+0x16c/0x1f0
[  311.011403][T11147]  sysfs_warn_dup+0x7f/0xa0
[  311.011436][T11147]  sysfs_do_create_link_sd+0x124/0x140
[  311.011454][T11147]  sysfs_create_link+0x61/0xc0
[  311.011470][T11147]  device_add+0x62c/0x1a70
[  311.011485][T11147]  ? __pfx_device_add+0x10/0x10
[  311.011497][T11147]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.011518][T11147]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  311.011540][T11147]  wiphy_register+0x1c9c/0x2850
[  311.011553][T11147]  ? netdev_run_todo+0x864/0x1320
[  311.011571][T11147]  ? __pfx_wiphy_register+0x10/0x10
[  311.011590][T11147]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  311.011624][T11147]  ieee80211_register_hw+0x24ac/0x4140
[  311.011645][T11147]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  311.011662][T11147]  ? find_held_lock+0x2b/0x80
[  311.011676][T11147]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.011695][T11147]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  311.011710][T11147]  ? __hrtimer_setup+0x176/0x280
[  311.011730][T11147]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  311.011757][T11147]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  311.011778][T11147]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  311.011801][T11147]  ? __asan_memcpy+0x3c/0x60
[  311.011819][T11147]  hwsim_new_radio_nl+0xb51/0x12c0
[  311.011838][T11147]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  311.011861][T11147]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  311.011878][T11147]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  311.011898][T11147]  genl_family_rcv_msg_doit+0x209/0x2f0
[  311.011915][T11147]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  311.011932][T11147]  ? trace_cap_capable+0x18d/0x200
[  311.011949][T11147]  ? bpf_lsm_capable+0x9/0x10
[  311.011964][T11147]  ? security_capable+0x7e/0x260
[  311.011990][T11147]  ? ns_capable+0xd7/0x110
[  311.012009][T11147]  genl_rcv_msg+0x55c/0x800
[  311.012034][T11147]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.012056][T11147]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  311.012085][T11147]  ? __lock_acquire+0x622/0x1c90
[  311.012112][T11147]  netlink_rcv_skb+0x158/0x420
[  311.012132][T11147]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.012157][T11147]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  311.012178][T11147]  ? netlink_deliver_tap+0x1ae/0xd30
[  311.012189][T11147]  ? is_vmalloc_addr+0x86/0xa0
[  311.012208][T11147]  genl_rcv+0x28/0x40
[  311.012221][T11147]  netlink_unicast+0x53a/0x7f0
[  311.012235][T11147]  ? __pfx_netlink_unicast+0x10/0x10
[  311.012252][T11147]  netlink_sendmsg+0x8d1/0xdd0
[  311.012267][T11147]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.012281][T11147]  ? __import_iovec+0x1dd/0x650
[  311.012303][T11147]  ____sys_sendmsg+0xa98/0xc70
[  311.012320][T11147]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.012332][T11147]  ? get_compat_msghdr+0x11a/0x170
[  311.012358][T11147]  ___sys_sendmsg+0x134/0x1d0
[  311.012377][T11147]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.012402][T11147]  ? find_held_lock+0x2b/0x80
[  311.012423][T11147]  __sys_sendmsg+0x16d/0x220
[  311.012442][T11147]  ? __pfx___sys_sendmsg+0x10/0x10
[  311.012459][T11147]  ? __pfx_bpf_trace_run2+0x10/0x10
[  311.012480][T11147]  ? syscall_trace_enter+0x1cb/0x260
[  311.012499][T11147]  ? rcu_is_watching+0x12/0xc0
[  311.012513][T11147]  __do_fast_syscall_32+0x7c/0x3a0
[  311.012533][T11147]  do_fast_syscall_32+0x32/0x80
[  311.012551][T11147]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  311.012566][T11147] RIP: 0023:0xf7f88579
[  311.012578][T11147] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  311.012589][T11147] RSP: 002b:00000000f508555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  311.012601][T11147] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  311.012609][T11147] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  311.012616][T11147] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  311.012622][T11147] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  311.012629][T11147] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  311.012644][T11147]  </TASK>
[  311.400758][T11153] FAULT_INJECTION: forcing a failure.
[  311.400758][T11153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  311.417840][T11153] CPU: 2 UID: 0 PID: 11153 Comm: syz.1.1389 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  311.417859][T11153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  311.417866][T11153] Call Trace:
[  311.417870][T11153]  <TASK>
[  311.417875][T11153]  dump_stack_lvl+0x16c/0x1f0
[  311.417897][T11153]  should_fail_ex+0x512/0x640
[  311.417916][T11153]  _copy_from_iter+0x29f/0x16f0
[  311.417934][T11153]  ? __alloc_skb+0x200/0x380
[  311.417951][T11153]  ? __pfx__copy_from_iter+0x10/0x10
[  311.417969][T11153]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  311.417986][T11153]  netlink_sendmsg+0x829/0xdd0
[  311.418000][T11153]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.418013][T11153]  ? __import_iovec+0x1dd/0x650
[  311.418033][T11153]  ____sys_sendmsg+0xa98/0xc70
[  311.418047][T11153]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.418059][T11153]  ? get_compat_msghdr+0x11a/0x170
[  311.418083][T11153]  ___sys_sendmsg+0x134/0x1d0
[  311.418100][T11153]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.418128][T11153]  ? find_held_lock+0x2b/0x80
[  311.418148][T11153]  __sys_sendmsg+0x16d/0x220
[  311.418165][T11153]  ? __pfx___sys_sendmsg+0x10/0x10
[  311.418181][T11153]  ? __pfx_bpf_trace_run2+0x10/0x10
[  311.418201][T11153]  ? syscall_trace_enter+0x1cb/0x260
[  311.418220][T11153]  ? rcu_is_watching+0x12/0xc0
[  311.418233][T11153]  __do_fast_syscall_32+0x7c/0x3a0
[  311.418252][T11153]  do_fast_syscall_32+0x32/0x80
[  311.418269][T11153]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  311.418283][T11153] RIP: 0023:0xf704e579
[  311.418292][T11153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  311.418303][T11153] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  311.418315][T11153] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[  311.418322][T11153] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  311.418339][T11153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  311.418346][T11153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  311.418353][T11153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  311.418366][T11153]  </TASK>
[  311.901395][T11164] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  311.904107][T11164] CPU: 0 UID: 0 PID: 11164 Comm: syz.1.1391 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  311.904124][T11164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  311.904132][T11164] Call Trace:
[  311.904137][T11164]  <TASK>
[  311.904142][T11164]  dump_stack_lvl+0x16c/0x1f0
[  311.904163][T11164]  sysfs_warn_dup+0x7f/0xa0
[  311.904181][T11164]  sysfs_do_create_link_sd+0x124/0x140
[  311.904211][T11164]  sysfs_create_link+0x61/0xc0
[  311.904227][T11164]  device_add+0x62c/0x1a70
[  311.904241][T11164]  ? __pfx_device_add+0x10/0x10
[  311.904252][T11164]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.904270][T11164]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  311.904305][T11164]  wiphy_register+0x1c9c/0x2850
[  311.904317][T11164]  ? netdev_run_todo+0x864/0x1320
[  311.904333][T11164]  ? __pfx_wiphy_register+0x10/0x10
[  311.904350][T11164]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  311.904364][T11164]  ieee80211_register_hw+0x24ac/0x4140
[  311.904382][T11164]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  311.904396][T11164]  ? find_held_lock+0x2b/0x80
[  311.904408][T11164]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.904425][T11164]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  311.904438][T11164]  ? __hrtimer_setup+0x176/0x280
[  311.904456][T11164]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  311.904480][T11164]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  311.904500][T11164]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  311.904517][T11164]  ? __asan_memcpy+0x3c/0x60
[  311.904534][T11164]  hwsim_new_radio_nl+0xb51/0x12c0
[  311.904552][T11164]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  311.904572][T11164]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  311.904588][T11164]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  311.904605][T11164]  genl_family_rcv_msg_doit+0x209/0x2f0
[  311.904621][T11164]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  311.904634][T11164]  ? trace_cap_capable+0x18d/0x200
[  311.904649][T11164]  ? bpf_lsm_capable+0x9/0x10
[  311.904663][T11164]  ? security_capable+0x7e/0x260
[  311.904680][T11164]  ? ns_capable+0xd7/0x110
[  311.904693][T11164]  genl_rcv_msg+0x55c/0x800
[  311.904709][T11164]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.904723][T11164]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  311.904740][T11164]  ? __lock_acquire+0x622/0x1c90
[  311.904757][T11164]  netlink_rcv_skb+0x158/0x420
[  311.904769][T11164]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.904783][T11164]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  311.904802][T11164]  ? netlink_deliver_tap+0x1ae/0xd30
[  311.904812][T11164]  ? is_vmalloc_addr+0x86/0xa0
[  311.904830][T11164]  genl_rcv+0x28/0x40
[  311.904842][T11164]  netlink_unicast+0x53a/0x7f0
[  311.904861][T11164]  ? __pfx_netlink_unicast+0x10/0x10
[  311.904878][T11164]  netlink_sendmsg+0x8d1/0xdd0
[  311.904893][T11164]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.904907][T11164]  ? __import_iovec+0x1dd/0x650
[  311.904929][T11164]  ____sys_sendmsg+0xa98/0xc70
[  311.904945][T11164]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.904958][T11164]  ? get_compat_msghdr+0x11a/0x170
[  311.904983][T11164]  ___sys_sendmsg+0x134/0x1d0
[  311.905000][T11164]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.905024][T11164]  ? find_held_lock+0x2b/0x80
[  311.905045][T11164]  __sys_sendmsg+0x16d/0x220
[  311.905062][T11164]  ? __pfx___sys_sendmsg+0x10/0x10
[  311.905078][T11164]  ? __pfx_bpf_trace_run2+0x10/0x10
[  311.905098][T11164]  ? syscall_trace_enter+0x1cb/0x260
[  311.905116][T11164]  ? rcu_is_watching+0x12/0xc0
[  311.905129][T11164]  __do_fast_syscall_32+0x7c/0x3a0
[  311.905148][T11164]  do_fast_syscall_32+0x32/0x80
[  311.905165][T11164]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  311.905180][T11164] RIP: 0023:0xf704e579
[  311.905189][T11164] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  311.905200][T11164] RSP: 002b:00000000f501d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  311.905212][T11164] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  311.905219][T11164] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  311.905226][T11164] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  311.905232][T11164] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  311.905238][T11164] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  311.905252][T11164]  </TASK>
[  312.124463][   T24] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  312.304648][   T24] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  312.308618][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.312204][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  312.315642][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  312.320919][   T24] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  312.324008][   T24] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  312.334426][   T24] usb 8-1: Manufacturer: syz
[  312.355103][   T24] usb 8-1: config 0 descriptor??
