last executing test programs:

40.874446098s ago: executing program 2 (id=5596):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002600)=ANY=[@ANYBLOB="05000000000000001f110000000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2df1fa7c3205bfedbe9116eb423cdacfa7e32fe02313615b2e1a38d522be18b000048b043ccc42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e173a649c1cfd6587d47578f4c35235038d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4a01010000009f2f0517ccca0e1823a2971a50f713d4e21b9436f1ae0796f23526ec0fd97f734c783bcaecd4596f2e91af6565902716314c815bf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b07789d99b3d0124f39dc092440010000000000000f7049db5cb19d7962fed44e00f39ed8c15a11fa798de504e2865cd81f2b77fdd76c67700000000000000db3947c8dc7b1b4c4554ffdca8b75d82706ba9cbeeffbc83fb05000000000000593d60abc9b3e67d127e9d5c4c560256f3d3759dcfeb820634fd4d419e0500000005b2d5a2008a600484511b6efaad206335a3ebf6b9e01446a6285f4665a7fe37da0049f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf7270f420edc858176070bfff7b09413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ecbe5cb0417d33d35faee6b2d905d30dfe64d05ac37ed015494d9d10e36e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c604cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e00ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d173663570d884b0cb462e0b45853673df72dc813f7454ae62d79ac48034282f03040350f886e9644179dcf66d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe177745448ccc92577007c12cf90da9200df6bb669d5a57dd74df817eaa92000000000001b08b3ac52db204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b2617668a0e45846436ad643fb999180644298458d40002a06f4853d99af16764b8e59e04d02835f803f66307fbeef5b7e97b6d0ef2c62215c259c7796a158d662b1adfae1d24e109e52378b3f1f8ee8965dedd20abc5b7a73d9501bf3f5a2ae19d7ddf8daf3691d1879e225395c0925ec1fe4ca8fd6fc11c8db3cd0d7206531366a5f6150d9d1a6eab622821378f2827fac5c7f82dad8f4ed4367c3a4f20304432f0a154147c7af7569ff2ed248dafc1aa13afe3d17c8f2f720e1a12c4cd230f3f29a390b44a3bf66b5c8fc4a026fe6ea8edf871da290c4d9457fccdc6a8f5944e47f742cfd7b0c5f5b00fc0921c6951541f2dda75be07cb0097e25e4a30000346c782264139540c5f260495abee91019e816aabc7c9b1e3862de6c6cf6d5cdead6a42b519619ff9c2f5600d95d34d50667901373f32a1fc0b7299aadbcc96958dff4a229c8a78864ea0ae3289a04249d2f790745374fea0687a32b8c9731226a085c71f6b35f8db44f30ed778ca2cd4ebb7929ff7845e9bdfba5caf2cae0fbc83999790441bc991f5c8acb6ba3deb94f52f7a74c33ab7106054a8eb839ab2ff7acbcc8f875acc552ba92df8f649598f9eba605729db380c130e00"/1247], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_setup(0x8, &(0x7f00000002c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, 0x0}])
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000080)={0x28, 0x7, r3, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f00000004c0)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r2, 0x3ba0, &(0x7f0000000600)={0x48, 0x8, r4, 0x0, 0x0, 0x1001, &(0x7f0000000540)='d', 0x4})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet(r5, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000002840)=[@ip_tos_int={{0x14}}], 0x18}}], 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

36.689703268s ago: executing program 2 (id=5607):
r0 = syz_open_dev$I2C(&(0x7f0000000480), 0x0, 0x0)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000040)={&(0x7f0000000a80)=[{0x9, 0x1c00, 0x0, 0x0}], 0x1})
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x70, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, {0x6, 0x2, [0x5]}}]}, @qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x4, '\x00', 0x0, 0x7fff, 0x2, 0x1}}}}]}, 0x70}}, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000240)=""/214, 0xd6}, {&(0x7f0000001140)=""/4055, 0xfd7}, {&(0x7f0000000a00)=""/248, 0xf8}, {&(0x7f00000007c0)=""/191, 0xbf}, {&(0x7f00000000c0)=""/42, 0x2a}, {&(0x7f0000000440)=""/210, 0xd2}, {&(0x7f0000002340)=""/31, 0x1f}, {&(0x7f0000000940)=""/183, 0xb7}, {&(0x7f0000000180)=""/59, 0x3b}, {&(0x7f00000008c0)=""/54, 0x36}, {&(0x7f00000003c0)=""/68, 0x44}], 0xb}, 0x0)
fsopen(&(0x7f0000000280)='binfmt_misc\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000003c0)={r6, <r7=>0x0, <r8=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r9=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000040)={r9, r7, r8})
open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0)
inotify_init1(0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x39}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

34.196875702s ago: executing program 2 (id=5614):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x8c}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x339)
socket$kcm(0x2, 0xa, 0x2)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), r2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050800000000000000002500000005002e000a0000000a0001007770616e3100000005002b"], 0x30}}, 0x0)
close(r1)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0)
bind$can_j1939(r7, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x4}, 0xfe}, 0x7b)
connect$can_j1939(r7, &(0x7f0000000140), 0x18)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'vlan0\x00', 0x1})

32.312305824s ago: executing program 2 (id=5617):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000002600)=ANY=[@ANYBLOB="05000000000000001f110000000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2df1fa7c3205bfedbe9116eb423cdacfa7e32fe02313615b2e1a38d522be18b000048b043ccc42646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae669e173a649c1cfd6587d47578f4c35235038d5521f9453559c35d9560ebe8efbc6f342a3e3173d466a0f06c54c3a4903ef31c4d4a01010000009f2f0517ccca0e1823a2971a50f713d4e21b9436f1ae0796f23526ec0fd97f734c783bcaecd4596f2e91af6565902716314c815bf697e6bd25eac36d4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b07789d99b3d0124f39dc092440010000000000000f7049db5cb19d7962fed44e00f39ed8c15a11fa798de504e2865cd81f2b77fdd76c67700000000000000db3947c8dc7b1b4c4554ffdca8b75d82706ba9cbeeffbc83fb05000000000000593d60abc9b3e67d127e9d5c4c560256f3d3759dcfeb820634fd4d419e0500000005b2d5a2008a600484511b6efaad206335a3ebf6b9e01446a6285f4665a7fe37da0049f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf7270f420edc858176070bfff7b09413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ecbe5cb0417d33d35faee6b2d905d30dfe64d05ac37ed015494d9d10e36e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1dacc357341e000c604cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e00ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d173663570d884b0cb462e0b45853673df72dc813f7454ae62d79ac48034282f03040350f886e9644179dcf66d93907cedd49e0c5752f755849953957143a0380d1f62ae63b29fe177745448ccc92577007c12cf90da9200df6bb669d5a57dd74df817eaa92000000000001b08b3ac52db204399eae4a2f105d4544d9a3000000000000001ff2e8afd7913007fe44950233feb5303b2617668a0e45846436ad643fb999180644298458d40002a06f4853d99af16764b8e59e04d02835f803f66307fbeef5b7e97b6d0ef2c62215c259c7796a158d662b1adfae1d24e109e52378b3f1f8ee8965dedd20abc5b7a73d9501bf3f5a2ae19d7ddf8daf3691d1879e225395c0925ec1fe4ca8fd6fc11c8db3cd0d7206531366a5f6150d9d1a6eab622821378f2827fac5c7f82dad8f4ed4367c3a4f20304432f0a154147c7af7569ff2ed248dafc1aa13afe3d17c8f2f720e1a12c4cd230f3f29a390b44a3bf66b5c8fc4a026fe6ea8edf871da290c4d9457fccdc6a8f5944e47f742cfd7b0c5f5b00fc0921c6951541f2dda75be07cb0097e25e4a30000346c782264139540c5f260495abee91019e816aabc7c9b1e3862de6c6cf6d5cdead6a42b519619ff9c2f5600d95d34d50667901373f32a1fc0b7299aadbcc96958dff4a229c8a78864ea0ae3289a04249d2f790745374fea0687a32b8c9731226a085c71f6b35f8db44f30ed778ca2cd4ebb7929ff7845e9bdfba5caf2cae0fbc83999790441bc991f5c8acb6ba3deb94f52f7a74c33ab7106054a8eb839ab2ff7acbcc8f875acc552ba92df8f649598f9eba605729db380c130e00"/1247], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_setup(0x8, &(0x7f00000002c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, 0x0}])
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000080)={0x28, 0x7, r3, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f00000004c0)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r2, 0x3ba0, &(0x7f0000000600)={0x48, 0x8, r4, 0x0, 0x0, 0x1001, &(0x7f0000000540)='d', 0x4})
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmmsg$inet(r5, &(0x7f00000028c0)=[{{&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000002840)=[@ip_tos_int={{0x14}}], 0x18}}], 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

31.043929136s ago: executing program 2 (id=5621):
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3002, 0x6, &(0x7f0000000000)=0xa636, 0x9, 0x0)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4a, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_int(r3, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = fcntl$dupfd(r4, 0x0, r5)
ioctl$PPPIOCGCHAN(r6, 0x5410, &(0x7f0000000440))
r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8}, 0x10)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

29.637953355s ago: executing program 2 (id=5625):
r0 = syz_open_dev$dmmidi(&(0x7f00000000c0), 0xe, 0x218840)
r1 = signalfd(r0, &(0x7f0000000100)={[0xfffffffffffffff9]}, 0x8)
r2 = socket(0x80000000000000a, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000095000000000000007df4d465a9fcf6641ca5beb2c5e8f79cb3a0760d39946b1279c0bcef206b8b34143ca777024426deacad4bdf4683a17b158ca06e5c5c32e9e3aecc7a23d839d8109088a059f840c142f83afca2b7f1d4fc29ce0abcc99c5b4e83cba94ad997d405000000000000004bc960e0b28cb3eaa8f0fc6bc2865993eaea51c2a7ed1b1ce9694be6303a042059a7e0348317540a02335d62d3bd5b3e9e5444ac6db912cfaf60953545f70172bf85f9a5b86dd94150929abd3e87b0cd6e81cbafede04e1a478a5b71a8b1261caf67000c590e5465671178e724742d2f35892a7b5e570494e8eea0eb30"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f00000002c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000280)={0x3, r3, 0x0, 0x80000002, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000005c0)={0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000640)={&(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, r4], 0x9, 0x800})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
unshare(0x68040200)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x64, 0x6, 0x5d8, 0x438, 0x0, 0x208, 0x0, 0xf8, 0x508, 0x508, 0x508, 0x508, 0x508, 0x6, 0x0, {[{{@uncond, 0x2ac, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ipv6={@loopback, @local, [], [], 'veth0_to_bond\x00', 'ip6tnl0\x00'}, 0x0, 0xd0, 0x110, 0x0, {}, [@common=@unspec=@state={{0x28}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@mcast1}}}, {{@ipv6={@mcast2, @loopback, [], [], 'ip6gretap0\x00', 'bridge_slave_0\x00'}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv6=@mcast2}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@local, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0xa4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108)

10.342292224s ago: executing program 3 (id=5664):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8)
close(r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
recvmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000800)}}], 0x2, 0x0, 0x0)

10.341875573s ago: executing program 4 (id=5665):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x4000000)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0xfffffffffffffef6)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="7800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000044000100500012800b000100697036746e6c0000400002800500060000000000080007000000000014000300ff02000000000000000000000000000106000f00000000000600100000000000050009000400000008000a00", @ANYRES32=r2, @ANYBLOB="7374fc122254daa4049bc4b73b95ee7b6b9c000000000000000000"], 0x78}}, 0x0)
r3 = creat(&(0x7f0000000240)='./file0/file0\x00', 0x8d)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@bloom_filter={0x1e, 0x9, 0x3, 0x4, 0x24, 0xffffffffffffffff, 0x0, '\x00', r2, r3, 0x1, 0x0, 0x2, 0x7, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000030000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r4}, &(0x7f0000000680), &(0x7f00000006c0)='%+9llu \x00'}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000003c0)='ext4_writepages_result\x00', r5}, 0x10)
openat(0xffffffffffffffff, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x0)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)={{0x12, 0x1, 0x0, 0xe2, 0x79, 0x3b, 0x10, 0x5d1, 0x2001, 0x900, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x4d, 0x2f, 0x9c}}]}}]}}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffe, 0xfffffffe, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={r8}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES64=r7, @ANYRES64=r6], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r9 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB], 0x44}}, 0x0)
r10 = socket$unix(0x1, 0x0, 0x0)
accept4$unix(r10, &(0x7f0000000100), &(0x7f0000000000)=0x6e, 0x80000)
r11 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r12 = epoll_create1(0x0)
epoll_wait(r12, &(0x7f0000000240)=[{}], 0x1, 0x7ff)
ppoll(&(0x7f0000000080)=[{r12, 0x8201}], 0x1, 0x0, 0x0, 0x0)
r13 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f00000000c0)={0x10000001})
read(r11, &(0x7f0000000580)=""/119, 0x77)

9.312220118s ago: executing program 3 (id=5666):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000458e5e080304c8f05602000000010902120001000000000904"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @tracing, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.232715611s ago: executing program 4 (id=5670):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r3 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
r4 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x4, r4, r3, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x4, r2, r2, 0x0, 0x0)

7.029891746s ago: executing program 4 (id=5671):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
unshare(0x6c060080)

6.162232728s ago: executing program 3 (id=5672):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c00)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sched_rr_get_interval(0x0, &(0x7f0000000040))

5.977654981s ago: executing program 3 (id=5675):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
epoll_create1(0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r0}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000880)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000001c0)={0x20, 0x1, 0x4, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFULA_CFG_MODE={0xa, 0x2, {0x0, 0x1}}]}, 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c)

4.95181367s ago: executing program 1 (id=5677):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x2, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000e80)={{r0}, &(0x7f0000000e00), &(0x7f0000000e40)=r1}, 0x20)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000077c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl(r5, 0x7fffffff, 0x0)

4.782534624s ago: executing program 0 (id=5678):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f00000002c0)='./file0\x00', 0xe1)
pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file1\x00')

4.684876089s ago: executing program 1 (id=5679):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r2 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)

4.6619684s ago: executing program 0 (id=5680):
r0 = socket$packet(0x11, 0xa, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffec5, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000080)=[{0x80000006}]}, 0x10)
syz_emit_ethernet(0x8a, &(0x7f0000000340)={@multicast, @link_local, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "9c87780fca9b620ffdd1a14f189ff244f4ed4a036a8c066567c0e0d000f97aa7", "cfbe49c2866a2ce248b12b26d99e1b96", {"26e3878dc9edcdfbbb1d4c34ea211a23", "caf6a113d1086a7e27b71eae61933052"}}}}}}}, 0x0)

4.458450163s ago: executing program 0 (id=5681):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d00)={&(0x7f0000000cc0)='mm_page_alloc\x00', r1}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000d80)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_4={0x3, 0x1, 0x1, "f7940ef7"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @global=@item_012={0x2, 0x1, 0x2, "b8ef"}, @local=@item_012={0x2, 0x2, 0x0, "1a70"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0)
syz_usb_ep_write(r2, 0x81, 0x1, &(0x7f0000000000)='B')
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

2.766319464s ago: executing program 1 (id=5682):
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r4=>0x0})
setsockopt$packet_int(r2, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.575875594s ago: executing program 1 (id=5683):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x93, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000006c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@global=@item_012={0x2, 0x1, 0x0, "8daf"}, @main=@item_012={0x1, 0x0, 0xd, "d9"}]}}, 0x0}, 0x0)

2.469618765s ago: executing program 3 (id=5684):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc293, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000007d2700000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000840)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x7, {0x7, 0x0, "a358457294"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2.164185557s ago: executing program 0 (id=5685):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$inet6(0xa, 0x200000000003, 0x87)
syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x28, 0x2b, 0x0, @private2, @local, {[@hopopts={0x87}, @srh={0x3b, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@local]}], {0x0, 0x0, 0x8}}}}}}, 0x0)

2.09336065s ago: executing program 4 (id=5686):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, 0x1e)
connect$pptp(r1, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast2}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffee, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000280)="0100", 0x2}], 0x1)

2.074000401s ago: executing program 0 (id=5687):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100800001)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010000020100102505a1a4400000000001090244000101000000090400001602020000052406000005240000000d240f01060000000000000000090581032000000000090582020800000000090503020002"], 0x0)

1.894371917s ago: executing program 4 (id=5688):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
ioctl$sock_bt_hci(r1, 0x800448d2, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
bind$bt_hci(r0, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6)

