last executing test programs:

24m46.864700508s ago: executing program 4 (id=1552):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000140)=[{}], 0x1, 0xfffffbf3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00'}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48)

24m40.684071741s ago: executing program 4 (id=1558):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
syz_open_dev$evdev(0x0, 0x4ee97ffd, 0x8e00)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, 0x0, &(0x7f0000000000))
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf50, 0x2924, 0xffff, 0x9dff, 0xf})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
r3 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
sendmsg$FOU_CMD_ADD(r2, 0x0, 0x22008000)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x5, 0xc0)

24m38.060002848s ago: executing program 4 (id=1565):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xf88e470f}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0xeeee0000, 0xeeef0000, 0xdddd0000, 0xb000], 0x2000000db, 0xc})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0x4000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0x7e, 0x4, 0x11, 0x5, 0x80204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x1, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x5, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5}], 0xffffffff})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r1 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

24m33.890791823s ago: executing program 4 (id=1577):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = socket(0x1, 0x803, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
accept$unix(r0, &(0x7f0000000000)=@abs, &(0x7f0000000200)=0x6e)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
sendmmsg$unix(r0, 0x0, 0x50, 0x22008041)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a42, 0x0)
mmap(&(0x7f0000535000/0x2000)=nil, 0x2000, 0xc, 0x28011, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
getrlimit(0xb, &(0x7f0000000380))
setxattr$incfs_metadata(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), &(0x7f0000000340)="7d4137610a481e6d6ce772dc35d970c4e3f77552d735a0ce11f53895ec03cdcb307bccb8d10870d6d093aeb49f", 0x2d, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000280)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0)
fadvise64(0xffffffffffffffff, 0x18, 0x8000000000000000, 0x4)

24m28.091992832s ago: executing program 4 (id=1586):
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
r1 = timerfd_create(0x0, 0x80000)
timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
timerfd_gettime(r1, &(0x7f0000000000))
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe)
syz_open_dev$loop(&(0x7f0000000180), 0x75d, 0x2480)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

24m24.687208871s ago: executing program 4 (id=1604):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1201, 0x0)
write$dsp(r2, &(0x7f00000012c0), 0x0)
poll(&(0x7f00000000c0)=[{r2, 0x1040}, {r1, 0x2187}], 0x2, 0x3ff)

24m8.521130471s ago: executing program 32 (id=1604):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1201, 0x0)
write$dsp(r2, &(0x7f00000012c0), 0x0)
poll(&(0x7f00000000c0)=[{r2, 0x1040}, {r1, 0x2187}], 0x2, 0x3ff)

8.944806857s ago: executing program 2 (id=11407):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
pipe(0x0)
r4 = io_uring_setup(0x177b, &(0x7f00000002c0)={0x0, 0x6ff, 0x80, 0x7, 0x3d1})
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
preadv2(r5, &(0x7f0000000000)=[{&(0x7f0000000340)=""/136, 0x88}], 0x1, 0x5, 0x1, 0x0)
close_range(r4, 0xffffffffffffffff, 0x200000000000000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2404c8c0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x22601, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket(0x8000000010, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x2482, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48})

8.584076855s ago: executing program 3 (id=11412):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5b14d3f6d6ed10e9)
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x482, 0x0)
r1 = syz_io_uring_setup(0x475, &(0x7f0000000180)={0x0, 0x289b, 0x10006, 0x1, 0x31f}, &(0x7f0000000000), &(0x7f00000000c0))
io_uring_enter(r1, 0x514f, 0x10b9, 0xb, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x21a006, &(0x7f0000000e40)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}})

8.264039533s ago: executing program 3 (id=11416):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000600)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000300), 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000024000701fefffffffcdbdf2503"], 0x20}, 0x1, 0x0, 0x0, 0x240080d1}, 0x8010)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8937, &(0x7f0000000000)={'veth0_vlan\x00', @random="010000201000"})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a31000000000803000000fffffc500000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002400038020000080080003400000000214000b8010000180090001006c61737400000000140000001100010000000000000000000300000a"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x15)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000003060102dec06a2c843c0b00000000000000000a0000010500010007000000b9f1e03f360d6440fd0834f2ba539876f2ad22aa0b6f7fd4ece7ca81356d34c908165bfd6b9d08f5902c08f02b9093f42ba0bbde320d32a13aeb0d9b662f384d3474a0ca5620b18e25f10a52ddaab0874efea591f6240bda4e62f322f3f96e17d8d4980e10d8c6f00b3c2d8b63bc450ac135000000008dcfd7261f5fd15a3e85774233521b9dd6ff401eb7f0a7e756c5fccc4b558c6119f934f46c23c2f5dcca1e319a590da891d5abbffdd633238a4fd25f5db0f91c99a4cf34bd00cd587cc369c08ac979c12ccbe942414dcc1e6b9d2f184b8595bfe8f1b27782da9ef4b01f6fb683f0b3"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r6, 0x4001af84, &(0x7f0000000000))
ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x4001af84, &(0x7f0000000340))
ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r5, 0xc0c89425, 0x0)
prctl$PR_SET_UNALIGN(0x6, 0x2)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r8=>0x0})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r6, 0xc0c89425, &(0x7f0000000500)={"d3080edb003629e4b6a6c5a17e8268d0", r8, 0x0, {0x8}, {0xa8, 0xfffffffb}, 0x4, [0x8, 0xa, 0x4, 0x0, 0x9, 0x5, 0x0, 0xad, 0x7, 0x8, 0x5, 0x1, 0x1, 0x8, 0x3, 0xffffffffffffffff]})

7.826185222s ago: executing program 3 (id=11420):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffffff0000000000100000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
r1 = io_uring_setup(0x62d2, &(0x7f00000004c0)={0x0, 0x108b896, 0x10, 0x0, 0x237})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000540)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, 0x0, &(0x7f0000000040)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r4}, 0x10)
uname(&(0x7f0000000180)=""/224)
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r1, 0x19, &(0x7f0000000000)={0x80, 0xfffffffb, 0x5}, 0x0)

7.63537835s ago: executing program 3 (id=11423):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x78, r1, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0x421}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x3}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x1113}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xb6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0xd8}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x1f, 0x24, [{0x30}, {0x30}, {0x3, 0x1}, {0x30}, {0x5, 0x1}, {0x36, 0x1}, {0x24}, {0xc, 0x1}, {0x3}, {0x12, 0x1}, {0x60, 0x1}, {0x1b, 0x1}, {0x3, 0x1}, {0xc}, {0x4, 0x1}, {0x24, 0x1}, {0x60}, {0x1b}, {0x6, 0x1}, {0x60, 0x1}, {0x25, 0x1}, {0x60, 0x1}, {0x3, 0x1}, {0xb}, {0xb, 0x1}, {0x30, 0x1}, {0x12}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4001}, 0x2400c800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2400e844)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x2b, 0x0, 0xb, 0xc, 0x1})
write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="7a67020010000000186700000f00000000000000ffffffff181100009452a16aa1afdcef1d5f818936ec7979284c30ad5006e3d60816e865d71e180bec2744e901f63a03320ee6b1e297e0534709ab572e979166985e9b4aa771d5f708cb237ca13ee321229eeb005a48c8ef4a5d826d1274ed60280a084a38ae0b760ec92ad1f39e702497f7c0396f4035f37a8f7e137f3d4962711aeb126aeb2ed4e0468dad9a", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000360e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000183a0000020000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300008000000085000000060000009794800001000000"], &(0x7f0000000580)='GPL\x00', 0x7, 0xbf, &(0x7f00000005c0)=""/191, 0x41000, 0x22, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000680)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x9, 0x9, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3], 0x0, 0x10, 0x3}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xd, @mcast2, 0x7}, 0x1c)

6.554771087s ago: executing program 3 (id=11427):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
fstatfs(r2, &(0x7f0000000a40)=""/4096)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000240)={0x18, r1})
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, 0x0, &(0x7f00000001c0)}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000006000000000000000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d)
r8 = socket$inet6(0xa, 0xa, 0x0)
sendto$inet6(r8, 0x0, 0x0, 0x4008000, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2, 0x7}, 0x30)
sendto$inet6(r8, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_udp_int(r8, 0x11, 0x1, &(0x7f0000000080), 0x4)

5.257686398s ago: executing program 2 (id=11431):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x181341, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r3, &(0x7f0000001600)=[{&(0x7f0000000040)=""/35, 0x2b}], 0x1, 0x0, 0x0)
ioctl$TIOCGSOFTCAR(r1, 0x5414, &(0x7f0000000280))
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x3, &(0x7f0000000140)=[{0x54}, {0x25}, {0x6}]})
close_range(r2, r4, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf2512000000180001801400020076657468300000000000000008000000080009"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0)
r5 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001080), 0x8841, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000040)=0x5)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000240)=0x6)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000eb0626f50000000000080000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x4fa, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x1, 0x0, 0x0, 0x64, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94)
sendto$inet6(r5, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x101000, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r8, 0xc004ae02, 0x0)

4.820076315s ago: executing program 0 (id=11436):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r1, r0, 0x80000)
sched_setscheduler(0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)

3.371252473s ago: executing program 2 (id=11442):
unshare(0x480)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040), 0x12b201, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000000), &(0x7f0000000080)='%-010d \x00'}, 0x20)
write$P9_RXATTRCREATE(r0, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x80, 0x0, 0xffffffffffffffff, 0x0)

3.124226631s ago: executing program 0 (id=11444):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x88}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in6=@local, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000", 0x17}], 0x1}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

2.964083798s ago: executing program 2 (id=11446):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x169a82, 0x109)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000200)=@ccm_128={{0x304}, "078e94ff80f6eba7", "2c7ed0f1b674a0b2d611706905e025df", "49d1b571", "7f7c49b6f85fdc38"}, 0x28)
r1 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f0000001d40)=[{{&(0x7f0000000140)={0xa, 0x4e22, 0x80, @remote, 0x1}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000340)='>', 0x1}], 0x1}}], 0x1, 0x4000054)
sendto$inet6(r3, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r3, 0x1)
writev(r3, &(0x7f0000001580)=[{&(0x7f0000000380)='!', 0x34000}], 0x1)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1f, 0x17, &(0x7f0000000080)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xb8}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x2cfc08c20dafc34e}, {r1, 0xf102}, {0xffffffffffffffff, 0x5018}], 0x3, 0x8000007)
memfd_create(&(0x7f0000000000)='*\x92.\x00', 0x5)
sendfile(r0, r0, 0x0, 0xb)

2.754500713s ago: executing program 0 (id=11449):
syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
r0 = syz_open_dev$loop(&(0x7f0000000180), 0x200000002, 0x400)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x48, &(0x7f00000001c0)=[@in6={0xa, 0x4e21, 0x7ff, @private1, 0xeb3}, @in6={0xa, 0x4e21, 0x7, @remote, 0x9}, @in={0x2, 0x4e21, @remote}]}, &(0x7f0000000180)=0x10)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000002060101000000000000000000f90003050005000a0000000900020073797a3000000000050001009f"], 0x30}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000a40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001c0001000000000004086aa42d"], 0x30}}, 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000100)={r3, 0x8003, 0xfd, 0x1, 0x300, 0xa}, 0x14)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001c40)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670000000000005601000000ff07ad67060000020000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56601a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1fb3f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8d4fee81e3cdd5daf2cdad3d1a74a2f078aa6402483856a6e494408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae060959c9639564f000fc3cdd05a1575c91cf5ba8b2db403681ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f8000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780e95c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcba6ec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0d642986f8bbc7340bc6393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d6812467c1a4186edd036f15bf847c50f79e1a0ad3d2b5080ecb0148e2b86177869884ae62420c9f1b534e969fce97ffff070000000000dbbfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388892c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861224799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a0c3e28f359608ea326c77a1aa17318f392a0ec6c188916f452533d4327feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe481a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8668f076c659f56d6c7f97a96d6cdf45cfe88b30c170000000001000000effbf33bd1becb0de0a080931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db223f2be09295e4a8da03d23b48bb38b31a14ffcddd92c38f6b6d86a0e5ed47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f130000000000000000000000000000000000000000002a37163e8d7ef2f3c58d045f0700000094029acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @sched_cls}, 0x43)
sendmmsg$unix(r6, &(0x7f0000005e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x18, 0x1, 0x1, [r6, r5]}}], 0x18}}], 0x1, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x5, 0x5, 0x6, 0x4, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x50)
close(0x3)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0x40}, 0x50)
setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080), 0x3)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x7ffe}, 0x50)
fanotify_mark(0xffffffffffffffff, 0x1, 0x8800103a, 0xffffffffffffffff, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched_retired(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newtaction={0x44, 0x32, 0x69b6754e5abcd1c9, 0x70bd24, 0x25dfdbfb, {}, [{0x30, 0x1, [@m_ipt={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x80c1}, 0x9080)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000440)=@o_path={&(0x7f0000000400)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000070000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x4, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0xf8}, [@generic={0x5, 0x1, 0xe, 0x9, 0x10}]}, &(0x7f0000000500)='GPL\x00', 0xf4b, 0xbd, &(0x7f0000000540)=""/189, 0x40f00, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000006c0)=[r9, r7, r6, r8, r8, r1, r7, r8], &(0x7f0000000700)=[{0x5, 0x2, 0xa, 0x8}, {0x4, 0x3, 0x6, 0x5}, {0x4, 0x4, 0x10, 0x5}, {0x3, 0x3, 0x3, 0x7}, {0x4, 0x4, 0x3, 0x4}, {0x4, 0x2, 0xd, 0x4}], 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000480)='fscache_cache\x00', r11}, 0x18)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}})

2.360801557s ago: executing program 5 (id=11452):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20)
connect$l2tp6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x20)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
bind$rxrpc(r2, &(0x7f0000000100)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @multicast1}}, 0x24)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
unshare(0x2c020400)
socket$l2tp6(0xa, 0x2, 0x73)
connect$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x8ed, @none, 0x7}, 0xe)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x3, 0x1ea}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x35, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})
getsockname(r1, 0x0, &(0x7f0000000140))
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000600)={'8255\x00', [0x4f27, 0x2, 0x3, 0xc466, 0x4, 0xcc7, 0xc9, 0x5c952399, 0x5, 0x1000, 0x802, 0x1607, 0x1, 0x6, 0xc, 0x81, 0x6fd5, 0x4, 0x3, 0x2, 0x8, 0xfffffffd, 0xfffffffd, 0xfffffff5, 0x475c, 0x3, 0x10002, 0x8, 0x0, 0x8000000, 0x6]})
r7 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x21002, 0x0)
setresuid(0xee01, 0xee01, 0x0)
socket(0x26, 0x1, 0x7)
writev(r7, &(0x7f0000001640)=[{&(0x7f0000001380)="c8e507", 0x3}, {0x0}], 0x2)

2.337990506s ago: executing program 0 (id=11453):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x78, r1, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0x421}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x3}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x1113}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xb6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0xd8}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x20, 0x24, [{0x30}, {0x30}, {0x3, 0x1}, {0x30}, {0x5, 0x1}, {0x36, 0x1}, {0x24}, {0xc, 0x1}, {0x3}, {0x12, 0x1}, {0x6, 0x1}, {0x9, 0x1}, {0x60, 0x1}, {0x1b, 0x1}, {0x3, 0x1}, {0xc}, {0x4, 0x1}, {0x24, 0x1}, {0x60}, {0x6, 0x1}, {0x60, 0x1}, {0x48}, {0x5, 0x1}, {0x60}, {0xb}, {0xb, 0x1}, {0x30, 0x1}, {0x12}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4001}, 0x2400c800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2400e844)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x2b, 0x0, 0xb, 0xc, 0x1})
write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="7a67020010000000186700000f00000000000000ffffffff181100009452a16aa1afdcef1d5f818936ec7979284c30ad5006e3d60816e865d71e180bec2744e901f63a03320ee6b1e297e0534709ab572e979166985e9b4aa771d5f708cb237ca13ee321229eeb005a48c8ef4a5d826d1274ed60280a084a38ae0b760ec92ad1f39e702497f7c0396f4035f37a8f7e137f3d4962711aeb126aeb2ed4e0468dad9a", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000360e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000183a0000020000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300008000000085000000060000009794800001000000"], &(0x7f0000000580)='GPL\x00', 0x7, 0xbf, &(0x7f00000005c0)=""/191, 0x41000, 0x22, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000680)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x9, 0x9, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3], 0x0, 0x10, 0x3}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xd, @mcast2, 0x7}, 0x1c)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, 0x0)

1.962479291s ago: executing program 5 (id=11455):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
pipe(0x0)
r4 = io_uring_setup(0x177b, &(0x7f00000002c0)={0x0, 0x6ff, 0x80, 0x7, 0x3d1})
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000140)=0x200000000)
preadv2(r5, &(0x7f0000000000)=[{&(0x7f0000000340)=""/136, 0x88}], 0x1, 0x5, 0x1, 0x0)
close_range(r4, 0xffffffffffffffff, 0x200000000000000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2404c8c0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x22601, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket(0x8000000010, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x2482, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48})