[  312.771769][   T24] appleir 0003:05AC:8243.000D: unknown main item tag 0x0
[  312.776264][   T24] appleir 0003:05AC:8243.000D: No inputs registered, leaving
[  312.784124][   T24] appleir 0003:05AC:8243.000D: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  313.025966][T11184] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  313.030523][T11184] CPU: 3 UID: 0 PID: 11184 Comm: syz.2.1397 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  313.030542][T11184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  313.030550][T11184] Call Trace:
[  313.030556][T11184]  <TASK>
[  313.030562][T11184]  dump_stack_lvl+0x16c/0x1f0
[  313.030583][T11184]  sysfs_warn_dup+0x7f/0xa0
[  313.030600][T11184]  sysfs_do_create_link_sd+0x124/0x140
[  313.030631][T11184]  sysfs_create_link+0x61/0xc0
[  313.030645][T11184]  device_add+0x62c/0x1a70
[  313.030660][T11184]  ? __pfx_device_add+0x10/0x10
[  313.030670][T11184]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  313.030690][T11184]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  313.030711][T11184]  wiphy_register+0x1c9c/0x2850
[  313.030724][T11184]  ? netdev_run_todo+0x864/0x1320
[  313.030742][T11184]  ? __pfx_wiphy_register+0x10/0x10
[  313.030761][T11184]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  313.030776][T11184]  ieee80211_register_hw+0x24ac/0x4140
[  313.030794][T11184]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  313.030809][T11184]  ? find_held_lock+0x2b/0x80
[  313.030820][T11184]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  313.030837][T11184]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  313.030853][T11184]  ? __hrtimer_setup+0x176/0x280
[  313.030871][T11184]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  313.030896][T11184]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  313.030916][T11184]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  313.030933][T11184]  ? __asan_memcpy+0x3c/0x60
[  313.030951][T11184]  hwsim_new_radio_nl+0xb51/0x12c0
[  313.030969][T11184]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  313.030991][T11184]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  313.031006][T11184]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  313.031025][T11184]  genl_family_rcv_msg_doit+0x209/0x2f0
[  313.031040][T11184]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  313.031054][T11184]  ? trace_cap_capable+0x18d/0x200
[  313.031070][T11184]  ? bpf_lsm_capable+0x9/0x10
[  313.031084][T11184]  ? security_capable+0x7e/0x260
[  313.031108][T11184]  ? ns_capable+0xd7/0x110
[  313.031123][T11184]  genl_rcv_msg+0x55c/0x800
[  313.031140][T11184]  ? __pfx_genl_rcv_msg+0x10/0x10
[  313.031155][T11184]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  313.031174][T11184]  ? __lock_acquire+0x622/0x1c90
[  313.031197][T11184]  netlink_rcv_skb+0x158/0x420
[  313.031210][T11184]  ? __pfx_genl_rcv_msg+0x10/0x10
[  313.031226][T11184]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  313.031246][T11184]  ? netlink_deliver_tap+0x1ae/0xd30
[  313.031258][T11184]  ? is_vmalloc_addr+0x86/0xa0
[  313.031278][T11184]  genl_rcv+0x28/0x40
[  313.031290][T11184]  netlink_unicast+0x53a/0x7f0
[  313.031304][T11184]  ? __pfx_netlink_unicast+0x10/0x10
[  313.031321][T11184]  netlink_sendmsg+0x8d1/0xdd0
[  313.031336][T11184]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.031349][T11184]  ? __import_iovec+0x1dd/0x650
[  313.031370][T11184]  ____sys_sendmsg+0xa98/0xc70
[  313.031385][T11184]  ? __pfx_____sys_sendmsg+0x10/0x10
[  313.031397][T11184]  ? get_compat_msghdr+0x11a/0x170
[  313.031422][T11184]  ___sys_sendmsg+0x134/0x1d0
[  313.031440][T11184]  ? __pfx____sys_sendmsg+0x10/0x10
[  313.031455][T11184]  ? find_held_lock+0x2b/0x80
[  313.031485][T11184]  __sys_sendmsg+0x16d/0x220
[  313.031502][T11184]  ? __pfx___sys_sendmsg+0x10/0x10
[  313.031518][T11184]  ? __pfx_bpf_trace_run2+0x10/0x10
[  313.031539][T11184]  ? syscall_trace_enter+0x1cb/0x260
[  313.031559][T11184]  ? rcu_is_watching+0x12/0xc0
[  313.031573][T11184]  __do_fast_syscall_32+0x7c/0x3a0
[  313.031645][T11184]  do_fast_syscall_32+0x32/0x80
[  313.031666][T11184]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  313.031681][T11184] RIP: 0023:0xf7f62579
[  313.031691][T11184] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  313.031703][T11184] RSP: 002b:00000000f506555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  313.031714][T11184] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000040
[  313.031722][T11184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  313.031728][T11184] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  313.031735][T11184] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  313.031742][T11184] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  313.031757][T11184]  </TASK>
[  314.540546][T11217] syzkaller1: entered promiscuous mode
[  314.542490][T11217] syzkaller1: entered allmulticast mode
[  314.904567][   T24] usb 8-1: reset high-speed USB device number 46 using dummy_hcd
[  315.065247][   T24] usb 8-1: device firmware changed
[  315.068969][ T6007] usb 8-1: USB disconnect, device number 46
[  315.214442][ T6007] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  315.414813][ T6007] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  315.418679][ T6007] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  315.425794][ T6007] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  315.429796][ T6007] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  315.433558][ T6007] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  315.449116][ T6007] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  315.453239][ T6007] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  315.457180][ T6007] usb 8-1: Product: syz
[  315.465629][ T6007] usb 8-1: Manufacturer: syz
[  315.519269][ T6007] cdc_wdm 8-1:1.0: skipping garbage
[  315.527037][ T6007] cdc_wdm 8-1:1.0: skipping garbage
[  315.558335][ T6007] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  315.562682][ T6007] cdc_wdm 8-1:1.0: Unknown control protocol
[  316.447766][ T6007] usb 8-1: USB disconnect, device number 47
[  316.577100][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  316.579144][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  316.704495][   T61] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  316.855774][   T61] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  316.859165][   T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.862881][   T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.866290][   T61] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  316.871546][   T61] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  316.874557][   T61] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  316.877202][   T61] usb 6-1: Manufacturer: syz
[  316.880548][   T61] usb 6-1: config 0 descriptor??