1.722981232s ago: executing program 4 (id=5689):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ftruncate(0xffffffffffffffff, 0xc17a)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r5, 0x4b47, 0x0)

523.379877ms ago: executing program 1 (id=5690):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x7}, {}, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x0, 0x6c}, 0x0, @in=@multicast1}}, 0xe8)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97000288c19e9ace00000000000000002100000002ff020000000000000000000000000001"], 0x0)

452.543623ms ago: executing program 3 (id=5691):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003180000000203"], 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f0000001780)={0x2c, 0x0, &(0x7f00000014c0)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00031200000012033f007b"], 0x0, 0x0}, 0x0)

258.437447ms ago: executing program 1 (id=5692):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r0}, 0x38)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x80049367, &(0x7f0000000000))
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@can_newroute={0x4c, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_MOD_XOR={0x15, 0x3, {{{}, 0x0, 0x0, 0x0, 0x0, "fb4c951068e346fc"}, 0x7}}, @CGW_CS_XOR={0x8, 0x5, {0x8}}, @CGW_MOD_OR={0x15, 0x2, {{{}, 0x0, 0x0, 0x0, 0x0, "b00731b442b1c320"}, 0x2}}]}, 0x4c}}, 0x0)
r8 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r8, &(0x7f0000000300)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(r8, &(0x7f0000003b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)}], 0x1}}], 0x2, 0x16da)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
bpf$MAP_CREATE(0x0, 0x0, 0x0)

0s ago: executing program 0 (id=5693):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r1}, 0x0, &(0x7f0000000040)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02})
close(0xffffffffffffffff)
preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x85}], 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

