last executing test programs:

9.907733822s ago: executing program 0 (id=1294):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000000000001400000018000180140002006e657464657673696d3000000000000005000c000300000008001600ffffffff080003000d00000008000f00050000000800040019dc0000050019"], 0x5c}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001cc0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000080)="6ba095cec5061c959f6521", 0xb}], 0x5}}], 0x1, 0x40400c1)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000"], 0x7c}}, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r7=>0xffffffffffffffff})
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r7, 0x100000000)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="50010000100013040000000000000000000000000000000000003196ffffffff200100"/53, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000006000000025cac5216d1c8af0a976902918bf448c5d9f5459"], 0x150}}, 0x0)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x5, &(0x7f0000000240)=0x2, 0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r9, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r10, 0x1, 0x70bd2d, 0xfffffffd, {{}, {@val={0x8, 0x1, 0x40}, @val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x2c}}, 0x4002800)

9.670063698s ago: executing program 3 (id=1296):
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_usbip_server_init(0x4)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0)
write$usbip_server(r0, &(0x7f0000000540)=@ret_submit={{0x3, 0x1, 0x0, 0x1, 0x4}, 0xfdf, 0x2, 0x1df, 0x0, 0x1, 0x0, "e405"}, 0x32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, r1)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

8.498624305s ago: executing program 0 (id=1297):
r0 = syz_open_dev$video(&(0x7f00000010c0), 0x0, 0x0)
timer_create(0x2, 0x0, &(0x7f0000000240))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e00000001000000050000", @ANYRES8=r0, @ANYRES32, @ANYRESHEX=r0], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r4, &(0x7f0000000180)=[{0x10, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @control}], 0x1c)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r5, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1013})
syz_open_dev$usbmon(&(0x7f0000001140), 0x100000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

8.481231533s ago: executing program 2 (id=1299):
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
open$dir(0x0, 0x6040, 0x0)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
read$dsp(r0, &(0x7f0000000340)=""/108, 0x6c)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r4, 0xc01864b1, &(0x7f0000000200)={r7, 0x3, 0x0, 0x1, &(0x7f00000000c0)=[{0x3, 0x2}]})
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0)
pread64(r8, &(0x7f00000007c0)=""/29, 0x1d, 0x9)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x8, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unlinkat(r0, 0x0, 0x200)

7.303620454s ago: executing program 1 (id=1300):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r1=>0x0})
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r3=>0x0})
sendmsg$can_raw(r2, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r3}, 0x10, &(0x7f0000000200)={&(0x7f0000000fc0)=@can={{}, 0x0, 0x0, 0x0, 0x0, "b171164680a4bf03"}, 0x48}}, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r4, &(0x7f0000000000)={0x1d, r1}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}}, 0x24}}, 0x40044)

7.303059836s ago: executing program 2 (id=1301):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r3, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r2, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000240), 0x4)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_io_uring_setup(0x110, &(0x7f0000000300)={0x0, 0xa570, 0x400, 0x6, 0x399}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xffffffff, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_TEE={0x21, 0x58, 0x0, @fd=r3, 0x0, 0x0, 0x2, 0x1, 0x1, {0x0, 0x0, r0}})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000000706010100000000000000000100000805000100060000000800064000000004"], 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x4000)

7.269479308s ago: executing program 0 (id=1303):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x1, 0x100000}}}}]}, 0x44}}, 0x44080)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x34, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0x0, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x4000)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="d8000000180081054e81f782db4cb904021d0800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370401a8001600a40003401c000100035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)

5.794080276s ago: executing program 4 (id=1304):
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000004c0)={'tunl0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x8, 0x700, 0x5, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x64, 0x0, 0x4, 0x4, 0x0, @empty, @multicast1}}}})
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04221f20aaaaaaaaaa123044666e62fa100005aaaaaaaaaa11080208e0bd41010005"], 0x22)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$sndpcmp(0x0, 0x1, 0x203)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r1, 0xc1004110, &(0x7f0000000000)={0x0, [0x7, 0xffff133a, 0xb], [{0x0, 0xffffffff}, {0x2, 0xffffffff}, {0x0, 0xfffb}, {0x0, 0xfffffffe}, {0x4}, {}, {}, {0x7}, {}, {0x0, 0x1}, {0x5, 0xffffffff}], 0x10})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
getpid()
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x4e20, 0x3, 'wrr\x00', 0x3, 0x4, 0x200072}, 0x2c)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'lblcr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e23, 0x0, 0xcb, 0x12d5f, 0x12d5c}}, 0x44)

4.884329636s ago: executing program 2 (id=1305):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000cc0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100008}, 0x50)
syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(0xffffffffffffffff, &(0x7f0000000040)=0x2, r1, &(0x7f0000000080)=0x8000000000000001, 0x7000000000, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280), 0x48302, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="85000000510000006600000000000000160000000009000095"], &(0x7f0000000140)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x40400, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x5)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.833631403s ago: executing program 0 (id=1306):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1000000000000010, 0x80802, 0x0)
socket$inet(0x2, 0x4000000805, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0500000000000109022400010000000009040001090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r1, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0xfffffed4, 0x2000000}}, 0x40)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0022220000003613de0bfa9e274a0700000000ab849b917383e633c1aac7a637d8446047cacb7460"], 0x0}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x3, 0x3ff, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x1716, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x100000]}, 0x45c)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r3, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYRES64], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)

4.766211772s ago: executing program 1 (id=1307):
chmod(&(0x7f0000004480)='./file0\x00', 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x1ff, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = socket$igmp6(0xa, 0x3, 0x2)
bind(r0, &(0x7f00000000c0)=@sco, 0x80)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80c080, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={<r4=>0x0}, 0x0)
ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000240)={'\x00', 0x80, 0x4, 0x5, 0x9, 0x8, r4})
r5 = dup3(0xffffffffffffffff, r2, 0x0)
write$binfmt_misc(r5, &(0x7f00000002c0)="410bd4c99ee65bb3c061e58f230ea25de04ec97c54ed86d5036291920bf55b354a89d4c6dbaabfd7cc9d89f3b34aeb1925fc9626fcd305ed11ef4b4a59be7733703fd1a5efbdd2db2d33c33b", 0x4c)
socket$netlink(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000001640), 0x2, 0x0)

4.754208354s ago: executing program 4 (id=1308):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r2=>0x0})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r3, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000000040)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}}], 0x1, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, <r4=>0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file5\x00', 0x200, 0x4c02)
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000a40)='./file0\x00', 0x2)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r6=>0x0})
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180200000000000000000000000056a8850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r9, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r7, r6, 0x25, 0x2, @val=@tracing}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '(#\a', 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000040)={0x30, r4, 0x0, 0x0, 0x0, 0x8000, 0xe, 0x0})

4.729816084s ago: executing program 3 (id=1309):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000000)={0x14, r1, 0xf01, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2801}, 0x20000008)
r2 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x2c58, 0x0, 0x0, 0x10e}, 0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='oom_score_adj\x00')
read$msr(r4, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
timerfd_create(0x0, 0x0)
r7 = syz_io_uring_setup(0x35ba, &(0x7f0000000080)={0x0, 0x0, 0x11900}, &(0x7f0000000000)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x2def, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x88}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
socket$rds(0x15, 0x5, 0x0)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x0)

4.012619554s ago: executing program 1 (id=1310):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="000091000000000900001f000000000088a8000081"], 0x56)

3.778113067s ago: executing program 1 (id=1311):
syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="77c0458c45f1cbc5330e0b11601e471221000089bd74c8374abd61265dd652f0ab6f1517ee40f00a00000000010203060901f124b407a09b2fef6ef33c438f5f07778ce23c317281ed9f33ed"], 0x0) (async, rerun: 64)
syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003000000082f17000540000102030109022d00010104a0c70904000f02030103ff09210600ff0122570409310f2e77ab05810300020c080300000000"], &(0x7f0000000200)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x0, 0xbf, 0x5, 0x10}, 0xec, &(0x7f00000000c0)={0x5, 0xf, 0xfffffffffffffd6e, 0x2, [@ss_container_id={0x0, 0x10, 0x4, 0x7, "d82d0bad0619006c9d7fa4b912ebe01b"}, @generic={0x50, 0x10, 0xb, "4cc51c42c2e169d07f1961ed0c6567e1ada71111cd7f5715da4c999a28fa1023c2aeea4e28cf997588a1acc2b484e554238dca1c2b87b05bf9ce3d0627adac9957cceae70f690290c537ef3298"}]}, 0x1, [{0xa0, &(0x7f00000002c0)=@lang_id={0x32, 0x3, 0x1409}}]}) (async, rerun: 64)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r0, 0x65, 0x1, &(0x7f0000000080), 0x1d0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0}) (async)
select(0x40, &(0x7f00000000c0)={0x7, 0x9, 0x8, 0x0, 0xad6, 0x4, 0x5, 0x8}, &(0x7f0000000140)={0x9, 0xffffffffffff5cff, 0x9, 0x4, 0x0, 0x6, 0x4, 0xd}, &(0x7f0000000180)={0x92, 0x6, 0x80000000, 0x794, 0x200, 0x5, 0x8, 0x1}, &(0x7f00000001c0)={0x0, 0xea60})
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
r3 = socket$key(0xf, 0x3, 0x2)
syz_clone3(&(0x7f0000000440)={0x4000000, 0x0, 0x0, 0x0, {0x2000000}, 0x0, 0xffffffffffffff83, 0x0, 0x0}, 0x58) (async)
recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) (async, rerun: 64)
setsockopt$sock_int(r3, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) (rerun: 64)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x10}}, 0x0) (async)
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, 0xfffffffffffffffc) (async)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
mount(0x0, 0x0, &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000))
wait4(0x0, 0x0, 0x80000000, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00')
bind$can_raw(r0, &(0x7f0000000080)={0x1d, r1}, 0xfffffffffffffe3f)
syz_emit_ethernet(0x5e, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x7, {[@nop, @md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}]}}}}}}}}, 0x0) (async)
close(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x519002, 0x0) (async)
r4 = socket$unix(0x1, 0x5, 0x0) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x1, 0x0, 0x0, 0x2}, 0x10}}, 0x0) (async, rerun: 32)
r5 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0) (rerun: 32)
ioctl$SG_GET_VERSION_NUM(r5, 0x2284, &(0x7f0000000080)) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

3.702003583s ago: executing program 1 (id=1312):
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
open$dir(0x0, 0x6040, 0x0)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
read$dsp(r0, &(0x7f0000000340)=""/108, 0x6c)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r5, 0xc01864b1, &(0x7f0000000200)={r8, 0x3, 0x0, 0x1, &(0x7f00000000c0)=[{0x3, 0x2}]})
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0)
pread64(r9, &(0x7f00000007c0)=""/29, 0x1d, 0x9)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x8, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unlinkat(r0, 0x0, 0x200)

3.694000968s ago: executing program 4 (id=1313):
ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000040)={0x8})
timer_create(0x2, 0x0, &(0x7f0000000240))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e00000001000000050000", @ANYRES8, @ANYRES32, @ANYRESHEX], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r3, &(0x7f0000000180)=[{0x10, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @control}], 0x1c)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r4, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1013})
syz_open_dev$usbmon(&(0x7f0000001140), 0x100000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

2.696195326s ago: executing program 1 (id=1314):
r0 = socket$igmp6(0xa, 0x3, 0x2)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x4a, &(0x7f0000000400)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0600", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
openat$uhid(0xffffffffffffff9c, 0x0, 0x802, 0x0)
syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x34, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x92, 0xdf, 0x55, 0x10, 0x5ac, 0x9226, 0xb289, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x22, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0xe9, 0x0, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "d77b5d2898"}]}}]}}]}}]}}, 0x0)
semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000000080)=""/218)

2.522245998s ago: executing program 2 (id=1315):
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x6}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000200)={0x1, 0x0, 0x80000000, 0x8, 0x8, 0x0, 0x1, 0x2, 0x2000000, 0x0, 0xfffffffe, 0x2000000})

2.473589405s ago: executing program 4 (id=1316):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000000)=0x1c, 0x4)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(0x4)
fsopen(&(0x7f0000000040)='9p\x00', 0x1)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x800)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r5)
mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8)

2.246417439s ago: executing program 3 (id=1317):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000002c0)={0x0, 0x9}, 0x8) (fail_nth: 3)

1.794041818s ago: executing program 3 (id=1318):
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000004c0)={'tunl0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x8, 0x700, 0x5, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x64, 0x0, 0x4, 0x4, 0x0, @empty, @multicast1}}}})
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04221f20aaaaaaaaaa123044666e62fa100005aaaaaaaaaa11080208e0bd41010005"], 0x22)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x48040}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$sndpcmp(0x0, 0x1, 0x203)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r1, 0xc1004110, &(0x7f0000000000)={0x0, [0x7, 0xffff133a, 0xb], [{0x0, 0xffffffff}, {0x2, 0xffffffff}, {0x0, 0xfffb}, {0x0, 0xfffffffe}, {0x4}, {}, {}, {0x7}, {}, {0x0, 0x1}, {0x5, 0xffffffff}], 0x10})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4)
getpid()
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x4e20, 0x3, 'wrr\x00', 0x3, 0x4, 0x200072}, 0x2c)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'lblcr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0x64010102, 0x4e23, 0x0, 0xcb, 0x12d5f, 0x12d5c}}, 0x44)

1.564160301s ago: executing program 2 (id=1319):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7000000000000e6610a000000000000070000000000000095080000f5990000"], 0x0, 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0xb, 0x0)
r0 = syz_io_uring_setup(0x5be6, &(0x7f0000000080)={0x0, 0xac3a, 0x13589}, &(0x7f0000000100), &(0x7f0000000040))
socket$netlink(0x10, 0x3, 0x7)
io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4)

623.013767ms ago: executing program 0 (id=1320):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
iopl(0x3)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f00000001c0)={0x42, 0x0, &(0x7f0000000180)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r6=>0x0], &(0x7f0000000200), 0x4, r5})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000180), &(0x7f0000000280)=[r6], &(0x7f00000002c0)})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYRES8=r4])
pipe2(&(0x7f0000000080), 0x80000)

622.198727ms ago: executing program 3 (id=1321):
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32=r1, @ANYBLOB="b83f751c76c8a68502641e", @ANYRESOCT=r0], 0x20)

469.579759ms ago: executing program 3 (id=1322):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$netlink(0x10, 0x3, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
eventfd(0xfffffffd)
r2 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
getdents(r2, &(0x7f0000001140)=""/4096, 0x1000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x38}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', r3, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})
syz_usb_connect(0x1, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x86, 0xc4, 0x8c, 0x10, 0x5ac, 0x243, 0xd252, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x9a, 0x4, 0x0, 0x3, 0x49, 0x2, 0x5}}]}}]}}, 0x0)

397.420975ms ago: executing program 4 (id=1323):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000009500"/24], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}})
ioctl$sock_inet_SIOCSIFADDR(r1, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
madvise(&(0x7f00004ec000/0x1000)=nil, 0x1000, 0xc)
mlock(&(0x7f00001e9000/0x1000)=nil, 0x1000)
r2 = getpid()
setpriority(0x1, r2, 0x81)
mlock(&(0x7f000000b000/0x4000)=nil, 0x4000)
mlock(&(0x7f0000353000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000984000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00001fa000/0x4000)=nil)
mlock(&(0x7f000010c000/0x3000)=nil, 0x3000)
mlock2(&(0x7f0000059000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f00007b0000/0x4000)=nil, 0x4000)
mlock2(&(0x7f0000568000/0x4000)=nil, 0x4000, 0x0)
mremap(&(0x7f00003f7000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000705000/0x2000)=nil)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f000026f000/0x2000)=nil)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x275a, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280))
io_uring_enter(r4, 0x47f9, 0x0, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r4, 0x40309410, &(0x7f00000001c0)={0x0, 0x4, 0x1, 0x2, 0x3, [0x1, 0xc, 0x1000]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28051, r3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0)

363.840739ms ago: executing program 2 (id=1324):
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
open$dir(0x0, 0x6040, 0x0)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
read$dsp(r0, &(0x7f0000000340)=""/108, 0x6c)
mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f00000024c0), 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r5, 0xc01864b1, &(0x7f0000000200)={r8, 0x3, 0x0, 0x1, &(0x7f00000000c0)=[{0x3, 0x2}]})
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/asound/timers\x00', 0x0, 0x0)
pread64(r9, &(0x7f00000007c0)=""/29, 0x1d, 0x9)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x8, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
unlinkat(r0, 0x0, 0x200)