[  317.301999][   T61] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[  317.305576][   T61] appleir 0003:05AC:8243.000E: No inputs registered, leaving
[  317.310333][   T61] appleir 0003:05AC:8243.000E: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  317.316091][T11264] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  317.334899][T11264] CPU: 2 UID: 0 PID: 11264 Comm: syz.2.1421 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  317.334942][T11264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  317.334978][T11264] Call Trace:
[  317.334988][T11264]  <TASK>
[  317.335000][T11264]  dump_stack_lvl+0x16c/0x1f0
[  317.335044][T11264]  sysfs_warn_dup+0x7f/0xa0
[  317.335088][T11264]  sysfs_do_create_link_sd+0x124/0x140
[  317.335126][T11264]  sysfs_create_link+0x61/0xc0
[  317.335162][T11264]  device_add+0x62c/0x1a70
[  317.335192][T11264]  ? __pfx_device_add+0x10/0x10
[  317.335216][T11264]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  317.335256][T11264]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  317.335301][T11264]  wiphy_register+0x1c9c/0x2850
[  317.335325][T11264]  ? netdev_run_todo+0x864/0x1320
[  317.335362][T11264]  ? __pfx_wiphy_register+0x10/0x10
[  317.335404][T11264]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  317.335436][T11264]  ieee80211_register_hw+0x24ac/0x4140
[  317.335478][T11264]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  317.335510][T11264]  ? find_held_lock+0x2b/0x80
[  317.335536][T11264]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  317.335606][T11264]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  317.335634][T11264]  ? __hrtimer_setup+0x176/0x280
[  317.335674][T11264]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  317.335729][T11264]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  317.335761][T11264]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  317.335788][T11264]  ? __asan_memcpy+0x3c/0x60
[  317.335817][T11264]  hwsim_new_radio_nl+0xb51/0x12c0
[  317.335845][T11264]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  317.335880][T11264]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  317.335905][T11264]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  317.335935][T11264]  genl_family_rcv_msg_doit+0x209/0x2f0
[  317.335961][T11264]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  317.335984][T11264]  ? trace_cap_capable+0x18d/0x200
[  317.336009][T11264]  ? bpf_lsm_capable+0x9/0x10
[  317.336032][T11264]  ? security_capable+0x7e/0x260
[  317.336061][T11264]  ? ns_capable+0xd7/0x110
[  317.336090][T11264]  genl_rcv_msg+0x55c/0x800
[  317.336120][T11264]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.336146][T11264]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  317.336179][T11264]  ? __lock_acquire+0x622/0x1c90
[  317.336208][T11264]  netlink_rcv_skb+0x158/0x420
[  317.336228][T11264]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.336254][T11264]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  317.336287][T11264]  ? netlink_deliver_tap+0x1ae/0xd30
[  317.336305][T11264]  ? is_vmalloc_addr+0x86/0xa0
[  317.336336][T11264]  genl_rcv+0x28/0x40
[  317.336356][T11264]  netlink_unicast+0x53a/0x7f0
[  317.336379][T11264]  ? __pfx_netlink_unicast+0x10/0x10
[  317.336408][T11264]  netlink_sendmsg+0x8d1/0xdd0
[  317.336432][T11264]  ? __pfx_netlink_sendmsg+0x10/0x10
[  317.336454][T11264]  ? __import_iovec+0x1dd/0x650
[  317.336489][T11264]  ____sys_sendmsg+0xa98/0xc70
[  317.336514][T11264]  ? __pfx_____sys_sendmsg+0x10/0x10
[  317.336533][T11264]  ? get_compat_msghdr+0x11a/0x170
[  317.336575][T11264]  ___sys_sendmsg+0x134/0x1d0
[  317.336605][T11264]  ? __pfx____sys_sendmsg+0x10/0x10
[  317.336647][T11264]  ? find_held_lock+0x2b/0x80
[  317.336683][T11264]  __sys_sendmsg+0x16d/0x220
[  317.336711][T11264]  ? __pfx___sys_sendmsg+0x10/0x10
[  317.336738][T11264]  ? __pfx_bpf_trace_run2+0x10/0x10
[  317.336771][T11264]  ? syscall_trace_enter+0x1cb/0x260
[  317.336801][T11264]  ? rcu_is_watching+0x12/0xc0
[  317.336822][T11264]  __do_fast_syscall_32+0x7c/0x3a0
[  317.336852][T11264]  do_fast_syscall_32+0x32/0x80
[  317.336879][T11264]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  317.336902][T11264] RIP: 0023:0xf7f62579
[  317.336917][T11264] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  317.336934][T11264] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  317.336953][T11264] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  317.336965][T11264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  317.336976][T11264] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  317.336986][T11264] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  317.336999][T11264] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  317.337025][T11264]  </TASK>
[  317.732127][T11276] syzkaller1: entered promiscuous mode
[  317.737474][T11276] syzkaller1: entered allmulticast mode
[  317.810970][T11277] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  317.813593][T11277] CPU: 1 UID: 0 PID: 11277 Comm: syz.3.1423 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  317.813614][T11277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  317.813623][T11277] Call Trace:
[  317.813695][T11277]  <TASK>
[  317.813710][T11277]  dump_stack_lvl+0x16c/0x1f0
[  317.813734][T11277]  sysfs_warn_dup+0x7f/0xa0
[  317.813752][T11277]  sysfs_do_create_link_sd+0x124/0x140
[  317.813771][T11277]  sysfs_create_link+0x61/0xc0
[  317.813787][T11277]  device_add+0x62c/0x1a70
[  317.813810][T11277]  ? __pfx_device_add+0x10/0x10
[  317.813821][T11277]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  317.813841][T11277]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  317.813865][T11277]  wiphy_register+0x1c9c/0x2850
[  317.813878][T11277]  ? netdev_run_todo+0x864/0x1320
[  317.813895][T11277]  ? __pfx_wiphy_register+0x10/0x10
[  317.813915][T11277]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  317.813930][T11277]  ieee80211_register_hw+0x24ac/0x4140
[  317.813948][T11277]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  317.813963][T11277]  ? find_held_lock+0x2b/0x80
[  317.813976][T11277]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  317.813995][T11277]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  317.814009][T11277]  ? __hrtimer_setup+0x176/0x280
[  317.814027][T11277]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  317.814051][T11277]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  317.814070][T11277]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  317.814087][T11277]  ? __asan_memcpy+0x3c/0x60
[  317.814105][T11277]  hwsim_new_radio_nl+0xb51/0x12c0
[  317.814122][T11277]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  317.814143][T11277]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  317.814159][T11277]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  317.814176][T11277]  genl_family_rcv_msg_doit+0x209/0x2f0
[  317.814192][T11277]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  317.814206][T11277]  ? trace_cap_capable+0x18d/0x200
[  317.814221][T11277]  ? bpf_lsm_capable+0x9/0x10
[  317.814235][T11277]  ? security_capable+0x7e/0x260
[  317.814253][T11277]  ? ns_capable+0xd7/0x110
[  317.814265][T11277]  genl_rcv_msg+0x55c/0x800
[  317.814281][T11277]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.814295][T11277]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  317.814314][T11277]  ? __lock_acquire+0x622/0x1c90
[  317.814331][T11277]  netlink_rcv_skb+0x158/0x420
[  317.814343][T11277]  ? __pfx_genl_rcv_msg+0x10/0x10
[  317.814357][T11277]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  317.814375][T11277]  ? netlink_deliver_tap+0x1ae/0xd30
[  317.814386][T11277]  ? is_vmalloc_addr+0x86/0xa0
[  317.814404][T11277]  genl_rcv+0x28/0x40
[  317.814415][T11277]  netlink_unicast+0x53a/0x7f0
[  317.814429][T11277]  ? __pfx_netlink_unicast+0x10/0x10
[  317.814446][T11277]  netlink_sendmsg+0x8d1/0xdd0
[  317.814460][T11277]  ? __pfx_netlink_sendmsg+0x10/0x10
[  317.814474][T11277]  ? __import_iovec+0x1dd/0x650
[  317.814495][T11277]  ____sys_sendmsg+0xa98/0xc70
[  317.814510][T11277]  ? __pfx_____sys_sendmsg+0x10/0x10
[  317.814522][T11277]  ? get_compat_msghdr+0x11a/0x170
[  317.814543][T11277]  ? lock_acquire+0x179/0x350
[  317.814556][T11277]  ? find_held_lock+0x2b/0x80
[  317.814569][T11277]  ___sys_sendmsg+0x134/0x1d0
[  317.814586][T11277]  ? __pfx____sys_sendmsg+0x10/0x10
[  317.814610][T11277]  ? find_held_lock+0x2b/0x80
[  317.814631][T11277]  __sys_sendmsg+0x16d/0x220
[  317.814648][T11277]  ? __pfx___sys_sendmsg+0x10/0x10
[  317.814669][T11277]  ? rcu_read_unlock_trace_special+0x2aa/0x3f0
[  317.814685][T11277]  ? rcu_is_watching+0x12/0xc0
[  317.814698][T11277]  __do_fast_syscall_32+0x7c/0x3a0
[  317.814717][T11277]  do_fast_syscall_32+0x32/0x80
[  317.814734][T11277]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  317.814749][T11277] RIP: 0023:0xf7f88579
[  317.814760][T11277] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  317.814771][T11277] RSP: 002b:00000000f508555c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  317.814783][T11277] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000040
[  317.814790][T11277] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  317.814805][T11277] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  317.814812][T11277] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  317.814819][T11277] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  317.814835][T11277]  </TASK>
[  319.157769][T11303] syzkaller1: entered promiscuous mode
[  319.160231][T11303] syzkaller1: entered allmulticast mode
[  319.356943][T11313] netlink: 'syz.1.1439': attribute type 1 has an invalid length.