   T29] audit: type=1326 audit(1726108879.573:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3190.773713][   T29] audit: type=1326 audit(1726108879.573:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3190.835334][   T29] audit: type=1326 audit(1726108879.603:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3190.915980][   T29] audit: type=1326 audit(1726108879.603:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3190.965052][   T29] audit: type=1326 audit(1726108879.603:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.015210][   T29] audit: type=1326 audit(1726108879.603:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.148339][   T29] audit: type=1326 audit(1726108879.603:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.186858][   T29] audit: type=1326 audit(1726108879.623:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f85f877c890 code=0x7ffc0000
[ 3191.240462][   T29] audit: type=1326 audit(1726108879.623:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.306718][   T29] audit: type=1326 audit(1726108879.623:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.357625][   T29] audit: type=1326 audit(1726108879.623:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.450431][   T29] audit: type=1326 audit(1726108879.633:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.562096][   T29] audit: type=1326 audit(1726108879.633:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31440 comm="syz.3.5056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3191.750494][T31462] netlink: 260 bytes leftover after parsing attributes in process `syz.2.5064'.
[ 3191.801409][   T29] audit: type=1400 audit(1726108880.703:596): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31461 comm="syz.2.5064" daddr=ff02::1
[ 3192.011304][ T9396] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 3192.462566][ T9396] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3192.701336][ T9396] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3192.808212][ T9396] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3192.839835][ T9396] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3193.036052][T31471] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3193.104562][ T9396] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 3193.161883][ T9396] usb 2-1: invalid MIDI out EP 0
[ 3193.319062][T31459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3193.384063][T31459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3193.430878][ T9396] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3195.200134][T31499] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3195.236724][T28618] Bluetooth: hci1: link tx timeout
[ 3195.243031][T28618] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 3195.849442][T31530] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3195.895856][T31530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5077'.
[ 3195.897263][T31514] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3196.009032][ T5271] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[ 3196.030445][T27902] usb 2-1: USB disconnect, device number 122
[ 3196.195900][ T5271] usb 3-1: device descriptor read/64, error -71
[ 3196.562941][ T5271] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 3196.752505][ T5271] usb 3-1: device descriptor read/64, error -71
[ 3196.884427][ T5271] usb usb3-port1: attempt power cycle
[ 3197.467519][T31544] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3197.686767][T28618] Bluetooth: hci1: command 0x0406 tx timeout
[ 3197.851287][ T5271] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 3197.913383][ T5271] usb 3-1: device descriptor read/8, error -71
[ 3198.080168][T31547] 9pnet_fd: Insufficient options for proto=fd
[ 3198.201186][ T5271] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 3198.275266][ T5271] usb 3-1: device descriptor read/8, error -71
[ 3198.393349][ T9396] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 3198.421647][ T5271] usb usb3-port1: unable to enumerate USB device
[ 3198.864613][   T29] audit: type=1400 audit(1726108887.673:597): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31553 comm="syz.1.5084" daddr=ff01::1 dest=20000
[ 3199.787638][ T9396] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3199.809528][ T9396] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3199.823979][ T9396] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3199.844183][ T9396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3199.858318][ T9396] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 3199.940016][ T9396] usb 4-1: invalid MIDI out EP 0
[ 3200.027439][T31102] udevd[31102]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3200.105726][ T9396] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3200.131750][T31552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3200.176119][   T29] audit: type=1326 audit(1726108889.083:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31565 comm="syz.1.5086" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f955657def9 code=0x0
[ 3200.222822][T31552] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3203.207324][   T29] audit: type=1400 audit(1726108892.113:599): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=31586 comm="syz.4.5092" saddr=fe80::aa daddr=fe80::aa dest=20002 netif=wpan0
[ 3203.774408][ T5271] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 3204.896593][T31604] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3205.390884][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 3205.413102][ T5271] usb 2-1: Using ep0 maxpacket: 16
[ 3205.482989][ T5271] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 3205.534767][ T5271] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3205.583163][ T5271] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 3205.603262][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3205.619690][ T5271] usb 2-1: Product: syz
[ 3205.624759][ T5271] usb 2-1: Manufacturer: syz
[ 3205.629419][ T5271] usb 2-1: SerialNumber: syz
[ 3205.664530][ T5271] usb 2-1: config 0 descriptor??
[ 3205.689923][ T5271] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 3205.740574][ T5271] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[ 3205.920466][T31609] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3206.781554][ T5271] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 3206.811362][ T5271] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[ 3206.816459][T31613] netlink: 'syz.4.5098': attribute type 12 has an invalid length.
[ 3206.833604][ T5271] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[ 3206.890888][ T5271] em28xx 2-1:0.0: No AC97 audio processor
[ 3206.948098][ T5271] usb 2-1: USB disconnect, device number 123
[ 3206.965929][ T5271] em28xx 2-1:0.0: Disconnecting em28xx
[ 3207.000150][ T5271] em28xx 2-1:0.0: Freeing device
[ 3207.251364][T27902] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 3207.301713][T23469] usb 4-1: USB disconnect, device number 99
[ 3207.421181][T27902] usb 3-1: device descriptor read/64, error -71
[ 3207.604361][T31620] 9pnet_fd: Insufficient options for proto=fd
[ 3207.691247][T27902] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 3207.851751][T27902] usb 3-1: device descriptor read/64, error -71
[ 3208.134303][T27902] usb usb3-port1: attempt power cycle
[ 3209.156908][T27902] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 3209.340161][T27902] usb 3-1: device descriptor read/8, error -71
[ 3209.663094][T27902] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 3209.705895][T27902] usb 3-1: device descriptor read/8, error -71
[ 3210.023122][T27902] usb usb3-port1: unable to enumerate USB device
[ 3210.564172][T31649] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3211.967252][T31657] netlink: 'syz.0.5110': attribute type 12 has an invalid length.
[ 3212.901335][T23448] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 3213.122688][T23448] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3213.156790][T23448] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3213.188872][T23448] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3213.208601][T23448] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3213.238870][T23448] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 3213.257155][T23448] usb 1-1: invalid MIDI out EP 0
[ 3213.461643][T31662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3213.818696][T31681] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3214.331871][T31662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3214.487793][T23448] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3219.579332][T23469] usb 1-1: USB disconnect, device number 101
[ 3219.691502][T26778] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 3220.653291][T26778] usb 4-1: device descriptor read/64, error -71
[ 3220.667798][   T29] audit: type=1400 audit(1726108908.853:600): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31697 comm="syz.2.5122"
[ 3220.975723][T26778] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 3222.072778][T31721] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3222.396173][T31716] FAULT_INJECTION: forcing a failure.
[ 3222.396173][T31716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3222.409810][T31716] CPU: 1 UID: 0 PID: 31716 Comm: syz.4.5129 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3222.420683][T31716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3222.430773][T31716] Call Trace:
[ 3222.434077][T31716]  <TASK>
[ 3222.437011][T31716]  dump_stack_lvl+0x241/0x360
[ 3222.441719][T31716]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3222.446913][T31716]  ? __pfx__printk+0x10/0x10
[ 3222.451512][T31716]  ? snprintf+0xda/0x120
[ 3222.455764][T31716]  should_fail_ex+0x3b0/0x4e0
[ 3222.460436][T31716]  _copy_to_user+0x2f/0xb0
[ 3222.464862][T31716]  simple_read_from_buffer+0xca/0x150
[ 3222.470246][T31716]  proc_fail_nth_read+0x1ec/0x260
[ 3222.475364][T31716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3222.481018][T31716]  ? rw_verify_area+0x520/0x6b0
[ 3222.486054][T31716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 3222.491606][T31716]  vfs_read+0x204/0xbc0
[ 3222.495761][T31716]  ? __pfx_lock_release+0x10/0x10
[ 3222.500896][T31716]  ? __pfx_vfs_read+0x10/0x10
[ 3222.505586][T31716]  ? __fget_files+0x29/0x470
[ 3222.510349][T31716]  ? __fget_files+0x3f6/0x470
[ 3222.515034][T31716]  ksys_read+0x1a0/0x2c0
[ 3222.519285][T31716]  ? __pfx_ksys_read+0x10/0x10
[ 3222.524050][T31716]  ? do_syscall_64+0x100/0x230
[ 3222.528818][T31716]  ? do_syscall_64+0xb6/0x230
[ 3222.533494][T31716]  do_syscall_64+0xf3/0x230
[ 3222.538019][T31716]  ? clear_bhb_loop+0x35/0x90
[ 3222.542710][T31716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3222.548607][T31716] RIP: 0033:0x7f75c837c93c
[ 3222.553020][T31716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[ 3222.572650][T31716] RSP: 002b:00007f75c91dd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 3222.581329][T31716] RAX: ffffffffffffffda RBX: 00007f75c8535f80 RCX: 00007f75c837c93c
[ 3222.589293][T31716] RDX: 000000000000000f RSI: 00007f75c91dd0a0 RDI: 0000000000000005
[ 3222.597524][T31716] RBP: 00007f75c91dd090 R08: 0000000000000000 R09: 0000000000000000
[ 3222.605521][T31716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3222.613490][T31716] R13: 0000000000000000 R14: 00007f75c8535f80 R15: 00007ffe44cf7748
[ 3222.621735][T31716]  </TASK>
[ 3224.471365][T26778] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 3230.534014][T26778] usb 4-1: device descriptor read/all, error -71
[ 3230.650055][T23469] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 3230.985499][T31762] IPVS: length: 191 != 3477681336
[ 3231.031867][T31763] smk_cipso_doi:695 remove rc = -2
[ 3231.043258][T31763] smk_cipso_doi:708 cipso add rc = -17
[ 3231.167669][   T29] audit: type=1326 audit(1726108920.073:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.178507][T31765] 9pnet_fd: Insufficient options for proto=fd
[ 3231.266007][   T29] audit: type=1326 audit(1726108920.103:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.380524][   T29] audit: type=1326 audit(1726108920.103:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.553710][   T29] audit: type=1326 audit(1726108920.103:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.649325][   T29] audit: type=1326 audit(1726108920.103:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.781367][   T29] audit: type=1326 audit(1726108920.103:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3231.945987][   T29] audit: type=1326 audit(1726108920.113:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9f81d7c890 code=0x7ffc0000
[ 3231.981698][   T29] audit: type=1326 audit(1726108920.113:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3232.006397][   T29] audit: type=1326 audit(1726108920.113:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3232.037372][   T29] audit: type=1326 audit(1726108920.123:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31756 comm="syz.2.5140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=446 compat=0 ip=0x7f9f81d7def9 code=0x7ffc0000
[ 3232.286439][T23016] bridge0: port 4(syz_tun) entered disabled state
[ 3232.372204][T23016] syz_tun (unregistering): left allmulticast mode
[ 3232.378649][T23016] syz_tun (unregistering): left promiscuous mode
[ 3232.386791][T23016] bridge0: port 4(syz_tun) entered disabled state
[ 3232.570094][T31774] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3232.625223][ T9176] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3232.928935][ T9176] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3233.029917][T28618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 3233.048231][T28618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 3233.194642][T28618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 3233.204025][T28618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 3233.212197][T28618] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 3233.219553][T28618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 3233.297453][T31789] 9pnet_fd: Insufficient options for proto=fd
[ 3234.154508][ T9176] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3234.459368][ T9176] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3234.645179][T31804] [U] 
[ 3234.647889][T31804] [U] 
[ 3234.650554][T31804] [U] 
[ 3234.653244][T31804] [U] 
[ 3237.321747][T28618] Bluetooth: hci3: command tx timeout
[ 3239.342024][T28618] Bluetooth: hci3: command tx timeout
[ 3241.506373][T28618] Bluetooth: hci3: command tx timeout
[ 3241.846342][ T9176] vlan0: left allmulticast mode
[ 3241.855181][ T9176] veth0_vlan: left allmulticast mode
[ 3241.860739][ T9176] vlan0: left promiscuous mode
[ 3241.879798][ T9176] bridge0: port 5(vlan0) entered disabled state
[ 3241.976788][ T9176] gretap0: left allmulticast mode
[ 3241.990622][ T9176] gretap0: left promiscuous mode
[ 3242.007568][ T9176] bridge0: port 3(gretap0) entered disabled state
[ 3242.024628][T31830] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.5158'.
[ 3242.037922][T31830] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3242.039571][ T9176] bridge_slave_1: left allmulticast mode
[ 3242.328544][ T9176] bridge_slave_1: left promiscuous mode
[ 3242.334939][ T9176] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3242.412169][ T9176] bridge_slave_0: left allmulticast mode
[ 3242.462781][ T9176] bridge_slave_0: left promiscuous mode
[ 3242.614965][ T9176] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3242.751605][T31801] [U] 
[ 3243.130164][T31855] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.5161'.
[ 3243.142661][T31855] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3243.581762][T28618] Bluetooth: hci3: command tx timeout
[ 3248.561165][T23462] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 3250.200488][T31878] 9pnet_fd: Insufficient options for proto=fd
[ 3250.244099][ T9176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3250.313453][ T9176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3250.353878][ T9176] bond0 (unregistering): Released all slaves
[ 3250.435807][   T29] kauditd_printk_skb: 3 callbacks suppressed
[ 3250.435854][   T29] audit: type=1400 audit(1726108939.343:614): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=31883 comm="syz.2.5170" saddr=fe80::aa daddr=fe80::aa dest=20002 netif=wpan0
[ 3250.514761][T31783] chnl_net:caif_netlink_parms(): no params data found
[ 3250.605615][ T9176] ɶƣ0GC¦: left promiscuous mode
[ 3251.739304][T31898] netlink: 'syz.2.5174': attribute type 10 has an invalid length.
[ 3251.747534][T31898] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5174'.
[ 3251.757137][T31898] bridge0: port 3(gretap0) entered blocking state
[ 3251.763657][T31898] bridge0: port 3(gretap0) entered disabled state
[ 3251.770249][T31898] gretap0: entered allmulticast mode
[ 3251.776629][T31898] gretap0: entered promiscuous mode
[ 3251.783327][T31898] bridge0: port 3(gretap0) entered blocking state
[ 3251.789803][T31898] bridge0: port 3(gretap0) entered forwarding state
[ 3252.002542][T31905] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5173'.
[ 3252.585174][T31783] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3252.636405][T31783] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3252.748211][T31783] bridge_slave_0: entered allmulticast mode
[ 3252.874514][T31783] bridge_slave_0: entered promiscuous mode
[ 3253.361270][T31906] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5173'.
[ 3253.566814][ T9176] hsr_slave_0: left promiscuous mode
[ 3253.611271][ T9176] hsr_slave_1: left promiscuous mode
[ 3253.655700][ T9176] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3253.690473][ T9176] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3253.969994][ T9176] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3254.011877][ T9176] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3254.215365][ T9176] veth1_macvtap: left promiscuous mode
[ 3254.237120][ T9176] veth0_macvtap: left promiscuous mode
[ 3254.284048][ T9176] veth1_vlan: left promiscuous mode
[ 3254.298116][ T9176] veth0_vlan: left promiscuous mode
[ 3255.395524][   T29] audit: type=1400 audit(1726108944.293:615): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31955 comm="syz.0.5184"
[ 3257.931786][   T29] audit: type=1400 audit(1726108946.533:616): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31963 comm="syz.3.5186"
[ 3258.767595][ T9176] team0 (unregistering): Port device team_slave_1 removed
[ 3258.871117][ T9176] team0 (unregistering): Port device team_slave_0 removed
[ 3259.957711][T31783] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3259.980408][T31783] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3260.009551][T31783] bridge_slave_1: entered allmulticast mode
[ 3260.038764][T31783] bridge_slave_1: entered promiscuous mode
[ 3260.418491][T31783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3260.460275][T31783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3260.606384][T31783] team0: Port device team_slave_0 added
[ 3260.674627][T31783] team0: Port device team_slave_1 added
[ 3260.753449][T23462] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 3260.810646][T31783] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3260.873802][T31783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3260.953476][T31783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3261.015600][T23462] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3261.052805][T31783] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3261.063010][T23462] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3261.100711][T31783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3261.159582][T31783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3261.174783][T23462] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3261.215083][T23462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3261.277684][T23462] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 3261.310534][T23462] usb 1-1: invalid MIDI out EP 0
[ 3261.489334][T31992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3261.572849][T31992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3261.583081][T23462] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3261.590164][T32011] udevd[32011]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3261.744910][T31783] hsr_slave_0: entered promiscuous mode
[ 3261.797755][T31783] hsr_slave_1: entered promiscuous mode
[ 3261.837789][T31783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3261.859359][T31783] Cannot create hsr debugfs directory
[ 3262.203223][T32017] IPVS: length: 191 != 3477681336
[ 3264.065062][   T29] audit: type=1400 audit(1726108952.963:617): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32038 comm="syz.3.5201"
[ 3267.671772][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 3269.139302][T32068] smk_cipso_doi:695 remove rc = -2
[ 3269.167656][T32068] smk_cipso_doi:708 cipso add rc = -17
[ 3269.279169][   T29] audit: type=1326 audit(1726108958.183:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.374439][   T29] audit: type=1326 audit(1726108958.183:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.531644][   T29] audit: type=1326 audit(1726108958.233:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.591565][   T29] audit: type=1326 audit(1726108958.233:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.646798][T31783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 3269.658830][   T29] audit: type=1326 audit(1726108958.233:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.685265][T31783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 3269.694565][   T29] audit: type=1326 audit(1726108958.233:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.719088][   T29] audit: type=1326 audit(1726108958.233:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.750774][   T29] audit: type=1326 audit(1726108958.233:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.757458][T31783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 3269.829202][   T29] audit: type=1326 audit(1726108958.233:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f85f877c890 code=0x7ffc0000
