last executing test programs:

3m42.59613035s ago: executing program 2 (id=83):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket(0x1, 0x803, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r4, 0x1)
r5 = dup(r4)
ioctl$EVIOCGRAB(r5, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0))

3m41.179928868s ago: executing program 2 (id=89):
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x7fffffff, @dev={0xfe, 0x80, '\x00', 0x13}, 0xffffff7f}, 0x1c)
openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0xd83})
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640), 0x41, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
writev(r0, &(0x7f0000000880)=[{&(0x7f0000003440)="0600000000000000839dda8b05257a6d6136e19271de93a120d8af19df66cf6039f1f64c7b9f823dfcd870324392314a3c965f000b25fd7da27c50794c07ca8a4809c5b5ba2f2b5c2a399a164cbe8323c843c21f05bef0f6daffa4bac0373c194da474fa0b72473e", 0x68}], 0x1)
recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000040)=@xdp, 0x80, &(0x7f0000000500)=[{&(0x7f0000000180)=""/198, 0xc6}, {0x0}, {&(0x7f0000000100)=""/23, 0x17}, {&(0x7f0000000380)=""/208, 0xd0}, {&(0x7f0000000480)=""/105, 0x69}, {&(0x7f0000000280)=""/62, 0x3e}], 0x6, &(0x7f0000000580)=""/158, 0x9e}, 0x2}], 0x1, 0x40014102, &(0x7f0000000680))
syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6004000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="000000006da70000"], 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x19, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r5, 0x2000300, 0xe, 0x0, &(0x7f0000000680)="63ec04ce0c6d6e46dc3f0adf3389", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000006c0)={0xffffffffffffffff, 0x2, 0x20}, 0xc)

3m37.577330336s ago: executing program 2 (id=98):
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r2, 0x40045431, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000000, 0x50, 0xffffffffffffffff, 0x2a9ea000)
mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r3 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r3, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r4, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000800004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x700)
listen(r3, 0x2)
r5 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000018010040"])
setsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f0000000000)=0x930c, 0x4)
getsockopt$inet_sctp6_SCTP_NODELAY(r3, 0x84, 0x3, 0x0, 0x0)

3m35.126181387s ago: executing program 2 (id=103):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
utime(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2a00, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r3, 0x1, 0x0, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
socket$nl_generic(0x10, 0x3, 0x10)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r1, 0x40184150, &(0x7f00000000c0)={0x0, &(0x7f0000000080)="92325a842cd271b92af5becc2f66a50a8d72f996486b8ca571d1944bef590eaf3c10ab56", 0x24})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz1\x00', 0x200002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0)
r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv2(r4, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x1401, 0x1}, 0x10}}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$BTRFS_IOC_GET_FEATURES(r6, 0x80189439, &(0x7f0000000140))
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000100)={0x0, 0x81, 0x4})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f00000001c0)={@val, @void, @eth={@empty, @dev, @val={@void, {0x8100, 0x4, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2000, 0x0, 0x32, 0x0, @rand_addr=0x64010102, @multicast2}, {0x4e23, 0x4e24, 0x8}}}}}}, 0x32)
r8 = socket(0x22, 0x2, 0x2)
bind$bt_hci(r8, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
syz_usb_connect(0x6, 0x2d, &(0x7f0000000240)=ANY=[], 0x0)

3m33.016068594s ago: executing program 2 (id=110):
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004885)
prctl$PR_SCHED_CORE(0x3e, 0x8000001, 0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f00000001c0)=[{&(0x7f0000000200)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@restrict, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, 0x0, 0x46, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28)

3m31.905390925s ago: executing program 2 (id=112):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket(0x1, 0x803, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r4, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0))

3m31.602652062s ago: executing program 32 (id=112):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
socket(0x1, 0x803, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r4, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0))

14.688101457s ago: executing program 1 (id=622):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3d5", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="780000001000030427bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a5fdad88000000003c0012800b00010067656e65766500002c000280060005004e240000080001000300000004000600060005004e2200000500030005000000040006000a000100aa"], 0x78}}, 0x20048004)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

13.527918275s ago: executing program 3 (id=626):
syz_usb_connect(0x5, 0x59, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202"], 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000000000)=0x1000, 0x4)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x78, 0x0, 0x7e0, {0x7, 0x1e54, 0x0, {0x2, 0xfffffffffffffffc, 0x4, 0x6, 0x200000000, 0x0, 0x2, 0x9, 0x5, 0x2000, 0x1000, 0x0, 0x0, 0x1ff, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, &(0x7f0000000540)=0x2, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x38, r1, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16ad}], @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{0xc, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x810}, 0x4000)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000340)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000000c0)=@chain)
r5 = signalfd(r2, &(0x7f0000000100), 0x8)
ioctl$EVIOCGBITSND(r5, 0x80404532, &(0x7f0000000140)=""/122)
keyctl$restrict_keyring(0x1d, r4, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x8, 0x0)
get_mempolicy(0x0, 0x0, 0x203, &(0x7f0000394000/0x3000)=nil, 0x2)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0)

13.388831017s ago: executing program 1 (id=629):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
write$char_usb(r0, &(0x7f00000008c0)='-0', 0x2)
r1 = syz_open_dev$dri(&(0x7f00000002c0), 0x0, 0x22000)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f0000000340)={0x0, 0x3, 0xb, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4000000000000007910480000000000710000000000000095007400000000000389c0dc1b1e8fcc938d01cf519bb9961bd83651f709c94ff5ae1b8970b266a297034656858dc13d3dc6e7203903445d797181deb467614fe3"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x37)
r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582ec54510b000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT=0x0], 0x0)
syz_usb_ep_write(r2, 0x8d, 0x41, &(0x7f00000001c0)="d0be166e5e8b26a5e6b39aa93e00d43ec7e813e40b8fcad530f5176b71ef3ac478184911afdd2a979d4c5b7fccca3f0c6871b5032e4727642967374587861ca6bd")

10.947292858s ago: executing program 3 (id=636):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
tee(r0, r1, 0x2, 0x5)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r2, {0xfffffffe}}, './file0\x00'})
sendmsg$SMC_PNETID_ADD(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x14, r3, 0x1, 0x3}, 0xffffffffffffff8d}}, 0x80)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r5, 0x40043311, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f0000000780), r6)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0xb05, 0x1866, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x2, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0xc6, 0x1, 0x3, 0x1, 0x0, 0x1, {0x9, 0x21, 0xffff, 0x4, 0x1, {0x22, 0x83d}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xb3, 0x8, 0x80}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0xeb, 0x40, 0x9}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x250, 0x9, 0x2, 0xf, 0xff, 0x7}, 0x93, &(0x7f00000001c0)={0x5, 0xf, 0x93, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xa, 0x58, 0xcc, 0x2}, @ssp_cap={0x18, 0x10, 0xa, 0x9, 0x3, 0xffff, 0x7700, 0x2, [0x0, 0xc0cf, 0xfe1f30]}, @generic={0x5a, 0x10, 0x1, "05f3dde0d6db9033e492ba893d3c3695d5248725b7d6d85d9f6951c1384a82fca2fcc46f16efe51363eeb2bf55eec768125952da421e41f1e23e3c3868fc4851231ad18b29dcd781ebd7c6b9a9496ad8689545be77bd7d"}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xe, 0x3, 0x9}, @wireless={0xb, 0x10, 0x1, 0x4, 0x2, 0x10, 0x7f, 0x0, 0x4}]}, 0x8, [{0x88, &(0x7f0000000340)=@string={0x88, 0x3, "ea7b2f66b97a231427871b85d6673dc53f61710291527ba03a8867b9586a7e511afd117f00102e73af1c730ba46241e6f7289d6dd60da9a462dc78fb12db0278a6a2b281bc40e28d140cb6c444549f65bae44c3b6a5ba693cd0a71e4c9e73fc58477b34c8ccc5aede37fb7c1a2696344fdf3d5d476dfba1f818b0fbe3bf2743c85e7d0eb4385"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x40a}}, {0xda, &(0x7f0000000400)=@string={0xda, 0x3, "def749eb231bcdf42526f1daeb655c9f51029c74f1a8753c181a94cdcd7dbd8fdf3f4092cacc5747928bfccc20ae9eb715b64e63dd87d85708b55d4dc14e9a5b9f109bb15e744beba22627435a8da6d73b73f7c8de41f8c99db15b5747aeabd760933418b4551d850113969e69165f4239ada4a1dc669568baacc98122c52704c42621ee88ec9f9edc90f284180962a8c5d60087e53bd2a16e4828f81046dad18a59eab42f31ea19bbae06c169e7bb159e80feae2c8fefff06aad67a572519f47fe40c762c7339238a9445f1712e4b796359162ab961bcdf"}}, {0x52, &(0x7f0000000500)=@string={0x52, 0x3, "3f55039731039e2638f80350ea1a037a952287249fb47814d062ec47932c322014dd3f6286dcaf2dd26fcb5f963559f82e6e196e5ae69b4e7725081dad8e4418e81d58806e6da5ed7b6ea9721a919cd7"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x437}}, {0xcd, &(0x7f0000000580)=@string={0xcd, 0x3, "bd987fdaadf6892eebf94809ed1ac40eeddedae472782573b93e79ec7297becee84522ebb3717c8beb9f62aa87332fc032b00aad3289ccecc843d170501d5165d7242d672a93f337c425846b5b85b0ff4022420f3f9a82a5f7f3fe64a5aceedec845cce123539c66aca2b1bdf36fd9a519bf6f8bff37dbe6dfdbf95064bab2ed28993ca435489f07a765254757f46a11d1b444b287f80f9423e69e879a419ac03e0f6bac2e376daceb66ea69a5599c4547614a70fa9c595314173113cc9ae815775b8f7d44608d4a259176"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x2009}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x2c09}}]})

9.999857124s ago: executing program 1 (id=638):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0x4)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0xe4e0328d4d0bc7fd, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff0000000071104d000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
sendmsg$NL80211_CMD_GET_WIPHY(r1, 0x0, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000500), 0x26002, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000580)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f00000005c0)={0x48, 0x1, r3, 0x0, 0x0, 0x8})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)={[{0x2b, 'cpuset'}, {0x2b, 'pids'}]}, 0xe)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
vmsplice(r5, &(0x7f0000000100)=[{&(0x7f0000000040)='2)sV', 0x4}, {&(0x7f00000003c0)="0d6612ec6266d3cb9bf5cb011361d4d1b80b936a9984c6b9ca7c0c4e2c15207dd2f008f84880f555f27939c2a3ed544e46426ad1d8117bebcedf5f32cbb596ee9b42e669a34b201c1dcfd3f33b91965c5e54edae7901feb44c25b70381ba8920c0f5d6ce76d3a0bb805b33e249a6a01ac8b5c488fc9307d2aa532834f5da3b7b77521b473dd19a24269cef1060b5d8c4927ac58479699f79d96a1e323faaede7fd3f893917e6bd9b9a03f28cddc9d7322e09c5bcc18ad253e38e5ce98c0be3b9f271b3e002275de51abdbfc173fa218a2afdc4c778d08e9185aecc8336c3280ba4ea82b7", 0xe4}, {&(0x7f0000000240)="665e072a10b9becde49b96136b3e2fb2305fd2982e831d386b5891a45d13c5715e069ebd45f2f52ccc8f737caaafa0c630cb4c601ce769f7414d95c668854a24969f14b4ba05d5479bba168ab86701baad1299e1381986d199a2dda6c007b3a8794abea538c84dfe9da6adba2a5b6c4f0894e21742", 0x75}], 0x3, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000200)=ANY=[@ANYRES32=r6, @ANYBLOB="c3ff90c787427123910000000000001c1912800900"], 0x3c}, 0x1, 0x0, 0x0, 0x24008051}, 0x40000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x1, [<r9=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000000))

7.839843075s ago: executing program 1 (id=642):
socket$packet(0x11, 0x3, 0x300)
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r1 = semget(0x1, 0x3, 0x204)
semctl$IPC_RMID(r1, 0x0, 0x0)
ioctl$CEC_S_MODE(r0, 0xc05c6104, &(0x7f0000000280))
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r2, &(0x7f0000001fc0)=""/176, 0xb0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0x4, &(0x7f0000000300)={&(0x7f0000000c40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELFLOWTABLE={0x3c, 0x18, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x164, 0x8, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x11c, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x7ff}]}}}, {0x44, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_XFRM_SPNUM={0x8}]}}}, {0x40, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xd}]}}}, {0x10, 0x1, 0x0, 0x1, @objref={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0x54, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x6f495bf1}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0xa08c}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HASH_SEED={0x8, 0x5, 0x1, 0x0, 0xeb}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HASH_TYPE={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xdbb3391bb0db03ea}}}, 0x1e8}, 0x1, 0x0, 0x0, 0x24000810}, 0x400d0)
sched_setscheduler(r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = syz_open_procfs(0x0, &(0x7f0000002400)='net/netstat\x00')
read$FUSE(r5, &(0x7f0000002500)={0x2020}, 0x2020)

7.78843719s ago: executing program 3 (id=643):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000740)={'gre0\x00', &(0x7f00000006c0)={'gretap0\x00', <r1=>0x0, 0x80, 0x10, 0x1, 0x6, {{0x17, 0x4, 0x1, 0x5, 0x5c, 0x65, 0x0, 0xfd, 0x2f, 0x0, @multicast2, @empty, {[@timestamp_addr={0x44, 0x24, 0x7b, 0x1, 0x6, [{@empty, 0x5}, {@loopback}, {@loopback, 0x4000000}, {@broadcast, 0x88}]}, @rr={0x7, 0x13, 0xcc, [@loopback, @empty, @remote, @local]}, @ra={0x94, 0x4}, @generic={0x82, 0xd, "ed80b12ed24e85f94c692a"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000880)={'syztnl2\x00', &(0x7f0000000780)={'gre0\x00', r1, 0x0, 0x1, 0x9, 0x200, {{0x34, 0x4, 0x3, 0x4, 0xd0, 0x67, 0x0, 0xda, 0x4, 0x0, @broadcast, @loopback, {[@lsrr={0x83, 0x17, 0xac, [@multicast2, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0x35}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x1c, 0x50, 0x1, 0x2, [{@private=0x8, 0xf}, {@local, 0x3}, {@rand_addr=0x64010100, 0x192e}]}, @noop, @timestamp_addr={0x44, 0x1c, 0x22, 0x1, 0x4, [{@dev={0xac, 0x14, 0x14, 0x14}, 0x8}, {@rand_addr=0x64010100, 0x7}, {@multicast1, 0x8}]}, @lsrr={0x83, 0x17, 0xf7, [@rand_addr=0x64010102, @rand_addr=0x64010102, @local, @empty, @multicast1]}, @noop, @noop, @timestamp_addr={0x44, 0x44, 0x15, 0x1, 0x5, [{@empty, 0x6}, {@remote, 0x5}, {@private=0xa010100, 0x800}, {@loopback, 0x1}, {@multicast1, 0xab}, {@loopback, 0x9}, {@multicast1, 0xfffffffa}, {@empty, 0xffffffff}]}, @ssrr={0x89, 0xb, 0xde, [@broadcast, @remote]}]}}}}})
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000540)=""/114, 0x0, 0x800, 0x8}, 0x20)

7.548644747s ago: executing program 3 (id=646):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
r1 = syz_io_uring_setup(0x31c7, &(0x7f0000000400)={0x0, 0x0, 0x2}, &(0x7f00000001c0), &(0x7f00000005c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
gettid()
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8e383, 0x0)
syz_io_uring_setup(0x3c5f, &(0x7f0000000240)={0x0, 0x15, 0x27, 0x2, 0x0, 0x0, r1}, &(0x7f00000002c0), &(0x7f0000000300))

6.718261273s ago: executing program 4 (id=648):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca5088", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35c", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

6.11991981s ago: executing program 0 (id=650):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r5, 0x1)
r6 = dup(r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r6)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2004001}, 0x80)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000003c0)="007b9c941e676794f7c029715e7f5d4ddd1dd06ce9d55a162d2e9e737ea1ffd6d2b8773a35e1a6be4b5e8b3fbd241532c10ce2762945c40000000b0000007a565c", 0x41)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14dc02, 0x0)

5.32003162s ago: executing program 3 (id=651):
gettid()
syz_usb_connect(0x0, 0x4f, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005cdd2e106307151088560000000109023d00010000d00009047e0004ffd234000905b74318860809050725018705ee7b09050a000002810bac090504"], 0x0)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x800)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000100)={0x0, 0xec25, 0x1, 0x0, 0x2d1}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0xfffffffffffffdec)