[  319.367047][   T61] usb 6-1: USB disconnect, device number 37
[  319.426990][   T24] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  319.626602][   T24] usb 5-1: Using ep0 maxpacket: 8
[  319.635862][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  319.644389][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  319.647924][   T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  319.652549][   T24] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  319.657719][   T24] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  319.661130][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.677766][   T24] hub 5-1:1.0: bad descriptor, ignoring hub
[  319.680219][   T24] hub 5-1:1.0: probe with driver hub failed with error -5
[  319.683491][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  319.691748][   T24] cdc_wdm 5-1:1.0: skipping garbage
[  319.697440][   T24] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  319.699414][   T24] cdc_wdm 5-1:1.0: Unknown control protocol
[  319.794556][ T6115] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  319.944385][ T6115] usb 6-1: Using ep0 maxpacket: 32
[  319.947633][ T6115] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  319.952751][ T6115] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  319.956025][ T6115] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  319.958992][ T6115] usb 6-1: Product: syz
[  319.960438][ T6115] usb 6-1: Manufacturer: syz
[  319.962009][ T6115] usb 6-1: SerialNumber: syz
[  319.965878][ T6115] usb 6-1: config 0 descriptor??
[  319.968484][T11328] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  319.972823][ T6115] hub 6-1:0.0: bad descriptor, ignoring hub
[  319.975052][ T6115] hub 6-1:0.0: probe with driver hub failed with error -5
[  320.258179][T11335] netlink: 53 bytes leftover after parsing attributes in process `syz.2.1442'.
[  320.587375][T11306] usb 5-1: reset high-speed USB device number 46 using dummy_hcd
[  320.901807][T11357] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  320.908153][T11357] CPU: 2 UID: 0 PID: 11357 Comm: syz.2.1448 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  320.908172][T11357] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  320.908179][T11357] Call Trace:
[  320.908184][T11357]  <TASK>
[  320.908189][T11357]  dump_stack_lvl+0x16c/0x1f0
[  320.908212][T11357]  sysfs_warn_dup+0x7f/0xa0
[  320.908229][T11357]  sysfs_do_create_link_sd+0x124/0x140
[  320.908247][T11357]  sysfs_create_link+0x61/0xc0
[  320.908263][T11357]  device_add+0x62c/0x1a70
[  320.908276][T11357]  ? __pfx_device_add+0x10/0x10
[  320.908287][T11357]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  320.908306][T11357]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  320.908328][T11357]  wiphy_register+0x1c9c/0x2850
[  320.908340][T11357]  ? netdev_run_todo+0x864/0x1320
[  320.908357][T11357]  ? __pfx_wiphy_register+0x10/0x10
[  320.908374][T11357]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  320.908388][T11357]  ieee80211_register_hw+0x24ac/0x4140
[  320.908405][T11357]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  320.908419][T11357]  ? find_held_lock+0x2b/0x80
[  320.908431][T11357]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  320.908449][T11357]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  320.908461][T11357]  ? __hrtimer_setup+0x176/0x280
[  320.908479][T11357]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  320.908502][T11357]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  320.908522][T11357]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  320.908539][T11357]  ? __asan_memcpy+0x3c/0x60
[  320.908556][T11357]  hwsim_new_radio_nl+0xb51/0x12c0
[  320.908573][T11357]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  320.908593][T11357]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  320.908608][T11357]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  320.908626][T11357]  genl_family_rcv_msg_doit+0x209/0x2f0
[  320.908641][T11357]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  320.908655][T11357]  ? trace_cap_capable+0x18d/0x200
[  320.908669][T11357]  ? bpf_lsm_capable+0x9/0x10
[  320.908683][T11357]  ? security_capable+0x7e/0x260
[  320.908700][T11357]  ? ns_capable+0xd7/0x110
[  320.908713][T11357]  genl_rcv_msg+0x55c/0x800
[  320.908729][T11357]  ? __pfx_genl_rcv_msg+0x10/0x10
[  320.908743][T11357]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  320.908760][T11357]  ? __lock_acquire+0x622/0x1c90
[  320.908777][T11357]  netlink_rcv_skb+0x158/0x420
[  320.908789][T11357]  ? __pfx_genl_rcv_msg+0x10/0x10
[  320.908803][T11357]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  320.908821][T11357]  ? netlink_deliver_tap+0x1ae/0xd30
[  320.908831][T11357]  ? is_vmalloc_addr+0x86/0xa0
[  320.908849][T11357]  genl_rcv+0x28/0x40
[  320.908861][T11357]  netlink_unicast+0x53a/0x7f0
[  320.908875][T11357]  ? __pfx_netlink_unicast+0x10/0x10
[  320.908890][T11357]  netlink_sendmsg+0x8d1/0xdd0
[  320.908905][T11357]  ? __pfx_netlink_sendmsg+0x10/0x10
[  320.908918][T11357]  ? __import_iovec+0x1dd/0x650
[  320.908939][T11357]  ____sys_sendmsg+0xa98/0xc70
[  320.908954][T11357]  ? __pfx_____sys_sendmsg+0x10/0x10
[  320.908974][T11357]  ? get_compat_msghdr+0x11a/0x170
[  320.908996][T11357]  ? __pfx_futex_wake_mark+0x10/0x10
[  320.909016][T11357]  ___sys_sendmsg+0x134/0x1d0
[  320.909035][T11357]  ? __pfx____sys_sendmsg+0x10/0x10
[  320.909059][T11357]  ? find_held_lock+0x2b/0x80
[  320.909081][T11357]  __sys_sendmsg+0x16d/0x220
[  320.909098][T11357]  ? __pfx___sys_sendmsg+0x10/0x10
[  320.909114][T11357]  ? __ia32_sys_futex_time32+0x1d9/0x460
[  320.909135][T11357]  ? rcu_is_watching+0x12/0xc0
[  320.909149][T11357]  __do_fast_syscall_32+0x7c/0x3a0
[  320.909167][T11357]  do_fast_syscall_32+0x32/0x80
[  320.909184][T11357]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  320.909198][T11357] RIP: 0023:0xf7f62579
[  320.909208][T11357] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  320.909219][T11357] RSP: 002b:00000000f502b55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  320.909230][T11357] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000040
[  320.909238][T11357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  320.909244][T11357] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  320.909250][T11357] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  320.909257][T11357] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  320.909271][T11357]  </TASK>
[  321.053064][ T6115] usb 6-1: USB disconnect, device number 38
[  321.054887][ T5987] usb 5-1: USB disconnect, device number 46
[  321.364416][ T6115] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  321.396520][T11361] veth1_macvtap: left allmulticast mode
[  321.400184][T11361] macsec0: left promiscuous mode
[  321.402484][T11361] macsec0: left allmulticast mode
[  321.515787][ T6115] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  321.534323][ T6115] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  321.543240][ T6115] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  321.547069][ T6115] usb 6-1: Product: syz
[  321.548821][ T6115] usb 6-1: Manufacturer: syz
[  321.550722][ T6115] usb 6-1: SerialNumber: syz
[  321.554755][ T6115] usb 6-1: config 0 descriptor??
[  321.557061][T11336] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  321.560680][ T6115] hub 6-1:0.0: bad descriptor, ignoring hub
[  321.562797][ T6115] hub 6-1:0.0: probe with driver hub failed with error -5
[  321.586834][T11363] batman_adv: batadv0: Adding interface: ipvlan2
[  321.590905][T11363] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.600076][T11363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  321.604624][T11363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  321.609103][T11363] batman_adv: batadv0: Interface activated: ipvlan2
[  321.874703][ T6115] usb 6-1: USB disconnect, device number 39
[  321.949980][T11367] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1452'.
[  322.072521][T11373] capability: warning: `syz.0.1453' uses deprecated v2 capabilities in a way that may be insecure
[  322.252624][T11381] FAULT_INJECTION: forcing a failure.