[ 3269.853143][T31783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 3269.950538][   T29] audit: type=1326 audit(1726108958.233:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32062 comm="syz.3.5205" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3269.989317][T23469] usb 1-1: USB disconnect, device number 103
[ 3270.061512][T26778] usb 3-1: new full-speed USB device number 106 using dummy_hcd
[ 3270.947774][T26778] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 12592, setting to 64
[ 3270.983250][T26778] usb 3-1: New USB device found, idVendor=0d46, idProduct=2011, bcdDevice=82.8f
[ 3271.002164][T26778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3271.013103][T31783] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3271.022107][T26778] usb 3-1: Product: syz
[ 3271.026437][T26778] usb 3-1: Manufacturer: syz
[ 3271.045748][T26778] usb 3-1: SerialNumber: syz
[ 3271.075796][T26778] usb 3-1: config 0 descriptor??
[ 3271.082468][T32078] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 3271.098513][T26778] kobil_sct 3-1:0.0: KOBIL USB smart card terminal converter detected
[ 3271.100838][T31783] 8021q: adding VLAN 0 to HW filter on device team0
[ 3271.110844][T26778] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[ 3271.201624][ T2548] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3271.208790][ T2548] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3271.268717][T25795] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3271.275912][T25795] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3271.600542][T32098] pim6reg: entered allmulticast mode
[ 3271.653604][T32098] pim6reg: left allmulticast mode
[ 3271.922229][T32098] xt_nfacct: accounting object `syz1' does not exists
[ 3272.077991][T31783] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3272.234147][T31783] veth0_vlan: entered promiscuous mode
[ 3272.300540][T31783] veth1_vlan: entered promiscuous mode
[ 3272.414431][T31783] veth0_macvtap: entered promiscuous mode
[ 3272.452663][T31783] veth1_macvtap: entered promiscuous mode
[ 3272.673985][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3272.688554][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3272.792138][T32117] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3273.579740][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3273.601217][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3273.634029][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3273.654929][T27902] usb 3-1: USB disconnect, device number 106
[ 3273.665123][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3273.688209][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3273.693122][T27902] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[ 3273.864217][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3273.960721][T32123] 9pnet_fd: Insufficient options for proto=fd
[ 3274.098398][T31783] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 3274.189440][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3274.647236][T27902] kobil_sct 3-1:0.0: device disconnected
[ 3274.691172][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3274.714365][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3274.751153][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3274.777596][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3274.793278][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3274.813446][T31783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3274.840495][T31783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3274.853345][T31783] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 3274.893565][T31783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3274.920456][T31783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3274.934642][T31783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3274.948338][T31783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3275.558976][T32125] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 3275.627876][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3275.681520][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3275.761775][ T2548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3275.769644][ T2548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3276.606387][T32163] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3276.825239][T32160] 9pnet_fd: Insufficient options for proto=fd
[ 3277.544133][T32171] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3278.169514][T32189] sctp: [Deprecated]: syz.4.5223 (pid 32189) Use of int in maxseg socket option.
[ 3278.169514][T32189] Use struct sctp_assoc_value instead
[ 3279.856555][   T29] kauditd_printk_skb: 5 callbacks suppressed
[ 3279.856569][   T29] audit: type=1400 audit(1726108968.753:633): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32201 comm="syz.1.5230"
[ 3280.451328][T23448] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 3280.693361][T23448] usb 3-1: Using ep0 maxpacket: 8
[ 3280.723939][T23448] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[ 3280.735294][T23448] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 3280.788339][T23448] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3280.940535][T23448] usb 3-1: config 0 has no interface number 0
[ 3281.011475][T23448] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 40
[ 3281.024537][T23448] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 3281.035653][T23448] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[ 3281.056274][T23448] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3281.221216][T23448] usb 3-1: config 0 interface 188 altsetting 0 has 7 endpoint descriptors, different from the interface descriptor's value: 15
[ 3281.712836][T23448] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a2, bcdDevice=63.2d
[ 3281.780439][T23448] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3281.811116][T23448] usb 3-1: Product: syz
[ 3281.815335][T23448] usb 3-1: Manufacturer: syz
[ 3281.819952][T23448] usb 3-1: SerialNumber: syz
[ 3281.883399][T23448] usb 3-1: config 0 descriptor??
[ 3281.890988][T32212] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 3282.262586][ T9396] usb 1-1: new full-speed USB device number 104 using dummy_hcd
[ 3282.476330][ T9396] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3282.495532][ T9396] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3282.525283][ T9396] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 3282.536476][ T9396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3282.577034][ T9396] usb 1-1: config 0 descriptor??
[ 3282.601651][ T9396] hub 1-1:0.0: USB hub found
[ 3282.721457][ T5271] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 3282.933306][ T5271] usb 2-1: too many configurations: 65, using maximum allowed: 8
[ 3282.969978][ T5271] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3282.979653][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3283.031626][ T9396] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[ 3283.112562][ T9396] usbhid 1-1:0.0: can't add hid device: -71
[ 3283.150205][ T9396] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 3283.192959][ T9396] usb 1-1: USB disconnect, device number 104
[ 3283.243688][T27902] usb 3-1: USB disconnect, device number 107
[ 3283.281261][T23469] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 3283.477007][T32241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3283.492962][T23469] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3283.511636][T32241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3283.529662][T23469] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3283.552842][T23469] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3283.567341][T23469] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3283.583835][ T5271] usb 2-1: string descriptor 0 read error: -71
[ 3283.598810][T23469] usb 4-1: SerialNumber: syz
[ 3283.611283][ T5271] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3283.631204][ T5271] usb 2-1: No valid video chain found.
[ 3283.652117][ T5271] usb 2-1: USB disconnect, device number 124
[ 3283.765908][T28618] Bluetooth: hci3: link tx timeout
[ 3283.772013][T28618] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 3283.829402][T23469] usb 4-1: 0:2 : does not exist
[ 3284.035390][T23469] usb 4-1: USB disconnect, device number 105
[ 3284.318481][T32281] 9pnet_fd: Insufficient options for proto=fd
[ 3284.551645][T32270] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3285.251356][T27902] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 3285.444815][ T5271] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 3285.482764][T27902] usb 4-1: Using ep0 maxpacket: 8
[ 3285.501751][T27902] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[ 3285.514434][T27902] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 3285.529307][T27902] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3285.569114][T27902] usb 4-1: config 0 has no interface number 0
[ 3285.586450][T27902] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 40
[ 3285.642649][T27902] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 3285.681418][T27902] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[ 3285.703465][ T5271] usb 1-1: Using ep0 maxpacket: 32
[ 3285.720257][ T5271] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3285.742060][T27902] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3285.766149][ T5271] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3285.786695][T27902] usb 4-1: config 0 interface 188 altsetting 0 has 7 endpoint descriptors, different from the interface descriptor's value: 15
[ 3285.821802][T29874] Bluetooth: hci3: command 0x0406 tx timeout
[ 3285.852666][ T5271] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 3285.873883][T27902] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a2, bcdDevice=63.2d
[ 3285.885975][ T5271] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 3285.898631][T27902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3285.914018][ T5271] usb 1-1: Product: syz
[ 3285.926254][ T5271] usb 1-1: Manufacturer: syz
[ 3285.933345][T27902] usb 4-1: Product: syz
[ 3285.975757][T27902] usb 4-1: Manufacturer: syz
[ 3285.998181][ T5271] hub 1-1:4.0: USB hub found
[ 3286.006709][T27902] usb 4-1: SerialNumber: syz
[ 3286.030340][T27902] usb 4-1: config 0 descriptor??
[ 3286.038673][T32297] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 3286.297647][ T5271] hub 1-1:4.0: 2 ports detected
[ 3286.418415][T32297] fuse: Bad value for 'fd'
[ 3287.866272][ T5271] hub 1-1:4.0: hub_hub_status failed (err = -32)
[ 3287.872930][ T5271] hub 1-1:4.0: config failed, can't get hub status (err -32)
[ 3288.288555][ T5271] usb 4-1: USB disconnect, device number 106
[ 3288.504606][ T9396] usb 1-1: USB disconnect, device number 105
[ 3289.307584][T32321] 9pnet_fd: Insufficient options for proto=fd
[ 3289.419901][T32328] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3289.682044][ T5271] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 3289.922987][ T5271] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3290.417859][T32361] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3291.305257][   T29] audit: type=1400 audit(1726108979.283:634): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32353 comm="syz.3.5259" daddr=ff01::1 dest=20000
[ 3291.305634][ T5271] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3291.338137][ T5271] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3291.348851][ T5271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3291.386490][ T5271] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 3291.419388][ T5271] usb 3-1: invalid MIDI out EP 0
[ 3291.604948][T32342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3291.634165][T32342] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3291.682793][ T5271] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3291.749231][T32370] netlink: 'syz.1.5263': attribute type 29 has an invalid length.
[ 3291.761481][T32370] netlink: 'syz.1.5263': attribute type 29 has an invalid length.
[ 3295.066496][T32365] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 3296.514353][T23448] usb 3-1: USB disconnect, device number 108
[ 3297.370429][T32389] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.5266'.
[ 3297.384309][T32389] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3297.387931][T32381] 9pnet_fd: Insufficient options for proto=fd
[ 3298.112397][T32390] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3298.337936][T32406] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3299.538027][T32421] netlink: 'syz.1.5278': attribute type 12 has an invalid length.
[ 3299.755204][   T29] audit: type=1326 audit(1726108988.663:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32424 comm="syz.0.5279" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x0
[ 3302.400131][   T29] audit: type=1326 audit(1726108991.303:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32457 comm="syz.2.5287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x0
[ 3302.497512][T32459] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3303.121241][T32445] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3303.699864][T32472] netlink: 'syz.0.5291': attribute type 12 has an invalid length.
[ 3303.822164][   T29] audit: type=1400 audit(1726108992.723:637): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32464 comm="syz.4.5288" daddr=fe80::bb
[ 3304.436912][T30054] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 3304.661133][T30054] usb 2-1: Using ep0 maxpacket: 8
[ 3304.734483][T30054] usb 2-1: config 0 has an invalid interface number: 246 but max is 0
[ 3305.271389][T30054] usb 2-1: config 0 has no interface number 0
[ 3305.278353][T30054] usb 2-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[ 3305.459785][T32481] 9pnet: Could not find request transport: fd000000000000000000060x0000000000000007
[ 3306.234399][T30054] usb 2-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[ 3306.446776][   T29] audit: type=1400 audit(1726108994.203:638): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32478 comm="syz.0.5294" daddr=fe80::bb
[ 3306.483981][T30054] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3306.667857][T30054] usb 2-1: Product: syz
[ 3306.761359][T30054] usb 2-1: Manufacturer: syz
[ 3306.766093][T30054] usb 2-1: SerialNumber: syz
[ 3307.064624][T30054] usb 2-1: config 0 descriptor??
[ 3307.425172][T30054] usb 2-1: can't set config #0, error -71
[ 3307.444312][T30054] usb 2-1: USB disconnect, device number 125
[ 3307.927690][T32495] netlink: 'syz.0.5297': attribute type 10 has an invalid length.
[ 3307.935745][T32495] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5297'.
[ 3307.945275][T32495] bridge0: port 3(gretap0) entered blocking state
[ 3307.951835][T32495] bridge0: port 3(gretap0) entered disabled state
[ 3307.958367][T32495] gretap0: entered allmulticast mode
[ 3307.964500][T32495] gretap0: entered promiscuous mode
[ 3307.970684][T32495] bridge0: port 3(gretap0) entered blocking state
[ 3307.977182][T32495] bridge0: port 3(gretap0) entered forwarding state
[ 3312.250209][T32521] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3314.221434][T26778] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 3315.638276][T32548] netlink: 'syz.1.5309': attribute type 10 has an invalid length.
[ 3315.646366][T32548] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5309'.
[ 3315.658283][T32548] bridge0: port 3(gretap0) entered blocking state
[ 3315.665297][T32548] bridge0: port 3(gretap0) entered disabled state
[ 3315.673057][T32548] gretap0: entered allmulticast mode
[ 3315.686513][T32548] gretap0: entered promiscuous mode
[ 3315.694046][T32548] bridge0: port 3(gretap0) entered blocking state
[ 3315.700611][T32548] bridge0: port 3(gretap0) entered forwarding state
[ 3316.202452][T23462] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 3316.667255][T23462] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3316.683773][T23462] usb 3-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3316.760478][T32528] 9pnet_fd: Insufficient options for proto=fd
[ 3316.768825][T23462] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3316.801200][T23462] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3316.916344][T23462] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 3317.657825][T23462] usb 3-1: invalid MIDI out EP 0
[ 3317.772645][T23462] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3317.834285][T23462] usb 3-1: USB disconnect, device number 109
[ 3317.920913][T32564] udevd[32564]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3318.468553][T32573] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3320.111744][ T5271] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 3321.136229][ T5271] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3322.037071][ T5271] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3322.057945][ T5271] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3322.069485][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3322.117620][ T5271] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 3322.162089][ T5271] usb 2-1: invalid MIDI out EP 0
[ 3322.324061][T32564] udevd[32564]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3322.326894][T32585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3322.363997][ T5271] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3322.381672][T32585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3322.511240][T26778] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 3322.622647][T23447] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 3322.712887][T26778] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 3322.736260][T26778] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 3322.749508][T26778] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 3322.759464][T26778] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3322.799752][T26778] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 3322.815628][T23447] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3322.827166][T23447] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3322.830217][T26778] usb 1-1: invalid MIDI out EP 0
[ 3322.861544][T23447] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3322.874404][T23447] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3322.884981][T23447] usb 4-1: SerialNumber: syz
[ 3323.004012][T32565] udevd[32565]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3323.048359][T32596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3323.065972][T26778] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 3323.105526][T23447] usb 4-1: 0:2 : does not exist
[ 3323.131894][T32596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3323.257838][T32603] 9pnet_fd: Insufficient options for proto=fd
[ 3323.308110][T23447] usb 4-1: USB disconnect, device number 107
[ 3323.345290][T32564] udevd[32564]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 3323.533770][T32602] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[ 3324.404359][T32621] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3328.069426][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 3328.636643][T26778] usb 2-1: USB disconnect, device number 126
[ 3329.176371][T23399] usb 1-1: USB disconnect, device number 107
[ 3329.183210][T23462] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 3329.231388][T26778] usb 2-1: new full-speed USB device number 127 using dummy_hcd
[ 3329.505900][T23462] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3329.519395][T26778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3329.645028][T23462] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3329.654172][T26778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3329.673221][T23462] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3329.927082][   T29] audit: type=1400 audit(1726109018.633:639): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32660 comm="syz.0.5341" daddr=fe80::bb
[ 3329.950007][T26778] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 3329.975023][T23462] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3330.016081][T26778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3330.145664][T23462] usb 4-1: SerialNumber: syz
[ 3330.239088][T32663] 9pnet: Could not find request transport: fd000000000000000000060x0000000000000007
[ 3330.257089][T26778] usb 2-1: config 0 descriptor??
[ 3330.268064][T26778] hub 2-1:0.0: USB hub found
[ 3330.462010][T23462] usb 4-1: 0:2 : does not exist
[ 3330.612500][T32669] IPVS: length: 191 != 3477681336
[ 3330.680693][T23399] usb 4-1: USB disconnect, device number 108
[ 3330.773497][T26778] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[ 3330.850264][T26778] usbhid 2-1:0.0: can't add hid device: -71
[ 3330.869937][T26778] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 3330.928092][T26778] usb 2-1: USB disconnect, device number 127
[ 3331.819974][T32680] netlink: 'syz.0.5346': attribute type 29 has an invalid length.
[ 3331.841583][T32680] netlink: 'syz.0.5346': attribute type 29 has an invalid length.
[ 3331.843456][T32676] 9pnet_fd: Insufficient options for proto=fd
[ 3332.404486][   T29] audit: type=1400 audit(1726109021.313:640): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32687 comm="syz.3.5348"
[ 3332.627251][T32695] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.5349'.
[ 3332.646512][T32695] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3333.222733][T32703] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.5352'.
[ 3333.233510][T32703] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3334.028650][   T29] audit: type=1326 audit(1726109022.933:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32717 comm="syz.2.5358" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f81d7def9 code=0x0
