last executing test programs:

3m54.489150682s ago: executing program 2 (id=114):
mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000c00)=0xc, 0x6, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = add_key$keyring(&(0x7f0000000240), 0x0, 0x0, 0x0, 0xffffffffffffffff)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x17, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40000}, {0x85, 0x0, 0x0, 0x86}}, {}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x2, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x4d}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000000)={0x18})
add_key(0x0, 0x0, &(0x7f0000000000)="308002", 0x3, r0)
lchown(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000004bc0)=""/4094, 0xffe}], 0x1, 0x5, 0x4780d367)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, r0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_usb_connect(0x3, 0x3b9, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000041914140f30c75932efd010203010902a70301ab00000209046d000c3fdae20009050402ff"], 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2}, {0x0, [0x0]}}, &(0x7f0000001f80)=""/226, 0x26, 0x81, 0x2}, 0x20)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400"], 0x54}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r4, &(0x7f0000001640)=[{{&(0x7f0000000440)=@hci, 0x80, &(0x7f0000000500)=[{&(0x7f0000000580)=""/93, 0x5d}, {0x0}, {&(0x7f00000002c0)=""/22, 0x16}], 0x3}, 0x80000000}, {{&(0x7f0000000600)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000680)=""/219, 0xdb}, {&(0x7f0000000780)=""/205, 0xcd}, {&(0x7f0000000880)=""/171, 0xab}, {&(0x7f0000000940)=""/7, 0x7}, {&(0x7f0000000980)=""/234, 0xea}, {&(0x7f0000000a80)=""/251, 0xfb}], 0x6, &(0x7f0000000c00)=""/17, 0x11}, 0xe0}, {{&(0x7f0000000c40)=@un=@abs, 0x80, &(0x7f0000000d00)=[{&(0x7f0000000cc0)=""/5, 0x5}, {&(0x7f0000002d00)=""/4096, 0x1000}], 0x2, &(0x7f0000000d40)=""/204, 0xcc}, 0x1800000}, {{&(0x7f0000000e40)=@rc, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000ec0)=""/32, 0x20}, {&(0x7f0000000f00)=""/224, 0xe0}, {&(0x7f0000001000)=""/154, 0x9a}], 0x3, &(0x7f0000001100)=""/4, 0x4}, 0x8000}, {{&(0x7f0000001140)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000001540)=[{&(0x7f00000011c0)=""/43, 0x2b}, {&(0x7f0000005bc0)=""/4096, 0x1000}, {&(0x7f0000001200)=""/213, 0xd5}, {&(0x7f0000001300)=""/230, 0xe6}, {&(0x7f0000006bc0)=""/4096, 0x1000}, {&(0x7f0000001400)=""/55, 0x37}, {&(0x7f0000001440)=""/18, 0x12}, {&(0x7f0000001480)=""/79, 0x4f}, {&(0x7f0000001500)=""/30, 0x1e}], 0x9, &(0x7f0000001600)=""/21, 0x15}, 0x1}], 0x5, 0x40002002, &(0x7f0000001780))
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r5, 0x8000000000000003, {}, 0xfd}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x480c5)
close(0xffffffffffffffff)

3m50.596947838s ago: executing program 2 (id=120):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000018c0), r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x44, 0xb, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x48}, 0x4800)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000004c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000ffdbdf2509000000640003800800010001000000080003000400000014000200"], 0x78}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

3m49.567133208s ago: executing program 0 (id=122):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000340)={'tunl0\x00', 0x0, 0x91, 0x0, 0x9, 0x3, {{0x5, 0x4, 0x2, 0x7, 0x14, 0x64, 0x0, 0x7f, 0x993ecff8f5a0c73b, 0x0, @multicast2, @multicast2}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = timerfd_create(0x7, 0x0)
timerfd_settime(r3, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0)
readv(r3, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x1277, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x0, 0x2, 0x19, 0x1, "4b8b3ea40100dfed0b2f3409000000dd5a9601040049918ae7fd1f0ececfe0f4fcdf997dd52115394d4d0008000000000000020000000000000000000000eaff", "0900000010000040f35b38a3aa2000", [0x901, 0xb]})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@struct={0x3, 0x1, 0x0, 0xf, 0x0, 0x10178, [{0x3, 0xfffffffd, 0x5}]}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f00000006c0)=""/262, 0x35, 0x106, 0x9}, 0x28)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r5}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa11f3d4302a834, 0x13, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe, 0x0, &(0x7f00000002c0)="00001a000000002ac7b04b1b980f", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfd}, 0x4c)
lchown(0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xd, 0xc0, 0x81, '\x00', 0x7ff})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @pic={0x7f, 0x1, 0x0, 0x0, 0x5, 0x4, 0xc0, 0x3d, 0x0, 0x4, 0x9, 0x6, 0xd, 0x1, 0x1, 0x6}})
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
setreuid(0xee01, 0xee00)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x54}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32, @ANYBLOB="40005200060010"], 0x24}, 0x1, 0x0, 0x0, 0x4004810}, 0x0)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000800)="390000fa461a668300111200cc0800000000", 0x12}], 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r7])

3m49.4384295s ago: executing program 2 (id=124):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')

3m47.368389401s ago: executing program 2 (id=127):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
umount2(&(0x7f0000000340)='./file0/file0\x00', 0x8)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x10, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00')
io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd4})
open_tree(r0, &(0x7f0000000080)='./file0\x00', 0x1100)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
umount2(&(0x7f0000000040)='.\x00', 0x2)

3m46.751803994s ago: executing program 0 (id=131):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000021c0)=@delchain={0x224, 0x65, 0x2, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xf}}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1e8, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x1d8, 0x1, [@m_simple={0x3c, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0xd, 0x6, "e806000000dc493fe8"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0xe8, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0xb9, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bfb320865cee27f05adfbc7dae04880a34e7bf775010128401ec5a80f551da79136f2a4ff74f3588c03c976e1c54366c6747dbbdd2e1e0d6da659b84a2ea14191b4223d2b6eeb465498ad518ee2114b5e4ab0d52289fe809788321e04d9b1d9f82a03fbb49229585f49ce943954da5ad28e25a9ba91b24d4c96612e2188dd3fa1dea6994033514d8f93add809a6ee955d65ac8c2ae97714a5c600000"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xb0, 0x15, 0x0, 0x0, {{0xd}, {0x58, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x200, 0x8, 0x4, 0x8, 0x8}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd429, 0xc98, 0x3, 0x400, 0x7}, 0x7}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x1, 0x8, 0x8, 0x3}, 0x6}}]}, {0x29, 0x6, "6ce70dee9964d94e2b0cbf2aec388b33a3673bf09b4f0134e07213d2e4321fcc1e10ff0baa"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}}]}, 0x224}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) (fail_nth: 1)

3m45.541775495s ago: executing program 0 (id=132):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
epoll_create(0x401)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_usb_disconnect(r0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
link(&(0x7f0000000140)='.\x00', 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, 0x0, 0x4000000)
close(0xffffffffffffffff)
r3 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
close_range(r3, 0xffffffffffffffff, 0x0)

3m45.507213206s ago: executing program 2 (id=134):
socket$inet6_udplite(0xa, 0x2, 0x88)
epoll_create1(0x0)
r0 = syz_io_uring_setup(0x5e48, &(0x7f0000000180)={0x0, 0x0, 0x10100, 0x0, 0xfffffffc}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x34}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={0x0, 0x4}, 0x8)
write$UHID_CREATE2(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1d"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000))
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r4}})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

3m43.648816422s ago: executing program 2 (id=137):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')

3m41.842043553s ago: executing program 32 (id=137):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')

3m40.236055911s ago: executing program 0 (id=145):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
umount2(&(0x7f0000000340)='./file0/file0\x00', 0x8)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x10, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/route\x00')
io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0x20c8a1, 0x1c881, 0x8, 0xd4})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
umount2(&(0x7f0000000040)='.\x00', 0x2)

3m39.867073544s ago: executing program 0 (id=146):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f00000003c0)={0xe8, "874638d2aff12728c383c20d8367ba5618358cdeb0dbc169aa638ee1c12178e3f77b9257f45fa19ea419750b4a84bdf51aee0a62ce0482bed49ad87e5d9f33b9076eb6cf40f03442d90d54f1044081737cb0a7c026240943dd346811de79d5744d6648d48ae0697531d31081e2138f03d817289b6c050f91113e998ef6e4dd61a10ffa05e4dbf5e8a060e4ac9e652b49523acd99a00da6780aa9cd2931bb565430e90c1c73321f2f5b6372c830667454878bdfc06905171b9c0fc6fa6b8348e6031408308f615422aa9d5dbd7339bd91655027e7b806903858032025c8f6d0ee6b60c135abf66a70"})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004b40)={0x0}, 0x1, 0x0, 0x0, 0x40000c0}, 0x400c854)
r4 = io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0x23d4, 0x800, 0x3, 0x87})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000000200)={0x2020, 0x0, <r6=>0x0}, 0x2020)
open(&(0x7f0000002280)='./file1\x00', 0x400, 0x10)
write$FUSE_INIT(r5, &(0x7f0000002300)={0x50, 0x0, r6, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r5, &(0x7f0000004580)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r5, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r7}, 0x10)
r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r8, r5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r9 = getpid()
getpriority(0x1, r9)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f0000000000), 0x8)
setsockopt$packet_fanout(r10, 0x107, 0x12, &(0x7f00000000c0)={0x4, 0x2}, 0x4)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

3m38.519704768s ago: executing program 0 (id=153):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffeb)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4054, &(0x7f0000000100)={0xa, 0x4e25, 0xb, @loopback, 0xc5f}, 0x1c)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,')
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000006c0)="9b468da99267a99aed5f6b48ad03b7c825ecb32adffc80ff47af98a3741169ea2fcaa8de0120079173a79cbc6b3e4ef87d968b9bfd", 0x35}], 0x1, &(0x7f00000013c0)=[{0x10, 0x13, 0x7}], 0x10}}], 0x1, 0x404c041)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3m37.262174279s ago: executing program 33 (id=153):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffeb)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4054, &(0x7f0000000100)={0xa, 0x4e25, 0xb, @loopback, 0xc5f}, 0x1c)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x9d, &(0x7f0000000300)='trans=rdma,')
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000006c0)="9b468da99267a99aed5f6b48ad03b7c825ecb32adffc80ff47af98a3741169ea2fcaa8de0120079173a79cbc6b3e4ef87d968b9bfd", 0x35}], 0x1, &(0x7f00000013c0)=[{0x10, 0x13, 0x7}], 0x10}}], 0x1, 0x404c041)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m40.736038029s ago: executing program 3 (id=264):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0xa976d97ba5fd819e, 0x0)

2m40.224939295s ago: executing program 3 (id=267):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0xb, &(0x7f0000000080)={0x0, 0x0, 0x2853}, &(0x7f00000000c0)=0x8)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r0, 0x1, 0x0)
fchdir(r2)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
setxattr$incfs_metadata(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x1)
r3 = syz_open_dev$audion(&(0x7f0000000040), 0x8, 0x430800)
r4 = getpid()
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x0)
setresuid(0x0, r5, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000100)=0xe8)
sendmsg$nl_netfilter(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4020080}, 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x2c4, 0x5, 0x2, 0x700, 0x70bd2b, 0x25dfdbfb, {0x5, 0x0, 0xa}, [@typed={0x8, 0xbc, 0x0, 0x0, @pid=r4}, @nested={0x129, 0x112, 0x0, 0x1, [@nested={0x4, 0xd}, @nested={0x4, 0x6b}, @generic="6db96bc29bf2e000c2e05492e9b607f89d27dd4ba1f4b27dbc3e1a3c0743d0843e890bdc95e787115e94414243db77780cb4d4dd47f837f18f2d5f2bccdd874b1ecdc54c360cb975c9a9079d68c7ea4a0e97019f3365494cb82de1da55f306c3ca835fe604ecd2f245a624134a36986807e75b51c42e5ec666e21cd46586f193c7ac06100220755da2d9f2a1cadcf85d0e3f2923c83bb41870f773f5eb0789ae0c6e4b39ba1382f578f336119c34c6", @nested={0x4, 0xea}, @generic="f2104f069e0ed905740780341645358acaf6ff58ee835ea2e70e93e2c78b2b8f948bce01629173f82d0feca38460550261c666fea92af9255304753c71b38400d06e6fa4f82b29026c3336cb4f804d03e4200e47a3ea", @typed={0x8, 0x8c, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @nested={0x4, 0x12a}, @typed={0x8, 0x7, 0x0, 0x0, @uid=r5}]}, @nested={0x132, 0x49, 0x0, 0x1, [@generic="751e8473e955ece9e578f38430fda30c18aca171b27dfd73832f76b254948c74a14b9b77f1124ea502374ddfe02e89a4e7e4335b1d0fd525506633f47c2e4de675d99f7edc09580685aecd4a19c571782cc86641018bb7cbe6", @typed={0x8, 0x12e, 0x0, 0x0, @fd=r2}, @typed={0x8, 0x110, 0x0, 0x0, @u32=0x200}, @nested={0x4, 0x150}, @generic="d63dde021237339322c4fa3e103d3d5f72b3d50d26f31b67cd8f8e11f2430fec784d919f9203f82824f324a2bcc0d1a6c5f4ebbfd7155e6bae3cebc82fbff70b5d19f80a8b32b56bc0b001c0409c25855535f928c12328f094ee4493f7fdeeb45beb008d7b8971ce1fbb132d7b280e4da3db442404e654d7e461b59966627b65ee8a5edaa9f68795aef167eeb7f0e6dc92bb6b38cc3ef3bce07d90669a14c0bab6661b9b3355e3", @generic="aff74e617ffd8d236eac70dc8387c972013326cc6b43", @typed={0x4, 0xaa9}]}, @typed={0x8, 0x103, 0x0, 0x0, @uid=r6}, @typed={0x18, 0x105, 0x0, 0x0, @str='user.incfs.metadata\x00'}, @generic, @generic="5fbb3124378d6371b345777fcfe914fe59fa232146aa7538305f6aab19035ed106bc7ae12e75364a"]}, 0x2c4}}, 0x40000)

2m39.484837024s ago: executing program 3 (id=269):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002500090122bd7000fcffff7f776414000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x40814}, 0x4094) (fail_nth: 2)

2m38.244712849s ago: executing program 3 (id=271):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffeb)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4054, &(0x7f0000000100)={0xa, 0x4e25, 0xb, @loopback, 0xc5f}, 0x1c)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1}], 0x1, 0x40800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000006c0)="9b468da99267a99aed5f6b48ad03b7c825ecb32adffc80ff47af98a3741169ea2fcaa8de0120079173a79cbc6b3e4ef87d968b9bfd", 0x35}], 0x1, &(0x7f00000013c0)=[{0x10, 0x13, 0x7}], 0x10}}], 0x1, 0x404c041)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m36.036742664s ago: executing program 3 (id=275):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x8, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x5, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x1ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6e, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771, 0x0, 0x0, 0xfffffffe], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x40, 0x0, 0x0, 0x200, 0x0, 0x0, 0x8000000, 0x40, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
write$uinput_user_dev(r0, &(0x7f0000000580)={'syz1\x00', {0x9, 0x8, 0x5, 0x2}, 0x2c, [0x5, 0x5, 0x1, 0x9, 0x3, 0x0, 0x5, 0x0, 0x7, 0xa34, 0x6, 0x7fffffff, 0x8, 0x18, 0xe, 0x7fff, 0x9, 0x7, 0x21a, 0x9, 0x3, 0x7fffffff, 0x1, 0xa, 0x5, 0xfffffffe, 0x9, 0x7, 0x400, 0x0, 0x3, 0x800, 0x5146, 0xffff, 0x2, 0x8, 0x6, 0x7fff, 0x8, 0xfffffffe, 0x0, 0x4, 0x9, 0x49, 0x7, 0x3, 0xfffffeab, 0x0, 0x2, 0x21, 0x6, 0x4, 0x5, 0x7fffffff, 0x8, 0xa, 0xc, 0x6, 0x6ffc, 0x200, 0x1, 0x4, 0x1, 0x1b0f], [0x0, 0x4, 0x20007fff, 0x7, 0x6, 0x6, 0x5, 0x10000, 0xa, 0x10, 0x2, 0x3, 0x8, 0x3, 0x8d8f, 0x8, 0x7, 0xff, 0x1, 0xffffffff, 0x3, 0x10, 0x1, 0x800, 0x2, 0xb, 0xe, 0x401, 0x1, 0x6, 0x401, 0x8000, 0x2, 0x2, 0x1, 0x8, 0x2, 0x100, 0x1, 0x73, 0x8, 0x0, 0xe, 0x4, 0x5, 0x2, 0x1076, 0x3, 0x9, 0x6e37663b, 0x7, 0x7, 0x3, 0x8, 0x0, 0x6, 0x6, 0x8000, 0x0, 0x5, 0x7, 0xa, 0x4, 0x1], [0x7510e92a, 0x80000001, 0x8118, 0x0, 0x2, 0x5344, 0x3, 0x5, 0x4, 0x3, 0x401, 0x4, 0x3, 0x986, 0x0, 0x7f, 0xf, 0x5, 0x9, 0x3, 0x10000, 0x5, 0x0, 0x4, 0x3, 0x75, 0x31fa, 0x4, 0x17, 0x4, 0x4, 0x0, 0x4, 0x5, 0x4, 0x7, 0x7e79, 0xedd1, 0x8, 0x0, 0x3, 0x8, 0xffff, 0x3, 0x200000, 0x6, 0x6, 0xfffffff7, 0x1000, 0x9, 0x1, 0x2, 0x0, 0x3, 0x4, 0xff, 0xc, 0x3ff, 0x6, 0xff, 0x25, 0x81, 0xffff7fff, 0x64], [0x16, 0x1, 0x2, 0x8000, 0x4, 0x5, 0x8, 0xfff, 0x3, 0x9, 0x0, 0x38, 0x4, 0x4, 0x2, 0x101, 0xa80, 0x8, 0x6, 0x6, 0xaf, 0xfffffff9, 0xa1d, 0x1c, 0x0, 0x5, 0x17, 0x40, 0x2, 0x4, 0x7, 0x0, 0x5, 0x10, 0x2, 0x2e6, 0xfff, 0x5, 0x6, 0x400, 0x6, 0x9, 0xa70110d2, 0x9, 0xffffffff, 0x1, 0x80000001, 0x80000001, 0x1, 0x1e, 0x2, 0xff, 0x80, 0x8, 0x2, 0x3168, 0xa, 0x1, 0x7e, 0x8, 0x0, 0x5, 0xc4312da, 0x4]}, 0x45c)