[  322.252624][T11381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.264552][T11381] CPU: 3 UID: 0 PID: 11381 Comm: syz.0.1455 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  322.264574][T11381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  322.264582][T11381] Call Trace:
[  322.264588][T11381]  <TASK>
[  322.264594][T11381]  dump_stack_lvl+0x16c/0x1f0
[  322.264617][T11381]  should_fail_ex+0x512/0x640
[  322.264638][T11381]  _copy_from_user+0x2e/0xd0
[  322.264674][T11381]  snd_seq_oss_write+0x397/0x7d0
[  322.264695][T11381]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  322.264718][T11381]  ? apparmor_file_permission+0x251/0x400
[  322.264740][T11381]  ? bpf_lsm_file_permission+0x9/0x10
[  322.264755][T11381]  ? __pfx_odev_write+0x10/0x10
[  322.264766][T11381]  odev_write+0x51/0xa0
[  322.264783][T11381]  vfs_write+0x29d/0x1150
[  322.264805][T11381]  ? __pfx_vfs_write+0x10/0x10
[  322.264820][T11381]  ? find_held_lock+0x2b/0x80
[  322.264834][T11381]  ? __fget_files+0x204/0x3c0
[  322.264853][T11381]  ? __fget_files+0x20e/0x3c0
[  322.264867][T11381]  ? handle_mm_fault+0x220/0xd10
[  322.264888][T11381]  ksys_write+0x12a/0x250
[  322.264905][T11381]  ? __pfx_ksys_write+0x10/0x10
[  322.264923][T11381]  ? rcu_is_watching+0x12/0xc0
[  322.264938][T11381]  __do_fast_syscall_32+0x7c/0x3a0
[  322.264959][T11381]  do_fast_syscall_32+0x32/0x80
[  322.264978][T11381]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  322.264994][T11381] RIP: 0023:0xf707e579
[  322.265004][T11381] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  322.265016][T11381] RSP: 002b:00000000f504d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  322.265028][T11381] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000080
[  322.265036][T11381] RDX: 000000000000fd85 RSI: 0000000000000000 RDI: 0000000000000000
[  322.265043][T11381] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  322.265050][T11381] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  322.265057][T11381] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  322.265072][T11381]  </TASK>
[  322.345500][    C3] vkms_vblank_simulate: vblank timer overrun
[  322.482581][T11387] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  322.493746][T11387] CPU: 2 UID: 0 PID: 11387 Comm: syz.0.1458 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  322.493765][T11387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  322.493773][T11387] Call Trace:
[  322.493784][T11387]  <TASK>
[  322.493789][T11387]  dump_stack_lvl+0x16c/0x1f0
[  322.493812][T11387]  sysfs_warn_dup+0x7f/0xa0
[  322.493831][T11387]  sysfs_do_create_link_sd+0x124/0x140
[  322.493848][T11387]  sysfs_create_link+0x61/0xc0
[  322.493864][T11387]  device_add+0x62c/0x1a70
[  322.493879][T11387]  ? __pfx_device_add+0x10/0x10
[  322.493889][T11387]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  322.493909][T11387]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  322.493931][T11387]  wiphy_register+0x1c9c/0x2850
[  322.493944][T11387]  ? netdev_run_todo+0x864/0x1320
[  322.493961][T11387]  ? __pfx_wiphy_register+0x10/0x10
[  322.493979][T11387]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  322.493993][T11387]  ieee80211_register_hw+0x24ac/0x4140
[  322.494012][T11387]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  322.494026][T11387]  ? find_held_lock+0x2b/0x80
[  322.494038][T11387]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  322.494056][T11387]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  322.494068][T11387]  ? __hrtimer_setup+0x176/0x280
[  322.494087][T11387]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  322.494111][T11387]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  322.494131][T11387]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  322.494148][T11387]  ? __asan_memcpy+0x3c/0x60
[  322.494167][T11387]  hwsim_new_radio_nl+0xb51/0x12c0
[  322.494184][T11387]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  322.494205][T11387]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  322.494221][T11387]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  322.494239][T11387]  genl_family_rcv_msg_doit+0x209/0x2f0
[  322.494255][T11387]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  322.494270][T11387]  ? trace_cap_capable+0x18d/0x200
[  322.494301][T11387]  ? bpf_lsm_capable+0x9/0x10
[  322.494317][T11387]  ? security_capable+0x7e/0x260
[  322.494338][T11387]  ? ns_capable+0xd7/0x110
[  322.494352][T11387]  genl_rcv_msg+0x55c/0x800
[  322.494370][T11387]  ? __pfx_genl_rcv_msg+0x10/0x10
[  322.494385][T11387]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  322.494404][T11387]  ? __lock_acquire+0x622/0x1c90
[  322.494423][T11387]  netlink_rcv_skb+0x158/0x420
[  322.494436][T11387]  ? __pfx_genl_rcv_msg+0x10/0x10
[  322.494451][T11387]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  322.494469][T11387]  ? netlink_deliver_tap+0x1ae/0xd30
[  322.494480][T11387]  ? is_vmalloc_addr+0x86/0xa0
[  322.494498][T11387]  genl_rcv+0x28/0x40
[  322.494510][T11387]  netlink_unicast+0x53a/0x7f0
[  322.494523][T11387]  ? __pfx_netlink_unicast+0x10/0x10
[  322.494540][T11387]  netlink_sendmsg+0x8d1/0xdd0
[  322.494554][T11387]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.494567][T11387]  ? __import_iovec+0x1dd/0x650
[  322.494588][T11387]  ____sys_sendmsg+0xa98/0xc70
[  322.494603][T11387]  ? __pfx_____sys_sendmsg+0x10/0x10
[  322.494614][T11387]  ? get_compat_msghdr+0x11a/0x170
[  322.494639][T11387]  ___sys_sendmsg+0x134/0x1d0
[  322.494656][T11387]  ? __pfx____sys_sendmsg+0x10/0x10
[  322.494680][T11387]  ? find_held_lock+0x2b/0x80
[  322.494701][T11387]  __sys_sendmsg+0x16d/0x220
[  322.494717][T11387]  ? __pfx___sys_sendmsg+0x10/0x10
[  322.494733][T11387]  ? __pfx_bpf_trace_run2+0x10/0x10
[  322.494753][T11387]  ? syscall_trace_enter+0x1cb/0x260
[  322.494772][T11387]  ? rcu_is_watching+0x12/0xc0
[  322.494790][T11387]  __do_fast_syscall_32+0x7c/0x3a0
[  322.494811][T11387]  do_fast_syscall_32+0x32/0x80
[  322.494829][T11387]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  322.494844][T11387] RIP: 0023:0xf707e579
[  322.494854][T11387] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  322.494865][T11387] RSP: 002b:00000000f506e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  322.494891][T11387] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  322.494899][T11387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  322.494905][T11387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  322.494912][T11387] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  322.494918][T11387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  322.494933][T11387]  </TASK>
[  322.688846][T11398] syzkaller1: entered promiscuous mode
[  322.691333][T11398] syzkaller1: entered allmulticast mode
[  322.949191][T11411] ipt_REJECT: ECHOREPLY no longer supported.
[  322.957107][T11413] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  322.974747][   T29] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  322.993260][T11414] ptrace attach of "/syz-executor exec"[5946] was attempted by "/syz-executor exec"[11414]
[  322.998430][T11414] FAULT_INJECTION: forcing a failure.
[  322.998430][T11414] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.999909][T11417] FAULT_INJECTION: forcing a failure.