[ 3334.094661][T32720] netlink: 'syz.1.5359': attribute type 29 has an invalid length.
[ 3334.288295][T32720] netlink: 'syz.1.5359': attribute type 29 has an invalid length.
[ 3335.320470][T32715] 9pnet_fd: Insufficient options for proto=fd
[ 3335.491196][T26778] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[ 3335.701163][T26778] usb 3-1: Using ep0 maxpacket: 16
[ 3335.708296][T26778] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 3335.726897][T26778] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3335.756813][T26778] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 3335.772177][T26778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3335.809300][T26778] usb 3-1: Product: syz
[ 3335.814472][T26778] usb 3-1: Manufacturer: syz
[ 3335.819284][T26778] usb 3-1: SerialNumber: syz
[ 3335.844102][T26778] usb 3-1: config 0 descriptor??
[ 3335.865054][T26778] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 3335.879858][T26778] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[ 3335.931258][T23469] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 3336.113614][   T29] audit: type=1400 audit(1726109025.003:642): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=32735 comm="syz.4.5364" saddr=fe80::aa daddr=fe80::aa dest=20002 netif=wpan0
[ 3336.210409][T23469] usb 2-1: too many configurations: 65, using maximum allowed: 8
[ 3336.249629][T23469] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3336.276655][T23469] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3337.303080][T23447] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 3337.563202][T23447] usb 1-1: config index 0 descriptor too short (expected 64575, got 68)
[ 3337.577261][T23447] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3337.598112][T23447] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[ 3337.618201][T23447] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 3337.634305][T32731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3337.647719][T23447] usb 1-1: config index 1 descriptor too short (expected 64575, got 68)
[ 3337.659034][T32731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3337.675615][T23447] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3337.713978][T23447] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping
[ 3337.738732][   T29] audit: type=1326 audit(1726109026.643:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32756 comm="syz.3.5370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x0
[ 3337.766210][T23447] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[ 3337.774047][T23469] usb 2-1: string descriptor 0 read error: -71
[ 3337.807389][T32739] IPVS: length: 93 != 24
[ 3337.816173][T23469] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3337.817577][T23447] usb 1-1: string descriptor 0 read error: -71
[ 3337.840039][T23447] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 3337.844250][T23469] usb 2-1: No valid video chain found.
[ 3337.856661][T23447] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3337.925218][T23469] usb 2-1: USB disconnect, device number 2
[ 3338.072043][T23447] usb 1-1: can't set config #1, error -71
[ 3338.079918][T23447] usb 1-1: USB disconnect, device number 108
[ 3338.088364][T32647] udevd[32647]: setting mode of /dev/bus/usb/001/108 to 020664 failed: No such file or directory
[ 3338.106584][T32647] udevd[32647]: setting owner of /dev/bus/usb/001/108 to uid=0, gid=0 failed: No such file or directory
[ 3338.836159][T26778] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[ 3338.847192][T26778] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[ 3338.860791][T26778] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[ 3338.932323][T26778] em28xx 3-1:0.0: No AC97 audio processor
[ 3339.033187][T26778] usb 3-1: USB disconnect, device number 110
[ 3339.623945][T26778] em28xx 3-1:0.0: Disconnecting em28xx
[ 3339.669817][T26778] em28xx 3-1:0.0: Freeing device
[ 3340.112776][  T317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 3340.142701][   T29] audit: type=1107 audit(1726109029.043:644): pid=316 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='O'
[ 3340.839690][   T29] audit: type=1326 audit(1726109029.743:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=324 comm="syz.1.5383" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x0
[ 3343.751445][T23399] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 3343.971210][T23447] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 3344.056974][T23399] usb 4-1: too many configurations: 65, using maximum allowed: 8
[ 3344.076157][T23399] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3344.087428][T23399] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3344.095599][  T349] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 3344.108714][  T348] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 3344.171616][T23447] usb 2-1: too many configurations: 65, using maximum allowed: 8
[ 3344.209622][T23447] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3344.238861][T23447] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3344.576631][  T355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3344.630979][  T355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3344.668300][T27902] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 3344.693468][T23399] usb 4-1: string descriptor 0 read error: -71
[ 3344.716468][  T351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3344.830851][  T379] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3344.874444][  T351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3344.935089][T23447] usb 2-1: string descriptor 0 read error: -71
[ 3344.948384][T27902] usb 3-1: Using ep0 maxpacket: 8
[ 3344.967199][T23447] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3344.987982][T27902] usb 3-1: config 150 has an invalid interface number: 204 but max is 1
[ 3345.009402][T23447] usb 2-1: No valid video chain found.
[ 3345.023705][T27902] usb 3-1: config 150 has no interface number 0
[ 3345.049357][T23399] usb 4-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3345.056416][T23399] usb 4-1: No valid video chain found.
[ 3345.058632][T23447] usb 2-1: USB disconnect, device number 3
[ 3345.063933][T23399] usb 4-1: USB disconnect, device number 109
[ 3345.078633][T27902] usb 3-1: config 150 interface 204 has no altsetting 0
[ 3345.097503][T27902] usb 3-1: config 150 interface 1 has no altsetting 0
[ 3345.126889][T27902] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[ 3345.146001][T27902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3345.162595][T27902] usb 3-1: Product: syz
[ 3345.256635][T27902] usb 3-1: Manufacturer: syz
[ 3345.261748][T27902] usb 3-1: SerialNumber: syz
[ 3345.336846][  T383] FAULT_INJECTION: forcing a failure.
[ 3345.336846][  T383] name failslab, interval 1, probability 0, space 0, times 0
[ 3345.371410][  T383] CPU: 0 UID: 0 PID: 383 Comm: syz.0.5401 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3345.382075][  T383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3345.392239][  T383] Call Trace:
[ 3345.395515][  T383]  <TASK>
[ 3345.398442][  T383]  dump_stack_lvl+0x241/0x360
[ 3345.403146][  T383]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3345.408339][  T383]  ? __pfx__printk+0x10/0x10
[ 3345.412928][  T383]  ? kmem_cache_alloc_lru_noprof+0x49/0x2b0
[ 3345.418915][  T383]  ? __pfx___might_resched+0x10/0x10
[ 3345.424198][  T383]  should_fail_ex+0x3b0/0x4e0
[ 3345.428876][  T383]  ? __d_alloc+0x31/0x700
[ 3345.433205][  T383]  should_failslab+0xac/0x100
[ 3345.437880][  T383]  ? __d_alloc+0x31/0x700
[ 3345.442203][  T383]  kmem_cache_alloc_lru_noprof+0x71/0x2b0
[ 3345.447915][  T383]  ? alloc_fd+0x5a1/0x640
[ 3345.452244][  T383]  __d_alloc+0x31/0x700
[ 3345.456400][  T383]  d_alloc_pseudo+0x1f/0xb0
[ 3345.460898][  T383]  alloc_file_pseudo+0x123/0x290
[ 3345.465860][  T383]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 3345.471338][  T383]  ? alloc_fd+0x5a1/0x640
[ 3345.475707][  T383]  anon_inode_getfd+0xce/0x1e0
[ 3345.480488][  T383]  map_create+0xe5b/0x1200
[ 3345.484919][  T383]  ? security_bpf+0x87/0xb0
[ 3345.489429][  T383]  __sys_bpf+0x6d1/0x810
[ 3345.493674][  T383]  ? __pfx___sys_bpf+0x10/0x10
[ 3345.498449][  T383]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3345.504438][  T383]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3345.510762][  T383]  ? do_syscall_64+0x100/0x230
[ 3345.515524][  T383]  __x64_sys_bpf+0x7c/0x90
[ 3345.519937][  T383]  do_syscall_64+0xf3/0x230
[ 3345.524456][  T383]  ? clear_bhb_loop+0x35/0x90
[ 3345.529157][  T383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3345.535059][  T383] RIP: 0033:0x7f138bb7def9
[ 3345.539472][  T383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3345.559112][  T383] RSP: 002b:00007f138c9ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3345.567525][  T383] RAX: ffffffffffffffda RBX: 00007f138bd35f80 RCX: 00007f138bb7def9
[ 3345.575491][  T383] RDX: 0000000000000048 RSI: 00000000200000c0 RDI: 0000000000000000
[ 3345.583461][  T383] RBP: 00007f138c9ae090 R08: 0000000000000000 R09: 0000000000000000
[ 3345.591433][  T383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3345.599402][  T383] R13: 0000000000000001 R14: 00007f138bd35f80 R15: 00007ffdcbf5df18
[ 3345.607380][  T383]  </TASK>
[ 3345.740291][  T387] tipc: Started in network mode
[ 3345.745912][  T387] tipc: Node identity 5f6c656e3a20380a, cluster identity 4711
[ 3345.754470][  T387] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 3345.933629][  T373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3345.968387][T27902] xr_serial 3-1:150.204: xr_serial converter detected
[ 3346.000321][   T29] audit: type=1400 audit(1726109034.903:646): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=386 comm="syz.0.5403"
[ 3346.016096][  T373] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3346.077773][   T29] audit: type=1400 audit(1726109034.933:647): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=386 comm="syz.0.5403"
[ 3346.110738][T27902] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[ 3346.134872][T27902] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[ 3346.165064][T27902] usb 3-1: USB disconnect, device number 111
[ 3346.184969][T27902] xr_serial 3-1:150.204: device disconnected
[ 3346.316871][T23447] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 3346.507553][T23447] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3346.518750][T23447] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3347.007651][  T399] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 3347.234407][T23447] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3347.243893][T23447] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3347.253547][T23447] usb 4-1: SerialNumber: syz
[ 3347.619422][  T420] netlink: 'syz.1.5413': attribute type 29 has an invalid length.
[ 3347.620201][T23447] usb 4-1: 0:2 : does not exist
[ 3347.831203][T27902] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 3347.909902][T18225] usb 4-1: USB disconnect, device number 110
[ 3348.022328][T27902] usb 3-1: Using ep0 maxpacket: 8
[ 3348.037469][T27902] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[ 3348.046916][T27902] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 3348.062466][T27902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3348.075859][T27902] usb 3-1: config 0 has no interface number 0
[ 3348.099955][T27902] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 40
[ 3348.120598][T27902] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 3348.134220][T27902] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[ 3348.147723][T27902] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3348.158757][T27902] usb 3-1: config 0 interface 188 altsetting 0 has 7 endpoint descriptors, different from the interface descriptor's value: 15
[ 3348.192635][T27902] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a2, bcdDevice=63.2d
[ 3348.202178][T27902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3348.210299][T27902] usb 3-1: Product: syz
[ 3348.215281][T27902] usb 3-1: Manufacturer: syz
[ 3348.220007][T27902] usb 3-1: SerialNumber: syz
[ 3348.256538][T27902] usb 3-1: config 0 descriptor??
[ 3348.268466][  T418] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 3348.361266][T23469] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 3348.515544][T26778] usb 3-1: USB disconnect, device number 112
[ 3348.551980][T23469] usb 1-1: too many configurations: 65, using maximum allowed: 8
[ 3348.574839][T23469] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3348.603574][T23469] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3349.053839][  T430] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3349.086305][  T430] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3349.127325][T23469] usb 1-1: string descriptor 0 read error: -71
[ 3349.134164][T23469] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3349.142026][T23469] usb 1-1: No valid video chain found.
[ 3349.150329][T23469] usb 1-1: USB disconnect, device number 109
[ 3354.361780][T18225] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 3356.225176][T29874] Bluetooth: hci1: command 0x0406 tx timeout
[ 3356.257010][  T449] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 3356.610557][  T468] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5424'.
[ 3358.743398][   T29] audit: type=1400 audit(1726109047.643:648): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=489 comm="syz.1.5434"
[ 3359.861157][T26778] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 3359.961571][  T507] netlink: 'syz.3.5439': attribute type 29 has an invalid length.
[ 3359.972677][  T507] netlink: 'syz.3.5439': attribute type 29 has an invalid length.
[ 3360.046036][  T509] netlink: 'syz.0.5440': attribute type 29 has an invalid length.
[ 3360.073673][T26778] usb 3-1: too many configurations: 65, using maximum allowed: 8
[ 3360.105945][T26778] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3360.116490][T26778] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3360.546574][  T494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3360.556471][  T494] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3360.600539][T26778] usb 3-1: string descriptor 0 read error: -71
[ 3360.608426][  T500] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 3360.618302][T26778] usb 3-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3360.633105][T26778] usb 3-1: No valid video chain found.
[ 3360.644893][T26778] usb 3-1: USB disconnect, device number 113
[ 3360.780666][   T29] audit: type=1326 audit(1726109049.683:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=512 comm="syz.4.5441" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75c837def9 code=0x0
[ 3361.735618][  T520] FAULT_INJECTION: forcing a failure.
[ 3361.735618][  T520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3361.825006][  T520] CPU: 0 UID: 0 PID: 520 Comm: syz.0.5443 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3361.835663][  T520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3361.845754][  T520] Call Trace:
[ 3361.849051][  T520]  <TASK>
[ 3361.852010][  T520]  dump_stack_lvl+0x241/0x360
[ 3361.856726][  T520]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3361.861974][  T520]  ? __pfx__printk+0x10/0x10
[ 3361.866587][  T520]  ? __pfx_lock_release+0x10/0x10
[ 3361.871632][  T520]  should_fail_ex+0x3b0/0x4e0
[ 3361.876350][  T520]  _copy_to_user+0x2f/0xb0
[ 3361.880805][  T520]  bpf_verifier_vlog+0x31e/0x860
[ 3361.885795][  T520]  __btf_verifier_log+0xd5/0x120
[ 3361.890805][  T520]  ? __btf_verifier_log_type+0x438/0x640
[ 3361.897428][  T520]  ? __pfx___btf_verifier_log+0x10/0x10
[ 3361.903016][  T520]  ? sort_r+0x22c3/0x2960
[ 3361.907395][  T520]  __btf_verifier_log_type+0x450/0x640
[ 3361.913011][  T520]  ? btf_var_check_meta+0x8a/0x5f0
[ 3361.918332][  T520]  ? sort_r+0x1d0f/0x2960
[ 3361.922700][  T520]  ? __pfx___btf_verifier_log_type+0x10/0x10
[ 3361.928731][  T520]  btf_var_check_meta+0x3f9/0x5f0
[ 3361.933806][  T520]  btf_parse_type_sec+0x4d5/0x2620
[ 3361.938972][  T520]  ? bpf_verifier_vlog+0x32b/0x860
[ 3361.944399][  T520]  ? btf_check_sec_info+0x379/0x4f0
[ 3361.949650][  T520]  ? __pfx_btf_parse_type_sec+0x10/0x10
[ 3361.955240][  T520]  ? btf_parse_str_sec+0x21f/0x2b0
[ 3361.960385][  T520]  btf_new_fd+0x43f/0xd30
[ 3361.964729][  T520]  ? safesetid_security_capable+0xb2/0x1d0
[ 3361.970545][  T520]  ? __pfx_btf_new_fd+0x10/0x10
[ 3361.975411][  T520]  ? bpf_btf_load+0xcf/0x1a0
[ 3361.980100][  T520]  __sys_bpf+0x6ef/0x810
[ 3361.984344][  T520]  ? __pfx___sys_bpf+0x10/0x10
[ 3361.989114][  T520]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3361.995095][  T520]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3362.001423][  T520]  ? do_syscall_64+0x100/0x230
[ 3362.006191][  T520]  __x64_sys_bpf+0x7c/0x90
[ 3362.010609][  T520]  do_syscall_64+0xf3/0x230
[ 3362.015112][  T520]  ? clear_bhb_loop+0x35/0x90
[ 3362.019791][  T520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3362.025687][  T520] RIP: 0033:0x7f138bb7def9
[ 3362.030099][  T520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3362.049701][  T520] RSP: 002b:00007f138c9ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3362.058200][  T520] RAX: ffffffffffffffda RBX: 00007f138bd35f80 RCX: 00007f138bb7def9
[ 3362.066172][  T520] RDX: 0000000000000020 RSI: 00000000200004c0 RDI: 0000000000000012
[ 3362.074143][  T520] RBP: 00007f138c9ae090 R08: 0000000000000000 R09: 0000000000000000
[ 3362.082124][  T520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 3362.090101][  T520] R13: 0000000000000000 R14: 00007f138bd35f80 R15: 00007ffdcbf5df18
[ 3362.098172][  T520]  </TASK>
[ 3362.125954][  T533] netlink: 'syz.4.5447': attribute type 29 has an invalid length.
[ 3362.138277][  T530] netlink: 'syz.4.5447': attribute type 29 has an invalid length.
[ 3362.336098][  T532] 9pnet_fd: Insufficient options for proto=fd
[ 3362.643772][  T539] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5448'.
[ 3363.366958][   T29] audit: type=1326 audit(1726109052.263:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=546 comm="syz.4.5452" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75c837def9 code=0x0
[ 3363.831414][ T5271] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 3364.711159][ T5271] usb 2-1: Using ep0 maxpacket: 16
[ 3364.728592][ T5271] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 3364.752967][ T5271] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 3364.795833][ T5271] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 3364.806421][ T5271] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3364.819523][ T5271] usb 2-1: Product: syz
[ 3364.832944][ T5271] usb 2-1: Manufacturer: syz
[ 3364.839775][ T5271] usb 2-1: SerialNumber: syz
[ 3364.889024][ T5271] usb 2-1: config 0 descriptor??
[ 3364.931307][ T5271] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 3364.952631][ T5271] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[ 3367.217961][   T29] audit: type=1400 audit(1726109055.883:651): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=557 comm="syz.2.5454"
[ 3368.061732][ T5271] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[ 3368.069430][ T5271] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[ 3368.077170][ T5271] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[ 3368.084347][ T5271] em28xx 2-1:0.0: No AC97 audio processor
[ 3368.103383][ T5271] usb 2-1: USB disconnect, device number 5
[ 3368.138409][ T5271] em28xx 2-1:0.0: Disconnecting em28xx
[ 3368.194128][ T5271] em28xx 2-1:0.0: Freeing device
[ 3368.636374][   T29] audit: type=1326 audit(1726109057.543:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=569 comm="syz.3.5457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x0
[ 3368.743202][ T5271] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 3369.621103][  T577] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 3369.764227][ T5271] usb 2-1: too many configurations: 65, using maximum allowed: 8
[ 3369.824785][ T5271] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3369.844343][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3369.981312][T26778] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 3370.238215][T26778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3370.266019][T26778] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3370.446075][T26778] usb 4-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00
[ 3370.455375][T26778] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3370.468699][T26778] usb 4-1: config 0 descriptor??
[ 3370.479015][  T565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3371.013084][  T593] netlink: 'syz.0.5464': attribute type 3 has an invalid length.
[ 3371.053653][  T565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3371.109225][   T29] audit: type=1400 audit(1726109060.013:653): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=578 comm="syz.2.5459"
[ 3371.211266][ T5271] usb 2-1: string descriptor 0 read error: -71
[ 3371.246760][   T29] audit: type=1400 audit(1726109060.013:654): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=578 comm="syz.2.5459" dest=500
[ 3371.285310][ T5271] usb 2-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3371.311449][ T5271] usb 2-1: No valid video chain found.
[ 3371.346996][ T5271] usb 2-1: USB disconnect, device number 6
[ 3371.532891][T26778] usbhid 4-1:0.0: can't add hid device: -71
[ 3371.539079][T26778] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 3371.569889][T26778] usb 4-1: USB disconnect, device number 111
[ 3371.751688][  T601] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3372.892028][  T612] sp0: Synchronizing with TNC
[ 3373.054975][   T29] audit: type=1400 audit(1726109061.873:655): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=607 comm="syz.3.5469"
[ 3373.394035][  T610] [U] è