2m34.789899849s ago: executing program 3 (id=278):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f", 0x10}], 0x1}, 0x0)
r1 = syz_usb_connect$printer(0x6, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x18, 0x20, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x7, 0x1, 0x3, 0xfc, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x5, 0x81, 0x57}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0xbe, 0xff, 0x8}}]}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x53, 0x5, 0x2a, 0x40, 0xcb}, 0x47, &(0x7f0000000180)={0x5, 0xf, 0x47, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x3, 0x6, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x18, 0x6, 0x3, 0xf, 0x401, [0xc0, 0x3fcf, 0xff3ff0, 0xff00c0, 0xff0f, 0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x4, 0x0, 0xfff8}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x4, 0x8, 0xfc}]}, 0x4, [{0x56, &(0x7f0000000200)=@string={0x56, 0x3, "2a44100b54103a616336c44e53715b0e66433967cd9c0244056c4b04159f29dede9aa51e399876cbc689f36be7e75422e55cf9eb4e94422f57a5dc5283af88005829621a248cbf7ef451856f07a7f767d13a74e2"}}, {0xd4, &(0x7f0000000280)=@string={0xd4, 0x3, "e134c305758e571c8e8282685dec1959e19d0e9f328dda979c35685cedfbf791589cde45f277b4e79d61c38c3c02ccf52c3558aeffe329627094683834881f0b68d3c089d3f6a9a7fddf07a4178210d64eaa7ca8bdcd8d402b9b48777be1ab4a55d588bfe12a18c78c57a00ad8320dbcf55b65467f2bf3e6968749dc5a908e7b12ba954f1ffce8239ccbe66e3aeec99c695e811b69eeb9c99ee14c489e02829215c71436f21b5b0eb2772c2576c64f8f52a4ebdd68008594c44f5d16f41527809e894cc0e6538511f442b98913cd0d1f78ae"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2001}}, {0x4f, &(0x7f00000003c0)=@string={0x4f, 0x3, "30077347c74c344a2c4711c9ac4a2821599ede58ee1c066ccca7547a07a7f68591ab841679737afcd3a5cc0983b42c3712759b53622e21ac6840cda44038ca169576d69613fad4296387adf7e2"}}]})
syz_usb_control_io$printer(r1, &(0x7f00000005c0)={0x14, &(0x7f00000004c0)={0x20, 0xc, 0x82, {0x82, 0x10, "53dd39014c226bdcc55e8f23375f6b044d6de965f2e2872f1bd4bf8e226269da3598dee91913c4014c5504533c71a833ced9927393d6f3eef01191939345ab37d858c32619c03fea3b7e15ee154f5c3e2cf6006a6dfff5a6e6a8f64cc6aa3e8f3aca92432573b280c1c38265bde36bf4041f607e9b8ce3113b63a73f677d2ffc"}}, &(0x7f0000000580)={0x0, 0x3, 0x12, @string={0x12, 0x3, "b3303a9435b095dbf380cf2227dfd64c"}}}, &(0x7f0000000840)={0x34, &(0x7f0000000640)={0x40, 0xb, 0x56, "d8cc49d675e8ac0b72447b552f22f268e970cc334da66842df00844b25d43f66b3ad4b27940ec2a54bb801daa2e6e57ab038c84f4500da70c6ee9304af77e058ce7925c2086aab82dadee9502deca15d9dee40104adc"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000740)={0x20, 0x0, 0x5a, {0x58, "ced55004e31e69776af97f4073f14bcd06868b099ae0e6b100085bd4164b34906316aab1e5ec439384f843fab0d3a07ee3dfebd9a6108fbcd48a04eb73d133e388457b30a76ec3145a8f1b45f598983b623f5186e3c57760"}}, &(0x7f00000007c0)={0x20, 0x1, 0x1, 0x62}, &(0x7f0000000800)={0x20, 0x0, 0x1, 0x4}})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
fallocate(r2, 0x0, 0x778, 0x8)

2m19.626933907s ago: executing program 34 (id=278):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f", 0x10}], 0x1}, 0x0)
r1 = syz_usb_connect$printer(0x6, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x18, 0x20, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x7, 0x1, 0x3, 0xfc, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x5, 0x81, 0x57}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0xbe, 0xff, 0x8}}]}}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x53, 0x5, 0x2a, 0x40, 0xcb}, 0x47, &(0x7f0000000180)={0x5, 0xf, 0x47, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x3, 0x6, 0x7}, @ssp_cap={0x24, 0x10, 0xa, 0x18, 0x6, 0x3, 0xf, 0x401, [0xc0, 0x3fcf, 0xff3ff0, 0xff00c0, 0xff0f, 0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x4, 0x0, 0xfff8}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x4, 0x8, 0xfc}]}, 0x4, [{0x56, &(0x7f0000000200)=@string={0x56, 0x3, "2a44100b54103a616336c44e53715b0e66433967cd9c0244056c4b04159f29dede9aa51e399876cbc689f36be7e75422e55cf9eb4e94422f57a5dc5283af88005829621a248cbf7ef451856f07a7f767d13a74e2"}}, {0xd4, &(0x7f0000000280)=@string={0xd4, 0x3, "e134c305758e571c8e8282685dec1959e19d0e9f328dda979c35685cedfbf791589cde45f277b4e79d61c38c3c02ccf52c3558aeffe329627094683834881f0b68d3c089d3f6a9a7fddf07a4178210d64eaa7ca8bdcd8d402b9b48777be1ab4a55d588bfe12a18c78c57a00ad8320dbcf55b65467f2bf3e6968749dc5a908e7b12ba954f1ffce8239ccbe66e3aeec99c695e811b69eeb9c99ee14c489e02829215c71436f21b5b0eb2772c2576c64f8f52a4ebdd68008594c44f5d16f41527809e894cc0e6538511f442b98913cd0d1f78ae"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x2001}}, {0x4f, &(0x7f00000003c0)=@string={0x4f, 0x3, "30077347c74c344a2c4711c9ac4a2821599ede58ee1c066ccca7547a07a7f68591ab841679737afcd3a5cc0983b42c3712759b53622e21ac6840cda44038ca169576d69613fad4296387adf7e2"}}]})
syz_usb_control_io$printer(r1, &(0x7f00000005c0)={0x14, &(0x7f00000004c0)={0x20, 0xc, 0x82, {0x82, 0x10, "53dd39014c226bdcc55e8f23375f6b044d6de965f2e2872f1bd4bf8e226269da3598dee91913c4014c5504533c71a833ced9927393d6f3eef01191939345ab37d858c32619c03fea3b7e15ee154f5c3e2cf6006a6dfff5a6e6a8f64cc6aa3e8f3aca92432573b280c1c38265bde36bf4041f607e9b8ce3113b63a73f677d2ffc"}}, &(0x7f0000000580)={0x0, 0x3, 0x12, @string={0x12, 0x3, "b3303a9435b095dbf380cf2227dfd64c"}}}, &(0x7f0000000840)={0x34, &(0x7f0000000640)={0x40, 0xb, 0x56, "d8cc49d675e8ac0b72447b552f22f268e970cc334da66842df00844b25d43f66b3ad4b27940ec2a54bb801daa2e6e57ab038c84f4500da70c6ee9304af77e058ce7925c2086aab82dadee9502deca15d9dee40104adc"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000740)={0x20, 0x0, 0x5a, {0x58, "ced55004e31e69776af97f4073f14bcd06868b099ae0e6b100085bd4164b34906316aab1e5ec439384f843fab0d3a07ee3dfebd9a6108fbcd48a04eb73d133e388457b30a76ec3145a8f1b45f598983b623f5186e3c57760"}}, &(0x7f00000007c0)={0x20, 0x1, 0x1, 0x62}, &(0x7f0000000800)={0x20, 0x0, 0x1, 0x4}})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
fallocate(r2, 0x0, 0x778, 0x8)

6.766916282s ago: executing program 1 (id=490):
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)=@hci, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/15, 0xf}, {&(0x7f0000000200)=""/42, 0x2a}, {&(0x7f0000000440)=""/118, 0x76}, {&(0x7f00000006c0)=""/198, 0xc6}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000000280)=""/35, 0x23}], 0x6, &(0x7f00000007c0)=""/140, 0x8c}, 0x2000)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg(r0, &(0x7f000000bb80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000400)='P', 0x1}], 0x1, &(0x7f0000000100)=ANY=[], 0x10}}], 0x1, 0x4004000)

6.572778245s ago: executing program 1 (id=491):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
socket$kcm(0xa, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknod(&(0x7f0000000240)='./file0\x00', 0x8001420, 0x1)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x126)
mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$IOCTL_GET_NUM_DEVICES(0xffffffffffffffff, 0x40046104, 0x0)
open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'vlan0\x00', @random='\x00\a\x00'})
syz_io_uring_setup(0x24fd, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x169142, 0x0)
fchown(r4, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index})
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r7 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd733, 0x80, 0x3, 0xbffffffa}, &(0x7f00000003c0)=<r8=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)

5.462721974s ago: executing program 1 (id=493):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
socket(0x2d, 0x2, 0x0)
close(0x3)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, 0xffffffffffffffff, 0x852ac000)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000080)=0x3fd6, 0x4)
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x14, 0x400, 0x0, 0xffffffff, {0x11, 0x9}}, 0x14}}, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000080)=0x9fa, 0x4)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8923, &(0x7f00000007c0)={'netdevsim0\x00', @broadcast})

4.287483376s ago: executing program 4 (id=494):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="12000000070000", @ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x1000400, &(0x7f0000000600)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@inode64}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x33]}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
readv(r3, 0x0, 0x0)

3.916734128s ago: executing program 1 (id=495):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x100, 0x0)
ptrace$peekuser(0x3, r0, 0x7ff)
mq_notify(r3, &(0x7f0000000000)={0x110c230000, 0x3, 0x2})
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000300)={0x54, 0x2000, 0x8, {0x0, 0x1}, {0x74, 0x2}, @const={0x0, {0x0, 0x3400}}})
r4 = syz_open_dev$evdev(&(0x7f0000000080), 0xffffffffffffffff, 0x802b01)
ioctl$EVIOCSMASK(r4, 0x40104593, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000340)="e76b64859fd877f2"})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_opts(r5, 0x84, 0x7, 0xfffffffffffffffe, &(0x7f0000000000)=0xff49)
write$char_usb(r4, &(0x7f0000000040)="e2", 0xff0f)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2000000076000d0b00400000000010000300ecffff08000008000a"], 0x20}}, 0x0)

2.302197478s ago: executing program 4 (id=496):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01022ebf7000fedbdf25280000000a0001007770616e30000000bb2f96973b9b06e7dcd60add8345381a884c3f8e08693b2bf664f8870416ead3c2dd385fb939bf40a12984057224f5941911e0a3afeca983cfba84c6d51e9fcb2e55808413597c795f1f747b6cf95e343d2b5545cf2d5e51f6e4626b604c"], 0x20}, 0x1, 0x0, 0x0, 0x4002080}, 0x4000)

2.183380813s ago: executing program 4 (id=497):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffffeb)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4054, &(0x7f0000000100)={0xa, 0x4e25, 0xb, @loopback, 0xc5f}, 0x1c)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926", 0x20}], 0x1}], 0x1, 0x40800)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000006c0)="9b468da99267a99aed5f6b48ad03b7c825ecb32adffc80ff47af98a3741169ea2fcaa8de0120079173a79cbc6b3e4ef87d968b9bfd", 0x35}], 0x1, &(0x7f00000013c0)=[{0x10, 0x13, 0x7}], 0x10}}], 0x1, 0x404c041)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.992864105s ago: executing program 4 (id=498):
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x6, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x2, 0x1})
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000300)=@hci, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/15, 0xf}, {&(0x7f0000000200)=""/42, 0x2a}, {&(0x7f0000000440)=""/118, 0x76}, {&(0x7f00000006c0)=""/198, 0xc6}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000000280)=""/35, 0x23}], 0x6, &(0x7f00000007c0)=""/140, 0x8c}, 0x2000)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg(r0, &(0x7f000000bb80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000400)='P', 0x1}], 0x1, &(0x7f0000000100)=ANY=[], 0x10}}], 0x1, 0x4004000)

1.960590851s ago: executing program 4 (id=499):
socket$inet6(0xa, 0x3, 0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0x80085665, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@ipv4_newrule={0x24, 0x20, 0x301, 0xfffffffc, 0x25dfdbfe, {0x2, 0x0, 0x10, 0x0, 0x9, 0x0, 0x0, 0x7, 0xf}, [@FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xa}}]}, 0x24}}, 0x44004)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
r4 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x41, 0x40000337}, &(0x7f0000000dc0)=<r5=>0x0, &(0x7f0000000a40)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{0x0}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x3, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

754.464595ms ago: executing program 1 (id=500):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000300)={0x0, 0x0, r4, <r5=>0x0})
socket$inet6_tcp(0xa, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r6, &(0x7f0000000340)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0202}}}, 0x14)
ioctl$DRM_IOCTL_MODE_GETFB(r2, 0xc01c64ad, &(0x7f0000000040)={r5})
sendmsg$nl_route_sched(r0, 0x0, 0x20000050)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

304.728148ms ago: executing program 1 (id=501):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x48, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet6(0xa, 0x80001, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20001800}, 0xc, &(0x7f0000000440)={&(0x7f0000000700)=ANY=[@ANYRESOCT=r1, @ANYRES16=0x0, @ANYBLOB="200028bd7000fddbdf2545000000080001007063690011000200303030303a30303a31302e300000000008008e00010000000e0001006e657464657673696d0000000f0002006e657464657673696d", @ANYRESHEX=r1, @ANYBLOB="30f78e721ab8f903152000872c8d4e7787b3ab39c3f0a033b6f5ee8e502924581fca05a000dd768d22e577ade8cfdd07f9ac075f2cacf7e16a94ee3f0578928637f204b4e76f7931eaa9535ada614c893ee6c17e6c8afe6923bd01916253c35674525ed5b34846317af0d787bb12b679dbae9aac57773c53a5a405339b7a7e7f20f1b1fbc5f7038368f2c8e28075923506b14a7d51e51b6e4259983817eabe51fb0091d3df63b6d6f05327c48baa2eb8631708951081f112c3ec421c167fc367c69b2fd77a3154b979de2554fa613b386cccea561f05e86772e1e5f7d5bb6683ddd1d9788e806ea5533eb453ed02b957c21e02866dcd6f1d432574aec01a455720c7e0d5afe7e03aa2d4513d05917ccacbb738dcc3b642a41e5e1af091e567da7326c43c16d33ad6455ac214d7b421ee65896157870bebe7f2a742ac807d3c8607311ae07c552e8eba721ad5fd4e9870644b1250157c200ed8e1fa54c4d50b24fe7a93ada45edaa0435718586d85d60faf956bbb4cbcc2605494fea10266ce9d3c5d437ae5d65196f5edd26df6422896de1c94c98924d1d97f3214713a8718be304a49334082870bc5a0347a9f166de727e0a9ecd4dba35dc03d932f526c090fbb73c7241e60dbd0532e4213d6052dc00fbbbf070c9021ff03343536396acfc1ca716e382cf00175874c95b62dd320fa99d7bbf716205367315d0a951dc167dd0741cb1d16bcc4511651162c5d75c684dcd2dfb2b3e0d31ae8084fb1a0be72c7a30902a07118f00fd2c30373ce6c184b5eba5d082aa1ce507f508a64a8fadf33f2e9e985528c161072335fa9c02d087619260097171ad657ace19cd00dc0adc867f2be2d080e7f362ed96827e1124c92d7aab4568e4592919532e6688292ddf6d9b4356b99c249e446cb41e671e06ec84944bc6f27ddb78971f15c5e5e99225028bfae4afe686ebc2ae42dd8e588c85f89e3d07b380255bc82d28ceed2871057a4f1c8b6bd3febaac9c63297ce626ce13985b55c351a0c1e4d97c54e4209e5e5bd56201f9b5ab481755861dd8e55844eb1c1b784ff101389f2cc16b6abcc9fd57314efbf1d475e44cf1f85ada1ec251bfb2baa9b5accf744ba582196404b79caf510d7dc9e08ce883e596e2dab21dd8c1f0ba959e4079a4df80d5d4912dcf7df938d5f21a65a8063f1b8bad82e34eff51c3733ec899846228f34a478676152a251f5705753c1a95a35e7e120c30585293dfafcaf7ef855792bfe1ea262898a7980a0cf81e34bb29e9549cafa0c49edc0b99ce7cb2ad91cd8eb5846bd1da480437f3b0bbd7785a93c8b8877c263ad6675fa642439c5566c722e44b92a267df92dab9c33e5f759112e9d7d2751c4deab0ed2379f6d1598e02e02e11f9f1da4721b77a5410218f77b61b24c39c7b510a6224200d106f5edf0aa6e48c6571fb6ec636a458a40a9d0e993bb063e503dc38bcf20bc483041a55324e5049a24c40fd34cfba4177f77fe29b7814e887402495a353ebc34f53d7ad821b7806c4532d9e1ed48df13b6e905079e812e4397b4e19dc15101c68b11a7cf07af876fe8ac4f2f89ccd82e490dddff777f99cac139ce3f5ae31c1287131813c0ac4c133f96898a61fb1cadaf9052123d827bafbf60d5502e8282404099d45b856198bc986624954b7a17a5116cf82a9c2976bceeb8fcd7732d68c15d498e951c70eb3138f06c24809cfafb3c539bad1853cb15c6ebd446611f69c93cf47790400705a40964107182b9868e3db3a82a7560e84aa231fb9a4cd0ad11dac561dbc12cf432aaa723d9f066ff6ff9e3ada91b8e9b20abe0e81675473bc1c343ff8c6b6648f510d74d1b2fc1e97305702c4f1ceb179b688631f10cd2b1004c99841c774f469cca7ee82e178b5fdbcf4ff1fb4d7a185efb9bb72893aeff6312c7fd8ff96a97e5ee6454b611d640c0e3d370ec9f27343411d4d16a2ab4777489150421bacfa02f0a0cb299346abaf8b18fe2a051191b79bf607316aa6ca57691b72b9f0b4adfc4c19c58b4e3bbe2a3e69b19374c3e1c70ebcc561ab282ad042fa9b21ab9d1cdee24500a9f28689dbf141ef3e8cb03520bf53d7596617a98aa7a34a915d816726d7750764dc601efeaad88a6152589d100b15251d02a1fa051b817cf8016cda6a56747b13e1987db6a885f6f9e6749a4b696580e98d4558b38354f4f1fd86048c64729d915c2117b21b81d542e2ae88d9ab9ef835ced676056889e505b52fd0ab7b90cf94c68b213b4184415e5cfc3880d51db250b70185d65d0bc409b6a9640707eb2871a92d939400de3b0904b00a9e822b2ef23d7cd1e7102892794d1a3c159f920a71e66cecbf6eb883fbba2085715325366e8d7f09faf352c680357d28660ab9942615f897f5c5f96bec920398e7779a23a1906e5826eb58e6b21e7d3ad041d3afbe0e68ab1f6110ca92999539b8f27f28f6482457b24d32c31b495171791a27fc8d6927e27483bcc46e69753c631ce4ca1a4cf49422f8482e32c76bd466a67d6e89d4b41c4b1bdb0416baa8c8a955e641e256c824838b416f48b0e537bdca7037c8e35cf50c78bd0fc6872a3750fb11c6f3b352cdbb7152fad94352f8d96feca60051674f59e0a30c8c5bb3a47ade8b4a7451d16c3ed797a20d611c3f632b575b415716f8856497d665b2906b7ec5067c9fc61ce9afc830d701cf694f5b9c070ce1ee5c04123e12ed8437fe93f29e02a12b4f117ce18906ff66ba49c7881add3827e7437cb6fff2728b67e703182fb62c1d50f5fed92235c26b834b81e7ddbcd594bef47a66642267a0a481c08bed9efa526945efe3b0c152e63f93a82a59bda8cc3cf3d3e2db4b5cd83ceb090d7f21596724337f4b8ff666b5231761887cd26018560b2ed29cb9eb9306a922e3136bdf09a20f845f35b6fcbfb3c777baee56803478d09425d57a8ffbf8f615f701a1d99dd09cd79cafb35e5d57fe411ec5f2769353c2417883fbc44d21d07303fe9509b8a24b6c5aeb5d9b1de9362e0aef49af3c0cdf8814b4de8188720b67a8d8ac40e886afda8bda5999d3ebb72ccff152a7c8b0edcef5319d83b9a05842eafa943cdbb864617cac231892b408aa0f935d9777a6604cbe65da554747b93f6f6fdb826f397d19c9c2c3fc3924cbfe0af34827d54af489ffb76d3ed71b8dda04130caf130190db8a8ef69bb4cae097501df810d0bf46054eac34cd1d06b5150b5f902c364b46eed745a1cb9255554113c713476f5fcc393534fbe308c8bc0ee912a073f086ae221a2b836c0a10418974b6c329dd725d2ef56000499644ed707a2a175cd868d092e158a895c94d6a7f201f0e2f32b5b3115b597421b7c294516df3900cb397e7e549b0a23e8bb8f63719715d1ede6cce968835ff7455b6a1df73e1313bf5f4316313561417327db9c92219107524358bbc4348ea2010fe131817e1b8565b2b7e9940482c66c71ca931b2d7a0948e3307ce421fb8af74565883888addc1f94912af245617d7b663772c6ac6cb1ce98632027e61a929aec9803ac3116fd7fdf2349452308e6f0e305ae9760b2fee9d6f05a3199d7c8ac3b35ee32552bf135fe23c279e4596803dcb91073e3d07c81379b7fddec9b82d2379586d60c9f320a8655ea55b6b075766545aa3dc95f83522f4f104863c9324008be0dd7703b11583236240dfc6c2e67929fd17da37d2d389cc3cb37e2cb570c2a45677ee4178655376350ea141c03944df342cce3063b862beb6ba81f3ac454534ebe95a854066b0ddf12ddc3f22af282d3e5ccdda7165a4d69857388dd610003883a0dad3f2be45c10d285c069747781f4f31ee0a584baa2d6ce72d4c1c7998a78fad2047e15946d99f52a9afbac698aa746372c22a19dec8c12753f2d79059c1cb1ff51707a3a39950bddcd7fb7d0565f6502c15b93898dbc129c5ffb4381f668345d40a47fba701c0724f3ca60f3edc6d5e7682fa36c9c03efa9d68aaddd7e6fb007709cf66f1908381c092c5e151ef776360b8f1c87b9cff4e5cb8a9de72f43e5ec6e9350b46b3d07b838cc847fef12330eb6f1481d4d928a0ed1483dffd3e4ef8677a64091ed0bb13f91fe847d627f56a4ef188e7c52faf7a439d34c8f200de1d4f7eb4643f00e0d0e6055fa66586be50a01dbf2de91dfcf69ddc78c8f415ada886d52749ce757979bfe123af5d7aa7b3cfd903256408d26871c0385f1a1c60ad257e171be39212a6a7df8a98329eeea91e8d66bfc605702788a924008d3a89f844a3fe201e002bd48d781a1a1e038afd39158c3bd92f45a3f6c6f80c7b287e0e31d46c145417750171f2568b44b898361d74aec63eaece471f7975a79bcc5e101"], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x4800)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x1, @mcast1, 0x8000}}, {{0xa, 0x0, 0xb55, @empty, 0x80}}}, 0x108)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000400)=0xa)
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
sendmsg$AUDIT_SET(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x3c, 0x3e9, 0x806, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0x1, r1, 0xe, 0x9, 0x6, 0xffffffff, 0x0, 0x7fff, 0x4}, ["", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040041}, 0xd5)
recvmmsg(r0, &(0x7f0000002480)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}}], 0x1, 0x40002003, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x44)
sendmsg$NFT_MSG_GETSET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000000a0a010164140026f3f30defc9245441427b9607a70b3f40439028029da3ecb17c33545670da96ea4db97afcb3ce8a8f23f0e892503536564e20a7e6bc53c8f20c798c90e86cb5bb1d44198aaa6d0660f35544af8b0f93969aa3b466395d00"/111], 0x14}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)