[  322.999909][T11417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  323.002677][T11414] CPU: 3 UID: 0 PID: 11414 Comm: syz.0.1465 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  323.002696][T11414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  323.002704][T11414] Call Trace:
[  323.002710][T11414]  <TASK>
[  323.002715][T11414]  dump_stack_lvl+0x16c/0x1f0
[  323.002738][T11414]  should_fail_ex+0x512/0x640
[  323.002759][T11414]  _copy_from_user+0x2e/0xd0
[  323.002783][T11414]  get_compat_msghdr+0xa7/0x170
[  323.002804][T11414]  ? __pfx_get_compat_msghdr+0x10/0x10
[  323.002825][T11414]  ? __lock_acquire+0x622/0x1c90
[  323.002844][T11414]  ___sys_recvmsg+0x191/0x1a0
[  323.002863][T11414]  ? __pfx____sys_recvmsg+0x10/0x10
[  323.002884][T11414]  ? find_held_lock+0x2b/0x80
[  323.002901][T11414]  ? __pfx___might_resched+0x10/0x10
[  323.002917][T11414]  do_recvmmsg+0x55d/0x750
[  323.002938][T11414]  ? __pfx_do_recvmmsg+0x10/0x10
[  323.002955][T11414]  ? trace_sched_exit_tp+0xde/0x130
[  323.002978][T11414]  ? __pfx___schedule+0x10/0x10
[  323.002995][T11414]  ? __fget_files+0x20e/0x3c0
[  323.003011][T11414]  ? handle_mm_fault+0x220/0xd10
[  323.003029][T11414]  __sys_recvmmsg+0x21c/0x280
[  323.003048][T11414]  ? __pfx___sys_recvmmsg+0x10/0x10
[  323.003071][T11414]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  323.003084][T11414]  ? lockdep_hardirqs_on+0x7c/0x110
[  323.003102][T11414]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  323.003121][T11414]  __do_fast_syscall_32+0x7c/0x3a0
[  323.003142][T11414]  do_fast_syscall_32+0x32/0x80
[  323.003161][T11414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.003177][T11414] RIP: 0023:0xf707e579
[  323.003187][T11414] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  323.003200][T11414] RSP: 002b:00000000f502c55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151
[  323.003212][T11414] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080001d00
[  323.003220][T11414] RDX: 0000000003ffffbd RSI: 0000000000000000 RDI: 0000000000000000
[  323.003227][T11414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.003234][T11414] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  323.003241][T11414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.003269][T11414]  </TASK>
[  323.105984][T11417] CPU: 1 UID: 0 PID: 11417 Comm: syz.1.1468 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  323.106009][T11417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  323.106019][T11417] Call Trace:
[  323.106026][T11417]  <TASK>
[  323.106033][T11417]  dump_stack_lvl+0x16c/0x1f0
[  323.106062][T11417]  should_fail_ex+0x512/0x640
[  323.106089][T11417]  _copy_from_iter+0x29f/0x16f0
[  323.106121][T11417]  ? __pfx__copy_from_iter+0x10/0x10
[  323.106147][T11417]  ? rcu_is_watching+0x12/0xc0
[  323.106163][T11417]  ? trace_kmalloc+0x2b/0xd0
[  323.106180][T11417]  ? __kmalloc_noprof+0x242/0x510
[  323.106209][T11417]  nfc_llcp_send_ui_frame+0x136/0x530
[  323.106229][T11417]  ? do_raw_spin_lock+0x12c/0x2b0
[  323.106258][T11417]  ? __pfx_nfc_llcp_send_ui_frame+0x10/0x10
[  323.106275][T11417]  ? llcp_sock_sendmsg+0x2e5/0x460
[  323.106291][T11417]  ? rcu_is_watching+0x12/0xc0
[  323.106306][T11417]  ? __local_bh_enable_ip+0xa4/0x120
[  323.106327][T11417]  llcp_sock_sendmsg+0x34b/0x460
[  323.106342][T11417]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  323.106371][T11417]  ____sys_sendmsg+0xa98/0xc70
[  323.106393][T11417]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.106411][T11417]  ? get_compat_msghdr+0x11a/0x170
[  323.106441][T11417]  ? __pfx__kstrtoull+0x10/0x10
[  323.106464][T11417]  ___sys_sendmsg+0x134/0x1d0
[  323.106490][T11417]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.106512][T11417]  ? __lock_acquire+0x622/0x1c90
[  323.106564][T11417]  __sys_sendmmsg+0x2f9/0x420
[  323.106592][T11417]  ? __pfx___sys_sendmmsg+0x10/0x10
[  323.106625][T11417]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  323.106661][T11417]  ? fput+0x70/0xf0
[  323.106677][T11417]  ? ksys_write+0x1ac/0x250
[  323.106699][T11417]  ? __pfx_ksys_write+0x10/0x10
[  323.106732][T11417]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  323.106759][T11417]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  323.106785][T11417]  __do_fast_syscall_32+0x7c/0x3a0
[  323.106812][T11417]  do_fast_syscall_32+0x32/0x80
[  323.106837][T11417]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.106858][T11417] RIP: 0023:0xf704e579
[  323.106870][T11417] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  323.106887][T11417] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[  323.106903][T11417] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001080
[  323.106928][T11417] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  323.106938][T11417] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.106947][T11417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  323.106957][T11417] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.106980][T11417]  </TASK>
[  323.225805][   T29] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  323.229382][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  323.232761][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  323.236462][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  323.241081][   T29] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  323.244638][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.250062][   T29] usb 8-1: config 0 descriptor??
[  323.406072][T11418] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  323.409557][T11418] CPU: 0 UID: 0 PID: 11418 Comm: syz.2.1469 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  323.409585][T11418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  323.409599][T11418] Call Trace:
[  323.409607][T11418]  <TASK>
[  323.409615][T11418]  dump_stack_lvl+0x16c/0x1f0
[  323.409653][T11418]  sysfs_warn_dup+0x7f/0xa0
[  323.409680][T11418]  sysfs_do_create_link_sd+0x124/0x140
[  323.409709][T11418]  sysfs_create_link+0x61/0xc0
[  323.409735][T11418]  device_add+0x62c/0x1a70
[  323.409758][T11418]  ? __pfx_device_add+0x10/0x10
[  323.409776][T11418]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  323.409808][T11418]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  323.409845][T11418]  wiphy_register+0x1c9c/0x2850
[  323.409865][T11418]  ? netdev_run_todo+0x864/0x1320
[  323.409893][T11418]  ? __pfx_wiphy_register+0x10/0x10
[  323.409932][T11418]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  323.409958][T11418]  ieee80211_register_hw+0x24ac/0x4140
[  323.409994][T11418]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  323.410019][T11418]  ? find_held_lock+0x2b/0x80
[  323.410038][T11418]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  323.410068][T11418]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  323.410088][T11418]  ? __hrtimer_setup+0x176/0x280
[  323.410119][T11418]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  323.410161][T11418]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  323.410193][T11418]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  323.410222][T11418]  ? __asan_memcpy+0x3c/0x60
[  323.410251][T11418]  hwsim_new_radio_nl+0xb51/0x12c0
[  323.410281][T11418]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  323.410318][T11418]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  323.410343][T11418]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  323.410374][T11418]  genl_family_rcv_msg_doit+0x209/0x2f0
[  323.410400][T11418]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  323.410424][T11418]  ? trace_cap_capable+0x18d/0x200
[  323.410450][T11418]  ? bpf_lsm_capable+0x9/0x10
[  323.410473][T11418]  ? security_capable+0x7e/0x260
[  323.410505][T11418]  ? ns_capable+0xd7/0x110
[  323.410529][T11418]  genl_rcv_msg+0x55c/0x800
[  323.410557][T11418]  ? __pfx_genl_rcv_msg+0x10/0x10
[  323.410581][T11418]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  323.410613][T11418]  ? __lock_acquire+0x622/0x1c90
[  323.410642][T11418]  netlink_rcv_skb+0x158/0x420
[  323.410663][T11418]  ? __pfx_genl_rcv_msg+0x10/0x10
[  323.410687][T11418]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  323.410722][T11418]  ? netlink_deliver_tap+0x1ae/0xd30
[  323.410740][T11418]  ? is_vmalloc_addr+0x86/0xa0
[  323.410771][T11418]  genl_rcv+0x28/0x40
[  323.410791][T11418]  netlink_unicast+0x53a/0x7f0
[  323.410815][T11418]  ? __pfx_netlink_unicast+0x10/0x10
[  323.410845][T11418]  netlink_sendmsg+0x8d1/0xdd0
[  323.410870][T11418]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.410893][T11418]  ? __import_iovec+0x1dd/0x650
[  323.410934][T11418]  ____sys_sendmsg+0xa98/0xc70
[  323.410962][T11418]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.410984][T11418]  ? get_compat_msghdr+0x11a/0x170
[  323.411033][T11418]  ___sys_sendmsg+0x134/0x1d0
[  323.411067][T11418]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.411115][T11418]  ? find_held_lock+0x2b/0x80
[  323.411153][T11418]  __sys_sendmsg+0x16d/0x220
[  323.411182][T11418]  ? __pfx___sys_sendmsg+0x10/0x10
[  323.411209][T11418]  ? __pfx_bpf_trace_run2+0x10/0x10
[  323.411243][T11418]  ? syscall_trace_enter+0x1cb/0x260
[  323.411274][T11418]  ? rcu_is_watching+0x12/0xc0
[  323.411296][T11418]  __do_fast_syscall_32+0x7c/0x3a0
[  323.411327][T11418]  do_fast_syscall_32+0x32/0x80
[  323.411356][T11418]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.411380][T11418] RIP: 0023:0xf7f62579
[  323.411395][T11418] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  323.411414][T11418] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  323.411432][T11418] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000040
[  323.411444][T11418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  323.411457][T11418] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.411469][T11418] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  323.411478][T11418] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.411533][T11418]  </TASK>