1.247173555s ago: executing program 1 (id=11456):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = mq_open(&(0x7f0000000000)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xf3X\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00', 0x6e93ebbbcc0884f2, 0x42, &(0x7f0000000300)={0x1, 0x2, 0x3, 0xfffffffffffffffd})
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x3fbd, 0xa1eb}, &(0x7f0000000040)=0xfffffffffffffe7e)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00003ae000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000105000/0x1000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x2b)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0)
recvfrom(r2, 0x0, 0x0, 0x32, 0x0, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000280)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000670800450000201f86004300119078006fc851bc2008e0bc2d9f0000000000000000004e20000c907801400001"], 0x0)
r5 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r5, &(0x7f00000002c0)='\x00', 0x1, 0x20000040, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r5, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="55d1", 0x2}], 0x1}, 0x4000)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="16000000000050f100"/20, @ANYRES32=0x1, @ANYBLOB='@\x00'/20, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="05000000010000000500"/28], 0x50)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)

1.062945854s ago: executing program 2 (id=11457):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x7})
mprotect(&(0x7f0000098000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000080)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_CONTROLLER=0xfe})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x40000107}]})
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="0000100001000000e1fcffffffffffff000a140000001000010000000000000002000000000a"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r7, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000480)={{}, {}, [], {0x4, 0x1}, [{0x8, 0x4}], {0x10, 0x3}, {0x20, 0x7}}, 0x2c, 0x1)
setreuid(0xffffffffffffffff, 0xee01)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
io_setup(0x10000, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r9, 0x0, 0x2}, 0x18)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
brk(0x200000ff8000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x1c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

1.062623589s ago: executing program 5 (id=11458):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x185880)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000280)={0x0, 0x2000, 0x5000000, {0x401, 0x2}, 0xfffffff7, 0x2})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r2 = io_uring_setup(0x7691, &(0x7f0000000140)={0x0, 0x58fb, 0x10, 0x801, 0x23f})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'wp512\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000001380)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)="176b0db5d25446463f74d3740a70f6e0249ca79eab579bc57df5837189a49908837dae500632174cac1efc0e61b9cbcde67b0070c8bb46c63d478881c92de1d95dcc82811ba3e4d049aa70572e323a9b76d3fe56fc785245e3dd4eb6fd1d435e39", 0x61}, {&(0x7f0000000700)="3e3a388d6679a4d54252c4c5fcf45ad93c75220c854270f591b4d36ebac30a67f3a278700970170e8a8519577a59b4e295a857eb952ce42ce95d4ba35f2eb622a380e72c66c93196ebf3cfcfad14644e6dcceb00920705382fadef5c17ea", 0x5e}], 0x2, 0x0, 0x0, 0x11}], 0x1, 0xc48d4)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x2, 0x250, [], 0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000050000000000000000000000000000000000000000000000000000000000ffffffff010000000300000000000000000069703667726530000000000000000000746561"]}, 0xf5)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x9c}}, 0x4000020)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r5, 0x0, 0x4000, 0x4000, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x0, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a18010000060a0b0400000000000000000200000034000480300001800a0001006d617463680000002000028008000240000000030b000100736f636b6574000005000300d60000000900010073797a30000000000900020073797a3200000000b70007"], 0x140}, 0x1, 0x0, 0x0, 0x40480e0}, 0x4008014)

1.033327028s ago: executing program 0 (id=11459):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x88}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in6=@local, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000", 0x17}], 0x1}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xb8}}, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)

1.018235575s ago: executing program 1 (id=11460):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xf5, &(0x7f0000000200)={0xa, 0x4e23, 0x80000001, @loopback, 0x9}, 0x1c)
r0 = syz_open_dev$loop(&(0x7f0000000280), 0xa4f, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
unshare(0x22020600)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xfffffffffffffffb}, 0x18)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}})

841.199426ms ago: executing program 5 (id=11461):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0)
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r0, 0x3ba0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x2a, &(0x7f0000000000)=0x1, 0x4)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
r5 = add_key(&(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$set_timeout(0xf, r5, 0x280000000000000)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r1, 0x3b87, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0xe})

840.936441ms ago: executing program 1 (id=11462):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x40000)
syz_open_dev$sg(0x0, 0xf9ba, 0x14b082)
mkdirat(0xffffffffffffff9c, 0x0, 0x22)
landlock_create_ruleset(0x0, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x2148c3, 0x13d)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r2 = accept(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r2, &(0x7f000000b680)={0x0, 0x0, 0x0}, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000200)='./bus/file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

814.284135ms ago: executing program 0 (id=11463):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000500)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x14}, 0x3}, 0x1c, &(0x7f0000000680)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x2000009, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000001b40)=[{&(0x7f0000000b40)='2', 0x1}], 0x1}}], 0x2, 0x4000840)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x200000000, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_generic(r0, 0x0, 0x20000080)
r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x203, 0x8401)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_DSTOPTS(r9, 0x29, 0x3b, 0x0, 0x8)
connect$inet6(r9, 0x0, 0x0)
ioctl$USBDEVFS_FORBID_SUSPEND(r8, 0x5521)
ioctl$KVM_GET_MSR_INDEX_LIST(r7, 0xc004ae02, 0x0)

704.021214ms ago: executing program 1 (id=11464):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000200)={0x0, 0x5, 0xa, "0efb186af90a853abfcc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1)
read$FUSE(0xffffffffffffffff, &(0x7f00000034c0)={0x2020}, 0xcac)
sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x50, r2, 0x1, 0x70bd2d, 0xfffffffc, {0x36}, [@handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xfffffca3}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xfe, 0xba, 0x56, 0x10, 0xcf3, 0x9374, 0x8c11, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x4d, 0x7f, 0x1, 0x4e, 0xf2, 0xa1, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}]}}]}}]}}, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r3, 0xa08, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x5, 0xb}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000020303000000000000000000000000000900020000000008"], 0x28}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x7c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000100800010001"], 0x1c}}, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000825bd7000ffffff7f0b00000008000300", @ANYRES32, @ANYBLOB="0c009900ff00000024000000040028000000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0)

703.77842ms ago: executing program 5 (id=11465):
r0 = socket(0x5, 0x80002, 0x80000000)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)=@ipv6_getnexthop={0x44, 0x6a, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@NHA_GROUPS={0x4}, @NHA_ID={0x8}, @NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x2}, @NHA_OIF={0x8, 0x5, r3}, @NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x20048800}, 0x80)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000055003d0902000000fcdbdf2507000000", @ANYRES32=r3, @ANYBLOB="20000100", @ANYRESHEX=r4, @ANYBLOB="00e8c304cb"], 0x38}}, 0x0)
ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000000)={0x83, 0x33, &(0x7f0000000140)="16ac9c874c71f954242568014d244e19fcd58289e93d922e854e304034d9a9a68ddfa0ad43570cd8bcae8f2b7b69a709a3288908bcc1ec9a5668f808b71c124fc51f6b83267c7aff4579760e468282bb843a9ebda2201788515c4bf08b277ec3fb2319d5f242ffbae760e3022147f304408b6556cecf685ce03aa795cbfcad2c3f27349d8f3fde39fd830a775ce52334c15ade852440de79ece44cb1f0daa16a2f2d2d9a307649aecf9c5f8497279aa14573c9b143034ac76316ba9495c946b51fbc1faebc00dae8e0a0a6a1480cf1553d72d931f83615e3da43fcdad162b815872d2cff5a4bc1d4044a86eec3ef1634dd", {0x4, 0x5, 0x3831354f, 0x2, 0x10001, 0x5, 0xb, 0x8}})
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000100)={r3, 0x1, 0x6, @remote}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4affeeaf541d002007"], 0x44}}, 0x4000000)

566.413374ms ago: executing program 1 (id=11466):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket(0xa, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x15)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r3=>0x0})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x7c, r2, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x2, 0x421}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x3}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x1113}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xb6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0xd8}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x23, 0x24, [{0x30}, {0x30}, {0x3, 0x1}, {0x30}, {0x5, 0x1}, {0x36, 0x1}, {0x24}, {0x3}, {0x12, 0x1}, {0x6, 0x1}, {0x9, 0x1}, {0x60, 0x1}, {0x1b, 0x1}, {0x3, 0x1}, {0xc}, {0x4, 0x1}, {0x24, 0x1}, {0x60}, {0x1b}, {0x6, 0x1}, {0x60, 0x1}, {0x48}, {0x5, 0x1}, {0x25, 0x1}, {0x60, 0x1}, {0x60}, {0x3, 0x1}, {0xb}, {0xb, 0x1}, {0x30, 0x1}, {0x12}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4001}, 0x2400c800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2400e844)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x2b, 0x0, 0xb, 0xc, 0x1})
write$bt_hci(r4, &(0x7f0000000080)=ANY=[], 0x6)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r5=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="7a67020010000000186700000f00000000000000ffffffff181100009452a16aa1afdcef1d5f818936ec7979284c30ad5006e3d60816e865d71e180bec2744e901f63a03320ee6b1e297e0534709ab572e979166985e9b4aa771d5f708cb237ca13ee321229eeb005a48c8ef4a5d826d1274ed60280a084a38ae0b760ec92ad1f39e702497f7c0396f4035f37a8f7e137f3d4962711aeb126aeb2ed4e0468dad9a", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000360e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000183a0000020000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300008000000085000000060000009794800001000000"], &(0x7f0000000580)='GPL\x00', 0x7, 0xbf, &(0x7f00000005c0)=""/191, 0x41000, 0x22, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000680)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x9, 0x9, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r4], 0x0, 0x10, 0x3}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xd, @mcast2, 0x7}, 0x1c)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, 0x0)

425.891738ms ago: executing program 2 (id=11467):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_FLAGS={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

419.484227ms ago: executing program 3 (id=11468):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}]}, 0x40}}, 0x0) (async)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
unshare(0x4000400) (async)
ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) (async)
r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fffffffffffffde, 0x161041)
clock_gettime(0x0, &(0x7f0000002400)={<r2=>0x0, <r3=>0x0})
ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x3, 0x8, 0x4, 0x102001, 0x0, {r2, r3/1000+10000}, {0x4, 0x1, 0x1, 0x0, 0x53, 0x5a, "5ab52781"}, 0x2, 0x1, {0x0}, 0x5}) (async)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$P9_RLERRORu(r5, &(0x7f0000000240)=ANY=[], 0x10) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40) (async)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x20, 0x10012, r5, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r7 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\xe5h\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\x86B%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xda\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x4) (async)
r8 = socket$inet6(0x10, 0x3, 0x0) (async)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000c80)={'batadv_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000380)=@ipv4_newaddr={0x3c, 0x14, 0x509, 0x70bd28, 0x25dfdbfd, {0x2, 0x20, 0x0, 0xc8, r10}, [@IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_RT_PRIORITY={0x8, 0x9, 0x7}, @IFA_LABEL={0x14, 0x3, 'sit0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8004}, 0x0) (async)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r7, 0x0) (async)
syz_emit_ethernet(0x11, &(0x7f0000000340)={@local, @empty, @void, {@x25={0x805, {0x0, 0x6, 0x23}}}}, &(0x7f0000000000)={0x0, 0x4, [0xb3c, 0x2be, 0x99, 0x3b6]}) (async)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32, @ANYBLOB="800202000a000200577f0000aabb000020000e80"], 0x48}}, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) (async)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_delroute={0x34, 0x19, 0x901, 0x0, 0x1, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_FLOW={0x8, 0xb, 0x17}]}, 0x34}}, 0x24041)

418.685025ms ago: executing program 5 (id=11469):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x3, 0x180, 0x2, 0x7, 0xf1, 0x100000001, 0x1, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbd9], 0xffff1001, 0x43100})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x7, 0x8000000009, 0x803, 0x0, 0x9], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x1, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x75, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xf000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 6)

0s ago: executing program 1 (id=11470):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000080)=0x200, 0x4)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa, 0x4, &(0x7f0000006680))
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r2=>0x0})
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x78, r1, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x2, 0x421}}}}, [@NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x3}, @NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT={0x8, 0x17, 0x1113}, @NL80211_MESHCONF_NOLEARN={0x5, 0x1e, 0x1}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0xb6}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0xd8}]}, @NL80211_ATTR_BSS_BASIC_RATES={0x20, 0x24, [{0x30}, {0x30}, {0x3, 0x1}, {0x30}, {0x5, 0x1}, {0x36, 0x1}, {0x24}, {0xc, 0x1}, {0x3}, {0x12, 0x1}, {0x6, 0x1}, {0x9, 0x1}, {0x60, 0x1}, {0x1b, 0x1}, {0x3, 0x1}, {0xc}, {0x4, 0x1}, {0x24, 0x1}, {0x60}, {0x6, 0x1}, {0x60, 0x1}, {0x48}, {0x5, 0x1}, {0x60}, {0xb}, {0xb, 0x1}, {0x30, 0x1}, {0x12}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x78}, 0x1, 0x0, 0x0, 0x4001}, 0x2400c800)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x2400e844)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x2b, 0x0, 0xb, 0xc, 0x1})
write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x11, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="7a67020010000000186700000f00000000000000ffffffff181100009452a16aa1afdcef1d5f818936ec7979284c30ad5006e3d60816e865d71e180bec2744e901f63a03320ee6b1e297e0534709ab572e979166985e9b4aa771d5f708cb237ca13ee321229eeb005a48c8ef4a5d826d1274ed60280a084a38ae0b760ec92ad1f39e702497f7c0396f4035f37a8f7e137f3d4962711aeb126aeb2ed4e0468dad9a", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000360e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000183a0000020000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300008000000085000000060000009794800001000000"], &(0x7f0000000580)='GPL\x00', 0x7, 0xbf, &(0x7f00000005c0)=""/191, 0x41000, 0x22, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000680)={0x4, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x3, 0x9, 0x9, 0x1}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3], 0x0, 0x10, 0x3}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xd, @mcast2, 0x7}, 0x1c)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, 0x0)

kernel console output (not intermixed with test programs):