0s ago: executing program 4 (id=502):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x802, 0x0)
ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000000500)={0xd, 0x7f, {0x0, 0x6, 0x2, {0x7ff, 0x3}, {0x18, 0x6}, @const={0xd, {0x1ff, 0x4, 0x80, 0xffff}}}, {0x52, 0x5e39, 0x3, {0x6, 0x1}, {0xca, 0x4}, @rumble={0x9, 0xffb5}}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket(0x2, 0x80805, 0x0)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
sendmmsg$inet_sctp(r4, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000400)}, 0x20)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000280)=r5, 0x4)

kernel console output (not intermixed with test programs):

b_control_msg 03, error -32
[  192.321466][ T5877] gspca_cpia1: usb_control_msg 03, error -71
[  192.321976][ T5877] gspca_cpia1: usb_control_msg 01, error -71
[  192.322137][ T5877] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  192.334375][ T5877] usb 5-1: USB disconnect, device number 8
[  193.583099][ T3579] team0 (unregistering): Port device team_slave_1 removed
[  193.815241][ T3579] team0 (unregistering): Port device team_slave_0 removed
[  196.590832][ T6431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.680580][ T6431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.363775][ T5877] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  197.439329][ T6598] FAULT_INJECTION: forcing a failure.
[  197.439329][ T6598] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  197.439367][ T6598] CPU: 0 UID: 0 PID: 6598 Comm: syz.1.186 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  197.439392][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  197.439403][ T6598] Call Trace:
[  197.439411][ T6598]  <TASK>
[  197.439421][ T6598]  dump_stack_lvl+0x189/0x250
[  197.439460][ T6598]  ? __pfx____ratelimit+0x10/0x10
[  197.439489][ T6598]  ? __pfx_dump_stack_lvl+0x10/0x10
[  197.439522][ T6598]  ? __pfx__printk+0x10/0x10
[  197.439548][ T6598]  ? __might_fault+0xb0/0x130
[  197.439602][ T6598]  should_fail_ex+0x46c/0x600
[  197.439638][ T6598]  _copy_from_user+0x2d/0xb0
[  197.439664][ T6598]  __sys_bind+0x19f/0x3e0
[  197.439687][ T6598]  ? __pfx___sys_bind+0x10/0x10
[  197.439722][ T6598]  ? __pfx_ksys_write+0x10/0x10
[  197.439766][ T6598]  __x64_sys_bind+0x7a/0x90
[  197.439789][ T6598]  do_syscall_64+0xfa/0xfa0
[  197.439816][ T6598]  ? lockdep_hardirqs_on+0x9c/0x150
[  197.439846][ T6598]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.439868][ T6598]  ? clear_bhb_loop+0x60/0xb0
[  197.439895][ T6598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  197.439915][ T6598] RIP: 0033:0x7f0d04aff6c9
[  197.439935][ T6598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  197.439953][ T6598] RSP: 002b:00007f0d02d5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  197.439976][ T6598] RAX: ffffffffffffffda RBX: 00007f0d04d55fa0 RCX: 00007f0d04aff6c9
[  197.439992][ T6598] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000003
[  197.440005][ T6598] RBP: 00007f0d02d5e090 R08: 0000000000000000 R09: 0000000000000000
[  197.440019][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  197.440031][ T6598] R13: 00007f0d04d56038 R14: 00007f0d04d55fa0 R15: 00007ffde7056408
[  197.440068][ T6598]  </TASK>
[  197.522220][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  197.530116][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.530158][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.530179][ T5877] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  197.530220][ T5877] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  197.530242][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.563377][ T5877] usb 5-1: config 0 descriptor??
[  197.929499][ T6431] team0: Port device team_slave_0 added
[  197.973684][ T6431] team0: Port device team_slave_1 added
[  198.012350][   T31] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  198.052200][ T5877] HID 045e:07da: Invalid code 65791 type 1
[  198.095834][ T5877] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0002/input/input6
[  198.122409][ T5961] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  198.125316][ T5877] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  198.165044][   T31] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  198.165080][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.195471][   T31] usb 4-1: config 0 descriptor??
[  198.230313][   T31] gspca_main: cpia1-2.14.0 probing 0813:0001
[  198.282220][ T5961] usb 2-1: Using ep0 maxpacket: 16
[  198.287441][ T5961] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.287540][ T5961] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  198.287564][ T5961] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  198.287612][ T5961] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  198.287699][ T5961] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.377915][ T5877] usb 5-1: USB disconnect, device number 9
[  198.549516][ T5961] usb 2-1: config 0 descriptor??
[  198.609606][ T6610] fido_id[6610]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  198.635695][   T31] gspca_cpia1: usb_control_msg 03, error -32
[  198.638153][   T31] gspca_cpia1: usb_control_msg 03, error -71
[  198.639548][   T31] gspca_cpia1: usb_control_msg 01, error -71
[  198.639566][   T31] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0)
[  198.677908][   T31] usb 4-1: USB disconnect, device number 8
[  198.890264][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.890282][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  198.890307][ T6431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  198.895194][ T6485] chnl_net:caif_netlink_parms(): no params data found
[  198.989767][ T5961] HID 045e:07da: Invalid code 65791 type 1
[  198.991926][ T6431] batman_adv: batadv0: Adding interface: batadv_slave_1
[  198.991945][ T6431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  199.006916][ T6431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.092429][ T5961] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input7
[  199.143803][ T5961] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  199.249598][ T5877] usb 2-1: USB disconnect, device number 6
[  199.368856][ T6620] fido_id[6620]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  199.648392][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  199.648476][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  200.320417][ T6645] overlayfs: missing 'lowerdir'
[  200.421335][ T6651] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  200.890245][ T6431] hsr_slave_0: entered promiscuous mode
[  200.892815][ T6431] hsr_slave_1: entered promiscuous mode
[  200.893797][ T6431] debugfs: 'hsr0' already exists in 'hsr'
[  200.893821][ T6431] Cannot create hsr debugfs directory
[  201.304878][ T6660] binder_alloc: 6658: binder_alloc_buf, no vma
[  201.377548][ T6663] netlink: 'syz.3.197': attribute type 1 has an invalid length.
[  201.612488][ T6485] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.612667][ T6485] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.614808][ T6485] bridge_slave_0: entered allmulticast mode
[  201.623182][ T6485] bridge_slave_0: entered promiscuous mode
[  201.678755][ T6663] ipvlan0: entered promiscuous mode
[  201.681025][ T6663] ipvlan0: left promiscuous mode
[  201.762112][ T5864] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  201.929911][ T5864] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  201.929946][ T5864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.982243][ T5864] usb 2-1: config 0 descriptor??
[  201.989227][ T5864] gspca_main: cpia1-2.14.0 probing 0813:0001
[  202.033624][ T6485] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.033796][ T6485] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.034047][ T6485] bridge_slave_1: entered allmulticast mode
[  202.078862][ T6485] bridge_slave_1: entered promiscuous mode
[  202.392293][ T5864] gspca_cpia1: usb_control_msg 03, error -32
[  202.392854][ T5864] gspca_cpia1: usb_control_msg 03, error -71
[  202.393303][ T5864] gspca_cpia1: usb_control_msg 01, error -71
[  202.393319][ T5864] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  202.446977][ T5864] usb 2-1: USB disconnect, device number 7
[  203.313890][ T6485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  203.372183][ T5877] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  203.522400][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  203.525222][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.525255][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.525279][ T5877] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  203.525335][ T5877] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  203.525360][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.544087][ T5877] usb 5-1: config 0 descriptor??
[  203.760065][ T3579] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.961569][ T5877] HID 045e:07da: Invalid code 65791 type 1
[  204.006987][ T6485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  204.007562][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.203'.
[  204.025870][ T5877] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0004/input/input8
[  204.115083][ T5877] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  204.303661][ T5864] usb 5-1: USB disconnect, device number 10
[  204.369202][ T6692] fido_id[6692]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  204.824245][ T3579] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.913501][ T6700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.206'.
[  204.957801][ T6485] team0: Port device team_slave_0 added
[  205.157403][ T6705] overlayfs: failed to resolve './file1/file0': -2
[  205.323219][ T5961] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  205.326583][ T6485] team0: Port device team_slave_1 added
[  205.494433][ T5961] usb 5-1: not running at top speed; connect to a high speed hub
[  205.499537][ T5961] usb 5-1: config 16 has an invalid interface number: 2 but max is 1
[  205.499567][ T5961] usb 5-1: config 16 contains an unexpected descriptor of type 0x2, skipping
[  205.499586][ T5961] usb 5-1: config 16 has an invalid descriptor of length 234, skipping remainder of the config
[  205.499606][ T5961] usb 5-1: config 16 has 1 interface, different from the descriptor's value: 2
[  205.499627][ T5961] usb 5-1: config 16 has no interface number 0
[  205.499683][ T5961] usb 5-1: config 16 interface 2 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  205.499712][ T5961] usb 5-1: config 16 interface 2 has no altsetting 0
[  205.542228][ T5877] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  205.591415][ T5961] usb 5-1: New USB device found, idVendor=05c6, idProduct=7102, bcdDevice= d.0a
[  205.591436][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.591449][ T5961] usb 5-1: Product: syz
[  205.591457][ T5961] usb 5-1: Manufacturer: syz
[  205.591465][ T5961] usb 5-1: SerialNumber: syz
[  205.692523][ T5877] usb 2-1: Using ep0 maxpacket: 8
[  205.699175][ T5877] usb 2-1: unable to get BOS descriptor or descriptor too short
[  205.701542][ T5877] usb 2-1: config 4 interface 0 has no altsetting 0
[  205.708648][ T5877] usb 2-1: string descriptor 0 read error: -22
[  205.713083][ T5877] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  205.713114][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.786215][ T5877] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  205.840924][ T5877] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  205.841352][ T5877] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  205.841417][ T5877] usb 2-1: media controller created
[  205.928849][ T5961] usb 5-1: USB disconnect, device number 11
[  205.969474][ T6705] usb 2-1: dvb_usb_au6610: wlen=0, aborting
[  205.993364][ T3579] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.012765][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  206.183022][ T5877] zl10353_read_register: readreg error (reg=127, ret==0)
[  206.368489][ T5877] usb 2-1: USB disconnect, device number 8
[  206.570982][ T6485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.571002][ T6485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  206.571030][ T6485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.334887][ T3579] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.427715][ T6485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.427734][ T6485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  207.427763][ T6485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.231600][ T6485] hsr_slave_0: entered promiscuous mode
[  208.290659][ T6741] FAULT_INJECTION: forcing a failure.
[  208.290659][ T6741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.290696][ T6741] CPU: 1 UID: 0 PID: 6741 Comm: syz.1.213 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  208.290720][ T6741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  208.290733][ T6741] Call Trace:
[  208.290741][ T6741]  <TASK>
[  208.290751][ T6741]  dump_stack_lvl+0x189/0x250
[  208.290788][ T6741]  ? __pfx____ratelimit+0x10/0x10
[  208.290817][ T6741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.290849][ T6741]  ? __pfx__printk+0x10/0x10
[  208.290876][ T6741]  ? __might_fault+0xb0/0x130
[  208.290920][ T6741]  should_fail_ex+0x46c/0x600
[  208.290955][ T6741]  _copy_from_user+0x2d/0xb0
[  208.290981][ T6741]  do_sock_getsockopt+0x17d/0x450
[  208.291010][ T6741]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  208.291034][ T6741]  ? do_syscall_64+0xa0/0xfa0
[  208.291061][ T6741]  ? __fget_files+0x2a/0x420
[  208.291089][ T6741]  ? __fget_files+0x3a6/0x420
[  208.291117][ T6741]  ? __fget_files+0x2a/0x420
[  208.291155][ T6741]  __x64_sys_getsockopt+0x1ab/0x250
[  208.291180][ T6741]  ? do_syscall_64+0xa0/0xfa0
[  208.291209][ T6741]  ? do_syscall_64+0xa0/0xfa0
[  208.291242][ T6741]  do_syscall_64+0xfa/0xfa0
[  208.291276][ T6741]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.291305][ T6741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.291326][ T6741]  ? clear_bhb_loop+0x60/0xb0
[  208.291354][ T6741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.291376][ T6741] RIP: 0033:0x7f0d04aff6c9
[  208.291395][ T6741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  208.291413][ T6741] RSP: 002b:00007f0d02d1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  208.291436][ T6741] RAX: ffffffffffffffda RBX: 00007f0d04d56180 RCX: 00007f0d04aff6c9
[  208.291451][ T6741] RDX: 000000000000007f RSI: 000000000000010f RDI: 0000000000000006
[  208.291464][ T6741] RBP: 00007f0d02d1c090 R08: 0000000000000000 R09: 0000000000000000
[  208.291477][ T6741] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  208.291491][ T6741] R13: 00007f0d04d56218 R14: 00007f0d04d56180 R15: 00007ffde7056408
[  208.291527][ T6741]  </TASK>
[  208.428394][ T6485] hsr_slave_1: entered promiscuous mode
[  208.429491][ T6485] debugfs: 'hsr0' already exists in 'hsr'
[  208.429517][ T6485] Cannot create hsr debugfs directory
[  208.761775][ T5961] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  208.832129][   T31] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  208.912172][ T5961] usb 5-1: device descriptor read/64, error -71
[  209.023026][   T31] usb 4-1: Using ep0 maxpacket: 16
[  209.038300][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.038335][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.038359][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  209.038406][   T31] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  209.038430][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.108073][   T31] usb 4-1: config 0 descriptor??
[  209.162141][ T5961] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  209.303168][ T5961] usb 5-1: device descriptor read/64, error -71
[  209.425194][ T5961] usb usb5-port1: attempt power cycle
[  209.477605][ T6431] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  209.536072][   T31] HID 045e:07da: Invalid code 65791 type 1
[  209.547381][ T6431] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  209.564705][   T31] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0005/input/input9
[  209.596717][   T31] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  209.632390][ T5885] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  209.738042][ T6431] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  209.772255][ T5961] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  209.789878][ T6431] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  209.792699][ T5885] usb 2-1: Using ep0 maxpacket: 32
[  209.807186][ T5885] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.826239][ T5877] usb 4-1: USB disconnect, device number 9
[  209.842622][ T5885] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  209.842656][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.842677][ T5885] usb 2-1: Product: syz
[  209.842694][ T5885] usb 2-1: Manufacturer: syz
[  209.842710][ T5885] usb 2-1: SerialNumber: syz
[  209.856406][ T5961] usb 5-1: device descriptor read/8, error -71
[  210.043486][ T5885] usb 2-1: config 0 descriptor??
[  210.061214][ T5885] usb 2-1: bad CDC descriptors
[  210.069137][ T5885] usb 2-1: unsupported MDLM descriptors
[  210.288513][ T6745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.289213][ T6745] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  210.302311][   T31] usb 2-1: USB disconnect, device number 9
[  210.452469][ T3579] bridge_slave_1: left allmulticast mode
[  210.452502][ T3579] bridge_slave_1: left promiscuous mode
[  210.452785][ T3579] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.557375][ T3579] bridge_slave_0: left allmulticast mode
[  210.557409][ T3579] bridge_slave_0: left promiscuous mode
[  210.557725][ T3579] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.442253][  T990] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  211.560651][ T6779] FAULT_INJECTION: forcing a failure.
[  211.560651][ T6779] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  211.560677][ T6779] CPU: 0 UID: 0 PID: 6779 Comm: syz.3.223 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  211.560692][ T6779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  211.560700][ T6779] Call Trace:
[  211.560705][ T6779]  <TASK>
[  211.560710][ T6779]  dump_stack_lvl+0x189/0x250
[  211.560735][ T6779]  ? __pfx____ratelimit+0x10/0x10
[  211.560752][ T6779]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.560770][ T6779]  ? __pfx__printk+0x10/0x10
[  211.560785][ T6779]  ? __might_fault+0xb0/0x130
[  211.560809][ T6779]  should_fail_ex+0x46c/0x600
[  211.560829][ T6779]  _copy_from_user+0x2d/0xb0
[  211.560844][ T6779]  ___sys_recvmsg+0x12e/0x510
[  211.560863][ T6779]  ? __pfx____sys_recvmsg+0x10/0x10
[  211.560893][ T6779]  ? __fget_files+0x3a6/0x420
[  211.560918][ T6779]  do_recvmmsg+0x30d/0x770
[  211.560938][ T6779]  ? __pfx_do_recvmmsg+0x10/0x10
[  211.560959][ T6779]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  211.560976][ T6779]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  211.561000][ T6779]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  211.561023][ T6779]  __x64_sys_recvmmsg+0x190/0x240
[  211.561040][ T6779]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  211.561058][ T6779]  ? do_syscall_64+0xbe/0xfa0
[  211.561077][ T6779]  do_syscall_64+0xfa/0xfa0
[  211.561092][ T6779]  ? lockdep_hardirqs_on+0x9c/0x150
[  211.561107][ T6779]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.561119][ T6779]  ? clear_bhb_loop+0x60/0xb0
[  211.561134][ T6779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.561146][ T6779] RIP: 0033:0x7fac5f72f6c9
[  211.561158][ T6779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.561169][ T6779] RSP: 002b:00007fac5d96d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  211.561183][ T6779] RAX: ffffffffffffffda RBX: 00007fac5f986090 RCX: 00007fac5f72f6c9
[  211.561192][ T6779] RDX: 0400000000000300 RSI: 00002000000031c0 RDI: 0000000000000006
[  211.561201][ T6779] RBP: 00007fac5d96d090 R08: 0000000000000000 R09: 0000000000000000
[  211.561211][ T6779] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000001
[  211.561219][ T6779] R13: 00007fac5f986128 R14: 00007fac5f986090 R15: 00007fff192b4608
[  211.561239][ T6779]  </TASK>
[  211.612187][  T990] usb 2-1: Using ep0 maxpacket: 16
[  211.617738][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.617769][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.617791][  T990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  211.617832][  T990] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  211.617854][  T990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.624244][  T990] usb 2-1: config 0 descriptor??
[  212.099481][  T990] HID 045e:07da: Invalid code 65791 type 1
[  212.176379][  T990] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input10
[  212.214855][  T990] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  212.270919][ T5885] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  212.411436][  T990] usb 2-1: USB disconnect, device number 10
[  212.452916][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  212.456126][ T5885] usb 5-1: unable to get BOS descriptor or descriptor too short
[  212.457764][ T5885] usb 5-1: config 4 interface 0 has no altsetting 0
[  212.484286][ T5885] usb 5-1: string descriptor 0 read error: -22
[  212.484407][ T5885] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  212.484422][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.602306][ T5885] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  212.615845][ T5885] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  212.616224][ T5885] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  212.616271][ T5885] usb 5-1: media controller created