51.784623ms ago: executing program 4 (id=1325):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x40108, r0, 0x20000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x1f, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x81}, @map_val={0x18, 0x1, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x401}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x7}, @alu={0x7, 0x0, 0x4, 0xa, 0x0, 0x80, 0x4}, @printk={@lli}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
read$FUSE(r1, &(0x7f0000007640)={0x2020, 0x0, <r3=>0x0}, 0x2020)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$sock_buf(r4, 0x1, 0x1f, 0x0, &(0x7f00000011c0))
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000004c0)={@cgroup=r5, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x8000000}}, 0x50)
accept4$alg(r0, 0x0, 0x0, 0x80c00)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0xb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
write$P9_RXATTRWALK(r6, &(0x7f0000000280)={0xf}, 0xf)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c0000000000000000000000180100002020752500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
r9 = socket$igmp6(0xa, 0x3, 0x2)
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r9, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r8, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x12, r7, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000004200)="76bd34db1f0e8ac87d261cbfa820bedad13f0f253432c66cfee85627963dfd6481e99f3a27bb5e64c0da42e142e3c4159b1704304df85183388a127ab65bf6592b8694c2316de2cc1b30139daa44a99825670899109f3e5a77c55a08574eecb441da8098101cd28829c2d422d7ac01a6ecce0ebea4289509bcca13cdb29cb78056d19fdbb4e6ef1d39ef001e39da940069e919dce001700ac7ed75bb038f5fd51590ae1277e8881d4d735ee37e38ddcda5cfd32b4351f632c144af590bb4f090bac217cedb89fbd03d2a4cf898aaf1ae4b4f1120f80338363c08ed1e469609fbd6670a4ab9a2018f6b5f65350e4a0f02367cb78b774d9e0975e281f11c89981e3e33b72b8674959fa0c92141ede95a50de528746fb130a365e80059ccb77815c55511d909c9788142a9b799fd05f0b8eb1fa6193269fe5937169c8c3ed266a00a071b515a0cb66a9158f730f6466e3d81318ef0208f7573f0a8bf1825aad174389be150a815d66496f9203dbc67ae78b8c6965bd9fb29b8f40ee04d3a13e80e5cc8ef015fec6098e115fd2a743db5618512a4875060ec3ea1f3510003d73462221805d84f5a7e7e11702957d8742233e5012ce377b8b33fce7f64c38922337377e3cfd54ababcb6b16fd6e937f013a2f01c20a6ef00cfd1d9834a82eca09143677032ed92b8fe55f0314a12d7b0d28718d0d0aa6b14ab0ee1af972a61836efee3a1bbe44e3620f648ca35fc998bc32e766e5137a87d7e486472aea3e4623dc1869f0b1e5670501047598b8c4adf4f39dbcfcb64d9007f8b3eb2b3ce17954c82b44716e1d6de0807314c87d8a3747fc69f70b0b43a99a2093ce00eb82c96a935a9548f30e1192bfd566264b9aa31987e98398e44a3c48ca6531c5ba9918c3de68742ca48c78fd175b6a83cf46b766541bfcd1bf3e0e4f4a411923da88033935819ee6ed79e3e9dadf1a32d2ba44e70b6c8a291a6d2334015ea7720bedcb74f66418d1aadf534d135dbebc1823e594c924068dfba27c40b588362aca213037819101a09ebf54e02a360d9852e1095e097e2091df0edb9b9aad4c79d0a5bddae33e023b1f828e3967fd6278ddf1dff60395be0d460196da94d1a83bfd6b7d894deda97db3ee0483a722b0932383e838d127677a11a9e89f3c3e0d62b7fe5bb7efca04c74770f09197641351604a2c8956fea7fbfce66a0beaf65595ba9914cf663a9dae3792b83f39c15def41d86c23bb71ad1d8fef221bc91e556bc316122576dc3ba02980e2c45cf401ab648af923529063d6bfca2b5e9088c53346bd6c2266f48db2e6600a75f85fd18c333fefe712489a8de9f5713b28e56a0cb52d675c2b952b9f339bcb8a7d71f0aa4dd167b3ff83cd7e8e4991eedd544cc28fba62657996b2f7a3f96985cfc6e808d20dfc864fd2bc4915a5cd18cb496c1d98905450812bfe7d15d5b6c27cb1afe2f758e8e0193450d1729b0dc2364ff3aeb16f14172d82d1bb61f1ad6245abce17cf7c6cb8b84eb0b4eca4fb01a03f5658c2ed8cfd6f492b95543c39cefe3f53af90320c83297cd70f6df8baa07fb25d85f778801b7791196640e0497a6f7699b55e535647b7cc20b028bf699dc581ec472e88fb483c25625e03f6f423203eb70e2f710b06c232d9f1eeb988da7848203d8cdedfc14f9701d2f32caaacd2a55142bd7e05698b5dff99f68ffa2a09c760bc0efcaa8241a8918e9cfa8831108e0cb6a75846ef45ae2e0fe970e395f0ae36ab446695461c73af710a0746a84a47d81c094720b78176677235b149b3c7e9eac290d5473108edb9a9c3f98ea8f8e67c3ed7dc7860bc0b5418eb3909b8212424bbcfc2ccde443105fab0c5e92120f40b0cd29603de3b3410cc5dde3262ea7cd59839ffb3ed49b9ef4f7341852538add7a939cc4c957c8fda0ba42fd7d37b4bb823554d0df0c12bb8f792fc32229ee22b3b77d66f84b0369e6068d7badd4b18b29620dcdda334614ad49f2c4210c075140fcb17c0cd70a3a07307eb9530612da16e0d8b29fbd0c7fa2061df4a203f8b9a8088b96735c0f692feb85e3895a2273a0bdcd24e6ba4280c372bafce33ec66b6a1947a2065f4eec6207ebe16515066fad0ccba7dbdcc804f578fcb35408af2599b353e8ae8d67f4a6e3c3665d731107a1eda766986ab0e284dd24027421398751e0180bc597aa37ba29e3434b78d62f3316c3e39a3f6e8ab88b4b6c4862912cf728d3776cb6112b0934342b4c7766cb79bc734fc7c74ee2bb3c6c6640229d284a7a5358603c0050304f44059506ea4ca703a8e1ccdc07b0df0e05af154852b2eaf7c3d2d262412fc2b939fbf68729191dcaa8cee9d0682f10052153a0088193081128d9496f1e51536789a2ee34f17ced7fd57152f169b39f4b040ba9470b5dd31a11a0e5277a8d767181c7fcad29c1191f908d4dfc6d95dd3de01d8a70c3bdd995f32190538c5d935f6944c94b5d8ade52990c35c8b574cc91772e2368f07742a41d8c140f0a5723e1018a6ae89aa2fe6791400d97fd7513d9be7e3377c8252389ddfdff5e4aba81fddcd6a300a7355831bac02fe020b32189c2766444699189b8ab22e7e5224f795f9974cb5345fbd14d8227d923f1184ba9a8aebff0e4e89c0e3e8eb7df2dc616165107a2beb1495157ded678ff079aec6fd82e95136ebe3a24db2efd9d91594f829e9121279a9e6fe72481b7258290cadf17cc1df5d7d9e6373ae6a29d1174f4fde8578247c5eb16981c67add50e0348877fec0679127c008a349ed91bff1a6de23871335e029d8327eaf0ad07e30a069634b3f1eacfdd88868688d8515653ac5ab98df24c0bed2fe753cd54e668299786239a50c0acae878fcea5e33002bca54b5aca34463317681b56ad39208eac5d41d5a38e539232bb89fe04ac0d012d60a9bd47c855fb78e2e0aeb4a841ef1e2d3ceac015696c115e9fe3b11f6ecc82cb0d6b278b7aa4069e5550870faffa17b87612fd8d6a78efbf352620a54118980c0f100621c0f896d63374c6f978c1b2934a18c538ec4603296953a47e2326c1c4dfb323a76b4291c4fe18656e5c1849e48aeee6f3c24481b7335e9147d8408bd50efa644374b15196598702bdf17fdca15164287a2f70006579f08ca3be353e528c9d14e2f0c5c98fb96c017ae0dcce1863814dc99610ed9556fabd52fe27a5b330922b4b1af3dda82155605940807658ddbe598683ef040e58b09d3c7337bb91213911cf524d8a1e5d0121a74cf391f7a956f4114f94062189bc4bd4a3bdf51def19d240a824bb524c074bf11992de6b40c747c89c13c50ed6123f08349f726d9681a40b62f44a63f7ac1989d4d39924323b9e908bf1f6aabbd1748609f72e08b9f08dd6281d7757408523c8a2b63c71ca7d437df9e62c20a4216425343343a06010cbc5d0119e44d42983849ed6484b97462768010cdc5a7020f05a809b81a98e0faa3a49ce15cf496b37b548f09c358dadaa55386d4d6fc4d83ed1ebb785f3026916e73b68c1683450697bab49119e3abb323851aeffee6ad8699f0c4a1c40b704b275542470c4c9e8b1d2e58ef274cb0ca01112f4ea04d318080d7ab57564412540a15c7f059c2ac06e723a867043110d3f8ae1de4e1452fbda3da6676184202a9a5213ed273e1c7a6943b7bdb48b52930bbd1085ad41e8d4efad477d4f2914deb993c48933bc62a37725605e27089120e274b8017bda329d8f599c8188d47f0c7fd4d3935a11f1691a9514a6446fde6d7ed1785ac8f145452120c9c026d63f0245a97962d91ccf58d9b6044260809b30263531e1703e388548f24121a155b6cec1921c07ab31aaf7209054a85407bc7b9d14b3397d4ae57a1078ddd0fcab4583df6b5dcf3380d49bd1b7a39e5ac01bc791f32d4e823abbd8ce8c927d1de1515e529d8af373fdf6d036b5a7562ea73fae0874c9d5ebb4235b209a236163f17f3f4024d2648b439bd5c5f97d5766d6d869af60216cd48f8ca7641ca768e90ce025f03040ab5e07705476cb1a648fd5057de42062f1727e28c9dd577b6d70f51d7dde26b0ee2dde97593e202dcdd61ce77e654d72c8979c7d0fefea5d2bef5841a2f034b2422fd8db5444dc5d3e89323b631dbf68e9b4e3de3d3dce5309b42389a0be270623bd150891464ac3982b67ad76cae1bd4e71af2f0e510e4586bff7024f4b99397c4567ea421f2dd5ea45d381455f5d8402b267132f8d3a9772a10df83a41b5222a80bdc01932b33f1a52b7288901c95179efe7b248b105eae74ecad0e79d6214cb8356644f6d6d62eab8a53778c663aa574de41ef72ab75138ffaca6e9d85242efa5351f6b10698abf96e1af198478922fd4401bdab7a1b0f34a693fff40dac8f2c508dff6131f65c90713c8126e41df4099c8dfd9e3830526b536d9c7f34854e3c64c56daacb2e67dd24c01cd9ef11b9af300e69f56b8e593321732282fb1bc8854b25cdb821a70dd7ef055812dd203005672d4b591eb33beb2a96cc5c5219c8017c15e3780e57c078506c6855dceacb36595f9e83e9db802c14046571a8f6af0fad452a623c16c7c9f4127f4b3f39aa546880569abbbaf5eceb4dff12a22e0ee24b3c02dc491d0dbe28f7b771bba1ffb2bd602f13a0c7355e081b96e227b2c2a96bf308bfeb5584b67d9fb072ccf438509cbebbd31be8f04307f64090ad26b5598f8db4f877f6fa540bc2843fe9b8bb03a8abf2fd3fe4a775aec757e84d247d5b0a8dbfd825b400bc36630c1e27e195b3d80e19e72b58c73ba58722abfe935533e8099169f9ad933dde4d4e24cbd1e3097e9978764d0245a6f517b41f2716596de8ed6bc98c4004c7a0a70d198512e8107e169b0f8298359ea6f2645b17e8d6117d6c74b70ac5fc383c82750e628231f0e309b3b9f0c52ed0ca284a4ac0ebcca920cef38185c5b8e1fa8bebba49d57f28d67e4329080fd5bc4d0f428297645ba8e21dc4a45f8ea2890fa27fdb0830ca5c1f2f0fdec179b950f6c20299e21edcd102467594c0da4aecd9e08844fefb9add9b5cd919a444c18427a193690564b98fce41e0aeb0798c4e7c1c4b3568ee52dbcac18587a1ee200a338e669f920c61c7e0aa3f1e313089d3e83757737d65c37bd62e18cf36d429ec6a44dce340749aca1a1c04efbe5a04518e1c1388e6a4083374d87b3dde0d3d8d074debd348facc375a754b7e0ff8fcb3c0e6affca84a139d6fa599e6e49c75ab5a9f9c1bc5143e399d7d77cc06df28a7da271848790bf1739e7b0bace75d304fa6d801a993b0be95b551b47ee857a35290e602395b7a9bfcb789c35e0fdff8da551d0ee7d6115bcb4ea43665d015e7c5c2a52120a3c869c3d52d76e3589a79cd20dbfed1f4d131477203a71e3682f20abd5f18df83ad543531a1ca5e7040065ef13e51313bae0b4723c6bf162f6b0db596a6edd3a3b0b9211025db9b68a566789b7b2eed6476d19d17cd9dcfa4afad4802ebff224092be1f2710bedfe6668f91ef7e197f26400e2f6edeed0425bb8ba68b1bb6a9d879c43789d6ef1fd8ae9e0b47ceadc1af9bfe97c128d1f333d861484f8c8cd58b04fd74e24d728b63b66eaa7b18cefd2125a51d2a2e7ebf9ae459ab0e67bec4fd5bc71747b665a324cd1ace2efcd317dcce3eda7c30e4055a7a9a0f9df4fdcd7b77b93d2f2dc801812dfe986945052a4fb5e784ea2352509f13a69981633693f9be21d9e1e9b3b8fd05b38db7260139087ad9e7304ae580a854d3b54f95ea605425c1155125bd98e36452bc3207aad9ca5056740424224f24282201eadcf99a07bbd7e2c667efc72505285bc4d8298537ff589b3fd4c93a290b2f751a1b57361e2fd3f0cc27ac5f485e00a30b0584e2401d64c1669ca47eb93053687177c3187bc01daa8b48f89149e63fb2481e84bb0e9208937869849f9965fc1a27930415b00176c95946b073e253e395d6b62b1fe1edcbdd1f216ca3bbec8a56e1d38b4c63e4a07b4b43feb593c3d0c3f0eb4bfe399826e2334ca623fe291fa9ea4285b9bce401b3b2f86dc3139708a25c89c746c747ae14b37aacd7fa7de1be7e1942ad746252572a840936ec14bf01391e7ffca737f8be5759b5b99825ac8eb4d06f7a44faed78623cf7ccddd9a4798e513f7e1113bb776606a4a5ef86b7e2a335410653664c0efec882322f1c02781ef8c3cfab62862586fcccbfdd0dcaea01e6f9cd4ea0c22ec9b5b822d5a3d84f5119ed4b084f7645f47446e2e13a68be0323e4088f9553956330fb14bfc08f44a7c3a9ffc6860740704a5e28fd569cd65936f1286bc7b318b95304ec45ffdd98965681688c819f8e96f71555228f9ce680d6d96cb2a00cf2eedd00520a4b7e79d5fb52b18c72140f5a394823701e6a5bdea6942377fecfafb8236c7ed29c34677897033454ba7cc2dc83eba09c75df582ee95f534ac5bc91622505108e69275cd74d1763d31a807d85a843a31a46c0cd69f7e37c576f4e4075bcfcda87b2f4db8b88e84c4882d46aa84741514777e9426e8b1fbaf6cb51eaa52e0725d2ed1f2128a85f90bb3bea373150182146d6b684dc558cbc8ecc3c670e3ab5c9c5919a8111021f01472887f278ae366076a95828e43c794171c965c86ab10c294733f79bc5adfdaf59e60a57b985801f3de2c17a21a15db0ba9d68cea76012842d26b261ae83bb2827c463f3ed828e2ef87475f8b4ed8d9f975f726cb543565eb32333a7eb05b8198a1662738f925cba835eb4f0f09913cd71aa1d9f5853cb910ab0d1b37a6362a2b5809147193cc205e3cfb65cfb7cadb436cb83d5098cf6cef4800ab60f5a09404115a3dbb2cec9c1fd18c00930629a7a487396ccc0845ed667eb09b0b8b4f61c157d52828c1be0fb03a75bde1d1041a4304a358763160b55e9501946cc35d2e702a4df0465520602a2b3ac9e3a6a56d4f30d9215bb3b87053605d7efa35b5134f4868b93c1c4f44def721f4f52807c63fb35a1ea2e707b143a1a22e77a24ba8b552c41cbce0f56fcb0ff169ad006b35115a6f4081f3cb8af3c405be073e470081340c2eeca741fef91f710b348a7500ac9eaf22ca8a6a564d1d0c4c611a13995ef0ea466e0fb2637991be136cbcf0e48afddabc5a38ba71b7a12a25bb39a98da5479ea8deab67bc9e8a6862be96c8cce6a69994a9b1e290805c1684db27ce43935d65a1acc1fe1195d90668b8de8c6bbe14d0891b9b320d40c7b919604821427ed5c83f10609a7cff5d247e7564dd86e1be42d0aa5f99ab297380fd3762145965ead0c110b4fb7a7cac8a9482f2b891cacbf35422a6b62946bca1083eb52cd29ee748b18befedea24bf6d241e787d8a8a443c60050be9f7c00e34daad73accc5e6d0a04a3170c1c38b235d907399deb056a617e6fad63429ead0203e4330976f8c00dd2659385efe85f2c53735ffa0ffd54fa8d1297f3ee5802b7921b567a9983251dd6bdade061b0d2af9a9028be3ab5f54d60f18ed256d6b90b7a7e4c87e672fb934654b23aae4fe3c8cc3fc114a5277bc4792eefc3ba9ef9a0835aea595b392cd5c87cd2a4c217c7ab91c3a3f1b7c99a7420f5d237e943d91385191460250d243c09724166da332c06c822f185086d10afcdb44d19ab27fc785c14bb9f08eeeac2c464668fe7e814e950a5024d57b62e282169e021dab27d47fb9a2396cca31509be811f32c5fac2cd340e686cd169d85404c9c1cd5468d54a68bf5dda4ed26f6c5531c31b9a3235bc26bbb19defd0f1c5703603cc5ab13a56929c64581e15536ab7c3900d8d7dd966e5ba999048b7d1f159861e13d94035de168928633958660e369961dcd2e57a07bcba232cba5ced43b0cdc55f34136301174cdbd1638d8a020a41f6ee9d66d822b87ae981a940e24c254a103d3e625591dffa86d1a5d933aab12070eeccda0004d50ddffb05f9e85f9052d738e1ef24140cabd74d50b8a3e0e220b835b17b01fc704219f8fb12e7e086422cb31e8b6d51c201cc8f2a400bc98e692c09b825906f26f2ed7875af887f7c8656f70043fe99b4786345e0a52bcfc4f357f1c7a3c8d600da169f54d1839e1549b31c839db3ec2d8c3fbadba722077475544ebcb19d43cfdd8ce4bbfd253006b4cb6e350db322f398c00af3daa1c2e635217e48f74bded99544f612da08b78d5e79b9444a2ed1a5aad77c3f3ff0838d3974083888ad69ec8f06a2fd8d84d6133273599cd12a54b52066ef8b2756e1e6d7c9e187f6493c0840eab6e6cdfef871a7b5398d4a68ec16eb84607a695eb4a1b8c000159d8ea9052ff496defad3b0cd49245f36df91a2203b88798e3b07bf1d4e4348e9b48ebea4355a01f345f604d261031f1c6a867c6accca007be6a62e35488cdb0302543981931671b6a61484f86e3cd698a1c613ca115c38b1a27550fc5f2b291ed7ef806d687a2b0f7b294cc5a73b314590b75dff153a3b9c791d9d1066a09d5fafa47c1f2f013817fc46ffcbb19eff66b929e9688b6c85c3a6cfe9a47d34b35659e703d805e617c121f2d32cc656fc30b64f37690d2c01a927d3b7389c914fa4170752d01e07a8d60794054d5f06c8711dd306194a5945756ce9ea07d64e0d8bc29d510066be46c07cecd727faa42492c24cdbc87c98f8dc3a38a6cc01b532b756b15e96a08bdd184c6ab84acfdca9405b6ba5323d933def35090a5a2f15f734b0d74e6c436842c66b7ec87cd29d775c5cb5a60b7016bd8f7d580056c95fa085e48d3ef7544e63415e22db785575cb3d58a424241874bc5aea50c5a5694d09a0a8b6ab119a1c52329a0215a3c3880d0832ebfc3c34a5cad3b35c0b7d7ddcecbc578d3790090e255e7459a3df3d19cf28ccf1768debae3b8823b5c558e7cb4724f71850ec45f3e2254c263c600b7434f744f3ab8c4b4bc6ccece1c7d684c81ea0099c40117f9c70e32cc5f900fbb914ed680334ef1fc8e340081f087a919db38a0e51a2e3962f1532aa9cf09ed344830b4ef590e9c061b221624fd31c5978ed1bde9126611d62bbc2d4f1b5f535cb097cd62856f97e2cbb1d18cfe7f1bed80531fdb5582438e090bb640b1c4ccd88a2c86f159c6ec332f36a2d5d659046b4256da588cde6e636fd8b7e65c9a80c02dceafed0942a8bb4b8dca002c48448559b58cbf1b95428af43b72eab1e0ec9c883d9325ad6e6aa039a8d3a592f53f71c71c196f1803186469900d9c83e6c709cf94732d3f7f46a097a1bf4a29eec6c081cd18cf68309945d54d19ca8ae2395be63f8eb1ad272388ea594aa9d129b8b24830ce6d55103f6665b41e629a76f01c61daf67578b554bbb38e9f0b9d65fb19918b491e41253f047e0df96f7daca0991047ca3f7ca2e502be2bbf284416dc3969aecf252dd96cfe832d424456ca96355a9a36b160a339d2f0be3a69c3a5296857f1084390874f126f2c2a11e1d46f88749130503ce928d7e65fd955e12f29adb047555b025f32d19f37057048550446b46e7ba71513a8fdf0337b42521db5d4eba239c4d6744a658cd0547585d9450e1a5e6c46123e6f7568e78c039054d24c10d34b070b72a4eecda05fc02d5f1f16e68ce874cfcf04843d60658da1f07cc2112edd471db5c42dd5ad83ec02ae45227456575b12a9b8e50b84f22525e17609f6f1caf963c7c8e8ac14fa6b040e623983cc5e8d30195a9c14a1eade1a7254bee72753caee784537109ad439499137970c1e5b60861fdf22bc014855c50b28550b60b9504d4101232513ed23ef45ce2089ddfd09ddf18d296a51fc5ec1bf16171f5a33fab2779c00e0238a9af9d261bab62d723b918184dd4770ae1a998aee4bc015774a7e764c192a1009a95ece6372de6537ae699e664ef3b65b03a10dec921872588e0e27ead4ba1e8297a1a679656bb905bf336e5616165e5d52f4a0c6c661393ac1c855cd79801f273ec85c2c5c7896c5a4cef7a5d3256f75351932cb616dc0e574523d32745df546c22822b1a990c01be78ac57010bb9faeb03546349fd7001672f15434ac217e6fa406127dff4689167867cd6702907fba8c61437f29569d3b7690497dc32c213d6dc5e17b23535b54934a3519ddd8d0e5fd270f52b96424edc3912065b56fd5ccd337ff670f949a12677770caec7d70bdbf4da8f81750574b531a1d57f3dd88b497d4b2db78f216d0acaf06334f8f7f2e2700f4ecf346004bb360d08603ea40e02cc73a23fe928b54f3ed63790b45ea394ec03a08cc20ad8a6487d69de97c36fbb2cd3742472d4e23b83147f9db92f587453dcb0ed05774fc96478281c643406f3e2663293b58928976abf12db3d85a74086df10adca4cef1c70401c8450a2adfbd8a1e7980d0e868fa88fb3b23a7d93799e0def79d4cca84f25cd52afde00f1433897b554efd444729b060c99c93ae81fff8d85e8dd3929122ea0cbc35a2f03fe7eb805a66b63e110b4694cebb2492afdf5e41a48d5231a271490e62ee8b5bbde7ac6d31c610bc7fff6d4905703a62fbf1b4ae085e005f93752e4058760177dcc2cdafe17be3afe57b6d74b96c94c767ce092970c29f46e1bf25f53e44ea63b977b9388cf811a161d1d340f243043396a638ef8f2e5f4bdba135ee879e1e320d28938e5a91aa1eb767551500073b7894bd71e34f62a16049d530cd48d9fe1c8f80189f85c5fecaaf8e18cb60c937f15b09c814aeea50d0dc07edf70a57c3e103d3d7d063e842db7c5b666a4fbcfc662d81ca77b091f22976772273d0f5412a70d93f5a446356528ab761b2eb405b3d6209d45042b68737050f7e7dda4abcbbec4a5c2435d6239836601990e0e1a41725591ab7e2c7279bb3644979092cb06b55d80210eb344d6d192c36b91e1d8d390cf32ee00c09c7262e7054a1f627efa906010432ad4fe817d7fa429642e9f5bb043d064cd938191f2575c5ea38e58ed1352db0854cc41df4da2bf43ed31714cf61e0870bf1f11dff65f2f138f66219d007cda59fff23c871b25212ffdb040edcf15ad08ba5abe9f571d184ad09dd8fef0f696f4c5c4279720df8dc641cd7592d4490750592cbc6497d0f5f9ece4b09171e2243ec134175a4c4ca6a66024f41fc2fc30ee09d8495cc4004320354cbf2f718fbb90dbedde015e2a7be1b4e62eac870aea44e2a9cd753e8d13ae2792f81cb7b896cfd8b9a4810aeb100ac31b2a431c4593b6601d9a4155f3a61e2d5ea0c84d5b0779337b2af90963c60849cb005e80435b6f9ad38ffd260750161b7ff2ca26c956f832f0a4d0e4fdfd11d3e8ad570a9fed962bf80e17939c107fecbe4d935a3efbd60b390762a2b6c0a93a65d783db1946f54129ef5c065233a562c5e73d2b70d4eb8d201ad9cffd33cf7a930c414c2bc7cadfdff825ce6e0936a75dc7cea9ebf09b207895ace71de463d199ea5f7be1992e00ffb895a3132ee1aa8063b12a4fdc801fda46d271a515052e1d37f9fbd5612d31a738c5046f9b8f10421824f25c351697148a24d33951a320a8f4487b489df086f603e29ea127507f44d7f7a49894d2a14286686e1009c9babb021ddd4449e1be7dc6a25189ba90b04f594a7049c2a9f4e43b52170c6a5b19fd2503a05a028282529db2607b8af307a", 0x2000, &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 0 (id=1326):
ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000040)={0x8})
timer_create(0x2, 0x0, &(0x7f0000000240))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1e00000001000000050000", @ANYRES8, @ANYRES32, @ANYRESHEX], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$sndseq(r3, &(0x7f0000000180)=[{0x10, 0x0, 0x0, 0xfd, @time, {}, {0xe}, @control}], 0x1c)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r4, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x1013})
syz_open_dev$usbmon(&(0x7f0000001140), 0x100000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