[  323.792910][   T29] plantronics 0003:047F:FFFF.000F: ignoring exceeding usage max
[  323.806740][   T29] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  323.825118][   T29] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  323.863302][T11431] sysfs: cannot create duplicate filename '/class/ieee80211/!å'
[  323.867064][T11431] CPU: 2 UID: 0 PID: 11431 Comm: syz.2.1472 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  323.867084][T11431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  323.867092][T11431] Call Trace:
[  323.867096][T11431]  <TASK>
[  323.867102][T11431]  dump_stack_lvl+0x16c/0x1f0
[  323.867123][T11431]  sysfs_warn_dup+0x7f/0xa0
[  323.867140][T11431]  sysfs_do_create_link_sd+0x124/0x140
[  323.867157][T11431]  sysfs_create_link+0x61/0xc0
[  323.867174][T11431]  device_add+0x62c/0x1a70
[  323.867188][T11431]  ? __pfx_device_add+0x10/0x10
[  323.867199][T11431]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  323.867219][T11431]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  323.867240][T11431]  wiphy_register+0x1c9c/0x2850
[  323.867253][T11431]  ? netdev_run_todo+0x864/0x1320
[  323.867269][T11431]  ? __pfx_wiphy_register+0x10/0x10
[  323.867286][T11431]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  323.867299][T11431]  ieee80211_register_hw+0x24ac/0x4140
[  323.867318][T11431]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  323.867332][T11431]  ? find_held_lock+0x2b/0x80
[  323.867344][T11431]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  323.867362][T11431]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  323.867377][T11431]  ? __hrtimer_setup+0x176/0x280
[  323.867395][T11431]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  323.867419][T11431]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  323.867439][T11431]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  323.867456][T11431]  ? __asan_memcpy+0x3c/0x60
[  323.867473][T11431]  hwsim_new_radio_nl+0xb51/0x12c0
[  323.867526][T11431]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  323.867549][T11431]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  323.867565][T11431]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  323.867585][T11431]  genl_family_rcv_msg_doit+0x209/0x2f0
[  323.867601][T11431]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  323.867616][T11431]  ? trace_cap_capable+0x18d/0x200
[  323.867632][T11431]  ? bpf_lsm_capable+0x9/0x10
[  323.867647][T11431]  ? security_capable+0x7e/0x260
[  323.867664][T11431]  ? ns_capable+0xd7/0x110
[  323.867677][T11431]  genl_rcv_msg+0x55c/0x800
[  323.867692][T11431]  ? __pfx_genl_rcv_msg+0x10/0x10
[  323.867711][T11431]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  323.867729][T11431]  ? __lock_acquire+0x622/0x1c90
[  323.867745][T11431]  netlink_rcv_skb+0x158/0x420
[  323.867757][T11431]  ? __pfx_genl_rcv_msg+0x10/0x10
[  323.867771][T11431]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  323.867790][T11431]  ? netlink_deliver_tap+0x1ae/0xd30
[  323.867802][T11431]  ? is_vmalloc_addr+0x86/0xa0
[  323.867821][T11431]  genl_rcv+0x28/0x40
[  323.867835][T11431]  netlink_unicast+0x53a/0x7f0
[  323.867849][T11431]  ? __pfx_netlink_unicast+0x10/0x10
[  323.867866][T11431]  netlink_sendmsg+0x8d1/0xdd0
[  323.867881][T11431]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.867894][T11431]  ? __import_iovec+0x1dd/0x650
[  323.867915][T11431]  ____sys_sendmsg+0xa98/0xc70
[  323.867930][T11431]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.867942][T11431]  ? get_compat_msghdr+0x11a/0x170
[  323.867969][T11431]  ___sys_sendmsg+0x134/0x1d0
[  323.867987][T11431]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.868010][T11431]  ? find_held_lock+0x2b/0x80
[  323.868030][T11431]  __sys_sendmsg+0x16d/0x220
[  323.868047][T11431]  ? __pfx___sys_sendmsg+0x10/0x10
[  323.868063][T11431]  ? __pfx_bpf_trace_run2+0x10/0x10
[  323.868083][T11431]  ? syscall_trace_enter+0x1cb/0x260
[  323.868102][T11431]  ? rcu_is_watching+0x12/0xc0
[  323.868116][T11431]  __do_fast_syscall_32+0x7c/0x3a0
[  323.868135][T11431]  do_fast_syscall_32+0x32/0x80
[  323.868152][T11431]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  323.868166][T11431] RIP: 0023:0xf7f62579
[  323.868176][T11431] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  323.868188][T11431] RSP: 002b:00000000f508655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  323.868200][T11431] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000040
[  323.868209][T11431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  323.868215][T11431] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  323.868221][T11431] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  323.868228][T11431] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  323.868242][T11431]  </TASK>
[  324.017015][T11433] syzkaller1: entered promiscuous mode
[  324.029013][T11433] syzkaller1: entered allmulticast mode
[  324.394401][  T838] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  324.444423][   T61] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  324.546422][  T838] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  324.550431][  T838] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.554482][  T838] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  324.557903][  T838] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  324.563832][  T838] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  324.567132][  T838] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  324.569749][  T838] usb 7-1: Manufacturer: syz
[  324.573326][  T838] usb 7-1: config 0 descriptor??
[  324.595824][   T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 22, changing to 7
[  324.599157][   T61] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8243, setting to 1024
[  324.602958][   T61] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  324.611657][   T61] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  324.614789][   T61] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.618994][   T61] usb 5-1: config 0 descriptor??
[  324.620970][T11445] ALSA: mixer_oss: invalid OSS volume ''
[  324.629088][   T61] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  324.723208][T11448] ==================================================================
[  324.723226][T11448] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  324.723261][T11448] Write of size 8 at addr ffffc90004b423e0 by task syz.1.1478/11448
[  324.723281][T11448] 
[  324.723292][T11448] CPU: 0 UID: 60928 PID: 11448 Comm: syz.1.1478 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  324.723321][T11448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  324.723336][T11448] Call Trace:
[  324.723344][T11448]  <TASK>
[  324.723353][T11448]  dump_stack_lvl+0x116/0x1f0
[  324.723386][T11448]  print_report+0xcd/0x680
[  324.723407][T11448]  ? __virt_addr_valid+0x81/0x610
[  324.723433][T11448]  ? sys_imageblit+0x1a6f/0x1e60
[  324.723457][T11448]  kasan_report+0xe0/0x110
[  324.723504][T11448]  ? sys_imageblit+0x1a6f/0x1e60
[  324.723536][T11448]  sys_imageblit+0x1a6f/0x1e60
[  324.723564][T11448]  ? __lock_acquire+0x622/0x1c90
[  324.723594][T11448]  ? __pfx_sys_imageblit+0x10/0x10
[  324.723618][T11448]  ? kasan_save_stack+0x42/0x60
[  324.723649][T11448]  ? lock_acquire+0x179/0x350
[  324.723675][T11448]  ? __page_table_check_ptes_set+0x1ae/0x420
[  324.723707][T11448]  ? find_held_lock+0x2b/0x80
[  324.723727][T11448]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[  324.723764][T11448]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  324.723793][T11448]  bit_putcs+0x90f/0xde0
[  324.723833][T11448]  ? __pfx_bit_putcs+0x10/0x10
[  324.723869][T11448]  ? fb_get_color_depth+0x120/0x250
[  324.723899][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.723933][T11448]  ? __pfx_bit_putcs+0x10/0x10
[  324.723964][T11448]  fbcon_putcs+0x383/0x4a0
[  324.724001][T11448]  con_putc+0x144/0x170
[  324.724024][T11448]  ? __pfx_con_putc+0x10/0x10
[  324.724046][T11448]  ? cache_dma_show+0x20/0x30
[  324.724082][T11448]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  324.724114][T11448]  complement_pos+0x2d3/0x4e0
[  324.724145][T11448]  ? __pfx_complement_pos+0x10/0x10
[  324.724175][T11448]  ? vc_do_resize+0x24d/0x10e0
[  324.724202][T11448]  ? __vmalloc_node_noprof+0xad/0xf0
[  324.724229][T11448]  clear_selection+0x1b/0x70
[  324.724256][T11448]  vc_do_resize+0xd9b/0x10e0
[  324.724312][T11448]  ? __pfx_vc_do_resize+0x10/0x10
[  324.724351][T11448]  fbcon_set_disp+0x7ad/0xe40
[  324.724381][T11448]  set_con2fb_map+0x703/0x1060
[  324.724410][T11448]  fbcon_set_con2fb_map_ioctl+0x16c/0x220
[  324.724441][T11448]  ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[  324.724472][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.724502][T11448]  do_fb_ioctl+0x328/0x7e0
[  324.724524][T11448]  ? __pfx_do_fb_ioctl+0x10/0x10
[  324.724542][T11448]  ? lockdep_hardirqs_on+0x7c/0x110
[  324.724574][T11448]  ? find_held_lock+0x2b/0x80
[  324.724605][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.724653][T11448]  fb_compat_ioctl+0x55e/0x670
[  324.724675][T11448]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  324.724698][T11448]  ? hook_file_ioctl_common+0x145/0x410
[  324.724729][T11448]  ? __fget_files+0x20e/0x3c0
[  324.724759][T11448]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  324.724781][T11448]  __ia32_compat_sys_ioctl+0x23f/0x370
[  324.724808][T11448]  __do_fast_syscall_32+0x7c/0x3a0
[  324.724842][T11448]  do_fast_syscall_32+0x32/0x80
[  324.724874][T11448]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.724900][T11448] RIP: 0023:0xf704e579
[  324.724917][T11448] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  324.724937][T11448] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  324.724958][T11448] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004610
[  324.724972][T11448] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  324.724985][T11448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.725008][T11448] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  324.725021][T11448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.725045][T11448]  </TASK>