[  212.662372][    T9] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  212.704389][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  212.729926][ T6782] usb 5-1: dvb_usb_au6610: wlen=0, aborting
[  212.781683][ T5885] zl10353_read_register: readreg error (reg=127, ret==0)
[  212.792171][    T9] usb 4-1: device descriptor read/64, error -71
[  212.858154][ T5885] usb 5-1: USB disconnect, device number 16
[  213.032314][    T9] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  213.162709][    T9] usb 4-1: device descriptor read/64, error -71
[  213.272583][    T9] usb usb4-port1: attempt power cycle
[  213.312152][ T5885] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  213.468613][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  213.489022][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.489060][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.489084][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  213.489127][ T5885] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  213.489152][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.552766][ T5885] usb 2-1: config 0 descriptor??
[  213.612206][    T9] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  213.633686][    T9] usb 4-1: device descriptor read/8, error -71
[  213.892448][    T9] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  213.937003][    T9] usb 4-1: device descriptor read/8, error -71
[  213.971889][ T5885] HID 045e:07da: Invalid code 65791 type 1
[  213.977274][ T5885] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0007/input/input11
[  214.000519][ T5885] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  214.020839][ T3579] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.046056][    T9] usb usb4-port1: unable to enumerate USB device
[  214.094065][ T3579] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.139191][ T3579] bond0 (unregistering): Released all slaves
[  214.230884][ T5961] usb 2-1: USB disconnect, device number 11
[  215.386071][ T6808] netlink: 48 bytes leftover after parsing attributes in process `syz.1.233'.
[  218.746880][ T6840] netlink: 20 bytes leftover after parsing attributes in process `syz.3.238'.
[  219.023646][ T3579] hsr_slave_0: left promiscuous mode
[  219.108503][ T3579] hsr_slave_1: left promiscuous mode
[  219.109679][ T3579] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.109706][ T3579] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.280330][ T3579] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.280363][ T3579] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.842244][ T3579] veth1_macvtap: left promiscuous mode
[  219.842991][ T3579] veth0_macvtap: left promiscuous mode
[  219.843340][ T3579] veth1_vlan: left promiscuous mode
[  219.843552][ T3579] veth0_vlan: left promiscuous mode
[  221.202252][ T5885] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  221.370783][ T5885] usb 2-1: config 0 has an invalid interface number: 168 but max is 0
[  221.370814][ T5885] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  221.370833][ T5885] usb 2-1: config 0 has no interface number 0
[  221.370874][ T5885] usb 2-1: config 0 interface 168 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  221.370892][ T5885] usb 2-1: config 0 interface 168 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  221.370920][ T5885] usb 2-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice=48.98
[  221.370934][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.441393][ T5885] usb 2-1: config 0 descriptor??
[  221.470714][ T5885] HFC-S_USB 2-1:0.168: probe with driver HFC-S_USB failed with error -5
[  221.667724][   T43] usb 2-1: USB disconnect, device number 12
[  222.211086][ T5800] Bluetooth: hci3: command 0x0406 tx timeout
[  222.211375][ T5800] Bluetooth: hci0: command 0x0406 tx timeout
[  222.211672][ T5800] Bluetooth: hci1: command 0x0406 tx timeout
[  223.005863][   T43] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  223.283227][   T43] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  223.283317][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.283366][   T43] usb 2-1: Product: syz
[  223.283411][   T43] usb 2-1: Manufacturer: syz
[  223.283454][   T43] usb 2-1: SerialNumber: syz
[  223.539330][   T43] usb 2-1: config 0 descriptor??
[  223.542436][   T43] hub 2-1:0.0: bad descriptor, ignoring hub
[  223.542476][   T43] hub 2-1:0.0: probe with driver hub failed with error -5
[  223.779049][   T43] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  223.784709][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  223.785578][   T43] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  223.785638][   T43] usb 2-1: media controller created
[  223.814696][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  223.884181][   T43] DVB: Unable to find symbol dib7000p_attach()
[  223.884194][   T43] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  223.922792][ T3579] team0 (unregistering): Port device team_slave_1 removed
[  223.945490][   T43] rc_core: IR keymap rc-dib0700-rc5 not found
[  223.945511][   T43] Registered IR keymap rc-empty
[  223.947249][   T43] dvb-usb: could not initialize remote control.
[  223.947260][   T43] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  224.173319][ T3579] team0 (unregistering): Port device team_slave_0 removed
[  226.901747][ T6485] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  227.018566][ T6485] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  227.127824][ T6485] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  227.198888][ T6485] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  227.713522][ T6878] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  227.750662][ T6431] 8021q: adding VLAN 0 to HW filter on device bond0
[  228.003952][ T6431] 8021q: adding VLAN 0 to HW filter on device team0
[  228.143037][ T6882] netlink: 'syz.3.245': attribute type 1 has an invalid length.
[  228.461633][ T6882] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.594988][ T6886] bond1: (slave ip6erspan0): making interface the new active one
[  228.623257][ T6886] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  228.671912][ T3693] bridge0: port 1(bridge_slave_0) entered blocking state
[  228.682205][ T3693] bridge0: port 1(bridge_slave_0) entered forwarding state
[  228.878024][ T3579] IPVS: stop unused estimator thread 0...
[  228.896458][ T3693] bridge0: port 2(bridge_slave_1) entered blocking state
[  228.897173][ T3693] bridge0: port 2(bridge_slave_1) entered forwarding state
[  229.453733][   T31] usb 2-1: USB disconnect, device number 13
[  229.535508][   T31] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  229.578393][ T6485] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.829211][ T6485] 8021q: adding VLAN 0 to HW filter on device team0
[  229.872612][ T5810] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  229.909506][ T6205] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.909876][ T6205] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.981840][ T5999] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.005228][ T5999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.413129][ T5810] usb 4-1: config 1 has an invalid interface number: 245 but max is 0
[  230.413165][ T5810] usb 4-1: config 1 has no interface number 0
[  230.413225][ T5810] usb 4-1: config 1 interface 245 altsetting 4 endpoint 0x4 has an invalid bInterval 86, changing to 10
[  230.413255][ T5810] usb 4-1: config 1 interface 245 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 14
[  230.413284][ T5810] usb 4-1: config 1 interface 245 has no altsetting 0
[  230.465078][ T5810] usb 4-1: New USB device found, idVendor=07ca, idProduct=b835, bcdDevice=8d.5a
[  230.465110][ T5810] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.465129][ T5810] usb 4-1: Product: syz
[  230.465143][ T5810] usb 4-1: Manufacturer: ￪붶㆓冀
[  230.465157][ T5810] usb 4-1: SerialNumber: syz
[  230.813883][ T5810] usb 4-1: USB disconnect, device number 14
[  230.881390][ T6918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'.
[  230.923282][ T6918] fuse: Unknown parameter 'ÿÿ000000000000000000000xffffffffffffffff'
[  230.988029][ T6431] 8021q: adding VLAN 0 to HW filter on device batadv0
[  231.512113][ T5810] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  231.667193][ T5810] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  231.667229][ T5810] usb 2-1: config 0 interface 0 has no altsetting 0
[  231.675140][ T5810] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  231.675171][ T5810] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  231.675191][ T5810] usb 2-1: Product: syz
[  231.675204][ T5810] usb 2-1: Manufacturer: syz
[  231.675217][ T5810] usb 2-1: SerialNumber: syz
[  231.697887][ T5810] usb 2-1: config 0 descriptor??
[  231.760642][ T5810] usb 2-1: selecting invalid altsetting 0
[  232.278706][ T5877] usb 2-1: USB disconnect, device number 14
[  232.731006][ T6961] loop6: detected capacity change from 0 to 524287999
[  232.756406][ T6485] 8021q: adding VLAN 0 to HW filter on device batadv0
[  232.896443][ T6431] veth0_vlan: entered promiscuous mode
[  233.009065][ T6431] veth1_vlan: entered promiscuous mode
[  233.222781][ T6431] veth0_macvtap: entered promiscuous mode
[  233.258092][ T6431] veth1_macvtap: entered promiscuous mode
[  233.381514][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_0
[  233.536932][ T6431] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.627789][ T5989] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.628496][ T5989] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.628833][ T5989] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.629449][ T5989] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.960138][ T6485] veth0_vlan: entered promiscuous mode
[  235.037487][ T6485] veth1_vlan: entered promiscuous mode
[  235.206697][ T6485] veth0_macvtap: entered promiscuous mode
[  235.250175][ T6485] veth1_macvtap: entered promiscuous mode
[  235.468371][ T6485] batman_adv: batadv0: Interface activated: batadv_slave_0
[  235.516950][ T6485] batman_adv: batadv0: Interface activated: batadv_slave_1
[  235.581559][ T5999] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  235.593691][ T5999] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  235.617765][ T5999] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  235.622470][ T5999] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  235.662210][ T5885] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  235.821952][ T5885] usb 2-1: Using ep0 maxpacket: 8
[  235.825203][ T5885] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  235.825233][ T5885] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  235.825252][ T5885] usb 2-1: config 0 has no interface number 0
[  235.825300][ T5885] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  235.825323][ T5885] usb 2-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  235.825366][ T5885] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  235.825389][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.888977][ T5885] usb 2-1: config 0 descriptor??
[  235.916337][ T5885] ldusb 2-1:0.55: Interrupt in endpoint not found
[  236.118221][ T5864] usb 2-1: USB disconnect, device number 15
[  236.694149][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  236.712905][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  236.714245][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  236.716105][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  236.717118][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  236.851600][ T7008] netdevsim netdevsim4 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP)
[  237.367994][ T7012] FAULT_INJECTION: forcing a failure.
[  237.367994][ T7012] name failslab, interval 1, probability 0, space 0, times 0
[  237.368054][ T7012] CPU: 1 UID: 0 PID: 7012 Comm: syz.3.269 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  237.368079][ T7012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  237.368091][ T7012] Call Trace:
[  237.368099][ T7012]  <TASK>
[  237.368109][ T7012]  dump_stack_lvl+0x189/0x250
[  237.368148][ T7012]  ? __pfx____ratelimit+0x10/0x10
[  237.368177][ T7012]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.368209][ T7012]  ? __pfx__printk+0x10/0x10
[  237.368243][ T7012]  ? __pfx___might_resched+0x10/0x10
[  237.368268][ T7012]  ? fs_reclaim_acquire+0x7d/0x100
[  237.368305][ T7012]  should_fail_ex+0x46c/0x600
[  237.368339][ T7012]  ? __alloc_skb+0x112/0x2d0
[  237.368361][ T7012]  should_failslab+0xa8/0x100
[  237.368394][ T7012]  ? __alloc_skb+0x112/0x2d0
[  237.368421][ T7012]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  237.368452][ T7012]  ? netlink_autobind+0xdb/0x300
[  237.368482][ T7012]  __alloc_skb+0x112/0x2d0
[  237.368510][ T7012]  netlink_sendmsg+0x5c6/0xb30
[  237.368531][ T7012]  ? is_bpf_text_address+0x26/0x2b0
[  237.368574][ T7012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.368608][ T7012]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  237.368640][ T7012]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.368664][ T7012]  __sock_sendmsg+0x21c/0x270
[  237.368700][ T7012]  ____sys_sendmsg+0x508/0x820
[  237.368734][ T7012]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.368837][ T7012]  ? import_iovec+0x74/0xa0
[  237.368879][ T7012]  ___sys_sendmsg+0x21f/0x2a0
[  237.368912][ T7012]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.368983][ T7012]  ? __fget_files+0x2a/0x420
[  237.369012][ T7012]  ? __fget_files+0x3a6/0x420
[  237.369071][ T7012]  __x64_sys_sendmsg+0x1a1/0x260
[  237.369101][ T7012]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  237.369138][ T7012]  ? __pfx_ksys_write+0x10/0x10
[  237.369170][ T7012]  ? do_syscall_64+0xbe/0xfa0
[  237.369205][ T7012]  do_syscall_64+0xfa/0xfa0
[  237.369232][ T7012]  ? lockdep_hardirqs_on+0x9c/0x150
[  237.369260][ T7012]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.369282][ T7012]  ? clear_bhb_loop+0x60/0xb0
[  237.369309][ T7012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.369331][ T7012] RIP: 0033:0x7fac5f72f6c9
[  237.369351][ T7012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.369368][ T7012] RSP: 002b:00007fac5d98e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.369392][ T7012] RAX: ffffffffffffffda RBX: 00007fac5f985fa0 RCX: 00007fac5f72f6c9
[  237.369408][ T7012] RDX: 0000000000004094 RSI: 0000200000000180 RDI: 0000000000000003
[  237.369422][ T7012] RBP: 00007fac5d98e090 R08: 0000000000000000 R09: 0000000000000000
[  237.369436][ T7012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.369449][ T7012] R13: 00007fac5f986038 R14: 00007fac5f985fa0 R15: 00007fff192b4608
[  237.369487][ T7012]  </TASK>
[  238.577497][ T7030] FAULT_INJECTION: forcing a failure.
[  238.577497][ T7030] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.577565][ T7030] CPU: 1 UID: 0 PID: 7030 Comm: syz.4.273 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  238.577590][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  238.577603][ T7030] Call Trace:
[  238.577613][ T7030]  <TASK>
[  238.577623][ T7030]  dump_stack_lvl+0x189/0x250
[  238.577662][ T7030]  ? __pfx____ratelimit+0x10/0x10
[  238.577691][ T7030]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.577724][ T7030]  ? __pfx__printk+0x10/0x10
[  238.577777][ T7030]  should_fail_ex+0x46c/0x600
[  238.577814][ T7030]  _copy_to_user+0x31/0xb0
[  238.577841][ T7030]  simple_read_from_buffer+0xe1/0x170
[  238.577876][ T7030]  proc_fail_nth_read+0x1b6/0x220
[  238.577904][ T7030]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  238.577934][ T7030]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  238.577960][ T7030]  vfs_read+0x206/0xa30
[  238.577996][ T7030]  ? __pfx_vfs_read+0x10/0x10
[  238.578018][ T7030]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  238.578053][ T7030]  ? mutex_lock_nested+0x154/0x1d0
[  238.578074][ T7030]  ? fdget_pos+0x253/0x320
[  238.578116][ T7030]  ksys_read+0x14b/0x260
[  238.578146][ T7030]  ? __pfx_ksys_read+0x10/0x10
[  238.578177][ T7030]  ? do_syscall_64+0xbe/0xfa0
[  238.578212][ T7030]  do_syscall_64+0xfa/0xfa0
[  238.578242][ T7030]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.578263][ T7030]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  238.578283][ T7030]  ? clear_bhb_loop+0x60/0xb0
[  238.578310][ T7030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.578331][ T7030] RIP: 0033:0x7fa5bc58e0dc
[  238.578351][ T7030] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  238.578369][ T7030] RSP: 002b:00007fa5ba7ac030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  238.578393][ T7030] RAX: ffffffffffffffda RBX: 00007fa5bc7e6180 RCX: 00007fa5bc58e0dc
[  238.578409][ T7030] RDX: 000000000000000f RSI: 00007fa5ba7ac0a0 RDI: 0000000000000006
[  238.578423][ T7030] RBP: 00007fa5ba7ac090 R08: 0000000000000000 R09: 0000000000000000
[  238.578436][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.578449][ T7030] R13: 00007fa5bc7e6218 R14: 00007fa5bc7e6180 R15: 00007ffea9ae1838
[  238.578486][ T7030]  </TASK>
[  239.164776][ T5802] Bluetooth: hci5: command tx timeout
[  240.002178][ T5864] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  240.161671][ T5864] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  240.161707][ T5864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.161729][ T5864] usb 5-1: Product: syz
[  240.161744][ T5864] usb 5-1: Manufacturer: syz
[  240.161760][ T5864] usb 5-1: SerialNumber: syz
[  240.230424][ T5864] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  240.329908][   T31] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  240.415557][ T7042] input: syz0 as /devices/virtual/input/input14
[  240.421133][ T7040] input: syz0 as /devices/virtual/input/input13
[  241.245218][ T5802] Bluetooth: hci5: command tx timeout
[  241.264677][   T10] usb 5-1: USB disconnect, device number 17
[  241.485356][   T31] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  241.486876][   T31] ath9k_htc: Failed to initialize the device
[  241.489963][   T10] usb 5-1: ath9k_htc: USB layer deinitialized
[  241.520195][   T71] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.642137][ T5864] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  241.667049][  T990] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  241.803467][ T5864] usb 4-1: Using ep0 maxpacket: 32
[  241.807062][ T5864] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  241.807092][ T5864] usb 4-1: config 0 has no interface number 0
[  241.810397][ T5864] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  241.810428][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.810448][ T5864] usb 4-1: Product: syz
[  241.810462][ T5864] usb 4-1: Manufacturer: syz
[  241.810477][ T5864] usb 4-1: SerialNumber: syz
[  241.822199][  T990] usb 2-1: Using ep0 maxpacket: 16
[  241.825132][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.825165][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.825187][  T990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  241.825228][  T990] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  241.825251][  T990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.947694][  T990] usb 2-1: config 0 descriptor??
[  241.975741][ T5864] usb 4-1: config 0 descriptor??
[  241.994628][ T5864] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  242.249651][ T5864] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  242.273400][   T71] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.347754][ T5864] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  242.398006][  T990] HID 045e:07da: Invalid code 65791 type 1
[  242.520744][  T990] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0008/input/input15
[  242.577261][  T990] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  242.752238][  T990] usb 2-1: USB disconnect, device number 16
[  243.170112][   T71] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.221396][ T7076] fido_id[7076]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  243.322220][ T5802] Bluetooth: hci5: command tx timeout
[  243.705562][   T71] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.744066][ T7088] netlink: 124 bytes leftover after parsing attributes in process `syz.4.286'.
[  243.747489][ T7088] block nbd0: not configured, cannot reconfigure
[  243.804209][ T5802] Bluetooth: hci0: command 0x0406 tx timeout
[  243.849407][ T5877] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  243.849441][ T5877] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  245.412722][ T5802] Bluetooth: hci5: command tx timeout
[  245.530277][   T71] bridge_slave_1: left allmulticast mode
[  245.530301][   T71] bridge_slave_1: left promiscuous mode
[  245.531354][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.616507][   T71] bridge_slave_0: left allmulticast mode
[  245.616533][   T71] bridge_slave_0: left promiscuous mode
[  245.619304][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.202159][ T5802] Bluetooth: hci1: command 0x0406 tx timeout
[  246.202237][ T5877] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  246.202256][ T5877] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  248.283320][ T5877] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  248.283353][ T5877] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  248.283733][ T5802] Bluetooth: hci3: command 0x0406 tx timeout
[  248.594396][   T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  248.653129][   T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  248.703140][   T71] bond0 (unregistering): Released all slaves
[  250.221599][ T7108] syz.4.291 (7108) used greatest stack depth: 17896 bytes left