kernel console output (not intermixed with test programs):

ntrol_msg error -71 req 02 val 2000
[  307.584761][ T5923] pwc: recv_control_msg error -71 req 02 val 2100
[  307.601963][ T5923] pwc: recv_control_msg error -71 req 04 val 1500
[  307.614850][ T5923] pwc: recv_control_msg error -71 req 02 val 2500
[  307.625274][ T5923] pwc: recv_control_msg error -71 req 02 val 2400
[  307.634767][ T5923] pwc: recv_control_msg error -71 req 02 val 2600
[  307.642422][ T5923] pwc: recv_control_msg error -71 req 02 val 2900
[  307.674956][ T5923] pwc: recv_control_msg error -71 req 02 val 2800
[  307.700717][ T5923] pwc: recv_control_msg error -71 req 04 val 1100
[  307.714535][ T5923] pwc: recv_control_msg error -71 req 04 val 1200
[  307.848593][ T5923] pwc: Registered as video103.
[  307.869208][ T5923] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input12
[  308.264712][ T5923] usb 4-1: USB disconnect, device number 20
[  309.355444][ T8750] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  309.355444][ T8750]    program syz.1.798 not setting count and/or reply_len properly
[  309.684971][ T5881] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  309.774896][ T5871] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  309.957564][ T5871] usb 5-1: too many configurations: 192, using maximum allowed: 8
[  309.989463][ T5881] usb 2-1: Using ep0 maxpacket: 8
[  310.006907][ T5871] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  310.020891][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  310.042696][ T5871] usb 5-1: can't read configurations, error -22
[  310.214027][ T5881] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  310.230509][ T5881] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  310.238675][ T5881] usb 2-1: Product: syz
[  310.243111][ T5881] usb 2-1: Manufacturer: syz
[  310.247792][ T5881] usb 2-1: SerialNumber: syz
[  310.277486][ T5871] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  310.437348][ T5871] usb 5-1: too many configurations: 192, using maximum allowed: 8
[  310.460462][ T5871] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  310.463458][ T5881] usb 2-1: Invalid connection information received from device
[  310.469803][ T5871] usb 5-1: can't read configurations, error -22
[  310.504858][   T52] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  310.578259][ T5871] usb usb5-port1: attempt power cycle
[  310.692758][   T52] usb 1-1: config 0 has an invalid interface number: 141 but max is 0
[  310.763486][   T52] usb 1-1: config 0 has an invalid interface number: 159 but max is 0
[  310.946148][   T52] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  311.097438][ T5871] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  311.135512][   T52] usb 1-1: config 0 has no interface number 0
[  311.143379][ T5885] usb 2-1: USB disconnect, device number 21
[  311.169700][   T52] usb 1-1: config 0 has no interface number 1
[  311.182368][   T52] usb 1-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  311.198363][ T5871] usb 5-1: too many configurations: 192, using maximum allowed: 8
[  311.213500][ T5871] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  311.221688][   T52] usb 1-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  311.243317][ T5871] usb 5-1: can't read configurations, error -22
[  311.262157][   T52] usb 1-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  311.282089][   T52] usb 1-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  311.293726][   T52] usb 1-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  311.321220][   T52] usb 1-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  311.366143][   T52] usb 1-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  311.403947][   T52] usb 1-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  311.415327][ T5871] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  311.464007][ T5871] usb 5-1: too many configurations: 192, using maximum allowed: 8
[  311.484116][   T52] usb 1-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  311.507227][ T5871] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  311.526757][ T5871] usb 5-1: can't read configurations, error -22
[  311.533123][   T52] usb 1-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  311.579473][   T52] usb 1-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  311.590700][   T52] usb 1-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  311.602152][   T52] usb 1-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  311.613064][   T52] usb 1-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  311.624010][   T52] usb 1-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  311.637690][   T52] usb 1-1: config 0 interface 159 has no altsetting 0
[  312.301742][   T52] usb 1-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  312.311163][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.329039][ T5871] usb usb5-port1: unable to enumerate USB device
[  312.383185][   T52] usb 1-1: config 0 descriptor??
[  312.405870][   T52] option 1-1:0.141: GSM modem (1-port) converter detected
[  312.673599][   T52] usb 1-1: string descriptor 0 read error: -71
[  312.692362][   T52] usb 1-1: USB disconnect, device number 20
[  312.701195][   T52] option 1-1:0.141: device disconnected
[  312.866470][ T8793] 9pnet_fd: Insufficient options for proto=fd
[  314.350285][ T8804] netlink: 'syz.4.812': attribute type 10 has an invalid length.
[  315.273372][ T8814] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  315.273372][ T8814]    program syz.0.816 not setting count and/or reply_len properly
[  315.414046][ T8816] netlink: 'syz.2.815': attribute type 4 has an invalid length.
[  316.124755][ T5885] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  316.274879][ T5885] usb 1-1: Using ep0 maxpacket: 8
[  316.281742][ T5885] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  316.323356][ T5885] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  316.333214][ T5885] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  316.674819][ T5871] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  316.787155][ T5885] usb 1-1: Product: syz
[  316.791418][ T5885] usb 1-1: Manufacturer: syz
[  316.796137][ T5885] usb 1-1: SerialNumber: syz
[  317.157242][ T5885] usb 1-1: Invalid connection information received from device
[  317.261000][ T8837] 9pnet_fd: Insufficient options for proto=fd
[  317.544229][ T5871] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  317.611597][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.621865][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  317.628537][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  317.668155][ T5871] usb 5-1: config 0 descriptor??
[  317.705599][ T5871] cp210x 5-1:0.0: cp210x converter detected
[  318.304706][ T8845] overlay: Unknown parameter 'dont_measure'
[  318.795175][ T5923] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  319.052961][ T5923] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  319.095297][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.270065][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.280254][ T5871] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  319.288463][ T5871] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  319.309505][ T5871] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  319.329073][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.344429][ T5871] usb 5-1: cp210x converter now attached to ttyUSB0
[  319.371959][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.392893][   T52] usb 1-1: USB disconnect, device number 21
[  319.406617][ T5871] usb 5-1: USB disconnect, device number 28
[  319.439673][ T5871] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  319.448748][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.455199][ T5881] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  319.466754][ T5871] cp210x 5-1:0.0: device disconnected
[  319.480843][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.505951][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.518347][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.639689][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'.
[  319.666708][ T5881] usb 3-1: config 0 has an invalid interface number: 141 but max is 0
[  319.692547][ T5881] usb 3-1: config 0 has an invalid interface number: 159 but max is 0
[  319.722830][ T5881] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  319.772604][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.777586][ T5881] usb 3-1: config 0 has no interface number 0
[  319.791263][ T5881] usb 3-1: config 0 has no interface number 1
[  319.796019][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.809083][   T29] audit: type=1326 audit(1732250163.274:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8861 comm="syz.3.830" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f570597e819 code=0x0
[  319.812352][ T5881] usb 3-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  319.831526][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.348031][ T8867] netlink: 72 bytes leftover after parsing attributes in process `syz.3.830'.
[  320.365119][   T52] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  320.476574][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.490725][ T5881] usb 3-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  320.502346][ T5881] usb 3-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  320.513796][ T5881] usb 3-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  320.525118][ T5881] usb 3-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  320.536222][ T5881] usb 3-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  320.547318][ T5881] usb 3-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  320.547924][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.560476][ T5881] usb 3-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  320.560520][ T5881] usb 3-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  320.560547][ T5881] usb 3-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  320.560573][ T5881] usb 3-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  320.560596][ T5881] usb 3-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  320.560620][ T5881] usb 3-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  320.560641][ T5881] usb 3-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  320.560663][ T5881] usb 3-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  320.560687][ T5881] usb 3-1: config 0 interface 159 has no altsetting 0
[  320.560718][ T5881] usb 3-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  320.560742][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.619399][ T5881] usb 3-1: config 0 descriptor??
[  320.628640][   T52] usb 5-1: device descriptor read/64, error -71
[  320.652652][ T5881] option 3-1:0.141: GSM modem (1-port) converter detected
[  320.736289][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.762563][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.783760][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.795919][ T5923] usb 2-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  320.806123][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.807313][ T8869] netlink: 24 bytes leftover after parsing attributes in process `syz.0.832'.
[  320.824382][ T8869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.832'.
[  320.851521][ T5923] usb 2-1: config 0 descriptor??
[  320.860909][ T5881] usb 3-1: string descriptor 0 read error: -71
[  320.869129][ T8873] xt_TCPMSS: Only works on TCP SYN packets
[  320.903053][ T5881] usb 3-1: USB disconnect, device number 20
[  320.929700][ T5881] option 3-1:0.141: device disconnected
[  320.949323][   T52] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  321.005802][  T970] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  321.087794][   T52] usb 5-1: device descriptor read/64, error -71
[  321.144817][  T970] usb 4-1: device descriptor read/64, error -71
[  321.181160][ T8875] batadv_slave_0: entered promiscuous mode
[  321.208451][   T52] usb usb5-port1: attempt power cycle
[  321.269530][ T5923] wacom 0003:056A:0000.0007: Unknown device_type for 'HID 056a:0000'. Assuming pen.
[  321.283246][ T5923] wacom 0003:056A:0000.0007: hidraw0: USB HID v0.00 Device [HID 056a:0000] on usb-dummy_hcd.1-1/input0
[  321.299284][ T5923] input: Wacom Penpartner Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0000.0007/input/input13
[  321.384966][  T970] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  321.430614][ T5919] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  321.534776][  T970] usb 4-1: device descriptor read/64, error -71
[  321.565297][   T52] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  321.585877][   T52] usb 5-1: device descriptor read/8, error -71
[  321.599124][ T5919] usb 1-1: New USB device found, idVendor=8086, idProduct=0630, bcdDevice=83.b4
[  321.610891][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.619654][ T5919] usb 1-1: Product: syz
[  321.624534][ T5919] usb 1-1: Manufacturer: syz
[  321.629769][ T5919] usb 1-1: SerialNumber: syz
[  321.644497][ T5919] usb 1-1: config 0 descriptor??
[  321.655175][  T970] usb usb4-port1: attempt power cycle
[  321.658334][ T5919] gspca_main: spca500-2.14.0 probing 8086:0630
[  321.837973][   T52] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  321.853190][ T5881] usb 1-1: USB disconnect, device number 22
[  321.866550][   T52] usb 5-1: device descriptor read/8, error -71
[  321.975019][   T52] usb usb5-port1: unable to enumerate USB device
[  322.004947][  T970] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  322.037095][  T970] usb 4-1: device descriptor read/8, error -71
[  322.274822][  T970] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  322.305451][  T970] usb 4-1: device descriptor read/8, error -71
[  322.564782][  T970] usb usb4-port1: unable to enumerate USB device
[  322.687444][ T5923] usb 2-1: USB disconnect, device number 22
[  323.892599][ T5919] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  325.086968][  T970] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  325.289735][  T970] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  325.357731][  T970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.458911][  T970] usb 5-1: config 0 descriptor??
[  325.474202][  T970] cp210x 5-1:0.0: cp210x converter detected
[  325.591935][ T8909] netlink: 12 bytes leftover after parsing attributes in process `syz.2.844'.
[  325.634035][ T5919] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  325.647771][ T5919] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  325.673508][ T5919] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  325.696189][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.642502][ T5919] usb 2-1: can't set config #27, error -71
[  326.660286][ T5919] usb 2-1: USB disconnect, device number 23
[  327.294828][ T5919] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  327.404798][ T5923] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  327.456466][ T5919] usb 4-1: config 0 has an invalid interface number: 141 but max is 0
[  327.469759][ T5919] usb 4-1: config 0 has an invalid interface number: 159 but max is 0
[  327.478827][ T5919] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  327.500194][ T5919] usb 4-1: config 0 has no interface number 0
[  327.513979][ T5919] usb 4-1: config 0 has no interface number 1
[  327.523920][ T5919] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  327.541130][ T5919] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  327.569231][ T5919] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  327.581650][ T5919] usb 4-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  327.598306][ T5923] usb 3-1: Using ep0 maxpacket: 16
[  327.607348][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  327.622258][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  327.692258][  T970] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  327.701404][  T970] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  327.709311][  T970] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  327.766480][ T5919] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  327.775117][  T970] usb 5-1: cp210x converter now attached to ttyUSB0
[  327.793196][  T970] usb 5-1: USB disconnect, device number 33
[  327.818259][ T5923] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  327.834556][  T970] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  327.836226][ T5919] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  327.850510][  T970] cp210x 5-1:0.0: device disconnected
[  327.869072][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.883533][ T5919] usb 4-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  327.916010][ T5923] usb 3-1: config 0 descriptor??
[  327.958113][ T5919] usb 4-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  327.999634][ T5919] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  328.016657][ T8935] tipc: Started in network mode
[  328.033067][ T8935] tipc: Node identity ac1414aa, cluster identity 4711
[  328.043232][ T5919] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  328.045777][ T8935] tipc: Enabled bearer <udp:>, priority 10
[  328.082567][ T5919] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  328.100680][ T5919] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  328.112620][ T5919] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  328.143183][ T5919] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  328.155966][ T5919] usb 4-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  328.172037][ T5919] usb 4-1: config 0 interface 159 has no altsetting 0
[  328.181262][ T5919] usb 4-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  328.193975][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.211937][ T5919] usb 4-1: config 0 descriptor??
[  328.230223][ T5919] option 4-1:0.141: GSM modem (1-port) converter detected
[  328.333616][ T5923] hid-multitouch 0003:1FD2:6007.0008: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  328.424827][ T5871] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  328.434748][ T5919] usb 4-1: string descriptor 0 read error: -71
[  328.450976][ T5919] usb 4-1: USB disconnect, device number 25
[  328.459822][ T5919] option 4-1:0.141: device disconnected
[  328.557286][ T5923] usb 3-1: USB disconnect, device number 21
[  328.594892][ T5871] usb 2-1: Using ep0 maxpacket: 16
[  328.610184][ T5871] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  328.621316][ T5871] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  328.633384][ T5871] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  328.644423][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.652897][ T5871] usb 2-1: Product: syz
[  328.657634][ T5871] usb 2-1: Manufacturer: syz
[  328.662335][ T5871] usb 2-1: SerialNumber: syz
[  329.094354][ T5871] usb 2-1: 0:2 : does not exist
[  329.157697][ T5881] tipc: Node number set to 2886997162
[  329.393114][   T29] audit: type=1326 audit(1732250173.844:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8937 comm="syz.1.852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b4e37e819 code=0x7fc00000
[  329.555423][ T5871] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  329.635268][ T5871] usb 2-1: USB disconnect, device number 24
[  329.860648][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  330.808992][ T5923] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  330.896018][ T5919] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  331.094935][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  331.108838][ T5919] usb 3-1: unable to get BOS descriptor or descriptor too short
[  331.118466][ T5919] usb 3-1: not running at top speed; connect to a high speed hub
[  331.134447][ T5919] usb 3-1: config 0 has an invalid interface number: 71 but max is 2
[  331.143091][ T5923] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  331.151608][ T5923] usb 4-1: config 0 has no interface number 0
[  331.161229][ T5919] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  331.293705][ T5923] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  331.309617][   T25] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  331.317813][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.326026][ T5919] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  331.347294][ T5923] usb 4-1: Product: syz