519484][T31966] gretap0: entered promiscuous mode
[ 1688.583621][ T5887] usb 1-1: USB disconnect, device number 46
[ 1688.745879][T13202] libceph: connect (1)[c::]:6789 error -101
[ 1688.746094][T13202] libceph: mon0 (1)[c::]:6789 connect error
[ 1688.749909][T13202] libceph: connect (1)[c::]:6789 error -101
[ 1688.750124][T13202] libceph: mon0 (1)[c::]:6789 connect error
[ 1688.795059][T31981] ceph: No mds server is up or the cluster is laggy
[ 1688.864552][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1688.958552][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1689.030595][ T5887] usb 1-1: new full-speed USB device number 47 using dummy_hcd
[ 1689.192905][ T5887] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1689.192942][ T5887] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[ 1689.192998][ T5887] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1689.193022][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1689.200996][T31975] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1689.201302][T31975] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1689.215900][ T5887] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1689.317255][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1689.801548][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1690.965158][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1691.374534][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1691.538794][T32027] FAULT_INJECTION: forcing a failure.
[ 1691.538794][T32027] name failslab, interval 1, probability 0, space 0, times 0
[ 1691.538867][T32027] CPU: 1 UID: 0 PID: 32027 Comm: syz.5.10447 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1691.538910][T32027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1691.538924][T32027] Call Trace:
[ 1691.538934][T32027]  <TASK>
[ 1691.538944][T32027]  dump_stack_lvl+0x189/0x250
[ 1691.538985][T32027]  ? __pfx____ratelimit+0x10/0x10
[ 1691.539017][T32027]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1691.539059][T32027]  ? __pfx__printk+0x10/0x10
[ 1691.539092][T32027]  ? lock_acquire+0x175/0x360
[ 1691.539124][T32027]  ? __pfx___might_resched+0x10/0x10
[ 1691.539155][T32027]  should_fail_ex+0x46c/0x600
[ 1691.539190][T32027]  ? mm_alloc+0x23/0xd0
[ 1691.539215][T32027]  should_failslab+0xa8/0x100
[ 1691.539250][T32027]  ? mm_alloc+0x23/0xd0
[ 1691.539273][T32027]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 1691.539301][T32027]  ? __kasan_kmalloc+0x93/0xb0
[ 1691.539340][T32027]  mm_alloc+0x23/0xd0
[ 1691.539368][T32027]  alloc_bprm+0x39e/0x5c0
[ 1691.539401][T32027]  do_execveat_common+0x1b3/0x6a0
[ 1691.539443][T32027]  __x64_sys_execveat+0xc4/0xe0
[ 1691.539476][T32027]  do_syscall_64+0xfa/0xfa0
[ 1691.539512][T32027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1691.539534][T32027]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1691.539556][T32027]  ? clear_bhb_loop+0x60/0xb0
[ 1691.539584][T32027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1691.539607][T32027] RIP: 0033:0x7f5b0ab5f749
[ 1691.539627][T32027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1691.539647][T32027] RSP: 002b:00007f5b08d84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1691.539671][T32027] RAX: ffffffffffffffda RBX: 00007f5b0adb6180 RCX: 00007f5b0ab5f749
[ 1691.539689][T32027] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1691.539705][T32027] RBP: 00007f5b08d84090 R08: 0000000000000000 R09: 0000000000000000
[ 1691.539720][T32027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1691.539734][T32027] R13: 00007f5b0adb6218 R14: 00007f5b0adb6180 R15: 00007fffb4445618
[ 1691.539772][T32027]  </TASK>
[ 1692.611584][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1692.641495][T13202] usb 1-1: USB disconnect, device number 47
[ 1693.083292][T32044] netlink: 'syz.2.10453': attribute type 17 has an invalid length.
[ 1693.110474][  T981] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1693.263746][  T981] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1693.266372][  T981] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1693.301172][  T981] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1693.301207][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1693.301230][  T981] usb 4-1: Product: syz
[ 1693.301250][  T981] usb 4-1: Manufacturer: syz
[ 1693.301267][  T981] usb 4-1: SerialNumber: syz
[ 1694.210575][  T981] usb 4-1: reset high-speed USB device number 30 using dummy_hcd
[ 1694.230618][  T981] usb 4-1: device reset changed ep0 maxpacket size!
[ 1694.256974][  T981] usb 4-1: USB disconnect, device number 30
[ 1694.395873][T32080] kvm: requested 134933 ns i8254 timer period limited to 200000 ns
[ 1694.396043][T32080] kvm: requested 63695 ns i8254 timer period limited to 200000 ns
[ 1694.397321][T32080] kvm: requested 176000 ns i8254 timer period limited to 200000 ns
[ 1694.400571][  T981] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1694.441475][T32080] kvm: requested 135771 ns i8254 timer period limited to 200000 ns
[ 1694.442635][T32080] kvm: requested 86323 ns i8254 timer period limited to 200000 ns
[ 1694.475344][T32080] kvm: requested 137447 ns i8254 timer period limited to 200000 ns
[ 1694.553794][  T981] usb 4-1: Using ep0 maxpacket: 16
[ 1694.615193][T32096] loop4: detected capacity change from 0 to 231
[ 1694.615369][T32100] netlink: 'syz.1.10477': attribute type 14 has an invalid length.
[ 1694.699665][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1694.748180][  T981] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1694.752378][  T981] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1694.752428][  T981] usb 4-1: can't read configurations, error -71
[ 1694.817907][T32096]  loop4: AHDI p1 p2 p3
[ 1694.818062][T32096] loop4: p1 start 16777216 is beyond EOD, truncated
[ 1694.818085][T32096] loop4: p2 start 1702059890 is beyond EOD, truncated
[ 1695.124505][T32110] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1695.390651][ T5888] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 1695.543295][ T5888] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1695.543330][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1695.547660][ T5888] usb 1-1: config 0 descriptor??
[ 1695.648743][ T5888] cp210x 1-1:0.0: cp210x converter detected
[ 1695.884476][ T5888] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -32
[ 1695.884748][ T5888] cp210x 1-1:0.0: querying part number failed
[ 1696.338299][ T5888] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1696.370198][T32125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1696.373088][T32125] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1696.523866][T32128] netlink: 4 bytes leftover after parsing attributes in process `syz.5.10489'.
[ 1697.118911][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1699.234737][ T5887] libceph: connect (1)[c::]:6789 error -101
[ 1699.234960][ T5887] libceph: mon0 (1)[c::]:6789 connect error
[ 1699.237982][ T5887] libceph: connect (1)[c::]:6789 error -101
[ 1699.238181][ T5887] libceph: mon0 (1)[c::]:6789 connect error
[ 1699.573762][T32161] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1700.407450][T32150] ceph: No mds server is up or the cluster is laggy
[ 1700.527812][T13202] libceph: connect (1)[c::]:6789 error -101
[ 1700.528045][T13202] libceph: mon0 (1)[c::]:6789 connect error
[ 1703.541658][  T981] usb 1-1: USB disconnect, device number 48
[ 1703.558150][  T981] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1703.558664][  T981] cp210x 1-1:0.0: device disconnected
[ 1704.620548][  T981] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 1704.770479][  T981] usb 1-1: Using ep0 maxpacket: 8
[ 1704.775148][  T981] usb 1-1: config 0 has an invalid interface number: 3 but max is 0
[ 1704.775177][  T981] usb 1-1: config 0 has no interface number 0
[ 1704.775230][  T981] usb 1-1: New USB device found, idVendor=1bc7, idProduct=1101, bcdDevice=b0.21
[ 1704.775255][  T981] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1704.783779][  T981] usb 1-1: config 0 descriptor??
[ 1705.057847][T32214] sch_tbf: burst 0 is lower than device veth1 mtu (1514) !
[ 1705.509615][T32241] netlink: 'syz.3.10531': attribute type 5 has an invalid length.
[ 1705.741128][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1707.033779][  T981] usb 1-1: string descriptor 0 read error: -71
[ 1707.071625][  T981] usb 1-1: USB disconnect, device number 49
[ 1707.194558][T32280] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1707.198016][T32280] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1707.300516][    T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1707.431095][T13202] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1707.663703][T13202] usb 2-1: Using ep0 maxpacket: 8
[ 1707.759828][    T9] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1707.759888][    T9] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1707.760079][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1708.179408][T13202] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1708.181603][    T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[ 1708.181640][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1708.181667][    T9] usb 4-1: Product: syz
[ 1708.181686][    T9] usb 4-1: Manufacturer: syz
[ 1708.181704][    T9] usb 4-1: SerialNumber: syz
[ 1708.220216][T13202] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[ 1708.220258][T13202] usb 2-1: can't read configurations, error -22
[ 1708.258307][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1708.258464][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1708.273858][    T9] usb 4-1: config 0 descriptor??
[ 1708.278245][    T9] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected
[ 1708.278465][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[ 1708.279754][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[ 1708.279816][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[ 1708.279871][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[ 1708.279926][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[ 1708.279985][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[ 1708.293074][    T9] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1708.298342][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[ 1708.298451][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[ 1708.298547][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[ 1708.298655][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86
[ 1708.298753][    T9] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6
[ 1708.306769][    T9] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1708.397098][T13202] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1708.454047][T32293] ceph: No mds server is up or the cluster is laggy
[ 1708.570744][T13202] usb 2-1: Using ep0 maxpacket: 8
[ 1708.581258][T13202] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1708.591670][T13202] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[ 1708.591712][T13202] usb 2-1: can't read configurations, error -22
[ 1708.592125][T13202] usb usb2-port1: attempt power cycle
[ 1708.834556][T32313] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1708.930650][T13202] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1708.954203][T13202] usb 2-1: Using ep0 maxpacket: 8
[ 1708.956947][T13202] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1708.958912][T13202] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[ 1708.958953][T13202] usb 2-1: can't read configurations, error -22
[ 1709.078761][T32321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1709.079077][T32321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1709.121222][T13202] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1709.581112][T13202] usb 2-1: Using ep0 maxpacket: 8
[ 1709.667776][T13202] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1709.671607][T13202] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[ 1709.671655][T13202] usb 2-1: can't read configurations, error -22
[ 1709.672113][T13202] usb usb2-port1: unable to enumerate USB device
[ 1709.832155][T32328] netlink: 'syz.2.10568': attribute type 5 has an invalid length.
[ 1710.066460][T32337] xt_socket: unknown flags 0xd0
[ 1710.220054][T11803] usb 4-1: USB disconnect, device number 33
[ 1710.254434][T11803] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1710.283774][T11803] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1710.284463][T11803] keyspan 4-1:0.0: device disconnected
[ 1710.407424][T32353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1710.432249][T32353] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1710.451756][T32358] FAULT_INJECTION: forcing a failure.
[ 1710.451756][T32358] name failslab, interval 1, probability 0, space 0, times 0
[ 1710.451802][T32358] CPU: 1 UID: 0 PID: 32358 Comm: syz.1.10579 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1710.451831][T32358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1710.451848][T32358] Call Trace:
[ 1710.451858][T32358]  <TASK>
[ 1710.451869][T32358]  dump_stack_lvl+0x189/0x250
[ 1710.451916][T32358]  ? __pfx____ratelimit+0x10/0x10
[ 1710.451953][T32358]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1710.451991][T32358]  ? __pfx__printk+0x10/0x10
[ 1710.452029][T32358]  ? __pfx___might_resched+0x10/0x10
[ 1710.452063][T32358]  should_fail_ex+0x46c/0x600
[ 1710.452105][T32358]  should_failslab+0xa8/0x100
[ 1710.452146][T32358]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1710.452182][T32358]  ? __nla_parse+0x40/0x60
[ 1710.452202][T32358]  ? tcf_action_init_1+0x19f/0x6d0
[ 1710.452245][T32358]  tcf_action_init_1+0x19f/0x6d0
[ 1710.452289][T32358]  ? __pfx_tcf_action_init_1+0x10/0x10
[ 1710.452329][T32358]  ? tc_action_load_ops+0x214/0x4e0
[ 1710.452386][T32358]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1710.452421][T32358]  ? __nla_parse+0x40/0x60
[ 1710.452446][T32358]  tcf_action_init+0x2cf/0xab0
[ 1710.452496][T32358]  ? __pfx_tcf_action_init+0x10/0x10
[ 1710.452569][T32358]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1710.452656][T32358]  tc_ctl_action+0x430/0xbd0
[ 1710.452712][T32358]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1710.452817][T32358]  ? __pfx_tc_ctl_action+0x10/0x10
[ 1710.452852][T32358]  rtnetlink_rcv_msg+0x77c/0xb70
[ 1710.452884][T32358]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1710.452908][T32358]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1710.452932][T32358]  ? ref_tracker_free+0x61e/0x7c0
[ 1710.452969][T32358]  ? __asan_memcpy+0x40/0x70
[ 1710.452997][T32358]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1710.453047][T32358]  netlink_rcv_skb+0x208/0x470
[ 1710.453077][T32358]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1710.453105][T32358]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1710.453149][T32358]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1710.453187][T32358]  netlink_unicast+0x846/0xa10
[ 1710.453224][T32358]  ? __pfx_netlink_unicast+0x10/0x10
[ 1710.453252][T32358]  ? netlink_sendmsg+0x642/0xb30
[ 1710.453278][T32358]  ? skb_put+0x11b/0x210
[ 1710.453310][T32358]  netlink_sendmsg+0x805/0xb30
[ 1710.453337][T32358]  ? is_bpf_text_address+0x26/0x2b0
[ 1710.453383][T32358]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1710.453418][T32358]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1710.453453][T32358]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1710.453483][T32358]  __sock_sendmsg+0x21c/0x270
[ 1710.453526][T32358]  ____sys_sendmsg+0x508/0x820
[ 1710.453565][T32358]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1710.453609][T32358]  ? import_iovec+0x74/0xa0
[ 1710.453642][T32358]  ___sys_sendmsg+0x21f/0x2a0
[ 1710.453687][T32358]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1710.453768][T32358]  ? __fget_files+0x2a/0x420
[ 1710.453801][T32358]  ? __fget_files+0x3a6/0x420
[ 1710.453851][T32358]  __x64_sys_sendmsg+0x1a1/0x260
[ 1710.453887][T32358]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1710.453932][T32358]  ? __pfx_ksys_write+0x10/0x10
[ 1710.453970][T32358]  ? do_syscall_64+0xbe/0xfa0
[ 1710.454011][T32358]  do_syscall_64+0xfa/0xfa0
[ 1710.454046][T32358]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1710.454081][T32358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1710.454107][T32358]  ? clear_bhb_loop+0x60/0xb0
[ 1710.454138][T32358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1710.454163][T32358] RIP: 0033:0x7feeaf75f749
[ 1710.454187][T32358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1710.454209][T32358] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1710.454235][T32358] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1710.454254][T32358] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004
[ 1710.454271][T32358] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1710.454285][T32358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1710.454301][T32358] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1710.454344][T32358]  </TASK>
[ 1710.557910][T32361] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1711.500542][    T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 1711.550524][T11803] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1711.653255][    T9] usb 1-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1711.653295][    T9] usb 1-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1711.653320][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1711.658279][    T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[ 1711.658311][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1711.658332][    T9] usb 1-1: Product: syz
[ 1711.658348][    T9] usb 1-1: Manufacturer: syz
[ 1711.658364][    T9] usb 1-1: SerialNumber: syz
[ 1711.727187][    T9] usb 1-1: config 0 descriptor??
[ 1711.735292][    T9] keyspan 1-1:0.0: Keyspan 2 port adapter converter detected
[ 1711.749599][T11803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1711.749637][T11803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1711.749663][T11803] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1711.749711][T11803] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1711.749736][T11803] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1711.805501][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 7
[ 1711.809059][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 81
[ 1711.809156][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 1
[ 1711.809242][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 2
[ 1711.809327][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 85
[ 1711.809438][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 5
[ 1711.859016][T11803] usb 4-1: config 0 descriptor??
[ 1711.867361][    T9] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1711.880949][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 83
[ 1711.881048][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 3
[ 1711.881134][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 4
[ 1711.881219][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 86
[ 1711.881309][    T9] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 6
[ 1711.886913][    T9] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1712.269739][T11803] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0
[ 1712.294834][T11803] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1712.647794][ T5888] usb 1-1: USB disconnect, device number 50
[ 1712.679593][ T5888] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1712.701528][ T5888] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1712.702085][ T5888] keyspan 1-1:0.0: device disconnected
[ 1713.092973][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1713.179712][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1714.147786][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1715.900744][T32467] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10628'.
[ 1716.917907][    C0] plantronics 0003:047F:FFFF.0020: usb_submit_urb(ctrl) failed: -1
[ 1717.161159][T11803] usb 4-1: reset high-speed USB device number 34 using dummy_hcd
[ 1717.414648][T11803] usb 4-1: device descriptor read/64, error -32
[ 1717.898491][  T981] libceph: connect (1)[c::]:6789 error -101