[  250.512537][ T7111] FAULT_INJECTION: forcing a failure.
[  250.512537][ T7111] name failslab, interval 1, probability 0, space 0, times 0
[  250.512641][ T7111] CPU: 1 UID: 0 PID: 7111 Comm: syz.4.292 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  250.512667][ T7111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  250.512681][ T7111] Call Trace:
[  250.512690][ T7111]  <TASK>
[  250.512700][ T7111]  dump_stack_lvl+0x189/0x250
[  250.512745][ T7111]  ? __pfx____ratelimit+0x10/0x10
[  250.512774][ T7111]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.512807][ T7111]  ? __pfx__printk+0x10/0x10
[  250.512841][ T7111]  ? __pfx___might_resched+0x10/0x10
[  250.512864][ T7111]  ? fs_reclaim_acquire+0x7d/0x100
[  250.512908][ T7111]  should_fail_ex+0x46c/0x600
[  250.512945][ T7111]  should_failslab+0xa8/0x100
[  250.512978][ T7111]  __kmalloc_node_noprof+0xd4/0x7f0
[  250.513007][ T7111]  ? alloc_slab_obj_exts+0x3e/0x100
[  250.513039][ T7111]  alloc_slab_obj_exts+0x3e/0x100
[  250.513067][ T7111]  __memcg_slab_post_alloc_hook+0x33b/0x810
[  250.513107][ T7111]  ? kasan_unpoison+0x48/0x70
[  250.513137][ T7111]  __kmalloc_cache_noprof+0x433/0x6c0
[  250.513168][ T7111]  ? alloc_pipe_info+0xe9/0x4e0
[  250.513202][ T7111]  alloc_pipe_info+0xe9/0x4e0
[  250.513234][ T7111]  splice_direct_to_actor+0xa6e/0xcd0
[  250.513267][ T7111]  ? __lock_acquire+0xab9/0xd20
[  250.513312][ T7111]  ? __lock_acquire+0xab9/0xd20
[  250.513341][ T7111]  ? __pfx_direct_splice_actor+0x10/0x10
[  250.513370][ T7111]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  250.513414][ T7111]  do_splice_direct+0x187/0x270
[  250.513447][ T7111]  ? __pfx_do_splice_direct+0x10/0x10
[  250.513478][ T7111]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  250.513518][ T7111]  ? rw_verify_area+0x25b/0x4e0
[  250.513549][ T7111]  do_sendfile+0x4ec/0x7f0
[  250.513582][ T7111]  ? __pfx_vfs_write+0x10/0x10
[  250.513616][ T7111]  ? __pfx_do_sendfile+0x10/0x10
[  250.513664][ T7111]  __se_sys_sendfile64+0x13e/0x190
[  250.513699][ T7111]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  250.513737][ T7111]  ? do_syscall_64+0xbe/0xfa0
[  250.513771][ T7111]  do_syscall_64+0xfa/0xfa0
[  250.513798][ T7111]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.513825][ T7111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.513847][ T7111]  ? clear_bhb_loop+0x60/0xb0
[  250.513874][ T7111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.513902][ T7111] RIP: 0033:0x7fa5bc58f6c9
[  250.513922][ T7111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.513942][ T7111] RSP: 002b:00007fa5ba7ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  250.513967][ T7111] RAX: ffffffffffffffda RBX: 00007fa5bc7e5fa0 RCX: 00007fa5bc58f6c9
[  250.513983][ T7111] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004
[  250.513997][ T7111] RBP: 00007fa5ba7ee090 R08: 0000000000000000 R09: 0000000000000000
[  250.514011][ T7111] R10: 0000000008000002 R11: 0000000000000246 R12: 0000000000000001
[  250.514026][ T7111] R13: 00007fa5bc7e6038 R14: 00007fa5bc7e5fa0 R15: 00007ffea9ae1838
[  250.514063][ T7111]  </TASK>
[  251.962531][ T5877] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  251.962563][ T5877] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  251.963245][ T5802] Bluetooth: hci5: command 0x0c1a tx timeout
[  252.306569][ T5117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  252.310262][ T5117] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  252.360920][ T5117] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  252.376907][ T5117] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  252.390631][ T5117] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  252.713991][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  252.875848][    T9] usb 5-1: Using ep0 maxpacket: 16
[  252.878778][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.878813][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.878837][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  252.878884][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  252.878908][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.959270][    T9] usb 5-1: config 0 descriptor??
[  253.032683][   T71] hsr_slave_0: left promiscuous mode
[  253.069864][ T7147] FAULT_INJECTION: forcing a failure.
[  253.069864][ T7147] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  253.069903][ T7147] CPU: 1 UID: 0 PID: 7147 Comm: syz.1.295 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  253.069928][ T7147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  253.069953][ T7147] Call Trace:
[  253.069961][ T7147]  <TASK>
[  253.069970][ T7147]  dump_stack_lvl+0x189/0x250
[  253.070008][ T7147]  ? __pfx____ratelimit+0x10/0x10
[  253.070037][ T7147]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.070071][ T7147]  ? __pfx__printk+0x10/0x10
[  253.070117][ T7147]  should_fail_ex+0x46c/0x600
[  253.070153][ T7147]  _copy_to_user+0x31/0xb0
[  253.070180][ T7147]  simple_read_from_buffer+0xe1/0x170
[  253.070215][ T7147]  proc_fail_nth_read+0x1b6/0x220
[  253.070243][ T7147]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.070270][ T7147]  ? rw_verify_area+0x2ac/0x4e0
[  253.070295][ T7147]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  253.070320][ T7147]  vfs_read+0x206/0xa30
[  253.070357][ T7147]  ? __pfx_vfs_read+0x10/0x10
[  253.070379][ T7147]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  253.070412][ T7147]  ? mutex_lock_nested+0x154/0x1d0
[  253.070433][ T7147]  ? fdget_pos+0x253/0x320
[  253.070471][ T7147]  ksys_read+0x14b/0x260
[  253.070501][ T7147]  ? __pfx_ksys_read+0x10/0x10
[  253.070532][ T7147]  ? do_syscall_64+0xbe/0xfa0
[  253.070566][ T7147]  do_syscall_64+0xfa/0xfa0
[  253.070591][ T7147]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.070616][ T7147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.070637][ T7147]  ? clear_bhb_loop+0x60/0xb0
[  253.070664][ T7147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.070685][ T7147] RIP: 0033:0x7f0d04afe0dc
[  253.070704][ T7147] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  253.070722][ T7147] RSP: 002b:00007f0d02d5e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  253.070746][ T7147] RAX: ffffffffffffffda RBX: 00007f0d04d55fa0 RCX: 00007f0d04afe0dc
[  253.070761][ T7147] RDX: 000000000000000f RSI: 00007f0d02d5e0a0 RDI: 0000000000000005
[  253.070774][ T7147] RBP: 00007f0d02d5e090 R08: 0000000000000000 R09: 0000000000000000
[  253.070786][ T7147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  253.070799][ T7147] R13: 00007f0d04d56038 R14: 00007f0d04d55fa0 R15: 00007ffde7056408
[  253.070837][ T7147]  </TASK>
[  253.141279][   T71] hsr_slave_1: left promiscuous mode
[  253.143119][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  253.143145][   T71] batman_adv: batadv0: Removing interface: batadv_slave_0
[  253.339223][ T7150] afs: Bad value for 'flock'
[  253.357901][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  253.357934][   T71] batman_adv: batadv0: Removing interface: batadv_slave_1
[  253.389954][    T9] HID 045e:07da: Invalid code 65791 type 1
[  253.409924][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0009/input/input16
[  253.437908][    T9] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  253.570658][   T71] veth1_macvtap: left promiscuous mode
[  253.570781][   T71] veth0_macvtap: left promiscuous mode
[  253.571101][   T71] veth1_vlan: left promiscuous mode
[  253.571312][   T71] veth0_vlan: left promiscuous mode
[  254.443810][ T5117] Bluetooth: hci2: command tx timeout
[  254.702489][ T6787] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[  256.550445][ T5117] Bluetooth: hci2: command tx timeout
[  257.175095][   T71] team0 (unregistering): Port device team_slave_1 removed
[  257.597237][   T71] team0 (unregistering): Port device team_slave_0 removed
[  258.602204][ T5117] Bluetooth: hci2: command tx timeout
[  259.882134][ T6787] usb 5-1: device descriptor read/64, error -110
[  260.157443][ T6787] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[  260.293466][ T6787] usb 5-1: device descriptor read/64, error -32
[  260.532889][ T6787] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[  260.682185][ T5117] Bluetooth: hci2: command tx timeout
[  260.748663][ T6787] usb 5-1: device not accepting address 18, error -71
[  261.103483][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  261.103570][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  261.565159][ T7004] chnl_net:caif_netlink_parms(): no params data found
[  261.802174][ T6787] usb 5-1: reset high-speed USB device number 18 using dummy_hcd
[  261.841195][ T6787] usb 5-1: device reset changed ep0 maxpacket size!
[  261.867431][    T9] usb 5-1: USB disconnect, device number 18
[  262.142196][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  263.406529][ T5877] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  263.406559][ T5877] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  263.418474][ T5117] Bluetooth: hci2: command 0x0c1a tx timeout
[  263.422061][    T9] usb 5-1: Using ep0 maxpacket: 8
[  263.424971][    T9] usb 5-1: config index 0 descriptor too short (expected 29970, got 18)
[  263.424999][    T9] usb 5-1: config 0 has too many interfaces: 168, using maximum allowed: 32
[  263.425021][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 168
[  263.465935][    T9] usb 5-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a
[  263.465967][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.465990][    T9] usb 5-1: Product: syz
[  263.466005][    T9] usb 5-1: Manufacturer: syz
[  263.466021][    T9] usb 5-1: SerialNumber: syz
[  263.508123][    T9] usb 5-1: config 0 descriptor??
[  263.738342][ T6787] usb 5-1: USB disconnect, device number 19
[  264.278361][ T7221] overlayfs: missing 'lowerdir'
[  264.657881][ T7219] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.667426][ T7219] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.256429][ T7219] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.267709][ T7219] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  266.072304][ T7004] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.072471][ T7004] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.072744][ T7004] bridge_slave_0: entered allmulticast mode
[  266.075953][ T7004] bridge_slave_0: entered promiscuous mode
[  266.210482][ T5998] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  266.217082][ T7004] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.217241][ T7004] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.217488][ T7004] bridge_slave_1: entered allmulticast mode
[  266.233387][ T7004] bridge_slave_1: entered promiscuous mode
[  266.311716][ T5998] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  266.825440][ T5998] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  266.845225][   T10] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  267.011053][ T5998] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  267.021785][   T10] usb 2-1: config 5 has an invalid interface number: 187 but max is 0
[  267.021819][   T10] usb 2-1: config 5 has no interface number 0
[  267.021875][   T10] usb 2-1: config 5 interface 187 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  267.021899][   T10] usb 2-1: config 5 interface 187 altsetting 8 has an endpoint descriptor with address 0x93, changing to 0x83
[  267.021929][   T10] usb 2-1: config 5 interface 187 altsetting 8 endpoint 0x83 has an invalid bInterval 153, changing to 4
[  267.022166][   T10] usb 2-1: config 5 interface 187 altsetting 8 endpoint 0x83 has invalid maxpacket 57626, setting to 1023
[  267.022196][   T10] usb 2-1: config 5 interface 187 altsetting 8 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  267.022224][   T10] usb 2-1: config 5 interface 187 has no altsetting 0
[  267.028613][   T10] usb 2-1: New USB device found, idVendor=eb1a, idProduct=2801, bcdDevice=21.7a
[  267.028641][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.028661][   T10] usb 2-1: Product: syz
[  267.028675][   T10] usb 2-1: Manufacturer: syz
[  267.028689][   T10] usb 2-1: SerialNumber: syz
[  267.344081][ T7004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  267.361650][ T7047] chnl_net:caif_netlink_parms(): no params data found
[  267.369957][ T7235] netlink: 'syz.1.308': attribute type 30 has an invalid length.
[  267.429914][   T10] em28xx 2-1:5.187: New device syz syz @ 12 Mbps (eb1a:2801, interface 187, class 187)
[  267.429955][   T10] em28xx 2-1:5.187: Device initialization failed.
[  267.429971][   T10] em28xx 2-1:5.187: Device must be connected to a high-speed USB 2.0 port.
[  267.474292][   T10] usb 2-1: USB disconnect, device number 17
[  267.702238][   T71] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.807353][ T7004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.482219][   T10] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  269.538750][   T71] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.544779][ T7257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.312'.
[  269.639811][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[  269.644740][   T10] usb 5-1: config 16 has an invalid interface number: 2 but max is 1
[  269.644770][   T10] usb 5-1: config 16 contains an unexpected descriptor of type 0x2, skipping
[  269.644789][   T10] usb 5-1: config 16 has an invalid interface descriptor of length 3, skipping
[  269.644806][   T10] usb 5-1: config 16 has an invalid interface number: 2 but max is 1
[  269.644827][   T10] usb 5-1: config 16 has 1 interface, different from the descriptor's value: 2
[  269.644850][   T10] usb 5-1: config 16 has no interface number 0
[  269.644905][   T10] usb 5-1: config 16 interface 2 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  269.644931][   T10] usb 5-1: config 16 interface 2 has no altsetting 0
[  269.644949][   T10] usb 5-1: config 16 interface 2 has no altsetting 1
[  269.660478][   T10] usb 5-1: string descriptor 0 read error: -22
[  269.660663][   T10] usb 5-1: New USB device found, idVendor=05c6, idProduct=7102, bcdDevice= d.0a
[  269.660689][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.861106][ T7004] team0: Port device team_slave_0 added
[  269.906843][    T9] usb 5-1: USB disconnect, device number 20
[  270.055818][   T71] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.102297][   T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  270.110088][ T7004] team0: Port device team_slave_1 added
[  270.263278][   T10] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  270.263333][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  270.268072][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  270.268107][   T10] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  270.268129][   T10] usb 2-1: Product: syz
[  270.268145][   T10] usb 2-1: Manufacturer: syz
[  270.268160][   T10] usb 2-1: SerialNumber: syz
[  270.337907][   T10] usb 2-1: config 0 descriptor??
[  270.366247][   T10] usb 2-1: selecting invalid altsetting 0
[  270.725878][   T71] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.843688][   T31] usb 2-1: USB disconnect, device number 18
[  271.319528][ T7274] misc userio: Begin command sent, but we're already running
[  271.496979][ T7004] batman_adv: batadv0: Adding interface: batadv_slave_0
[  271.496993][ T7004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  271.497011][ T7004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  271.603187][   T43] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  271.742279][   T43] usb 5-1: device descriptor read/64, error -71
[  272.002208][   T43] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  272.154073][   T43] usb 5-1: device descriptor read/64, error -71
[  272.260679][ T7004] batman_adv: batadv0: Adding interface: batadv_slave_1
[  272.260709][ T7004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  272.260737][ T7004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  272.263123][   T43] usb usb5-port1: attempt power cycle
[  272.284539][ T7047] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.284837][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.285150][ T7047] bridge_slave_0: entered allmulticast mode
[  272.295195][ T7047] bridge_slave_0: entered promiscuous mode
[  272.471242][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.471556][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.475472][ T7047] bridge_slave_1: entered allmulticast mode
[  272.493848][ T7047] bridge_slave_1: entered promiscuous mode
[  272.605065][   T43] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  272.623515][   T43] usb 5-1: device descriptor read/8, error -71
[  272.862194][   T43] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  272.883449][   T43] usb 5-1: device descriptor read/8, error -71
[  272.995386][   T43] usb usb5-port1: unable to enumerate USB device
[  273.599152][ T7047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  273.817958][ T7047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.021086][ T7004] hsr_slave_0: entered promiscuous mode
[  274.031057][ T7004] hsr_slave_1: entered promiscuous mode
[  274.041081][ T7004] debugfs: 'hsr0' already exists in 'hsr'
[  274.041114][ T7004] Cannot create hsr debugfs directory
[  274.369271][ T7047] team0: Port device team_slave_0 added
[  274.563645][ T7047] team0: Port device team_slave_1 added
[  277.105630][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.105650][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.105680][ T7047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.509922][ T7317] capability: warning: `syz.4.319' uses deprecated v2 capabilities in a way that may be insecure
[  278.604370][   T71] bridge_slave_1: left allmulticast mode
[  278.604403][   T71] bridge_slave_1: left promiscuous mode
[  278.605047][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.785169][   T71] bridge_slave_0: left allmulticast mode
[  278.785976][   T71] bridge_slave_0: left promiscuous mode
[  278.788690][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.004426][ T7327] tmpfs: Bad value for 'mpol'
[  281.473358][   T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  281.533114][   T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  281.556104][   T71] bond0 (unregistering): Released all slaves
[  281.604694][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_1
[  281.604715][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  281.604746][ T7047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.232205][ T5918] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  282.424873][ T7047] hsr_slave_0: entered promiscuous mode
[  282.443470][ T5918] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  282.443503][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.443522][ T5918] usb 5-1: Product: syz
[  282.443535][ T5918] usb 5-1: Manufacturer: syz
[  282.443550][ T5918] usb 5-1: SerialNumber: syz
[  282.455495][ T5918] usb 5-1: config 0 descriptor??
[  282.467431][ T5918] gspca_main: sq905c-2.14.0 probing 2770:9052
[  282.497654][ T7047] hsr_slave_1: entered promiscuous mode
[  282.498898][ T7047] debugfs: 'hsr0' already exists in 'hsr'
[  282.498926][ T7047] Cannot create hsr debugfs directory
[  282.710389][ T7352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.711185][ T7352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.733502][ T7352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.734128][ T7352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.771069][ T7352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.775293][ T7352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.837862][ T7352] netlink: 40 bytes leftover after parsing attributes in process `syz.4.324'.
[  282.983569][ T5918] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[  282.983676][ T5918] sq905c 5-1:0.0: Get version command failed
[  282.983740][ T5918] sq905c 5-1:0.0: probe with driver sq905c failed with error -71
[  283.055025][ T5918] usb 5-1: USB disconnect, device number 25
[  286.562543][  T990] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  286.720274][  T990] usb 5-1: Using ep0 maxpacket: 16
[  286.728604][  T990] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  286.728636][  T990] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  286.729117][  T990] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  286.729146][  T990] usb 5-1: too many endpoints for config 1 interface 2 altsetting 0: 255, using maximum allowed: 30
[  286.729190][  T990] usb 5-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  286.796931][  T990] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  286.796967][  T990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.796990][  T990] usb 5-1: Product: syz
[  286.797006][  T990] usb 5-1: Manufacturer: syz
[  286.797023][  T990] usb 5-1: SerialNumber: syz
[  289.754383][ T7382] FAULT_INJECTION: forcing a failure.
[  289.754383][ T7382] name failslab, interval 1, probability 0, space 0, times 0
[  289.754693][ T7382] CPU: 1 UID: 0 PID: 7382 Comm: syz.1.331 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  289.754722][ T7382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  289.754735][ T7382] Call Trace:
[  289.754743][ T7382]  <TASK>
[  289.754753][ T7382]  dump_stack_lvl+0x189/0x250
[  289.754798][ T7382]  ? __pfx____ratelimit+0x10/0x10
[  289.754826][ T7382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.754869][ T7382]  ? __pfx__printk+0x10/0x10
[  289.754902][ T7382]  ? __pfx___might_resched+0x10/0x10
[  289.754927][ T7382]  ? fs_reclaim_acquire+0x7d/0x100
[  289.754963][ T7382]  should_fail_ex+0x46c/0x600
[  289.754996][ T7382]  ? __alloc_skb+0x112/0x2d0