[  331.352416][ T5919] usb 3-1: config 0 has no interface number 0
[  331.358970][ T5923] usb 4-1: Manufacturer: syz
[  331.365422][ T5919] usb 3-1: config 0 interface 71 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  331.387292][ T5923] usb 4-1: SerialNumber: syz
[  331.422211][ T5923] usb 4-1: config 0 descriptor??
[  331.440747][ T5923] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  331.463405][ T5919] usb 3-1: config 0 interface 71 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  331.473896][ T5923] usb 4-1: selecting invalid altsetting 1
[  331.484677][ T5919] usb 3-1: config 0 interface 71 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 10
[  331.504705][ T5923] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  331.513401][   T25] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  331.536700][ T5923] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  331.547638][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.558328][ T5923] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  331.568450][ T5919] usb 3-1: New USB device found, idVendor=0421, idProduct=042d, bcdDevice= 8.05
[  331.586641][   T25] usb 1-1: config 0 descriptor??
[  331.591781][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.602702][ T5923] usb 4-1: media controller created
[  331.609586][   T25] cp210x 1-1:0.0: cp210x converter detected
[  331.616635][ T5919] usb 3-1: Product: syz
[  331.620825][ T5919] usb 3-1: Manufacturer: syz
[  331.639105][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  331.652209][ T5919] usb 3-1: SerialNumber: syz
[  331.661487][ T8954] tipc: Started in network mode
[  331.668976][ T5919] usb 3-1: config 0 descriptor??
[  331.675450][ T8954] tipc: Node identity ac1414aa, cluster identity 4711
[  331.695921][ T8954] tipc: Enabled bearer <udp:>, priority 10
[  331.733037][ T5923] usb 4-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)...
[  331.747024][ T5923] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered.
[  331.811050][ T5923] DVB: Unable to find symbol mxl5005s_attach()
[  331.933829][ T5923] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  332.001271][ T5923] usb 4-1: USB disconnect, device number 26
[  332.014747][ T5884] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  332.103667][ T8956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.114464][ T8956] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.148470][ T5919] usb 3-1: bad CDC descriptors
[  332.166494][ T5919] usb 3-1: USB disconnect, device number 22
[  332.203513][ T5884] usb 5-1: config 0 has an invalid interface number: 141 but max is 0
[  332.222655][ T5884] usb 5-1: config 0 has an invalid interface number: 159 but max is 0
[  332.236852][ T5884] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  332.287718][ T5884] usb 5-1: config 0 has no interface number 0
[  332.293830][ T5884] usb 5-1: config 0 has no interface number 1
[  332.303583][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  332.319398][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  332.330579][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  332.341574][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  332.352799][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  332.363619][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  332.382310][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  332.400289][ T5884] usb 5-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  332.412783][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  332.565101][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  332.778155][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  332.818546][ T5919] tipc: Node number set to 2886997162
[  332.822215][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  332.835322][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  332.846671][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  332.857962][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  332.873447][ T5884] usb 5-1: config 0 interface 159 has no altsetting 0
[  332.881843][ T5884] usb 5-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  332.892169][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.225145][   T25] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  333.229210][ T5884] usb 5-1: config 0 descriptor??
[  333.232972][   T25] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  333.258595][   T25] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  333.309279][   T25] usb 1-1: cp210x converter now attached to ttyUSB0
[  333.318147][   T25] usb 1-1: USB disconnect, device number 23
[  333.353242][   T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  333.363750][ T5884] option 5-1:0.141: GSM modem (1-port) converter detected
[  333.367407][   T25] cp210x 1-1:0.0: device disconnected
[  333.527235][ T8999] FAULT_INJECTION: forcing a failure.
[  333.527235][ T8999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  333.540655][ T8999] CPU: 0 UID: 0 PID: 8999 Comm: syz.3.871 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  333.550921][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  333.560997][ T8999] Call Trace:
[  333.564292][ T8999]  <TASK>
[  333.567241][ T8999]  dump_stack_lvl+0x241/0x360
[  333.571947][ T8999]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.577165][ T8999]  ? __pfx__printk+0x10/0x10
[  333.581791][ T8999]  should_fail_ex+0x3b0/0x4e0
[  333.586499][ T8999]  strncpy_from_user+0x36/0x260
[  333.591380][ T8999]  getname_flags+0xf1/0x540
[  333.595908][ T8999]  user_path_at+0x24/0x60
[  333.600263][ T8999]  __x64_sys_fchmodat+0xf5/0x1c0
[  333.605240][ T8999]  ? __pfx___x64_sys_fchmodat+0x10/0x10
[  333.610802][ T8999]  ? do_syscall_64+0x100/0x230
[  333.615564][ T8999]  ? do_syscall_64+0xb6/0x230
[  333.620236][ T8999]  do_syscall_64+0xf3/0x230
[  333.624737][ T8999]  ? clear_bhb_loop+0x35/0x90
[  333.629411][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.635306][ T8999] RIP: 0033:0x7f570597e819
[  333.639713][ T8999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.659313][ T8999] RSP: 002b:00007f570678c038 EFLAGS: 00000246 ORIG_RAX: 000000000000010c
[  333.667723][ T8999] RAX: ffffffffffffffda RBX: 00007f5705b35fa0 RCX: 00007f570597e819
[  333.675685][ T8999] RDX: 00000000fffffe13 RSI: 0000000000000000 RDI: ffffffffffffff9c
[  333.683645][ T8999] RBP: 00007f570678c090 R08: 0000000000000000 R09: 0000000000000000
[  333.691607][ T8999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.699573][ T8999] R13: 0000000000000000 R14: 00007f5705b35fa0 R15: 00007ffec46ed618
[  333.707553][ T8999]  </TASK>
[  333.764948][ T5884] usb 5-1: string descriptor 0 read error: -71
[  333.800323][ T5884] usb 5-1: USB disconnect, device number 34
[  333.811273][ T5884] option 5-1:0.141: device disconnected
[  334.304793][ T5884] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  334.470457][ T5884] usb 1-1: Using ep0 maxpacket: 16
[  334.482415][ T5884] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.513771][ T5884] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.534644][ T5884] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  334.571114][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.616323][ T5884] usb 1-1: config 0 descriptor??
[  334.784722][ T5919] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  334.945557][   T25] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  334.954262][ T5919] usb 5-1: Using ep0 maxpacket: 16
[  334.966152][ T5919] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  334.975113][ T5919] usb 5-1: config 0 has no interface number 0
[  334.981232][ T5919] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  334.992914][ T5919] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  335.006283][ T5919] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  335.016306][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  335.031645][ T5919] usb 5-1: Product: syz
[  335.036318][ T5919] usb 5-1: SerialNumber: syz
[  335.042892][ T5884] hid-multitouch 0003:1FD2:6007.0009: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0
[  335.052420][ T5919] usb 5-1: config 0 descriptor??
[  335.066553][ T5919] cm109 5-1:0.8: invalid payload size 0, expected 4
[  335.076694][ T5919] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input16
[  335.095741][   T25] usb 3-1: Using ep0 maxpacket: 16
[  335.122857][   T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.147251][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  335.161106][   T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  335.170840][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.189890][   T25] usb 3-1: config 0 descriptor??
[  335.198365][   T25] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  335.260679][   T25] usb 1-1: USB disconnect, device number 24
[  335.268121][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  335.287402][ T5881] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  335.354962][ T5884] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  335.456185][ T5881] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.467104][ T5881] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 178
[  335.477091][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  335.479256][ T5923] usb 5-1: USB disconnect, device number 35
[  335.490115][ T5881] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=31.c9
[  335.490144][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.492024][ T5881] usb 4-1: config 0 descriptor??
[  335.522651][ T9020] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  335.531387][ T5923] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  335.544891][ T5884] usb 2-1: Using ep0 maxpacket: 16
[  335.554461][ T5884] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  335.571558][ T5884] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  335.583163][ T5884] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  335.592568][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  335.600669][ T5884] usb 2-1: SerialNumber: syz
[  335.610427][ T9021] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  335.620092][ T5884] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  335.747586][ T5881] ath6kl: Failed to submit usb control message: -71
[  335.761453][ T5881] ath6kl: unable to send the bmi data to the device: -71
[  335.768820][ T5881] ath6kl: Unable to send get target info: -71
[  335.776874][ T5881] ath6kl: Failed to init ath6kl core: -71
[  335.783495][ T5881] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  335.797777][ T5881] usb 4-1: USB disconnect, device number 27
[  337.055158][ T5881] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  337.326427][ T5881] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  337.336187][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.375656][ T5881] usb 1-1: config 0 descriptor??
[  337.394240][ T5881] cp210x 1-1:0.0: cp210x converter detected
[  338.004186][ T5923] usb 3-1: USB disconnect, device number 23
[  338.439126][ T5884] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  338.456130][ T5884] usb 2-1: USB disconnect, device number 25
[  338.564909][  T970] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  338.718118][  T970] usb 4-1: config 0 has an invalid interface number: 141 but max is 0
[  338.734772][  T970] usb 4-1: config 0 has an invalid interface number: 159 but max is 0
[  338.768771][  T970] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  338.806083][  T970] usb 4-1: config 0 has no interface number 0
[  338.814318][  T970] usb 4-1: config 0 has no interface number 1
[  338.824412][  T970] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  338.846298][  T970] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  338.863483][  T970] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  338.877766][  T970] usb 4-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  338.895694][  T970] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  338.917745][  T970] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  339.046799][  T970] usb 4-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  339.060097][  T970] usb 4-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  339.071256][  T970] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  339.082603][  T970] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  339.093896][  T970] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  339.104736][  T970] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  339.115899][  T970] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  339.126735][  T970] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  339.138029][  T970] usb 4-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  339.151949][  T970] usb 4-1: config 0 interface 159 has no altsetting 0
[  339.159112][  T970] usb 4-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  339.168409][  T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.183070][ T5881] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  339.198699][ T5881] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  339.206469][ T5881] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  339.215004][  T970] usb 4-1: config 0 descriptor??
[  339.223609][ T5881] usb 1-1: cp210x converter now attached to ttyUSB0
[  339.244173][  T970] option 4-1:0.141: GSM modem (1-port) converter detected
[  339.251542][ T5881] usb 1-1: USB disconnect, device number 25
[  339.275228][ T5881] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  339.283460][ T5881] cp210x 1-1:0.0: device disconnected
[  339.504854][  T970] usb 4-1: string descriptor 0 read error: -71
[  339.564733][  T970] usb 4-1: USB disconnect, device number 28
[  339.573512][  T970] option 4-1:0.141: device disconnected
[  339.924772][ T5881] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  340.017117][ T5923] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  340.083766][ T5881] usb 1-1: config 2 has an invalid interface number: 174 but max is 0
[  340.102991][ T5881] usb 1-1: config 2 has no interface number 0
[  340.124646][ T5881] usb 1-1: config 2 interface 174 altsetting 0 has an endpoint descriptor with address 0x9E, changing to 0x8E
[  340.142301][ T5881] usb 1-1: config 2 interface 174 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1023
[  340.153415][ T5881] usb 1-1: config 2 interface 174 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  340.184673][ T5881] usb 1-1: config 2 interface 174 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  340.193115][ T5923] usb 3-1: Using ep0 maxpacket: 16
[  340.214601][ T5881] usb 1-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e
[  340.223977][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.224096][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.242162][ T5881] usb 1-1: Product: syz
[  340.257486][ T5881] usb 1-1: Manufacturer: syz
[  340.263129][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.272952][ T5881] usb 1-1: SerialNumber: syz
[  340.288597][ T9062] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  340.310724][ T5923] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  340.332593][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.488533][ T5923] usb 3-1: config 0 descriptor??
[  340.491394][ T9071] blktrace: Concurrent blktraces are not allowed on nullb0
[  340.950004][ T9060] overlay: ./file1 is not a directory
[  341.044869][ T9075] blktrace: Concurrent blktraces are not allowed on nullb0
[  341.323319][ T5923] hid-multitouch 0003:1FD2:6007.000A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  341.475654][ T9060] syz.0.889 (9060): drop_caches: 4
[  341.575890][ T9062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.590980][ T9062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.634673][ T5881] usb 1-1: probing VID:PID(0424:012C)   
[  341.651602][ T5881] usb 1-1: vub300 testing BULK IN EndPoint(0) 8E
[  341.694497][ T5881] usb 1-1: vub300 testing BULK IN EndPoint(1) 82
[  341.696216][ T5919] usb 3-1: USB disconnect, device number 24
[  341.720192][ T5881] usb 1-1: Could not find two sets of bulk-in/out endpoint pairs
[  341.776333][ T5881] vub300 1-1:2.174: probe with driver vub300 failed with error -22
[  342.193963][ T5881] usb 1-1: USB disconnect, device number 26
[  342.418499][ T9083] 9pnet_fd: Insufficient options for proto=fd
[  343.227488][ T9088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.899'.
[  343.956167][ T9101] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  345.865008][ T5919] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  346.036270][ T5919] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  346.045430][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.075142][ T5919] usb 2-1: config 0 descriptor??
[  346.097637][ T5919] cp210x 2-1:0.0: cp210x converter detected
[  346.274617][ T9117] blktrace: Concurrent blktraces are not allowed on nullb0
[  346.293969][ T5919] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[  346.370622][ T5919] cp210x 2-1:0.0: querying part number failed
[  346.748216][ T5919] usb 2-1: cp210x converter now attached to ttyUSB0
[  347.042413][ T9127] 9pnet_fd: Insufficient options for proto=fd
[  347.486512][ T9128] 9pnet_fd: Insufficient options for proto=fd
[  347.752242][ T5919] usb 2-1: USB disconnect, device number 26
[  347.781553][ T5919] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  347.789952][ T5919] cp210x 2-1:0.0: device disconnected
[  348.884447][ T9137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.912'.
[  350.633176][   T29] audit: type=1326 audit(1732250195.044:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9143 comm="syz.1.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b4e37e819 code=0x7fc00000
[  351.909645][ T9168] 9pnet_fd: Insufficient options for proto=fd
[  353.574766][ T5835] Bluetooth: hci4: command 0x0406 tx timeout
[  355.249006][ T9186] blktrace: Concurrent blktraces are not allowed on nullb0
[  356.860004][ T5835] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  358.457421][ T5835] Bluetooth: hci1: Malformed HCI Event: 0x22
[  360.704422][ T9254] netlink: 12 bytes leftover after parsing attributes in process `syz.4.939'.
[  361.419951][ T9264] syz.2.942: attempt to access beyond end of device
[  361.419951][ T9264] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  361.440692][ T9264] SQUASHFS error: Failed to read block 0x0: -5
[  361.448820][ T9264] unable to read squashfs_super_block
[  361.501407][ T9267] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  361.524806][   T25] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  361.679876][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.699229][   T25] usb 4-1: New USB device found, idVendor=0c70, idProduct=f001, bcdDevice= 0.00
[  361.718957][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.745853][   T25] usb 4-1: config 0 descriptor??
[  361.992295][ T9281] netlink: 48 bytes leftover after parsing attributes in process `syz.0.948'.
[  362.828492][ T5835] Bluetooth: hci0: Malformed HCI Event: 0x22
[  363.062235][   T25] aquacomputer_d5next 0003:0C70:F001.000B: hidraw0: USB HID v0.00 Device [HID 0c70:f001] on usb-dummy_hcd.3-1/input0
[  364.443436][  T970] usb 4-1: USB disconnect, device number 29
[  364.493660][ T9298] netlink: 12 bytes leftover after parsing attributes in process `syz.3.955'.
[  364.604775][ T5884] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  364.766236][ T5884] usb 5-1: config 0 has an invalid interface number: 141 but max is 0
[  364.775043][ T5884] usb 5-1: config 0 has an invalid interface number: 159 but max is 0
[  364.784435][ T5884] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  364.794265][ T5884] usb 5-1: config 0 has no interface number 0
[  364.805666][ T5884] usb 5-1: config 0 has no interface number 1
[  364.811818][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  364.839374][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  364.851322][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  364.863348][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  364.875663][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  364.888280][ T9310] netlink: 28 bytes leftover after parsing attributes in process `syz.1.957'.