5.308316185s ago: executing program 5 (id=652):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/resume', 0x88102, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8b, 0x5, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r1, &(0x7f0000000140), 0x0}, 0x20)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000040)={0x1, @raw_data="dfab4d85d47fab3f5852323481422e0f382a7fff4f2f6544e6018dbd8ab7448ced0cb6d971aa93e8b234fd2ceb6c160545bc47d95cb6f68a98ee9ea4686093a60d1e90430c08857fd0c428cdd40ea133631f9993733758d144b78ac24b59a54138ada8c18089c1250c7de9ef6ad3b2f7f28322211b5313b263f34c07a174f7d1d0f000f2bd2a60f9e4f18a82318f990d85778a2b77c73764d2d187c87800f0905ca84dbdd9002b572b0928a92da591fbaa566464e5cb6dbaf6a6945d91b66259944c62c5090ca50c"})
socket$inet6_udp(0xa, 0x2, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, &(0x7f0000000000)=0x4, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007ed, &(0x7f0000008400)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x9, 0x2)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r6, &(0x7f00000005c0)=[{&(0x7f0000000080)='/', 0x1}], 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0)
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f00000003c0)=@multiplanar_mmap={0x3ff, 0x7, 0x4, 0x0, 0x9, {}, {0x2, 0x0, 0x4, 0x0, 0x5, 0x9, "399a35e0"}, 0x6, 0x1, {0x0}, 0x10, 0x0, r6})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000002c00)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000008100)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56561, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8}]}}]}, 0x3c}}, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xa89)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000340))
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r8, 0x0, 0x60, &(0x7f0000000040), 0x50)
r9 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x48000, 0x0)
sendmsg$NFT_MSG_GETSET(r9, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c010000020a01020000000000000000000000070c000b400000000000000007e8060980dc00028014000180080001400000000c080001400000000f1c00018008000140fffffff90800014000300000080001400000000314000180080001400000800108000140000000024c0001800800014000000000080001400000000008000140000005e008000140000000030800014000000400080001400000000008000140000000080800014000000855080001400000ff08140001800800014000000001080001400000a0c92400018008000140000000000800014000000001080001400000000e08000140000000000c0001800800014000000004040001800800014045dca7ba08000840000000010c0010400000000000000005"], 0x11c}, 0x1, 0x0, 0x0, 0x4}, 0x20080800)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r9, &(0x7f0000000380)="fb1d34e6e4883ffb9e0ee442d6687b5a46dc7f1f088ad8b326a94cc0df2d6487dd79a3f790cb1d", &(0x7f00000003c0)=""/57}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x2}}, 0x20)

5.203187624s ago: executing program 4 (id=653):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000851000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000, 0x2, 0x2})
memfd_create(0x0, 0x0)

5.115492713s ago: executing program 0 (id=654):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
syz_open_procfs(0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, 0x0, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x2, 0x300)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x220000, 0x0)
gettid()

4.155652983s ago: executing program 4 (id=655):
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x2a, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x12, &(0x7f0000000340)=0x1000446, 0x4)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000005dc0)={0x1f, @any, 0x15}, 0xa)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x18)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x24000045)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = open(&(0x7f0000000000)='./file1\x00', 0x181563, 0x0)
sendfile(r5, r5, 0x0, 0x80001d00c0cd)
ioctl$sock_inet_udp_SIOCOUTQ(r5, 0x5411, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet_sctp(r6, &(0x7f0000004900)=[{&(0x7f00000000c0)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000100)="f4", 0x1}], 0x1, &(0x7f00000001c0)=[@dstaddrv4={0x18, 0x84, 0x7, @private=0xa010102}], 0x18}], 0x1, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)

3.978111992s ago: executing program 5 (id=656):
r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0)
signalfd(r0, &(0x7f0000000040)={[0x1]}, 0x8)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

3.766658933s ago: executing program 1 (id=657):
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r3, 0x40045431, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000000, 0x50, 0xffffffffffffffff, 0x2a9ea000)
mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000)
move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r4 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r4, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r5, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000000500e50000070000001ffeff0001000003f1dc7f7c6e870200010000000800004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x700)
listen(r4, 0x2)
r6 = dup(0xffffffffffffffff)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="820000000000000018010040"])
setsockopt$bt_BT_FLUSHABLE(r6, 0x112, 0x8, &(0x7f0000000000)=0x930c, 0x4)
getsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, 0x0, 0x0)

3.702549771s ago: executing program 0 (id=658):
socket$nl_route(0x10, 0x3, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$loop(0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f0000000dc0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
unshare(0x8040480)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103)
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)
accept4$vsock_stream(r5, 0x0, 0x0, 0x80000)
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

3.033459071s ago: executing program 4 (id=659):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1e3300, 0x0) (async, rerun: 32)
socket$alg(0x26, 0x5, 0x0) (rerun: 32)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
splice(r2, 0x0, r1, &(0x7f0000000500)=0x800, 0xfffffffffffffe01, 0x8)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

2.703725059s ago: executing program 5 (id=660):
socket(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
rt_tgsigqueueinfo(0x0, 0x0, 0x3f, &(0x7f00000001c0)={0x12, 0x0, 0x7fffffff})
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0xc0002, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4)
socket$kcm(0x10, 0x2, 0x10)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000580)={@desc={0x1, 0x0, @auto="697bb55abf8e23d7"}, 0x21, 0x0, '\x00', @c})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_WOWLAN(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000000)={0x28, r3, 0x301, 0x0, 0x0, {{0x5}, {@val={0x8}, @void, @val={0xc, 0x99, {0x8, 0x4e}}}}}, 0x28}}, 0x0)

1.653476109s ago: executing program 3 (id=661):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0))
removexattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000000040)=@known='user.incfs.metadata\x00')
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000005c0), 0x400000, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x180, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000300)=@l={0x92, 0xb, 0xd0, 0x6, 0x1, 0x5, 0x3ff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
userfaultfd(0x80000)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000440)=ANY=[@ANYBLOB="610e9e497b8dcdc74bd3b6bae59078c1d1693dbe39c95053dd58d0d6171b1295f578926e4e5b7c0bd9ed57f30a597765d16a8787d162960f9527d3098b64f8081290216d52eb085201000000c7b524307ce420ef00ba35b4760600000000000000de88b03ee19b3808bc089b70b1f04556c85cfca2d27d9ee8e0ec1ec838b520e323abbc5b2f24317a636bbccf0543f0e08deef44429b20dc55ffffcc20978846bc50586cc3ad4b3407563eee2b6a204d7761f3a4bc74793da1b0bac990d7bfa77c0a45c63fa7debaead72afc2044d00826883785f03bc16bffa13807e2d1baa3088fd566814b64f27bc46665d4d4f5452b76c7f71e631425cb382c3d2deff92ac", @ANYRESHEX=0x0])
r3 = getpid()
prlimit64(r3, 0xa, &(0x7f0000000140)={0x80, 0x2000000000004}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)

1.536214328s ago: executing program 4 (id=662):
r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r1 = epoll_create(0x23)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)={0x16000000b})
syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
clock_gettime(0x0, &(0x7f0000000000)={<r2=>0x0, <r3=>0x0})
ppoll(&(0x7f0000000000), 0x0, &(0x7f0000000080)={r2, r3+10000000}, 0x0, 0x0)

1.489324521s ago: executing program 5 (id=663):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x18, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
unshare(0x20000400)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r2, &(0x7f00000001c0)={0x1f, @none, 0x1}, 0xa)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000300), 0x8000, 0x0)
getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000380)=0x9b3, &(0x7f0000000400)=0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0xe, 0x4, &(0x7f0000001300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0xfffffffd}, [@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x40}]}, &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000000)=0xfe8e, 0x12)
ioctl$TUNSETIFINDEX(r4, 0x400454da, &(0x7f0000000280))
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0x1, 0x3, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xb08}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x1}]}, @IFLA_IFNAME={0x14, 0x3, 'batadv_slave_0\x00'}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x6280}]}, 0x48}, 0x1, 0x0, 0x0, 0x884}, 0x4004004)

1.476743387s ago: executing program 0 (id=664):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca5088", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35c", @ANYRESOCT])
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

1.216693417s ago: executing program 0 (id=665):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r5, 0x1)
r6 = dup(r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r6)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2004001}, 0x80)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000003c0)="007b9c941e676794f7c029715e7f5d4ddd1dd06ce9d55a162d2e9e737ea1ffd6d2b8773a35e1a6be4b5e8b3fbd241532c10ce2762945c40000000b0000007a565c", 0x41)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14dc02, 0x0)

864.292047ms ago: executing program 5 (id=666):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f00000003c0)={0x0, 0x3, 0x0, 0x81, 0xffffffff})
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x31}}, {0x2, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2, 0x0, 0x200000000000000, 0x0, 0x2, 0x0, 0x4, 0x2000000000000006, 0x88})

836.888363ms ago: executing program 1 (id=667):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0xfffffffc, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}], 0x11)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$sock_ifreq(r3, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x5}}], {0x14}}, 0xa4}}, 0x0)
r7 = timerfd_create(0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000020a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000058000000160a0101000b000000000000010000000900020073797a32000000000900010073797a30000000002c0003"], 0xf8}, 0x1, 0x0, 0x0, 0xc000}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000080)='./bus\x00', 0x1c91e0, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r7, &(0x7f0000000200))
timerfd_settime(r7, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0)
clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x22}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x8091}, 0x24044884)

142.974519ms ago: executing program 5 (id=668):
socket$packet(0x11, 0x3, 0x300)
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
r1 = semget(0x1, 0x3, 0x204)
semctl$IPC_RMID(r1, 0x0, 0x0)
ioctl$CEC_S_MODE(r0, 0xc05c6104, &(0x7f0000000280))
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100)
getdents(r2, &(0x7f0000001fc0)=""/176, 0xb0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$NFT_BATCH(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0x4, &(0x7f0000000300)={&(0x7f0000000c40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELFLOWTABLE={0x3c, 0x18, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x164, 0x8, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x11c, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x7ff}]}}}, {0x44, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_XFRM_SPNUM={0x8}]}}}, {0x40, 0x1, 0x0, 0x1, @dup={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xd}]}}}, {0x10, 0x1, 0x0, 0x1, @objref={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}, {0x54, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x6f495bf1}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0xa08c}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HASH_SEED={0x8, 0x5, 0x1, 0x0, 0xeb}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HASH_TYPE={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xdbb3391bb0db03ea}}}, 0x1e8}, 0x1, 0x0, 0x0, 0x24000810}, 0x400d0)
sched_setscheduler(r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = syz_open_procfs(0x0, &(0x7f0000002400)='net/netstat\x00')
read$FUSE(r5, &(0x7f0000002500)={0x2020}, 0x2020)

96.162622ms ago: executing program 0 (id=669):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r5, 0x1)
r6 = dup(r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r6)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2004001}, 0x80)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000003c0)="007b9c941e676794f7c029715e7f5d4ddd1dd06ce9d55a162d2e9e737ea1ffd6d2b8773a35e1a6be4b5e8b3fbd241532c10ce2762945c40000000b0000007a565c", 0x41)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14dc02, 0x0)

0s ago: executing program 4 (id=670):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
shutdown(r5, 0x1)
r6 = dup(r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r6)
ioctl$EVIOCGRAB(r6, 0x40044590, &(0x7f0000000040)=0x4)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f00000001c0))
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0x60, 0x0, 0x100, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2004001}, 0x80)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000003c0)="007b9c941e676794f7c029715e7f5d4ddd1dd06ce9d55a162d2e9e737ea1ffd6d2b8773a35e1a6be4b5e8b3fbd241532c10ce2762945c40000000b0000007a565c", 0x41)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200013, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14dc02, 0x0)

kernel console output (not intermixed with test programs):

] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.303325][   T36] bond0 (unregistering): Released all slaves
[  144.308577][ T1553] usb 2-1: Product: syz
[  144.318627][ T1553] usb 2-1: Manufacturer: syz
[  144.323298][ T1553] usb 2-1: SerialNumber: syz
[  144.379490][ T1553] usb 2-1: config 0 descriptor??
[  144.397699][ T6357] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  144.405737][ T6357] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  144.747065][ T1553] redrat3 2-1:0.92: Couldn't find all endpoints
[  144.800975][   T36] hsr_slave_0: left promiscuous mode
[  144.807289][   T36] hsr_slave_1: left promiscuous mode
[  144.818372][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.826096][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  144.836713][ T1553] usb 2-1: USB disconnect, device number 15
[  144.846486][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  144.854184][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  144.892609][   T36] veth1_macvtap: left promiscuous mode
[  144.898518][   T36] veth0_macvtap: left promiscuous mode
[  144.904435][   T36] veth1_vlan: left promiscuous mode
[  144.911341][   T36] veth0_vlan: left promiscuous mode
[  145.370656][   T36] team0 (unregistering): Port device team_slave_1 removed
[  145.418442][   T36] team0 (unregistering): Port device team_slave_0 removed
[  145.543810][ T6381] loop6: detected capacity change from 0 to 7
[  145.569103][ T5870] usb 5-1: USB disconnect, device number 6
[  145.575400][ T6381] Dev loop6: unable to read RDB block 7
[  145.590624][ T6381]  loop6: AHDI p1 p4
[  145.599981][ T6381] loop6: partition table partially beyond EOD, truncated
[  145.612087][ T6381] loop6: p1 start 926365495 is beyond EOD, truncated
[  145.933463][ T5870] usb 4-1: USB disconnect, device number 3
[  146.250530][ T5831] Bluetooth: hci3: command tx timeout
[  147.077417][ T6392] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  148.070409][ T6401] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  148.536566][ T6408] overlayfs: missing 'lowerdir'
[  148.536836][ T6407] netlink: 44 bytes leftover after parsing attributes in process `syz.1.127'.
[  148.603306][ T6350] chnl_net:caif_netlink_parms(): no params data found
[  148.632402][ T6409] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  148.829134][ T5910] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  149.038646][ T5831] Bluetooth: hci3: command tx timeout
[  149.056917][ T6350] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.694457][ T5910] usb 4-1: device descriptor read/64, error -71
[  149.699072][ T6350] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.728791][ T6350] bridge_slave_0: entered allmulticast mode
[  149.739468][ T6350] bridge_slave_0: entered promiscuous mode
[  149.749815][ T6350] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.761339][ T6350] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.770809][ T6350] bridge_slave_1: entered allmulticast mode
[  149.781656][ T6350] bridge_slave_1: entered promiscuous mode
[  149.853943][ T6350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  149.876737][ T6350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.943800][ T6427] netlink: 'syz.0.132': attribute type 1 has an invalid length.
[  149.969003][ T5910] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  150.016251][ T6430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.132'.
[  150.893608][ T6350] team0: Port device team_slave_0 added
[  150.913688][ T6427] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  150.927831][ T6350] team0: Port device team_slave_1 added
[  151.029105][ T6350] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.036289][ T6350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.063124][ T5910] usb 4-1: device descriptor read/64, error -71
[  151.069619][ T6350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.115249][ T6350] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.123284][ T5831] Bluetooth: hci3: command tx timeout
[  151.138251][ T6350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.142458][ T6440] netlink: 224 bytes leftover after parsing attributes in process `syz.0.133'.
[  151.174081][ T6350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.191215][ T5910] usb usb4-port1: attempt power cycle
[  151.401911][ T6442] netlink: 12 bytes leftover after parsing attributes in process `syz.0.133'.
[  151.578780][ T5910] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  151.761729][ T5910] usb 4-1: device descriptor read/8, error -71
[  151.887954][ T6350] hsr_slave_0: entered promiscuous mode
[  151.898209][ T6350] hsr_slave_1: entered promiscuous mode
[  151.905160][ T6350] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  151.905213][ T6350] Cannot create hsr debugfs directory
[  152.830405][ T6439] netlink: 'syz.0.133': attribute type 3 has an invalid length.
[  153.561204][ T6467] XFS (nullb0): Invalid superblock magic number
[  154.693164][ T6482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.141'.
[  155.174622][ T6350] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  155.190457][ T6350] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  155.272004][ T6350] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  155.357184][ T6350] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  156.302125][ T6489] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR
[  156.883990][ T6350] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.907912][ T5910] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  156.973905][ T6350] 8021q: adding VLAN 0 to HW filter on device team0
[  157.010448][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.017671][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.067135][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.074329][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.693732][ T5910] usb 2-1: device descriptor read/64, error -71
[  158.350628][ T5910] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  158.629174][ T5910] usb 2-1: device descriptor read/64, error -71
[  158.730309][ T6350] 8021q: adding VLAN 0 to HW filter on device batadv0
[  158.749187][ T5910] usb usb2-port1: attempt power cycle
[  158.788964][   T49] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  158.910080][ T5821] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  158.951330][   T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.965641][   T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.976061][   T49] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  158.990989][   T49] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  159.001400][   T49] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.017836][   T49] usb 1-1: config 0 descriptor??
[  159.032785][ T6350] veth0_vlan: entered promiscuous mode
[  159.049717][ T5821] usb 5-1: device descriptor read/64, error -71
[  159.061443][ T6350] veth1_vlan: entered promiscuous mode
[  159.089391][ T5910] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  159.104029][ T6350] veth0_macvtap: entered promiscuous mode
[  159.116403][ T6350] veth1_macvtap: entered promiscuous mode
[  159.132776][ T5910] usb 2-1: device descriptor read/8, error -71
[  159.141569][ T6350] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.157434][ T6350] batman_adv: batadv0: Interface activated: batadv_slave_1
[  159.171827][ T6350] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.180729][ T6350] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.189527][ T6350] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.198240][ T6350] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  159.273325][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.289402][ T5821] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  159.297499][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.330041][   T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  159.338156][   T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  159.391815][ T5910] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  159.419441][ T5910] usb 2-1: device descriptor read/8, error -71
[  159.431218][ T5821] usb 5-1: device descriptor read/64, error -71
[  159.440760][   T49] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  159.460477][   T49] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  159.524099][ T6532] FAULT_INJECTION: forcing a failure.
[  159.524099][ T6532] name failslab, interval 1, probability 0, space 0, times 1
[  159.539302][ T6532] CPU: 1 UID: 0 PID: 6532 Comm: syz.5.114 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  159.539327][ T6532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  159.539339][ T6532] Call Trace:
[  159.539347][ T6532]  <TASK>
[  159.539355][ T6532]  dump_stack_lvl+0x189/0x250
[  159.539393][ T6532]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.539421][ T6532]  ? __pfx__printk+0x10/0x10
[  159.539458][ T6532]  ? __pfx___might_resched+0x10/0x10
[  159.539482][ T6532]  ? fs_reclaim_acquire+0x7d/0x100
[  159.539518][ T6532]  should_fail_ex+0x414/0x560
[  159.539548][ T6532]  should_failslab+0xa8/0x100
[  159.539577][ T6532]  __kmalloc_noprof+0xcb/0x4f0
[  159.539602][ T6532]  ? skcipher_next_slow+0xee/0x230
[  159.539635][ T6532]  skcipher_next_slow+0xee/0x230
[  159.539666][ T6532]  ecb_decrypt+0x1f2/0x280
[  159.539696][ T6532]  ? __pfx_ecb_decrypt+0x10/0x10
[  159.539748][ T6532]  skcipher_recvmsg+0xb11/0x11c0
[  159.539795][ T6532]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  159.539826][ T6532]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  159.539853][ T6532]  ? security_socket_recvmsg+0x7e/0x2e0
[  159.539875][ T6532]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  159.539901][ T6532]  sock_recvmsg+0x22c/0x270
[  159.539938][ T6532]  ____sys_recvmsg+0x1c9/0x460
[  159.539974][ T6532]  ? __pfx_____sys_recvmsg+0x10/0x10
[  159.540018][ T6532]  ? import_iovec+0x74/0xa0
[  159.540040][ T6532]  ___sys_recvmsg+0x1b5/0x510
[  159.540072][ T6532]  ? __pfx____sys_recvmsg+0x10/0x10
[  159.540126][ T6532]  ? __fget_files+0x3a0/0x420
[  159.540173][ T6532]  do_recvmmsg+0x307/0x770
[  159.540209][ T6532]  ? __pfx_do_recvmmsg+0x10/0x10
[  159.540249][ T6532]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  159.540292][ T6532]  __x64_sys_recvmmsg+0x190/0x240
[  159.540318][ T6532]  ? rcu_is_watching+0x15/0xb0
[  159.540343][ T6532]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  159.540373][ T6532]  ? do_syscall_64+0xba/0x220
[  159.540401][ T6532]  do_syscall_64+0xf6/0x220
[  159.540424][ T6532]  ? clear_bhb_loop+0x60/0xb0
[  159.540448][ T6532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.540467][ T6532] RIP: 0033:0x7f3be7b8e969
[  159.540484][ T6532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.540499][ T6532] RSP: 002b:00007f3be8aac038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  159.540519][ T6532] RAX: ffffffffffffffda RBX: 00007f3be7db5fa0 RCX: 00007f3be7b8e969
[  159.540532][ T6532] RDX: 0000000000000001 RSI: 0000200000003000 RDI: 0000000000000004
[  159.540544][ T6532] RBP: 00007f3be8aac090 R08: 0000000000000000 R09: 0000000000000000
[  159.540554][ T6532] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  159.540565][ T6532] R13: 0000000000000000 R14: 00007f3be7db5fa0 R15: 00007ffdb341e2f8
[  159.540594][ T6532]  </TASK>
[  159.545087][ T5910] usb usb2-port1: unable to enumerate USB device
[  159.561876][ T5821] usb usb5-port1: attempt power cycle
[  159.870483][ T6539] overlayfs: missing 'lowerdir'
[  159.875753][ T6511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  159.908899][ T6511] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  161.008648][ T5821] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  161.030065][ T5821] usb 5-1: device descriptor read/8, error -71
[  161.078559][ T5932] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  161.212638][ T6547] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[  161.356008][ T5932] usb 6-1: Using ep0 maxpacket: 16
[  161.372965][ T5821] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  161.470043][ T5821] usb 5-1: device descriptor read/8, error -71
[  161.482782][ T5932] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8
[  161.505613][ T5932] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  161.537745][ T5932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.580781][ T5932] usb 6-1: Product: syz
[  161.584988][ T5932] usb 6-1: Manufacturer: syz
[  161.608049][ T5932] usb 6-1: SerialNumber: syz
[  161.616786][ T5821] usb usb5-port1: unable to enumerate USB device
[  161.743497][ T5932] usb 6-1: config 0 descriptor??
[  161.904917][ T1553] usb 1-1: USB disconnect, device number 4
[  161.938903][ T5932] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  162.116576][ T5932] usb 6-1: Detected FT232R
[  162.223196][ T5932] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  162.517078][ T5932] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  162.530084][ T5932] ftdi_sio 6-1:0.0: GPIO initialisation failed: -71
[  162.550824][ T5932] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  162.597095][ T5932] usb 6-1: USB disconnect, device number 2
[  162.737876][ T5932] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  162.738192][ T5932] ftdi_sio 6-1:0.0: device disconnected
[  163.088060][ T6579] overlayfs: missing 'lowerdir'
[  163.154632][ T6582] capability: warning: `syz.3.167' uses deprecated v2 capabilities in a way that may be insecure
[  163.177752][ T6582] overlayfs: missing 'workdir'
[  163.358612][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  163.481659][ T5821] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  163.489968][    T9] usb 1-1: device descriptor read/64, error -71
[  163.540644][ T6588] Zero length message leads to an empty skb
[  163.698590][ T5821] usb 5-1: device descriptor read/64, error -71
[  163.768730][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  163.802652][ T6596] loop5: detected capacity change from 0 to 3879
[  163.908753][    T9] usb 1-1: device descriptor read/64, error -71
[  164.326197][ T6602] XFS (nullb0): Invalid superblock magic number
[  164.500053][ T5821] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  164.508672][    T9] usb usb1-port1: attempt power cycle
[  164.698693][ T5821] usb 5-1: device descriptor read/64, error -71
[  164.842711][ T5821] usb usb5-port1: attempt power cycle
[  164.908733][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  164.976293][    T9] usb 1-1: device descriptor read/8, error -71
[  165.248963][ T5821] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  165.276048][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  165.360329][ T5821] usb 5-1: device descriptor read/8, error -71
[  165.391701][    T9] usb 1-1: device descriptor read/8, error -71
[  165.569115][    T9] usb usb1-port1: unable to enumerate USB device
[  165.658838][ T5821] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  165.699309][ T5821] usb 5-1: device descriptor read/8, error -71
[  165.812663][ T5821] usb usb5-port1: unable to enumerate USB device
[  165.858559][   T49] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  166.639385][  T917] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  166.686084][ T6628] overlayfs: missing 'lowerdir'
[  166.710735][ T6632] capability: warning: `syz.4.181' uses 32-bit capabilities (legacy support in use)
[  166.735082][   T49] usb 2-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  166.744480][   T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.754109][   T49] usb 2-1: Product: syz
[  166.759047][   T49] usb 2-1: Manufacturer: syz
[  166.764185][   T49] usb 2-1: SerialNumber: syz
[  166.771940][   T49] usb 2-1: config 0 descriptor??
[  166.798688][  T917] usb 4-1: Using ep0 maxpacket: 32
[  166.961161][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  167.118667][    T9] usb 1-1: Using ep0 maxpacket: 16
[  167.130015][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8
[  167.146206][    T9] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  167.156056][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.163660][   T49] usb 2-1: f81604_read: reg: 105 failed: -EPROTO
[  167.172925][    T9] usb 1-1: Product: syz
[  167.177314][    T9] usb 1-1: Manufacturer: syz
[  167.186458][    T9] usb 1-1: SerialNumber: syz
[  167.200126][    T9] usb 1-1: config 0 descriptor??
[  167.217940][    T9] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  167.229855][    T9] usb 1-1: Detected FT232R
[  167.416692][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  167.432734][    T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  167.443653][    T9] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71
[  167.458097][    T9] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  167.476040][    T9] usb 1-1: USB disconnect, device number 9
[  167.490951][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  167.498549][  T917] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  167.566034][    T9] ftdi_sio 1-1:0.0: device disconnected
[  167.579796][   T49] f81604 2-1:0.0: Setting termination of CH#0 failed: -EPROTO
[  167.588846][  T917] usb 4-1: config 0 has no interface number 0
[  167.595091][   T49] f81604 2-1:0.0: probe with driver f81604 failed with error -71
[  167.608574][   T49] usb 2-1: USB disconnect, device number 20
[  167.614674][  T917] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  167.626494][  T917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.636750][  T917] usb 4-1: Product: syz
[  167.640993][  T917] usb 4-1: Manufacturer: syz
[  167.645587][  T917] usb 4-1: SerialNumber: syz
[  167.657864][  T917] usb 4-1: config 0 descriptor??
[  167.666093][  T917] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  168.065912][ T6645] Bluetooth: MGMT ver 1.23
[  168.825628][ T6637] syz.5.182 (6637): drop_caches: 2
[  169.097822][  T917] usb 4-1: qt2_attach - failed to power on unit: -71
[  169.107291][  T917] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  169.687437][ T6652] fuse: Bad value for 'fd'
[  169.695914][ T6652] IPVS: set_ctl: invalid protocol: 1 100.1.1.2:20001
[  169.710950][ T6657] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  169.799657][  T917] usb 4-1: USB disconnect, device number 8
[  169.934773][ T6664] overlayfs: missing 'lowerdir'
[  170.876007][ T6675] mmap: syz.5.190 (6675) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  170.898264][ T6675] FAULT_INJECTION: forcing a failure.
[  170.898264][ T6675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.911796][ T6675] CPU: 1 UID: 0 PID: 6675 Comm: syz.5.190 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  170.911823][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.911835][ T6675] Call Trace:
[  170.911843][ T6675]  <TASK>
[  170.911851][ T6675]  dump_stack_lvl+0x189/0x250
[  170.911884][ T6675]  ? filemap_get_entry+0xad/0x2f0
[  170.911911][ T6675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.911939][ T6675]  ? __pfx__printk+0x10/0x10
[  170.911973][ T6675]  ? __pfx_alloc_hugetlb_folio+0x10/0x10
[  170.912010][ T6675]  should_fail_ex+0x414/0x560
[  170.912041][ T6675]  _copy_from_user+0x2d/0xb0
[  170.912068][ T6675]  copy_folio_from_user+0x1e4/0x320
[  170.912103][ T6675]  hugetlb_mfill_atomic_pte+0xcab/0x14c0
[  170.912150][ T6675]  mfill_atomic_copy+0xe0f/0x12f0
[  170.912179][ T6675]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  170.912221][ T6675]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  170.912255][ T6675]  ? userfaultfd_ioctl+0x1c9b/0x4bc0
[  170.912305][ T6675]  userfaultfd_ioctl+0x29ba/0x4bc0
[  170.912337][ T6675]  ? kfree+0x18e/0x440
[  170.912359][ T6675]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  170.912382][ T6675]  ? security_file_ioctl+0xcb/0x2d0
[  170.912406][ T6675]  ? __se_sys_ioctl+0x47/0x170
[  170.912426][ T6675]  ? do_syscall_64+0xf6/0x220
[  170.912448][ T6675]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.912478][ T6675]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  170.912516][ T6675]  ? do_vfs_ioctl+0x12ba/0x1990
[  170.912542][ T6675]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  170.912577][ T6675]  ? kasan_quarantine_put+0xdd/0x220
[  170.912614][ T6675]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  170.912641][ T6675]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  170.912673][ T6675]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  170.912695][ T6675]  ? smack_log+0xef/0x3f0
[  170.912730][ T6675]  ? __pfx_smack_log+0x10/0x10