[ 3374.108508][  T627] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3378.596474][T23469] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[ 3378.982860][T23462] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 3379.131229][T23469] usb 1-1: device descriptor read/64, error -71
[ 3379.291110][T23462] usb 4-1: Using ep0 maxpacket: 8
[ 3379.300713][T23462] usb 4-1: no configurations
[ 3379.306783][T23462] usb 4-1: can't read configurations, error -22
[ 3379.481368][T23469] usb 1-1: new high-speed USB device number 111 using dummy_hcd
[ 3379.489224][T23462] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 3379.821516][T23462] usb 4-1: Using ep0 maxpacket: 8
[ 3379.822724][T23469] usb 1-1: too many configurations: 65, using maximum allowed: 8
[ 3379.849459][T23462] usb 4-1: no configurations
[ 3380.083167][T23462] usb 4-1: can't read configurations, error -22
[ 3380.101635][T23462] usb usb4-port1: attempt power cycle
[ 3380.120333][T23469] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3380.131012][T23469] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3381.246405][  T645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3381.285036][  T645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3381.321171][T23462] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 3381.352002][T23462] usb 4-1: Using ep0 maxpacket: 8
[ 3381.357672][T23462] usb 4-1: no configurations
[ 3381.364833][T23462] usb 4-1: can't read configurations, error -22
[ 3381.414981][T23469] usb 1-1: string descriptor 0 read error: -71
[ 3381.431281][T23469] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3381.438444][T23469] usb 1-1: No valid video chain found.
[ 3381.453818][T23469] usb 1-1: USB disconnect, device number 111
[ 3381.666237][T23462] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 3381.713720][T23462] usb 4-1: device descriptor read/8, error -71
[ 3381.810489][  T675] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3381.844736][T23462] usb usb4-port1: unable to enumerate USB device
[ 3382.411924][  T681] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5490'.
[ 3386.325546][  T708] netlink: 'syz.1.5499': attribute type 12 has an invalid length.
[ 3386.350045][   T29] audit: type=1326 audit(1726109075.253:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.381154][T27902] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 3386.683720][   T29] audit: type=1326 audit(1726109075.253:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.736741][   T29] audit: type=1326 audit(1726109075.253:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.783963][  T714] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.5500'.
[ 3386.801723][T27902] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 3386.812869][  T714] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 3386.817105][T27902] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 3386.840398][   T29] audit: type=1326 audit(1726109075.253:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.893123][T27902] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 3386.918813][   T29] audit: type=1326 audit(1726109075.253:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.926833][T27902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 3386.984501][   T29] audit: type=1326 audit(1726109075.253:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3386.994156][T27902] usb 4-1: SerialNumber: syz
[ 3387.058728][   T29] audit: type=1326 audit(1726109075.253:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3387.111139][ T5271] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[ 3387.121189][ T9396] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 3387.211464][   T29] audit: type=1326 audit(1726109075.253:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3387.271068][   T29] audit: type=1326 audit(1726109075.253:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3387.275917][T27902] usb 4-1: 0:2 : does not exist
[ 3387.308898][ T5271] usb 1-1: too many configurations: 65, using maximum allowed: 8
[ 3387.325567][T27902] usb 4-1: unit 5: unexpected type 0x09
[ 3387.341211][ T9396] usb 2-1: Using ep0 maxpacket: 8
[ 3387.349862][ T9396] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[ 3387.366924][   T29] audit: type=1326 audit(1726109075.253:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=703 comm="syz.0.5496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f138bb7def9 code=0x7ffc0000
[ 3387.369644][ T9396] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[ 3387.390574][  T722] netlink: 132 bytes leftover after parsing attributes in process `syz.2.5503'.
[ 3387.415496][  T722] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5503'.
[ 3387.426259][  T724] netlink: 'syz.4.5504': attribute type 29 has an invalid length.
[ 3387.433985][ T5271] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3387.437761][  T724] netlink: 'syz.4.5504': attribute type 29 has an invalid length.
[ 3387.453689][ T5271] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3387.470313][ T9396] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 3387.494723][  T722] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5503'.
[ 3387.525090][ T9396] usb 2-1: config 0 has no interface number 0
[ 3387.551705][ T9396] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 40
[ 3387.589396][ T9396] usb 2-1: config 0 interface 188 altsetting 0 endpoint 0xF has invalid maxpacket 1024, setting to 64
[ 3387.656666][ T9396] usb 2-1: config 0 interface 188 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[ 3387.671744][T18225] usb 4-1: USB disconnect, device number 116
[ 3387.681473][ T9396] usb 2-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 3387.706030][ T9396] usb 2-1: config 0 interface 188 altsetting 0 has 7 endpoint descriptors, different from the interface descriptor's value: 15
[ 3387.753894][ T9396] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a2, bcdDevice=63.2d
[ 3387.766492][ T9396] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3387.794270][ T9396] usb 2-1: Product: syz
[ 3387.798986][ T9396] usb 2-1: Manufacturer: syz
[ 3387.817477][ T9396] usb 2-1: SerialNumber: syz
[ 3387.847570][ T9396] usb 2-1: config 0 descriptor??
[ 3387.862870][  T719] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 3387.931491][T23462] usb 3-1: new full-speed USB device number 114 using dummy_hcd
[ 3387.954769][  T717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3387.987174][  T717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3388.008938][ T5271] usb 1-1: string descriptor 0 read error: -71
[ 3388.020762][ T5271] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3388.034561][ T5271] usb 1-1: No valid video chain found.
[ 3388.054132][ T5271] usb 1-1: USB disconnect, device number 112
[ 3388.152925][T23462] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 3388.184543][T23462] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 3388.197921][T23462] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 3388.216879][T23462] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3388.488765][T23462] usb 3-1: usb_control_msg returned -32
[ 3388.495067][T23462] usbtmc 3-1:16.0: can't read capabilities
[ 3388.638563][ T5271] usb 2-1: USB disconnect, device number 7
[ 3389.504255][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 3389.577805][  T747] usbtmc 3-1:16.0: usbtmc_ioctl_request failed -32
[ 3389.689852][  T751] netlink: 'syz.3.5512': attribute type 12 has an invalid length.
[ 3389.907302][  T756] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5513'.
[ 3390.040911][  T756] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5513'.
[ 3390.097280][  T755] 9pnet_fd: Insufficient options for proto=fd
[ 3391.004774][ T9396] usb 3-1: USB disconnect, device number 114
[ 3391.152800][  T768] netlink: 'syz.2.5517': attribute type 29 has an invalid length.
[ 3391.202633][  T768] netlink: 'syz.2.5517': attribute type 29 has an invalid length.
[ 3391.278846][  T772] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5516'.
[ 3391.340653][  T772] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5516'.
[ 3392.481213][T23462] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 3392.648214][  T792] netlink: 'syz.2.5524': attribute type 12 has an invalid length.
[ 3392.968272][T23462] usb 4-1: too many configurations: 65, using maximum allowed: 8
[ 3393.010162][T23462] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3393.031356][T23462] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3396.079186][  T804] veth0_vlan: entered allmulticast mode
[ 3396.139249][T23462] usb 4-1: can't set config #250, error -71
[ 3396.151559][T23462] usb 4-1: USB disconnect, device number 117
[ 3396.287721][  T804] veth0_vlan: left promiscuous mode
[ 3396.295758][  T804] veth0_vlan: entered promiscuous mode
[ 3397.386662][  T824] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5531'.
[ 3397.481083][   T29] kauditd_printk_skb: 34 callbacks suppressed
[ 3397.481748][   T29] audit: type=1400 audit(1726109086.383:700): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=826 comm="syz.4.5534" daddr=fc00:: dest=20000
[ 3397.489353][  T824] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5531'.
[ 3397.513328][  T828] Process accounting resumed
[ 3397.573632][  T830] netlink: 'syz.1.5535': attribute type 29 has an invalid length.
[ 3397.612428][  T830] netlink: 'syz.1.5535': attribute type 29 has an invalid length.
[ 3397.920906][  T838] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! 
[ 3397.920906][  T838] cct.usage_percpu_sys'
[ 3402.846450][  T844] netlink: 'syz.1.5538': attribute type 12 has an invalid length.
[ 3403.921475][   T29] audit: type=1400 audit(1726109092.833:701): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=852 comm="syz.1.5542" daddr=::ffff:172.20.20.187 dest=57599
[ 3404.088608][  T859] netlink: 260 bytes leftover after parsing attributes in process `syz.1.5543'.
[ 3404.261810][   T29] audit: type=1400 audit(1726109093.143:702): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=858 comm="syz.1.5543" daddr=ff02::1
[ 3405.474353][T19669] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 3405.509932][T19669] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 3405.514513][  T880] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5547'.
[ 3405.590701][T19669] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 3405.605641][T19669] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 3405.618561][T19669] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 3405.628297][T19669] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 3405.651735][T23447] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 3406.078325][  T881] netlink: 'syz.1.5549': attribute type 29 has an invalid length.
[ 3406.112090][T23447] usb 4-1: Using ep0 maxpacket: 8
[ 3406.121700][  T882] netlink: 'syz.1.5549': attribute type 29 has an invalid length.
[ 3406.142789][T23447] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.08
[ 3406.170713][T23447] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3406.205917][T23447] usb 4-1: config 0 descriptor??
[ 3406.243362][T23447] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[ 3406.875180][T23447] usb 4-1: USB disconnect, device number 118
[ 3407.922653][T28618] Bluetooth: hci2: command tx timeout
[ 3409.983167][T28618] Bluetooth: hci2: command tx timeout
[ 3412.063439][T28618] Bluetooth: hci2: command tx timeout
[ 3414.145404][T28618] Bluetooth: hci2: command tx timeout
[ 3414.226564][  T877] chnl_net:caif_netlink_parms(): no params data found
[ 3415.183743][  T921] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[ 3415.190289][  T921] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[ 3415.198149][  T921] vhci_hcd vhci_hcd.0: Device attached
[ 3415.211771][  T922] vhci_hcd: connection closed
[ 3415.230876][ T1107] vhci_hcd: stop threads
[ 3415.241492][ T1107] vhci_hcd: release socket
[ 3415.245951][ T1107] vhci_hcd: disconnect device
[ 3415.254281][  T877] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3415.289612][  T877] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3415.302830][  T877] bridge_slave_0: entered allmulticast mode
[ 3415.332793][  T877] bridge_slave_0: entered promiscuous mode
[ 3415.343971][  T877] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3415.351294][  T877] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3415.358517][  T877] bridge_slave_1: entered allmulticast mode
[ 3415.367010][  T877] bridge_slave_1: entered promiscuous mode
[ 3415.374811][  T927] netlink: 260 bytes leftover after parsing attributes in process `syz.1.5558'.
[ 3415.510892][  T877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3415.525010][   T29] audit: type=1400 audit(1726109104.433:703): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=926 comm="syz.1.5558" daddr=ff02::1
[ 3415.560155][  T877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3415.667536][  T877] team0: Port device team_slave_0 added
[ 3415.768308][  T877] team0: Port device team_slave_1 added
[ 3415.831753][  T877] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3415.845282][  T877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3415.883146][  T877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3415.988486][  T877] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3416.008145][  T877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3416.097816][  T877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3416.384075][  T877] hsr_slave_0: entered promiscuous mode
[ 3416.593977][  T877] hsr_slave_1: entered promiscuous mode
[ 3416.619988][  T877] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3416.668532][  T877] Cannot create hsr debugfs directory
[ 3416.876072][  T948] IPVS: length: 191 != 3477681336
[ 3417.404985][  T877] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3420.597121][T23469] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 3420.848494][  T877] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3421.121214][   T29] audit: type=1400 audit(1726109110.023:704): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=970 comm="syz.4.5566" daddr=fe80::aa
[ 3421.210677][  T877] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3421.617111][   T29] audit: type=1400 audit(1726109110.503:705): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=975 comm="syz.1.5567" daddr=ff01::1 dest=20000
[ 3422.003754][  T877] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3422.368972][  T987] netlink: 260 bytes leftover after parsing attributes in process `syz.4.5570'.
[ 3422.467572][   T29] audit: type=1400 audit(1726109111.373:706): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=986 comm="syz.4.5570" daddr=ff02::1
[ 3422.577590][  T999] netlink: 'syz.1.5572': attribute type 29 has an invalid length.
[ 3422.626733][  T999] netlink: 'syz.1.5572': attribute type 29 has an invalid length.
[ 3422.902899][  T877] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 3424.003366][  T877] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 3424.043947][  T877] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 3428.893437][  T877] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 3430.097344][   T29] audit: type=1400 audit(1726109118.933:707): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1040 comm="syz.3.5581" daddr=ff01::1 dest=20000
[ 3430.272808][  T877] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3430.356208][ T1057] netlink: 260 bytes leftover after parsing attributes in process `syz.4.5585'.
[ 3430.372013][  T877] 8021q: adding VLAN 0 to HW filter on device team0
[ 3431.089006][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3431.096234][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3431.254116][T22199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3431.261329][T22199] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3431.261792][   T29] audit: type=1400 audit(1726109120.173:708): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1053 comm="syz.4.5585" daddr=ff02::1
[ 3431.675592][  T877] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3431.814824][  T877] veth0_vlan: entered promiscuous mode
[ 3431.829914][  T877] veth1_vlan: entered promiscuous mode
[ 3431.905536][  T877] veth0_macvtap: entered promiscuous mode
[ 3431.936672][  T877] veth1_macvtap: entered promiscuous mode
[ 3431.979708][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3431.999096][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.023197][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3432.035181][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.045567][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3432.056467][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.066804][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3432.077666][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.087815][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 3432.098560][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.115723][  T877] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 3432.138104][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3432.152880][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.163505][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3432.174388][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.184370][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3432.195039][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.204957][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3432.217781][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.228073][  T877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 3432.238998][  T877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3432.250316][  T877] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 3432.269796][  T877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 3432.278721][  T877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 3432.287753][  T877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 3432.296981][  T877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 3432.393141][ T9178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3432.406199][ T9178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3432.432380][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 3432.440373][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 3432.761328][T31084] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 3432.946679][T31084] usb 1-1: too many configurations: 65, using maximum allowed: 8
[ 3432.967520][T31084] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3432.976806][T31084] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3433.392767][ T1075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3433.401949][ T1075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3433.420678][T31084] usb 1-1: string descriptor 0 read error: -71
[ 3433.431464][T31084] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3433.440687][T31084] usb 1-1: No valid video chain found.
[ 3433.448565][T31084] usb 1-1: USB disconnect, device number 113
[ 3450.943036][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 3459.002542][ T1084] FAULT_INJECTION: forcing a failure.
[ 3459.002542][ T1084] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 3459.312474][ T1084] CPU: 1 UID: 0 PID: 1084 Comm: syz.0.5590 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3459.323296][ T1084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3459.333380][ T1084] Call Trace:
[ 3459.336679][ T1084]  <TASK>
[ 3459.339619][ T1084]  dump_stack_lvl+0x241/0x360
[ 3459.344323][ T1084]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3459.349537][ T1084]  ? __pfx__printk+0x10/0x10
[ 3459.354143][ T1084]  ? __pfx_lock_release+0x10/0x10
[ 3459.359183][ T1084]  ? __lock_acquire+0x137a/0x2040
[ 3459.364220][ T1084]  should_fail_ex+0x3b0/0x4e0
[ 3459.368913][ T1084]  _copy_from_user+0x2f/0xe0
[ 3459.373520][ T1084]  io_submit_one+0xc1/0x18b0
[ 3459.378164][ T1084]  ? __pfx_io_submit_one+0x10/0x10
[ 3459.383288][ T1084]  ? __might_fault+0xaa/0x120
[ 3459.388070][ T1084]  ? __pfx_lock_release+0x10/0x10
[ 3459.393201][ T1084]  ? lookup_ioctx+0x94/0x6a0
[ 3459.397807][ T1084]  ? __might_fault+0xaa/0x120
[ 3459.402492][ T1084]  ? __might_fault+0xc6/0x120
[ 3459.407270][ T1084]  __se_sys_io_submit+0x179/0x2f0
[ 3459.412322][ T1084]  ? __pfx___se_sys_io_submit+0x10/0x10
[ 3459.417965][ T1084]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3459.423966][ T1084]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3459.430317][ T1084]  ? do_syscall_64+0x100/0x230
[ 3459.435185][ T1084]  ? do_syscall_64+0xb6/0x230
[ 3459.439885][ T1084]  do_syscall_64+0xf3/0x230
[ 3459.444398][ T1084]  ? clear_bhb_loop+0x35/0x90
[ 3459.449108][ T1084]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3459.455036][ T1084] RIP: 0033:0x7f26b717def9
[ 3459.459478][ T1084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3459.479106][ T1084] RSP: 002b:00007f26b7fd1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 3459.487549][ T1084] RAX: ffffffffffffffda RBX: 00007f26b7335f80 RCX: 00007f26b717def9
[ 3459.495532][ T1084] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 00007f26b7fa1000
[ 3459.503514][ T1084] RBP: 00007f26b7fd1090 R08: 0000000000000000 R09: 0000000000000000
[ 3459.511594][ T1084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 3459.519586][ T1084] R13: 0000000000000000 R14: 00007f26b7335f80 R15: 00007fff0da80d38
[ 3459.527623][ T1084]  </TASK>
[ 3459.661677][ T1092] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5591'.
[ 3465.010687][   T29] audit: type=1400 audit(1726109152.653:709): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1086 comm="syz.2.5592" daddr=ff01::1 dest=20000
[ 3466.267769][ T1113] 9pnet_fd: Insufficient options for proto=fd
[ 3466.284791][   T29] audit: type=1400 audit(1726109155.193:710): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1108 comm="syz.1.5597" daddr=fe80::bb
[ 3467.082253][ T1114] netlink: 260 bytes leftover after parsing attributes in process `syz.0.5598'.
[ 3467.206344][   T29] audit: type=1400 audit(1726109156.113:711): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1112 comm="syz.0.5598" daddr=ff02::1