[  364.895342][ T5923] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  364.899115][ T5884] usb 5-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  364.919285][ T9311] overlayfs: failed to resolve './file1': -2
[  364.929226][ T5884] usb 5-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  364.944539][ T5884] usb 5-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  364.956263][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  364.968493][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  364.980141][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  364.991937][ T5884] usb 5-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  365.004081][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  365.034630][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  365.054633][ T5884] usb 5-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  365.068215][ T5884] usb 5-1: config 0 interface 159 has no altsetting 0
[  365.075235][ T5884] usb 5-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  365.084743][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.086472][ T5923] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  365.101668][ T5884] usb 5-1: config 0 descriptor??
[  365.332958][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  365.344435][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.367507][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  365.380662][ T5923] usb 3-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  365.389918][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.446865][ T5923] usb 3-1: config 0 descriptor??
[  365.649667][ T5884] option 5-1:0.141: GSM modem (1-port) converter detected
[  365.662745][ T9306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.704739][  T970] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  365.705760][ T9306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.810295][ T5835] Bluetooth: hci1: ISO packet for unknown connection handle 1480
[  365.849822][ T5884] usb 5-1: string descriptor 0 read error: -71
[  365.881035][ T5884] usb 5-1: USB disconnect, device number 36
[  365.895090][ T5884] option 5-1:0.141: device disconnected
[  365.906146][  T970] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  365.917235][  T970] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.928678][  T970] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  365.940711][  T970] usb 2-1: config 1 has no interface number 1
[  365.942440][ T5923] kye 0003:0458:501B.000C: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  365.946846][  T970] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  365.946885][  T970] usb 2-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x5F, changing to 0xF
[  365.948730][  T970] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  365.983222][ T5923] kye 0003:0458:501B.000C: unknown main item tag 0x0
[  365.999267][  T970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.999295][  T970] usb 2-1: Product: syz
[  365.999310][  T970] usb 2-1: Manufacturer: syz
[  365.999326][  T970] usb 2-1: SerialNumber: syz
[  366.021529][ T5923] kye 0003:0458:501B.000C: unknown main item tag 0x0
[  366.034846][   T25] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  366.043388][ T5923] kye 0003:0458:501B.000C: unknown main item tag 0x0
[  366.051281][ T5923] kye 0003:0458:501B.000C: unknown main item tag 0x0
[  366.058304][ T5923] kye 0003:0458:501B.000C: unknown main item tag 0x0
[  366.068990][ T5923] kye 0003:0458:501B.000C: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.2-1/input0
[  366.080333][ T5923] kye 0003:0458:501B.000C: tablet-enabling feature report not found
[  366.088483][ T5923] kye 0003:0458:501B.000C: tablet enabling failed
[  366.152199][ T9306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  366.161267][ T9306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  366.194831][   T25] usb 4-1: Using ep0 maxpacket: 16
[  366.205754][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  366.216833][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  366.226731][   T25] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  366.236040][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.246856][   T25] usb 4-1: config 0 descriptor??
[  366.247026][  T970] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  366.252802][ T5923] usb 3-1: USB disconnect, device number 25
[  366.332807][  T970] usb 2-1: USB disconnect, device number 27
[  366.637972][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  366.767712][   T25] hid-multitouch 0003:1FD2:6007.000D: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[  367.106742][  T970] usb 4-1: USB disconnect, device number 30
[  367.462664][ T5835] Bluetooth: hci0: Malformed HCI Event: 0x22
[  367.834518][ T5923] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  368.412505][ T9350] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.565715][ T9361] binder: 9360:9361 unknown command 1077961494
[  368.571927][ T9361] binder: 9360:9361 ioctl c0306201 20004a40 returned -22
[  368.579412][ T9356] netlink: 12 bytes leftover after parsing attributes in process `syz.4.968'.
[  368.913120][ T5923] usb 1-1: Using ep0 maxpacket: 16
[  369.097077][ T5923] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.157229][ T5923] usb 1-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=c5.ff
[  369.172685][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.194796][   T25] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  369.212606][ T5923] usb 1-1: Product: syz
[  369.224812][ T5923] usb 1-1: Manufacturer: syz
[  369.234756][ T5923] usb 1-1: SerialNumber: syz
[  369.293277][ T5923] usb 1-1: config 0 descriptor??
[  369.306642][ T5923] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  369.342707][ T5923] ftdi_sio ttyUSB0: unknown device type: 0xc5ff
[  369.419439][   T25] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  369.441978][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.160680][ T5923] usb 1-1: USB disconnect, device number 27
[  370.250880][ T5923] ftdi_sio 1-1:0.0: device disconnected
[  370.265184][   T25] usb 3-1: config 0 descriptor??
[  370.336769][   T25] cp210x 3-1:0.0: cp210x converter detected
[  370.705173][ T5919] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  370.855422][ T5919] usb 2-1: device descriptor read/64, error -71
[  371.125785][ T5919] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  371.318410][ T5919] usb 2-1: device descriptor read/64, error -71
[  372.144871][ T5919] usb usb2-port1: attempt power cycle
[  372.244724][   T25] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  372.254898][   T25] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71
[  372.262584][   T25] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  372.314899][   T25] usb 3-1: cp210x converter now attached to ttyUSB0
[  372.384908][   T25] usb 3-1: USB disconnect, device number 26
[  372.426778][   T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  372.435178][   T25] cp210x 3-1:0.0: device disconnected
[  372.668305][ T5835] Bluetooth: hci3: Malformed HCI Event: 0x22
[  372.806056][ T5919] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  373.257490][ T9409] random: crng reseeded on system resumption
[  373.475052][ T9409] Restarting kernel threads ... done.
[  373.792614][ T5919] usb 2-1: device descriptor read/8, error -71
[  374.345036][ T9413] netlink: 12 bytes leftover after parsing attributes in process `syz.1.983'.
[  375.965971][ T5919] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  376.224885][ T5919] usb 1-1: Using ep0 maxpacket: 8
[  376.325351][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.480446][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  376.605287][ T5919] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  376.672884][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.696828][ T5919] usb 1-1: config 0 descriptor??
[  377.284696][ T5919] isku 0003:1E7D:319C.000E: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.0-1/input0
[  378.001277][  T970] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  378.259348][  T970] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  378.523120][  T970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.669797][  T970] usb 2-1: config 0 descriptor??
[  378.681140][  T970] cp210x 2-1:0.0: cp210x converter detected
[  378.750834][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  378.758353][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  379.006709][ T5835] Bluetooth: hci3: Malformed HCI Event: 0x22
[  379.450607][ T5923] usb 1-1: USB disconnect, device number 28
[  380.235758][  T970] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  380.243665][  T970] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  380.251596][  T970] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  380.284086][  T970] usb 2-1: cp210x converter now attached to ttyUSB0
[  380.414122][ T9466] netlink: 'syz.0.996': attribute type 13 has an invalid length.
[  380.414869][  T970] usb 2-1: USB disconnect, device number 32
[  380.445130][  T970] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  380.453478][  T970] cp210x 2-1:0.0: device disconnected
[  380.560784][ T9469] team_slave_0: entered promiscuous mode
[  380.566991][ T9469] team_slave_1: entered promiscuous mode
[  380.868762][ T9469] bond0: (slave macvlan3): Enslaving as an active interface with an up link
[  381.094040][ T9474] x_tables: duplicate underflow at hook 2
[  381.311309][ T9466] binder: 9464:9466 ioctl c00c620f 20000340 returned -22
[  381.637935][ T9474] netlink: 28 bytes leftover after parsing attributes in process `syz.4.999'.
[  382.017991][ T9482] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  382.017991][ T9482]    program syz.1.1002 not setting count and/or reply_len properly
[  382.300212][   T29] audit: type=1804 audit(1732250227.761:318): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1000" name="/newroot/206/file1" dev="fuse" ino=1 res=1 errno=0
[  382.418817][ T5881] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  382.424859][   T29] audit: type=1800 audit(1732250227.761:319): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1000" name="/" dev="fuse" ino=1 res=0 errno=0
[  382.584738][ T9494] blktrace: Concurrent blktraces are not allowed on nullb0
[  382.590865][   T29] audit: type=1804 audit(1732250227.761:320): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1000" name="/newroot/206/file1" dev="fuse" ino=1 res=1 errno=0
[  382.618909][   T29] audit: type=1804 audit(1732250227.761:321): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.1000" name="/newroot/206/file1" dev="fuse" ino=1 res=1 errno=0
[  382.619091][  T970] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  382.646612][   T29] audit: type=1800 audit(1732250227.761:322): pid=9483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1000" name="/" dev="fuse" ino=1 res=0 errno=0
[  383.041710][ T5881] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  383.050932][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.087452][ T5881] usb 4-1: config 0 descriptor??
[  383.164771][  T970] usb 2-1: Using ep0 maxpacket: 8
[  383.175432][  T970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  383.192886][  T970] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  383.204806][  T970] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  383.212958][  T970] usb 2-1: Product: syz
[  383.217260][  T970] usb 2-1: Manufacturer: syz
[  383.221913][  T970] usb 2-1: SerialNumber: syz
[  383.350617][ T9501] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'.
[  383.369501][ T9501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1006'.
[  383.388131][ T9501] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'.
[  383.401914][ T9501] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'.
[  383.505489][  T970] usb 2-1: Invalid connection information received from device
[  383.548520][ T9506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.557269][ T9506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.621760][ T9487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1003'.
[  383.621788][ T9506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1003'.
[  384.074915][ T5884] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  384.418830][ T5923] usb 2-1: USB disconnect, device number 33
[  384.930135][ T5881] ath6kl: Failed to submit usb control message: -110
[  384.936948][ T5881] ath6kl: unable to send the bmi data to the device: -110
[  384.944104][ T5881] ath6kl: Unable to send get target info: -110
[  385.284847][ T5843] Bluetooth: hci0: Malformed HCI Event: 0x22
[  385.399617][ T5881] ath6kl: Failed to init ath6kl core: -110
[  385.406414][ T5881] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  385.449354][ T5881] usb 4-1: USB disconnect, device number 31
[  385.476396][ T5884] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  385.491324][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.019656][ T9519] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  386.306691][ T5884] usb 3-1: config 0 descriptor??
[  386.319397][ T5884] cp210x 3-1:0.0: cp210x converter detected
[  386.514835][ T5884] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71
[  386.522426][ T5884] cp210x 3-1:0.0: querying part number failed
[  386.907714][ T5884] usb 3-1: cp210x converter now attached to ttyUSB0
[  387.062911][ T5884] usb 3-1: USB disconnect, device number 27
[  387.478878][ T5884] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  387.530747][ T5884] cp210x 3-1:0.0: device disconnected
[  389.358675][   T29] audit: type=1804 audit(1732250235.803:323): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1017" name="/newroot/178/file1" dev="fuse" ino=1 res=1 errno=0
[  389.874787][   T29] audit: type=1800 audit(1732250235.803:324): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1017" name="/" dev="fuse" ino=1 res=0 errno=0
[  389.899166][   T29] audit: type=1804 audit(1732250235.803:325): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1017" name="/newroot/178/file1" dev="fuse" ino=1 res=1 errno=0
[  389.961337][   T29] audit: type=1804 audit(1732250235.803:326): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1017" name="/newroot/178/file1" dev="fuse" ino=1 res=1 errno=0
[  389.980981][    C0] vkms_vblank_simulate: vblank timer overrun
[  389.993263][   T29] audit: type=1800 audit(1732250235.803:327): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1017" name="/" dev="fuse" ino=1 res=0 errno=0
[  390.340913][ T9556] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  390.340913][ T9556]    program syz.4.1019 not setting count and/or reply_len properly
[  391.165730][ T9553] syzkaller0: entered allmulticast mode
[  391.514712][ T5884] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  391.536251][ T5835] Bluetooth: hci1: Malformed HCI Event: 0x22
[  391.597536][ T5881] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  391.685293][ T5884] usb 5-1: Using ep0 maxpacket: 8
[  391.691976][ T5884] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  391.706943][ T5884] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  391.717550][ T5884] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  391.734867][ T5884] usb 5-1: Product: syz
[  391.742944][ T5884] usb 5-1: Manufacturer: syz
[  391.754177][ T5884] usb 5-1: SerialNumber: syz
[  391.764649][ T5881] usb 4-1: Using ep0 maxpacket: 8
[  391.783329][ T5881] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  391.792769][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.802736][ T5881] usb 4-1: Product: syz
[  391.813176][ T5881] usb 4-1: Manufacturer: syz
[  391.822946][ T5881] usb 4-1: SerialNumber: syz
[  391.848097][ T5881] usb 4-1: config 0 descriptor??
[  391.979966][ T5884] usb 5-1: Invalid connection information received from device
[  392.079532][ T5881] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  392.468416][ T5923] usb 5-1: USB disconnect, device number 37
[  392.475424][   T52] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  392.643779][   T52] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  392.656400][   T52] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.848440][   T52] usb 2-1: config 0 descriptor??
[  392.866715][   T52] cp210x 2-1:0.0: cp210x converter detected
[  393.588487][ T9583] sp0: Synchronizing with TNC
[  394.010145][ T5881] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  394.571184][ T9590] FAULT_INJECTION: forcing a failure.
[  394.571184][ T9590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  394.594824][ T9590] CPU: 1 UID: 0 PID: 9590 Comm: syz.4.1028 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  394.605194][ T9590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  394.615267][ T9590] Call Trace:
[  394.618559][ T9590]  <TASK>
[  394.621505][ T9590]  dump_stack_lvl+0x241/0x360
[  394.626206][ T9590]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.631422][ T9590]  ? __pfx__printk+0x10/0x10
[  394.636043][ T9590]  ? __pfx_lock_release+0x10/0x10
[  394.641100][ T9590]  should_fail_ex+0x3b0/0x4e0
[  394.645816][ T9590]  _copy_from_iter+0x21f/0x1e70
[  394.650692][ T9590]  ? __virt_addr_valid+0x183/0x530
[  394.655830][ T9590]  ? __pfx_lock_release+0x10/0x10
[  394.660884][ T9590]  ? __alloc_skb+0x28f/0x440
[  394.665493][ T9590]  ? __pfx__copy_from_iter+0x10/0x10
[  394.670799][ T9590]  ? __virt_addr_valid+0x183/0x530
[  394.675932][ T9590]  ? __virt_addr_valid+0x183/0x530
[  394.681060][ T9590]  ? __virt_addr_valid+0x45f/0x530
[  394.686192][ T9590]  ? __check_object_size+0x48e/0x900
[  394.691502][ T9590]  netlink_sendmsg+0x73d/0xcb0
[  394.696296][ T9590]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.701611][ T9590]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.707177][ T9590]  __sock_sendmsg+0x221/0x270
[  394.711887][ T9590]  ____sys_sendmsg+0x52a/0x7e0
[  394.716679][ T9590]  ? __pfx_____sys_sendmsg+0x10/0x10
[  394.721987][ T9590]  ? __fget_files+0x2a/0x410
[  394.726606][ T9590]  ? __fget_files+0x2a/0x410
[  394.731231][ T9590]  __sys_sendmsg+0x269/0x350
[  394.735849][ T9590]  ? __pfx_lock_release+0x10/0x10
[  394.740895][ T9590]  ? __pfx___sys_sendmsg+0x10/0x10
[  394.746050][ T9590]  ? __pfx_vfs_write+0x10/0x10
[  394.750862][ T9590]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  394.757467][ T9590]  ? do_syscall_64+0x100/0x230
[  394.762252][ T9590]  ? do_syscall_64+0xb6/0x230
[  394.766949][ T9590]  do_syscall_64+0xf3/0x230
[  394.771479][ T9590]  ? clear_bhb_loop+0x35/0x90
[  394.776179][ T9590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.782104][ T9590] RIP: 0033:0x7ff75757e819
[  394.786541][ T9590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.806169][ T9590] RSP: 002b:00007ff758420038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  394.814604][ T9590] RAX: ffffffffffffffda RBX: 00007ff757735fa0 RCX: 00007ff75757e819
[  394.822593][ T9590] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  394.830577][ T9590] RBP: 00007ff758420090 R08: 0000000000000000 R09: 0000000000000000
[  394.838569][ T9590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.846555][ T9590] R13: 0000000000000000 R14: 00007ff757735fa0 R15: 00007fff9832e2f8
[  394.854564][ T9590]  </TASK>
[  394.863485][ T9587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1029'.
[  395.016476][   T52] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  395.025682][   T52] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71
[  395.033383][   T52] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  395.042096][   T52] usb 2-1: cp210x converter now attached to ttyUSB0
[  395.075560][   T52] usb 2-1: USB disconnect, device number 34
[  395.183616][ T9599] syzkaller0: entered allmulticast mode
[  395.271497][ T5881] usb 4-1: USB disconnect, device number 32
[  395.285089][   T52] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  395.293220][   T52] cp210x 2-1:0.0: device disconnected
[  395.427621][ T9603] 9pnet_fd: Insufficient options for proto=fd
[  396.246396][ T9611] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  396.246396][ T9611]    program syz.2.1036 not setting count and/or reply_len properly
[  396.389297][ T5835] Bluetooth: hci0: Malformed HCI Event: 0x22