[  170.912762][ T6675]  ? smk_access+0x14c/0x4e0
[  170.912801][ T6675]  ? smk_tskacc+0x2fc/0x370
[  170.912840][ T6675]  ? smack_file_ioctl+0x2a9/0x340
[  170.912866][ T6675]  ? __pfx_smack_file_ioctl+0x10/0x10
[  170.912901][ T6675]  ? __fget_files+0x3a0/0x420
[  170.912929][ T6675]  ? __fget_files+0x2a/0x420
[  170.912962][ T6675]  ? bpf_lsm_file_ioctl+0x9/0x20
[  170.912984][ T6675]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  170.913009][ T6675]  __se_sys_ioctl+0xf9/0x170
[  170.913035][ T6675]  do_syscall_64+0xf6/0x220
[  170.913064][ T6675]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  170.913084][ T6675]  ? clear_bhb_loop+0x60/0xb0
[  170.913110][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.913130][ T6675] RIP: 0033:0x7f3be7b8e969
[  170.913148][ T6675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.913164][ T6675] RSP: 002b:00007f3be8a6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  170.913185][ T6675] RAX: ffffffffffffffda RBX: 00007f3be7db6160 RCX: 00007f3be7b8e969
[  170.913199][ T6675] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 0000000000000007
[  170.913212][ T6675] RBP: 00007f3be8a6a090 R08: 0000000000000000 R09: 0000000000000000
[  170.913223][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.913235][ T6675] R13: 0000000000000000 R14: 00007f3be7db6160 R15: 00007ffdb341e2f8
[  170.913268][ T6675]  </TASK>
[  171.368575][ T5905] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  171.508711][    T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  171.520680][ T5905] usb 1-1: Using ep0 maxpacket: 16
[  171.536383][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  171.536917][ T6680] netlink: 'syz.3.193': attribute type 10 has an invalid length.
[  171.547898][ T5905] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00
[  171.563666][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  171.581906][ T5905] usb 1-1: config 0 descriptor??
[  171.610147][ T6680] team0: Port device wlan1 added
[  171.671833][    T9] usb 2-1: Using ep0 maxpacket: 16
[  171.691047][    T9] usb 2-1: no configurations
[  171.695688][    T9] usb 2-1: can't read configurations, error -22
[  171.848829][    T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  171.926987][ T6687] overlayfs: missing 'lowerdir'
[  172.018632][    T9] usb 2-1: Using ep0 maxpacket: 16
[  172.027498][    T9] usb 2-1: no configurations
[  172.034959][    T9] usb 2-1: can't read configurations, error -22
[  172.066392][    T9] usb usb2-port1: attempt power cycle
[  172.099913][ T5905] hid (null): bogus close delimiter
[  172.109604][ T5905] corsair-psu 0003:1B1C:1C07.0004: bogus close delimiter
[  172.119676][ T5905] corsair-psu 0003:1B1C:1C07.0004: item 0 4 2 10 parsing failed
[  172.128245][ T5905] corsair-psu 0003:1B1C:1C07.0004: probe with driver corsair-psu failed with error -22
[  172.168712][ T5821] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  172.304684][ T6553] usb 1-1: USB disconnect, device number 10
[  172.319126][ T5821] usb 4-1: Using ep0 maxpacket: 16
[  172.342921][ T5821] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  172.364931][ T5821] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  172.383668][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.394940][ T5821] usb 4-1: Product: syz
[  172.403141][ T5821] usb 4-1: Manufacturer: syz
[  172.408091][ T5821] usb 4-1: SerialNumber: syz
[  172.421055][ T5821] usb 4-1: config 0 descriptor??
[  172.428857][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  172.444131][ T5821] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  172.454861][ T5821] usb 4-1: Detected FT232R
[  173.011793][ T6698] XFS (nullb0): Invalid superblock magic number
[  173.370848][ T5821] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  173.380274][ T5821] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  173.389593][ T5821] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  173.403173][ T5821] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  173.416630][ T5821] usb 4-1: USB disconnect, device number 9
[  173.427723][ T5821] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  173.438868][ T5821] ftdi_sio 4-1:0.0: device disconnected
[  173.475805][    T9] usb 2-1: device descriptor read/8, error -71
[  175.820888][ T6722] netlink: 8 bytes leftover after parsing attributes in process `syz.3.207'.
[  175.944298][ T6724] warning: `syz.5.206' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  176.225619][ T6707] netlink: 28 bytes leftover after parsing attributes in process `syz.4.202'.
[  176.283913][ T6735] use of bytesused == 0 is deprecated and will be removed in the future,
[  176.292581][ T6735] use the actual size instead.
[  176.445643][   T30] audit: type=1804 audit(1748368088.088:3): pid=6711 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.203" name="/newroot/40/file0" dev="tmpfs" ino=237 res=1 errno=0
[  176.668675][ T5905] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  177.478699][   T30] audit: type=1326 audit(1748368088.308:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6733 comm="syz.3.211" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa94c38e969 code=0xffff0000
[  178.467139][ T6741] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  179.244303][ T5905] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  179.478534][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.500396][ T5905] usb 6-1: config 0 descriptor??
[  179.516953][ T5905] usb 6-1: can't set config #0, error -71
[  179.540395][ T5905] usb 6-1: USB disconnect, device number 3
[  179.704892][ T6752] overlayfs: missing 'lowerdir'
[  179.920139][ T6758] overlayfs: missing 'lowerdir'
[  179.970953][ T6553] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  181.318551][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  181.922639][ T6765] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.219'.
[  182.478717][ T6553] usb 5-1: Using ep0 maxpacket: 16
[  182.503481][ T6553] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  182.518417][ T6553] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  182.532136][ T6553] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.540628][ T6553] usb 5-1: Product: syz
[  182.544927][ T6553] usb 5-1: Manufacturer: syz
[  182.554585][ T6553] usb 5-1: SerialNumber: syz
[  182.563905][ T6553] usb 5-1: config 0 descriptor??
[  182.574348][ T6553] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  182.583246][ T6553] usb 5-1: Detected FT232R
[  182.620923][ T6770] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.628831][    T9] usb 4-1: Using ep0 maxpacket: 16
[  182.638663][    T9] usb 4-1: no configurations
[  182.643562][    T9] usb 4-1: can't read configurations, error -22
[  182.711546][ T6553] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  182.721521][ T6553] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  182.738563][ T6553] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  182.738682][ T5870] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  182.770936][ T6553] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  182.783322][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  182.804935][ T6553] usb 5-1: USB disconnect, device number 15
[  182.820172][ T6553] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  182.833647][ T6553] ftdi_sio 5-1:0.0: device disconnected
[  182.968535][    T9] usb 4-1: Using ep0 maxpacket: 16
[  183.050672][ T5870] usb 1-1: Using ep0 maxpacket: 32
[  183.061387][ T5870] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice= e.22
[  183.084166][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.093427][ T5870] usb 1-1: Product: syz
[  183.097005][    T9] usb 4-1: device descriptor read/all, error -71
[  183.097680][ T5870] usb 1-1: Manufacturer: syz
[  183.108907][ T5870] usb 1-1: SerialNumber: syz
[  183.114587][    T9] usb usb4-port1: attempt power cycle
[  183.119859][ T5870] usb 1-1: config 0 descriptor??
[  183.831445][ T5870] usb 1-1: selecting invalid altsetting 3
[  183.837495][ T5870] comedi comedi0: could not set alternate setting 3 in high speed
[  183.849243][ T5870] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device.
[  183.861700][ T5870] usbdux 1-1:0.0: probe with driver usbdux failed with error -22
[  184.541875][ T6791] XFS (nullb0): Invalid superblock magic number
[  184.846739][ T6800] netlink: 32 bytes leftover after parsing attributes in process `syz.1.227'.
[  185.100213][ T6553] usb 1-1: USB disconnect, device number 11
[  185.278609][   T10] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  185.458698][   T10] usb 2-1: Using ep0 maxpacket: 16
[  185.470516][   T10] usb 2-1: config 0 has an invalid interface number: 68 but max is 0
[  185.612704][   T10] usb 2-1: config 0 has no interface number 0
[  185.624927][   T10] usb 2-1: config 0 interface 68 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.645889][   T10] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  185.655546][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.037619][ T6820] XFS (nullb0): Invalid superblock magic number
[  186.216779][   T10] usb 2-1: Product: syz
[  186.221055][   T10] usb 2-1: Manufacturer: syz
[  186.225786][   T10] usb 2-1: SerialNumber: syz
[  186.235620][   T10] usb 2-1: config 0 descriptor??
[  186.380179][   T10] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  186.442048][ T6831] overlayfs: missing 'lowerdir'
[  186.458066][ T5870] usb 2-1: USB disconnect, device number 25
[  186.477328][ T3426] usb 2-1: Failed to submit usb control message: -71
[  186.496472][ T3426] usb 2-1: unable to send the bmi data to the device: -71
[  186.514222][ T6834] gretap0: entered promiscuous mode
[  186.531336][ T3426] usb 2-1: unable to get target info from device
[  186.549771][ T6834] vlan2: entered promiscuous mode
[  186.554151][ T3426] usb 2-1: could not get target info (-71)
[  186.564462][ T3426] usb 2-1: could not probe fw (-71)
[  187.415082][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  187.712129][   T10] usb 1-1: Using ep0 maxpacket: 16
[  187.991768][   T10] usb 1-1: no configurations
[  187.996537][   T10] usb 1-1: can't read configurations, error -22
[  188.231250][   T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  189.407804][ T6858] XFS (nullb0): Invalid superblock magic number
[  189.838904][   T10] usb 1-1: Using ep0 maxpacket: 16
[  190.292942][   T10] usb 1-1: device descriptor read/all, error -71
[  190.303382][   T10] usb usb1-port1: attempt power cycle
[  190.454838][ T6869] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.241'.
[  190.464519][ T6869] netlink: zone id is out of range
[  190.470681][ T6869] netlink: zone id is out of range
[  190.476179][ T6869] netlink: zone id is out of range
[  190.481712][ T6869] netlink: zone id is out of range
[  190.486955][ T6869] netlink: get zone limit has 8 unknown bytes
[  191.431874][ T6874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.243'.
[  191.487037][ T6875] vti0: entered allmulticast mode
[  191.568811][ T6874] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  192.813163][ T6880] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR
[  193.368319][ T6896] XFS (nullb0): Invalid superblock magic number
[  193.858730][ T5905] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  194.259565][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.266009][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  195.350329][ T5905] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  195.361949][ T5905] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  195.390109][ T5905] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  195.490373][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.566134][ T5905] usb 1-1: Product: syz
[  195.612554][ T5905] usb 1-1: Manufacturer: syz
[  195.668680][ T5905] usb 1-1: SerialNumber: syz
[  196.591658][ T5905] usb 1-1: 0:2 : does not exist
[  196.606691][ T5905] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  196.789840][ T6918] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR
[  196.953031][ T5905] usb 1-1: USB disconnect, device number 15
[  197.225858][ T6926] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  197.544867][ T6940] loop7: detected capacity change from 0 to 7
[  197.582822][ T6940] Dev loop7: unable to read RDB block 7
[  197.594304][ T6940]  loop7: AHDI p1 p2
[  197.612130][ T6940] loop7: partition table partially beyond EOD, truncated
[  197.635963][ T6940] loop7: p1 start 1702000233 is beyond EOD, truncated
[  197.658071][ T6942] loop8: detected capacity change from 0 to 1
[  197.707876][ T6942] Dev loop8: unable to read RDB block 1
[  197.715442][ T6942]  loop8: unable to read partition table
[  197.736328][ T6942] loop8: partition table beyond EOD, truncated
[  197.767597][ T6942] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  198.783953][ T6956] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  203.404931][ T6969] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  204.618586][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  205.439287][   T10] usb 1-1: Using ep0 maxpacket: 32
[  205.446827][   T10] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  205.478538][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.498388][   T10] usb 1-1: config 0 descriptor??
[  205.523935][   T10] as10x_usb: device has been detected
[  205.530425][   T10] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  205.557320][   T10] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  205.578950][ T6553] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  205.602649][   T10] as10x_usb: error during firmware upload part1
[  205.632549][   T10] Registered device nBox DVB-T Dongle
[  205.661551][ T6999] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.270'.
[  205.676673][ T6999] netlink: zone id is out of range
[  205.682286][ T6999] netlink: zone id is out of range
[  205.687493][ T6999] netlink: zone id is out of range
[  205.692690][ T6999] netlink: zone id is out of range
[  205.700262][ T6999] netlink: get zone limit has 8 unknown bytes
[  205.787960][ T6553] usb 5-1: Using ep0 maxpacket: 8
[  205.865286][ T6553] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  205.887151][   T10] usb 1-1: USB disconnect, device number 16
[  205.961381][ T6553] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  206.040138][ T6553] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.144352][ T6553] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.335259][ T6553] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  206.467925][   T10] Unregistered device nBox DVB-T Dongle
[  206.482742][ T6553] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.573968][   T10] as10x_usb: device has been disconnected
[  206.749775][ T7004] input: syz1 as /devices/virtual/input/input9
[  206.777924][ T7004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'.
[  206.948002][ T6553] usb 5-1: GET_CAPABILITIES returned 0
[  206.953961][ T6553] usbtmc 5-1:16.0: can't read capabilities
[  207.316984][ T6995] FAULT_INJECTION: forcing a failure.
[  207.316984][ T6995] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  207.628545][ T6995] CPU: 0 UID: 0 PID: 6995 Comm: syz.4.269 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  207.628589][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  207.628607][ T6995] Call Trace:
[  207.628620][ T6995]  <TASK>
[  207.628629][ T6995]  dump_stack_lvl+0x189/0x250
[  207.628663][ T6995]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.628688][ T6995]  ? __pfx__printk+0x10/0x10
[  207.628728][ T6995]  should_fail_ex+0x414/0x560
[  207.628756][ T6995]  _copy_to_user+0x31/0xb0
[  207.628776][ T6995]  simple_read_from_buffer+0xe1/0x170
[  207.628806][ T6995]  proc_fail_nth_read+0x1df/0x250
[  207.628837][ T6995]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  207.628868][ T6995]  ? rw_verify_area+0x258/0x650
[  207.628890][ T6995]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  207.628920][ T6995]  vfs_read+0x200/0x980
[  207.628947][ T6995]  ? __pfx___mutex_lock+0x10/0x10
[  207.628969][ T6995]  ? __pfx_vfs_read+0x10/0x10
[  207.628993][ T6995]  ? __fget_files+0x2a/0x420
[  207.629022][ T6995]  ? __fget_files+0x3a0/0x420
[  207.629047][ T6995]  ? __fget_files+0x2a/0x420
[  207.629078][ T6995]  ksys_read+0x145/0x250
[  207.629098][ T6995]  ? __fget_files+0x2a/0x420
[  207.629121][ T6995]  ? __pfx_ksys_read+0x10/0x10
[  207.629145][ T6995]  ? do_syscall_64+0xba/0x220
[  207.629168][ T6995]  do_syscall_64+0xf6/0x220
[  207.629187][ T6995]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  207.629204][ T6995]  ? clear_bhb_loop+0x60/0xb0
[  207.629224][ T6995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.629239][ T6995] RIP: 0033:0x7f7fef58d37c
[  207.629256][ T6995] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  207.629270][ T6995] RSP: 002b:00007f7fed3f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  207.629289][ T6995] RAX: ffffffffffffffda RBX: 00007f7fef7b5fa0 RCX: 00007f7fef58d37c
[  207.629302][ T6995] RDX: 000000000000000f RSI: 00007f7fed3f60a0 RDI: 0000000000000005
[  207.629313][ T6995] RBP: 00007f7fed3f6090 R08: 0000000000000000 R09: 0000000000000000
[  207.629324][ T6995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.629334][ T6995] R13: 0000000000000000 R14: 00007f7fef7b5fa0 R15: 00007ffe76eb4968
[  207.629363][ T6995]  </TASK>
[  207.637262][ T7011] XFS (nullb0): Invalid superblock magic number
[  207.664595][ T6553] usb 5-1: USB disconnect, device number 16
[  208.488872][ T7033] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  209.187342][   T30] audit: type=1804 audit(1748368121.804:5): pid=7027 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.278" name="/newroot/56/file0" dev="tmpfs" ino=336 res=1 errno=0
[  210.030579][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.5.282'.
[  210.078556][ T7051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.282'.
[  210.116777][ T7051] netlink: 'syz.5.282': attribute type 14 has an invalid length.
[  210.674067][ T7055] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  210.708603][ T7051] netlink: 'syz.5.282': attribute type 13 has an invalid length.
[  211.586742][ T7068] netlink: 24 bytes leftover after parsing attributes in process `syz.3.287'.
[  211.604945][ T5829] Bluetooth: hci1: command 0x0406 tx timeout
[  211.688615][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  211.694694][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  211.876827][ T7076] xt_hashlimit: size too large, truncated to 1048576
[  213.389070][    T9] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  213.420128][ T7090] XFS (nullb0): Invalid superblock magic number
[  213.792685][    T9] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[  213.902894][    T9] usb 4-1: config 8 has no interface number 0
[  213.942213][    T9] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  213.968511][    T9] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid maxpacket 58398, setting to 64
[  214.098673][ T7100] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  214.126088][    T9] usb 4-1: config 8 interface 177 has no altsetting 0
[  214.230673][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  214.672486][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.058162][    T9] usb 4-1: can't set config #8, error -71
[  215.065172][    T9] usb 4-1: USB disconnect, device number 13
[  216.356028][ T7126] netlink: 44 bytes leftover after parsing attributes in process `syz.5.299'.
[  217.661546][   T65] Bluetooth: hci6: Frame reassembly failed (-90)
[  217.670514][   T65] Bluetooth: hci6: Frame reassembly failed (-84)
[  218.305694][ T7142] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  219.522881][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  219.652672][ T7147] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  219.698848][ T5831] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  219.728674][ T5827] Bluetooth: hci6: command 0xfc11 tx timeout
[  221.252287][   T30] audit: type=1804 audit(1748368133.894:6): pid=7157 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.303" name="/newroot/36/file0" dev="tmpfs" ino=205 res=1 errno=0
[  221.648635][ T5905] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  222.218547][ T5905] usb 1-1: Using ep0 maxpacket: 32
[  222.760211][ T7171] zonefs (nullb0) ERROR: Not a zoned block device
[  222.770513][ T7170] netlink: 'syz.4.308': attribute type 2 has an invalid length.
[  222.797788][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 195, changing to 11