[ 1717.898708][  T981] libceph: mon0 (1)[c::]:6789 connect error
[ 1717.918493][  T981] libceph: connect (1)[c::]:6789 error -101
[ 1717.918726][  T981] libceph: mon0 (1)[c::]:6789 connect error
[ 1718.020547][T11803] usb 4-1: reset high-speed USB device number 34 using dummy_hcd
[ 1718.087611][T32497] ceph: No mds server is up or the cluster is laggy
[ 1718.176086][  T981] libceph: connect (1)[c::]:6789 error -101
[ 1718.176304][  T981] libceph: mon0 (1)[c::]:6789 connect error
[ 1719.756200][    T9] usb 4-1: USB disconnect, device number 34
[ 1720.631202][T29418] go7007-loader 3-1:7.83: unable to load firmware from file "go7007/px-m402u.fw"
[ 1720.631292][T29418] go7007-loader 3-1:7.83: probe failed
[ 1720.752257][    T9] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[ 1721.021792][T29418] usb 3-1: USB disconnect, device number 54
[ 1721.192745][    T9] usb 4-1: device descriptor read/64, error -71
[ 1721.343558][T32541] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1721.347062][T32541] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1721.430539][    T9] usb 4-1: new full-speed USB device number 36 using dummy_hcd
[ 1721.560646][    T9] usb 4-1: device descriptor read/64, error -71
[ 1721.670631][T29418] usb 1-1: new low-speed USB device number 51 using dummy_hcd
[ 1721.671667][    T9] usb usb4-port1: attempt power cycle
[ 1721.823790][T29418] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=37.c2
[ 1721.824104][T29418] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1721.854268][T29418] usb 1-1: config 0 descriptor??
[ 1721.872927][T29418] usbtest 1-1:0.0: Linux user mode test driver
[ 1721.872952][T29418] usbtest 1-1:0.0: low-speed {control} tests
[ 1722.010567][    T9] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[ 1722.031578][    T9] usb 4-1: device descriptor read/8, error -71
[ 1722.086752][T32544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1722.087221][T32544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1722.139896][T32544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1722.149484][T32544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1722.180881][T32544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1722.181381][T32544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1722.280558][    T9] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[ 1722.301334][    T9] usb 4-1: device descriptor read/8, error -71
[ 1722.397110][ T5888] usb 1-1: USB disconnect, device number 51
[ 1722.443832][    T9] usb usb4-port1: unable to enumerate USB device
[ 1722.600887][ T5887] usb 3-1: new full-speed USB device number 55 using dummy_hcd
[ 1722.775962][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1722.775993][ T5887] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1722.776035][ T5887] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1722.776061][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1722.788729][ T5887] usb 3-1: config 0 descriptor??
[ 1723.295083][    T9] usb 3-1: USB disconnect, device number 55
[ 1723.620485][T29418] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1723.774184][T29418] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1723.774217][T29418] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1723.777621][T29418] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1723.777653][T29418] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1723.777676][T29418] usb 4-1: SerialNumber: syz
[ 1723.893055][T32639] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1723.900000][T32639] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1724.057140][T29418] usb 4-1: 0:2 : does not exist
[ 1724.076930][T29418] usb 4-1: USB disconnect, device number 39
[ 1724.079433][T32645] fuse: Unknown parameter 'grou00000000000000000000'
[ 1724.288117][T32651] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1725.794328][T32707] xt_socket: unknown flags 0xd0
[ 1725.801547][ T5888] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 1726.135950][ T5888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1726.136130][ T5888] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1726.136850][ T5888] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1726.137027][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1726.467302][ T5888] usb 1-1: config 0 descriptor??
[ 1726.580953][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1726.581170][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1726.604239][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1726.604469][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1726.662180][T32716] ceph: No mds server is up or the cluster is laggy
[ 1726.968165][T29418] usb 1-1: USB disconnect, device number 52
[ 1727.229965][T32751] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1727.988619][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1727.988835][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1727.989450][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1727.989646][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1727.991723][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1727.991963][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.066973][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1728.067169][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.069677][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1728.069887][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.242848][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1728.243064][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.244985][T32762] ceph: No mds server is up or the cluster is laggy
[ 1728.251106][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1728.251351][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.343030][T32767] ceph: No mds server is up or the cluster is laggy
[ 1728.348041][T32766] ceph: No mds server is up or the cluster is laggy
[ 1728.351023][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1728.351250][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1728.471847][  T320] xt_socket: unknown flags 0xd0
[ 1728.883476][ T5888] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1729.096586][ T5888] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1729.096623][ T5888] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1729.096648][ T5888] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1729.099705][ T5888] usb 3-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[ 1729.099737][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1729.099758][ T5888] usb 3-1: Product: syz
[ 1729.099773][ T5888] usb 3-1: Manufacturer: syz
[ 1729.099789][ T5888] usb 3-1: SerialNumber: syz
[ 1729.129384][ T5888] usb 3-1: config 0 descriptor??
[ 1729.136462][ T5888] keyspan 3-1:0.0: Keyspan 2 port adapter converter detected
[ 1729.136801][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 7
[ 1729.154825][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81
[ 1729.154927][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1
[ 1729.155038][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2
[ 1729.155136][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 85
[ 1729.155228][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 5
[ 1729.190040][ T5888] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1729.192954][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83
[ 1729.193068][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3
[ 1729.193163][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 4
[ 1729.193262][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 86
[ 1729.193359][ T5888] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 6
[ 1729.207142][ T5888] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1729.241065][  T354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10775'.
[ 1729.635327][  T362] xt_socket: unknown flags 0xd0
[ 1730.358196][ T1569] usb 3-1: USB disconnect, device number 56
[ 1730.379128][ T1569] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1730.439881][ T1569] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1730.440866][ T1569] keyspan 3-1:0.0: device disconnected
[ 1730.450853][ T5888] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1730.532470][  T392] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1730.600833][ T5888] usb 1-1: Using ep0 maxpacket: 8
[ 1730.800931][  T374] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10786'.
[ 1730.828530][ T5888] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1730.829613][ T5888] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1730.829654][ T5888] usb 1-1: can't read configurations, error -71
[ 1732.036839][  T411] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1732.131157][ T5887] libceph: connect (1)[c::]:6789 error -101
[ 1732.131623][ T5887] libceph: mon0 (1)[c::]:6789 connect error
[ 1732.229240][  T406] ceph: No mds server is up or the cluster is laggy
[ 1732.443032][  T430] 9pnet_fd: Insufficient options for proto=fd
[ 1732.589786][ T1569] usb 4-1: new full-speed USB device number 40 using dummy_hcd
[ 1732.798323][ T1569] usb 4-1: config 8 interface 0 has no altsetting 0
[ 1732.798370][ T1569] usb 4-1: New USB device found, idVendor=046d, idProduct=08b8, bcdDevice=fb.bc
[ 1732.798396][ T1569] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1732.850853][  T445] netlink: 532 bytes leftover after parsing attributes in process `syz.0.10817'.
[ 1733.025911][  T427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1733.026724][  T427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1733.057980][ T1569] usb 4-1: string descriptor 0 read error: -71
[ 1733.078192][ T1569] pwc: Logitech QuickCam detected (reserved ID).
[ 1733.094483][ T1569] pwc: Failed to set LED on/off time (-71)
[ 1733.094997][ T1569] pwc: send_video_command error -71
[ 1733.095014][ T1569] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1733.095133][ T1569] Philips webcam 4-1:8.0: probe with driver Philips webcam failed with error -71
[ 1733.110667][ T1569] usb 4-1: USB disconnect, device number 40
[ 1734.200274][  T484] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10828'.
[ 1734.370570][ T5811] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1734.525017][ T5811] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1734.525055][ T5811] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1734.525081][ T5811] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1734.528167][ T5811] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[ 1734.528202][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1734.528225][ T5811] usb 4-1: Product: syz
[ 1734.528242][ T5811] usb 4-1: Manufacturer: syz
[ 1734.528259][ T5811] usb 4-1: SerialNumber: syz
[ 1734.603999][ T5811] usb 4-1: config 0 descriptor??
[ 1734.607903][ T5811] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected
[ 1734.608198][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[ 1734.610013][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[ 1734.610097][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[ 1734.610164][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[ 1734.610249][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[ 1734.670497][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[ 1734.673083][ T5811] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1734.675344][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[ 1734.675442][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[ 1734.675528][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[ 1734.675626][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86
[ 1734.675711][ T5811] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6
[ 1734.735662][ T5811] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1734.825995][  T507] netlink: 'syz.2.10841': attribute type 5 has an invalid length.
[ 1736.130705][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1738.997257][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1739.694061][   T38] kauditd_printk_skb: 15 callbacks suppressed
[ 1739.694084][   T38] audit: type=1326 audit(2838217377.226:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=576 comm="syz.0.10872" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0cc341f749 code=0x0
[ 1739.848474][T29418] usb 4-1: USB disconnect, device number 41
[ 1739.860499][T29418] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1739.884881][T29418] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1739.885364][T29418] keyspan 4-1:0.0: device disconnected
[ 1740.331286][  T595] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1740.464694][  T597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10877'.
[ 1741.455628][   T38] audit: type=1326 audit(2838217378.986:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.455852][   T38] audit: type=1326 audit(2838217378.986:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.457593][   T38] audit: type=1326 audit(2838217378.986:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.457760][   T38] audit: type=1326 audit(2838217378.986:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.459066][   T38] audit: type=1326 audit(2838217378.986:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.459207][   T38] audit: type=1326 audit(2838217378.986:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.517801][   T38] audit: type=1326 audit(2838217378.986:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.517877][   T38] audit: type=1326 audit(2838217378.986:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.517933][   T38] audit: type=1326 audit(2838217379.026:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=615 comm="syz.0.10884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1741.850651][T29418] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1741.920452][ T1569] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1742.006148][T29418] usb 1-1: Using ep0 maxpacket: 8
[ 1742.017867][T29418] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1742.017931][T29418] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1742.017961][T29418] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1742.017988][T29418] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1742.018016][T29418] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1742.082970][T29418] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1742.083005][T29418] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1742.083029][T29418] usb 1-1: Product: syz
[ 1742.083046][T29418] usb 1-1: Manufacturer: syz
[ 1742.083062][T29418] usb 1-1: SerialNumber: syz
[ 1742.103893][T29418] usb 1-1: config 0 descriptor??
[ 1742.106610][  T616] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1742.135589][ T1569] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1742.135625][ T1569] usb 4-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1742.135650][ T1569] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1742.139380][ T1569] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[ 1742.139412][ T1569] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1742.139435][ T1569] usb 4-1: Product: syz
[ 1742.139451][ T1569] usb 4-1: Manufacturer: syz
[ 1742.139466][ T1569] usb 4-1: SerialNumber: syz
[ 1742.213966][ T1569] usb 4-1: config 0 descriptor??
[ 1742.219231][ T1569] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected
[ 1742.219561][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[ 1742.241815][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[ 1742.241913][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[ 1742.242010][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[ 1742.242098][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85
[ 1742.242185][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5
[ 1742.247197][ T1569] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1742.249426][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[ 1742.249521][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[ 1742.249609][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[ 1742.249696][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86
[ 1742.249783][ T1569] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6
[ 1742.348010][ T1569] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1742.377609][T29418] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 1742.378176][T29418] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5
[ 1742.395502][T29418] usb 1-1: USB disconnect, device number 55
[ 1742.572213][  T656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10902'.
[ 1742.870513][T11803] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1743.020541][T11803] usb 3-1: Using ep0 maxpacket: 8
[ 1743.026019][T11803] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1743.026118][T11803] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1743.026148][T11803] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1743.026197][T11803] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1743.042243][T11803] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1743.042283][T11803] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1743.042310][T11803] usb 3-1: Product: syz
[ 1743.042330][T11803] usb 3-1: Manufacturer: syz
[ 1743.042349][T11803] usb 3-1: SerialNumber: syz
[ 1743.274404][T11803] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[ 1743.274453][T11803] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[ 1743.274474][T11803] usb 3-1: 2:1 : sample bitwidth 16 in over sample bytes 1
[ 1743.274540][T11803] usb 3-1: 2:1 : invalid channels 0
[ 1743.340189][T11803] usb 3-1: USB disconnect, device number 57
[ 1743.400466][  T695] FAULT_INJECTION: forcing a failure.
[ 1743.400466][  T695] name failslab, interval 1, probability 0, space 0, times 0
[ 1743.400502][  T695] CPU: 1 UID: 0 PID: 695 Comm: syz.0.10922 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1743.400533][  T695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1743.400548][  T695] Call Trace:
[ 1743.400557][  T695]  <TASK>
[ 1743.400568][  T695]  dump_stack_lvl+0x189/0x250
[ 1743.400607][  T695]  ? __pfx____ratelimit+0x10/0x10
[ 1743.400639][  T695]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1743.400674][  T695]  ? __pfx__printk+0x10/0x10
[ 1743.400708][  T695]  ? __pfx___might_resched+0x10/0x10
[ 1743.400739][  T695]  should_fail_ex+0x46c/0x600
[ 1743.400777][  T695]  should_failslab+0xa8/0x100
[ 1743.400813][  T695]  __kmalloc_cache_noprof+0x6f/0x6c0
[ 1743.400846][  T695]  ? iopt_get_pages+0x12d/0x5d0
[ 1743.400872][  T695]  iopt_get_pages+0x12d/0x5d0
[ 1743.400918][  T695]  iommufd_ioas_copy+0x393/0x720
[ 1743.400955][  T695]  ? __pfx_iommufd_ioas_copy+0x10/0x10
[ 1743.400996][  T695]  iommufd_fops_ioctl+0x461/0x580
[ 1743.401030][  T695]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1743.401072][  T695]  ? __fget_files+0x3a6/0x420
[ 1743.401103][  T695]  ? __fget_files+0x2a/0x420
[ 1743.401139][  T695]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1743.401161][  T695]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1743.401188][  T695]  __se_sys_ioctl+0xff/0x170
[ 1743.401217][  T695]  do_syscall_64+0xfa/0xfa0
[ 1743.401248][  T695]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1743.401281][  T695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1743.401304][  T695]  ? clear_bhb_loop+0x60/0xb0
[ 1743.401332][  T695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1743.401354][  T695] RIP: 0033:0x7f0cc341f749
[ 1743.401375][  T695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1743.401395][  T695] RSP: 002b:00007f0cc1686038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1743.401419][  T695] RAX: ffffffffffffffda RBX: 00007f0cc3675fa0 RCX: 00007f0cc341f749
[ 1743.401437][  T695] RDX: 00002000000004c0 RSI: 0000000000003b83 RDI: 0000000000000003
[ 1743.401453][  T695] RBP: 00007f0cc1686090 R08: 0000000000000000 R09: 0000000000000000
[ 1743.401467][  T695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1743.401481][  T695] R13: 00007f0cc3676038 R14: 00007f0cc3675fa0 R15: 00007ffcce3df1e8
[ 1743.401520][  T695]  </TASK>
[ 1744.047124][  T723] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1744.071737][  T723] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1744.914288][  T747] FAULT_INJECTION: forcing a failure.