[  289.755018][ T7382]  should_failslab+0xa8/0x100
[  289.755051][ T7382]  ? __alloc_skb+0x112/0x2d0
[  289.755070][ T7382]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  289.755099][ T7382]  ? netlink_autobind+0xdb/0x300
[  289.755130][ T7382]  __alloc_skb+0x112/0x2d0
[  289.755157][ T7382]  netlink_sendmsg+0x5c6/0xb30
[  289.755191][ T7382]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.755224][ T7382]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  289.755255][ T7382]  ? __pfx_netlink_sendmsg+0x10/0x10
[  289.755279][ T7382]  __sock_sendmsg+0x21c/0x270
[  289.755314][ T7382]  ____sys_sendmsg+0x508/0x820
[  289.755346][ T7382]  ? __pfx_____sys_sendmsg+0x10/0x10
[  289.755392][ T7382]  ? import_iovec+0x74/0xa0
[  289.755421][ T7382]  ___sys_sendmsg+0x21f/0x2a0
[  289.755450][ T7382]  ? __pfx____sys_sendmsg+0x10/0x10
[  289.755516][ T7382]  ? __fget_files+0x2a/0x420
[  289.755547][ T7382]  ? __fget_files+0x3a6/0x420
[  289.755590][ T7382]  __x64_sys_sendmsg+0x1a1/0x260
[  289.755619][ T7382]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  289.755663][ T7382]  ? do_syscall_64+0xbe/0xfa0
[  289.755698][ T7382]  do_syscall_64+0xfa/0xfa0
[  289.755724][ T7382]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.755752][ T7382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.755774][ T7382]  ? clear_bhb_loop+0x60/0xb0
[  289.755798][ T7382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.755820][ T7382] RIP: 0033:0x7f0d04aff6c9
[  289.755839][ T7382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.755858][ T7382] RSP: 002b:00007f0d02d5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  289.755884][ T7382] RAX: ffffffffffffffda RBX: 00007f0d04d55fa0 RCX: 00007f0d04aff6c9
[  289.755899][ T7382] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  289.755913][ T7382] RBP: 00007f0d02d5e090 R08: 0000000000000000 R09: 0000000000000000
[  289.755927][ T7382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.755940][ T7382] R13: 00007f0d04d56038 R14: 00007f0d04d55fa0 R15: 00007ffde7056408
[  289.755975][ T7382]  </TASK>
[  290.610988][  T990] usb 5-1: USB disconnect, device number 26
[  290.779187][ T7265] udevd[7265]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  293.785029][ T5880] IPVS: starting estimator thread 0...
[  293.872299][ T7403] IPVS: using max 7 ests per chain, 16800 per kthread
[  294.498113][ T7414] overlay: ./file0 is not a directory
[  295.447535][   T37] kauditd_printk_skb: 1 callbacks suppressed
[  295.447557][   T37] audit: type=1326 audit(1762227287.132:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  295.447644][   T37] audit: type=1326 audit(1762227287.142:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7408 comm="syz.4.337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  295.682200][ T5880] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  295.864800][ T5880] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  295.864836][ T5880] usb 2-1: config 0 interface 0 has no altsetting 0
[  295.902636][ T5880] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  295.902792][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  295.902817][ T5880] usb 2-1: Product: syz
[  295.902834][ T5880] usb 2-1: Manufacturer: syz
[  295.902849][ T5880] usb 2-1: SerialNumber: syz
[  295.953085][ T5880] usb 2-1: config 0 descriptor??
[  296.002351][ T5880] usb 2-1: selecting invalid altsetting 0
[  296.665411][ T5945] usb 2-1: USB disconnect, device number 19
[  297.673015][ T7047] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  297.692560][ T5798] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  297.751137][ T7047] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  297.853692][ T7047] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  297.870432][ T5798] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  297.870463][ T5798] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  297.909819][ T5798] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  297.909884][ T5798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  297.909898][ T5798] usb 5-1: SerialNumber: syz
[  297.919723][ T7047] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  298.291305][ T5798] usb 5-1: 0:2 : does not exist
[  298.291482][ T5798] usb 5-1: unit 255 not found!
[  298.557067][ T5798] usb 5-1: USB disconnect, device number 27
[  298.920963][ T7265] udevd[7265]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  299.278645][ T7047] 8021q: adding VLAN 0 to HW filter on device bond0
[  299.405776][ T7047] 8021q: adding VLAN 0 to HW filter on device team0
[  299.443885][ T5999] bridge0: port 1(bridge_slave_0) entered blocking state
[  299.446119][ T5999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  299.522675][ T5999] bridge0: port 2(bridge_slave_1) entered blocking state
[  299.524571][ T5999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  300.326242][ T6787] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  300.516595][ T6787] usb 5-1: Using ep0 maxpacket: 16
[  300.632971][ T6787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.633008][ T6787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.633023][ T6787] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  300.633054][ T6787] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  300.633080][ T6787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.703717][ T6787] usb 5-1: config 0 descriptor??
[  301.269154][ T6787] HID 045e:07da: Invalid code 65791 type 1
[  301.319775][ T6787] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000A/input/input18
[  301.419120][ T6787] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  301.535712][ T5945] usb 5-1: USB disconnect, device number 28
[  301.864435][ T7460] fido_id[7460]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  304.395364][ T7478] netlink: 'syz.4.345': attribute type 10 has an invalid length.
[  305.633435][ T7477] netlink: 24 bytes leftover after parsing attributes in process `syz.4.345'.
[  305.651186][ T7478] team0: Port device dummy0 added
[  305.722265][  T990] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  305.912128][  T990] usb 2-1: Using ep0 maxpacket: 16
[  305.916971][  T990] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  305.917010][  T990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  305.932116][  T990] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  305.932152][  T990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.932181][  T990] usb 2-1: Product: syz
[  305.932196][  T990] usb 2-1: Manufacturer: syz
[  305.932209][  T990] usb 2-1: SerialNumber: syz
[  305.948681][  T990] usb 2-1: config 0 descriptor??
[  305.971325][  T990] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  305.971363][  T990] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  307.759097][  T990] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  307.759597][  T990] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  307.760065][  T990] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  307.760083][  T990] em28xx 2-1:0.0: No AC97 audio processor
[  307.825685][  T990] usb 2-1: USB disconnect, device number 20
[  307.828367][  T990] em28xx 2-1:0.0: Disconnecting em28xx
[  307.867512][  T990] em28xx 2-1:0.0: Freeing device
[  309.292159][  T990] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  309.442118][  T990] usb 5-1: Using ep0 maxpacket: 16
[  309.444816][  T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.444851][  T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  309.444877][  T990] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  309.444921][  T990] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  309.444946][  T990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.451345][  T990] usb 5-1: config 0 descriptor??
[  309.870452][  T990] HID 045e:07da: Invalid code 65791 type 1
[  309.922360][  T990] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000B/input/input19
[  309.943298][  T990] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  310.191717][ T5880] usb 5-1: USB disconnect, device number 29
[  310.399220][ T7517] fido_id[7517]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  310.450471][ T7521] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.351'.
[  310.463754][ T7519] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.351'.
[  311.422173][ T5945] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  311.592113][ T5945] usb 5-1: Using ep0 maxpacket: 32
[  311.596132][ T5945] usb 5-1: too many configurations: 186, using maximum allowed: 8
[  311.601226][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.601259][ T5945] usb 5-1: config 0 has no interface number 0
[  311.601384][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.601413][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.601450][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.665008][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.665042][ T5945] usb 5-1: config 0 has no interface number 0
[  311.665680][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.665711][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.666299][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.670297][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.670324][ T5945] usb 5-1: config 0 has no interface number 0
[  311.670610][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.670647][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.670675][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.698862][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.698895][ T5945] usb 5-1: config 0 has no interface number 0
[  311.715040][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.715076][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.730388][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.784320][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.807764][ T5945] usb 5-1: config 0 has no interface number 0
[  311.820341][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.820617][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.820657][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.859756][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.859784][ T5945] usb 5-1: config 0 has no interface number 0
[  311.859875][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.859896][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.859918][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.861357][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.861385][ T5945] usb 5-1: config 0 has no interface number 0
[  311.861545][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.861573][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.861674][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  311.887799][ T7545] netlink: 'syz.1.356': attribute type 5 has an invalid length.
[  311.930323][ T5945] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  311.930357][ T5945] usb 5-1: config 0 has no interface number 0
[  311.930482][ T5945] usb 5-1: config 0 interface 31 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 514
[  311.930510][ T5945] usb 5-1: config 0 interface 31 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  311.930603][ T5945] usb 5-1: config 0 interface 31 has no altsetting 0
[  312.006652][ T5945] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a3a, bcdDevice=82.49
[  312.006755][ T5945] usb 5-1: New USB device strings: Mfr=157, Product=151, SerialNumber=37
[  312.006778][ T5945] usb 5-1: Product: syz
[  312.006794][ T5945] usb 5-1: Manufacturer: syz
[  312.006809][ T5945] usb 5-1: SerialNumber: syz
[  312.058577][ T5945] usb 5-1: config 0 descriptor??
[  312.060180][ T7530] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  312.453901][ T5880] usb 5-1: USB disconnect, device number 30
[  314.004398][ T7546] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  314.233911][ T7546] usb 2-1: Using ep0 maxpacket: 16
[  314.538143][ T7546] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.538753][ T7546] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.538781][ T7546] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  314.538831][ T7546] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  314.539272][ T7546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.620816][ T7546] usb 2-1: config 0 descriptor??
[  315.062430][ T7546] HID 045e:07da: Invalid code 65791 type 1
[  315.114290][ T7570] evm: overlay not supported
[  315.137950][ T7546] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000C/input/input20
[  315.215479][ T7546] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  315.272336][ T7546] usb 2-1: USB disconnect, device number 21
[  315.584928][ T7583] fido_id[7583]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  316.392150][  T990] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  316.545659][  T990] usb 5-1: Using ep0 maxpacket: 16
[  316.551864][  T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.551901][  T990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.552153][  T990] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  316.552203][  T990] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  316.552228][  T990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.588401][  T990] usb 5-1: config 0 descriptor??
[  318.083916][  T990] HID 045e:07da: Invalid code 65791 type 1
[  318.091852][  T990] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000D/input/input21
[  318.129744][  T990] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  318.489538][ T7622] overlay: ./file0 is not a directory
[  318.817495][  T990] usb 5-1: USB disconnect, device number 31
[  319.023154][   T37] audit: type=1326 audit(1762227310.732:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.155795][   T37] audit: type=1326 audit(1762227310.752:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.407379][   T37] audit: type=1326 audit(1762227311.132:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.408787][   T37] audit: type=1326 audit(1762227311.132:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.409421][   T37] audit: type=1326 audit(1762227311.132:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.410863][   T37] audit: type=1326 audit(1762227311.132:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.410925][   T37] audit: type=1326 audit(1762227311.132:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.411040][   T37] audit: type=1326 audit(1762227311.132:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.433382][ T7621] fido_id[7621]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  319.444958][   T37] audit: type=1326 audit(1762227311.162:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  319.445023][   T37] audit: type=1326 audit(1762227311.162:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7617 comm="syz.1.367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  321.372170][    T9] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  321.522158][    T9] usb 5-1: Using ep0 maxpacket: 16
[  321.524701][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.524737][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.524762][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  321.524807][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  321.524833][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.541502][    T9] usb 5-1: config 0 descriptor??
[  321.957911][    T9] HID 045e:07da: Invalid code 65791 type 1
[  321.981108][    T9] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000E/input/input22
[  322.010748][    T9] microsoft 0003:045E:07DA.000E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  322.215160][    T9] usb 5-1: USB disconnect, device number 32
[  322.727409][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  322.727488][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  323.700161][ T7667] No control pipe specified
[  324.537568][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  324.537591][   T37] audit: type=1326 audit(1762227316.242:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7680 comm="syz.1.379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x0
[  324.932425][    T9] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  325.322611][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  325.322657][    T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  325.322724][    T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  325.322762][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.483083][ T7686] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  326.483585][ T7686] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  326.510227][    T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  326.850835][    T9] usb 2-1: USB disconnect, device number 22
[  330.914627][    T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  331.115339][    T9] usb 5-1: device descriptor read/64, error -71
[  331.392714][    T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  331.449196][ T7741] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'.
[  331.542138][    T9] usb 5-1: device descriptor read/64, error -71
[  331.560459][ T7741] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'.
[  331.652833][    T9] usb usb5-port1: attempt power cycle
[  331.992127][    T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  332.012888][    T9] usb 5-1: device descriptor read/8, error -71
[  332.252153][    T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  332.274633][    T9] usb 5-1: device descriptor read/8, error -71
[  332.382908][    T9] usb usb5-port1: unable to enumerate USB device
[  332.685716][ T7767] overlay: ./file0 is not a directory
[  333.213356][   T37] audit: type=1326 audit(1762227324.932:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7748 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  333.222397][   T37] audit: type=1326 audit(1762227324.942:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7748 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  333.307727][   T37] audit: type=1326 audit(1762227325.032:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7748 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  333.309024][   T37] audit: type=1326 audit(1762227325.032:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7748 comm="syz.1.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  334.082312][ T5945] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  334.252649][ T5945] usb 5-1: Using ep0 maxpacket: 8
[  334.259635][ T5945] usb 5-1: unable to get BOS descriptor or descriptor too short
[  334.278266][ T5945] usb 5-1: config 4 interface 0 has no altsetting 0
[  334.297079][ T5945] usb 5-1: string descriptor 0 read error: -22
[  334.297600][ T5945] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  334.300020][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.471521][ T5945] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  335.463656][ T5945] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  335.464064][ T5945] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  335.464124][ T5945] usb 5-1: media controller created
[  335.472558][ T7770] usb 5-1: dvb_usb_au6610: wlen=0, aborting
[  335.591632][ T5945] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  335.663211][ T5945] zl10353_read_register: readreg error (reg=127, ret==0)
[  335.794525][ T5945] usb 5-1: USB disconnect, device number 37
[  337.134591][ T7797] No control pipe specified
[  339.256482][ T7815] overlay: ./file0 is not a directory
[  339.474954][   T37] audit: type=1326 audit(1762227331.202:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.477209][   T37] audit: type=1326 audit(1762227331.202:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.480425][   T37] audit: type=1326 audit(1762227331.202:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.485967][   T37] audit: type=1326 audit(1762227331.212:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.497229][   T37] audit: type=1326 audit(1762227331.212:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.507960][   T37] audit: type=1326 audit(1762227331.232:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.508267][   T37] audit: type=1326 audit(1762227331.232:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.508540][   T37] audit: type=1326 audit(1762227331.232:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.538676][   T37] audit: type=1326 audit(1762227331.252:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  339.548327][   T37] audit: type=1326 audit(1762227331.272:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7811 comm="syz.4.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  340.690036][ T7828] Smack: duplicate mount options
[  340.866171][ T7828] syz.4.398 (7828) used greatest stack depth: 17080 bytes left
[  341.042352][ T7835] capability: warning: `syz.1.399' uses 32-bit capabilities (legacy support in use)
[  342.708403][ T7854] FAULT_INJECTION: forcing a failure.
[  342.708403][ T7854] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  342.708442][ T7854] CPU: 1 UID: 0 PID: 7854 Comm: syz.4.401 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  342.708473][ T7854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  342.708487][ T7854] Call Trace:
[  342.708496][ T7854]  <TASK>
[  342.708506][ T7854]  dump_stack_lvl+0x189/0x250
[  342.708544][ T7854]  ? __pfx____ratelimit+0x10/0x10
[  342.708572][ T7854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.708604][ T7854]  ? __pfx__printk+0x10/0x10
[  342.708631][ T7854]  ? __might_fault+0xb0/0x130
[  342.708683][ T7854]  should_fail_ex+0x46c/0x600
[  342.708725][ T7854]  _copy_from_user+0x2d/0xb0
[  342.708750][ T7854]  ___sys_sendmsg+0x158/0x2a0
[  342.708780][ T7854]  ? __pfx____sys_sendmsg+0x10/0x10