[ 3467.372878][ T1125] smk_cipso_doi:695 remove rc = -2
[ 3467.378475][ T1125] smk_cipso_doi:708 cipso add rc = -17
[ 3467.432933][   T29] audit: type=1326 audit(1726109156.333:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.475704][   T29] audit: type=1326 audit(1726109156.333:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.525983][T27902] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 3467.551969][   T29] audit: type=1326 audit(1726109156.333:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.603539][   T29] audit: type=1326 audit(1726109156.333:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.638249][   T29] audit: type=1326 audit(1726109156.333:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.675813][   T29] audit: type=1326 audit(1726109156.343:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.710904][   T29] audit: type=1326 audit(1726109156.343:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1123 comm="syz.1.5602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x7ffc0000
[ 3467.721905][T27902] usb 4-1: too many configurations: 65, using maximum allowed: 8
[ 3467.818941][T27902] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[ 3467.849461][T27902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3468.874044][ T1129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 3468.887176][ T1129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 3469.105046][T27902] usb 4-1: string descriptor 0 read error: -71
[ 3469.130692][T27902] usb 4-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[ 3469.156907][T27902] usb 4-1: No valid video chain found.
[ 3469.211908][T27902] usb 4-1: USB disconnect, device number 119
[ 3470.285691][ T1142] netlink: 'syz.2.5607': attribute type 29 has an invalid length.
[ 3470.347040][ T1144] netlink: 'syz.2.5607': attribute type 29 has an invalid length.
[ 3470.400329][   T29] kauditd_printk_skb: 7 callbacks suppressed
[ 3470.400348][   T29] audit: type=1326 audit(1726109159.303:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1143 comm="syz.1.5608" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2f4e97def9 code=0x0
[ 3470.936545][ T1156] 9pnet_fd: Insufficient options for proto=fd
[ 3470.957407][   T29] audit: type=1400 audit(1726109159.863:727): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1151 comm="syz.0.5610" daddr=fe80::bb
[ 3471.832496][T27902] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 3472.021715][T27902] usb 4-1: device descriptor read/64, error -71
[ 3472.605381][ T1160] netlink: 260 bytes leftover after parsing attributes in process `syz.0.5613'.
[ 3472.661180][T27902] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 3472.941792][T27902] usb 4-1: device descriptor read/64, error -71
[ 3473.216359][T27902] usb usb4-port1: attempt power cycle
[ 3473.492691][   T29] audit: type=1400 audit(1726109162.393:728): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1157 comm="syz.0.5613" daddr=ff02::1
[ 3473.715768][ T1177] netlink: 'syz.0.5618': attribute type 12 has an invalid length.
[ 3474.170378][T23462] usb 1-1: new full-speed USB device number 114 using dummy_hcd
[ 3475.093060][T23462] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 3475.337919][   T29] audit: type=1400 audit(1726109164.153:729): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1187 comm="syz.2.5621" daddr=ff01::1 dest=20000
[ 3476.226838][ T1203] 9pnet_fd: Insufficient options for proto=fd
[ 3476.301712][T23462] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3476.383711][T23462] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 3476.392860][T23462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3476.411826][T23462] usb 1-1: config 0 descriptor??
[ 3476.428860][T23462] hub 1-1:0.0: USB hub found
[ 3476.436857][   T29] audit: type=1400 audit(1726109165.153:730): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1189 comm="syz.1.5623" daddr=fe80::bb
[ 3476.721220][T23462] hub 1-1:0.0: 1 port detected
[ 3476.828697][T23462] hub 1-1:0.0: hub_hub_status failed (err = -71)
[ 3476.837244][T23462] hub 1-1:0.0: config failed, can't get hub status (err -71)
[ 3476.975316][T23462] usbhid 1-1:0.0: can't add hid device: -71
[ 3476.989418][T23462] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 3477.022156][   T29] audit: type=1400 audit(1726109165.923:731): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1194 comm="syz.3.5624" daddr=fc01:: dest=20001
[ 3477.118424][T23462] usb 1-1: USB disconnect, device number 114
[ 3477.216667][ T1201] __vm_enough_memory: pid: 1201, comm: syz.3.5624, bytes: 549611634688 not enough memory for the allocation
[ 3478.524643][ T1219] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 3478.536054][ T1221] netlink: 260 bytes leftover after parsing attributes in process `syz.4.5628'.
[ 3478.748926][   T29] audit: type=1400 audit(1726109167.653:732): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1220 comm="syz.4.5628" daddr=ff02::1
[ 3480.303734][ T1236] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5630'.
[ 3481.365928][ T1255] Process accounting resumed
[ 3482.891553][ T1269] qrtr: Invalid version 0
[ 3484.125275][ T1264] pim6reg: entered allmulticast mode
[ 3484.202720][ T1264] pim6reg: left allmulticast mode
[ 3484.313777][ T1279] 9pnet_fd: Insufficient options for proto=fd
[ 3484.334698][   T29] audit: type=1400 audit(1726109173.243:733): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1261 comm="syz.1.5636" daddr=fe80::bb
[ 3484.508638][ T1281] xt_nfacct: accounting object `syz1' does not exists
[ 3484.748440][ T1284] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0
[ 3485.607250][ T1293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 3486.455985][ T1301] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5642'.
[ 3486.466648][ T1301] Bluetooth: MGMT ver 1.23
[ 3486.725938][ T1300] netlink: 260 bytes leftover after parsing attributes in process `syz.3.5643'.
[ 3486.830523][   T29] audit: type=1400 audit(1726109175.733:734): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1299 comm="syz.3.5643" daddr=ff02::1
[ 3488.221944][ T1309] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5644'.
[ 3489.974015][   T29] audit: type=1400 audit(1726109178.403:735): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1318 comm="syz.1.5649"
[ 3491.701770][T19669] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 3491.718623][T19669] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 3491.730764][T19669] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 3491.739984][T19669] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 3491.750171][T19669] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 3491.758686][T19669] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 3493.241809][ T9396] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 3493.265042][   T29] audit: type=1400 audit(1726109182.173:736): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1356 comm="syz.1.5656" daddr=ff01::1
[ 3493.374345][ T6480] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3493.495742][ T9396] usb 4-1: config 6 has an invalid interface number: 169 but max is 1
[ 3493.526212][ T9396] usb 4-1: config 6 has no interface number 1
[ 3493.559290][ T9396] usb 4-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=e9.34
[ 3493.627353][ T9396] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3493.671770][ T6480] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3493.682824][ T9396] usb 4-1: Product: syz
[ 3493.687052][ T9396] usb 4-1: Manufacturer: syz
[ 3493.702201][ T9396] usb 4-1: SerialNumber: syz
[ 3493.831693][T19669] Bluetooth: hci0: command tx timeout
[ 3493.880665][ T6480] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3494.029477][  T662] usb 4-1: USB disconnect, device number 123
[ 3494.825043][ T6480] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3494.946677][ T1341] chnl_net:caif_netlink_parms(): no params data found
[ 3495.375047][ T1341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3495.404636][ T1341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3495.421551][ T1341] bridge_slave_0: entered allmulticast mode
[ 3495.439391][ T1341] bridge_slave_0: entered promiscuous mode
[ 3495.485277][ T6480] gretap0: left allmulticast mode
[ 3495.513464][ T6480] gretap0: left promiscuous mode
[ 3495.518664][ T6480] bridge0: port 3(gretap0) entered disabled state
[ 3495.551989][ T6480] bridge_slave_1: left allmulticast mode
[ 3495.564655][ T6480] bridge_slave_1: left promiscuous mode
[ 3495.575313][ T6480] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3495.606863][ T6480] bridge_slave_0: left allmulticast mode
[ 3495.618415][ T6480] bridge_slave_0: left promiscuous mode
[ 3495.639015][ T6480] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3495.946062][T19669] Bluetooth: hci0: command tx timeout
[ 3496.081742][   T29] audit: type=1326 audit(1726109184.893:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.509672][   T29] audit: type=1326 audit(1726109184.893:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.637333][   T29] audit: type=1326 audit(1726109184.903:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.741164][   T29] audit: type=1326 audit(1726109184.913:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.811346][   T29] audit: type=1326 audit(1726109184.913:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.863018][   T29] audit: type=1326 audit(1726109184.933:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.926965][   T29] audit: type=1326 audit(1726109184.943:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3496.961739][T23462] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 3496.999828][   T29] audit: type=1326 audit(1726109184.943:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1390 comm="syz.3.5664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3497.181153][T23462] usb 4-1: Using ep0 maxpacket: 8
[ 3497.192976][T23462] usb 4-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[ 3497.228608][T23462] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3497.255596][T23462] usb 4-1: config 0 descriptor??
[ 3497.272543][T23462] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[ 3497.288595][T23462] ftdi_sio ttyUSB0: unknown device type: 0x256
[ 3497.916587][ T6480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3497.928028][ T6480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3497.941950][ T6480] bond0 (unregistering): Released all slaves
[ 3497.960528][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3497.967818][ T1341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3497.975425][ T1341] bridge_slave_1: entered allmulticast mode
[ 3497.983578][ T1341] bridge_slave_1: entered promiscuous mode
[ 3497.994743][T19669] Bluetooth: hci0: command tx timeout
[ 3498.109159][ T1341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3498.156350][ T1341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3498.173593][T23462] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 3498.236563][ T1341] team0: Port device team_slave_0 added
[ 3498.249146][ T1341] team0: Port device team_slave_1 added
[ 3498.330364][ T1341] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3498.342604][ T1341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3498.391984][T23462] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3498.417244][T23462] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3498.418463][ T1341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3498.438924][T23462] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 3498.450550][T23462] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3498.457346][ T1341] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3498.468064][ T1341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3498.495239][T23462] usb 2-1: config 0 descriptor??
[ 3498.535028][ T1341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3498.618672][ T6480] hsr_slave_0: left promiscuous mode
[ 3498.677181][ T6480] hsr_slave_1: left promiscuous mode
[ 3498.711666][ T6480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3498.743849][ T6480] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3498.782292][ T6480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3498.789806][ T6480] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3498.888080][ T6480] veth1_macvtap: left promiscuous mode
[ 3498.918309][ T6480] veth0_macvtap: left promiscuous mode
[ 3498.928997][ T6480] veth1_vlan: left promiscuous mode
[ 3498.935786][ T6480] veth0_vlan: left promiscuous mode
[ 3498.946094][T23462] keytouch 0003:0926:3333.0047: fixing up Keytouch IEC report descriptor
[ 3498.982393][   T29] audit: type=1400 audit(1726109187.893:745): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1423 comm="syz.0.5669" daddr=ff01::1
[ 3498.991255][T23462] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0047/input/input56
[ 3499.148019][T23462] keytouch 0003:0926:3333.0047: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[ 3499.210300][T23462] usb 2-1: USB disconnect, device number 9
[ 3499.695274][T23462] usb 4-1: USB disconnect, device number 124
[ 3499.703067][T23462] ftdi_sio 4-1:0.0: device disconnected
[ 3499.844276][   T29] audit: type=1326 audit(1726109188.753:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1429 comm="syz.3.5672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f877def9 code=0x7ffc0000
[ 3500.098138][T19669] Bluetooth: hci0: command tx timeout
[ 3501.164465][ T6480] team0 (unregistering): Port device team_slave_1 removed
[ 3501.369493][ T6480] team0 (unregistering): Port device team_slave_0 removed
[ 3501.902776][  T662] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[ 3502.111102][  T662] usb 1-1: Using ep0 maxpacket: 16
[ 3502.119294][  T662] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3502.143890][  T662] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 3502.184760][  T662] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 3502.211568][  T662] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3502.236627][  T662] usb 1-1: config 0 descriptor??
[ 3502.686535][  T662] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0048/input/input57
[ 3502.828486][  T662] microsoft 0003:045E:07DA.0048: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[ 3503.034655][ T1452] tipc: Started in network mode
[ 3503.039587][ T1452] tipc: Node identity ac1414aa, cluster identity 4711
[ 3503.052364][ T1452] tipc: Enabled bearer <udp:syz2>, priority 10
[ 3503.087386][  T662] usb 1-1: USB disconnect, device number 115
[ 3503.259957][ T1341] hsr_slave_0: entered promiscuous mode
[ 3503.286044][ T1341] hsr_slave_1: entered promiscuous mode
[ 3503.296454][ T1341] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3503.312595][ T1341] Cannot create hsr debugfs directory
[ 3503.751276][  T662] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 3503.771104][ T9396] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 3503.943036][  T662] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3503.953059][ T9396] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3503.963757][  T662] usb 2-1: New USB device found, idVendor=056a, idProduct=0093, bcdDevice= 0.00
[ 3503.970653][ T9396] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3504.019681][  T662] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3504.019831][ T9396] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 3504.049611][ T9396] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[ 3504.056620][  T662] usb 2-1: config 0 descriptor??
[ 3504.065700][T23462] tipc: Node number set to 2886997162
[ 3504.127461][ T9396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3504.163033][ T9396] usb 4-1: config 0 descriptor??
[ 3504.422136][ T1341] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 3504.441227][T23462] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 3504.444641][ T1341] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 3504.479395][ T1341] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 3504.509034][ T1341] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 3504.526904][  T662] wacom 0003:056A:0093.0049: unknown main item tag 0xd
[ 3504.568485][  T662] wacom 0003:056A:0093.0049: hidraw0: USB HID v0.00 Device [HID 056a:0093] on usb-dummy_hcd.1-1/input0
[ 3504.619142][ T9396] logitech 0003:046D:C293.004A: item fetching failed at offset 5/7
[ 3504.660077][ T9396] logitech 0003:046D:C293.004A: parse failed
[ 3504.671347][ T9396] logitech 0003:046D:C293.004A: probe with driver logitech failed with error -22
[ 3504.675881][T23462] usb 1-1: Using ep0 maxpacket: 16
[ 3504.753123][T23462] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3504.773712][ T1341] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3504.781949][T23462] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[ 3504.808118][ T1341] 8021q: adding VLAN 0 to HW filter on device team0
[ 3504.817209][T23462] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[ 3504.847497][ T1399] usb 2-1: USB disconnect, device number 10
[ 3504.852514][T23462] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 3504.853907][ T9396] usb 4-1: USB disconnect, device number 125
[ 3504.891430][ T9176] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3504.898730][ T9176] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3504.926589][T23462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 3504.958879][ T1474] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 3504.978079][T22199] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3504.985361][T22199] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3505.012307][T23462] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[ 3505.099564][ T1341] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 3505.211369][T23462] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[ 3505.261660][T23462] usb 1-1: USB disconnect, device number 116
[ 3505.609453][ T1341] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3505.771245][T31084] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 3505.804872][ T1509] syz.1.5692[1509] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3505.805030][ T1509] syz.1.5692[1509] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 3505.816540][ T1341] veth0_vlan: entered promiscuous mode
[ 3506.006972][T31084] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 3506.089302][T31084] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 3506.110076][ T1341] veth1_vlan: entered promiscuous mode
[ 3506.131909][T31084] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 3611.540891][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 3611.547900][    C0] rcu: 	1-...!: (1 GPs behind) idle=a91c/1/0x4000000000000000 softirq=185713/185714 fqs=0
[ 3611.559847][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P1515/2:b..l P2548/1:b..l
[ 3611.568926][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=236505, q=265 ncpus=2)
[ 3611.576743][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 3611.581961][    C1] NMI backtrace for cpu 1
[ 3611.581981][    C1] CPU: 1 UID: 0 PID: 1509 Comm: syz.1.5692 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3611.582001][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3611.582015][    C1] RIP: 0010:preempt_count_add+0x147/0x190
[ 3611.582043][    C1] Code: c0 d9 0f 9a 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff 48 c7 c7 c0 d9 0f 9a e8 f5 ae 94 00 e9 ed fe ff ff 48 c7 c1 c0 d9 0f 9a <80> e1 07 80 c1 03 38 c1 0f 8c 07 ff ff ff 48 c7 c7 c0 d9 0f 9a e8
[ 3611.582057][    C1] RSP: 0018:ffffc90000a18b80 EFLAGS: 00000002
[ 3611.582072][    C1] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffffffff9a0fd9c0
[ 3611.582084][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 3611.582094][    C1] RBP: ffffc90000a18c30 R08: ffffc90000a18c8f R09: 0000000000000000
[ 3611.582106][    C1] R10: ffffc90000a18c80 R11: fffff52000143192 R12: 0000000000000046
[ 3611.582118][    C1] R13: 1ffff92000143174 R14: ffffffff9a31cfb8 R15: dffffc0000000000
[ 3611.582131][    C1] FS:  00007f2f4f77d6c0(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000
[ 3611.582146][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3611.582158][    C1] CR2: 0000001b2de0eff8 CR3: 0000000067a8a000 CR4: 00000000003506f0
[ 3611.582173][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3611.582183][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3611.582194][    C1] Call Trace:
[ 3611.582202][    C1]  <NMI>
[ 3611.582212][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 3611.582237][    C1]  ? __pfx_lock_acquire+0x10/0x10
[ 3611.582281][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 3611.582301][    C1]  ? nmi_handle+0x2a/0x5a0
[ 3611.582327][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 3611.582348][    C1]  ? nmi_handle+0x14f/0x5a0
[ 3611.582364][    C1]  ? nmi_handle+0x2a/0x5a0
[ 3611.582380][    C1]  ? preempt_count_add+0x147/0x190
[ 3611.582399][    C1]  ? default_do_nmi+0x63/0x160
[ 3611.582421][    C1]  ? exc_nmi+0x123/0x1f0
[ 3611.582441][    C1]  ? end_repeat_nmi+0xf/0x53
[ 3611.582470][    C1]  ? preempt_count_add+0x147/0x190
[ 3611.582490][    C1]  ? preempt_count_add+0x147/0x190
[ 3611.582510][    C1]  ? preempt_count_add+0x147/0x190
[ 3611.582530][    C1]  </NMI>
[ 3611.582536][    C1]  <IRQ>
[ 3611.582543][    C1]  _raw_spin_lock_irqsave+0xba/0x120
[ 3611.582568][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 3611.582597][    C1]  debug_object_deactivate+0x158/0x390
[ 3611.582618][    C1]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 3611.582637][    C1]  ? timerqueue_add+0x260/0x290
[ 3611.582657][    C1]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 3611.582684][    C1]  debug_deactivate+0x1b/0x220
[ 3611.582703][    C1]  __hrtimer_run_queues+0x305/0xd50
[ 3611.582721][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[ 3611.582753][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 3611.582772][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[ 3611.582797][    C1]  hrtimer_interrupt+0x396/0x990