[ 1744.914288][  T747] name failslab, interval 1, probability 0, space 0, times 0
[ 1744.914326][  T747] CPU: 1 UID: 0 PID: 747 Comm: syz.1.10937 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1744.914353][  T747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1744.914367][  T747] Call Trace:
[ 1744.914377][  T747]  <TASK>
[ 1744.914387][  T747]  dump_stack_lvl+0x189/0x250
[ 1744.914427][  T747]  ? __pfx____ratelimit+0x10/0x10
[ 1744.914461][  T747]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1744.914497][  T747]  ? __pfx__printk+0x10/0x10
[ 1744.914532][  T747]  ? __pfx___might_resched+0x10/0x10
[ 1744.914558][  T747]  ? fs_reclaim_acquire+0x7d/0x100
[ 1744.914597][  T747]  should_fail_ex+0x46c/0x600
[ 1744.914635][  T747]  ? security_inode_alloc+0x39/0x330
[ 1744.914666][  T747]  should_failslab+0xa8/0x100
[ 1744.914702][  T747]  ? security_inode_alloc+0x39/0x330
[ 1744.914731][  T747]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 1744.914771][  T747]  security_inode_alloc+0x39/0x330
[ 1744.914805][  T747]  inode_init_always_gfp+0x9bf/0xd70
[ 1744.914854][  T747]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1744.914889][  T747]  alloc_inode+0x82/0x1b0
[ 1744.914922][  T747]  do_accept+0x117/0x680
[ 1744.914946][  T747]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1744.914992][  T747]  ? __pfx_do_accept+0x10/0x10
[ 1744.915041][  T747]  __sys_accept4+0x11c/0x1c0
[ 1744.915067][  T747]  ? __pfx___sys_accept4+0x10/0x10
[ 1744.915089][  T747]  ? ksys_write+0x230/0x260
[ 1744.915120][  T747]  ? __pfx_ksys_write+0x10/0x10
[ 1744.915154][  T747]  __x64_sys_accept4+0x9a/0xb0
[ 1744.915181][  T747]  do_syscall_64+0xfa/0xfa0
[ 1744.915215][  T747]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1744.915238][  T747]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1744.915260][  T747]  ? clear_bhb_loop+0x60/0xb0
[ 1744.915287][  T747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1744.915310][  T747] RIP: 0033:0x7feeaf75f749
[ 1744.915329][  T747] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1744.915349][  T747] RSP: 002b:00007feead97c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1744.915373][  T747] RAX: ffffffffffffffda RBX: 00007feeaf9b6180 RCX: 00007feeaf75f749
[ 1744.915390][  T747] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[ 1744.915404][  T747] RBP: 00007feead97c090 R08: 0000000000000000 R09: 0000000000000000
[ 1744.915436][  T747] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[ 1744.915451][  T747] R13: 00007feeaf9b6218 R14: 00007feeaf9b6180 R15: 00007ffda5aee5a8
[ 1744.915490][  T747]  </TASK>
[ 1745.391325][T11803] usb 4-1: USB disconnect, device number 42
[ 1745.431618][T11803] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1745.443931][T11803] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1745.444617][T11803] keyspan 4-1:0.0: device disconnected
[ 1745.798863][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1745.799098][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1745.799662][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1745.799853][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1746.051023][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1746.051244][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1746.561039][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1746.561262][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1747.293488][  T773] netlink: 'syz.2.10950': attribute type 1 has an invalid length.
[ 1747.298029][  T773] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10950'.
[ 1747.510166][  T754] ceph: No mds server is up or the cluster is laggy
[ 1748.625337][  T821] FAULT_INJECTION: forcing a failure.
[ 1748.625337][  T821] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1748.625375][  T821] CPU: 0 UID: 0 PID: 821 Comm: syz.0.10967 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1748.625403][  T821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1748.625417][  T821] Call Trace:
[ 1748.625427][  T821]  <TASK>
[ 1748.625437][  T821]  dump_stack_lvl+0x189/0x250
[ 1748.625478][  T821]  ? __pfx____ratelimit+0x10/0x10
[ 1748.625511][  T821]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1748.625545][  T821]  ? __pfx__printk+0x10/0x10
[ 1748.625574][  T821]  ? fs_reclaim_acquire+0x7d/0x100
[ 1748.625618][  T821]  should_fail_ex+0x46c/0x600
[ 1748.625656][  T821]  prepare_alloc_pages+0x213/0x670
[ 1748.625699][  T821]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1748.625734][  T821]  ? percpu_ref_get_many+0x19/0x140
[ 1748.625771][  T821]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1748.625826][  T821]  ? policy_nodemask+0x27c/0x720
[ 1748.625866][  T821]  alloc_pages_mpol+0xd1/0x380
[ 1748.625905][  T821]  alloc_pages_noprof+0xcf/0x1e0
[ 1748.625943][  T821]  pgd_alloc+0x44/0x710
[ 1748.625980][  T821]  mm_init+0x660/0xe20
[ 1748.626007][  T821]  ? __asan_memset+0x22/0x50
[ 1748.626040][  T821]  alloc_bprm+0x39e/0x5c0
[ 1748.626072][  T821]  do_execveat_common+0x1b3/0x6a0
[ 1748.626114][  T821]  __x64_sys_execveat+0xc4/0xe0
[ 1748.626147][  T821]  do_syscall_64+0xfa/0xfa0
[ 1748.626180][  T821]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1748.626214][  T821]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1748.626237][  T821]  ? clear_bhb_loop+0x60/0xb0
[ 1748.626265][  T821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1748.626288][  T821] RIP: 0033:0x7f0cc341f749
[ 1748.626308][  T821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1748.626328][  T821] RSP: 002b:00007f0cc1644038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[ 1748.626352][  T821] RAX: ffffffffffffffda RBX: 00007f0cc3676180 RCX: 00007f0cc341f749
[ 1748.626368][  T821] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1748.626385][  T821] RBP: 00007f0cc1644090 R08: 0000000000000000 R09: 0000000000000000
[ 1748.626400][  T821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1748.626414][  T821] R13: 00007f0cc3676218 R14: 00007f0cc3676180 R15: 00007ffcce3df1e8
[ 1748.626452][  T821]  </TASK>
[ 1750.253502][   T38] kauditd_printk_skb: 66 callbacks suppressed
[ 1750.253524][   T38] audit: type=1326 audit(2838217387.766:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1750.253885][   T38] audit: type=1326 audit(2838217387.786:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1750.254843][   T38] audit: type=1326 audit(2838217387.786:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1750.255003][   T38] audit: type=1326 audit(2838217387.786:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1750.255200][   T38] audit: type=1326 audit(2838217387.786:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cc341f749 code=0x7ffc0000
[ 1750.255357][   T38] audit: type=1326 audit(2838217387.786:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0cc341df90 code=0x7ffc0000
[ 1750.256321][   T38] audit: type=1326 audit(2838217387.786:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0cc341e1ff code=0x7ffc0000
[ 1750.256388][  T834] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[ 1750.256407][  T834] audit: out of memory in audit_log_start
[ 1750.257260][   T38] audit: type=1326 audit(2838217387.786:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=832 comm="syz.0.10972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f0cc341e15c code=0x7ffc0000
[ 1750.312236][  T835] FAULT_INJECTION: forcing a failure.
[ 1750.312236][  T835] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1750.312283][  T835] CPU: 1 UID: 0 PID: 835 Comm: syz.1.10973 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1750.312314][  T835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1750.312330][  T835] Call Trace:
[ 1750.312341][  T835]  <TASK>
[ 1750.312354][  T835]  dump_stack_lvl+0x189/0x250
[ 1750.312399][  T835]  ? __pfx____ratelimit+0x10/0x10
[ 1750.312572][  T835]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1750.312609][  T835]  ? __pfx__printk+0x10/0x10
[ 1750.312641][  T835]  ? __might_fault+0xb0/0x130
[ 1750.312686][  T835]  should_fail_ex+0x46c/0x600
[ 1750.312728][  T835]  _copy_from_user+0x2d/0xb0
[ 1750.312758][  T835]  ___sys_recvmsg+0x12e/0x510
[ 1750.312799][  T835]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1750.312863][  T835]  ? __fget_files+0x3a6/0x420
[ 1750.312913][  T835]  __x64_sys_recvmsg+0x19e/0x260
[ 1750.312950][  T835]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1750.313004][  T835]  ? do_syscall_64+0xbe/0xfa0
[ 1750.313045][  T835]  do_syscall_64+0xfa/0xfa0
[ 1750.313080][  T835]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1750.313115][  T835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1750.313139][  T835]  ? clear_bhb_loop+0x60/0xb0
[ 1750.313171][  T835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1750.313218][  T835] RIP: 0033:0x7feeaf75f749
[ 1750.313242][  T835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1750.313263][  T835] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1750.313290][  T835] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1750.313309][  T835] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000004
[ 1750.313325][  T835] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1750.313341][  T835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1750.313356][  T835] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1750.313398][  T835]  </TASK>
[ 1750.511189][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1750.511441][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1750.512243][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1750.512471][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1750.780849][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1750.781001][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1750.985709][  T861] netlink: 'syz.0.10980': attribute type 17 has an invalid length.
[ 1751.094659][  T859] loop9: detected capacity change from 0 to 7
[ 1751.135163][  T859] Dev loop9: unable to read RDB block 7
[ 1751.135216][  T859]  loop9: unable to read partition table
[ 1751.135475][  T859] loop9: partition table beyond EOD, truncated
[ 1751.135499][  T859] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1751.224540][  T842] ceph: No mds server is up or the cluster is laggy
[ 1751.374364][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1751.374586][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1751.806489][  T876] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10987'.
[ 1751.860008][  T881] FAULT_INJECTION: forcing a failure.
[ 1751.860008][  T881] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1751.860045][  T881] CPU: 1 UID: 0 PID: 881 Comm: syz.2.10990 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1751.860072][  T881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1751.860087][  T881] Call Trace:
[ 1751.860096][  T881]  <TASK>
[ 1751.860106][  T881]  dump_stack_lvl+0x189/0x250
[ 1751.860146][  T881]  ? __pfx____ratelimit+0x10/0x10
[ 1751.860179][  T881]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1751.860217][  T881]  ? __pfx__printk+0x10/0x10
[ 1751.860245][  T881]  ? __might_fault+0xb0/0x130
[ 1751.860289][  T881]  should_fail_ex+0x46c/0x600
[ 1751.860323][  T881]  _copy_from_user+0x2d/0xb0
[ 1751.860348][  T881]  ___sys_sendmsg+0x158/0x2a0
[ 1751.860380][  T881]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1751.860445][  T881]  ? __fget_files+0x2a/0x420
[ 1751.860476][  T881]  ? __fget_files+0x3a6/0x420
[ 1751.860526][  T881]  __x64_sys_sendmsg+0x1a1/0x260
[ 1751.860558][  T881]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1751.860598][  T881]  ? __pfx_ksys_write+0x10/0x10
[ 1751.860632][  T881]  ? do_syscall_64+0xbe/0xfa0
[ 1751.860669][  T881]  do_syscall_64+0xfa/0xfa0
[ 1751.860700][  T881]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1751.860733][  T881]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1751.860755][  T881]  ? clear_bhb_loop+0x60/0xb0
[ 1751.860784][  T881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1751.860806][  T881] RIP: 0033:0x7f633334f749
[ 1751.860826][  T881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1751.860846][  T881] RSP: 002b:00007f63315ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1751.860870][  T881] RAX: ffffffffffffffda RBX: 00007f63335a5fa0 RCX: 00007f633334f749
[ 1751.860887][  T881] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1751.860903][  T881] RBP: 00007f63315ae090 R08: 0000000000000000 R09: 0000000000000000
[ 1751.860917][  T881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1751.860931][  T881] R13: 00007f63335a6038 R14: 00007f63335a5fa0 R15: 00007fff55d07aa8
[ 1751.860968][  T881]  </TASK>
[ 1752.370632][ T5811] usb 1-1: new full-speed USB device number 56 using dummy_hcd
[ 1752.522822][ T5811] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1752.522853][ T5811] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1752.522893][ T5811] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1752.522919][ T5811] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1752.528495][ T5811] usb 1-1: config 0 descriptor??
[ 1752.671009][ T5888] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[ 1752.720536][T29418] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1752.784996][T11803] usb 1-1: USB disconnect, device number 56
[ 1752.849767][ T5888] usb 3-1: config 8 interface 0 has no altsetting 0
[ 1752.849815][ T5888] usb 3-1: New USB device found, idVendor=046d, idProduct=08b8, bcdDevice=fb.bc
[ 1752.850281][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1752.870641][T29418] usb 4-1: Using ep0 maxpacket: 8
[ 1752.884886][T29418] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1752.884950][T29418] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1752.884981][T29418] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1752.885012][T29418] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1752.885049][T29418] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1752.953927][T29418] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1752.953960][T29418] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1752.953981][T29418] usb 4-1: Product: syz
[ 1752.953997][T29418] usb 4-1: Manufacturer: syz
[ 1752.954014][T29418] usb 4-1: SerialNumber: syz
[ 1752.995355][T29418] usb 4-1: config 0 descriptor??
[ 1752.999086][  T898] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[ 1753.086216][  T892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1753.101157][  T892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1753.140446][ T5888] usb 3-1: string descriptor 0 read error: -71
[ 1753.153764][ T5888] pwc: Logitech QuickCam detected (reserved ID).
[ 1753.163418][ T5888] pwc: Failed to set LED on/off time (-71)
[ 1753.163866][ T5888] pwc: send_video_command error -71
[ 1753.163881][ T5888] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1753.164009][ T5888] Philips webcam 3-1:8.0: probe with driver Philips webcam failed with error -71
[ 1753.170761][ T5888] usb 3-1: USB disconnect, device number 58
[ 1753.256150][T29418] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 1753.256506][T29418] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[ 1753.301498][T29418] usb 4-1: USB disconnect, device number 43
[ 1753.652359][T11803] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1753.817889][T11803] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1753.819494][T11803] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1753.846641][T11803] usb 1-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[ 1753.846674][T11803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1753.846697][T11803] usb 1-1: Product: syz
[ 1753.846713][T11803] usb 1-1: Manufacturer: syz
[ 1753.846729][T11803] usb 1-1: SerialNumber: syz
[ 1754.763358][T11803] usb 1-1: reset high-speed USB device number 57 using dummy_hcd
[ 1754.796094][T11803] usb 1-1: device reset changed ep0 maxpacket size!
[ 1754.819582][T11803] usb 1-1: USB disconnect, device number 57
[ 1755.010547][T11803] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1755.160739][T11803] usb 1-1: Using ep0 maxpacket: 16
[ 1755.970540][T11803] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1755.971662][T11803] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1755.971700][T11803] usb 1-1: can't read configurations, error -71
[ 1756.120072][ T1027] FAULT_INJECTION: forcing a failure.
[ 1756.120072][ T1027] name failslab, interval 1, probability 0, space 0, times 0
[ 1756.120109][ T1027] CPU: 0 UID: 0 PID: 1027 Comm: syz.1.11049 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1756.120134][ T1027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1756.120147][ T1027] Call Trace:
[ 1756.120157][ T1027]  <TASK>
[ 1756.120167][ T1027]  dump_stack_lvl+0x189/0x250
[ 1756.120215][ T1027]  ? __pfx____ratelimit+0x10/0x10
[ 1756.120249][ T1027]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1756.120283][ T1027]  ? __pfx__printk+0x10/0x10
[ 1756.120320][ T1027]  ? __pfx___might_resched+0x10/0x10
[ 1756.120349][ T1027]  should_fail_ex+0x46c/0x600
[ 1756.120388][ T1027]  should_failslab+0xa8/0x100
[ 1756.120424][ T1027]  __kmalloc_noprof+0xcc/0x7d0
[ 1756.120454][ T1027]  ? kfree+0x51/0x950
[ 1756.120477][ T1027]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1756.120514][ T1027]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1756.120545][ T1027]  ? tomoyo_domain+0xda/0x130
[ 1756.120579][ T1027]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1756.120615][ T1027]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1756.120653][ T1027]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1756.120694][ T1027]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1756.120729][ T1027]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1756.120798][ T1027]  ? __fget_files+0x2a/0x420
[ 1756.120836][ T1027]  ? __fget_files+0x3a6/0x420
[ 1756.120866][ T1027]  ? __fget_files+0x2a/0x420
[ 1756.120904][ T1027]  security_file_ioctl+0xcb/0x2d0
[ 1756.120931][ T1027]  __se_sys_ioctl+0x47/0x170
[ 1756.120961][ T1027]  do_syscall_64+0xfa/0xfa0
[ 1756.120992][ T1027]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1756.121024][ T1027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1756.121047][ T1027]  ? clear_bhb_loop+0x60/0xb0
[ 1756.121074][ T1027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1756.121096][ T1027] RIP: 0033:0x7feeaf75f749
[ 1756.121116][ T1027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1756.121136][ T1027] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1756.121160][ T1027] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1756.121177][ T1027] RDX: 0000000000000000 RSI: 0000000080108907 RDI: 0000000000000003
[ 1756.121201][ T1027] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1756.121215][ T1027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1756.121230][ T1027] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1756.121270][ T1027]  </TASK>
[ 1756.316020][ T1027] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1757.435019][ T1058] netlink: 'syz.3.11058': attribute type 17 has an invalid length.
[ 1758.140724][ T1093] loop9: detected capacity change from 0 to 7
[ 1758.142579][ T1093] Dev loop9: unable to read RDB block 7
[ 1758.142625][ T1093]  loop9: unable to read partition table
[ 1758.142859][ T1093] loop9: partition table beyond EOD, truncated
[ 1758.142879][ T1093] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1758.221079][ T1099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1758.941098][ T1137] FAULT_INJECTION: forcing a failure.
[ 1758.941098][ T1137] name failslab, interval 1, probability 0, space 0, times 0
[ 1758.941136][ T1137] CPU: 1 UID: 0 PID: 1137 Comm: syz.1.11088 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1758.941162][ T1137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1758.941177][ T1137] Call Trace:
[ 1758.941187][ T1137]  <TASK>
[ 1758.941197][ T1137]  dump_stack_lvl+0x189/0x250
[ 1758.941237][ T1137]  ? __pfx____ratelimit+0x10/0x10
[ 1758.941269][ T1137]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1758.941303][ T1137]  ? __pfx__printk+0x10/0x10
[ 1758.941337][ T1137]  ? __pfx___might_resched+0x10/0x10