[  396.616082][   T52] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  396.908513][   T52] usb 3-1: Using ep0 maxpacket: 8
[  396.939986][   T52] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  397.098149][   T52] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  397.178528][   T52] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  397.205867][   T52] usb 3-1: Product: syz
[  397.220472][   T52] usb 3-1: Manufacturer: syz
[  397.235056][   T52] usb 3-1: SerialNumber: syz
[  397.495318][   T52] usb 3-1: Invalid connection information received from device
[  397.711873][ T5919] usb 3-1: USB disconnect, device number 28
[  398.324923][   T52] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  398.510330][   T52] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  398.538294][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.668505][   T52] usb 1-1: config 0 descriptor??
[  398.686312][   T52] cp210x 1-1:0.0: cp210x converter detected
[  398.966400][ T9640] syzkaller0: entered allmulticast mode
[  399.271589][ T9647] FAULT_INJECTION: forcing a failure.
[  399.271589][ T9647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.302752][ T9647] CPU: 0 UID: 0 PID: 9647 Comm: syz.4.1047 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  399.313128][ T9647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  399.323201][ T9647] Call Trace:
[  399.326499][ T9647]  <TASK>
[  399.329445][ T9647]  dump_stack_lvl+0x241/0x360
[  399.334148][ T9647]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.339372][ T9647]  ? __pfx__printk+0x10/0x10
[  399.343993][ T9647]  ? snprintf+0xda/0x120
[  399.348257][ T9647]  should_fail_ex+0x3b0/0x4e0
[  399.352959][ T9647]  _copy_to_user+0x31/0xb0
[  399.357404][ T9647]  simple_read_from_buffer+0xca/0x150
[  399.362803][ T9647]  proc_fail_nth_read+0x1e9/0x250
[  399.367850][ T9647]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  399.373417][ T9647]  ? rw_verify_area+0x55e/0x6f0
[  399.378283][ T9647]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  399.383865][ T9647]  vfs_read+0x1fc/0xb70
[  399.388043][ T9647]  ? __pfx___mutex_lock+0x10/0x10
[  399.393083][ T9647]  ? __pfx_vfs_read+0x10/0x10
[  399.397778][ T9647]  ? __fget_files+0x2a/0x410
[  399.402390][ T9647]  ? __fget_files+0x395/0x410
[  399.407090][ T9647]  ? __fget_files+0x2a/0x410
[  399.411711][ T9647]  ksys_read+0x18f/0x2b0
[  399.415979][ T9647]  ? __pfx_ksys_read+0x10/0x10
[  399.420766][ T9647]  ? do_syscall_64+0x100/0x230
[  399.425546][ T9647]  ? do_syscall_64+0xb6/0x230
[  399.430246][ T9647]  do_syscall_64+0xf3/0x230
[  399.434766][ T9647]  ? clear_bhb_loop+0x35/0x90
[  399.439463][ T9647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.445382][ T9647] RIP: 0033:0x7ff75757d25c
[  399.449819][ T9647] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  399.469450][ T9647] RSP: 002b:00007ff758420030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  399.477890][ T9647] RAX: ffffffffffffffda RBX: 00007ff757735fa0 RCX: 00007ff75757d25c
[  399.485880][ T9647] RDX: 000000000000000f RSI: 00007ff7584200a0 RDI: 0000000000000003
[  399.493869][ T9647] RBP: 00007ff758420090 R08: 0000000000000000 R09: 0000000000000000
[  399.501855][ T9647] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  399.509843][ T9647] R13: 0000000000000000 R14: 00007ff757735fa0 R15: 00007fff9832e2f8
[  399.517847][ T9647]  </TASK>
[  399.520995][    C0] vkms_vblank_simulate: vblank timer overrun
[  400.738085][   T52] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  400.747888][   T52] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  400.755876][   T52] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  400.779200][   T52] usb 1-1: cp210x converter now attached to ttyUSB0
[  400.941260][   T52] usb 1-1: USB disconnect, device number 29
[  401.104962][   T52] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  401.113141][   T52] cp210x 1-1:0.0: device disconnected
[  401.128316][ T9669] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  401.128316][ T9669]    program syz.4.1054 not setting count and/or reply_len properly
[  401.166407][ T9671] syzkaller0: entered allmulticast mode
[  401.323220][ T9677] FAULT_INJECTION: forcing a failure.
[  401.323220][ T9677] name failslab, interval 1, probability 0, space 0, times 0
[  401.344194][ T9677] CPU: 1 UID: 0 PID: 9677 Comm: syz.2.1057 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  401.354563][ T9677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  401.364634][ T9677] Call Trace:
[  401.367940][ T9677]  <TASK>
[  401.370885][ T9677]  dump_stack_lvl+0x241/0x360
[  401.375583][ T9677]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.380807][ T9677]  ? __pfx__printk+0x10/0x10
[  401.385424][ T9677]  ? fs_reclaim_acquire+0x93/0x130
[  401.390548][ T9677]  ? __pfx___might_resched+0x10/0x10
[  401.395857][ T9677]  ? dynamic_dname+0x141/0x1b0
[  401.400650][ T9677]  should_fail_ex+0x3b0/0x4e0
[  401.405356][ T9677]  ? tomoyo_encode+0x26f/0x540
[  401.410144][ T9677]  should_failslab+0xac/0x100
[  401.414849][ T9677]  ? tomoyo_encode+0x26f/0x540
[  401.419642][ T9677]  __kmalloc_noprof+0xd8/0x400
[  401.424429][ T9677]  tomoyo_encode+0x26f/0x540
[  401.429034][ T9677]  ? __pfx_sockfs_dname+0x10/0x10
[  401.434077][ T9677]  tomoyo_realpath_from_path+0x59e/0x5e0
[  401.439752][ T9677]  tomoyo_path_number_perm+0x236/0x860
[  401.445233][ T9677]  ? __lock_acquire+0x1397/0x2100
[  401.450287][ T9677]  ? tomoyo_path_number_perm+0x206/0x860
[  401.455952][ T9677]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  401.462003][ T9677]  ? __fget_files+0x2a/0x410
[  401.466619][ T9677]  ? __fget_files+0x2a/0x410
[  401.471240][ T9677]  security_file_ioctl+0xc6/0x2a0
[  401.476288][ T9677]  __se_sys_ioctl+0x46/0x170
[  401.480898][ T9677]  do_syscall_64+0xf3/0x230
[  401.485418][ T9677]  ? clear_bhb_loop+0x35/0x90
[  401.490122][ T9677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.496053][ T9677] RIP: 0033:0x7f9e0517e819
[  401.500484][ T9677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.520114][ T9677] RSP: 002b:00007f9e05f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  401.528560][ T9677] RAX: ffffffffffffffda RBX: 00007f9e05335fa0 RCX: 00007f9e0517e819
[  401.536555][ T9677] RDX: 0000000020000040 RSI: 0000000000008b32 RDI: 0000000000000004
[  401.544546][ T9677] RBP: 00007f9e05f90090 R08: 0000000000000000 R09: 0000000000000000
[  401.552546][ T9677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.560535][ T9677] R13: 0000000000000000 R14: 00007f9e05335fa0 R15: 00007ffd1ddf9cf8
[  401.568542][ T9677]  </TASK>
[  401.605983][ T9677] ERROR: Out of memory at tomoyo_realpath_from_path.
[  401.636210][ T5919] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  401.728955][ T5881] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  401.884770][ T5881] usb 5-1: Using ep0 maxpacket: 8
[  401.895904][ T5919] usb 2-1: Using ep0 maxpacket: 16
[  401.911729][ T5881] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  401.912133][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.005039][ T5919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.015385][ T5919] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  402.025426][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.077004][ T5881] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  402.077037][ T5881] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  402.077070][ T5881] usb 5-1: Product: syz
[  402.077086][ T5881] usb 5-1: Manufacturer: syz
[  402.077102][ T5881] usb 5-1: SerialNumber: syz
[  402.131888][ T5919] usb 2-1: config 0 descriptor??
[  402.389337][ T5881] usb 5-1: Invalid connection information received from device
[  402.553403][   T52] usb 5-1: USB disconnect, device number 38
[  402.607830][ T5919] hid-multitouch 0003:1FD2:6007.000F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[  402.836782][ T5919] usb 2-1: USB disconnect, device number 35
[  402.877501][ T5835] Bluetooth: hci1: Malformed HCI Event: 0x22
[  402.935565][ T9690] team_slave_0: entered promiscuous mode
[  402.941253][ T9690] team_slave_1: entered promiscuous mode
[  402.965331][ T9690] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  402.996506][ T9690] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  403.655884][   T29] audit: type=1804 audit(1732250252.054:328): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1063" name="/newroot/227/file1" dev="fuse" ino=1 res=1 errno=0
[  403.920209][   T29] audit: type=1800 audit(1732250252.054:329): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.1063" name="/" dev="fuse" ino=1 res=0 errno=0
[  404.110803][   T29] audit: type=1804 audit(1732250252.064:330): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1063" name="/newroot/227/file1" dev="fuse" ino=1 res=1 errno=0
[  404.202873][   T29] audit: type=1804 audit(1732250252.064:331): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.1063" name="/newroot/227/file1" dev="fuse" ino=1 res=1 errno=0
[  404.739582][   T29] audit: type=1800 audit(1732250252.064:332): pid=9698 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.1063" name="/" dev="fuse" ino=1 res=0 errno=0
[  405.279990][ T9708] blktrace: Concurrent blktraces are not allowed on nullb0
[  405.718032][ T9714] syzkaller0: entered allmulticast mode
[  405.820224][ T9710] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1067'.
[  405.880566][ T9717] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1067'.
[  406.049835][ T9735] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  406.049835][ T9735]    program syz.1.1075 not setting count and/or reply_len properly
[  406.334726][  T970] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  406.415848][ T5881] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  406.484810][  T970] usb 2-1: Using ep0 maxpacket: 8
[  406.493953][  T970] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  406.519907][ T9712] 9pnet_fd: p9_fd_create_tcp (9712): problem connecting socket to 127.0.0.1
[  406.535503][  T970] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  406.564761][  T970] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  406.572919][  T970] usb 2-1: Product: syz
[  406.593433][  T970] usb 2-1: Manufacturer: syz
[  406.604675][ T5881] usb 5-1: Using ep0 maxpacket: 16
[  406.610764][  T970] usb 2-1: SerialNumber: syz
[  406.618300][ T5881] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  406.659328][ T5881] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  406.695428][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.712953][ T5881] usb 5-1: config 0 descriptor??
[  406.813197][ T9751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1079'.
[  406.842156][  T970] usb 2-1: Invalid connection information received from device
[  406.974854][ T9738] mkiss: ax0: crc mode is auto.
[  407.053148][  T970] usb 2-1: USB disconnect, device number 36
[  407.346826][ T9738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.525516][   T52] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  407.669840][ T9738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.795058][   T52] usb 3-1: Using ep0 maxpacket: 16
[  407.821440][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.864174][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  407.874741][   T52] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  407.878247][ T5881] hid (null): unknown global tag 0x83
[  407.884049][   T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.918280][   T52] usb 3-1: config 0 descriptor??
[  407.953805][ T5881] hid (null): unknown global tag 0xc
[  407.962229][ T5881] hid-generic 0003:0158:0100.0010: unknown main item tag 0x1
[  407.974672][ T5881] hid-generic 0003:0158:0100.0010: unexpected long global item
[  407.982744][ T5881] hid-generic 0003:0158:0100.0010: probe with driver hid-generic failed with error -22
[  408.135581][ T9763] syzkaller0: entered allmulticast mode
[  408.228721][ T5919] usb 5-1: USB disconnect, device number 39
[  408.519737][   T52] hid-multitouch 0003:1FD2:6007.0011: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  408.713603][   T52] usb 3-1: USB disconnect, device number 29
[  408.957361][   T29] audit: type=1326 audit(1732250257.414:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9769 comm="syz.3.1085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570597e819 code=0x7ffc0000
[  409.004138][   T29] audit: type=1326 audit(1732250257.414:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9769 comm="syz.3.1085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f570597e819 code=0x7ffc0000
[  409.123623][ T9772] pim6reg1: entered promiscuous mode
[  409.144881][ T9772] pim6reg1: entered allmulticast mode
[  410.862315][ T5835] Bluetooth: hci4: Malformed HCI Event: 0x22
[  410.981755][ T9794] blktrace: Concurrent blktraces are not allowed on nullb0
[  411.532978][ T9796] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  411.532978][ T9796]    program syz.1.1093 not setting count and/or reply_len properly
[  412.444752][ T5885] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  412.625509][ T5885] usb 2-1: Using ep0 maxpacket: 8
[  412.666948][ T5885] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  412.735579][ T5885] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  412.955248][ T5885] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  413.026787][ T5885] usb 2-1: Product: syz
[  413.034689][ T5885] usb 2-1: Manufacturer: syz
[  413.039366][ T5885] usb 2-1: SerialNumber: syz
[  413.117360][ T9813] misc userio: Begin command sent, but we're already running
[  413.297601][ T5885] usb 2-1: Invalid connection information received from device
[  413.364854][ T5881] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  413.886053][ T5923] usb 2-1: USB disconnect, device number 37
[  414.124694][ T5881] usb 4-1: device descriptor read/64, error -71
[  414.565537][ T5881] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  414.734695][ T5881] usb 4-1: device descriptor read/64, error -71
[  414.929929][ T5881] usb usb4-port1: attempt power cycle
[  414.984896][   T52] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  415.071090][ T9835] sd 0:0:1:0: device reset
[  415.276215][ T5881] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  415.311932][ T5881] usb 4-1: device descriptor read/8, error -71
[  415.554794][ T5881] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  415.580682][ T5881] usb 4-1: device descriptor read/8, error -71
[  415.747843][ T5881] usb usb4-port1: unable to enumerate USB device
[  416.046416][   T52] usb 1-1: Using ep0 maxpacket: 16
[  416.095478][ T5835] Bluetooth: hci0: Malformed HCI Event: 0x22
[  416.247341][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.258387][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.422336][   T52] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  416.467576][ T9845] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  417.073445][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.140879][   T52] usb 1-1: config 0 descriptor??
[  417.540213][   T52] usb 1-1: can't set config #0, error -71
[  417.548733][   T52] usb 1-1: USB disconnect, device number 30
[  418.564797][ T5885] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  418.799630][ T5885] usb 4-1: config 0 has an invalid interface number: 141 but max is 0
[  418.808907][ T5885] usb 4-1: config 0 has an invalid interface number: 159 but max is 0
[  418.824797][ T5885] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  419.832255][ T5885] usb 4-1: config 0 has no interface number 0
[  419.843452][ T5885] usb 4-1: config 0 has no interface number 1
[  419.856396][ T5885] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0xA, skipping
[  419.872550][ T5885] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  419.884431][ T5885] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x9 has invalid maxpacket 560, setting to 64
[  419.897288][ T5885] usb 4-1: config 0 interface 141 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  419.908376][ T5885] usb 4-1: config 0 interface 141 altsetting 0 has a duplicate endpoint with address 0x9, skipping
[  419.920084][ T5885] usb 4-1: config 0 interface 141 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  419.934749][ T5885] usb 4-1: config 0 interface 141 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 16
[  419.950448][ T5885] usb 4-1: too many endpoints for config 0 interface 159 altsetting 83: 229, using maximum allowed: 30
[  419.963158][ T5885] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x7 has an invalid bInterval 142, changing to 11
[  419.974628][ T5885] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  420.042121][ T5885] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xB, skipping
[  420.154222][ T5885] usb 4-1: config 0 interface 159 altsetting 83 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  420.178047][ T5885] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0xA, skipping
[  420.188911][ T5885] usb 4-1: config 0 interface 159 altsetting 83 has a duplicate endpoint with address 0x3, skipping
[  420.199822][ T5885] usb 4-1: config 0 interface 159 altsetting 83 has 8 endpoint descriptors, different from the interface descriptor's value: 229
[  420.213196][ T5885] usb 4-1: config 0 interface 159 has no altsetting 0
[  420.220049][ T5885] usb 4-1: New USB device found, idVendor=12d1, idProduct=131c, bcdDevice=70.bd
[  420.229239][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.263646][ T5885] usb 4-1: config 0 descriptor??
[  420.324463][ T5885] usb 4-1: can't set config #0, error -71
[  420.332002][ T5885] usb 4-1: USB disconnect, device number 37
[  420.437505][ T9873] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  421.383554][   T29] audit: type=1804 audit(1732250269.264:335): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1117" name="/newroot/228/file1" dev="fuse" ino=1 res=1 errno=0
[  421.580056][   T29] audit: type=1800 audit(1732250269.264:336): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.1117" name="/" dev="fuse" ino=1 res=0 errno=0
[  421.602985][   T29] audit: type=1804 audit(1732250269.264:337): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1117" name="/newroot/228/file1" dev="fuse" ino=1 res=1 errno=0
[  421.622847][   T29] audit: type=1804 audit(1732250269.264:338): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1117" name="/newroot/228/file1" dev="fuse" ino=1 res=1 errno=0
[  421.742618][   T29] audit: type=1800 audit(1732250269.264:339): pid=9880 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.1117" name="/" dev="fuse" ino=1 res=0 errno=0
[  424.707003][ T5885] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  424.754115][ T9911] blktrace: Concurrent blktraces are not allowed on nullb0
[  424.835017][ T5919] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  425.016061][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  425.079855][ T5919] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  425.089404][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.277941][ T5919] usb 3-1: config 0 descriptor??
[  425.326175][ T5919] cp210x 3-1:0.0: cp210x converter detected
[  425.415511][ T5885] usb 5-1: unable to read config index 0 descriptor/start: -71
[  425.423229][ T5885] usb 5-1: can't read configurations, error -71
[  427.536903][   T29] audit: type=1804 audit(1732250275.724:340): pid=9928 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1130" name="/newroot/223/file1" dev="fuse" ino=1 res=1 errno=0
[  427.857163][   T29] audit: type=1800 audit(1732250275.724:341): pid=9928 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1130" name="/" dev="fuse" ino=1 res=0 errno=0
[  427.924309][ T5919] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  428.054393][ T5919] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71
[  428.062155][ T5919] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  428.080398][ T5919] usb 3-1: cp210x converter now attached to ttyUSB0
[  428.124672][   T29] audit: type=1804 audit(1732250275.844:342): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1130" name="/newroot/223/file1" dev="fuse" ino=1 res=1 errno=0
[  428.173907][   T29] audit: type=1804 audit(1732250275.844:343): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.1.1130" name="/newroot/223/file1" dev="fuse" ino=1 res=1 errno=0