[  222.813399][ T5905] usb 1-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  222.823085][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.834145][ T5905] usb 1-1: config 0 descriptor??
[  222.948590][ T5910] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  223.180881][ T5910] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  223.198609][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.215604][ T5910] usb 2-1: config 0 descriptor??
[  223.222671][   T30] audit: type=1804 audit(1748368135.864:7): pid=7174 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.311" name="/newroot/67/file0" dev="tmpfs" ino=386 res=1 errno=0
[  223.259930][ T5910] cp210x 2-1:0.0: cp210x converter detected
[  223.269273][ T5905] aureal 0003:0755:2626.0005: unbalanced collection at end of report description
[  223.280835][ T5905] aureal 0003:0755:2626.0005: probe with driver aureal failed with error -22
[  223.538826][ T5910] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  223.583013][ T5910] cp210x 2-1:0.0: failed to get vendor val 0x370c size 73: -71
[  223.608598][ T5910] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  223.635212][ T5910] usb 2-1: cp210x converter now attached to ttyUSB0
[  223.656681][ T5910] usb 2-1: USB disconnect, device number 26
[  223.671660][ T5910] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  223.694301][ T5910] cp210x 2-1:0.0: device disconnected
[  225.626550][ T7202] netlink: 96 bytes leftover after parsing attributes in process `syz.3.318'.
[  225.706267][ T7202] hub 9-0:1.0: USB hub found
[  225.718006][ T7202] hub 9-0:1.0: 1 port detected
[  225.726757][    T9] usb 1-1: USB disconnect, device number 17
[  226.275679][ T7204] XFS (nullb0): Invalid superblock magic number
[  226.836963][   T30] audit: type=1804 audit(1748368139.474:8): pid=7228 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.326" name="/newroot/61/file0" dev="tmpfs" ino=346 res=1 errno=0
[  227.038690][ T5831] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  227.104613][   T30] audit: type=1804 audit(1748368139.674:9): pid=7222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.323" name="/newroot/71/file0" dev="tmpfs" ino=407 res=1 errno=0
[  230.812826][ T7237] netlink: 'syz.0.328': attribute type 5 has an invalid length.
[  231.719045][ T7242] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  231.869890][ T7246] blkio.reset_stats is deprecated
[  231.952631][ T7248] overlayfs: missing 'workdir'
[  231.973808][ T7256] netlink: 'syz.0.335': attribute type 2 has an invalid length.
[  231.986425][ T7256] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.335'.
[  232.340411][ T7270] loop6: detected capacity change from 0 to 7
[  232.384341][ T7263] pim6reg: entered allmulticast mode
[  232.454899][ T7270] Dev loop6: unable to read RDB block 7
[  232.461604][ T7270]  loop6: AHDI p4
[  232.465393][ T7270] loop6: partition table partially beyond EOD, truncated
[  232.495571][ T7266] sctp: [Deprecated]: syz.0.337 (pid 7266) Use of struct sctp_assoc_value in delayed_ack socket option.
[  232.495571][ T7266] Use struct sctp_sack_info instead
[  232.743815][   T30] audit: type=1804 audit(1748368145.354:10): pid=7277 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.339" name="/newroot/67/file0" dev="tmpfs" ino=375 res=1 errno=0
[  232.791352][ T7250] pim6reg: left allmulticast mode
[  233.168527][ T6553] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  233.632424][ T7292] bridge1: entered promiscuous mode
[  233.638581][ T6553] usb 6-1: device descriptor read/64, error -71
[  233.670370][ T7292] bridge2: entered promiscuous mode
[  233.719286][ T7292] bridge3: entered promiscuous mode
[  233.802865][ T7292] bridge4: entered promiscuous mode
[  233.826595][ T7292] bridge5: entered promiscuous mode
[  233.847744][ T7292] bridge6: entered promiscuous mode
[  233.867217][ T7292] bridge7: entered promiscuous mode
[  233.878520][ T6553] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  234.028630][ T6553] usb 6-1: device descriptor read/64, error -71
[  234.122702][   T30] audit: type=1804 audit(1748368146.714:11): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.344" name="/newroot/73/file0" dev="tmpfs" ino=418 res=1 errno=0
[  234.410791][ T7292] bridge8: entered promiscuous mode
[  234.491356][ T7302] XFS (nullb0): Invalid superblock magic number
[  235.456385][ T6553] usb usb6-port1: attempt power cycle
[  236.812732][ T7325] 9pnet_fd: Insufficient options for proto=fd
[  237.178061][ T7330] overlayfs: missing 'workdir'
[  237.255599][   T30] audit: type=1804 audit(1748368149.894:12): pid=7332 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.353" name="/newroot/70/file0" dev="tmpfs" ino=420 res=1 errno=0
[  237.443798][ T7335] FAULT_INJECTION: forcing a failure.
[  237.443798][ T7335] name failslab, interval 1, probability 0, space 0, times 0
[  237.457142][ T7335] CPU: 0 UID: 0 PID: 7335 Comm: syz.5.354 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  237.457168][ T7335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  237.457180][ T7335] Call Trace:
[  237.457188][ T7335]  <TASK>
[  237.457197][ T7335]  dump_stack_lvl+0x189/0x250
[  237.457234][ T7335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  237.457263][ T7335]  ? __pfx__printk+0x10/0x10
[  237.457301][ T7335]  ? __pfx___might_resched+0x10/0x10
[  237.457324][ T7335]  ? fs_reclaim_acquire+0x7d/0x100
[  237.457360][ T7335]  should_fail_ex+0x414/0x560
[  237.457390][ T7335]  should_failslab+0xa8/0x100
[  237.457420][ T7335]  __kmalloc_noprof+0xcb/0x4f0
[  237.457445][ T7335]  ? kfree+0x4d/0x440
[  237.457466][ T7335]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  237.457501][ T7335]  tomoyo_realpath_from_path+0xe3/0x5d0
[  237.457532][ T7335]  ? tomoyo_domain+0xda/0x130
[  237.457568][ T7335]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  237.457600][ T7335]  tomoyo_path_number_perm+0x1e8/0x5a0
[  237.457628][ T7335]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  237.457714][ T7335]  ? __fget_files+0x2a/0x420
[  237.457746][ T7335]  ? __fget_files+0x3a0/0x420
[  237.457771][ T7335]  ? __fget_files+0x2a/0x420
[  237.457816][ T7335]  security_file_ioctl+0xcb/0x2d0
[  237.457841][ T7335]  __se_sys_ioctl+0x47/0x170
[  237.457864][ T7335]  do_syscall_64+0xf6/0x220
[  237.457887][ T7335]  ? clear_bhb_loop+0x60/0xb0
[  237.457910][ T7335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.457926][ T7335] RIP: 0033:0x7f3be7b8e969
[  237.457942][ T7335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.457956][ T7335] RSP: 002b:00007f3be8aac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  237.457975][ T7335] RAX: ffffffffffffffda RBX: 00007f3be7db5fa0 RCX: 00007f3be7b8e969
[  237.457991][ T7335] RDX: 0000200000000000 RSI: 00000000c0105500 RDI: 0000000000000004
[  237.458002][ T7335] RBP: 00007f3be8aac090 R08: 0000000000000000 R09: 0000000000000000
[  237.458012][ T7335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.458022][ T7335] R13: 0000000000000000 R14: 00007f3be7db5fa0 R15: 00007ffdb341e2f8
[  237.458051][ T7335]  </TASK>
[  237.458180][ T7335] ERROR: Out of memory at tomoyo_realpath_from_path.
[  238.975925][ T7342] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  239.155890][ T7344] bridge0: port 1(bridge_slave_0) entered disabled state
[  239.666280][ T7344] bridge_slave_0 (unregistering): left allmulticast mode
[  239.673475][ T7344] bridge_slave_0 (unregistering): left promiscuous mode
[  239.696621][ T7349] ERROR: device name not specified.
[  239.720767][ T7344] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.624708][ T7368] FAULT_INJECTION: forcing a failure.
[  240.624708][ T7368] name failslab, interval 1, probability 0, space 0, times 0
[  240.641971][ T7368] CPU: 0 UID: 0 PID: 7368 Comm: syz.4.363 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  240.641998][ T7368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  240.642009][ T7368] Call Trace:
[  240.642016][ T7368]  <TASK>
[  240.642024][ T7368]  dump_stack_lvl+0x189/0x250
[  240.642058][ T7368]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.642084][ T7368]  ? __pfx__printk+0x10/0x10
[  240.642118][ T7368]  ? __pfx___might_resched+0x10/0x10
[  240.642164][ T7368]  should_fail_ex+0x414/0x560
[  240.642194][ T7368]  should_failslab+0xa8/0x100
[  240.642223][ T7368]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  240.642251][ T7368]  ? __alloc_skb+0x112/0x2d0
[  240.642292][ T7368]  __alloc_skb+0x112/0x2d0
[  240.642319][ T7368]  netlink_sendmsg+0x5c6/0xb30
[  240.642339][ T7368]  ? is_bpf_text_address+0x26/0x2b0
[  240.642398][ T7368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.642428][ T7368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  240.642458][ T7368]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.642480][ T7368]  __sock_sendmsg+0x21c/0x270
[  240.642515][ T7368]  ____sys_sendmsg+0x505/0x830
[  240.642547][ T7368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.642582][ T7368]  ? import_iovec+0x74/0xa0
[  240.642606][ T7368]  ___sys_sendmsg+0x21f/0x2a0
[  240.642634][ T7368]  ? __pfx____sys_sendmsg+0x10/0x10
[  240.642698][ T7368]  ? __fget_files+0x2a/0x420
[  240.642726][ T7368]  ? __fget_files+0x3a0/0x420
[  240.642766][ T7368]  __x64_sys_sendmsg+0x19b/0x260
[  240.642795][ T7368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  240.642839][ T7368]  ? do_syscall_64+0xba/0x220
[  240.642868][ T7368]  do_syscall_64+0xf6/0x220
[  240.642892][ T7368]  ? clear_bhb_loop+0x60/0xb0
[  240.642918][ T7368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.642937][ T7368] RIP: 0033:0x7f7fef58e969
[  240.642955][ T7368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.642971][ T7368] RSP: 002b:00007f7fed3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.642991][ T7368] RAX: ffffffffffffffda RBX: 00007f7fef7b5fa0 RCX: 00007f7fef58e969
[  240.643006][ T7368] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003
[  240.643019][ T7368] RBP: 00007f7fed3f6090 R08: 0000000000000000 R09: 0000000000000000
[  240.643030][ T7368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.643113][ T7368] R13: 0000000000000000 R14: 00007f7fef7b5fa0 R15: 00007ffe76eb4968
[  240.643147][ T7368]  </TASK>
[  240.924217][ T7375] netlink: 24 bytes leftover after parsing attributes in process `syz.5.365'.
[  241.240560][   T30] audit: type=1804 audit(1748368153.884:13): pid=7383 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.368" name="/newroot/49/file0" dev="tmpfs" ino=271 res=1 errno=0
[  241.386853][ T7378] pim6reg: entered allmulticast mode
[  241.396682][  T917] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  241.404462][ T5910] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  241.455735][ T7385] overlayfs: missing 'workdir'
[  241.568571][  T917] usb 2-1: Using ep0 maxpacket: 32
[  241.577724][ T5910] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  241.587007][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.595211][  T917] usb 2-1: config 0 has an invalid interface number: 213 but max is 0
[  241.605599][ T5910] usb 5-1: config 0 descriptor??
[  241.610577][  T917] usb 2-1: config 0 has no interface number 0
[  241.620572][ T5910] cp210x 5-1:0.0: cp210x converter detected
[  241.629986][  T917] usb 2-1: config 0 interface 213 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528
[  241.661190][  T917] usb 2-1: New USB device found, idVendor=0b95, idProduct=7e2b, bcdDevice=eb.19
[  241.672383][  T917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.682647][  T917] usb 2-1: Product: syz
[  241.697142][  T917] usb 2-1: Manufacturer: syz
[  241.703855][  T917] usb 2-1: SerialNumber: syz
[  241.740078][  T917] usb 2-1: config 0 descriptor??
[  241.751196][ T7377] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  241.782554][ T7370] pim6reg: left allmulticast mode
[  241.979800][  T917] asix 2-1:0.213 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  241.994770][  T917] asix 2-1:0.213: probe with driver asix failed with error -71
[  242.017355][  T917] usb 2-1: USB disconnect, device number 27
[  242.051478][ T5910] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  242.081139][ T7389] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  242.099932][ T5910] usb 5-1: cp210x converter now attached to ttyUSB0
[  242.113405][ T7389] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  242.989295][   T30] audit: type=1326 audit(1748368155.584:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.198625][   T10] usb 5-1: USB disconnect, device number 17
[  243.213397][   T30] audit: type=1326 audit(1748368155.584:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.388868][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  243.418219][   T10] cp210x 5-1:0.0: device disconnected
[  243.428868][   T30] audit: type=1326 audit(1748368155.594:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3be7b8d2d0 code=0x7ffc0000
[  243.550448][   T30] audit: type=1326 audit(1748368155.594:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.574628][   T30] audit: type=1326 audit(1748368155.604:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.611670][   T30] audit: type=1326 audit(1748368155.654:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.671652][   T30] audit: type=1326 audit(1748368155.664:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.692947][    C0] vkms_vblank_simulate: vblank timer overrun
[  243.758524][  T917] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  243.786517][   T30] audit: type=1326 audit(1748368155.664:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.807833][    C0] vkms_vblank_simulate: vblank timer overrun
[  243.828853][   T30] audit: type=1326 audit(1748368155.664:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7388 comm="syz.5.370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f3be7b8e969 code=0x7ffc0000
[  243.853991][ T6553] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  243.950001][  T917] usb 4-1: Using ep0 maxpacket: 8
[  243.971277][  T917] usb 4-1: config 5 has an invalid interface number: 22 but max is 0
[  243.985387][  T917] usb 4-1: config 5 has no interface number 0
[  244.002542][  T917] usb 4-1: config 5 interface 22 altsetting 25 endpoint 0x6 has invalid wMaxPacketSize 0
[  244.022908][  T917] usb 4-1: config 5 interface 22 has no altsetting 0
[  244.027366][ T6553] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  244.039431][  T917] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010d, bcdDevice=ba.fa
[  244.052362][  T917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.068231][ T6553] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  244.076424][  T917] usb 4-1: Product: syz
[  244.092762][ T6553] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  244.105897][  T917] usb 4-1: Manufacturer: syz
[  244.117363][  T917] usb 4-1: SerialNumber: syz
[  244.122156][ T6553] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.148859][ T6553] usb 1-1: config 0 descriptor??
[  244.157627][ T6553] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  244.176126][ T6553] dvb-usb: bulk message failed: -22 (3/0)
[  244.195583][ T6553] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  244.227078][ T6553] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  244.236382][ T6553] usb 1-1: media controller created
[  244.249541][ T6553] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  244.276182][ T6553] dvb-usb: bulk message failed: -22 (6/0)
[  244.293115][ T6553] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  244.316632][ T6553] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input10
[  244.344120][ T6553] dvb-usb: schedule remote query interval to 150 msecs.
[  244.345140][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  244.368521][ T6553] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  244.455844][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  244.474204][ T6553] usb 1-1: USB disconnect, device number 18
[  244.620213][ T6553] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  244.773971][  T917] kvaser_usb 4-1:5.22: error -ENODEV: Cannot get usb endpoint(s)
[  244.791632][  T917] rndis_host 4-1:5.22: skipping garbage
[  244.797257][  T917] usb 4-1: bad CDC descriptors
[  244.853513][  T917] usb 4-1: USB disconnect, device number 14
[  245.873185][  T917] kernel write not supported for file /239/net/ip_vs_stats_percpu (pid: 917 comm: kworker/1:2)
[  245.913720][ T7436] trusted_key: encrypted_key: insufficient parameters specified
[  246.206624][ T7445] netlink: 'syz.3.385': attribute type 1 has an invalid length.
[  246.271209][ T7445] 8021q: adding VLAN 0 to HW filter on device bond1
[  246.878219][ T7445] input: syz1 as /devices/virtual/input/input11
[  247.829874][ T5821] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  247.992000][ T5821] usb 5-1: Using ep0 maxpacket: 8
[  248.018228][ T5821] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  248.029748][ T5821] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  248.043090][ T5821] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  248.055706][ T5821] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  248.066716][ T5821] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  248.108928][ T5821] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  248.121879][ T5821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.776067][ T5821] usb 5-1: GET_CAPABILITIES returned 0
[  248.834815][ T5821] usbtmc 5-1:16.0: can't read capabilities
[  248.987891][ T7456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.008150][ T7456] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  249.032200][ T5821] usb 5-1: USB disconnect, device number 18
[  249.163197][   T30] kauditd_printk_skb: 64 callbacks suppressed
[  249.164265][   T30] audit: type=1804 audit(1748368161.804:87): pid=7485 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.397" name="/newroot/87/file0" dev="tmpfs" ino=489 res=1 errno=0
[  249.190636][    C0] vkms_vblank_simulate: vblank timer overrun
[  249.288592][   T10] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  249.680600][   T10] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  249.922489][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.930771][   T10] usb 1-1: Product: syz
[  249.938509][   T10] usb 1-1: Manufacturer: syz
[  249.956404][   T10] usb 1-1: SerialNumber: syz
[  249.965721][   T10] usb 1-1: config 0 descriptor??
[  249.991023][ T7488] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  253.069198][   T10] usb-storage 1-1:0.0: USB Mass Storage device detected
[  253.363267][   T10] usb 1-1: USB disconnect, device number 19
[  253.627015][   T30] audit: type=1804 audit(1748368166.214:88): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.400" name="/newroot/78/file0" dev="tmpfs" ino=461 res=1 errno=0
[  255.604687][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.611138][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  257.564580][ T7521] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  257.571336][ T7521] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  258.592277][ T7493] uprobe: syz.4.400:7493 failed to unregister, leaking uprobe
[  258.634476][   T30] audit: type=1804 audit(1748368171.274:89): pid=7525 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.409" name="/newroot/81/file0" dev="tmpfs" ino=452 res=1 errno=0
[  258.876833][ T7532] process 'syz.4.412' launched './file0' with NULL argv: empty string added
[  259.139491][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.413'.
[  259.291811][   T30] audit: type=1804 audit(1748368171.864:90): pid=7542 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.414" name="/newroot/77/file0" dev="tmpfs" ino=432 res=1 errno=0
[  263.385388][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.3.421'.
[  263.578731][ T5905] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  263.658798][  T917] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  264.349902][ T7575] overlayfs: failed to resolve './file1': -2
[  264.415600][   T30] audit: type=1804 audit(1748368177.054:91): pid=7573 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.425" name="/newroot/83/file0" dev="tmpfs" ino=488 res=1 errno=0
[  264.458583][  T917] usb 4-1: Using ep0 maxpacket: 32
[  264.463928][ T5905] usb 6-1: Using ep0 maxpacket: 8
[  264.477010][ T5905] usb 6-1: no configurations
[  264.485397][ T5905] usb 6-1: can't read configurations, error -22