[ 1758.941360][ T1137]  ? fs_reclaim_acquire+0x7d/0x100
[ 1758.941399][ T1137]  should_fail_ex+0x46c/0x600
[ 1758.941436][ T1137]  should_failslab+0xa8/0x100
[ 1758.941471][ T1137]  __kmalloc_noprof+0xcc/0x7d0
[ 1758.941501][ T1137]  ? tomoyo_encode+0x28b/0x550
[ 1758.941534][ T1137]  tomoyo_encode+0x28b/0x550
[ 1758.941568][ T1137]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1758.941599][ T1137]  ? tomoyo_domain+0xda/0x130
[ 1758.941632][ T1137]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1758.941669][ T1137]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1758.941708][ T1137]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1758.941756][ T1137]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1758.941791][ T1137]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1758.941856][ T1137]  ? __fget_files+0x2a/0x420
[ 1758.941895][ T1137]  ? __fget_files+0x3a6/0x420
[ 1758.941925][ T1137]  ? __fget_files+0x2a/0x420
[ 1758.941962][ T1137]  security_file_ioctl+0xcb/0x2d0
[ 1758.941989][ T1137]  __se_sys_ioctl+0x47/0x170
[ 1758.942018][ T1137]  do_syscall_64+0xfa/0xfa0
[ 1758.942048][ T1137]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1758.942080][ T1137]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1758.942103][ T1137]  ? clear_bhb_loop+0x60/0xb0
[ 1758.942130][ T1137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1758.942153][ T1137] RIP: 0033:0x7feeaf75f749
[ 1758.942173][ T1137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1758.942192][ T1137] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1758.942216][ T1137] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1758.942233][ T1137] RDX: 0000000000000000 RSI: 0000000080108906 RDI: 0000000000000003
[ 1758.942246][ T1137] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1758.942260][ T1137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1758.942274][ T1137] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1758.942313][ T1137]  </TASK>
[ 1758.942336][ T1137] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1759.281513][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1759.281767][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1759.282434][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1759.286441][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1759.460101][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.541662][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1759.541904][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1760.965769][ T1144] ceph: No mds server is up or the cluster is laggy
[ 1761.954209][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1761.982577][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1761.983015][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1762.465168][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.171860][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1763.175705][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1763.341678][ T1160] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1763.496518][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.602577][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.741085][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1763.803949][   T38] kauditd_printk_skb: 91 callbacks suppressed
[ 1763.803969][   T38] audit: type=1326 audit(2838217401.336:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.804330][   T38] audit: type=1326 audit(2838217401.336:2160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.804621][   T38] audit: type=1326 audit(2838217401.336:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.805113][   T38] audit: type=1326 audit(2838217401.336:2162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.805463][   T38] audit: type=1326 audit(2838217401.336:2163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.806045][   T38] audit: type=1326 audit(2838217401.336:2164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.806576][   T38] audit: type=1326 audit(2838217401.336:2165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.807592][   T38] audit: type=1326 audit(2838217401.336:2166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.809036][   T38] audit: type=1326 audit(2838217401.336:2167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1763.810250][   T38] audit: type=1326 audit(2838217401.336:2168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1181 comm="syz.2.11102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=279 compat=0 ip=0x7f633334f749 code=0x7ffc0000
[ 1764.310656][ T5888] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1764.343082][ T1212] FAULT_INJECTION: forcing a failure.
[ 1764.343082][ T1212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1764.343176][ T1212] CPU: 1 UID: 0 PID: 1212 Comm: syz.0.11112 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1764.343202][ T1212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1764.343217][ T1212] Call Trace:
[ 1764.343225][ T1212]  <TASK>
[ 1764.343236][ T1212]  dump_stack_lvl+0x189/0x250
[ 1764.343283][ T1212]  ? __pfx____ratelimit+0x10/0x10
[ 1764.343315][ T1212]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1764.343347][ T1212]  ? __pfx__printk+0x10/0x10
[ 1764.343378][ T1212]  ? get_sigframe+0x596/0x7d0
[ 1764.343407][ T1212]  should_fail_ex+0x46c/0x600
[ 1764.343443][ T1212]  _copy_to_user+0x31/0xb0
[ 1764.343469][ T1212]  copy_siginfo_to_user+0x22/0xc0
[ 1764.343502][ T1212]  x64_setup_rt_frame+0x777/0xd40
[ 1764.343524][ T1212]  ? rt_spin_unlock+0x150/0x200
[ 1764.343572][ T1212]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1764.343600][ T1212]  ? arch_do_signal_or_restart+0x38a/0x790
[ 1764.343628][ T1212]  arch_do_signal_or_restart+0x3f6/0x790
[ 1764.343656][ T1212]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1764.343700][ T1212]  ? exit_to_user_mode_loop+0x40/0x130
[ 1764.343736][ T1212]  exit_to_user_mode_loop+0x72/0x130
[ 1764.343767][ T1212]  do_syscall_64+0x2bd/0xfa0
[ 1764.343799][ T1212]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1764.343830][ T1212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1764.343853][ T1212]  ? clear_bhb_loop+0x60/0xb0
[ 1764.343880][ T1212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1764.343902][ T1212] RIP: 0033:0x7f0cc341f747
[ 1764.343922][ T1212] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1764.343942][ T1212] RSP: 002b:00007f0cc1686038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1764.343965][ T1212] RAX: 0000000000000001 RBX: 00007f0cc3675fa0 RCX: 00007f0cc341f749
[ 1764.343981][ T1212] RDX: 0000000000000008 RSI: 0000200000000140 RDI: 0000000000000004
[ 1764.343994][ T1212] RBP: 00007f0cc1686090 R08: 0000000000000000 R09: 0000000000000000
[ 1764.344006][ T1212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1764.344020][ T1212] R13: 00007f0cc3676038 R14: 00007f0cc3675fa0 R15: 00007ffcce3df1e8
[ 1764.344056][ T1212]  </TASK>
[ 1764.460474][ T5888] usb 3-1: Using ep0 maxpacket: 8
[ 1764.629564][ T5888] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1764.629632][ T5888] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1764.629661][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1764.629689][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1764.629719][ T5888] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1764.661598][ T5888] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1764.661638][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1764.661665][ T5888] usb 3-1: Product: syz
[ 1764.661683][ T5888] usb 3-1: Manufacturer: syz
[ 1764.661702][ T5888] usb 3-1: SerialNumber: syz
[ 1764.694582][ T5888] usb 3-1: config 0 descriptor??
[ 1764.713060][ T1191] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1764.944237][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1765.052825][ T5888] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 1765.053168][ T5888] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[ 1765.067590][ T5888] usb 3-1: USB disconnect, device number 59
[ 1765.974763][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1766.177522][ T1226] UHID_CREATE from different security context by process 3590 (syz.0.11119), this is not allowed.
[ 1766.230960][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1767.810506][ T5888] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1768.171444][ T5888] usb 1-1: device not accepting address 60, error -71
[ 1768.190742][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.279279][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.455766][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.550114][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1768.664209][ T1270] loop9: detected capacity change from 0 to 7
[ 1768.666526][ T1270] Dev loop9: unable to read RDB block 7
[ 1768.666574][ T1270]  loop9: unable to read partition table
[ 1768.666808][ T1270] loop9: partition table beyond EOD, truncated
[ 1768.666830][ T1270] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1768.925649][ T1277] fuse: Unknown parameter 'user00000000000000000000'
[ 1769.660477][T11803] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[ 1769.837918][T11803] usb 4-1: config 1 has an invalid interface number: 105 but max is 0
[ 1769.837949][T11803] usb 4-1: config 1 has no interface number 0
[ 1769.838006][T11803] usb 4-1: config 1 interface 105 altsetting 2 endpoint 0x82 has invalid maxpacket 12336, setting to 64
[ 1769.838037][T11803] usb 4-1: config 1 interface 105 has no altsetting 0
[ 1769.851101][T11803] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[ 1769.851141][T11803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1769.851166][T11803] usb 4-1: Product: syz
[ 1769.851182][T11803] usb 4-1: Manufacturer: syz
[ 1769.851199][T11803] usb 4-1: SerialNumber: syz
[ 1769.883651][ T1294] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1770.415960][ T1293] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1770.830432][ T1569] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1771.009547][ T1569] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1771.009585][ T1569] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1771.042277][ T1569] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1771.042313][ T1569] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1771.042336][ T1569] usb 3-1: Manufacturer: syz
[ 1771.093601][T11803] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[ 1771.094344][T11803] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[ 1771.115993][ T1569] usb 3-1: config 0 descriptor??
[ 1771.191987][T11803] aqc111 4-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 7e:b2:45:14:40:f3
[ 1771.210965][T11803] usb 4-1: USB disconnect, device number 44
[ 1771.214772][T11803] aqc111 4-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.3-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[ 1771.434022][T11803] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[ 1771.434197][T11803] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[ 1771.434351][T11803] aqc111 4-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[ 1771.562199][ T1569] usbhid 3-1:0.0: can't add hid device: -71
[ 1771.562350][ T1569] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1771.566664][ T1569] usb 3-1: USB disconnect, device number 60
[ 1771.646376][  T161] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1771.987722][ T1358] FAULT_INJECTION: forcing a failure.
[ 1771.987722][ T1358] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1771.987760][ T1358] CPU: 0 UID: 0 PID: 1358 Comm: syz.5.11173 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1771.987787][ T1358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1771.987802][ T1358] Call Trace:
[ 1771.987811][ T1358]  <TASK>
[ 1771.987821][ T1358]  dump_stack_lvl+0x189/0x250
[ 1771.987866][ T1358]  ? __pfx____ratelimit+0x10/0x10
[ 1771.987900][ T1358]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1771.987941][ T1358]  ? __pfx__printk+0x10/0x10
[ 1771.987970][ T1358]  ? fs_reclaim_acquire+0x7d/0x100
[ 1771.988014][ T1358]  should_fail_ex+0x46c/0x600
[ 1771.988053][ T1358]  prepare_alloc_pages+0x213/0x670
[ 1771.988096][ T1358]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1771.988137][ T1358]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1771.988194][ T1358]  alloc_pages_mpol+0xd1/0x380
[ 1771.988232][ T1358]  alloc_pages_noprof+0xcf/0x1e0
[ 1771.988267][ T1358]  __pud_alloc+0x3f/0x450
[ 1771.988305][ T1358]  handle_mm_fault+0x2149/0x3400
[ 1771.988336][ T1358]  ? mt_find+0x15c/0x5e0
[ 1771.988367][ T1358]  ? __pfx_mt_find+0x10/0x10
[ 1771.988403][ T1358]  ? handle_mm_fault+0xdb/0x3400
[ 1771.988444][ T1358]  ? __pfx_handle_mm_fault+0x10/0x10
[ 1771.988500][ T1358]  ? lock_mm_and_find_vma+0x9c/0x300
[ 1771.988526][ T1358]  do_user_addr_fault+0x764/0x1380
[ 1771.988573][ T1358]  exc_page_fault+0x82/0x100
[ 1771.988611][ T1358]  asm_exc_page_fault+0x26/0x30
[ 1771.988633][ T1358] RIP: 0010:__put_user_8+0xd/0x20
[ 1771.988667][ T1358] Code: 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <48> 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1771.988687][ T1358] RSP: 0018:ffffc90021ecfdf8 EFLAGS: 00050206
[ 1771.988708][ T1358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000
[ 1771.988724][ T1358] RDX: 0000000000000000 RSI: ffffffff8cf66051 RDI: ffffffff8b3de060
[ 1771.988740][ T1358] RBP: ffffc90021ecfed0 R08: 0000000000000000 R09: ffffffff82094560
[ 1771.988757][ T1358] R10: dffffc0000000000 R11: fffffbfff1dac92f R12: dffffc0000000000
[ 1771.988775][ T1358] R13: 1ffff920043d9fc4 R14: 0000000000000000 R15: 0000000000001004
[ 1771.988799][ T1358]  ? __might_fault+0xb0/0x130
[ 1771.988843][ T1358]  do_arch_prctl_64+0x27b/0x640
[ 1771.988869][ T1358]  ? ksys_write+0x230/0x260
[ 1771.988897][ T1358]  ? __pfx_do_arch_prctl_64+0x10/0x10
[ 1771.988922][ T1358]  ? __pfx_ksys_write+0x10/0x10
[ 1771.988971][ T1358]  do_syscall_64+0xfa/0xfa0
[ 1771.989004][ T1358]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1771.989037][ T1358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1771.989060][ T1358]  ? clear_bhb_loop+0x60/0xb0
[ 1771.989089][ T1358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1771.989111][ T1358] RIP: 0033:0x7f5b0ab5f749
[ 1771.989131][ T1358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1771.989151][ T1358] RSP: 002b:00007f5b08dc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000009e
[ 1771.989174][ T1358] RAX: ffffffffffffffda RBX: 00007f5b0adb5fa0 RCX: 00007f5b0ab5f749
[ 1771.989191][ T1358] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000001004
[ 1771.989206][ T1358] RBP: 00007f5b08dc6090 R08: 0000000000000000 R09: 0000000000000000
[ 1771.989221][ T1358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1771.989234][ T1358] R13: 00007f5b0adb6038 R14: 00007f5b0adb5fa0 R15: 00007fffb4445618
[ 1771.989274][ T1358]  </TASK>
[ 1772.266506][   T38] kauditd_printk_skb: 66 callbacks suppressed
[ 1772.266526][   T38] audit: type=1326 audit(2838217409.796:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.266673][   T38] audit: type=1326 audit(2838217409.796:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.266859][   T38] audit: type=1326 audit(2838217409.796:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.267035][   T38] audit: type=1326 audit(2838217409.796:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.274438][   T38] audit: type=1326 audit(2838217409.806:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.274605][   T38] audit: type=1326 audit(2838217409.806:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.274777][   T38] audit: type=1326 audit(2838217409.806:2241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.274984][   T38] audit: type=1326 audit(2838217409.806:2242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1361 comm="syz.1.11176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feeaf75f749 code=0x7ffc0000
[ 1772.276866][ T1362] FAULT_INJECTION: forcing a failure.
[ 1772.276866][ T1362] name failslab, interval 1, probability 0, space 0, times 0
[ 1772.276918][ T1362] CPU: 0 UID: 0 PID: 1362 Comm: syz.1.11176 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1772.276947][ T1362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1772.276964][ T1362] Call Trace:
[ 1772.276974][ T1362]  <TASK>
[ 1772.276985][ T1362]  dump_stack_lvl+0x189/0x250
[ 1772.277031][ T1362]  ? __pfx____ratelimit+0x10/0x10
[ 1772.277067][ T1362]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1772.277106][ T1362]  ? __pfx__printk+0x10/0x10
[ 1772.277144][ T1362]  ? __pfx___might_resched+0x10/0x10
[ 1772.277177][ T1362]  should_fail_ex+0x46c/0x600
[ 1772.277217][ T1362]  ? audit_log_start+0x101/0xa30
[ 1772.277245][ T1362]  should_failslab+0xa8/0x100
[ 1772.277286][ T1362]  ? audit_log_start+0x101/0xa30
[ 1772.277310][ T1362]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 1772.277340][ T1362]  ? auditd_test_task+0x22/0x280
[ 1772.277377][ T1362]  audit_log_start+0x101/0xa30
[ 1772.277414][ T1362]  ? __pfx_audit_log_start+0x10/0x10
[ 1772.277455][ T1362]  ? __pfx___cant_migrate+0x10/0x10
[ 1772.277491][ T1362]  audit_seccomp+0x64/0x190
[ 1772.277525][ T1362]  __seccomp_filter+0xce4/0x1e10
[ 1772.277563][ T1362]  ? map_create+0x407/0x16b0
[ 1772.277602][ T1362]  ? __pfx___seccomp_filter+0x10/0x10
[ 1772.277627][ T1362]  ? security_bpf+0x7e/0x300
[ 1772.277658][ T1362]  ? __sys_bpf+0x5f0/0x860
[ 1772.277686][ T1362]  ? __pfx___sys_bpf+0x10/0x10
[ 1772.277709][ T1362]  ? rt_mutex_slowunlock+0x1be/0x2e0
[ 1772.277756][ T1362]  ? ksys_write+0x230/0x260
[ 1772.277794][ T1362]  ? __secure_computing+0xe2/0x2a0
[ 1772.277825][ T1362]  syscall_trace_enter+0xaa/0x160
[ 1772.277864][ T1362]  do_syscall_64+0xd3/0xfa0
[ 1772.277899][ T1362]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1772.277945][ T1362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1772.277972][ T1362]  ? clear_bhb_loop+0x60/0xb0
[ 1772.278002][ T1362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1772.278028][ T1362] RIP: 0033:0x7feeaf75e15c
[ 1772.278051][ T1362] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1772.278075][ T1362] RSP: 002b:00007feead9be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1772.278102][ T1362] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75e15c
[ 1772.278119][ T1362] RDX: 000000000000000f RSI: 00007feead9be0a0 RDI: 0000000000000004
[ 1772.278136][ T1362] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1772.278152][ T1362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1772.278167][ T1362] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1772.278210][ T1362]  </TASK>
[ 1772.278224][ T1362] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64
[ 1772.278242][ T1362] audit: out of memory in audit_log_start
[ 1772.750934][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1773.609027][ T1401] block nbd3: Dead connection, failed to find a fallback
[ 1773.609058][ T1401] block nbd3: shutting down sockets
[ 1773.609076][ T1401] blk_print_req_error: 2 callbacks suppressed
[ 1773.609090][ T1401] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.609118][ T1401] buffer_io_error: 14 callbacks suppressed
[ 1773.609131][ T1401] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1773.609316][ T1401] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.609344][ T1401] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1773.609508][ T1401] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.609534][ T1401] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1773.609707][ T1401] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.609734][ T1401] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1773.609911][ T1401] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.609939][ T1401] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1773.687076][ T1401] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.687128][ T1401] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1773.687371][ T1401] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.687406][ T1401] Buffer I/O error on dev nbd3, logical block 2, async page read
[ 1773.687596][ T1401] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.687628][ T1401] Buffer I/O error on dev nbd3, logical block 3, async page read