[  428.193794][   T29] audit: type=1800 audit(1732250275.844:344): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1130" name="/" dev="fuse" ino=1 res=0 errno=0
[  428.223249][ T5919] usb 3-1: USB disconnect, device number 30
[  428.245089][ T5919] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  428.267164][ T5919] cp210x 3-1:0.0: device disconnected
[  428.299642][ T9935] vlan2: entered promiscuous mode
[  428.319809][ T5835] Bluetooth: hci1: unexpected event for opcode 0x2031
[  428.598209][ T9941] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  428.704324][ T9943] dccp_invalid_packet: P.Data Offset(4) too small
[  428.739222][ T9943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1135'.
[  428.743295][ T9943] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1135'.
[  431.091623][ T9956] blktrace: Concurrent blktraces are not allowed on nullb0
[  431.519618][ T9966] netlink: 'syz.2.1144': attribute type 1 has an invalid length.
[  431.567240][ T9966] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1144'.
[  431.816414][ T9972] evm: overlay not supported
[  432.590481][ T5835] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  432.599246][ T5835] Bluetooth: hci1: Injecting HCI hardware error event
[  432.609665][ T5835] Bluetooth: hci1: hardware error 0x00
[  432.699943][ T5881] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  432.773937][ T9990] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  432.870748][ T5881] usb 1-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  432.884041][ T5881] usb 1-1: config 0 interface 0 has no altsetting 0
[  432.895377][ T5881] usb 1-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00
[  432.942705][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.974795][ T5881] usb 1-1: config 0 descriptor??
[  433.365135][T10004] blktrace: Concurrent blktraces are not allowed on nullb0
[  433.866743][ T5881] usbhid 1-1:0.0: can't add hid device: -71
[  433.913004][ T5881] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  433.955779][ T5881] usb 1-1: USB disconnect, device number 31
[  434.639318][T10020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1162'.
[  434.665220][ T5835] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  434.711285][T10020] dummy0: entered promiscuous mode
[  434.718837][T10020] macvtap1: entered promiscuous mode
[  434.724543][T10020] macvtap1: entered allmulticast mode
[  434.731104][T10020] dummy0: entered allmulticast mode
[  434.733175][T10029] FAULT_INJECTION: forcing a failure.
[  434.733175][T10029] name failslab, interval 1, probability 0, space 0, times 0
[  434.781085][T10029] CPU: 1 UID: 0 PID: 10029 Comm: syz.0.1164 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  434.791516][T10029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  434.801575][T10029] Call Trace:
[  434.804861][T10029]  <TASK>
[  434.807785][T10029]  dump_stack_lvl+0x241/0x360
[  434.812456][T10029]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.817664][T10029]  ? __pfx__printk+0x10/0x10
[  434.822248][T10029]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  434.827711][T10029]  ? __pfx___might_resched+0x10/0x10
[  434.833002][T10029]  should_fail_ex+0x3b0/0x4e0
[  434.837696][T10029]  should_failslab+0xac/0x100
[  434.842374][T10029]  ? bpf_uprobe_multi_link_attach+0x479/0xdc0
[  434.848439][T10029]  __kmalloc_cache_noprof+0x6c/0x2c0
[  434.853722][T10029]  ? bpf_uprobe_multi_link_attach+0x35d/0xdc0
[  434.859834][T10029]  bpf_uprobe_multi_link_attach+0x479/0xdc0
[  434.865732][T10029]  ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10
[  434.872146][T10029]  ? __fget_files+0x395/0x410
[  434.876825][T10029]  ? bpf_prog_attach_check_attach_type+0x42c/0x4f0
[  434.883325][T10029]  link_create+0x6d7/0x870
[  434.887750][T10029]  __sys_bpf+0x4bc/0x810
[  434.891995][T10029]  ? __pfx___sys_bpf+0x10/0x10
[  434.896772][T10029]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  434.902750][T10029]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  434.909070][T10029]  ? do_syscall_64+0x100/0x230
[  434.913835][T10029]  __x64_sys_bpf+0x7c/0x90
[  434.918249][T10029]  do_syscall_64+0xf3/0x230
[  434.922744][T10029]  ? clear_bhb_loop+0x35/0x90
[  434.927417][T10029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.933307][T10029] RIP: 0033:0x7f107db7e819
[  434.937714][T10029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.957329][T10029] RSP: 002b:00007f107d9f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  434.965755][T10029] RAX: ffffffffffffffda RBX: 00007f107dd35fa0 RCX: 00007f107db7e819
[  434.973725][T10029] RDX: 000000000000003c RSI: 00000000200012c0 RDI: 000000000000001c
[  434.981694][T10029] RBP: 00007f107d9f9090 R08: 0000000000000000 R09: 0000000000000000
[  434.989666][T10029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.997636][T10029] R13: 0000000000000000 R14: 00007f107dd35fa0 R15: 00007ffd8ede60b8
[  435.005630][T10029]  </TASK>
[  435.008719][    C1] vkms_vblank_simulate: vblank timer overrun
[  436.396013][ T5923] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  437.246381][ T5881] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  437.275126][ T5923] usb 4-1: Using ep0 maxpacket: 16
[  437.545218][ T5923] usb 4-1: config 3 has an invalid interface number: 12 but max is 0
[  437.573127][ T5923] usb 4-1: config 3 has no interface number 0
[  437.602841][ T5923] usb 4-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice= c.7e
[  437.725499][ T5881] usb 3-1: Using ep0 maxpacket: 32
[  437.732585][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.751848][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.824489][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.832777][ T5923] usb 4-1: Product: syz
[  437.837088][ T5923] usb 4-1: Manufacturer: syz
[  437.837101][ T5881] usb 3-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  437.841675][ T5923] usb 4-1: SerialNumber: syz
[  437.846914][ T5923] keyspan 4-1:3.12: Keyspan 1 port adapter converter detected
[  437.851268][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.857185][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 84
[  438.425065][ T5881] usb 3-1: config 0 descriptor??
[  438.532376][T10053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.560205][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 81
[  438.568405][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 82
[  438.584087][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 1
[  438.593413][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 2
[  438.601388][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 83
[  438.609594][ T5923] keyspan 4-1:3.12: found no endpoint descriptor for endpoint 3
[  438.617843][T10053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.626153][ T5923] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  438.703945][T10076] netlink: 'syz.1.1178': attribute type 4 has an invalid length.
[  439.567976][ T5881] logitech 0003:046D:C298.0012: unbalanced collection at end of report description
[  439.581608][ T5881] logitech 0003:046D:C298.0012: parse failed
[  439.583260][ T5923] usb 4-1: USB disconnect, device number 38
[  439.587741][ T5881] logitech 0003:046D:C298.0012: probe with driver logitech failed with error -22
[  439.628205][ T5923] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  439.687398][ T5923] keyspan 4-1:3.12: device disconnected
[  439.769894][T10064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.830465][T10064] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.897913][T10099] xt_hashlimit: size too large, truncated to 1048576
[  439.905872][ T5881] usb 3-1: USB disconnect, device number 31
[  439.934763][T10099] xt_hashlimit: max too large, truncated to 1048576
[  440.187634][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  440.193991][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  440.245001][T10105] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1187'.
[  440.281786][T10105] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1187'.
[  443.998405][T10133] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1192'.
[  444.079488][T10137] ext4: Unknown parameter 'grpquotaeo#'
[  444.882052][T10133] veth1_macvtap: left promiscuous mode
[  445.019113][T10133] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1192'.
[  445.693846][T10148] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1197'.
[  445.736652][T10148] all: renamed from gre0 (while UP)
[  446.663505][T10164] sg_write: data in/out 23519/14 bytes for SCSI command 0x1-- guessing data in;
[  446.663505][T10164]    program syz.1.1202 not setting count and/or reply_len properly
[  447.648709][ T5881] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  447.806086][ T5881] usb 2-1: Using ep0 maxpacket: 8
[  447.813000][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  447.827062][ T5881] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  447.839541][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1205'.
[  447.859010][ T5881] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  447.887260][ T5881] usb 2-1: Product: syz
[  447.906774][ T5881] usb 2-1: Manufacturer: syz
[  447.919351][ T5881] usb 2-1: SerialNumber: syz
[  448.060604][T10186] FAULT_INJECTION: forcing a failure.
[  448.060604][T10186] name failslab, interval 1, probability 0, space 0, times 0
[  448.077339][T10186] CPU: 0 UID: 0 PID: 10186 Comm: syz.4.1209 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  448.087799][T10186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  448.097957][T10186] Call Trace:
[  448.101250][T10186]  <TASK>
[  448.104188][T10186]  dump_stack_lvl+0x241/0x360
[  448.108892][T10186]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.114109][T10186]  ? __pfx__printk+0x10/0x10
[  448.118720][T10186]  ? fs_reclaim_acquire+0x93/0x130
[  448.123850][T10186]  ? __pfx___might_resched+0x10/0x10
[  448.129152][T10186]  ? dynamic_dname+0x141/0x1b0
[  448.133932][T10186]  should_fail_ex+0x3b0/0x4e0
[  448.138718][T10186]  ? tomoyo_encode+0x26f/0x540
[  448.143522][T10186]  should_failslab+0xac/0x100
[  448.148219][T10186]  ? tomoyo_encode+0x26f/0x540
[  448.152976][T10186]  __kmalloc_noprof+0xd8/0x400
[  448.157737][T10186]  tomoyo_encode+0x26f/0x540
[  448.162315][T10186]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  448.167852][T10186]  tomoyo_realpath_from_path+0x59e/0x5e0
[  448.173476][T10186]  tomoyo_path_number_perm+0x236/0x860
[  448.178926][T10186]  ? __lock_acquire+0x1397/0x2100
[  448.183933][T10186]  ? tomoyo_path_number_perm+0x206/0x860
[  448.189563][T10186]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  448.195569][T10186]  ? __fget_files+0x2a/0x410
[  448.200169][T10186]  ? __fget_files+0x2a/0x410
[  448.204768][T10186]  security_file_ioctl+0xc6/0x2a0
[  448.209795][T10186]  __se_sys_ioctl+0x46/0x170
[  448.214369][T10186]  do_syscall_64+0xf3/0x230
[  448.218855][T10186]  ? clear_bhb_loop+0x35/0x90
[  448.223516][T10186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.229396][T10186] RIP: 0033:0x7ff75757e819
[  448.233793][T10186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.253385][T10186] RSP: 002b:00007ff758420038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  448.261786][T10186] RAX: ffffffffffffffda RBX: 00007ff757735fa0 RCX: 00007ff75757e819
[  448.269741][T10186] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  448.277698][T10186] RBP: 00007ff758420090 R08: 0000000000000000 R09: 0000000000000000
[  448.285653][T10186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.293617][T10186] R13: 0000000000000000 R14: 00007ff757735fa0 R15: 00007fff9832e2f8
[  448.301601][T10186]  </TASK>
[  448.304764][    C0] vkms_vblank_simulate: vblank timer overrun
[  448.312897][ T5885] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  448.321273][ T5881] usb 2-1: palm_os_3_probe - error -110 getting connection information
[  448.342358][ T5881] visor 2-1:1.0: probe with driver visor failed with error -110
[  448.374813][T10186] ERROR: Out of memory at tomoyo_realpath_from_path.
[  448.476339][ T5885] usb 3-1: config 32 has an invalid interface number: 2 but max is 0
[  448.484821][ T5885] usb 3-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  448.520027][ T5885] usb 3-1: config 32 has no interface number 0
[  448.542254][ T5885] usb 3-1: config 32 interface 2 altsetting 0 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  448.560827][ T5885] usb 3-1: config 32 interface 2 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  448.574931][ T5885] usb 3-1: config 32 interface 2 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  448.616781][ T5885] usb 3-1: New USB device found, idVendor=0742, idProduct=200a, bcdDevice=de.32
[  448.634981][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.645198][ T5885] usb 3-1: Product: syz
[  448.652042][ T5885] usb 3-1: Manufacturer: syz
[  448.657474][ T5885] usb 3-1: SerialNumber: syz
[  448.840056][T10198] FAULT_INJECTION: forcing a failure.
[  448.840056][T10198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.859254][T10198] CPU: 1 UID: 0 PID: 10198 Comm: syz.0.1214 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  448.869705][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  448.879779][T10198] Call Trace:
[  448.883072][T10198]  <TASK>
[  448.886017][T10198]  dump_stack_lvl+0x241/0x360
[  448.886031][T10174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  448.890698][T10198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.890723][T10198]  ? __pfx__printk+0x10/0x10
[  448.890751][T10198]  ? __pfx_lock_release+0x10/0x10
[  448.913863][T10198]  should_fail_ex+0x3b0/0x4e0
[  448.916861][T10174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.918551][T10198]  _copy_from_iter+0x21f/0x1e70
[  448.931111][T10198]  ? __virt_addr_valid+0x183/0x530
[  448.936245][T10198]  ? __pfx_lock_release+0x10/0x10
[  448.941304][T10198]  ? __alloc_skb+0x28f/0x440
[  448.945916][T10198]  ? __pfx__copy_from_iter+0x10/0x10
[  448.951225][T10198]  ? __virt_addr_valid+0x183/0x530
[  448.956355][T10198]  ? __virt_addr_valid+0x183/0x530
[  448.961483][T10198]  ? __virt_addr_valid+0x45f/0x530
[  448.966620][T10198]  ? __check_object_size+0x48e/0x900
[  448.971939][T10198]  netlink_sendmsg+0x73d/0xcb0
[  448.976735][T10198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.982048][T10198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.987348][T10198]  __sock_sendmsg+0x221/0x270
[  448.992054][T10198]  ____sys_sendmsg+0x52a/0x7e0
[  448.996841][T10198]  ? __pfx_____sys_sendmsg+0x10/0x10
[  449.002152][T10198]  ? __fget_files+0x2a/0x410
[  449.006757][T10198]  ? __fget_files+0x2a/0x410
[  449.011389][T10198]  __sys_sendmsg+0x269/0x350
[  449.015995][T10198]  ? __pfx_lock_release+0x10/0x10
[  449.021048][T10198]  ? __pfx___sys_sendmsg+0x10/0x10
[  449.026171][T10198]  ? __pfx_vfs_write+0x10/0x10
[  449.030968][T10198]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  449.037326][T10198]  ? do_syscall_64+0x100/0x230
[  449.042116][T10198]  ? do_syscall_64+0xb6/0x230
[  449.046822][T10198]  do_syscall_64+0xf3/0x230
[  449.051338][T10198]  ? clear_bhb_loop+0x35/0x90
[  449.056028][T10198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.061941][T10198] RIP: 0033:0x7f107db7e819
[  449.066373][T10198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.086000][T10198] RSP: 002b:00007f107d9f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  449.094438][T10198] RAX: ffffffffffffffda RBX: 00007f107dd35fa0 RCX: 00007f107db7e819
[  449.102434][T10198] RDX: 0000000020004010 RSI: 00000000200001c0 RDI: 0000000000000004
[  449.110425][T10198] RBP: 00007f107d9f9090 R08: 0000000000000000 R09: 0000000000000000
[  449.118425][T10198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.126416][T10198] R13: 0000000000000000 R14: 00007f107dd35fa0 R15: 00007ffd8ede60b8
[  449.134423][T10198]  </TASK>
[  449.152952][ T5885] HFC-S_USB 3-1:32.2: probe with driver HFC-S_USB failed with error -5
[  449.183456][ T5885] usb 3-1: USB disconnect, device number 32
[  449.804704][ T5885] usb 2-1: USB disconnect, device number 38
[  449.837478][T10216] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1220'.
[  453.934818][ T5885] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  454.120770][ T5885] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  454.200133][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.297435][ T5885] usb 5-1: config 0 descriptor??
[  454.316829][ T5885] cp210x 5-1:0.0: cp210x converter detected
[  455.332694][T10288] syz.0.1246: attempt to access beyond end of device
[  455.332694][T10288] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  456.092451][T10299] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.041274][ T5885] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  457.240700][ T5885] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  457.248463][ T5885] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  457.257278][ T5885] usb 5-1: cp210x converter now attached to ttyUSB0
[  457.266697][ T5885] usb 5-1: USB disconnect, device number 42
[  457.275306][ T5885] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  457.283454][ T5885] cp210x 5-1:0.0: device disconnected
[  458.444034][T10327] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1254'.
[  458.455047][T10327] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1254'.
[  459.590586][T10353] trusted_key: encrypted_key: insufficient parameters specified
[  460.252896][   T52] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  460.330366][T10358] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1265'.
[  460.414684][   T52] usb 5-1: Using ep0 maxpacket: 8
[  460.423504][   T52] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  460.480020][   T52] usb 5-1: config 2 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  460.506858][T10361] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  460.514982][T10361] macvtap1: entered promiscuous mode
[  460.524069][   T52] usb 5-1: config 2 interface 0 has no altsetting 0
[  460.547243][   T52] usb 5-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10
[  460.557174][   T52] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.584361][T10361] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  460.607634][   T52] usb 5-1: Product: syz
[  460.611832][   T52] usb 5-1: Manufacturer: syz
[  460.627537][   T52] usb 5-1: SerialNumber: syz
[  461.915059][ T5835] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260
[  462.386676][ T5923] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  463.214705][ T5923] usb 2-1: Using ep0 maxpacket: 8
[  463.234668][   T52] usb 5-1: USB disconnect, device number 43
[  463.247818][ T5923] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  463.257192][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.265987][ T5923] usb 2-1: Product: syz
[  463.270227][ T5923] usb 2-1: Manufacturer: syz
[  463.275066][ T5923] usb 2-1: SerialNumber: syz
[  463.334672][ T5923] usb 2-1: config 0 descriptor??
[  463.571253][ T5923] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  464.569432][T10408] 9pnet_fd: Insufficient options for proto=fd
[  465.328674][T10407] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1271'.
[  465.398220][   T29] audit: type=1400 audit(1732250313.854:345): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10409 comm="syz.0.1280" dest=20002 netif=wpan0
[  465.416558][T10412] netlink: 348 bytes leftover after parsing attributes in process `syz.3.1281'.
[  465.464994][ T5885] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  465.509055][T10415] FAULT_INJECTION: forcing a failure.
[  465.509055][T10415] name failslab, interval 1, probability 0, space 0, times 0
[  465.522261][T10415] CPU: 0 UID: 0 PID: 10415 Comm: syz.3.1282 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  465.532697][T10415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  465.542755][T10415] Call Trace:
[  465.546032][T10415]  <TASK>
[  465.548964][T10415]  dump_stack_lvl+0x241/0x360
[  465.553649][T10415]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.558845][T10415]  ? __pfx__printk+0x10/0x10
[  465.563435][T10415]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  465.569414][T10415]  ? __pfx___might_resched+0x10/0x10
[  465.574709][T10415]  should_fail_ex+0x3b0/0x4e0