[  264.495836][  T917] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  264.654861][ T5905] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  265.069881][  T917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.080076][ T7577] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[  265.178335][  T917] usb 4-1: config 0 descriptor??
[  265.205186][  T917] as10x_usb: device has been detected
[  265.214904][  T917] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  265.228613][ T5910] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  265.248486][ T5905] usb 6-1: Using ep0 maxpacket: 8
[  265.254644][ T5905] usb 6-1: no configurations
[  265.260171][  T917] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  265.268575][ T5905] usb 6-1: can't read configurations, error -22
[  265.277077][ T5905] usb usb6-port1: attempt power cycle
[  265.285993][  T917] as10x_usb: error during firmware upload part1
[  265.294012][  T917] Registered device nBox DVB-T Dongle
[  265.468654][ T5910] usb 2-1: config 0 has an invalid interface number: 206 but max is 1
[  265.485943][ T5910] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.488004][    T9] usb 4-1: USB disconnect, device number 15
[  265.504754][ T5910] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  265.513976][ T5910] usb 2-1: config 0 has no interface number 0
[  265.520316][ T5910] usb 2-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  265.543964][ T5910] usb 2-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  265.561222][ T5910] usb 2-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64
[  265.565356][    T9] Unregistered device nBox DVB-T Dongle
[  265.581366][ T5910] usb 2-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7
[  265.581927][    T9] as10x_usb: device has been disconnected
[  265.586936][ T5910] usb 2-1: config 0 interface 206 has no altsetting 0
[  265.600893][ T5910] usb 2-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f
[  265.600918][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.638522][ T5905] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  265.658648][ T5910] usb 2-1: Product: syz
[  265.675230][ T5910] usb 2-1: Manufacturer: syz
[  265.680535][ T5905] usb 6-1: Using ep0 maxpacket: 8
[  265.686203][ T5905] usb 6-1: no configurations
[  265.698493][ T5910] usb 2-1: SerialNumber: syz
[  265.705342][ T5905] usb 6-1: can't read configurations, error -22
[  265.716644][ T5910] usb 2-1: config 0 descriptor??
[  265.870696][ T7575] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  266.019816][ T5905] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  266.061194][ T5905] usb 6-1: Using ep0 maxpacket: 8
[  266.197010][ T5905] usb 6-1: no configurations
[  266.255220][ T7590] XFS (nullb0): Invalid superblock magic number
[  266.306807][ T5905] usb 6-1: can't read configurations, error -22
[  266.405681][ T5910] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  266.422961][ T5905] usb usb6-port1: unable to enumerate USB device
[  266.721378][ T5910] usb 2-1: USB disconnect, device number 28
[  268.024235][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  268.033709][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  268.071372][ T7606] XFS (nullb0): Invalid superblock magic number
[  268.118069][   T49] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  268.788167][   T49] usb 5-1: config 0 interface 0 has no altsetting 0
[  269.151876][   T49] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  269.744230][   T49] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.753793][ T7626] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  269.761395][   T49] usb 5-1: config 0 descriptor??
[  269.844402][   T49] usb 5-1: can't set config #0, error -71
[  269.868240][   T49] usb 5-1: USB disconnect, device number 19
[  271.810732][   T30] audit: type=1804 audit(1748368184.444:92): pid=7648 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.439" name="/newroot/61/file0" dev="tmpfs" ino=332 res=1 errno=0
[  273.681554][ T7658] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  274.008383][   T30] audit: type=1400 audit(1748368186.644:93): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=7669 comm="syz.4.447" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15952
[  274.717349][ T5910] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  274.725197][ T7673] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  274.752573][   T30] audit: type=1400 audit(1748368186.644:94): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=7669 comm="syz.4.447" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15952
[  274.969087][ T7664] tipc: Started in network mode
[  275.013907][ T7664] tipc: Node identity 4, cluster identity 4711
[  275.079597][   T30] audit: type=1400 audit(1748368187.354:95): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=7669 comm="syz.4.447" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15952
[  275.092367][ T7664] tipc: Node number set to 4
[  275.259839][ T5910] usb 6-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  275.269352][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.375964][ T5910] usb 6-1: config 0 descriptor??
[  275.963122][ T5910] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  275.984883][ T5910] asix 6-1:0.0: probe with driver asix failed with error -71
[  276.008834][ T5910] usb 6-1: USB disconnect, device number 11
[  276.942329][ T7712] XFS (nullb0): Invalid superblock magic number
[  278.478106][   T30] audit: type=1804 audit(1748368191.094:96): pid=7720 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.455" name="/newroot/92/file0" dev="tmpfs" ino=536 res=1 errno=0
[  281.159281][ T7711] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  282.810688][ T7745] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  282.854233][ T7745] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.890642][ T7745] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  284.414258][ T7761] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR
[  284.657491][ T7773] loop6: detected capacity change from 0 to 7
[  284.732932][ T7773] Dev loop6: unable to read RDB block 7
[  284.740180][ T7773]  loop6: AHDI p1 p4
[  284.744244][ T7773] loop6: partition table partially beyond EOD, truncated
[  285.197650][ T7803] Smack: duplicate mount options
[  285.947270][ T7800] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.479'.
[  285.957978][ T7800] netlink: zone id is out of range
[  285.963624][ T7800] netlink: zone id is out of range
[  285.968988][ T7800] netlink: get zone limit has 8 unknown bytes
[  287.033597][ T7813] XFS (nullb0): Invalid superblock magic number
[  289.263663][   T30] audit: type=1804 audit(1748368201.904:97): pid=7837 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.484" name="/newroot/69/file0" dev="tmpfs" ino=374 res=1 errno=0
[  292.804019][ T7844] overlayfs: missing 'lowerdir'
[  293.008616][  T917] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  293.139534][ T7848] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  293.154356][    T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  293.368611][    T9] usb 2-1: Using ep0 maxpacket: 16
[  293.625949][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  293.641558][    T9] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  293.653265][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.688598][  T917] usb 4-1: Using ep0 maxpacket: 8
[  293.796334][ T7854] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.493'.
[  293.806059][ T7854] netlink: zone id is out of range
[  293.811515][ T7854] netlink: zone id is out of range
[  293.816753][ T7854] netlink: get zone limit has 8 unknown bytes
[  293.842755][    T9] usb 2-1: Product: syz
[  293.887526][    T9] usb 2-1: Manufacturer: syz
[  293.936965][    T9] usb 2-1: SerialNumber: syz
[  294.103716][    T9] usb 2-1: config 0 descriptor??
[  294.203843][    T9] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  294.304048][    T9] usb 2-1: Detected FT232R
[  294.390210][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  294.554925][  T917] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  294.562551][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  294.588465][  T917] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  294.608495][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  294.611105][    T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  294.621713][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  294.640180][  T917] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  294.647753][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  294.648849][    T9] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[  294.659391][  T917] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  294.680364][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  294.692061][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  294.706485][  T917] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  294.952817][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  294.955425][    T9] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  294.971082][  T917] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  294.985434][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  294.997037][    T9] usb 2-1: USB disconnect, device number 29
[  294.998845][  T917] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  295.965513][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  295.978797][    T9] ftdi_sio 2-1:0.0: device disconnected
[  296.392854][  T917] usb 4-1: string descriptor 0 read error: -71
[  296.399244][  T917] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  296.408301][  T917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.423860][  T917] usb 4-1: can't set config #168, error -71
[  296.433060][  T917] usb 4-1: USB disconnect, device number 16
[  297.728583][ T5827] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  298.117404][ T7871] XFS (nullb0): Invalid superblock magic number
[  299.188663][ T7898] FAULT_INJECTION: forcing a failure.
[  299.188663][ T7898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  299.275833][ T7898] CPU: 0 UID: 0 PID: 7898 Comm: syz.3.503 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  299.275857][ T7898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  299.275879][ T7898] Call Trace:
[  299.275886][ T7898]  <TASK>
[  299.275893][ T7898]  dump_stack_lvl+0x189/0x250
[  299.275925][ T7898]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.275950][ T7898]  ? __pfx__printk+0x10/0x10
[  299.275989][ T7898]  should_fail_ex+0x414/0x560
[  299.276016][ T7898]  _copy_to_user+0x31/0xb0
[  299.276034][ T7898]  simple_read_from_buffer+0xe1/0x170
[  299.276063][ T7898]  proc_fail_nth_read+0x1df/0x250
[  299.276094][ T7898]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  299.276125][ T7898]  ? rw_verify_area+0x258/0x650
[  299.276145][ T7898]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  299.276174][ T7898]  vfs_read+0x200/0x980
[  299.276199][ T7898]  ? __pfx___mutex_lock+0x10/0x10
[  299.276219][ T7898]  ? __pfx_vfs_read+0x10/0x10
[  299.276237][ T7898]  ? __fget_files+0x2a/0x420
[  299.276260][ T7898]  ? __fget_files+0x3a0/0x420
[  299.276279][ T7898]  ? __fget_files+0x2a/0x420
[  299.276304][ T7898]  ksys_read+0x145/0x250
[  299.276323][ T7898]  ? __pfx_ksys_read+0x10/0x10
[  299.276347][ T7898]  do_syscall_64+0xf6/0x220
[  299.276364][ T7898]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  299.276390][ T7898]  ? clear_bhb_loop+0x60/0xb0
[  299.276407][ T7898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.276420][ T7898] RIP: 0033:0x7fa94c38d37c
[  299.276433][ T7898] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  299.276445][ T7898] RSP: 002b:00007fa94d118030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  299.276460][ T7898] RAX: ffffffffffffffda RBX: 00007fa94c5b5fa0 RCX: 00007fa94c38d37c
[  299.276471][ T7898] RDX: 000000000000000f RSI: 00007fa94d1180a0 RDI: 0000000000000005
[  299.276479][ T7898] RBP: 00007fa94d118090 R08: 0000000000000000 R09: 0000000000000000
[  299.276488][ T7898] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[  299.276496][ T7898] R13: 0000000000000000 R14: 00007fa94c5b5fa0 R15: 00007ffef72bac28
[  299.276518][ T7898]  </TASK>
[  299.595755][ T7893] XFS (nullb0): Invalid superblock magic number
[  299.780575][ T7911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.507'.
[  300.363368][ T7913] netlink: 762 bytes leftover after parsing attributes in process `syz.4.507'.
[  300.409426][ T7919] overlayfs: missing 'lowerdir'
[  300.497331][ T7883] tipc: Started in network mode
[  300.512575][ T7883] tipc: Node identity 0e653c56e0be, cluster identity 4711
[  300.529638][ T7883] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  300.545882][ T7883] trusted_key: encrypted_key: insufficient parameters specified
[  301.017599][  T917] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  301.025505][ T5905] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  301.665073][ T5821] tipc: Node number set to 4007345238
[  301.674123][ T7932] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR
[  301.938451][  T917] usb 2-1: Using ep0 maxpacket: 16
[  301.964860][ T5905] usb 5-1: too many configurations: 151, using maximum allowed: 8
[  301.993525][   T30] audit: type=1326 audit(1748368214.624:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7940 comm="syz.3.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94c38e969 code=0x7ffc0000
[  302.046594][  T917] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  302.078927][ T5905] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[  302.088544][   T30] audit: type=1326 audit(1748368214.624:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7940 comm="syz.3.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7fa94c38e969 code=0x7ffc0000
[  302.119855][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[  302.129900][ T5905] usb 5-1: Product: syz
[  302.134468][  T917] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  302.144034][ T5905] usb 5-1: Manufacturer: syz
[  302.149037][  T917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.157246][ T5905] usb 5-1: SerialNumber: syz
[  302.162601][   T30] audit: type=1326 audit(1748368214.624:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7940 comm="syz.3.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94c38e969 code=0x7ffc0000
[  302.196208][  T917] usb 2-1: Product: syz
[  302.202062][ T5905] usb 5-1: config 0 descriptor??
[  302.211083][  T917] usb 2-1: Manufacturer: syz
[  302.215709][  T917] usb 2-1: SerialNumber: syz
[  302.244493][  T917] usb 2-1: config 0 descriptor??
[  302.249564][   T30] audit: type=1326 audit(1748368214.624:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7940 comm="syz.3.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa94c38e969 code=0x7ffc0000
[  302.297075][  T917] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  302.316147][  T917] usb 2-1: Detected FT232R
[  302.575577][  T917] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  302.583438][  T917] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  302.598667][  T917] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[  302.619153][  T917] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  302.632936][  T917] usb 2-1: USB disconnect, device number 30
[  302.643051][  T917] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  302.655955][  T917] ftdi_sio 2-1:0.0: device disconnected
[  302.832026][ T7965] netlink: 104 bytes leftover after parsing attributes in process `syz.3.519'.
[  303.378521][ T5821] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  303.721566][ T5821] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[  303.805501][ T5821] usb 4-1: config 8 has no interface number 0
[  303.903890][ T5821] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  303.916555][ T5905] usb 5-1: USB disconnect, device number 20
[  303.955227][ T5821] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  303.985814][ T5821] usb 4-1: config 8 interface 177 has no altsetting 0
[  304.027672][ T5821] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  304.057350][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.172180][ T7968] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  304.428568][   T49] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  304.473225][ T5905] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  304.593571][ T7985] XFS (nullb0): Invalid superblock magic number
[  304.660761][   T49] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  304.858302][ T5905] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  304.868537][   T49] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  304.891978][ T5905] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  304.911945][   T49] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  304.938471][ T5905] usb 5-1: config 0 has no interface number 0
[  304.965005][   T49] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.993965][ T5905] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  305.022974][ T7983] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  305.044839][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.076817][   T49] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  305.096870][ T5905] usb 5-1: Product: syz
[  305.115978][ T5905] usb 5-1: Manufacturer: syz
[  305.131528][ T5905] usb 5-1: SerialNumber: syz
[  305.165146][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.5.527'.
[  305.195038][ T5905] usb 5-1: config 0 descriptor??
[  305.220534][ T7993] netlink: 40 bytes leftover after parsing attributes in process `syz.5.527'.
[  305.322763][ T7994] XFS (nullb0): Invalid superblock magic number
[  305.508476][    T9] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  305.532725][   T49] usb 1-1: USB disconnect, device number 20
[  305.560322][ T5821] usb 4-1: string descriptor 0 read error: -71
[  305.572086][ T5821] ir_toy 4-1:8.177: required endpoints not found
[  305.582521][ T8004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.525'.
[  305.596694][ T5821] usb 4-1: USB disconnect, device number 17
[  305.670961][    T9] usb 6-1: config 253 has an invalid interface number: 57 but max is 0
[  305.679652][    T9] usb 6-1: config 253 has no interface number 0
[  305.686025][    T9] usb 6-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  305.700553][    T9] usb 6-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86
[  305.710120][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.718220][    T9] usb 6-1: Product: syz
[  305.722962][    T9] usb 6-1: Manufacturer: syz
[  305.728041][    T9] usb 6-1: SerialNumber: syz
[  305.951376][    T9] cdc_ether 6-1:253.57: invalid descriptor buffer length
[  305.964758][    T9] usb 6-1: bad CDC descriptors
[  305.981520][    T9] usb 6-1: USB disconnect, device number 12
[  306.021949][   T30] audit: type=1326 audit(1748368218.664:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  306.047118][   T30] audit: type=1326 audit(1748368218.664:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  306.092869][   T30] audit: type=1326 audit(1748368218.664:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  306.118547][   T30] audit: type=1326 audit(1748368218.664:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  306.142266][   T30] audit: type=1326 audit(1748368218.664:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  306.178172][   T30] audit: type=1326 audit(1748368218.664:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8005 comm="syz.1.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60f38e969 code=0x7ffc0000
[  307.106510][    T9] usb 5-1: USB disconnect, device number 21
[  307.250737][ T8024] overlayfs: missing 'lowerdir'
[  309.063939][ T8034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.536'.
[  309.107031][ T8034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.536'.
[  309.269967][   T49] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  309.428553][   T49] usb 6-1: Using ep0 maxpacket: 16
[  309.444029][   T49] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 8
[  309.468160][   T49] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  309.477920][   T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.486808][   T49] usb 6-1: Product: syz
[  309.491421][   T49] usb 6-1: Manufacturer: syz
[  309.496444][   T49] usb 6-1: SerialNumber: syz
[  309.501247][  T917] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  310.039764][   T49] usb 6-1: config 0 descriptor??