[ 1773.773762][ T1401] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.773799][ T1401] Buffer I/O error on dev nbd3, logical block 0, async page read
[ 1773.773995][ T1401] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[ 1773.774024][ T1401] Buffer I/O error on dev nbd3, logical block 1, async page read
[ 1773.778836][ T1401] ldm_validate_partition_table(): Disk read failed.
[ 1773.832599][ T1401] Dev nbd3: unable to read RDB block 0
[ 1773.835476][ T1401]  nbd3: unable to read partition table
[ 1773.880580][ T1569] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1773.932357][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1774.090516][ T1569] usb 3-1: Using ep0 maxpacket: 8
[ 1774.195673][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1774.320041][ T1396] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11189'.
[ 1774.575428][T11803] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1774.721562][ T1569] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1774.722785][ T1569] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1774.722833][ T1569] usb 3-1: can't read configurations, error -71
[ 1774.762346][T11803] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1774.762383][T11803] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1774.762409][T11803] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1774.762457][T11803] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1774.762482][T11803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1774.829440][T11803] usb 1-1: config 0 descriptor??
[ 1775.264057][T11803] plantronics 0003:047F:FFFF.0021: unknown main item tag 0x0
[ 1775.295029][T11803] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1775.471954][ T5888] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1775.930421][ T5888] usb 4-1: Using ep0 maxpacket: 16
[ 1775.937922][ T5888] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1775.937955][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1775.937979][ T5888] usb 4-1: Product: syz
[ 1775.937996][ T5888] usb 4-1: Manufacturer: syz
[ 1775.938011][ T5888] usb 4-1: SerialNumber: syz
[ 1776.065514][ T1461] netlink: 'syz.2.11216': attribute type 5 has an invalid length.
[ 1776.733651][    C0] plantronics 0003:047F:FFFF.0021: usb_submit_urb(ctrl) failed: -1
[ 1776.781106][    T9] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1776.781924][ T8871] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1776.861046][    T9] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1777.103187][ T5888] r8152-cfgselector 4-1: Unknown version 0x0000
[ 1777.103218][ T5888] r8152-cfgselector 4-1: config 0 descriptor??
[ 1777.690268][ T5888] r8152-cfgselector 4-1: Unknown version 0x6810
[ 1777.694027][ T5888] r8152-cfgselector 4-1: bad CDC descriptors
[ 1777.840483][ T1569] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[ 1777.931678][ T1434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1777.932424][ T1434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1777.962742][   T31] r8152-cfgselector 4-1: USB disconnect, device number 45
[ 1778.006281][ T8293] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1778.006634][ T8293] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1778.027233][ T5811] usb 1-1: USB disconnect, device number 62
[ 1778.120999][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1778.159323][ T1569] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1778.159344][ T1569] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1778.159372][ T1569] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1778.159390][ T1569] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1778.233136][ T1569] usb 3-1: config 0 descriptor??
[ 1778.550690][ T5811] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1778.618719][ T5811] usb 3-1: USB disconnect, device number 63
[ 1778.677451][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1778.989649][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1779.047753][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1779.062717][   T38] kauditd_printk_skb: 21 callbacks suppressed
[ 1779.062769][   T38] audit: type=1800 audit(2838217416.446:2264): pid=1513 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.11238" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1779.485773][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1779.702875][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1779.760052][ T1517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11244'.
[ 1779.858392][ T1521] FAULT_INJECTION: forcing a failure.
[ 1779.858392][ T1521] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1779.858429][ T1521] CPU: 1 UID: 0 PID: 1521 Comm: syz.1.11247 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1779.858456][ T1521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1779.858471][ T1521] Call Trace:
[ 1779.858480][ T1521]  <TASK>
[ 1779.858490][ T1521]  dump_stack_lvl+0x189/0x250
[ 1779.858530][ T1521]  ? __pfx____ratelimit+0x10/0x10
[ 1779.858564][ T1521]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1779.858599][ T1521]  ? __pfx__printk+0x10/0x10
[ 1779.858642][ T1521]  should_fail_ex+0x46c/0x600
[ 1779.858680][ T1521]  _copy_to_user+0x31/0xb0
[ 1779.858710][ T1521]  vhost_vring_ioctl+0x5c0/0x1860
[ 1779.858750][ T1521]  ? do_raw_spin_lock+0x121/0x290
[ 1779.858781][ T1521]  ? __pfx_vhost_vring_ioctl+0x10/0x10
[ 1779.858827][ T1521]  ? vhost_dev_ioctl+0x3ee/0xe00
[ 1779.858861][ T1521]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1779.858897][ T1521]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1779.858932][ T1521]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1779.858979][ T1521]  ? mutex_lock_nested+0x154/0x1d0
[ 1779.859005][ T1521]  ? vhost_vsock_dev_ioctl+0x214/0xdc0
[ 1779.859035][ T1521]  vhost_vsock_dev_ioctl+0x259/0xdc0
[ 1779.859068][ T1521]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[ 1779.859098][ T1521]  ? __fget_files+0x3a6/0x420
[ 1779.859131][ T1521]  ? __fget_files+0x2a/0x420
[ 1779.859167][ T1521]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1779.859197][ T1521]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[ 1779.859222][ T1521]  __se_sys_ioctl+0xff/0x170
[ 1779.859252][ T1521]  do_syscall_64+0xfa/0xfa0
[ 1779.859285][ T1521]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1779.859318][ T1521]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1779.859342][ T1521]  ? clear_bhb_loop+0x60/0xb0
[ 1779.859370][ T1521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1779.859394][ T1521] RIP: 0033:0x7feeaf75f749
[ 1779.859414][ T1521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1779.859434][ T1521] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1779.859459][ T1521] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1779.859476][ T1521] RDX: 0000200000000300 RSI: 000000004008af24 RDI: 0000000000000003
[ 1779.859492][ T1521] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1779.859507][ T1521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1779.859521][ T1521] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1779.859560][ T1521]  </TASK>
[ 1779.880531][ T1569] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[ 1779.945059][ T1524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.11246'.
[ 1779.946751][ T1524] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[ 1780.056907][ T1524] VFS: Can't find a romfs filesystem on dev nullb0.
[ 1780.056907][ T1524] 
[ 1780.130354][ T1569] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1780.130995][ T1569] usb 1-1: not running at top speed; connect to a high speed hub
[ 1780.143044][ T1569] usb 1-1: config 4 has an invalid interface number: 32 but max is 0
[ 1780.143078][ T1569] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1780.143099][ T1569] usb 1-1: config 4 has no interface number 0
[ 1780.193395][ T1569] usb 1-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=f1.50
[ 1780.193429][ T1569] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1780.193452][ T1569] usb 1-1: Product: syz
[ 1780.193468][ T1569] usb 1-1: Manufacturer: syz
[ 1780.193484][ T1569] usb 1-1: SerialNumber: syz
[ 1780.469479][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1780.488710][ T1529] could not allocate digest TFM handle crc32
[ 1780.610457][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1780.691797][ T1541] FAULT_INJECTION: forcing a failure.
[ 1780.691797][ T1541] name failslab, interval 1, probability 0, space 0, times 0
[ 1780.691836][ T1541] CPU: 1 UID: 0 PID: 1541 Comm: syz.1.11253 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1780.691865][ T1541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1780.691883][ T1541] Call Trace:
[ 1780.691893][ T1541]  <TASK>
[ 1780.691903][ T1541]  dump_stack_lvl+0x189/0x250
[ 1780.691943][ T1541]  ? __pfx____ratelimit+0x10/0x10
[ 1780.691977][ T1541]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1780.692012][ T1541]  ? __pfx__printk+0x10/0x10
[ 1780.692047][ T1541]  ? __pfx___might_resched+0x10/0x10
[ 1780.692074][ T1541]  ? fs_reclaim_acquire+0x7d/0x100
[ 1780.692113][ T1541]  should_fail_ex+0x46c/0x600
[ 1780.692150][ T1541]  ? getname_flags+0xb8/0x540
[ 1780.692183][ T1541]  should_failslab+0xa8/0x100
[ 1780.692226][ T1541]  ? getname_flags+0xb8/0x540
[ 1780.692256][ T1541]  kmem_cache_alloc_noprof+0x6f/0x6b0
[ 1780.692293][ T1541]  ? __pfx_vfs_write+0x10/0x10
[ 1780.692326][ T1541]  getname_flags+0xb8/0x540
[ 1780.692365][ T1541]  do_sys_openat2+0xbc/0x1c0
[ 1780.692393][ T1541]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1780.692421][ T1541]  ? ksys_write+0x230/0x260
[ 1780.692459][ T1541]  __x64_sys_openat+0x138/0x170
[ 1780.692489][ T1541]  do_syscall_64+0xfa/0xfa0
[ 1780.692522][ T1541]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1780.692555][ T1541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.692578][ T1541]  ? clear_bhb_loop+0x60/0xb0
[ 1780.692605][ T1541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.692628][ T1541] RIP: 0033:0x7feeaf75f749
[ 1780.692648][ T1541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1780.692669][ T1541] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1780.692694][ T1541] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1780.692711][ T1541] RDX: 0000000000125682 RSI: 0000200000000380 RDI: ffffffffffffff9c
[ 1780.692728][ T1541] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1780.692742][ T1541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1780.692755][ T1541] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1780.692794][ T1541]  </TASK>
[ 1780.774364][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1781.124624][ T1550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11256'.
[ 1781.250465][ T5811] usb 4-1: new low-speed USB device number 46 using dummy_hcd
[ 1781.278361][ T1555] FAULT_INJECTION: forcing a failure.
[ 1781.278361][ T1555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1781.278398][ T1555] CPU: 0 UID: 0 PID: 1555 Comm: syz.1.11261 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1781.278430][ T1555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1781.278445][ T1555] Call Trace:
[ 1781.278454][ T1555]  <TASK>
[ 1781.278465][ T1555]  dump_stack_lvl+0x189/0x250
[ 1781.278504][ T1555]  ? __pfx____ratelimit+0x10/0x10
[ 1781.278536][ T1555]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1781.278570][ T1555]  ? __pfx__printk+0x10/0x10
[ 1781.278615][ T1555]  should_fail_ex+0x46c/0x600
[ 1781.278654][ T1555]  _copy_to_user+0x31/0xb0
[ 1781.278683][ T1555]  simple_read_from_buffer+0xe1/0x170
[ 1781.278719][ T1555]  proc_fail_nth_read+0x1b6/0x220
[ 1781.278749][ T1555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1781.278778][ T1555]  ? rw_verify_area+0x2ac/0x4e0
[ 1781.278806][ T1555]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1781.278833][ T1555]  vfs_read+0x206/0xa30
[ 1781.278871][ T1555]  ? __pfx_vfs_read+0x10/0x10
[ 1781.278895][ T1555]  ? try_to_take_rt_mutex+0x7fd/0xac0
[ 1781.278934][ T1555]  ? mutex_lock_nested+0x154/0x1d0
[ 1781.278960][ T1555]  ? fdget_pos+0x253/0x320
[ 1781.279003][ T1555]  ksys_read+0x14b/0x260
[ 1781.279034][ T1555]  ? __pfx_ksys_read+0x10/0x10
[ 1781.279066][ T1555]  ? do_syscall_64+0xbe/0xfa0
[ 1781.279114][ T1555]  do_syscall_64+0xfa/0xfa0
[ 1781.279146][ T1555]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1781.279176][ T1555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1781.279199][ T1555]  ? clear_bhb_loop+0x60/0xb0
[ 1781.279226][ T1555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1781.279249][ T1555] RIP: 0033:0x7feeaf75e15c
[ 1781.279269][ T1555] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1781.279290][ T1555] RSP: 002b:00007feead9be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1781.279314][ T1555] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75e15c
[ 1781.279330][ T1555] RDX: 000000000000000f RSI: 00007feead9be0a0 RDI: 0000000000000006
[ 1781.279345][ T1555] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1781.279360][ T1555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1781.279374][ T1555] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1781.279412][ T1555]  </TASK>
[ 1781.572630][ T1569] uvcvideo 1-1:4.32: probe with driver uvcvideo failed with error -22
[ 1781.600483][ T1569] usb 1-1: USB disconnect, device number 63
[ 1781.658958][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1781.670559][ T5811] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1781.670605][ T5811] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1781.670672][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1781.670699][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1781.670726][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1781.670753][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1781.670782][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1781.670811][ T5811] usb 4-1: config 168 interface 0 has no altsetting 0
[ 1781.750526][ T5811] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1781.750586][ T5811] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1781.750635][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1781.750665][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1781.750693][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1781.750722][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1781.750750][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1781.750778][ T5811] usb 4-1: config 168 interface 0 has no altsetting 0
[ 1781.874420][ T5811] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1781.874466][ T5811] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[ 1781.874511][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1781.874541][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1781.874570][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1781.874598][ T5811] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1781.874627][ T5811] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[ 1781.874658][ T5811] usb 4-1: config 168 interface 0 has no altsetting 0
[ 1781.878233][ T5811] usb 4-1: string descriptor 0 read error: -22
[ 1781.878396][ T5811] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1781.878421][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1782.191972][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1782.200999][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1782.270279][ T5811] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1782.395172][ T1575] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11269'.
[ 1782.395208][ T1575] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11269'.
[ 1782.397567][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1782.465238][ T1569] usb 4-1: USB disconnect, device number 46
[ 1782.603993][ T1575] overlayfs: overlapping lowerdir path
[ 1782.647834][ T1575] overlayfs: failed to verify upper (1248/file0, ino=6622, err=-116)
[ 1782.647878][ T1575] overlayfs: failed to verify index dir 'upper' xattr
[ 1782.647889][ T1575] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[ 1782.740502][   T31] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[ 1782.903888][   T31] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[ 1782.903934][   T31] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[ 1782.903983][   T31] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1782.904008][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1782.952060][ T1582] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1782.952354][ T1582] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1782.973547][   T31] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1783.079006][   T38] audit: type=1326 audit(2838217420.606:2265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1608 comm="syz.3.11284" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2a009ff749 code=0x0
[ 1784.073894][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1784.074137][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1784.074796][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1784.075026][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1785.051061][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1785.051304][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1785.561838][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1785.562085][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1786.036865][ T1610] ceph: No mds server is up or the cluster is laggy
[ 1786.435546][T11803] usb 3-1: USB disconnect, device number 64
[ 1786.499649][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1786.651198][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1786.776620][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1787.453809][ T1660] FAULT_INJECTION: forcing a failure.
[ 1787.453809][ T1660] name failslab, interval 1, probability 0, space 0, times 0
[ 1787.453846][ T1660] CPU: 0 UID: 0 PID: 1660 Comm: syz.3.11304 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1787.453873][ T1660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1787.453887][ T1660] Call Trace:
[ 1787.453896][ T1660]  <TASK>
[ 1787.453906][ T1660]  dump_stack_lvl+0x189/0x250
[ 1787.453948][ T1660]  ? __pfx____ratelimit+0x10/0x10
[ 1787.453981][ T1660]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1787.454015][ T1660]  ? __pfx__printk+0x10/0x10
[ 1787.454049][ T1660]  ? __pfx___might_resched+0x10/0x10
[ 1787.454083][ T1660]  should_fail_ex+0x46c/0x600
[ 1787.454139][ T1660]  should_failslab+0xa8/0x100
[ 1787.454174][ T1660]  __kmalloc_noprof+0xcc/0x7d0
[ 1787.454203][ T1660]  ? kfree+0x51/0x950
[ 1787.454226][ T1660]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1787.454262][ T1660]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1787.454292][ T1660]  ? tomoyo_domain+0xda/0x130
[ 1787.454328][ T1660]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1787.454364][ T1660]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1787.454404][ T1660]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1787.454446][ T1660]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1787.454482][ T1660]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1787.454551][ T1660]  ? __fget_files+0x2a/0x420
[ 1787.454597][ T1660]  ? __fget_files+0x3a6/0x420
[ 1787.454628][ T1660]  ? __fget_files+0x2a/0x420
[ 1787.454665][ T1660]  security_file_ioctl+0xcb/0x2d0
[ 1787.454692][ T1660]  __se_sys_ioctl+0x47/0x170
[ 1787.454723][ T1660]  do_syscall_64+0xfa/0xfa0
[ 1787.454755][ T1660]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1787.454787][ T1660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1787.454811][ T1660]  ? clear_bhb_loop+0x60/0xb0
[ 1787.454838][ T1660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1787.454862][ T1660] RIP: 0033:0x7f2a009ff749
[ 1787.454882][ T1660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1787.454902][ T1660] RSP: 002b:00007f29fec66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1787.454926][ T1660] RAX: ffffffffffffffda RBX: 00007f2a00c55fa0 RCX: 00007f2a009ff749
[ 1787.454943][ T1660] RDX: 0000200000000080 RSI: 00000000c0045009 RDI: 0000000000000003
[ 1787.454959][ T1660] RBP: 00007f29fec66090 R08: 0000000000000000 R09: 0000000000000000