[  342.708845][ T7854]  ? __fget_files+0x2a/0x420
[  342.708884][ T7854]  ? __fget_files+0x3a6/0x420
[  342.708927][ T7854]  __x64_sys_sendmsg+0x1a1/0x260
[  342.708955][ T7854]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  342.708992][ T7854]  ? __pfx_ksys_write+0x10/0x10
[  342.709024][ T7854]  ? do_syscall_64+0xbe/0xfa0
[  342.709056][ T7854]  do_syscall_64+0xfa/0xfa0
[  342.709083][ T7854]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.709109][ T7854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.709131][ T7854]  ? clear_bhb_loop+0x60/0xb0
[  342.709157][ T7854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.709176][ T7854] RIP: 0033:0x7fa5bc58f6c9
[  342.709195][ T7854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.709215][ T7854] RSP: 002b:00007fa5ba7ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  342.709239][ T7854] RAX: ffffffffffffffda RBX: 00007fa5bc7e5fa0 RCX: 00007fa5bc58f6c9
[  342.709255][ T7854] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  342.709268][ T7854] RBP: 00007fa5ba7ee090 R08: 0000000000000000 R09: 0000000000000000
[  342.709280][ T7854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.709293][ T7854] R13: 00007fa5bc7e6038 R14: 00007fa5bc7e5fa0 R15: 00007ffea9ae1838
[  342.709329][ T7854]  </TASK>
[  342.786632][ T7856] No control pipe specified
[  344.042099][    C0] vkms_vblank_simulate: vblank timer overrun
[  344.153274][ T7864] netlink: 12 bytes leftover after parsing attributes in process `syz.4.404'.
[  344.316800][ T7870] FAULT_INJECTION: forcing a failure.
[  344.316800][ T7870] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.316840][ T7870] CPU: 1 UID: 0 PID: 7870 Comm: syz.1.407 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.316865][ T7870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  344.316883][ T7870] Call Trace:
[  344.316892][ T7870]  <TASK>
[  344.316902][ T7870]  dump_stack_lvl+0x189/0x250
[  344.316941][ T7870]  ? __pfx____ratelimit+0x10/0x10
[  344.316969][ T7870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.317001][ T7870]  ? __pfx__printk+0x10/0x10
[  344.317028][ T7870]  ? __might_fault+0xb0/0x130
[  344.317079][ T7870]  should_fail_ex+0x46c/0x600
[  344.317115][ T7870]  _copy_from_user+0x2d/0xb0
[  344.317140][ T7870]  __sys_bpf+0x1e3/0x860
[  344.317174][ T7870]  ? __pfx___sys_bpf+0x10/0x10
[  344.317200][ T7870]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  344.317242][ T7870]  ? ksys_write+0x230/0x260
[  344.317272][ T7870]  ? __pfx_ksys_write+0x10/0x10
[  344.317306][ T7870]  __x64_sys_bpf+0x7c/0x90
[  344.317332][ T7870]  do_syscall_64+0xfa/0xfa0
[  344.317361][ T7870]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.317381][ T7870]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  344.317402][ T7870]  ? clear_bhb_loop+0x60/0xb0
[  344.317428][ T7870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.317446][ T7870] RIP: 0033:0x7f0d04aff6c9
[  344.317463][ T7870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.317482][ T7870] RSP: 002b:00007f0d02d5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  344.317507][ T7870] RAX: ffffffffffffffda RBX: 00007f0d04d55fa0 RCX: 00007f0d04aff6c9
[  344.317522][ T7870] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  344.317536][ T7870] RBP: 00007f0d02d5e090 R08: 0000000000000000 R09: 0000000000000000
[  344.317548][ T7870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.317561][ T7870] R13: 00007f0d04d56038 R14: 00007f0d04d55fa0 R15: 00007ffde7056408
[  344.317596][ T7870]  </TASK>
[  344.407006][    C0] vkms_vblank_simulate: vblank timer overrun
[  345.218300][    C0] vkms_vblank_simulate: vblank timer overrun
[  345.471712][    C0] vkms_vblank_simulate: vblank timer overrun
[  345.670248][    C0] vkms_vblank_simulate: vblank timer overrun
[  346.042737][    C0] vkms_vblank_simulate: vblank timer overrun
[  346.431670][    C0] vkms_vblank_simulate: vblank timer overrun
[  346.690398][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.002087][    C0] vkms_vblank_simulate: vblank timer overrun
[  347.310060][ T7889] overlay: ./file0 is not a directory
[  347.442285][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  347.590154][   T37] kauditd_printk_skb: 8 callbacks suppressed
[  347.590280][   T37] audit: type=1326 audit(1762227339.312:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.591260][   T37] audit: type=1326 audit(1762227339.312:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.643359][    T9] usb 2-1: Using ep0 maxpacket: 8
[  347.865317][   T37] audit: type=1326 audit(1762227339.362:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.869500][   T37] audit: type=1326 audit(1762227339.372:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.870658][   T37] audit: type=1326 audit(1762227339.432:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.871451][   T37] audit: type=1326 audit(1762227339.442:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.913407][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  347.915125][    T9] usb 2-1: config 4 interface 0 has no altsetting 0
[  347.923715][    T9] usb 2-1: string descriptor 0 read error: -22
[  347.923881][    T9] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  347.923904][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.982273][   T37] audit: type=1326 audit(1762227339.442:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.982330][   T37] audit: type=1326 audit(1762227339.452:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.982380][   T37] audit: type=1326 audit(1762227339.472:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa5bc58f6c9 code=0x7ffc0000
[  347.982432][   T37] audit: type=1326 audit(1762227339.622:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7884 comm="syz.4.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa5bc58f703 code=0x7ffc0000
[  347.998339][    T9] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  348.097074][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  348.097487][    T9] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  348.097542][    T9] usb 2-1: media controller created
[  348.164525][ T7887] usb 2-1: dvb_usb_au6610: wlen=0, aborting
[  348.226702][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  348.292201][    T9] zl10353_read_register: readreg error (reg=127, ret==0)
[  348.450563][    T9] usb 2-1: USB disconnect, device number 23
[  348.651132][ T7893] No control pipe specified
[  349.890588][ T7899] netlink: 12 bytes leftover after parsing attributes in process `syz.1.413'.
[  350.411614][    T9] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  350.549137][ T7907] netdevsim netdevsim1 ÿÿÿÿÿÿ: renamed from netdevsim0
[  351.324885][    T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  351.324927][    T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  351.324976][    T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  351.325000][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.332947][ T7900] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  351.333253][ T7900] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  351.366251][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  351.628203][    T9] usb 5-1: USB disconnect, device number 38
[  353.995554][ T7936] No control pipe specified
[  356.422720][ T7951] block nbd1: NBD_DISCONNECT
[  356.731296][ T7953] netlink: 7064 bytes leftover after parsing attributes in process `syz.1.424'.
[  356.731333][ T7953] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  359.672290][ T5945] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  359.832032][ T5945] usb 2-1: Using ep0 maxpacket: 16
[  359.837341][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.837601][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.837627][ T5945] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  359.837674][ T5945] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  359.837933][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.858346][ T5945] usb 2-1: config 0 descriptor??
[  360.208413][ T7968] 9pnet_fd: Insufficient options for proto=fd
[  360.453705][ T5945] HID 045e:07da: Invalid code 65791 type 1
[  360.474291][ T5945] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000F/input/input25
[  360.612546][ T7971] trusted_key: encrypted_key: insufficient parameters specified
[  361.466306][ T5945] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  361.655638][ T7546] usb 2-1: USB disconnect, device number 24
[  362.049583][ T7972] fido_id[7972]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  362.055441][ T7974] netlink: 39 bytes leftover after parsing attributes in process `syz.4.430'.
[  362.055470][ T7974] netlink: 1 bytes leftover after parsing attributes in process `syz.4.430'.
[  362.622445][ T5880] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  363.929036][ T5880] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  363.929078][ T5880] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.929119][ T5880] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  363.929145][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.985686][ T5880] hub 2-1:4.0: USB hub found
[  364.181404][ T7979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  364.184024][ T7546] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  364.204004][ T7979] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.213969][ T7979] FAULT_INJECTION: forcing a failure.
[  364.213969][ T7979] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  364.214010][ T7979] CPU: 1 UID: 0 PID: 7979 Comm: syz.1.432 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  364.214035][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  364.214047][ T7979] Call Trace:
[  364.214054][ T7979]  <TASK>
[  364.214063][ T7979]  dump_stack_lvl+0x189/0x250
[  364.214097][ T7979]  ? __pfx____ratelimit+0x10/0x10
[  364.214123][ T7979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  364.214154][ T7979]  ? __pfx__printk+0x10/0x10
[  364.214198][ T7979]  should_fail_ex+0x46c/0x600
[  364.214230][ T7979]  _copy_to_user+0x31/0xb0
[  364.214255][ T7979]  simple_read_from_buffer+0xe1/0x170
[  364.214286][ T7979]  proc_fail_nth_read+0x1b6/0x220
[  364.214313][ T7979]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  364.214341][ T7979]  ? rw_verify_area+0x2ac/0x4e0
[  364.214364][ T7979]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  364.214387][ T7979]  vfs_read+0x206/0xa30
[  364.214418][ T7979]  ? __pfx_vfs_read+0x10/0x10
[  364.214438][ T7979]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  364.214469][ T7979]  ? mutex_lock_nested+0x154/0x1d0
[  364.214491][ T7979]  ? fdget_pos+0x253/0x320
[  364.214529][ T7979]  ksys_read+0x14b/0x260
[  364.214549][ T7979]  ? __fget_files+0x2a/0x420
[  364.214577][ T7979]  ? __pfx_ksys_read+0x10/0x10
[  364.214604][ T7979]  ? do_syscall_64+0xbe/0xfa0
[  364.214636][ T7979]  do_syscall_64+0xfa/0xfa0
[  364.214666][ T7979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.214683][ T7979]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  364.214710][ T7979]  ? clear_bhb_loop+0x60/0xb0
[  364.214734][ T7979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.214753][ T7979] RIP: 0033:0x7f0d04afe0dc
[  364.214771][ T7979] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  364.214788][ T7979] RSP: 002b:00007f0d02d5e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  364.214812][ T7979] RAX: ffffffffffffffda RBX: 00007f0d04d55fa0 RCX: 00007f0d04afe0dc
[  364.214829][ T7979] RDX: 000000000000000f RSI: 00007f0d02d5e0a0 RDI: 0000000000000006
[  364.214841][ T7979] RBP: 00007f0d02d5e090 R08: 0000000000000000 R09: 0000000000000000
[  364.214853][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.214864][ T7979] R13: 00007f0d04d56038 R14: 00007f0d04d55fa0 R15: 00007ffde7056408
[  364.214898][ T7979]  </TASK>
[  364.352130][ T5880] hub 2-1:4.0: config failed, can't read hub descriptor (err -22)
[  364.377129][ T7546] usb 5-1: config 1 has an invalid interface number: 245 but max is 0
[  364.377159][ T7546] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  364.377178][ T7546] usb 5-1: config 1 has no interface number 0
[  364.377775][ T7546] usb 5-1: config 1 interface 245 altsetting 4 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  364.377804][ T7546] usb 5-1: config 1 interface 245 altsetting 4 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  364.378047][ T7546] usb 5-1: config 1 interface 245 altsetting 4 endpoint 0x4 has an invalid bInterval 86, changing to 10
[  364.378075][ T7546] usb 5-1: config 1 interface 245 altsetting 4 has 5 endpoint descriptors, different from the interface descriptor's value: 14
[  364.378101][ T7546] usb 5-1: config 1 interface 245 has no altsetting 0
[  364.390604][ T7546] usb 5-1: New USB device found, idVendor=07ca, idProduct=b835, bcdDevice=8d.5a
[  364.391047][ T7546] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.391069][ T7546] usb 5-1: Product: syz
[  364.391083][ T7546] usb 5-1: Manufacturer: ￪붶㆓冀
[  364.391097][ T7546] usb 5-1: SerialNumber: syz
[  364.603611][ T5880] usb 2-1: USB disconnect, device number 25
[  364.786356][ T7546] usb 5-1: USB disconnect, device number 39
[  367.359816][ T8021] overlay: ./file0 is not a directory
[  367.522375][   T37] kauditd_printk_skb: 13 callbacks suppressed
[  367.522536][   T37] audit: type=1326 audit(1762227359.232:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.523296][   T37] audit: type=1326 audit(1762227359.242:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.524021][   T37] audit: type=1326 audit(1762227359.242:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.524592][   T37] audit: type=1326 audit(1762227359.242:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.525387][   T37] audit: type=1326 audit(1762227359.242:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.525981][   T37] audit: type=1326 audit(1762227359.242:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.526567][   T37] audit: type=1326 audit(1762227359.242:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.527339][   T37] audit: type=1326 audit(1762227359.242:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0d04aff6c9 code=0x7ffc0000
[  367.609215][   T37] audit: type=1326 audit(1762227359.332:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0d04aff703 code=0x7ffc0000
[  367.659782][   T37] audit: type=1326 audit(1762227359.382:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8017 comm="syz.1.445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0d04aff703 code=0x7ffc0000
[  368.769361][ T8027] binder: 8026:8027 ioctl c0046209 0 returned -22
[  368.796029][ T8026] [U] O
[  370.805053][ T8039] IPv6: sit1: Disabled Multicast RS
[  370.814265][ T8039] sit1: entered allmulticast mode
[  373.836346][ T8065] binder: 8064:8065 ioctl c0046209 0 returned -22
[  374.033790][  T990] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  374.253326][  T990] usb 2-1: unable to read config index 0 descriptor/start: -71
[  374.253373][  T990] usb 2-1: can't read configurations, error -71
[  374.361663][ T8081] netlink: 'syz.1.468': attribute type 12 has an invalid length.
[  374.411727][ T8081] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  374.532102][ T5880] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  374.682083][ T5880] usb 5-1: Using ep0 maxpacket: 8
[  374.685836][ T5880] usb 5-1: unable to get BOS descriptor or descriptor too short
[  374.687503][ T5880] usb 5-1: config 4 interface 0 has no altsetting 0
[  374.712528][ T5880] usb 5-1: string descriptor 0 read error: -22
[  374.712720][ T5880] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  374.712748][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.786754][ T5880] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  374.800888][ T5880] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  374.801265][ T5880] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  374.801321][ T5880] usb 5-1: media controller created
[  375.408001][ T8077] usb 5-1: dvb_usb_au6610: wlen=0, aborting
[  375.473503][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  375.511145][ T5880] zl10353_read_register: readreg error (reg=127, ret==0)
[  375.572217][ T5880] usb 5-1: USB disconnect, device number 40
[  377.569472][ T8098] 9pnet_fd: Insufficient options for proto=fd
[  383.892145][ T5945] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  383.922529][   T37] kauditd_printk_skb: 2 callbacks suppressed
[  383.922550][   T37] audit: type=1326 audit(1762227375.652:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8134 comm="syz.1.483" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0d04aff6c9 code=0x0
[  383.968736][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  383.968819][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  384.048001][ T5945] usb 5-1: config 1 interface 0 altsetting 14 endpoint 0x82 is Bulk; changing to Interrupt
[  384.048080][ T5945] usb 5-1: config 1 interface 0 altsetting 14 endpoint 0x3 is Bulk; changing to Interrupt
[  384.048095][ T5945] usb 5-1: config 1 interface 0 altsetting 14 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  384.048112][ T5945] usb 5-1: config 1 interface 0 has no altsetting 0
[  384.051629][ T5945] usb 5-1: string descriptor 0 read error: -22
[  384.051786][ T5945] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  384.051802][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.117456][ T8129] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  384.117614][ T8129] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  384.151032][ T5945] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  384.345056][ T5880] usb 5-1: USB disconnect, device number 41
[  384.422130][ T7546] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  384.589279][ T7546] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  384.589305][ T7546] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  384.589584][ T7546] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  384.589602][ T7546] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.633380][ T8136] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  384.634190][ T8136] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  384.658880][ T7546] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  384.927286][ T5880] usb 2-1: USB disconnect, device number 28
[  388.179564][ T8155] FAULT_INJECTION: forcing a failure.
[  388.179564][ T8155] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.179603][ T8155] CPU: 1 UID: 0 PID: 8155 Comm: syz.4.487 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  388.179634][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  388.179648][ T8155] Call Trace:
[  388.179665][ T8155]  <TASK>
[  388.179675][ T8155]  dump_stack_lvl+0x189/0x250
[  388.179714][ T8155]  ? __pfx____ratelimit+0x10/0x10
[  388.179742][ T8155]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.179776][ T8155]  ? __pfx__printk+0x10/0x10
[  388.179802][ T8155]  ? __might_fault+0xb0/0x130
[  388.179845][ T8155]  should_fail_ex+0x46c/0x600
[  388.179881][ T8155]  _copy_from_user+0x2d/0xb0
[  388.179902][ T8155]  ___sys_sendmsg+0x158/0x2a0
[  388.179925][ T8155]  ? __pfx____sys_sendmsg+0x10/0x10
[  388.179977][ T8155]  ? __fget_files+0x2a/0x420
[  388.180000][ T8155]  ? __fget_files+0x3a6/0x420
[  388.180032][ T8155]  __x64_sys_sendmsg+0x1a1/0x260
[  388.180054][ T8155]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  388.180083][ T8155]  ? __pfx_ksys_write+0x10/0x10
[  388.180107][ T8155]  ? do_syscall_64+0xbe/0xfa0
[  388.180132][ T8155]  do_syscall_64+0xfa/0xfa0
[  388.180153][ T8155]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.180174][ T8155]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.180191][ T8155]  ? clear_bhb_loop+0x60/0xb0
[  388.180211][ T8155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.180226][ T8155] RIP: 0033:0x7fa5bc58f6c9
[  388.180242][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.180257][ T8155] RSP: 002b:00007fa5ba7ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  388.180277][ T8155] RAX: ffffffffffffffda RBX: 00007fa5bc7e6180 RCX: 00007fa5bc58f6c9
[  388.180290][ T8155] RDX: 0000000024000040 RSI: 0000200000009b40 RDI: 0000000000000007
[  388.180301][ T8155] RBP: 00007fa5ba7ac090 R08: 0000000000000000 R09: 0000000000000000
[  388.180312][ T8155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.180322][ T8155] R13: 00007fa5bc7e6218 R14: 00007fa5bc7e6180 R15: 00007ffea9ae1838
[  388.180350][ T8155]  </TASK>
[  389.715017][ T8167] overlay: ./file0 is not a directory
[  394.082142][ T5880] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  394.212142][ T5880] usb 2-1: device descriptor read/64, error -71
[  394.492117][ T5880] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  394.622105][ T5880] usb 2-1: device descriptor read/64, error -71
[  394.736897][ T5880] usb usb2-port1: attempt power cycle
[  395.092107][ T5880] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  395.255574][ T5880] usb 2-1: device descriptor read/8, error -71
[  396.394060][    C0] vkms_vblank_simulate: vblank timer overrun
[  396.661068][    C0] vkms_vblank_simulate: vblank timer overrun
[  397.112070][   T38] INFO: task kworker/1:3:5810 blocked for more than 143 seconds.
[  397.112099][   T38]       Not tainted syzkaller #0
[  397.112112][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  397.112123][   T38] task:kworker/1:3     state:D stack:20712 pid:5810  tgid:5810  ppid:2      task_flags:0x4208060 flags:0x00080000
[  397.112251][   T38] Workqueue: events rfkill_sync_work
[  397.112287][   T38] Call Trace:
[  397.112295][   T38]  <TASK>
[  397.112310][   T38]  __schedule+0x16f3/0x4c20
[  397.112422][   T38]  ? __pfx___schedule+0x10/0x10