[  310.051164][  T917] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[  310.075524][   T49] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[  310.103647][  T917] usb 2-1: config 8 has no interface number 0
[  310.120379][  T917] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  310.136710][   T49] usb 6-1: Detected FT232R
[  310.160583][  T917] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  310.171977][  T917] usb 2-1: config 8 interface 177 has no altsetting 0
[  310.206710][  T917] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  310.231847][  T917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.247745][   T49] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  310.261601][   T49] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  310.288802][   T49] ftdi_sio 6-1:0.0: GPIO initialisation failed: -71
[  310.298910][ T8052] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  310.359323][   T49] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  310.381397][   T49] usb 6-1: USB disconnect, device number 13
[  310.399253][   T49] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  310.413840][   T49] ftdi_sio 6-1:0.0: device disconnected
[  310.835201][  T917] usb 2-1: string descriptor 0 read error: -71
[  310.843573][  T917] ir_toy 2-1:8.177: required endpoints not found
[  310.854578][  T917] usb 2-1: USB disconnect, device number 31
[  312.478592][ T8063] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  312.485378][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  312.568912][ T8063] Bluetooth: hci0: Opcode 0x0406 failed: -110
[  313.378598][ T8063] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  313.434291][ T8063] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  313.796587][ T8063] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  313.888192][ T8063] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  313.996647][ T8063] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  314.028985][ T8063] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  314.047717][ T8063] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  314.065226][ T8063] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  314.580961][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  314.798707][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  315.086157][ T8106] overlayfs: missing 'lowerdir'
[  315.388731][   T49] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  315.651492][ T8119] FAULT_INJECTION: forcing a failure.
[  315.651492][ T8119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  315.664632][ T8119] CPU: 0 UID: 0 PID: 8119 Comm: syz.4.557 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  315.664655][ T8119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  315.664667][ T8119] Call Trace:
[  315.664675][ T8119]  <TASK>
[  315.664682][ T8119]  dump_stack_lvl+0x189/0x250
[  315.664715][ T8119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  315.664742][ T8119]  ? __pfx__printk+0x10/0x10
[  315.664771][ T8119]  ? __might_fault+0xb0/0x130
[  315.664808][ T8119]  should_fail_ex+0x414/0x560
[  315.664836][ T8119]  _copy_from_user+0x2d/0xb0
[  315.664855][ T8119]  __sys_bpf+0x1ed/0x860
[  315.664876][ T8119]  ? __pfx___sys_bpf+0x10/0x10
[  315.664907][ T8119]  ? ksys_write+0x22a/0x250
[  315.664928][ T8119]  ? rcu_is_watching+0x15/0xb0
[  315.664961][ T8119]  __x64_sys_bpf+0x7c/0x90
[  315.664988][ T8119]  do_syscall_64+0xf6/0x220
[  315.665017][ T8119]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  315.665035][ T8119]  ? clear_bhb_loop+0x60/0xb0
[  315.665058][ T8119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.665077][ T8119] RIP: 0033:0x7f7fef58e969
[  315.665093][ T8119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.665110][ T8119] RSP: 002b:00007f7fed3b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  315.665129][ T8119] RAX: ffffffffffffffda RBX: 00007f7fef7b6160 RCX: 00007f7fef58e969
[  315.665143][ T8119] RDX: 0000000000000020 RSI: 0000200000000240 RDI: 0000000000000015
[  315.665154][ T8119] RBP: 00007f7fed3b4090 R08: 0000000000000000 R09: 0000000000000000
[  315.665166][ T8119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.665176][ T8119] R13: 0000000000000000 R14: 00007f7fef7b6160 R15: 00007ffe76eb4968
[  315.665205][ T8119]  </TASK>
[  315.968753][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  315.996122][   T49] usb 4-1: Using ep0 maxpacket: 16
[  316.070118][   T49] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  316.079144][ T5831] Bluetooth: hci3: command 0x0406 tx timeout
[  316.079219][ T5831] Bluetooth: hci4: command 0x0406 tx timeout
[  316.133109][   T49] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  316.150673][   T49] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.246607][   T49] usb 4-1: Product: syz
[  316.251170][   T49] usb 4-1: Manufacturer: syz
[  316.255770][   T49] usb 4-1: SerialNumber: syz
[  316.284269][   T49] usb 4-1: config 0 descriptor??
[  316.293150][   T49] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  316.308573][ T5821] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  316.329367][   T49] usb 4-1: Detected FT232R
[  316.478514][ T5821] usb 1-1: Using ep0 maxpacket: 16
[  316.489887][ T5821] usb 1-1: config 0 has an invalid interface number: 126 but max is 0
[  316.504319][   T49] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  316.518611][ T5821] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.532869][   T49] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  316.548867][   T49] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  316.563556][   T49] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  316.582908][   T49] usb 4-1: USB disconnect, device number 18
[  316.598346][ T5821] usb 1-1: config 0 has no interface number 0
[  316.618436][ T5821] usb 1-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  316.631338][   T49] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  316.661851][ T5821] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  316.662219][   T49] ftdi_sio 4-1:0.0: device disconnected
[  316.698454][ T5821] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  316.741249][ T5821] usb 1-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  316.778574][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  316.788429][ T5821] usb 1-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  316.838520][ T5821] usb 1-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  316.868012][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.878539][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[  316.901689][ T5821] usb 1-1: config 0 descriptor??
[  316.909187][ T8117] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  316.942634][ T5821] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  317.018841][   T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  317.043280][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.049789][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  317.092877][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.130210][   T10] usb 5-1: config 0 descriptor??
[  317.913927][  T917] usb 1-1: USB disconnect, device number 21
[  317.998726][ T5827] Bluetooth: hci2: command 0x0406 tx timeout
[  318.047509][   T10] gspca_main: spca508-2.14.0 probing 8086:0110
[  318.105466][   T10] gspca_spca508: reg_read err -32
[  318.115980][   T10] gspca_spca508: reg_read err -32
[  318.121719][   T10] gspca_spca508: reg_read err -32
[  318.123157][ T8130] xt_socket: unknown flags 0xd0
[  318.161573][ T5827] Bluetooth: hci4: command 0x0406 tx timeout
[  318.161592][ T5831] Bluetooth: hci3: command 0x0406 tx timeout
[  318.398239][ T8132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.418248][ T8132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.674418][   T10] gspca_spca508: reg_read err -110
[  318.683436][   T10] gspca_spca508: reg_read err -32
[  318.705460][   T10] gspca_spca508: reg write: error -32
[  318.718741][   T10] spca508 5-1:0.0: probe with driver spca508 failed with error -32
[  318.998483][  T917] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  319.795264][   T10] usb 5-1: USB disconnect, device number 22
[  320.019432][  T917] usb 6-1: too many configurations: 151, using maximum allowed: 8
[  321.779929][  T917] usb 6-1: unable to read config index 5 descriptor/start: -71
[  321.810818][  T917] usb 6-1: can't read configurations, error -71
[  321.864551][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  321.864583][   T30] audit: type=1326 audit(1748368234.504:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8157 comm="syz.0.569" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f67bff8e969 code=0x0
[  321.966575][ T8161] netlink: 24 bytes leftover after parsing attributes in process `syz.3.570'.
[  322.026082][ T8166] veth1_to_team: entered promiscuous mode
[  322.886143][ T8155] veth1_to_team: left promiscuous mode
[  324.367852][ T8189] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  324.583115][ T8195] FAULT_INJECTION: forcing a failure.
[  324.583115][ T8195] name failslab, interval 1, probability 0, space 0, times 0
[  324.634108][ T8197] delete_channel: no stack
[  324.648017][ T8195] CPU: 1 UID: 0 PID: 8195 Comm: syz.0.579 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  324.648041][ T8195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  324.648051][ T8195] Call Trace:
[  324.648059][ T8195]  <TASK>
[  324.648066][ T8195]  dump_stack_lvl+0x189/0x250
[  324.648099][ T8195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.648124][ T8195]  ? __pfx__printk+0x10/0x10
[  324.648161][ T8195]  ? __pfx___might_resched+0x10/0x10
[  324.648183][ T8195]  ? fs_reclaim_acquire+0x7d/0x100
[  324.648215][ T8195]  should_fail_ex+0x414/0x560
[  324.648240][ T8195]  ? page_pool_create_percpu+0x2e5/0xba0
[  324.648264][ T8195]  should_failslab+0xa8/0x100
[  324.648290][ T8195]  __kvmalloc_node_noprof+0x168/0x600
[  324.648315][ T8195]  ? page_pool_create_percpu+0x2e5/0xba0
[  324.648363][ T8195]  page_pool_create_percpu+0x2e5/0xba0
[  324.648402][ T8195]  ? bpf_test_run_xdp_live+0x1b5/0x1b10
[  324.648426][ T8195]  bpf_test_run_xdp_live+0x1ca/0x1b10
[  324.648444][ T8195]  ? bpf_dispatcher_change_prog+0xb35/0xc90
[  324.648468][ T8195]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  324.648495][ T8195]  ? synchronize_rcu+0x11a/0x310
[  324.648517][ T8195]  ? __pfx_synchronize_rcu+0x10/0x10
[  324.648543][ T8195]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  324.648564][ T8195]  ? 0xffffffffa02057c0
[  324.648596][ T8195]  ? 0xffffffffa02019d8
[  324.648636][ T8195]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  324.648666][ T8195]  ? _copy_from_user+0x94/0xb0
[  324.648683][ T8195]  ? bpf_test_init+0x133/0x170
[  324.648698][ T8195]  ? xdp_convert_md_to_buff+0x5b/0x330
[  324.648720][ T8195]  bpf_prog_test_run_xdp+0x713/0x1000
[  324.648754][ T8195]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  324.648777][ T8195]  ? __fget_files+0x2a/0x420
[  324.648807][ T8195]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  324.648827][ T8195]  bpf_prog_test_run+0x2c7/0x340
[  324.648850][ T8195]  __sys_bpf+0x4a4/0x860
[  324.648869][ T8195]  ? __pfx___sys_bpf+0x10/0x10
[  324.648897][ T8195]  ? ksys_write+0x22a/0x250
[  324.648918][ T8195]  ? rcu_is_watching+0x15/0xb0
[  324.648948][ T8195]  __x64_sys_bpf+0x7c/0x90
[  324.648974][ T8195]  do_syscall_64+0xf6/0x220
[  324.648995][ T8195]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  324.649012][ T8195]  ? clear_bhb_loop+0x60/0xb0
[  324.649034][ T8195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.649051][ T8195] RIP: 0033:0x7f67bff8e969
[  324.649066][ T8195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.649081][ T8195] RSP: 002b:00007f67c0e9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  324.649100][ T8195] RAX: ffffffffffffffda RBX: 00007f67c01b5fa0 RCX: 00007f67bff8e969
[  324.649113][ T8195] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  324.649130][ T8195] RBP: 00007f67c0e9d090 R08: 0000000000000000 R09: 0000000000000000
[  324.649142][ T8195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  324.649152][ T8195] R13: 0000000000000000 R14: 00007f67c01b5fa0 R15: 00007fff667f8008
[  324.649196][ T8195]  </TASK>
[  325.327535][ T8197] delete_channel: no stack
[  325.341973][ T8195] page_pool_create_percpu() gave up with errno -12
[  327.218532][   T49] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  327.348517][   T49] usb 2-1: device descriptor read/64, error -71
[  327.568442][ T6553] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  327.598872][   T49] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  327.618794][ T5910] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  327.853194][ T6553] usb 1-1: config index 0 descriptor too short (expected 72, got 10)
[  327.994822][ T6553] usb 1-1: config 1 descriptor has 1 excess byte, ignoring
[  328.253078][ T6553] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  328.274171][ T8212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  328.282999][   T49] usb 2-1: device descriptor read/64, error -71
[  328.298768][ T8212] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  328.308446][ T5910] usb 5-1: Using ep0 maxpacket: 32
[  328.336532][ T5910] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11
[  328.371674][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.450092][   T49] usb usb2-port1: attempt power cycle
[  328.488647][ T5910] usb 5-1: Product: syz
[  328.506394][ T5910] usb 5-1: Manufacturer: syz
[  328.526676][ T5910] usb 5-1: SerialNumber: syz
[  328.537822][ T5910] usb 5-1: config 0 descriptor??
[  328.538759][ T6553] usb 1-1: string descriptor 0 read error: -71
[  328.559431][ T5910] usb 5-1: no audio or video endpoints found
[  328.574361][ T6553] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  328.594990][ T6553] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.608620][ T6553] usb 1-1: can't set config #1, error -71
[  328.764638][  T917] usb 5-1: USB disconnect, device number 23
[  328.829929][ T6553] usb 1-1: USB disconnect, device number 22
[  328.834450][   T49] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  328.871786][   T49] usb 2-1: device descriptor read/8, error -71
[  329.019567][ T5910] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  329.294380][   T49] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  329.444906][ T5910] usb 6-1: Using ep0 maxpacket: 32
[  329.460976][ T5910] usb 6-1: config 0 interface 0 has no altsetting 0
[  329.587758][   T49] usb 2-1: device descriptor read/8, error -71
[  329.596791][ T5910] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  329.596819][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.596838][ T5910] usb 6-1: Product: syz
[  329.596851][ T5910] usb 6-1: Manufacturer: syz
[  329.596865][ T5910] usb 6-1: SerialNumber: syz
[  329.601387][ T5910] usb 6-1: config 0 descriptor??
[  329.689006][   T49] usb usb2-port1: unable to enumerate USB device
[  329.818786][ T8246] FAULT_INJECTION: forcing a failure.
[  329.818786][ T8246] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  329.832162][ T8246] CPU: 0 UID: 0 PID: 8246 Comm: syz.3.595 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  329.832207][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  329.832227][ T8246] Call Trace:
[  329.832239][ T8246]  <TASK>
[  329.832247][ T8246]  dump_stack_lvl+0x189/0x250
[  329.832283][ T8246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.832311][ T8246]  ? __pfx__printk+0x10/0x10
[  329.832354][ T8246]  should_fail_ex+0x414/0x560
[  329.832403][ T8246]  _copy_to_user+0x31/0xb0
[  329.832426][ T8246]  simple_read_from_buffer+0xe1/0x170
[  329.832458][ T8246]  proc_fail_nth_read+0x1df/0x250
[  329.832493][ T8246]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  329.832527][ T8246]  ? rw_verify_area+0x258/0x650
[  329.832552][ T8246]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  329.832585][ T8246]  vfs_read+0x200/0x980
[  329.832618][ T8246]  ? __pfx_vfs_read+0x10/0x10
[  329.832650][ T8246]  ? do_sys_openat2+0x154/0x1c0
[  329.832668][ T8246]  ? kmem_cache_free+0x18f/0x400
[  329.832701][ T8246]  ? do_sys_openat2+0x154/0x1c0
[  329.832731][ T8246]  ksys_read+0x145/0x250
[  329.832754][ T8246]  ? rcu_is_watching+0x15/0xb0
[  329.832780][ T8246]  ? __pfx_ksys_read+0x10/0x10
[  329.832808][ T8246]  ? do_syscall_64+0xba/0x220
[  329.832837][ T8246]  do_syscall_64+0xf6/0x220
[  329.832861][ T8246]  ? clear_bhb_loop+0x60/0xb0
[  329.832886][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.832906][ T8246] RIP: 0033:0x7fa94c38d37c
[  329.832924][ T8246] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  329.832942][ T8246] RSP: 002b:00007fa94d118030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  329.832964][ T8246] RAX: ffffffffffffffda RBX: 00007fa94c5b5fa0 RCX: 00007fa94c38d37c
[  329.832980][ T8246] RDX: 000000000000000f RSI: 00007fa94d1180a0 RDI: 0000000000000004
[  329.832993][ T8246] RBP: 00007fa94d118090 R08: 0000000000000000 R09: 0000000000000000
[  329.833005][ T8246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.833016][ T8246] R13: 0000000000000000 R14: 00007fa94c5b5fa0 R15: 00007ffef72bac28
[  329.833048][ T8246]  </TASK>
[  330.006353][ T5910] gs_usb 6-1:0.0: Configuring for 1 interfaces
[  330.013538][    C0] vkms_vblank_simulate: vblank timer overrun
[  330.078507][ T5821] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  330.098112][ T8249] loop6: detected capacity change from 0 to 7
[  330.107027][ T8249] Dev loop6: unable to read RDB block 7
[  330.112819][ T8249]  loop6: AHDI p1 p4
[  330.118231][ T8249] loop6: partition table partially beyond EOD, truncated
[  330.286737][ T8254] : entered promiscuous mode
[  330.618462][ T5821] usb 5-1: Using ep0 maxpacket: 16
[  330.628126][ T5910] gs_usb 6-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  330.632723][ T5821] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  330.998660][ T5910] usb 6-1: USB disconnect, device number 16
[  331.010105][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.027850][ T5821] usb 5-1: Product: syz
[  331.052809][ T5821] usb 5-1: Manufacturer: syz
[  331.084633][ T5821] usb 5-1: SerialNumber: syz
[  331.219178][ T5821] usb 5-1: config 0 descriptor??
[  331.951089][ T5821] dvb_usb_dtv5100 5-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  332.129406][ T8240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.177407][ T8240] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.704713][ T8291] loop6: detected capacity change from 0 to 7
[  332.717408][ T8291] Dev loop6: unable to read RDB block 7
[  332.726650][ T8291]  loop6: AHDI p1 p4
[  332.735500][ T8291] loop6: partition table partially beyond EOD, truncated
[  332.743073][ T8291] loop6: p1 start 926365495 is beyond EOD, truncated
[  332.758476][ T5910] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  332.844753][ T8295] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  332.920760][ T5910] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  332.920785][ T5910] usb 6-1: config 8 has no interface number 0
[  332.920829][ T5910] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  332.920854][ T5910] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  332.920874][ T5910] usb 6-1: config 8 interface 177 has no altsetting 0
[  332.920905][ T5910] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  332.920925][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.933797][ T8279] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  333.068892][   T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  335.059175][    T9] usb 5-1: USB disconnect, device number 24
[  335.078447][   T10] usb 1-1: Using ep0 maxpacket: 8
[  335.126452][   T10] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  335.158615][   T10] usb 1-1: config 179 has no interface number 0
[  335.177135][   T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  335.275281][ T5910] usb 6-1: string descriptor 0 read error: -71
[  335.330923][ T8304] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.613'.
[  335.341492][ T8304] netlink: zone id is out of range
[  335.347472][ T8304] netlink: zone id is out of range
[  335.352741][ T8304] netlink: get zone limit has 8 unknown bytes
[  336.062614][ T5910] ir_toy 6-1:8.177: required endpoints not found
[  336.075103][ T5910] usb 6-1: USB disconnect, device number 17
[  336.141760][   T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  336.185301][ T8308] netlink: 44 bytes leftover after parsing attributes in process `syz.4.615'.