[  324.725054][T11448] 
[  324.725075][T11448] The buggy address ffffc90004b423e0 belongs to a vmalloc virtual mapping
[  324.725086][T11448] Memory state around the buggy address:
[  324.725099][T11448]  ffffc90004b42280: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  324.725116][T11448]  ffffc90004b42300: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  324.725132][T11448] >ffffc90004b42380: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  324.725145][T11448]                                                        ^
[  324.725159][T11448]  ffffc90004b42400: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  324.725174][T11448]  ffffc90004b42480: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  324.725186][T11448] ==================================================================
[  324.725293][T11448] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  324.725309][T11448] CPU: 0 UID: 60928 PID: 11448 Comm: syz.1.1478 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[  324.725338][T11448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  324.725353][T11448] Call Trace:
[  324.725361][T11448]  <TASK>
[  324.725370][T11448]  dump_stack_lvl+0x3d/0x1f0
[  324.725402][T11448]  panic+0x71c/0x800
[  324.725430][T11448]  ? __pfx_panic+0x10/0x10
[  324.725458][T11448]  ? irqentry_exit+0x3b/0x90
[  324.725487][T11448]  ? lockdep_hardirqs_on+0x7c/0x110
[  324.725516][T11448]  ? sys_imageblit+0x1a6f/0x1e60
[  324.725548][T11448]  ? sys_imageblit+0x1a6f/0x1e60
[  324.725572][T11448]  check_panic_on_warn+0xab/0xb0
[  324.725603][T11448]  end_report+0x107/0x170
[  324.725636][T11448]  kasan_report+0xee/0x110
[  324.725657][T11448]  ? sys_imageblit+0x1a6f/0x1e60
[  324.725687][T11448]  sys_imageblit+0x1a6f/0x1e60
[  324.725714][T11448]  ? __lock_acquire+0x622/0x1c90
[  324.725742][T11448]  ? __pfx_sys_imageblit+0x10/0x10
[  324.725764][T11448]  ? kasan_save_stack+0x42/0x60
[  324.725797][T11448]  ? lock_acquire+0x179/0x350
[  324.725824][T11448]  ? __page_table_check_ptes_set+0x1ae/0x420
[  324.725857][T11448]  ? find_held_lock+0x2b/0x80
[  324.725878][T11448]  ? __pfx___page_table_check_ptes_set+0x10/0x10
[  324.725920][T11448]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  324.725949][T11448]  bit_putcs+0x90f/0xde0
[  324.725990][T11448]  ? __pfx_bit_putcs+0x10/0x10
[  324.726035][T11448]  ? fb_get_color_depth+0x120/0x250
[  324.726068][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.726106][T11448]  ? __pfx_bit_putcs+0x10/0x10
[  324.726139][T11448]  fbcon_putcs+0x383/0x4a0
[  324.726171][T11448]  con_putc+0x144/0x170
[  324.726193][T11448]  ? __pfx_con_putc+0x10/0x10
[  324.726214][T11448]  ? cache_dma_show+0x20/0x30
[  324.726246][T11448]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  324.726277][T11448]  complement_pos+0x2d3/0x4e0
[  324.726308][T11448]  ? __pfx_complement_pos+0x10/0x10
[  324.726340][T11448]  ? vc_do_resize+0x24d/0x10e0
[  324.726367][T11448]  ? __vmalloc_node_noprof+0xad/0xf0
[  324.726396][T11448]  clear_selection+0x1b/0x70
[  324.726423][T11448]  vc_do_resize+0xd9b/0x10e0
[  324.726462][T11448]  ? __pfx_vc_do_resize+0x10/0x10
[  324.726498][T11448]  fbcon_set_disp+0x7ad/0xe40
[  324.726531][T11448]  set_con2fb_map+0x703/0x1060
[  324.726566][T11448]  fbcon_set_con2fb_map_ioctl+0x16c/0x220
[  324.726600][T11448]  ? __pfx_fbcon_set_con2fb_map_ioctl+0x10/0x10
[  324.726637][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.726669][T11448]  do_fb_ioctl+0x328/0x7e0
[  324.726693][T11448]  ? __pfx_do_fb_ioctl+0x10/0x10
[  324.726716][T11448]  ? lockdep_hardirqs_on+0x7c/0x110
[  324.726749][T11448]  ? find_held_lock+0x2b/0x80
[  324.726781][T11448]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  324.726835][T11448]  fb_compat_ioctl+0x55e/0x670
[  324.726859][T11448]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  324.726883][T11448]  ? hook_file_ioctl_common+0x145/0x410
[  324.726913][T11448]  ? __fget_files+0x20e/0x3c0
[  324.726950][T11448]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  324.726974][T11448]  __ia32_compat_sys_ioctl+0x23f/0x370
[  324.727010][T11448]  __do_fast_syscall_32+0x7c/0x3a0
[  324.727047][T11448]  do_fast_syscall_32+0x32/0x80
[  324.727084][T11448]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  324.727114][T11448] RIP: 0023:0xf704e579
[  324.727131][T11448] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  324.727153][T11448] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  324.727175][T11448] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004610
[  324.727189][T11448] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  324.727203][T11448] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  324.727218][T11448] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  324.727233][T11448] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  324.727259][T11448]  </TASK>
[  324.728285][T11448] Kernel Offset: disabled

VM DIAGNOSIS:
04:44:13  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000073 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855820d5 RDI=ffffffff9b06ca00 RBP=ffffffff9b06c9c0 RSP=ffffc9000dfb6e68
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3030303963666657
R12=0000000000000000 R13=0000000000000073 R14=ffffffff9b06c9c0 R15=ffffffff85582070
RIP=ffffffff855820ff RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097560000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000057c594c0 CR3=000000002722b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff888027470000
RSI=ffffffff81604908 RDI=ffffffff93d12080 RBP=0000000000000001 RSP=ffffc90000590fd0
R8 =0000000000000001 R9 =fffffbfff27a2410 R10=ffffffff93d12087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3ce7d4fc80 ffffffff 00c00000
GS =0000 ffff888097660000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000000000000 CR3=0000000023def000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000005000001 Opmask01=0000000000000001 Opmask02=0000000010000000 Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe49a1504b 00007ffe49a1504b
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe49a15550 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe49a15550 0000003000000018
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e6f63007325 203a726f72726520 64656e7275746572 2072657672657300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40514b4a46005600 051f574a57574005 41404b5750514057 0557405357405600
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f76656462665f6d 726420205d383434 3131545b5d343637 3332372e34323320
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20296c6c75662854 504d454552502030 2320653561383934 633661633239672d
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 37353030302d7265 6c6c616b7a79732d 3363722d302e3631 2e36206465746e69
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 617420746f4e2038 3734312e312e7a79 73203a6d6d6f4320 3834343131203a44
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4950203832393036 203a444955203020 3a555043205d3834 343131545b5d3239
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65746e656d676172 66206562206c6c69 7720656361667265 746e692073696874
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff88801deb4880
RSI=ffffffff81604908 RDI=ffffffff93d12080 RBP=0000000000000002 RSP=ffffc90000538fd0
R8 =0000000000000001 R9 =fffffbfff27a2410 R10=ffffffff93d12087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097760000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73e6188 CR3=00000000285a7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005649ca6ddc50 00005649ca6ddc50
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffedad53a50 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3130322f31302f34 3020312b32316f70 627e322d332e3631 2e312d6e61696265
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343130322f31302f 343020312b32316f 70627e322d332e36 312e312d6e616962
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65642d332e36312e 3120534f4942202c 2939303032202c39 484349202b203533
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5128204350206472 61646e6174532055 4d4551203a656d61 6e20657261776472
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6148205d38343431 31545b5d31323333 32372e3432332020 5b203a6c656e7265
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff816048c0 RDX=ffff888020324880
RSI=ffffffff81604908 RDI=ffffffff93d12080 RBP=0000000000000003 RSP=ffffc900005e8fd0
R8 =0000000000000001 R9 =fffffbfff27a2410 R10=ffffffff93d12087 R11=0000000000000001
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81604909 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8f59c5fc80 ffffffff 00c00000
GS =0000 ffff888097860000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002ee1bff8 CR3=00000000285a7000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=000000000534c002 Opmask01=0000000000000000 Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005649ca6ddc50 00005649ca6ddc50
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffedad53a50 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6c737973007325 2e73250064252e73 2500656c6f736e6f 632f7665642f000a
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a49565c56005600 0b56000041000b56 000040494a564b4a 460a5340410a000a
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f76656462665f6d 726420205d383434 3131545b5d343637 3332372e34323320
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343130322f31302f 343020312b32316f 70627e322d332e36 312e312d6e616962
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 65642d332e36312e 3120534f4942202c 2939303032202c39 484349202b203533
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5128204350206472 61646e6174532055 4d4551203a656d61 6e20657261776472
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6148205d38343431 31545b5d31323333 32372e3432332020 5b203a6c656e7265
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000