[  397.112471][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.112506][   T38]  rt_mutex_schedule+0x77/0xf0
[  397.112588][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  397.112623][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  397.112668][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  397.112754][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  397.112781][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  397.112837][   T38]  ? rfkill_sync_work+0x2e/0x200
[  397.112923][   T38]  mutex_lock_nested+0x16a/0x1d0
[  397.112954][   T38]  rfkill_sync_work+0x2e/0x200
[  397.112984][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  397.113014][   T38]  process_scheduled_works+0xae1/0x17b0
[  397.113136][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  397.113187][   T38]  worker_thread+0x8a0/0xda0
[  397.113280][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.113323][   T38]  ? __kthread_parkme+0x7b/0x200
[  397.113364][   T38]  kthread+0x711/0x8a0
[  397.113461][   T38]  ? __pfx_worker_thread+0x10/0x10
[  397.113490][   T38]  ? __pfx_kthread+0x10/0x10
[  397.113519][   T38]  ? rt_spin_unlock+0x150/0x200
[  397.113548][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.113637][   T38]  ? __pfx_kthread+0x10/0x10
[  397.113673][   T38]  ret_from_fork+0x4bc/0x870
[  397.113704][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  397.113801][   T38]  ? __switch_to_asm+0x39/0x70
[  397.113824][   T38]  ? __switch_to_asm+0x33/0x70
[  397.113846][   T38]  ? __pfx_kthread+0x10/0x10
[  397.113881][   T38]  ret_from_fork_asm+0x1a/0x30
[  397.113985][   T38]  </TASK>
[  397.114006][   T38] INFO: task kworker/1:4:5864 blocked for more than 143 seconds.
[  397.114021][   T38]       Not tainted syzkaller #0
[  397.114033][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  397.114043][   T38] task:kworker/1:4     state:D stack:20712 pid:5864  tgid:5864  ppid:2      task_flags:0x4208060 flags:0x00080000
[  397.114164][   T38] Workqueue: events rfkill_sync_work
[  397.114194][   T38] Call Trace:
[  397.114202][   T38]  <TASK>
[  397.114216][   T38]  __schedule+0x16f3/0x4c20
[  397.114335][   T38]  ? __pfx___schedule+0x10/0x10
[  397.114386][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.114480][   T38]  rt_mutex_schedule+0x77/0xf0
[  397.114504][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  397.114528][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[  397.114573][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  397.114663][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  397.114690][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  397.114745][   T38]  ? rfkill_sync_work+0x2e/0x200
[  397.114832][   T38]  mutex_lock_nested+0x16a/0x1d0
[  397.114864][   T38]  rfkill_sync_work+0x2e/0x200
[  397.114892][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  397.114922][   T38]  process_scheduled_works+0xae1/0x17b0
[  397.115043][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  397.115093][   T38]  worker_thread+0x8a0/0xda0
[  397.115221][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.115263][   T38]  ? __kthread_parkme+0x7b/0x200
[  397.115363][   T38]  kthread+0x711/0x8a0
[  397.115402][   T38]  ? __pfx_worker_thread+0x10/0x10
[  397.115429][   T38]  ? __pfx_kthread+0x10/0x10
[  397.115517][   T38]  ? rt_spin_unlock+0x150/0x200
[  397.115549][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.115570][   T38]  ? __pfx_kthread+0x10/0x10
[  397.115695][   T38]  ret_from_fork+0x4bc/0x870
[  397.115727][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  397.115763][   T38]  ? __switch_to_asm+0x39/0x70
[  397.115785][   T38]  ? __switch_to_asm+0x33/0x70
[  397.115864][   T38]  ? __pfx_kthread+0x10/0x10
[  397.115901][   T38]  ret_from_fork_asm+0x1a/0x30
[  397.115946][   T38]  </TASK>
[  397.115959][   T38] INFO: task kworker/0:5:5885 blocked for more than 143 seconds.
[  397.116033][   T38]       Not tainted syzkaller #0
[  397.116045][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  397.116055][   T38] task:kworker/0:5     state:D stack:19464 pid:5885  tgid:5885  ppid:2      task_flags:0x4208060 flags:0x00080000
[  397.116113][   T38] Workqueue: events rfkill_global_led_trigger_worker
[  397.116206][   T38] Call Trace:
[  397.116214][   T38]  <TASK>
[  397.116228][   T38]  __schedule+0x16f3/0x4c20
[  397.116288][   T38]  ? __pfx___schedule+0x10/0x10
[  397.116396][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.116431][   T38]  rt_mutex_schedule+0x77/0xf0
[  397.116454][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  397.117646][   T38]  ? task_blocks_on_rt_mutex+0x78c/0x1380
[  397.117760][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[  397.117789][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[  397.117815][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  397.118744][   T38]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  397.118796][   T38]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  397.118828][   T38]  mutex_lock_nested+0x16a/0x1d0
[  397.119640][   T38]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  397.119677][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  397.120106][   T38]  rfkill_global_led_trigger_worker+0x27/0xd0
[  397.120143][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  397.120171][   T38]  process_scheduled_works+0xae1/0x17b0
[  397.120965][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  397.121017][   T38]  worker_thread+0x8a0/0xda0
[  397.121773][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.121817][   T38]  ? __kthread_parkme+0x7b/0x200
[  397.121860][   T38]  kthread+0x711/0x8a0
[  397.274667][   T38]  ? __pfx_worker_thread+0x10/0x10
[  397.274709][   T38]  ? __pfx_kthread+0x10/0x10
[  397.274740][   T38]  ? rt_spin_unlock+0x150/0x200
[  397.289903][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.289933][   T38]  ? __pfx_kthread+0x10/0x10
[  397.289969][   T38]  ret_from_fork+0x4bc/0x870
[  397.311581][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  397.311629][   T38]  ? __switch_to_asm+0x39/0x70
[  397.311652][   T38]  ? __switch_to_asm+0x33/0x70
[  397.326165][   T38]  ? __pfx_kthread+0x10/0x10
[  397.326209][   T38]  ret_from_fork_asm+0x1a/0x30
[  397.326255][   T38]  </TASK>
[  397.342121][   T38] INFO: task syz.3.278:7051 blocked for more than 143 seconds.
[  397.342143][   T38]       Not tainted syzkaller #0
[  397.342155][   T38]       Blocked by coredump.
[  397.342162][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  397.342173][   T38] task:syz.3.278       state:D stack:25384 pid:7051  tgid:7049  ppid:5797   task_flags:0x40044c flags:0x00080003
[  397.349565][   T38] Call Trace:
[  397.349574][   T38]  <TASK>
[  397.349590][   T38]  __schedule+0x16f3/0x4c20
[  397.365463][   T38]  ? validate_chain+0x897/0x2140
[  397.365497][   T38]  ? try_to_take_rt_mutex+0x840/0xb00
[  397.365533][   T38]  ? __lock_acquire+0xab9/0xd20
[  397.392645][   T38]  ? __pfx___schedule+0x10/0x10
[  397.392708][   T38]  ? schedule+0x91/0x360
[  397.409632][   T38]  schedule+0x165/0x360
[  397.409678][   T38]  schedule_timeout+0x9a/0x270
[  397.409710][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[  397.426302][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  397.426350][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.426378][   T38]  ? wait_for_completion+0x267/0x5d0
[  397.463884][   T38]  wait_for_completion+0x2bf/0x5d0
[  397.463938][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[  397.463970][   T38]  ? __flush_work+0xce/0xd20
[  397.466739][   T38]  ? __flush_work+0xce/0xd20
[  397.466780][   T38]  __flush_work+0x9c1/0xd20
[  397.466813][   T38]  ? __flush_work+0xce/0xd20
[  397.492068][   T38]  ? __pfx___flush_work+0x10/0x10
[  397.492148][   T38]  ? __pfx_wq_barrier_func+0x10/0x10
[  397.492191][   T38]  ? __pfx___cancel_work+0x10/0x10
[  397.492219][   T38]  ? nfc_genl_device_removed+0x23c/0x330
[  397.492251][   T38]  __cancel_work_sync+0xbe/0x110
[  397.492285][   T38]  rfkill_unregister+0x95/0x230
[  397.492346][   T38]  nfc_unregister_device+0x96/0x2a0
[  397.492377][   T38]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  397.492407][   T38]  virtual_ncidev_close+0x59/0x90
[  397.492449][   T38]  __fput+0x45b/0xa80
[  397.492512][   T38]  task_work_run+0x1d4/0x260
[  397.492536][   T38]  ? __pfx_task_work_run+0x10/0x10
[  397.492556][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.492590][   T38]  do_exit+0x6b5/0x2300
[  397.492623][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  397.492689][   T38]  ? __pfx_do_exit+0x10/0x10
[  397.492715][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  397.492737][   T38]  ? rt_spin_lock+0x1c1/0x3e0
[  397.492778][   T38]  do_group_exit+0x21c/0x2d0
[  397.493001][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.493031][   T38]  get_signal+0x125d/0x1310
[  397.493082][   T38]  arch_do_signal_or_restart+0xa0/0x790
[  397.493113][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  397.493508][   T38]  ? __pfx_do_sys_openat2+0x10/0x10
[  397.493546][   T38]  ? exit_to_user_mode_loop+0x40/0x130
[  397.493577][   T38]  exit_to_user_mode_loop+0x72/0x130
[  397.493608][   T38]  do_syscall_64+0x2bd/0xfa0
[  397.494012][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.494040][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.494060][   T38]  ? clear_bhb_loop+0x60/0xb0
[  397.494085][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.494108][   T38] RIP: 0033:0x7fac5f72f6c9
[  397.494127][   T38] RSP: 002b:00007fac5d98e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  397.494525][   T38] RAX: 0000000000000005 RBX: 00007fac5f985fa0 RCX: 00007fac5f72f6c9
[  397.494540][   T38] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  397.494555][   T38] RBP: 00007fac5f7b1f91 R08: 0000000000000000 R09: 0000000000000000
[  397.494568][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  397.494580][   T38] R13: 00007fac5f986038 R14: 00007fac5f985fa0 R15: 00007fff192b4608
[  397.494619][   T38]  </TASK>
[  397.495207][   T38] 
[  397.495207][   T38] Showing all locks held in the system:
[  397.495218][   T38] 6 locks held by kworker/u8:1/13:
[  397.495231][   T38] 4 locks held by ktimers/0/16:
[  397.495242][   T38] 4 locks held by pr/legacy/17:
[  397.495253][   T38] 3 locks held by rcuc/0/20:
[  397.495266][   T38] 1 lock held by khungtaskd/38:
[  397.495279][   T38]  #0: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  397.495868][   T38] 6 locks held by kworker/u8:3/45:
[  397.495885][   T38] 4 locks held by kworker/u8:5/71:
[  397.495895][   T38]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.495950][   T38]  #1: ffffc9000156fba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.496365][   T38]  #2: ffffffff8e856320 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
[  397.496414][   T38]  #3: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd1/0x230
[  397.496875][   T38] 2 locks held by kworker/u8:8/2150:
[  397.496889][   T38]  #0: ffff88813ff69138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.496940][   T38]  #1: ffffc90005e77ba0 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.497036][   T38] 6 locks held by kworker/u8:11/3693:
[  397.497048][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.497102][   T38]  #1: ffffc9000db27ba0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.498296][   T38]  #2: ffff88801caee300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0
[  397.498396][   T38]  #3: ffff88805c583920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0
[  397.498459][   T38]  #4: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1c1/0x3e0
[  397.498885][   T38]  #5: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0
[  397.498937][   T38] 6 locks held by kworker/u8:12/3716:
[  397.498949][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.499370][   T38]  #1: ffffc9000da57ba0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.499437][   T38]  #2: ffff88801cb07300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0
[  397.500038][   T38]  #3: ffff88803cec4d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0
[  397.500092][   T38]  #4: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1c1/0x3e0
[  397.500144][   T38]  #5: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0
[  397.500403][   T38] 1 lock held by klogd/5157:
[  397.500415][   T38]  #0: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0
[  397.500477][   T38] 2 locks held by dhcpcd/5463:
[  397.500492][   T38] 2 locks held by getty/5558:
[  397.501199][   T38]  #0: ffff88823bf668a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  397.501251][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  397.501311][   T38] 4 locks held by syz-executor/5786:
[  397.501324][   T38] 1 lock held by syz-executor/5797:
[  397.501544][   T38]  #0: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd1/0x230
[  397.501601][   T38] 3 locks held by syz-executor/5808:
[  397.501613][   T38]  #0: ffffffff8d44ac40 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x540
[  397.501670][   T38]  #1: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x540
[  397.502434][   T38]  #2: ffff8880b8827e78 (&base->softirq_expiry_lock){+...}-{3:3}, at: hrtimer_cancel_wait_running+0xfa/0x180
[  397.502499][   T38] 3 locks held by kworker/1:3/5810:
[  397.502884][   T38]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.502937][   T38]  #1: ffffc90004bbfba0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.502991][   T38]  #2: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  397.503261][   T38] 3 locks held by kworker/1:4/5864:
[  397.503273][   T38]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.503326][   T38]  #1: ffffc90004f5fba0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.503765][   T38]  #2: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200
[  397.503821][   T38] 4 locks held by kworker/0:3/5877:
[  397.503834][   T38]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.504259][   T38]  #1: ffffc9000503fba0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.504310][   T38]  #2: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180
[  397.504734][   T38]  #3: ffff888031b320f0 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  397.504794][   T38] 3 locks held by kworker/0:5/5885:
[  397.504807][   T38]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.505223][   T38]  #1: ffffc900050efba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.505275][   T38]  #2: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  397.505337][   T38] 6 locks held by kworker/u8:13/5989:
[  397.505349][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  397.505817][   T38]  #1: ffffc900058cfba0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  397.505873][   T38]  #2: ffff888023819300 (&devlink->lock_key#7){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0
[  397.506484][   T38]  #3: ffff88805f28e920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0
[  397.506542][   T38]  #4: ffffffff8d5aa800 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1c1/0x3e0
[  397.506622][   T38]  #5: ffff8880b8945aa8 (&s->lock_key#58){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13f0
[  397.506674][   T38] 2 locks held by kworker/u8:14/5998:
[  397.506688][   T38] 1 lock held by syz-executor/7004:
[  397.506701][   T38]  #0: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd1/0x230
[  397.507286][   T38] 1 lock held by syz.3.278/7051:
[  397.507298][   T38]  #0: ffff888031b320f0 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  397.507355][   T38] 2 locks held by syz-executor/7169:
[  397.507368][   T38]  #0: ffff88803809a988 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.507642][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.507700][   T38] 2 locks held by syz-executor/7436:
[  397.507712][   T38]  #0: ffff888037a51988 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.507972][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.508026][   T38] 2 locks held by syz-executor/7458:
[  397.508037][   T38]  #0: ffff888035f08188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.508088][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.508346][   T38] 2 locks held by syz-executor/7634:
[  397.508357][   T38]  #0: ffff88805a7cb188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.508405][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.508678][   T38] 2 locks held by syz-executor/7955:
[  397.508690][   T38]  #0: ffff8880233f1188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.508740][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.509008][   T38] 2 locks held by syz-executor/7975:
[  397.509019][   T38]  #0: ffff888028925188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.509065][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.509327][   T38] 2 locks held by syz-executor/8103:
[  397.509340][   T38]  #0: ffff888031ac3188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660
[  397.509387][   T38]  #1: ffffffff8eb42a58 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900
[  397.509670][   T38] 4 locks held by syz.4.502/8208:
[  397.509685][   T38] 
[  397.509690][   T38] =============================================
[  397.509690][   T38] 
[  397.509699][   T38] NMI backtrace for cpu 0
[  397.509713][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.509736][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  397.509749][   T38] Call Trace:
[  397.509758][   T38]  <TASK>
[  397.509767][   T38]  dump_stack_lvl+0x189/0x250
[  397.509805][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.509834][   T38]  ? __pfx__printk+0x10/0x10
[  397.509869][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  397.509893][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  397.509919][   T38]  ? __pfx__printk+0x10/0x10
[  397.509950][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  397.509974][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  397.509998][   T38]  watchdog+0xf60/0xfa0
[  397.510029][   T38]  ? watchdog+0x1e2/0xfa0
[  397.510060][   T38]  kthread+0x711/0x8a0
[  397.510096][   T38]  ? __pfx_watchdog+0x10/0x10
[  397.510123][   T38]  ? __pfx_kthread+0x10/0x10
[  397.510148][   T38]  ? rt_spin_unlock+0x150/0x200
[  397.510172][   T38]  ? rt_spin_unlock+0x161/0x200
[  397.510191][   T38]  ? __pfx_kthread+0x10/0x10
[  397.510220][   T38]  ret_from_fork+0x4bc/0x870
[  397.510249][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  397.510281][   T38]  ? __switch_to_asm+0x39/0x70
[  397.510300][   T38]  ? __switch_to_asm+0x33/0x70
[  397.510317][   T38]  ? __pfx_kthread+0x10/0x10
[  397.510345][   T38]  ret_from_fork_asm+0x1a/0x30
[  397.510380][   T38]  </TASK>
[  397.510415][   T38] Sending NMI from CPU 0 to CPUs 1:
[  397.510450][    C1] NMI backtrace for cpu 1
[  397.510465][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.510482][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  397.510491][    C1] RIP: 0010:x2apic_send_IPI+0x73/0xe0
[  397.510515][    C1] Code: 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 75 42 41 8b 16 0f ae f0 0f ae e8 83 fb 02 b8 00 04 00 00 0f 45 c3 b9 30 08 00 00 0f 30 <66> 90 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc cc 89 fe 89 fd 48 c7
[  397.510528][    C1] RSP: 0018:ffffc90000a3f850 EFLAGS: 00000006
[  397.510547][    C1] RAX: 00000000000000fb RBX: 00000000000000fb RCX: 0000000000000830
[  397.510557][    C1] RDX: 0000000000000000 RSI: 00000000000000fb RDI: 0000000000000000
[  397.510566][    C1] RBP: ffffc90000a3f930 R08: 0000000000000000 R09: 0000000000000000
[  397.510576][    C1] R10: dffffc0000000000 R11: ffffffff8170e160 R12: dffffc0000000000
[  397.510587][    C1] R13: 0000000000000000 R14: ffff8880b88201b0 R15: ffffffff8cf9bdd0
[  397.510598][    C1] FS:  0000000000000000(0000) GS:ffff888126ef9000(0000) knlGS:0000000000000000
[  397.510609][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  397.510620][    C1] CR2: 00007f3b4afd7d60 CR3: 0000000023c0a000 CR4: 00000000003526f0
[  397.510635][    C1] Call Trace:
[  397.510641][    C1]  <TASK>
[  397.510648][    C1]  __smp_call_single_queue+0x1ce/0x370
[  397.510665][    C1]  ? __pfx___smp_call_single_queue+0x10/0x10
[  397.510695][    C1]  irq_work_queue_on+0x33a/0x650
[  397.510718][    C1]  ? __pfx_irq_work_queue_on+0x10/0x10
[  397.510737][    C1]  ? sched_get_rd+0x12/0x20
[  397.510757][    C1]  ? tell_cpu_to_push+0x180/0x430
[  397.510780][    C1]  balance_rt+0x216/0x4c0
[  397.510797][    C1]  __schedule+0x2a92/0x4c20
[  397.510820][    C1]  ? __local_bh_enable+0x27b/0x410
[  397.510839][    C1]  ? __lock_acquire+0xab9/0xd20
[  397.510858][    C1]  ? __pfx___schedule+0x10/0x10
[  397.510882][    C1]  ? schedule+0x91/0x360
[  397.510900][    C1]  schedule+0x165/0x360
[  397.510916][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  397.510933][    C1]  smpboot_thread_fn+0x5bd/0xa60
[  397.510951][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  397.510971][    C1]  kthread+0x711/0x8a0
[  397.510993][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  397.511010][    C1]  ? __pfx_kthread+0x10/0x10
[  397.511029][    C1]  ? rt_spin_unlock+0x150/0x200
[  397.511045][    C1]  ? rt_spin_unlock+0x161/0x200
[  397.511059][    C1]  ? __pfx_kthread+0x10/0x10
[  397.511079][    C1]  ret_from_fork+0x4bc/0x870
[  397.511097][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  397.511116][    C1]  ? __switch_to_asm+0x39/0x70
[  397.511130][    C1]  ? __switch_to_asm+0x33/0x70
[  397.511143][    C1]  ? __pfx_kthread+0x10/0x10
[  397.511164][    C1]  ret_from_fork_asm+0x1a/0x30
[  397.511185][    C1]  </TASK>
[  397.596821][    C0] vkms_vblank_simulate: vblank timer overrun