[  465.579397][T10415]  should_failslab+0xac/0x100
[  465.584068][T10415]  ? __alloc_skb+0x1c3/0x440
[  465.588656][T10415]  kmem_cache_alloc_node_noprof+0x71/0x320
[  465.594468][T10415]  __alloc_skb+0x1c3/0x440
[  465.598885][T10415]  ? __pfx___alloc_skb+0x10/0x10
[  465.603817][T10415]  ? netlink_autobind+0xd6/0x2f0
[  465.608752][T10415]  ? netlink_autobind+0x2b0/0x2f0
[  465.613778][T10415]  netlink_sendmsg+0x638/0xcb0
[  465.618553][T10415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  465.623841][T10415]  ? __pfx_netlink_sendmsg+0x10/0x10
[  465.629122][T10415]  __sock_sendmsg+0x221/0x270
[  465.633808][T10415]  ____sys_sendmsg+0x52a/0x7e0
[  465.638575][T10415]  ? __pfx_____sys_sendmsg+0x10/0x10
[  465.643861][T10415]  ? __fget_files+0x2a/0x410
[  465.648458][T10415]  ? __fget_files+0x2a/0x410
[  465.653062][T10415]  __sys_sendmsg+0x269/0x350
[  465.657656][T10415]  ? __pfx_lock_release+0x10/0x10
[  465.662673][T10415]  ? __pfx___sys_sendmsg+0x10/0x10
[  465.667788][T10415]  ? __pfx_vfs_write+0x10/0x10
[  465.672567][T10415]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  465.678890][T10415]  ? do_syscall_64+0x100/0x230
[  465.683651][T10415]  ? do_syscall_64+0xb6/0x230
[  465.688409][T10415]  do_syscall_64+0xf3/0x230
[  465.692909][T10415]  ? clear_bhb_loop+0x35/0x90
[  465.697585][T10415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.703480][T10415] RIP: 0033:0x7f570597e819
[  465.707895][T10415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.727501][T10415] RSP: 002b:00007f570678c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  465.735912][T10415] RAX: ffffffffffffffda RBX: 00007f5705b35fa0 RCX: 00007f570597e819
[  465.743880][T10415] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[  465.751844][T10415] RBP: 00007f570678c090 R08: 0000000000000000 R09: 0000000000000000
[  465.759812][T10415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.767779][T10415] R13: 0000000000000000 R14: 00007f5705b35fa0 R15: 00007ffec46ed618
[  465.775759][T10415]  </TASK>
[  465.778887][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.797510][ T5923] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  465.814957][ T5923] usb 2-1: USB disconnect, device number 39
[  465.876802][ T5885] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  465.887262][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.936074][ T5885] usb 5-1: config 0 descriptor??
[  465.944017][ T5885] cp210x 5-1:0.0: cp210x converter detected
[  467.909589][ T5885] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  467.917851][ T5885] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71
[  467.926170][ T5885] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  467.953864][ T5885] usb 5-1: cp210x converter now attached to ttyUSB0
[  467.983123][ T5885] usb 5-1: USB disconnect, device number 44
[  469.057330][ T5885] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  469.060122][ T5885] cp210x 5-1:0.0: device disconnected
[  469.502585][T10436] tty tty25: ldisc open failed (-12), clearing slot 24
[  470.115257][   T29] audit: type=1326 audit(1732250318.544:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10447 comm="syz.3.1292" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f570597e819 code=0x0
[  470.560210][T10460] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1294'.
[  472.874881][ T5919] usb 4-1: new low-speed USB device number 39 using dummy_hcd
[  472.962518][T10464] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  472.969461][T10464] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  472.990265][T10464] vhci_hcd vhci_hcd.0: Device attached
[  473.152661][T10486] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1300'.
[  473.969890][  T970] vhci_hcd: vhci_device speed not set
[  474.341588][ T5919] usb 4-1: config 0 has no interfaces?
[  474.350751][ T5919] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  474.359501][ T5835] Bluetooth: hci3: Malformed HCI Event: 0x22
[  474.363418][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.497030][  T970] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  474.526952][ T5919] usb 4-1: config 0 descriptor??
[  474.558848][T10491] netlink: 'syz.0.1303': attribute type 21 has an invalid length.
[  474.655531][T10491] netlink: 'syz.0.1303': attribute type 1 has an invalid length.
[  474.666048][T10491] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1303'.
[  475.376079][ T5885] usb 4-1: USB disconnect, device number 39
[  475.408507][T10479] vhci_hcd: connection reset by peer
[  475.478397][ T6095] vhci_hcd: stop threads
[  475.483429][ T6095] vhci_hcd: release socket
[  475.489290][ T6095] vhci_hcd: disconnect device
[  475.618254][T10507] blktrace: Concurrent blktraces are not allowed on nullb0
[  476.061685][T10510] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  476.098886][ T5210] udevd[5210]: worker [5833] terminated by signal 33 (Unknown signal 33)
[  476.104795][ T5881] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  476.125345][ T5210] udevd[5210]: worker [5833] failed while handling '/devices/virtual/misc/kvm'
[  476.197816][T10515] syzkaller1: entered promiscuous mode
[  476.203508][T10515] syzkaller1: entered allmulticast mode
[  476.264957][ T5881] usb 1-1: Using ep0 maxpacket: 16
[  476.273850][ T5881] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.304681][ T5881] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.314436][ T5881] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  476.346089][ T5881] usb 1-1: config 0 interface 0 has no altsetting 0
[  476.361365][ T5881] usb 1-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00
[  476.372751][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.405657][ T5881] usb 1-1: config 0 descriptor??
[  477.429277][ T5881] hid (null): unknown global tag 0xc
[  477.437079][ T5881] hid-generic 0003:045E:05DA.0013: unknown global tag 0xc
[  477.444235][ T5881] hid-generic 0003:045E:05DA.0013: item 0 4 1 12 parsing failed
[  477.453711][ T5881] hid-generic 0003:045E:05DA.0013: probe with driver hid-generic failed with error -22
[  477.705127][T10501] input: syz0 as /devices/virtual/input/input19
[  477.980615][T10542] FAULT_INJECTION: forcing a failure.
[  477.980615][T10542] name failslab, interval 1, probability 0, space 0, times 0
[  477.995467][T10542] CPU: 1 UID: 0 PID: 10542 Comm: syz.3.1317 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  478.006018][T10542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  478.016082][T10542] Call Trace:
[  478.019373][T10542]  <TASK>
[  478.022302][T10542]  dump_stack_lvl+0x241/0x360
[  478.026989][T10542]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.032184][T10542]  ? __pfx__printk+0x10/0x10
[  478.036777][T10542]  ? stack_trace_save+0x118/0x1d0
[  478.041800][T10542]  ? __pfx_stack_trace_save+0x10/0x10
[  478.047170][T10542]  should_fail_ex+0x3b0/0x4e0
[  478.051853][T10542]  should_failslab+0xac/0x100
[  478.056529][T10542]  ? __alloc_skb+0x1c3/0x440
[  478.061117][T10542]  kmem_cache_alloc_node_noprof+0x71/0x320
[  478.066928][T10542]  __alloc_skb+0x1c3/0x440
[  478.071349][T10542]  ? __pfx___alloc_skb+0x10/0x10
[  478.076285][T10542]  ? mark_lock+0x9a/0x360
[  478.080613][T10542]  _sctp_make_chunk+0x58/0x460
[  478.085373][T10542]  sctp_make_strreset_req+0x7c/0x1160
[  478.090761][T10542]  ? __local_bh_enable_ip+0x168/0x200
[  478.096162][T10542]  sctp_send_reset_streams+0x70d/0xd70
[  478.101622][T10542]  ? do_raw_spin_unlock+0x13c/0x8b0
[  478.106827][T10542]  sctp_setsockopt+0x845/0x11c0
[  478.111677][T10542]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  478.117564][T10542]  do_sock_setsockopt+0x3af/0x720
[  478.122589][T10542]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  478.128136][T10542]  ? __fget_files+0x395/0x410
[  478.132831][T10542]  ? __fget_files+0x2a/0x410
[  478.137423][T10542]  __x64_sys_setsockopt+0x1ee/0x280
[  478.142622][T10542]  do_syscall_64+0xf3/0x230
[  478.147119][T10542]  ? clear_bhb_loop+0x35/0x90
[  478.151839][T10542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.157754][T10542] RIP: 0033:0x7f570597e819
[  478.162189][T10542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.181815][T10542] RSP: 002b:00007f570678c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  478.190236][T10542] RAX: ffffffffffffffda RBX: 00007f5705b35fa0 RCX: 00007f570597e819
[  478.198214][T10542] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003
[  478.206183][T10542] RBP: 00007f570678c090 R08: 0000000000000008 R09: 0000000000000000
[  478.214152][T10542] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[  478.222119][T10542] R13: 0000000000000000 R14: 00007f5705b35fa0 R15: 00007ffec46ed618
[  478.230099][T10542]  </TASK>
[  478.364679][ T5884] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  478.525191][ T5884] usb 2-1: Using ep0 maxpacket: 16
[  478.546281][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  478.591610][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[  479.364902][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[  479.376160][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[  479.387396][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  479.605421][ T5884] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  479.614905][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.616215][ T5919] usb 1-1: USB disconnect, device number 32
[  479.622929][ T5884] usb 2-1: Product: syz
[  479.635999][  T970] vhci_hcd: vhci_device speed not set
[  479.661992][ T5884] usb 2-1: Manufacturer: syz
[  479.693786][ T5884] usb 2-1: SerialNumber: syz
[  479.745154][ T5884] usb 2-1: config 0 descriptor??
[  479.966194][ T5884] appledisplay 2-1:0.0: Error while getting initial brightness: -71
[  480.010440][ T5884] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -71
[  480.073231][ T5884] usb 2-1: USB disconnect, device number 40
[  480.309358][ T5923] usb 4-1: new low-speed USB device number 40 using dummy_hcd
[  480.368422][ T5885] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  480.376909][ T5885] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  480.425235][ T5843] Bluetooth: hci0: command 0x0406 tx timeout
[  480.463389][ T5835] ==================================================================
[  480.471486][ T5835] BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  480.480180][ T5835] Read of size 8 at addr ffff888032c70c18 by task kworker/u9:2/5835
[  480.488164][ T5835] 
[  480.490491][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: kworker/u9:2 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  480.501037][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  480.511108][ T5835] Workqueue: hci0 hci_cmd_sync_work
[  480.516338][ T5835] Call Trace:
[  480.519980][ T5835]  <TASK>
[  480.522916][ T5835]  dump_stack_lvl+0x241/0x360
[  480.527582][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  480.532776][ T5835]  ? __pfx__printk+0x10/0x10
[  480.537359][ T5835]  ? _printk+0xd5/0x120
[  480.541515][ T5835]  ? __virt_addr_valid+0x183/0x530
[  480.546619][ T5835]  ? __virt_addr_valid+0x183/0x530
[  480.551732][ T5835]  print_report+0x169/0x550
[  480.556224][ T5835]  ? __virt_addr_valid+0x183/0x530
[  480.561324][ T5835]  ? __virt_addr_valid+0x183/0x530
[  480.566428][ T5835]  ? __virt_addr_valid+0x45f/0x530
[  480.571551][ T5835]  ? __phys_addr+0xba/0x170
[  480.576071][ T5835]  ? mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  480.581988][ T5835]  kasan_report+0x143/0x180
[  480.586686][ T5835]  ? mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  480.592597][ T5835]  mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  480.598331][ T5835]  ? __pfx_mgmt_remove_adv_monitor_sync+0x10/0x10
[  480.604762][ T5835]  hci_cmd_sync_work+0x22b/0x400
[  480.609717][ T5835]  ? process_scheduled_works+0x976/0x1850
[  480.614860][ T5923] usb 4-1: device descriptor read/64, error -71
[  480.615446][ T5835]  process_scheduled_works+0xa63/0x1850
[  480.627245][ T5835]  ? __pfx_process_scheduled_works+0x10/0x10
[  480.633247][ T5835]  ? assign_work+0x364/0x3d0
[  480.637865][ T5835]  worker_thread+0x870/0xd30
[  480.642480][ T5835]  ? __kthread_parkme+0x169/0x1d0
[  480.647530][ T5835]  ? __pfx_worker_thread+0x10/0x10
[  480.652660][ T5835]  kthread+0x2f0/0x390
[  480.656742][ T5835]  ? __pfx_worker_thread+0x10/0x10
[  480.661871][ T5835]  ? __pfx_kthread+0x10/0x10
[  480.666481][ T5835]  ret_from_fork+0x4b/0x80
[  480.670913][ T5835]  ? __pfx_kthread+0x10/0x10
[  480.675516][ T5835]  ret_from_fork_asm+0x1a/0x30
[  480.680312][ T5835]  </TASK>
[  480.683339][ T5835] 
[  480.685668][ T5835] Allocated by task 10550:
[  480.690094][ T5835]  kasan_save_track+0x3f/0x80
[  480.694784][ T5835]  __kasan_kmalloc+0x98/0xb0
[  480.699412][ T5835]  __kmalloc_cache_noprof+0x19c/0x2c0
[  480.704804][ T5835]  mgmt_pending_new+0x65/0x250
[  480.709582][ T5835]  mgmt_pending_add+0x36/0x120
[  480.714358][ T5835]  remove_adv_monitor+0x102/0x1b0
[  480.719396][ T5835]  hci_mgmt_cmd+0xc47/0x11d0
[  480.724000][ T5835]  hci_sock_sendmsg+0x7b8/0x11c0
[  480.728955][ T5835]  __sock_sendmsg+0x221/0x270
[  480.733651][ T5835]  sock_write_iter+0x2d7/0x3f0
[  480.738437][ T5835]  vfs_write+0xaeb/0xd30
[  480.742690][ T5835]  ksys_write+0x18f/0x2b0
[  480.747033][ T5835]  do_syscall_64+0xf3/0x230
[  480.751546][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.757456][ T5835] 
[  480.759781][ T5835] Freed by task 5885:
[  480.763760][ T5835]  kasan_save_track+0x3f/0x80
[  480.768454][ T5835]  kasan_save_free_info+0x40/0x50
[  480.773489][ T5835]  __kasan_slab_free+0x59/0x70
[  480.778269][ T5835]  kfree+0x1a0/0x440
[  480.782189][ T5835]  mgmt_pending_foreach+0xd1/0x130
[  480.787321][ T5835]  __mgmt_power_off+0x183/0x430
[  480.792968][ T5835]  hci_dev_close_sync+0x6c4/0x11c0
[  480.798120][ T5835]  hci_dev_do_close+0x30/0x90
[  480.802812][ T5835]  hci_rfkill_set_block+0x232/0x300
[  480.808716][ T5835]  rfkill_set_block+0x1f1/0x440
[  480.813595][ T5835]  rfkill_epo+0x84/0x180
[  480.817858][ T5835]  rfkill_op_handler+0x121/0x280
[  480.822811][ T5835]  process_scheduled_works+0xa63/0x1850
[  480.828378][ T5835]  worker_thread+0x870/0xd30
[  480.832987][ T5835]  kthread+0x2f0/0x390
[  480.837065][ T5835]  ret_from_fork+0x4b/0x80
[  480.841487][ T5835]  ret_from_fork_asm+0x1a/0x30
[  480.846272][ T5835] 
[  480.848609][ T5835] The buggy address belongs to the object at ffff888032c70c00
[  480.848609][ T5835]  which belongs to the cache kmalloc-96 of size 96
[  480.862500][ T5835] The buggy address is located 24 bytes inside of
[  480.862500][ T5835]  freed 96-byte region [ffff888032c70c00, ffff888032c70c60)
[  480.876137][ T5835] 
[  480.878469][ T5835] The buggy address belongs to the physical page:
[  480.884891][ T5835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32c70
[  480.893660][ T5835] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  480.900789][ T5835] page_type: f5(slab)
[  480.904787][ T5835] raw: 00fff00000000000 ffff88801ac41280 dead000000000100 dead000000000122
[  480.913384][ T5835] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000
[  480.921972][ T5835] page dumped because: kasan: bad access detected
[  480.928402][ T5835] page_owner tracks the page as allocated
[  480.934125][ T5835] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 78, tgid 78 (kworker/u8:5), ts 64130822403, free_ts 63997145056
[  480.953066][ T5835]  post_alloc_hook+0x1f3/0x230
[  480.957846][ T5835]  get_page_from_freelist+0x363e/0x3790
[  480.963404][ T5835]  __alloc_pages_noprof+0x292/0x710
[  480.967925][ T5923] usb 4-1: new low-speed USB device number 41 using dummy_hcd
[  480.968606][ T5835]  alloc_pages_mpol_noprof+0x3e8/0x680
[  480.981520][ T5835]  alloc_slab_page+0x6a/0x140
[  480.986216][ T5835]  allocate_slab+0x5a/0x2f0
[  480.990733][ T5835]  ___slab_alloc+0xcd1/0x14b0
[  480.995420][ T5835]  __slab_alloc+0x58/0xa0
[  480.999763][ T5835]  __kmalloc_cache_noprof+0x1d5/0x2c0
[  481.005156][ T5835]  dst_cow_metrics_generic+0x56/0x1c0
[  481.010551][ T5835]  icmp6_dst_alloc+0x270/0x420
[  481.015331][ T5835]  ndisc_send_skb+0x316/0x1450
[  481.020108][ T5835]  ndisc_send_ns+0xcc/0x160
[  481.024628][ T5835]  addrconf_dad_work+0xb45/0x16f0
[  481.029665][ T5835]  process_scheduled_works+0xa63/0x1850
[  481.035316][ T5835]  worker_thread+0x870/0xd30
[  481.039923][ T5835] page last free pid 5837 tgid 5837 stack trace:
[  481.046254][ T5835]  free_unref_page+0xded/0x1130
[  481.051124][ T5835]  __put_partials+0xeb/0x130
[  481.055725][ T5835]  put_cpu_partial+0x17c/0x250
[  481.060499][ T5835]  __slab_free+0x2ea/0x3d0
[  481.064928][ T5835]  qlist_free_all+0x9a/0x140
[  481.069534][ T5835]  kasan_quarantine_reduce+0x14f/0x170
[  481.075008][ T5835]  __kasan_slab_alloc+0x23/0x80
[  481.079872][ T5835]  __kmalloc_cache_noprof+0x132/0x2c0
[  481.085267][ T5835]  netdevice_event+0x37d/0x950
[  481.090056][ T5835]  notifier_call_chain+0x19f/0x3e0
[  481.095182][ T5835]  __dev_notify_flags+0x207/0x400
[  481.100219][ T5835]  dev_change_flags+0xf0/0x1a0
[  481.105000][ T5835]  do_setlink+0xc90/0x4210
[  481.109432][ T5835]  rtnl_newlink+0x171c/0x24f0
[  481.114123][ T5835]  rtnetlink_rcv_msg+0x791/0xcf0
[  481.119078][ T5835]  netlink_rcv_skb+0x1e3/0x430
[  481.123855][ T5835] 
[  481.126188][ T5835] Memory state around the buggy address:
[  481.131822][ T5835]  ffff888032c70b00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  481.139898][ T5835]  ffff888032c70b80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  481.147971][ T5835] >ffff888032c70c00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  481.156032][ T5835]                             ^
[  481.160919][ T5835]  ffff888032c70c80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  481.168289][ T5923] usb 4-1: device descriptor read/64, error -71
[  481.168973][ T5835]  ffff888032c70d00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  481.183265][ T5835] ==================================================================
[  481.191451][    C0] vkms_vblank_simulate: vblank timer overrun
[  481.248261][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  481.255499][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: kworker/u9:2 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
[  481.266010][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  481.276076][ T5835] Workqueue: hci0 hci_cmd_sync_work
[  481.281303][ T5835] Call Trace:
[  481.284594][ T5835]  <TASK>
[  481.287537][ T5835]  dump_stack_lvl+0x241/0x360
[  481.292232][ T5835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.297452][ T5835]  ? __pfx__printk+0x10/0x10
[  481.302099][ T5835]  ? preempt_schedule+0xe1/0xf0
[  481.306975][ T5835]  ? vscnprintf+0x5d/0x90
[  481.311323][ T5835]  panic+0x349/0x880
[  481.315240][ T5835]  ? check_panic_on_warn+0x21/0xb0
[  481.320374][ T5835]  ? __pfx_panic+0x10/0x10
[  481.324819][ T5835]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  481.330818][ T5835]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.337169][ T5835]  ? print_report+0x502/0x550
[  481.341869][ T5835]  check_panic_on_warn+0x86/0xb0
[  481.346821][ T5835]  ? mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  481.352713][ T5835]  end_report+0x77/0x160
[  481.356953][ T5835]  kasan_report+0x154/0x180
[  481.361452][ T5835]  ? mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  481.367340][ T5835]  mgmt_remove_adv_monitor_sync+0x3a/0xd0
[  481.373050][ T5835]  ? __pfx_mgmt_remove_adv_monitor_sync+0x10/0x10
[  481.379455][ T5835]  hci_cmd_sync_work+0x22b/0x400
[  481.384390][ T5835]  ? process_scheduled_works+0x976/0x1850
[  481.390105][ T5835]  process_scheduled_works+0xa63/0x1850
[  481.395655][ T5835]  ? __pfx_process_scheduled_works+0x10/0x10
[  481.401633][ T5835]  ? assign_work+0x364/0x3d0
[  481.406220][ T5835]  worker_thread+0x870/0xd30
[  481.410823][ T5835]  ? __kthread_parkme+0x169/0x1d0
[  481.415844][ T5835]  ? __pfx_worker_thread+0x10/0x10
[  481.420947][ T5835]  kthread+0x2f0/0x390
[  481.425023][ T5835]  ? __pfx_worker_thread+0x10/0x10
[  481.430128][ T5835]  ? __pfx_kthread+0x10/0x10
[  481.434708][ T5835]  ret_from_fork+0x4b/0x80
[  481.439136][ T5835]  ? __pfx_kthread+0x10/0x10
[  481.443715][ T5835]  ret_from_fork_asm+0x1a/0x30
[  481.448475][ T5835]  </TASK>
[  481.451740][ T5835] Kernel Offset: disabled
[  481.456143][ T5835] Rebooting in 86400 seconds..