[ 1787.454975][ T1660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1787.454989][ T1660] R13: 00007f2a00c56038 R14: 00007f2a00c55fa0 R15: 00007ffc2a098508
[ 1787.455029][ T1660]  </TASK>
[ 1787.720638][ T1660] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1788.181977][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1788.294582][ T1682] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1788.337926][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1788.858867][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1789.089585][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1789.576540][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1790.288462][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1791.051991][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1791.133525][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1791.309219][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1792.235803][ T1700] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1792.305079][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1795.093768][ T1738] FAULT_INJECTION: forcing a failure.
[ 1795.093768][ T1738] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1795.093805][ T1738] CPU: 0 UID: 0 PID: 1738 Comm: syz.1.11336 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1795.093831][ T1738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1795.093846][ T1738] Call Trace:
[ 1795.093855][ T1738]  <TASK>
[ 1795.093866][ T1738]  dump_stack_lvl+0x189/0x250
[ 1795.093906][ T1738]  ? __pfx____ratelimit+0x10/0x10
[ 1795.093939][ T1738]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1795.093974][ T1738]  ? __pfx__printk+0x10/0x10
[ 1795.094012][ T1738]  should_fail_ex+0x46c/0x600
[ 1795.094043][ T1738]  _copy_to_user+0x31/0xb0
[ 1795.094065][ T1738]  drm_ioctl+0x6aa/0xb20
[ 1795.094092][ T1738]  ? __pfx_drm_mode_getconnector+0x10/0x10
[ 1795.094126][ T1738]  ? __pfx_drm_ioctl+0x10/0x10
[ 1795.094168][ T1738]  ? __fget_files+0x3a6/0x420
[ 1795.094200][ T1738]  ? __fget_files+0x2a/0x420
[ 1795.094236][ T1738]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1795.094284][ T1738]  ? __pfx_drm_ioctl+0x10/0x10
[ 1795.094311][ T1738]  __se_sys_ioctl+0xff/0x170
[ 1795.094340][ T1738]  do_syscall_64+0xfa/0xfa0
[ 1795.094372][ T1738]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1795.094405][ T1738]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1795.094429][ T1738]  ? clear_bhb_loop+0x60/0xb0
[ 1795.094456][ T1738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1795.094479][ T1738] RIP: 0033:0x7feeaf75f749
[ 1795.094500][ T1738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1795.094519][ T1738] RSP: 002b:00007feead9be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1795.094544][ T1738] RAX: ffffffffffffffda RBX: 00007feeaf9b5fa0 RCX: 00007feeaf75f749
[ 1795.094562][ T1738] RDX: 0000200000000540 RSI: 00000000c05064a7 RDI: 0000000000000004
[ 1795.094577][ T1738] RBP: 00007feead9be090 R08: 0000000000000000 R09: 0000000000000000
[ 1795.094592][ T1738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1795.094606][ T1738] R13: 00007feeaf9b6038 R14: 00007feeaf9b5fa0 R15: 00007ffda5aee5a8
[ 1795.094645][ T1738]  </TASK>
[ 1795.133791][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1795.134043][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1795.134729][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1795.134944][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1795.390960][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1795.391116][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1795.676974][ T1739] ceph: No mds server is up or the cluster is laggy
[ 1795.780432][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1796.010448][ T1569] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1796.308058][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1797.100412][ T1569] usb 4-1: Using ep0 maxpacket: 32
[ 1797.102838][ T1569] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[ 1797.102876][ T1569] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1797.102896][ T1569] usb 4-1: config 0 has no interface number 0
[ 1797.102947][ T1569] usb 4-1: config 0 interface 133 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1797.102973][ T1569] usb 4-1: config 0 interface 133 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1797.117469][ T1569] usb 4-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[ 1797.117509][ T1569] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1797.117535][ T1569] usb 4-1: Product: syz
[ 1797.117556][ T1569] usb 4-1: Manufacturer: syz
[ 1797.117575][ T1569] usb 4-1: SerialNumber: syz
[ 1797.162733][ T1569] usb 4-1: config 0 descriptor??
[ 1797.180456][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1797.256821][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[ 1797.432899][ T1569] usb 4-1: probing VID:PID(0424:012C)   
[ 1797.446157][ T1569] usb 4-1: vub300 testing UNKNOWN EndPoint(0) 0B
[ 1797.446183][ T1569] usb 4-1: vub300 ignoring EndPoint(0) 0B
[ 1797.446206][ T1569] usb 4-1: Could not find two sets of bulk-in/out endpoint pairs
[ 1797.446299][ T1569] vub300 4-1:0.133: probe with driver vub300 failed with error -22
[ 1797.502120][ T1569] usb 4-1: USB disconnect, device number 47
[ 1797.625728][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1797.732690][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1797.732917][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1797.737414][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1797.737559][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1797.990770][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1797.990928][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1798.388205][ T1792] ceph: No mds server is up or the cluster is laggy
[ 1798.502460][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1798.930894][T11803] libceph: connect (1)[c::]:6789 error -101
[ 1798.983572][T11803] libceph: mon0 (1)[c::]:6789 connect error
[ 1799.103410][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1799.650039][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1799.652868][ T1569] libceph: connect (1)[c::]:6789 error -101
[ 1799.653103][ T1569] libceph: mon0 (1)[c::]:6789 connect error
[ 1799.849266][ T1812] ceph: No mds server is up or the cluster is laggy
[ 1799.923407][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1799.931117][ T5888] libceph: connect (1)[c::]:6789 error -101
[ 1799.931353][ T5888] libceph: mon0 (1)[c::]:6789 connect error
[ 1800.972296][ T1834] loop9: detected capacity change from 0 to 7
[ 1800.973373][ T1834] Dev loop9: unable to read RDB block 7
[ 1800.973417][ T1834]  loop9: unable to read partition table
[ 1800.973650][ T1834] loop9: partition table beyond EOD, truncated
[ 1800.973670][ T1834] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1802.062034][ T1880] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1802.390425][   T31] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1802.555742][   T31] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1802.555776][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1802.617000][   T31] usb 1-1: config 0 descriptor??
[ 1802.653414][   T31] cp210x 1-1:0.0: cp210x converter detected
[ 1802.823768][   T31] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -32
[ 1802.823802][   T31] cp210x 1-1:0.0: querying part number failed
[ 1802.831325][   T31] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1803.249358][ T1920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1803.642609][ T8294] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1803.832727][ T1937] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1803.833171][ T1937] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1803.835768][ T1936] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11416'.
[ 1803.854777][ T1936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11416'.
[ 1803.892086][ T1936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11416'.
[ 1804.060672][ T5811] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1804.210529][ T5811] usb 2-1: Using ep0 maxpacket: 8
[ 1804.217543][ T5811] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1804.219396][ T5811] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1804.219458][ T5811] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[ 1804.259900][ T5811] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[ 1804.259933][ T5811] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1804.259955][ T5811] usb 2-1: Product: syz
[ 1804.259969][ T5811] usb 2-1: Manufacturer: syz
[ 1804.259984][ T5811] usb 2-1: SerialNumber: syz
[ 1804.304620][ T5811] usb 2-1: config 0 descriptor??
[ 1804.326034][ T5811] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1805.009784][   T31] usb 1-1: USB disconnect, device number 64
[ 1805.054462][ T1935] fuse: Bad value for 'fd'
[ 1805.057380][ T1937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11415'.
[ 1805.057711][ T1935] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11415'.
[ 1805.079948][ T5811] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 1805.106850][ T1935] (syz.1.11415,1935,1):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[ 1805.170741][   T31] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1805.171311][   T31] cp210x 1-1:0.0: device disconnected
[ 1805.614230][ T1965] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1806.745207][   T38] audit: type=1326 audit(2838217444.276:2266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1976 comm="syz.2.11431" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f633334f749 code=0x0
[ 1806.851318][T29418] usb 2-1: USB disconnect, device number 54
[ 1806.908127][ T1982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11433'.
[ 1806.920974][ T1983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11431'.
[ 1807.466683][ T1993] FAULT_INJECTION: forcing a failure.
[ 1807.466683][ T1993] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1807.466724][ T1993] CPU: 1 UID: 0 PID: 1993 Comm: syz.1.11435 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1807.466750][ T1993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1807.466765][ T1993] Call Trace:
[ 1807.466774][ T1993]  <TASK>
[ 1807.466785][ T1993]  dump_stack_lvl+0x189/0x250
[ 1807.466825][ T1993]  ? __pfx____ratelimit+0x10/0x10
[ 1807.466858][ T1993]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1807.466893][ T1993]  ? __pfx__printk+0x10/0x10
[ 1807.466935][ T1993]  should_fail_ex+0x46c/0x600
[ 1807.466972][ T1993]  _copy_to_user+0x31/0xb0
[ 1807.467001][ T1993]  iommufd_ioas_unmap+0x32e/0x4f0
[ 1807.467039][ T1993]  ? __pfx_iommufd_ioas_unmap+0x10/0x10
[ 1807.467077][ T1993]  iommufd_fops_ioctl+0x461/0x580
[ 1807.467111][ T1993]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1807.467152][ T1993]  ? __fget_files+0x3a6/0x420
[ 1807.467183][ T1993]  ? __fget_files+0x2a/0x420
[ 1807.467219][ T1993]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1807.467241][ T1993]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1807.467268][ T1993]  __se_sys_ioctl+0xff/0x170
[ 1807.467296][ T1993]  do_syscall_64+0xfa/0xfa0
[ 1807.467329][ T1993]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1807.467362][ T1993]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1807.467386][ T1993]  ? clear_bhb_loop+0x60/0xb0
[ 1807.467413][ T1993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1807.467434][ T1993] RIP: 0033:0x7feeaf75f749
[ 1807.467453][ T1993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1807.467473][ T1993] RSP: 002b:00007feead99d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1807.467496][ T1993] RAX: ffffffffffffffda RBX: 00007feeaf9b6090 RCX: 00007feeaf75f749
[ 1807.467514][ T1993] RDX: 0000200000000240 RSI: 0000000000003b86 RDI: 0000000000000003
[ 1807.467529][ T1993] RBP: 00007feead99d090 R08: 0000000000000000 R09: 0000000000000000
[ 1807.467543][ T1993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1807.467557][ T1993] R13: 00007feeaf9b6128 R14: 00007feeaf9b6090 R15: 00007ffda5aee5a8
[ 1807.467595][ T1993]  </TASK>
[ 1809.354248][ T2027] tc_dump_action: action bad kind
[ 1809.362762][ T2027] loop4: detected capacity change from 0 to 7
[ 1809.390519][ T2027] Dev loop4: unable to read RDB block 7
[ 1809.390571][ T2027]  loop4: unable to read partition table
[ 1809.390820][ T2027] loop4: partition table beyond EOD, truncated
[ 1809.390853][ T2027] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1809.400611][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[ 1810.555540][ T5811] libceph: connect (1)[c::]:6789 error -101
[ 1810.555785][ T5811] libceph: mon0 (1)[c::]:6789 connect error
[ 1810.587946][ T2042] ceph: No mds server is up or the cluster is laggy
[ 1811.899231][ T2075] ------------[ cut here ]------------
[ 1811.899247][ T2075] faux_driver vkms: [drm] vblank wait timed out on crtc 0
[ 1811.899994][ T2075] WARNING: CPU: 0 PID: 2075 at drivers/gpu/drm/drm_vblank.c:1308 drm_wait_one_vblank+0x571/0x5b0
[ 1811.900038][ T2075] Modules linked in:
[ 1811.900063][ T2075] CPU: 0 UID: 0 PID: 2075 Comm: syz.3.11468 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1811.900112][ T2075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1811.900138][ T2075] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[ 1811.900181][ T2075] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 99 39 fb fc 4d 8b 2c 24 48 c7 c7 60 4d 51 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 30 bf 5d fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[ 1811.900219][ T2075] RSP: 0018:ffffc9001508fac0 EFLAGS: 00010246
[ 1811.900256][ T2075] RAX: 6b42c42eba2dbc00 RBX: 1ffff110286e4001 RCX: ffff888078a6da00
[ 1811.900365][ T2075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1811.900381][ T2075] RBP: ffffc9001508fbc0 R08: 0000000000000000 R09: 0000000000000000
[ 1811.900397][ T2075] R10: dffffc0000000000 R11: ffffed101710487b R12: ffff8881437cf000
[ 1811.900415][ T2075] R13: ffffffff8b54fe20 R14: 0000000000000000 R15: ffffffff8b569b40
[ 1811.900433][ T2075] FS:  00007f29fec666c0(0000) GS:ffff888126df4000(0000) knlGS:0000000000000000
[ 1811.900454][ T2075] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1811.900470][ T2075] CR2: 0000000000000000 CR3: 0000000072d76000 CR4: 00000000003526f0
[ 1811.900489][ T2075] Call Trace:
[ 1811.900498][ T2075]  <TASK>
[ 1811.900514][ T2075]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[ 1811.900540][ T2075]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1811.900571][ T2075]  ? __rcu_read_unlock+0x84/0xe0
[ 1811.900603][ T2075]  ? rt_spin_unlock+0x161/0x200
[ 1811.900635][ T2075]  ? drm_vblank_get+0x148/0x260
[ 1811.900657][ T2075]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[ 1811.900682][ T2075]  drm_fb_helper_ioctl+0x116/0x140
[ 1811.900709][ T2075]  do_fb_ioctl+0x45c/0x750
[ 1811.900742][ T2075]  ? __pfx_do_fb_ioctl+0x10/0x10
[ 1811.900767][ T2075]  ? smack_log+0xef/0x3f0
[ 1811.900818][ T2075]  ? smk_tskacc+0x2fc/0x370
[ 1811.900862][ T2075]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1811.900928][ T2075]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1811.900951][ T2075]  ? __pfx_fb_ioctl+0x10/0x10
[ 1811.900978][ T2075]  __se_sys_ioctl+0xff/0x170
[ 1811.901009][ T2075]  do_syscall_64+0xfa/0xfa0
[ 1811.901041][ T2075]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1811.901075][ T2075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1811.901098][ T2075]  ? clear_bhb_loop+0x60/0xb0
[ 1811.901126][ T2075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1811.901149][ T2075] RIP: 0033:0x7f2a009ff749
[ 1811.901170][ T2075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1811.901189][ T2075] RSP: 002b:00007f29fec66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1811.901212][ T2075] RAX: ffffffffffffffda RBX: 00007f2a00c55fa0 RCX: 00007f2a009ff749
[ 1811.901230][ T2075] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003
[ 1811.901245][ T2075] RBP: 00007f2a00a83f91 R08: 0000000000000000 R09: 0000000000000000
[ 1811.901260][ T2075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1811.901274][ T2075] R13: 00007f2a00c56038 R14: 00007f2a00c55fa0 R15: 00007ffc2a098508
[ 1811.901314][ T2075]  </TASK>
[ 1811.901332][ T2075] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1811.901349][ T2075] CPU: 0 UID: 0 PID: 2075 Comm: syz.3.11468 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1811.901375][ T2075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1811.901389][ T2075] Call Trace:
[ 1811.901398][ T2075]  <TASK>
[ 1811.901408][ T2075]  dump_stack_lvl+0x99/0x250
[ 1811.901444][ T2075]  ? __asan_memcpy+0x40/0x70
[ 1811.901471][ T2075]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1811.901507][ T2075]  ? __pfx__printk+0x10/0x10
[ 1811.901551][ T2075]  vpanic+0x237/0x6d0
[ 1811.901573][ T2075]  ? __pfx_vpanic+0x10/0x10
[ 1811.901609][ T2075]  panic+0xb9/0xc0
[ 1811.901631][ T2075]  ? __pfx_panic+0x10/0x10
[ 1811.901671][ T2075]  __warn+0x31b/0x4b0
[ 1811.901692][ T2075]  ? drm_wait_one_vblank+0x571/0x5b0
[ 1811.901718][ T2075]  ? drm_wait_one_vblank+0x571/0x5b0
[ 1811.901741][ T2075]  report_bug+0x2be/0x4f0
[ 1811.901771][ T2075]  ? drm_wait_one_vblank+0x571/0x5b0
[ 1811.901795][ T2075]  ? drm_wait_one_vblank+0x571/0x5b0
[ 1811.901818][ T2075]  ? drm_wait_one_vblank+0x573/0x5b0
[ 1811.901841][ T2075]  handle_bug+0x84/0x160
[ 1811.901866][ T2075]  exc_invalid_op+0x1a/0x50
[ 1811.901890][ T2075]  asm_exc_invalid_op+0x1a/0x20
[ 1811.901912][ T2075] RIP: 0010:drm_wait_one_vblank+0x571/0x5b0
[ 1811.901940][ T2075] Code: ff df 80 3c 08 00 74 08 4c 89 e7 e8 99 39 fb fc 4d 8b 2c 24 48 c7 c7 60 4d 51 8b 4c 89 fe 4c 89 ea 44 89 f1 e8 30 bf 5d fc 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 a7 fc ff ff 44 89 f9
[ 1811.901961][ T2075] RSP: 0018:ffffc9001508fac0 EFLAGS: 00010246
[ 1811.901980][ T2075] RAX: 6b42c42eba2dbc00 RBX: 1ffff110286e4001 RCX: ffff888078a6da00
[ 1811.901999][ T2075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1811.902013][ T2075] RBP: ffffc9001508fbc0 R08: 0000000000000000 R09: 0000000000000000
[ 1811.902029][ T2075] R10: dffffc0000000000 R11: ffffed101710487b R12: ffff8881437cf000
[ 1811.902047][ T2075] R13: ffffffff8b54fe20 R14: 0000000000000000 R15: ffffffff8b569b40
[ 1811.902090][ T2075]  ? __pfx_drm_wait_one_vblank+0x10/0x10
[ 1811.902115][ T2075]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1811.902145][ T2075]  ? __rcu_read_unlock+0x84/0xe0
[ 1811.902176][ T2075]  ? rt_spin_unlock+0x161/0x200
[ 1811.902207][ T2075]  ? drm_vblank_get+0x148/0x260
[ 1811.902229][ T2075]  ? __pfx_drm_fb_helper_ioctl+0x10/0x10
[ 1811.902254][ T2075]  drm_fb_helper_ioctl+0x116/0x140
[ 1811.902281][ T2075]  do_fb_ioctl+0x45c/0x750
[ 1811.902313][ T2075]  ? __pfx_do_fb_ioctl+0x10/0x10
[ 1811.902338][ T2075]  ? smack_log+0xef/0x3f0
[ 1811.902389][ T2075]  ? smk_tskacc+0x2fc/0x370
[ 1811.902433][ T2075]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1811.902491][ T2075]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1811.902513][ T2075]  ? __pfx_fb_ioctl+0x10/0x10
[ 1811.902541][ T2075]  __se_sys_ioctl+0xff/0x170
[ 1811.902571][ T2075]  do_syscall_64+0xfa/0xfa0
[ 1811.902604][ T2075]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1811.902637][ T2075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1811.902660][ T2075]  ? clear_bhb_loop+0x60/0xb0
[ 1811.902689][ T2075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1811.902712][ T2075] RIP: 0033:0x7f2a009ff749
[ 1811.902730][ T2075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1811.902750][ T2075] RSP: 002b:00007f29fec66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1811.902772][ T2075] RAX: ffffffffffffffda RBX: 00007f2a00c55fa0 RCX: 00007f2a009ff749
[ 1811.902789][ T2075] RDX: 0000000000000000 RSI: 0000000040044620 RDI: 0000000000000003
[ 1811.902804][ T2075] RBP: 00007f2a00a83f91 R08: 0000000000000000 R09: 0000000000000000
[ 1811.902819][ T2075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1811.902834][ T2075] R13: 00007f2a00c56038 R14: 00007f2a00c55fa0 R15: 00007ffc2a098508
[ 1811.902873][ T2075]  </TASK>
[ 1811.903192][ T2075] Kernel Offset: disabled