[  336.214016][   T10] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  336.256064][   T10] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  336.285858][   T10] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  336.295325][   T30] audit: type=1326 audit(1748368248.934:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8307 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fef58e969 code=0x7ffc0000
[  336.316716][    C0] vkms_vblank_simulate: vblank timer overrun
[  336.327467][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.338857][   T30] audit: type=1326 audit(1748368248.934:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8307 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fef58e969 code=0x7ffc0000
[  336.361930][   T10] usb 1-1: can't set config #179, error -71
[  336.379970][   T10] usb 1-1: USB disconnect, device number 23
[  336.406289][   T30] audit: type=1326 audit(1748368248.934:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8307 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f7fef58e969 code=0x7ffc0000
[  336.433268][   T30] audit: type=1326 audit(1748368248.934:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8307 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fef58e969 code=0x7ffc0000
[  336.455201][   T30] audit: type=1326 audit(1748368248.934:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8307 comm="syz.4.615" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fef58e969 code=0x7ffc0000
[  337.398040][ T8314] /dev/nullb0: Can't open blockdev
[  337.588743][ T5827] Bluetooth: hci3: unexpected event for opcode 0x2040
[  337.824392][ T8316] /dev/nullb0: Can't open blockdev
[  338.672101][ T8331] SET target dimension over the limit!
[  338.749914][ T8330] netlink: 16 bytes leftover after parsing attributes in process `syz.1.622'.
[  338.919584][ T8330] loop6: detected capacity change from 0 to 7
[  339.021545][ T8333] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  339.477224][ T8330] Dev loop6: unable to read RDB block 7
[  339.518587][ T8330]  loop6: AHDI p1 p2 p3 p4
[  339.523063][ T8330] loop6: partition table partially beyond EOD, truncated
[  339.580711][ T8330] loop6: p1 start 926365495 is beyond EOD, truncated
[  339.626778][ T8330] loop6: p2 size 47 extends beyond EOD, truncated
[  339.645482][ T8330] loop6: p3 start 1886353253 is beyond EOD, truncated
[  339.774307][ T8349] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.625'.
[  339.784924][ T8349] netlink: zone id is out of range
[  339.790488][ T8349] netlink: zone id is out of range
[  339.795757][ T8349] netlink: get zone limit has 8 unknown bytes
[  339.998518][   T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  340.218741][   T10] usb 4-1: Using ep0 maxpacket: 16
[  340.292788][   T10] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  340.321117][    T9] usb 6-1: new full-speed USB device number 18 using dummy_hcd
[  340.360525][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  340.496444][   T10] usb 4-1: config 0 has no interface number 0
[  340.588291][   T10] usb 4-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  340.607753][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.622204][    T9] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  340.639636][    T9] usb 6-1: config 8 has no interface number 0
[  340.645866][   T10] usb 4-1: Product: syz
[  340.652605][    T9] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  340.666026][   T10] usb 4-1: Manufacturer: syz
[  340.678505][   T10] usb 4-1: SerialNumber: syz
[  340.696411][    T9] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x4 has invalid wMaxPacketSize 0
[  340.709297][   T10] usb 4-1: config 0 descriptor??
[  340.735848][   T10] usb 4-1: Found UVC 0.00 device syz (046c:14e8)
[  340.747013][    T9] usb 6-1: config 8 interface 177 has no altsetting 0
[  340.754827][   T10] usb 4-1: No valid video chain found.
[  340.780990][    T9] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  340.805240][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.834343][ T8350] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  340.999731][ T5870] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  341.168817][ T5870] usb 2-1: Using ep0 maxpacket: 8
[  341.207132][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  341.315963][ T8364] XFS (nullb0): Invalid superblock magic number
[  341.385834][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  341.567008][ T5870] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  341.616489][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  341.642661][ T5910] usb 4-1: USB disconnect, device number 19
[  341.705640][ T5870] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  341.734121][ T5870] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=54.ec
[  341.752769][ T5870] usb 2-1: New USB device strings: Mfr=81, Product=11, SerialNumber=0
[  341.782827][ T5870] usb 2-1: Product: syz
[  341.787028][ T5870] usb 2-1: Manufacturer: syz
[  341.815845][ T5870] usb 2-1: config 0 descriptor??
[  341.823701][ T8353] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  341.839143][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  341.859768][ T8375] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  341.880387][ T8375] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  341.895692][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  341.962461][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.059022][    T9] usb 6-1: string descriptor 0 read error: -71
[  342.067837][    T9] ir_toy 6-1:8.177: required endpoints not found
[  342.077612][    T9] usb 6-1: USB disconnect, device number 18
[  342.102320][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.134381][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.171188][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.188863][ T1553] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  342.249720][ T5827] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  342.262857][    T9] usb 2-1: USB disconnect, device number 36
[  342.284824][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.325640][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.378845][ T1553] usb 1-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=e2.9e
[  342.391446][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.408680][ T1553] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.427067][ T1553] usb 1-1: Product: syz
[  342.434346][ T1553] usb 1-1: Manufacturer: syz
[  342.452360][ T1553] usb 1-1: SerialNumber: syz
[  342.462222][ T1553] usb 1-1: config 0 descriptor??
[  342.466639][ T8375] netlink: 'syz.0.634': attribute type 30 has an invalid length.
[  342.473299][ T1553] f81232 1-1:0.0: f81232 converter detected
[  342.499500][ T1553] usb 1-1: f81232 converter now attached to ttyUSB0
[  342.917953][ T8398] XFS (nullb0): Invalid superblock magic number
[  344.172991][ T5910] usb 1-1: USB disconnect, device number 24
[  344.185496][ T5910] f81232 ttyUSB0: f81232 converter now disconnected from ttyUSB0
[  344.229339][ T5910] f81232 1-1:0.0: device disconnected
[  344.478646][ T8387] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  344.560154][ T5827] Bluetooth: hci0: command 0x0406 tx timeout
[  344.647180][ T8441] netlink: 28 bytes leftover after parsing attributes in process `syz.5.641'.
[  344.778755][ T8443] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  345.225990][ T8387] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  345.236729][ T8387] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  345.244425][ T8387] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  345.252434][ T8387] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  345.283592][ T8439] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  345.989838][ T8456] XFS (nullb0): Invalid superblock magic number
[  346.598448][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[  346.997514][ T8469] loop6: detected capacity change from 0 to 7
[  347.016778][ T8469] Dev loop6: unable to read RDB block 7
[  347.027014][ T8469]  loop6: AHDI p1 p4
[  347.040813][ T8469] loop6: partition table partially beyond EOD, truncated
[  347.049255][ T8469] loop6: p1 start 926365495 is beyond EOD, truncated
[  347.332216][ T5827] Bluetooth: hci3: command 0x0406 tx timeout
[  347.338399][ T5827] Bluetooth: hci4: command 0x0406 tx timeout
[  347.344498][ T5827] Bluetooth: hci2: command 0x0406 tx timeout
[  347.584420][ T8475] XFS (nullb0): Invalid superblock magic number
[  348.268585][ T5870] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  348.988449][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  348.995639][ T5870] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  349.004549][ T5870] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  349.017034][ T5870] usb 4-1: config 0 has no interface number 0
[  349.083671][ T5870] usb 4-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  349.122444][ T5870] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  349.133990][ T5870] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  349.318417][ T5870] usb 4-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  349.338450][ T5870] usb 4-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  349.368016][ T5870] usb 4-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  349.395184][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.398443][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.420763][ T5870] usb 4-1: config 0 descriptor??
[  349.422514][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.439030][ T8483] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  349.451523][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.471723][ T5870] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  349.493442][ T8502] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  349.516982][ T8502] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  349.578334][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.779260][ T1553] usb 4-1: USB disconnect, device number 20
[  349.812572][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.837511][ T8502] wg1 speed is unknown, defaulting to 1000
[  349.874768][ T8502] wg1 speed is unknown, defaulting to 1000
[  350.081261][ T8502] wg1 speed is unknown, defaulting to 1000
[  351.586548][ T8519] overlayfs: missing 'lowerdir'
[  351.740495][ T8525] loop6: detected capacity change from 0 to 7
[  351.776371][ T8525] Dev loop6: unable to read RDB block 7
[  351.792303][ T8525]  loop6: AHDI p1 p4
[  351.802435][ T8525] loop6: partition table partially beyond EOD, truncated
[  351.824274][ T8525] loop6: p1 start 926365495 is beyond EOD, truncated
[  351.838430][ T5870] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  352.221736][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  352.236921][ T5870] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  352.251268][ T5870] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  352.266191][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.278424][ T5870] usb 4-1: Product: syz
[  352.282618][ T5870] usb 4-1: Manufacturer: syz
[  352.287228][ T5870] usb 4-1: SerialNumber: syz
[  352.304123][ T5870] usb 4-1: config 0 descriptor??
[  352.311752][ T5870] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  352.348994][ T5870] usb 4-1: Detected FT232R
[  352.593525][ T8532] XFS (nullb0): Invalid superblock magic number
[  352.714178][ T5870] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  353.044158][ T5870] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  353.065642][ T8542] validate_nla: 23 callbacks suppressed
[  353.065657][ T8542] netlink: 'syz.1.667': attribute type 2 has an invalid length.
[  353.089845][ T5870] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  353.257981][ T5870] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  353.269038][ T5870] usb 4-1: USB disconnect, device number 21
[  353.283972][ T5870] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  353.293806][ T5870] ftdi_sio 4-1:0.0: device disconnected
[  458.298294][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  458.305309][    C1] rcu: 	0-...!: (0 ticks this GP) idle=654c/1/0x4000000000000000 softirq=31799/31799 fqs=0
[  458.316835][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=26545, q=260 ncpus=2)
[  458.324610][    C1] Sending NMI from CPU 1 to CPUs 0:
[  458.324647][    C0] NMI backtrace for cpu 0
[  458.324673][    C0] CPU: 0 UID: 0 PID: 8547 Comm: syz.5.668 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  458.324693][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.324708][    C0] RIP: 0010:advance_sched+0x43f/0xc90
[  458.324735][    C0] Code: 4c 89 f8 4d 8b bf 28 01 00 00 48 8d 98 30 01 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 54 89 a8 f8 4c 03 3b <4d> 89 3e eb 0f e8 07 cf 47 f8 49 bc 00 00 00 00 00 fc ff df 48 8b
[  458.324750][    C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00000006
[  458.324767][    C0] RAX: 1ffff110066df726 RBX: ffff8880336fb930 RCX: dffffc0000000000
[  458.324780][    C0] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 184d9a3e08000000
[  458.324792][    C0] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000004
[  458.324802][    C0] R10: dffffc0000000000 R11: fffff52000000f7c R12: dffffc0000000000
[  458.324814][    C0] R13: ffff8880615b5000 R14: ffff8880336fb928 R15: 184d9a3e0c000000
[  458.324828][    C0] FS:  000055556fb93500(0000) GS:ffff8881260c7000(0000) knlGS:0000000000000000
[  458.324842][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  458.324854][    C0] CR2: 00007f3be7600000 CR3: 000000007aea4000 CR4: 00000000003526f0
[  458.324869][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  458.324879][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  458.324889][    C0] Call Trace:
[  458.324899][    C0]  <IRQ>
[  458.324920][    C0]  ? __pfx_advance_sched+0x10/0x10
[  458.324947][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  458.324995][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  458.325014][    C0]  ? read_tsc+0x9/0x20
[  458.325034][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  458.325069][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[  458.325093][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  458.325112][    C0]  </IRQ>
[  458.325117][    C0]  <TASK>
[  458.325124][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  458.325142][    C0] RIP: 0010:arch_stack_walk+0x12d/0x150
[  458.325164][    C0] Code: df 48 89 c6 4d 89 f3 41 ff d3 0f 1f 00 84 c0 74 11 4c 89 ff e8 a4 13 09 00 83 bd 78 ff ff ff 00 75 cf 65 48 8b 05 c3 6d 0c 11 <48> 3b 45 d8 75 12 48 83 c4 68 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc
[  458.325178][    C0] RSP: 0018:ffffc90003a1f3e8 EFLAGS: 00000246
[  458.325192][    C0] RAX: 67bd38cf82a6ff00 RBX: ffffc90003a1f4a0 RCX: 67bd38cf82a6ff00
[  458.325205][    C0] RDX: 0000000000000000 RSI: ffffffff8d931e7f RDI: ffff888021ac5a00
[  458.325216][    C0] RBP: ffffc90003a1f470 R08: 0000000000000000 R09: ffffffff81ce9e26
[  458.325228][    C0] R10: ffffc90003a1f438 R11: ffffffff81ac7820 R12: ffff888021ac5a00
[  458.325242][    C0] R13: ffff888027a64640 R14: ffffffff81ac7820 R15: ffffc90003a1f3e8
[  458.325255][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  458.325280][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  458.325303][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  458.325327][    C0]  ? arch_stack_walk+0xfc/0x150
[  458.325355][    C0]  stack_trace_save+0x9c/0xe0
[  458.325378][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  458.325403][    C0]  ? __lock_acquire+0xab9/0xd20
[  458.325422][    C0]  kasan_save_track+0x3e/0x80
[  458.325442][    C0]  ? kasan_save_track+0x3e/0x80
[  458.325460][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[  458.325480][    C0]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  458.325501][    C0]  ? vm_area_alloc+0x24/0x140
[  458.325519][    C0]  ? mmap_region+0xcf4/0x1e50
[  458.325538][    C0]  ? do_mmap+0xc68/0x1100
[  458.325557][    C0]  ? vm_mmap_pgoff+0x31b/0x4c0
[  458.325576][    C0]  ? do_syscall_64+0xf6/0x220
[  458.325595][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.325635][    C0]  ? vm_area_alloc+0x24/0x140
[  458.325655][    C0]  __kasan_slab_alloc+0x6c/0x80
[  458.325676][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  458.325698][    C0]  ? vm_area_alloc+0x24/0x140
[  458.325719][    C0]  vm_area_alloc+0x24/0x140
[  458.325738][    C0]  mmap_region+0xcf4/0x1e50
[  458.325765][    C0]  ? __pfx_mmap_region+0x10/0x10
[  458.325811][    C0]  ? vm_unmapped_area+0xde/0x230
[  458.325841][    C0]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  458.325868][    C0]  ? cap_mmap_addr+0xb0/0x100
[  458.325890][    C0]  ? bpf_lsm_mmap_addr+0x9/0x20
[  458.325906][    C0]  ? security_mmap_addr+0x71/0x270
[  458.325931][    C0]  do_mmap+0xc68/0x1100
[  458.325959][    C0]  ? __pfx_do_mmap+0x10/0x10
[  458.325978][    C0]  ? down_write_killable+0x178/0x230
[  458.326010][    C0]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  458.326030][    C0]  ? __pfx_down_write_killable+0x10/0x10
[  458.326052][    C0]  ? __pfx_do_futex+0x10/0x10
[  458.326078][    C0]  vm_mmap_pgoff+0x31b/0x4c0
[  458.326102][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  458.326122][    C0]  ? __pfx___se_sys_futex+0x10/0x10
[  458.326148][    C0]  ? ksys_mmap_pgoff+0xf4/0x760
[  458.326170][    C0]  ? __x64_sys_mmap+0x7f/0x140
[  458.326190][    C0]  do_syscall_64+0xf6/0x220
[  458.326210][    C0]  ? clear_bhb_loop+0x60/0xb0
[  458.326229][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.326246][    C0] RIP: 0033:0x7f3be7b8e9a3
[  458.326263][    C0] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
[  458.326276][    C0] RSP: 002b:00007ffdb341e298 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  458.326292][    C0] RAX: ffffffffffffffda RBX: 00007f3be61f76c0 RCX: 00007f3be7b8e9a3
[  458.326305][    C0] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[  458.326315][    C0] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[  458.326326][    C0] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffdb341e3f0
[  458.326337][    C0] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  458.326357][    C0]  </TASK>
[  458.326640][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g26545 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  458.897050][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=17587
[  458.905375][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g26545 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  458.916829][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  458.926817][    C1] rcu: RCU grace-period kthread stack dump:
[  458.932710][    C1] task:rcu_preempt     state:I stack:27288 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  458.944656][    C1] Call Trace:
[  458.947953][    C1]  <TASK>
[  458.950899][    C1]  __schedule+0x16a2/0x4cb0
[  458.955429][    C1]  ? schedule+0x165/0x360
[  458.959773][    C1]  ? __pfx___schedule+0x10/0x10
[  458.964650][    C1]  ? schedule+0x91/0x360
[  458.968899][    C1]  schedule+0x165/0x360
[  458.973072][    C1]  schedule_timeout+0x12b/0x270
[  458.977952][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  458.983355][    C1]  ? __pfx_process_timeout+0x10/0x10
[  458.988662][    C1]  ? prepare_to_swait_event+0x341/0x380
[  458.994226][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  458.999088][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.004315][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  459.009257][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  459.014558][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  459.019782][    C1]  rcu_gp_kthread+0x99/0x390
[  459.024391][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  459.029598][    C1]  ? __kthread_parkme+0x7b/0x200
[  459.034545][    C1]  ? __kthread_parkme+0x1a1/0x200
[  459.039589][    C1]  kthread+0x70e/0x8a0
[  459.043684][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  459.048885][    C1]  ? __pfx_kthread+0x10/0x10
[  459.053494][    C1]  ? __pfx_kthread+0x10/0x10
[  459.058108][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  459.063315][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.068532][    C1]  ? __pfx_kthread+0x10/0x10
[  459.073141][    C1]  ret_from_fork+0x4e/0x80
[  459.077573][    C1]  ? __pfx_kthread+0x10/0x10
[  459.082177][    C1]  ret_from_fork_asm+0x1a/0x30
[  459.086959][    C1]  </TASK>