[ 3611.582828][    C1]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 3611.582854][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 3611.582881][    C1]  </IRQ>
[ 3611.582886][    C1]  <TASK>
[ 3611.582892][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 3611.582913][    C1] RIP: 0010:finish_task_switch+0x1ea/0x870
[ 3611.582931][    C1] Code: c9 50 e8 d9 b6 0b 00 48 83 c4 08 4c 89 f7 e8 7d 38 00 00 0f 1f 44 00 00 4c 89 f7 e8 00 0e 57 0a e8 cb db 36 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
[ 3611.582944][    C1] RSP: 0018:ffffc9000d7a71e8 EFLAGS: 00000282
[ 3611.582958][    C1] RAX: 57ab4ebfc15b3400 RBX: ffff88802b98da00 RCX: ffffffff9a0fd903
[ 3611.582970][    C1] RDX: dffffc0000000000 RSI: ffffffff8bead560 RDI: ffffffff8c3fbb00
[ 3611.582983][    C1] RBP: ffffc9000d7a7230 R08: ffffffff8ff749af R09: 1ffffffff1fee935
[ 3611.582995][    C1] R10: dffffc0000000000 R11: fffffbfff1fee936 R12: 1ffff11017127ee3
[ 3611.583008][    C1] R13: dffffc0000000000 R14: ffff8880b893e980 R15: ffff8880b893f718
[ 3611.583030][    C1]  ? finish_task_switch+0x1e5/0x870
[ 3611.583050][    C1]  __schedule+0x17b6/0x4a10
[ 3611.583086][    C1]  ? __pfx___schedule+0x10/0x10
[ 3611.583111][    C1]  ? __pfx_lock_release+0x10/0x10
[ 3611.583141][    C1]  ? schedule+0x90/0x320
[ 3611.583163][    C1]  schedule+0x14b/0x320
[ 3611.583187][    C1]  schedule_timeout+0xb0/0x310
[ 3611.583208][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 3611.583234][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 3611.583252][    C1]  ? prepare_to_wait_exclusive+0x81/0x220
[ 3611.583283][    C1]  unix_wait_for_peer+0x250/0x340
[ 3611.583302][    C1]  ? __pfx_unix_wait_for_peer+0x10/0x10
[ 3611.583318][    C1]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 3611.583340][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 3611.583358][    C1]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 3611.583378][    C1]  ? bpf_lsm_unix_may_send+0x9/0x10
[ 3611.583401][    C1]  unix_dgram_sendmsg+0x127f/0x1f80
[ 3611.583433][    C1]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 3611.583449][    C1]  ? iovec_from_user+0x61/0x240
[ 3611.583475][    C1]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 3611.583495][    C1]  ? security_socket_sendmsg+0x87/0xb0
[ 3611.583514][    C1]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[ 3611.583530][    C1]  __sock_sendmsg+0x221/0x270
[ 3611.583548][    C1]  ____sys_sendmsg+0x525/0x7d0
[ 3611.583575][    C1]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 3611.583600][    C1]  ? __might_fault+0xaa/0x120
[ 3611.583622][    C1]  __sys_sendmmsg+0x3b2/0x740
[ 3611.583648][    C1]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 3611.583686][    C1]  ? wake_up_q+0xdc/0x120
[ 3611.583708][    C1]  ? futex_wait+0x285/0x360
[ 3611.583732][    C1]  ? __pfx_futex_wait+0x10/0x10
[ 3611.583766][    C1]  ? do_futex+0x33b/0x560
[ 3611.583799][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3611.583823][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3611.583845][    C1]  ? do_syscall_64+0x100/0x230
[ 3611.583864][    C1]  __x64_sys_sendmmsg+0xa0/0xb0
[ 3611.583887][    C1]  do_syscall_64+0xf3/0x230
[ 3611.583905][    C1]  ? clear_bhb_loop+0x35/0x90
[ 3611.583926][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3611.583946][    C1] RIP: 0033:0x7f2f4e97def9
[ 3611.583962][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 3611.583976][    C1] RSP: 002b:00007f2f4f77d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 3611.583991][    C1] RAX: ffffffffffffffda RBX: 00007f2f4eb35f80 RCX: 00007f2f4e97def9
[ 3611.584004][    C1] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000008
[ 3611.584014][    C1] RBP: 00007f2f4e9f0b76 R08: 0000000000000000 R09: 0000000000000000
[ 3611.584025][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3611.584035][    C1] R13: 0000000000000000 R14: 00007f2f4eb35f80 R15: 00007fff60123d28
[ 3611.584055][    C1]  </TASK>
[ 3611.584954][    C0] task:kworker/u8:7    state:R  running task     stack:18640 pid:2548  tgid:2548  ppid:2      flags:0x00004000
[ 3612.245412][    C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[ 3612.253242][    C0] Call Trace:
[ 3612.256526][    C0]  <TASK>
[ 3612.259468][    C0]  __schedule+0x17ae/0x4a10
[ 3612.263998][    C0]  ? rcu_is_watching+0x15/0xb0
[ 3612.268833][    C0]  ? __pfx___schedule+0x10/0x10
[ 3612.273808][    C0]  ? __mod_timer+0xb89/0xeb0
[ 3612.278417][    C0]  ? __pfx___schedule+0x10/0x10
[ 3612.283291][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3612.289296][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[ 3612.294601][    C0]  preempt_schedule_irq+0xfb/0x1c0
[ 3612.299730][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 3612.305462][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3612.311814][    C0]  irqentry_exit+0x5e/0x90
[ 3612.316252][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 3612.321724][    C0] RIP: 0010:batadv_iv_ogm_schedule+0xa0d/0x10a0
[ 3612.328061][    C0] Code: 30 48 c1 e8 03 48 89 44 24 60 49 c7 c7 40 ce 50 9a 49 8d 5e 78 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 08 48 89 df e8 c9 7c 81 f6 48 8b 1b 48 b8 00 00 00 00 00 fc ff
[ 3612.347672][    C0] RSP: 0018:ffffc9000933f9c0 EFLAGS: 00000246
[ 3612.353751][    C0] RAX: 1ffff1100cde9b0f RBX: ffff888066f4d878 RCX: dffffc0000000000
[ 3612.361729][    C0] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000001
[ 3612.369711][    C0] RBP: ffffc9000933faf8 R08: ffffffff8b76357c R09: 1ffff11002329104
[ 3612.377687][    C0] R10: dffffc0000000000 R11: ffffed1002329105 R12: ffff8880675c7878
[ 3612.385666][    C0] R13: ffff8880675c7800 R14: ffff888066f4d800 R15: ffffffff9a50ce40
[ 3612.393658][    C0]  ? batadv_iv_ogm_schedule+0xcbc/0x10a0
[ 3612.399324][    C0]  ? batadv_iv_ogm_schedule+0x8bb/0x10a0
[ 3612.405068][    C0]  ? __pfx_batadv_iv_ogm_schedule+0x10/0x10
[ 3612.410970][    C0]  ? batadv_send_skb_packet+0x41b/0x670
[ 3612.416538][    C0]  batadv_iv_send_outstanding_bat_ogm_packet+0x6fe/0x810
[ 3612.423597][    C0]  ? process_scheduled_works+0x945/0x1830
[ 3612.429329][    C0]  process_scheduled_works+0xa2c/0x1830
[ 3612.434919][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3612.440920][    C0]  ? assign_work+0x364/0x3d0
[ 3612.445527][    C0]  worker_thread+0x86d/0xd10
[ 3612.450140][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3612.456057][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 3612.461120][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3612.466261][    C0]  kthread+0x2f0/0x390
[ 3612.470353][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3612.475482][    C0]  ? __pfx_kthread+0x10/0x10
[ 3612.480093][    C0]  ret_from_fork+0x4b/0x80
[ 3612.484528][    C0]  ? __pfx_kthread+0x10/0x10
[ 3612.489132][    C0]  ret_from_fork_asm+0x1a/0x30
[ 3612.493939][    C0]  </TASK>
[ 3612.496971][    C0] task:syz.0.5693      state:R  running task     stack:23800 pid:1515  tgid:1512  ppid:877    flags:0x00000000
[ 3612.508719][    C0] Call Trace:
[ 3612.512004][    C0]  <TASK>
[ 3612.514945][    C0]  __schedule+0x17ae/0x4a10
[ 3612.519479][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.524708][    C0]  ? page_ext_get+0x1d6/0x2a0
[ 3612.529410][    C0]  ? __pfx___schedule+0x10/0x10
[ 3612.534291][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3612.540308][    C0]  ? preempt_schedule_irq+0xf0/0x1c0
[ 3612.545619][    C0]  preempt_schedule_irq+0xfb/0x1c0
[ 3612.550749][    C0]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 3612.556502][    C0]  irqentry_exit+0x5e/0x90
[ 3612.560929][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 3612.566936][    C0] RIP: 0010:lock_acquire+0x264/0x550
[ 3612.572234][    C0] Code: 2b 00 74 08 4c 89 f7 e8 7a e1 87 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[ 3612.591848][    C0] RSP: 0018:ffffc90003ede8c0 EFLAGS: 00000206
[ 3612.597927][    C0] RAX: 0000000000000001 RBX: 1ffff920007dbd24 RCX: 3fb300976daf0e00
[ 3612.605905][    C0] RDX: dffffc0000000000 RSI: ffffffff8beae6e0 RDI: ffffffff8c3fbb00
[ 3612.614059][    C0] RBP: ffffc90003edea08 R08: ffffffff93fa6847 R09: 1ffffffff27f4d08
[ 3612.622044][    C0] R10: dffffc0000000000 R11: fffffbfff27f4d09 R12: 1ffff920007dbd20
[ 3612.630020][    C0] R13: dffffc0000000000 R14: ffffc90003ede920 R15: 0000000000000246
[ 3612.638025][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 3612.643060][    C0]  ? deref_stack_reg+0x1c7/0x260
[ 3612.648023][    C0]  ? __read_once_word_nocheck+0x9/0x20
[ 3612.653605][    C0]  ? deref_stack_reg+0x1c7/0x260
[ 3612.658590][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 3612.664772][    C0]  is_bpf_text_address+0x46/0x2a0
[ 3612.669814][    C0]  ? is_bpf_text_address+0x26/0x2a0
[ 3612.675039][    C0]  ? is_bpf_text_address+0x26/0x2a0
[ 3612.680266][    C0]  ? is_module_text_address+0x128/0x190
[ 3612.685938][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 3612.692205][    C0]  kernel_text_address+0xa7/0xe0
[ 3612.697156][    C0]  __kernel_text_address+0xd/0x40
[ 3612.702188][    C0]  unwind_get_return_address+0x5d/0xc0
[ 3612.707660][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3612.713743][    C0]  arch_stack_walk+0x125/0x1b0
[ 3612.718530][    C0]  stack_trace_save+0x118/0x1d0
[ 3612.723396][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 3612.728792][    C0]  save_stack+0xfb/0x1f0
[ 3612.733045][    C0]  ? __pfx_save_stack+0x10/0x10
[ 3612.737904][    C0]  ? free_unref_page+0xd19/0xea0
[ 3612.742867][    C0]  ? vfree+0x186/0x2e0
[ 3612.746964][    C0]  ? bpf_prog_calc_tag+0x663/0x900
[ 3612.752104][    C0]  ? resolve_pseudo_ldimm64+0xdf/0x16a0
[ 3612.757670][    C0]  ? bpf_check+0x6520/0x19630
[ 3612.762358][    C0]  ? bpf_prog_load+0x1667/0x20f0
[ 3612.767308][    C0]  ? __sys_bpf+0x4ee/0x810
[ 3612.771736][    C0]  ? __x64_sys_bpf+0x7c/0x90
[ 3612.776332][    C0]  ? do_syscall_64+0xf3/0x230
[ 3612.781030][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3612.787122][    C0]  ? page_ext_get+0x20/0x2a0
[ 3612.791725][    C0]  __reset_page_owner+0x76/0x430
[ 3612.796683][    C0]  ? mod_memcg_page_state+0x4ae/0x770
[ 3612.802164][    C0]  free_unref_page+0xd19/0xea0
[ 3612.806946][    C0]  vfree+0x186/0x2e0
[ 3612.811030][    C0]  bpf_prog_calc_tag+0x663/0x900
[ 3612.815981][    C0]  ? bpf_check+0xc9b/0x19630
[ 3612.820575][    C0]  ? bpf_prog_load+0x1667/0x20f0
[ 3612.825522][    C0]  ? __sys_bpf+0x4ee/0x810
[ 3612.830044][    C0]  ? __pfx_bpf_prog_calc_tag+0x10/0x10
[ 3612.835632][    C0]  resolve_pseudo_ldimm64+0xdf/0x16a0
[ 3612.841057][    C0]  ? __pfx_check_attach_btf_id+0x10/0x10
[ 3612.846698][    C0]  ? __pfx_resolve_pseudo_ldimm64+0x10/0x10
[ 3612.852597][    C0]  ? check_subprogs+0x541/0x610
[ 3612.857466][    C0]  bpf_check+0x6520/0x19630
[ 3612.861982][    C0]  ? mark_lock+0x9a/0x350
[ 3612.866330][    C0]  ? __lock_acquire+0x137a/0x2040
[ 3612.871374][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.876327][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.881544][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.886488][    C0]  ? mark_lock+0x9a/0x350
[ 3612.890834][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.895786][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.900911][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.905869][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.910817][    C0]  ? __pfx_bpf_check+0x10/0x10
[ 3612.915586][    C0]  ? validate_chain+0x11e/0x5900
[ 3612.920529][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.925732][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.930946][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.936166][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.941379][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 3612.946589][    C0]  ? __lock_acquire+0x137a/0x2040
[ 3612.951629][    C0]  ? mark_lock+0x9a/0x350
[ 3612.955978][    C0]  ? mark_lock+0x9a/0x350
[ 3612.960323][    C0]  ? __lock_acquire+0x137a/0x2040
[ 3612.965392][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 3612.970437][    C0]  ? timekeeping_get_ns+0x5c/0x420
[ 3612.975583][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3612.981596][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3612.987970][    C0]  ? timekeeping_get_ns+0x5c/0x420
[ 3612.993112][    C0]  ? seqcount_lockdep_reader_access+0x157/0x220
[ 3612.999373][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 3613.004582][    C0]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 3613.010833][    C0]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 3613.017429][    C0]  ? ktime_get_with_offset+0x83/0x150
[ 3613.022811][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 3613.028039][    C0]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 3613.034292][    C0]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 3613.040896][    C0]  ? read_tsc+0x9/0x20
[ 3613.044976][    C0]  ? timekeeping_get_ns+0x2c0/0x420
[ 3613.050198][    C0]  ? bpf_obj_name_cpy+0x18a/0x1d0
[ 3613.055236][    C0]  ? bpf_lsm_bpf_prog_load+0x9/0x10
[ 3613.060443][    C0]  ? security_bpf_prog_load+0x87/0xb0
[ 3613.065835][    C0]  bpf_prog_load+0x1667/0x20f0
[ 3613.070629][    C0]  ? __pfx_bpf_prog_load+0x10/0x10
[ 3613.075750][    C0]  ? __pfx___might_resched+0x10/0x10
[ 3613.081063][    C0]  ? __might_fault+0xc6/0x120
[ 3613.085747][    C0]  ? bpf_lsm_bpf+0x9/0x10
[ 3613.090080][    C0]  ? security_bpf+0x87/0xb0
[ 3613.094684][    C0]  __sys_bpf+0x4ee/0x810
[ 3613.098946][    C0]  ? __pfx___sys_bpf+0x10/0x10
[ 3613.103739][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3613.109732][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3613.116077][    C0]  ? do_syscall_64+0x100/0x230
[ 3613.120853][    C0]  __x64_sys_bpf+0x7c/0x90
[ 3613.125278][    C0]  do_syscall_64+0xf3/0x230
[ 3613.129830][    C0]  ? clear_bhb_loop+0x35/0x90
[ 3613.134574][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3613.140475][    C0] RIP: 0033:0x7f26b717def9
[ 3613.144894][    C0] RSP: 002b:00007f26b7fd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 3613.153321][    C0] RAX: ffffffffffffffda RBX: 00007f26b7335f80 RCX: 00007f26b717def9
[ 3613.161307][    C0] RDX: 0000000000000090 RSI: 00000000200000c0 RDI: 0000000000000005
[ 3613.169370][    C0] RBP: 00007f26b71f0b76 R08: 0000000000000000 R09: 0000000000000000
[ 3613.177344][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3613.185317][    C0] R13: 0000000000000000 R14: 00007f26b7335f80 R15: 00007fff0da80d38
[ 3613.193334][    C0]  </TASK>
[ 3613.196445][    C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g236505 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 3613.207730][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 3613.217696][    C0] rcu: RCU grace-period kthread stack dump:
[ 3613.223583][    C0] task:rcu_preempt     state:R  running task     stack:24720 pid:17    tgid:17    ppid:2      flags:0x00004000
[ 3613.235330][    C0] Call Trace:
[ 3613.238611][    C0]  <TASK>
[ 3613.241551][    C0]  __schedule+0x17ae/0x4a10
[ 3613.246094][    C0]  ? __pfx___schedule+0x10/0x10
[ 3613.250967][    C0]  ? __pfx_lock_release+0x10/0x10
[ 3613.256008][    C0]  ? __asan_memset+0x23/0x50
[ 3613.260619][    C0]  ? __pfx_lockdep_init_map_type+0x10/0x10
[ 3613.266444][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3613.272871][    C0]  ? schedule+0x90/0x320
[ 3613.277133][    C0]  schedule+0x14b/0x320
[ 3613.281404][    C0]  schedule_timeout+0x1be/0x310
[ 3613.286264][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 3613.291651][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 3613.296951][    C0]  ? prepare_to_swait_event+0x32e/0x350
[ 3613.302509][    C0]  rcu_gp_fqs_loop+0x2df/0x1330
[ 3613.307369][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[ 3613.312573][    C0]  ? rcu_gp_init+0x1256/0x1630
[ 3613.317352][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[ 3613.322383][    C0]  ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10
[ 3613.328459][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 3613.333753][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3613.339666][    C0]  ? finish_swait+0xd4/0x1e0
[ 3613.344271][    C0]  rcu_gp_kthread+0xa7/0x3b0
[ 3613.348875][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 3613.354079][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3613.359992][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 3613.365036][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 3613.370329][    C0]  kthread+0x2f0/0x390
[ 3613.374413][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 3613.379705][    C0]  ? __pfx_kthread+0x10/0x10
[ 3613.384310][    C0]  ret_from_fork+0x4b/0x80
[ 3613.388739][    C0]  ? __pfx_kthread+0x10/0x10
[ 3613.393341][    C0]  ret_from_fork_asm+0x1a/0x30
[ 3613.398136][    C0]  </TASK>
[ 3613.401160][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 3613.407480][    C0] CPU: 0 UID: 0 PID: 1033 Comm: kworker/u8:12 Not tainted 6.11.0-rc7-syzkaller-00021-g7c6a3a65ace7 #0
[ 3613.418517][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 3613.428577][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 3613.435097][    C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0
[ 3613.441874][    C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 39 18 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 e4 13 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 c8 13
[ 3613.461489][    C0] RSP: 0018:ffffc9000935f700 EFLAGS: 00000293
[ 3613.467566][    C0] RAX: ffffffff81877898 RBX: 1ffff110171288e9 RCX: ffff88805cf9da00
[ 3613.475548][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 3613.483541][    C0] RBP: ffffc9000935f8e0 R08: ffffffff81877867 R09: 1ffffffff27f4d08
[ 3613.491549][    C0] R10: dffffc0000000000 R11: fffffbfff27f4d09 R12: dffffc0000000000
[ 3613.499535][    C0] R13: ffff8880b8944748 R14: ffff8880b883fb00 R15: 0000000000000001
[ 3613.507515][    C0] FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[ 3613.516453][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3613.523044][    C0] CR2: 00007f26b7fb0d58 CR3: 000000000e534000 CR4: 00000000003506f0
[ 3613.531048][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3613.539158][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3613.547147][    C0] Call Trace:
[ 3613.550433][    C0]  <IRQ>
[ 3613.553288][    C0]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[ 3613.559643][    C0]  ? print_other_cpu_stall+0x1470/0x15a0
[ 3613.565387][    C0]  ? __pfx_print_other_cpu_stall+0x10/0x10
[ 3613.571206][    C0]  ? __pfx_lock_release+0x10/0x10
[ 3613.576255][    C0]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[ 3613.582531][    C0]  ? rcu_sched_clock_irq+0xa2c/0x10d0
[ 3613.587953][    C0]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 3613.593613][    C0]  ? hrtimer_run_queues+0x16c/0x460
[ 3613.598843][    C0]  ? acct_account_cputime+0x207/0x210
[ 3613.604259][    C0]  ? update_process_times+0x1ce/0x230
[ 3613.609662][    C0]  ? tick_nohz_handler+0x37c/0x500
[ 3613.614790][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 3613.620266][    C0]  ? __hrtimer_run_queues+0x551/0xd50
[ 3613.625655][    C0]  ? ktime_get_update_offsets_now+0x3c/0x250
[ 3613.631662][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 3613.637398][    C0]  ? ktime_get_update_offsets_now+0x22d/0x250
[ 3613.643483][    C0]  ? hrtimer_interrupt+0x396/0x990
[ 3613.648650][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 3613.654845][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[ 3613.660701][    C0]  </IRQ>
[ 3613.663650][    C0]  <TASK>
[ 3613.666585][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 3613.672762][    C0]  ? smp_call_function_many_cond+0x1847/0x29d0
[ 3613.678951][    C0]  ? smp_call_function_many_cond+0x1878/0x29d0
[ 3613.685133][    C0]  ? smp_call_function_many_cond+0x1860/0x29d0
[ 3613.691302][    C0]  ? kmem_cache_alloc_bulk_noprof+0x146/0x790
[ 3613.697459][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 3613.702494][    C0]  ? kmem_cache_alloc_bulk_noprof+0x146/0x790
[ 3613.708591][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 3613.714925][    C0]  ? __pfx___might_resched+0x10/0x10
[ 3613.720220][    C0]  ? __mutex_trylock_common+0x183/0x2e0
[ 3613.725798][    C0]  ? __pfx___might_resched+0x10/0x10
[ 3613.731138][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 3613.736178][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[ 3613.741305][    C0]  text_poke_bp_batch+0x352/0xb30
[ 3613.746352][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 3613.751916][    C0]  ? __pfx___mutex_lock+0x10/0x10
[ 3613.756956][    C0]  ? arch_jump_label_transform_queue+0x9b/0x100
[ 3613.763217][    C0]  text_poke_finish+0x30/0x50
[ 3613.767902][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 3613.773903][    C0]  static_key_enable_cpuslocked+0x136/0x260
[ 3613.779818][    C0]  static_key_enable+0x1a/0x20
[ 3613.784591][    C0]  toggle_allocation_gate+0xb5/0x250
[ 3613.789900][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 3613.795804][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 3613.802155][    C0]  ? process_scheduled_works+0x945/0x1830
[ 3613.807886][    C0]  process_scheduled_works+0xa2c/0x1830
[ 3613.813473][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3613.819470][    C0]  ? assign_work+0x364/0x3d0
[ 3613.824164][    C0]  worker_thread+0x86d/0xd10
[ 3613.828773][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3613.834684][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 3613.839725][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3613.844848][    C0]  kthread+0x2f0/0x390
[ 3613.848944][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3613.854067][    C0]  ? __pfx_kthread+0x10/0x10
[ 3613.858676][    C0]  ret_from_fork+0x4b/0x80
[ 3613.863107][    C0]  ? __pfx_kthread+0x10/0x10
[ 3613.867711][    C0]  ret_from_fork_asm+0x1a/0x30
[ 3613.872502][    C0]  </TASK>